4 Replies Latest reply on Aug 5, 2009 2:57 AM by cfsetNewbie

    basic spam filter error.

    cfsetNewbie Level 1

      Hello;

      I am working on a small script to add to my contact form. It generates a random number, puts it in a session variable then compairs it before it will send the email. if it doesn't match, then you can not send the form. As everyone knows, spam bots like sending spam via contact forms.Anyway, this is a nice script but it is throwing an error on some computers and not on others. I can't figure out why. this is my code and how it is set up.

       

      application.cfc

       

      <cffunction name="onSessionStart" returntype="any" output="true">

      <cflock scope="Session" type="EXCLUSIVE" TIMEOUT="20">
      <cfset SESSION.chk_rand = structNew()>
      </cflock>

      </cffunction>

       

      contact form

       

      <!--- This code goes at the top of the contact form. Doing this will change the number everytime the page loads --->

      <cfset x = StructDelete(Session, "chk_rand")>

      <head>

      </head>

      <body>

      <form>
      <!-- this tag generates the random number --->

      <cfparam name="SESSION.chk_rand" default="#NumberFormat(RandRange(0, 9999),'0000')#">

      <!--- all the form inputs go here --->
      <cfoutput>#SESSION.chk_rand#</cfoutput> Enter this number here ->
      <cfinput type="text" name="spmchck" message="You must enter our Security Number" validateat="onSubmit" validate="integer" required="yes" class="spam_Inputs" size="4" maxlength="4"/>

      </form>

       

      Response page

       

      <cfparam name="form.spmchck" default="">
      <cfif form.spmchck NEQ session.chk_rand>
      <cfoutput>"Sorry, you did not fill in the Security Field, you must go <a href="contact.cfm" class="subNav">back</a> and refill in our contact form.<br> If you are human and sending spam, please don't bother, we do not want any. Thank you."</cfoutput>
      <cfset x = StructDelete(Session, "chk_rand")>
      <cfabort>
      </cfif>

       

      <!--- This code is the last code to execute when the email has been sent and it resets the numbers--->

      <cfset x = StructDelete(Session, "chk_rand")>

       

      This is the error I get, but not all the time.

      Complex object types cannot be converted to simple values.

      The expression has requested a variable or an intermediate expression result as a simple value, however, the result cannot be converted to a simple value. Simple values are strings, numbers, boolean values, and date/time values. Queries, arrays, and COM objects are examples of complex values.

      The most likely cause of the error is that you are trying to use a complex value as a simple one. For example, you might be trying to use a query variable in a cfif tag.

      The error occurred in C:\websites\response.cfm: line 6
      Called from C:\websites\response.cfm: line 4
      Called from C:\websites\response.cfm: line 1
      Called from C:\websites\response.cfm: line 1
      Called from C:\websites\contact.cfm: line 3
      4 : <cftry>
      5 : <cfparam name="form.spmchck" default="">
      6 : <cfif form.spmchck NEQ session.chk_rand>
      7 : <cfoutput><font face="Verdana, Arial, Helvetica, sans-serif" size="2" color="##990000">"Sorry, you did not fill in the Security Field, you must go <a href="contact.cfm" class="subNav">back</a> and refill in our contact form.<br> If you are human and sending spam, please don't bother, we do not want any. Thank you."</font></cfoutput>
      8 : <cfset x = StructDelete(Session, "chk_rand")>
      

       

       

      Can anyone help me figure out why this only throws an error once and a while on certain machines? There are no cookies, only session variables. I am confused.

       

      Thank you

        • 1. Re: basic spam filter error.
          ilssac Level 5

          Line 5.5:  <cfdump var="#session#">

           

           

          Put that line of code between lines 5 and 6.  Then watch it to see what it shows during the different conditions you are experiencing.

           

          I'm guessing that sometimes the session scope does not contain the chk_rand key.  Unfortunatly I can't do much to tell you why that would be true sometimes and not others.  That requires testing and analysis.

           

          It is important to know, if you don't already, that session varaibles still rely on cookies.  In order for a ColdFusion server to know what anomyous reqeusts belong to other anomyous requests it sets a pair of cookies called "CFID" and "CFTOKEN" or a singe cookie named "JSESSIONID" depending on the CF servers configuration.  If these cookes are not returned by a browser, ColdFusion has no idea that a request belongs to any previous request, so it gerneate an brand new, empy session scope for this new request.

          • 2. Re: basic spam filter error.
            mack_ Level 3

            SESSION.chk_rand is initialized to structNew() in onSessionStart and

            checked against form.spmchck in respose.

             

            So if a user don't have a session (or the session has expired) and

            requests response.cfm it would get that error (because you're

            comparing a struct with a string).

             

            Mack

            • 3. Re: basic spam filter error.
              cfsetNewbie Level 1

              is there a way to do this better? Or is there a way to catch the error if the session expired?

              • 4. Re: basic spam filter error.
                mack_ Level 3

                I though that it's pretty obvious that you'll need to initialize

                SESSION.chk_rand with a random number instead of a struct in

                onSessionStart.

                 

                Mack