// ajax.js - handle background http requests for the CAPTCHA module // copyright (c) 2007 adam@adamscottsoftware.com // created 2007-11-28 // Gets the browser specific XmlHttpRequest Object function getXmlHttpRequestObject() { if ( window.XMLHttpRequest ) return new XMLHttpRequest() ; //Mozilla, Safari ... else if ( window.ActiveXObject ) return new ActiveXObject( "Microsoft.XMLHTTP" ) ; //IE else { // Display our error message alert( "Your browser doesn't support the XmlHttpRequest object.") ; // TODO } } // Instantiate Our XmlHttpRequest object var theXmlHttpRequestObject = getXmlHttpRequestObject() ; // Called every time when form is perfomed // called when the CAPTCHA form submit button is clicked. // initiates an HTTP POST containing the user's response to the CAPTCHA image challenge // function getParam( theForm ) { var changeIt = theForm.txtCaptcha.value; document.form1.hidden_token.value = changeIt; // Set the URL // var url = 'http://tahoepowderhouse.com/captcha.php' ; var url = '/captcha.php' ; // have to use relative path as XMLHTTPRequest is not affected by domain lowering // Add the user's response to the CAPTCHA image challenge to our HTTP POST call's parameters var postStr = theForm.txtCaptcha.name + "=" + encodeURIComponent( theForm.txtCaptcha.value ) ; // Call the function that performs the background HTTP POST call makeRequest( url, postStr ) ; } // Initiate the HTTP POST call. Since this call is ansychronous, a callback function will be // called when the server responds to our HTTP POST request. // function makeRequest( url, param ) { // todo: switch .status = 200 // If our readystate is either not started or finished, initiate a new request if ( theXmlHttpRequestObject.readyState == 4 || theXmlHttpRequestObject.readyState == 0 ) { // Set up the connection to captcha_test.html. True sets the request to asyncronous(default) theXmlHttpRequestObject.open( "POST", url, true ) ; // Set the function that will be called when the XmlHttpRequest objects state changes theXmlHttpRequestObject.onreadystatechange = updatePage ; // Add HTTP headers to the request theXmlHttpRequestObject.setRequestHeader( "Content-type", "application/x-www-form-urlencoded" ) ; theXmlHttpRequestObject.setRequestHeader( "Content-length", param.length ) ; theXmlHttpRequestObject.setRequestHeader( "Connection", "close" ) ; // Make the request theXmlHttpRequestObject.send( param ) ; } } // Callback function. Called when the XmlHttpRequest object's state changes, // this function is called in response to the HTTP POST request we made in makeRequest(). // // // TODO: a user could just rewrite this js to execute the passedCaptchaChallenge branch. // // this will prevent robots, but may need to be rearchitected to effectively block humans. // // function updatePage() { // Check if our response is ready if ( theXmlHttpRequestObject.readyState == 4 ) { if ( theXmlHttpRequestObject.responseText == "PASSED" ) passedCaptchaChallenge = true ; else passedCaptchaChallenge = false ; if ( passedCaptchaChallenge ) { // Get a reference to CAPTCHA form theForm = document.getElementById( 'frmCaptcha' ) ; // Hide the CAPTCHA form theForm.style.display = 'none' ; // Get a reference to the main form's submit buttom theSubButton = document.getElementById( 'main_submit' ) ; // Show the main form's submit button theSubButton.style.display = 'block' ; // 'click' the main form's submit button for the user theSubButton.click() ; // TODO: ?get ref to form and form.submit() ; } else { // Get a reference to CAPTCHA image and change it img = document.getElementById( 'imgCaptcha' ) ; img.src = 'captcha_create.php?' + Math.random() ; // Get a reference to bad code warning DIV and show it warndiv = document.getElementById( 'captchaWarn' ) ; warndiv.style.display = 'block' ; } } }