Finally! An end to those annoying CAPTCHA’s! I call it, noCAPTCHA.

No javascript and totally accessible (except for spam bots).

What the heck is a CAPTCHA?

It is that annoying image at the bottom of online forms that has text distorted to the point you can barely read it. You know the deal. The form says something to the effect of ‘please enter the text from the following image into this text box‘. I can barely read some of these things and frequently am unable to read it. But, most of these forms REQUIRE you to read it and enter the text into a text-box to verify that you are an actual human. Every site I visit with a CAPTCHA I just want to call them up and say “STOP USING THIS CAPTCHA ON YOUR BLOODY FORM. I can’t read it.”

Why do forms use CAPTCHAs?
The point of CAPTCHAs is to keep spam bots (that annoying code the spammers write to automatically post advertizements to your forms online), from doing their job. The problem is that legitimate users of your forms are usually not able to read and those with visual handicaps have to rely on screen-reader technology to read web pages (the same technology the CAPTCHA is trying to fool!).

Here is an example of a CAPTCHA (although not as hard to read as most).

So what is the solution?
Since all forms require some sort of coding or scripting to have them actually do anything useful, almost all of them can use what I propose. In this case I will demonstrate using PHP. And the cool thing is, it should only require about 3 lines of code!

1st, we need to create a random string and save it to a session variable. For example, get a random number between 789 and 999999, concatenate it to a random string (mysalter), shuffle the string around, then save it to a session variable like so:

$_SESSION[‘saltine’] = str_shuffle(rand(789,999999).”mysalter”);

(your session string for example might look like ‘r755s3aety87ml’ now, but the chances of it ever being this actual string are slim to none)

2nd we need to add the session string that was just created to our form. This will be our secret weapon. There is no need for our website visitors to see this string, so we will just place it in a hidden input form element like so (this is just a simple form):

<form action=”” name=”form” method=”POST”>
<input type=”hidden” name=”checkin” value=”<?=$_SESSION[‘saltine’];?>”>
Send a message to Patrick<hr/>
Your name: <input type=”text” name=”cn1″ maxlength=”50″ value=”Bobby”><br/>
Comment: <textarea name=”cn2″ rows=”5″ cols=”40″>I would comment on this but I will spare you. Thank me for the comment later.</textarea>
<input type=”submit” value=”Bring it”>

3rd, in our code that actually processes the submitted form, we just need to check and make sure that our hidden ‘checkin’ value in our form matches the session that was created before the form was submitted. So, before we start processing the form, we perform the critical check something like this:

if ($_POST[‘checkin’] === $_SESSION[‘saltine’]) {
// we have a winner! process the form


Everytime the form is loaded we need to run the 1st line of code before the form is generated.
Note – do not run the first line of code mentioned before the form processing, like:

$_SESSION[‘saltine’] = str_shuffle(rand(789,999999).”mysalter”);
if ($_POST[‘checkin’] === $_SESSION[‘saltine’]) {
// this will never work

If you have your form processing code within the same script as the form generating code then it needs to look something like this:

if ($_POST[‘checkin’] === $_SESSION[‘saltine’]) {
// this is right on

$_SESSION[‘saltine’] = str_shuffle(rand(789,999999).”mysalter”);

So, there you have it. This should keep spam bots from spamming your forms. It will not keep people from manually spamming your forms, but very few would ever waste their time with that. So STOP USING CAPTCHA’s already!!