Typically theSitePros is for marketing and affiliate programs. This article however is specific to a problem we solved involving spam and the registration forms on Community Server.

Community Server 2.1 is a robust and flexible forum and social community package. Unfortunately that version does not have any good way to prevent spammers from using bots to register. To make things more complicated the community license many people have does not provide source code for the code behind pages. So it makes it very difficult to implement something secure that will prevent the spammers from registering. One of the clients I worked with was experiencing many spammers each day hitting their community server forum. To solve the problem I needed something that would allow me to secure the registration process without having any access to the code that actually inserted the records into the tables.

Solution Overview for Captcha Registration Form on Community Server 2.1:

·         A new ‘pre-registration’ form with a text box for email address and a captcha control

·         A regcheck table to store the email address on the pre-registration form if the captcha was successful.

·         Insert trigger on ASPNET_Membership that rolls back the transaction if the email address they have entered on the main form is not found in the regcheck table

Here are the details of the steps to add Captcha to Community Server 2.1

·         Load up the current login webpage in your browser. It should be: “[domainname.com]/user/CreateUser.aspx”

·         To simplify the navigation and keep from having to find all instances of the site pointing to createuser.aspx, I renamed createuser.aspx to createuser2.aspx. Then in the page load event of createuser.aspx I redirect to ‘preregistration.aspx’.  This essentially points everyone to the pre registration page first.

·         Create your “PreRegistration.aspx” page and copy the HTML from the createuser.aspx page into it. You are doing this to get the same design for your pre-registration page as you have for the creatuser.aspx page.

·         Modify the pre-registration page to make it look like you want. I added a “Step One” H1 tag to the top of the form.  I then modified CreateUser2.aspx to have a “Step Two” H1 tag.

·         Of course you want to delete the name, password and time zone fields from your pre-registration page. You will also want to remove unnecessary javascript methods.

·         Add a textbox for email and the captcha control. I used re-captcha.

·         Create a table called regcheck in the SQL Server database for community server and include a field ‘email’.

·         In the click event for the button on this captcha form, check the captcha just like you would for any form (there are plenty of tutorials on this) and write the email into the regcheck table and redirect the user to the original signup form.  Remember to only write the email address into the regcheck table if the captcha is successful. That is the key to making this work.

·         Create an Insert Trigger on the ASPNET_membership table. I used the following code:


CREATE TRIGGER InsertTrigger ON [dbo].[testtable]

FOR INSERT

AS

Declare @theEmail VARCHAR(100)

Select @theEmail = (select email FROM inserted)

IF (select count(*) from regcheck where regcheck.email = @theEmail) < 1

    begin

          rollback transaction

          print 'email not found. insert cancelled'

   end

 else

    begin

         delete from regcheck where regcheck.email = @theEmail

    print 'insert successful'

   end

   This trigger looks for the email address in the regcheck table and does a rollback on the transaction if it is not found. If it is found the email is removed from the regcheck table so that it can’t be inappropriately used by another user.

Other Enhancements

This solution does have a few drawbacks. The first major drawback is the user has to enter their email address three times altogether. For the client I was working for this was acceptable. One possibility would be to use Javascript to plug in the email address entered on the pre registration page into the main form.

Another weakness is that this solution leaves orphan records in all the other tables that Community Server will be inserting data into. This can be addressed by adding insert triggers into those tables as well. The above code should give you what need to make that happen. Know though you will have to be careful where you put the delete for regcheck and that you will need to do joins with those other tables to find the email address.

Hopefully this article has helped those with Community Server with a way to keep the spammers from hammering their site with registrations.

Best of Luck!