Does a checbox provide an alternative to using captcha on website? I am thinking i i need to use captcha for user signup. Instead if i put a checkbox for the terms like "By clicking here I agree...." can that solve the bots issues or is captcha required in addition to the checkbox?
One thing you can do with a checkbox is to make a honeypot. To do so, you would make a checkbox and hide it with CSS (because bots, as a rule, don't care about CSS). If the box is checked, then it's probably a bot.
If you are trying to keep bots from signing up, they will be able to check the checkbox pretty easy. the point of the captcha is that it takes human intelligence.
No, bots can check boxes, use a service such as http://www.google.com/recaptcha to easily make a bot-proof form.
Not at all, a checkbox is just like any other input, which bots manipulate.
As recommended above recaptcha is good. I also like Akismet, which handles this completely different.
Checkbox Captcha generated with client-side Javascript can be an interesting option.
Check out that article published by UX Movement: "Captchas vs. Spambots: Why the Checkbox Captcha Wins" http://uxmovement.com/forms/captchas-vs-spambots-why-the-checkbox-captcha-wins).
This technique can work, but it is not too difficult to beat, given time and an interest in your specific site.
Using CSS and Javascript (which isn't completely accessible) to create the checkbox will defeat the more simplistic spambots.
Also using a randomized name (which is verified server-side) for the checkbox POST/GET variable, and perhaps an image for the label (which creates more accessibility problems) will help make this more difficult.
In the end this should work fine, until someone takes the time to target your site or system specifically.
Edit The article linked to in this answer has good information.
Related
I am testing my web application using Selenium. All the form validation in the web application is done by HTML5 and some JS(for safari browser). I want to know what is the proper way to test the form validation.
Currently I am using one approach, i.e Before I filled up a mandatory field I clicked on the submit button. If the page is not refreshed then I assume the form validation working correctly. But I think there should be a better approach to do it. I am unable to find any proper solution. Any suggestion will be highly appreciated.
I also go through this link. But it is not working for me because it is not enough to have required attribute (eg required attribute does not work in older Safari browser).
Rather than checking if the page is refreshed or not, you should instead expect that it is not and that a certain error message or field highlighting or something is applied to the current page. When in an error state, the input fields probably get given an extra class, or an error div/span might be added to the DOM, try checking for that sort of thing
Im maintaining a site I didnt build thats for car insurance. In the banner of every page is an input that takes you to a page with a form to fill out. I cant understand why an input is used instead of a link, is there ever a valid and semantic reason for doing this?
Occasionally, people have done this because they want a link that "looks like a button". However, it is bad design.
It was never a good idea, but in the old days there was at least some justification for it: it gave a button feel and functionality to the link. However, with modern web design there is no need to do this: the same functionality can be created simply by styling a normal link appropriately.
On the other hand, this is probably more of a style issue than a real problem. It may not be worth changing it if you are maintaining an existing site.
using button or input type="button" is the original way to set up an Ajax request. that said, since it's taking the user to another page, sounds like they do not know what they are doing and/or wanted the styles that #dan1111 mentioned
I have a client who wants a feature on his site that he has seen on a competitors. It is essentially a group of icons where, when you mouseover them, an extended tooltip appears with content, links, etc...
The tooltips are not hidden divs. The tooltip content appears nowhere in the source code of the page itself. I believe the text of the tooltips is being called from an external file (e.g. an XML file or some such thing) via javascript.
My question(s) are this:
a) since the tooltip content isn't actually on the page, does it even affect SEO efforts at all?
b) would Google consider this spam (or at best questionable)?
Many thanks!
a) since the tooltip content isn't actually on the page, does it even
affect SEO efforts at all?
It wont affect SEO efforts in the slightest
b) would Google consider this spam (or at best questionable)?
No.
I should also point out from an accesibility point of view this is pretty bad practice as well.
a) No, all content loaded from external scripts won't be considered relevant for SEO. So it's just like you don't have extra content.
If your text is in display: none or visibility: hidden , it will affect SEO but make sure that user have access to the content.
b) No because you just want to give extra information and it won't be used by Google. Google takes content as spam when it is hidden and user doesn't have access.
It seems that Google only offers code to embed the +1 button.
However, there are heavy privacy concerns (plus quite some load time) associated with it.
For some pointers about the privacy and legal issues associated with Facebook like and Google +1, see: Like button and privacy concern
A common workaround seems to be a two-click solutionGerman (also discussed on slashdotEnglish), where the first click enables the button (loading the javascript from Google), the second then is on the regular +1 button.
However, I do not want to implement this two-click solution either. Largely because the Google +1 button is ugly as hell, and doesn't fit to the page layout.
What I'm really looking for is a separate web page, where the user can essentially confirm that he likes the page. This page can live on google.com, and essentially this would be the second click. I'm not trying to trick people into +1'ing the page. The second click is all fine with me. I just don't want to force them to load the plusone button (and I don't like its looks).
There seems to be the option of
https://plus.google.com/share?url=<URL>
which however is a share on Google+, not a +1.
I've seen this URL, too:
https://plusone.google.com/_/+1/confirm?hl=en&url=<URL>
(see e.g. here: Adding a Google Plus (one or share) link to an email newsletter) but I cannot submit this form (i.e. doesn't seem to work).
The best working solutions seems to be the two-click approach. :-(
Update: the url, https://plusone.google.com/_/+1/confirm?hl=en&url=<URL> actually does seem to work. It was just my privacy proxy breaking it. Then it seems to be more of a "Google+ share" dialog. I'm not yet happy with this result (in particular, since this doesn't seem to be an advocated approach for Google, and they can at any point consider to ban the site, I guess)
The only officially supported method of +1'ing a URL is with the +1 button. Either always loading or loading it on a second click.
The approach that I'm now looking into is fairly trivial:
I've set up a Google Plus page for the web site, and the "plus" button sends user there. In fact just like the Facebook icon I'm using. Then the users get the full choice of interaction options, including +1, but also circling and sharing.
First of all, this obviously should not violate any g+ policies. Secondly, it is a fairly transparent behaviour for the users. The "plus" button takes them to Google plus, where they see the usual plus UI.
Secondly, it's still just two clicks to "+1". So it is not worse than any other data privacy compliant solution.
I found the solution here.
The problem is, social sites accepts your own "share" forms, but only if the link is URL encoded.
In Wordpress, a custom Google+ button that I'm using without the official API, and it's currently working, is this following code:
google+
Hope it helps, go to the link above for a list of the rest of the social sites links. :)
In Visual Basic .NET is there a way to access a website/signup page and then get the Captcha and load it into a picturebox? How would I do it?
From your question, I can't tell if you are looking for a captcha plug-in or use a plug-in from another site. If you're looking for a plugin, try Recaptcha.
UPDATE
Trying to pull a the captcha image off of a site could be done in two ways, but it the captcha rotation were done correctly, it would no do you any good to be able to pull it off.
One way would be to just right-click on the image and reference that URL in your code. However, as stated previously, this would not be that reliable. The service that generates the image would rotate, and the image URL would be different on every refresh. In other words, the copied URL would only be good for the one time you copied/captured it via right-click or whatever. If the URL did not rotate, then that would be a security issue for the site which is why the image source is different on each refresh.
Another way would be to make a direct request to the page, scrape the content for the captcha image's source, and pull the source from the parsed content. The code for this would be fairly specific per page, and, with my limited knowledge, I can't think of a way to make a generic application to do so.
I don't know why you would want to do what you are wanting to do, unless this is a homework assignment, or you are up to no good.
Depends on the captcha service the website uses.
If the site uses reCAPTCHA, you would probably need to look for the image tag that has id "recaptcha_challenge_image" and display that image tag in a web browser control.
Here is the demo page I found: http://www.google.com/recaptcha/demo/. If the captcha itself is in a frame (or iframe), you will need to check the code in the frame itself.