Implementing reCaptcha in Contentbox CMS 3.x

Akitogo Team, 07 Mar 2017

Contentbox CMS comes with built-in Coldfusion CFImage Captcha to protect blog comments from Spam. Unfortunately this Captcha not very safe and not very readable. It has another downside, it's not cacheable. CFImage expects the Captcha text as an argument and the tag is embedded on your blog detail page.

Bottom line: better don't use it.

As an alternative Google reCaptcha offers good protection from automated spam, but it's currently not implemented in Contentbox 3.x. Actually there are two other reCaptcha modules on Forgebox, but none which implements it for Contentbox. So we decided to write a small module.

It's easy to install, simply use Commandbox and run

box install cbReCaptcha

If you prefer to pull the source from Github, you will find the repository here: https://github.com/akitogo/cbReCaptcha

So how does it work

The great thing about Contentbox is that the underlaying framework is very flexible and offers multiple ways to extend it. For this module we will use the following interception points:

cbui_beforeHeadEnd will be used to add in the head section of your html

<script src='https://www.google.com/recaptcha/api.js'></script>

cbui_postCommentForm will be used to add at the end of your comment form

<div class="g-recaptcha" data-sitekey="#recaptchaService.getPublicKey()#"></div>

cbui_preCommentPost this interception point is fired after the form is validated, so we add a little bit of extra validation

if(structKeyExists(rc,'g-recaptcha-response'))
	captchacheck=recaptchaService.isValid(response=rc['g-recaptcha-response']);
if(!captchacheck)
	ArrayAppend( arguments.interceptData.commentErrors, "Invalid security code. Please try again." );

What's next

The module needs error checking if the Api call or deserialization fails. We will continue improving it the coming weeks.