Sitekit Forums

Sitekit Forums

Developer Discussion - CAPTCHA

James Bentley

Posted on 14 August 2014

The default CAPTCHA in forms doesn't include an option for the user to refresh or listen to an audio version. I realise that the principle of CAPTCHA isn't particulary accessible as the very point is to make the contents of the image non-machine-readable, but obviously things like reCAPTCHA do go some way to address this. Is there anything that can be implemented to improve the standard CAPTCHA or to allow us to use something else, such as reCAPTCHA? We get a lot of spam via our online forms but generally steer clear of the Sitekit forms CAPTCHA as it is so inflexible.

James Delaney

AdminJames Delaney

Posted on 19 August 2014

That's a great suggestion James.

We are currently looking at an alternative CAPTCHA option that requires no human input and instead looks to trick SPAM bots into failing a validation test. Although this may not make it into the next release due this year, CAPTCHA and form handling are areas we are actively looking to improve.

Thanks again for the suggestion and do keep them coming.

James Bentley

Posted on 19 August 2014

Thanks James - great to hear.

Is there anything that can be done in the meantime? It seems increasingly common for CAPTCHA fields to at least let you refresh the image if you can't read the numbers but obviously the Sitekit default doesn't let you do this.

A couple of times I've had to fudge a solution with a refresh button, but unfortunately this refreshes the whole page, so I'm having to put the CAPTCHA at the start of the form rather than the end (as some browsers reset forms on page refresh and I don't want to frustrate people who have already completed the form but can't read the CAPTCHA).

Example: http://www.uhb.nhs.uk/customer-care-awards.htm

Obviously this isn't ideal, and we could do with CAPTCHA on more of our forms. Being able to plug in reCAPTCHA, for example, would be massively useful.

James Delaney

AdminJames Delaney

Posted on 19 August 2014

In the short term, I'd probably have to suggest implementing your form on a blank page and displaying it on the parent page within an iframe. At least then your refresh trigger would only appear to refresh the form.

Also, a hardcoded form would technically allow you to use reCaptcha but you would lose the administrative editing and management provided by the CMS.

I'll raise this with colleagues. They may be able to suggest a better alternative.

James Bentley

Posted on 19 August 2014

I haven't tried it yet, and maybe I'm missing something, but wouldn't the iframe suggestion incur the same issue? It's refreshing the page containing the form which is the problem. Surely you're still effectively refreshing the page which contains the form even if said page is embedded into another using an iframe (which I'd rather avoid anyway), and therefore anything already entered into the form will disappear when it's refreshed?

As regards reCAPTCHA (or any other viable solution which achieves a better outcome than the current default), yes, I'd hate to lose the form management features offered by the CMS as this would involve me stepping outside my HTML/CSS/jQuery(ish) comfort zone.

James Delaney

AdminJames Delaney

Posted on 20 August 2014

Yes, unfortunately it would mean losing any entered content.

Our anti-spam feature is in development, hopefully it will make it into the next version. If not, we can look at the feasibility of plugging in alternative CAPTCHA methods.

James Bentley

Posted on 20 August 2014

In that case I'll leave it - it's not refreshing the page I have a problem with as such, though this isn't ideal. Rather, it is the issue of losing the form's entered content.

I look forward to seeing an alternative soon.