In the world of modern content operation, website comment sections are not only important places for user interaction but also often become hotbeds of spam and malicious attacks.These annoying spam comments not only affect user experience and reduce the quality of website content, but may also have a negative impact on search engine optimization (SEO).As an experienced website operations expert, I am well aware of the importance of defending against these automated scripts and malicious behaviors.Luckyly, AnQiCMS (AnQi CMS) provides us with a simple and efficient solution - by integrating CAPTCHA functionality, we can effectively build a solid defense line for the comment submission form.

AnQiCMS is an enterprise-level content management system developed based on the Go language, which has always made efficiency and security one of its core strengths from the beginning.It not only supports multi-site management, flexible content models, and powerful SEO tools, but also integrates various security mechanisms at the system level, of which preventing malicious submissions is an important link.Integrated captcha, taking advantage of this advantage of AnQiCMS, helps us maintain a healthy and pure comment environment.

Why does the comment section need captcha?

Imagine if your website's comment section were filled with thousands of spam ads and virus links, what would users think? How would search engines evaluate your website?

  1. User experience is declining:Redundant spam makes it difficult to find truly valuable comments, and the user's reading and interaction experience plummets.
  2. Content quality deteriorated: Spam comments dilute the original content of the website, which may lead to the website's overall quality being judged as poor by search engines.
  3. SEO risk:Comments containing a large number of malicious links or keyword stuffing may trigger the search engine's penalty mechanism and affect the website ranking.
  4. Resource waste: The server needs to handle these invalid requests, consuming bandwidth and computing resources; manual review and cleaning up spam comments also takes a lot of time and effort.

CAPTCHA is exactly designed for these issues.It distinguishes legitimate users from automated robots by designing some challenges that only humans can recognize (or are difficult to recognize), thereby effectively blocking most spam comments.

The steps to integrate the captcha in the AnQiCMS comment submission form

AnQiCMS integrates the captcha feature design into its template system and API interface, making the integration process flexible and direct.Below, we will detail how to add a captcha feature step by step to your comment submission form.

Step 1: Enable the captcha function in the AnQiCMS background

This is the basis of integrated captcha, you need to perform simple configuration in the AnQiCMS background management interface.

  1. Log in to your AnQiCMS background.
  2. Navigate to the 'Function Management' menu, where you will find configuration options for the various features of the website.
  3. In the "Function Management", find "Content Comment Management" or "Website Message Management" (the specific name may vary depending on the AnQiCMS version or your custom settings, but it will usually be related to comments or messages).
  4. After entering the corresponding management page, you will see an option for "Content Settings" or "Message Settings", which includes the switch for the "Message Comment Verification Code Function".You need to enable this feature. Typically, this would be a checkbox or a toggle switch, just click or check it.

After enabling the background settings, the AnQiCMS system gains the ability to generate and verify captcha codes.Next, we need to add the display of the captcha and the input box to the front-end user submission form.

Step two: Modify the template file of the comment submission form

Now, we need to delve into the AnQiCMS template files and embed the captcha element into your comment or message form.The AnQiCMS template system adopts a syntax similar to the Django template engine, making this part of the work intuitive and easy to understand.

  1. Determine the location of the template file:According to the AnQiCMS template convention (refer todesign-director.md), the template of the comment list page is usually namedcomment/list.htmlWhile the comment page might beguestbook/index.html. You need to find the actual template file used to render the comment or message submission form. This form usually includesuser_name/contact/contentfields.

  2. Locate the form elements:Open the template file you find and locate in it<form method="post" action="/comment/publish">Or for comments (for)<form method="post" action="/guestbook.html">(For comments) Label inside. The elements related to the captcha should be placed before the submit button, in a position where the user can easily see and enter.

  3. Insert captcha code:AnQiCMS provides clear code examples to integrate captcha.You can insert the following HTML and JavaScript code at the appropriate location in the form.Here I provide two common ways to implement JavaScript: pure JavaScript and jQuery version, you can choose one according to the JS library you use in your template.

    Pure JavaScript version:

    {# 评论表单中的验证码部分 #}
<div style="display: flex; align-items: center; margin-bottom: 15px;">
    <input type="hidden" name="captcha_id" id="captcha_id">
    <input type="text" name="captcha" required placeholder="请输入验证码" class="form-control" style="flex: 1; margin-right: 10px;">
    <img src="" id="get-captcha" style="width: 120px; height: 40px; cursor: pointer; border: 1px solid #ddd; vertical-align: middle;" alt="验证码" title="点击刷新验证码"/>
    <script>
        // 获取验证码图片的函数
        function refreshCaptcha() {
            fetch('/api/captcha')
                .then(response => response.json())
                .then(res => {
                    document.getElementById('captcha_id').setAttribute("value", res.data.captcha_id);
                    document.getElementById('get-captcha').setAttribute("src", res.data.captcha);
                })
                .catch(err => console.error('Failed to load CAPTCHA:', err));
        }

        // 页面加载时立即刷新一次验证码
        document.addEventListener('DOMContentLoaded', refreshCaptcha);
        // 点击图片时刷新验证码
        document.getElementById('get-captcha').addEventListener("click", refreshCaptcha);
    </script>
</div>

    jQuery version (if your template has included jQuery):

    {# 评论表单中的验证码部分 #}
<div style="display: flex; align-items: center; margin-bottom: 15px;">
    <input type="hidden" name="captcha_id" id="captcha_id">
    <input type="text" name="captcha" required placeholder="请输入验证码" class="form-control" style="flex: 1; margin-right: 10px;">
    <img src="" id="get-captcha" style="width: 120px; height: 40px; cursor: pointer; border: 1px solid #ddd; vertical-align: middle;" alt="验证码" title="点击刷新验证码"/>
    <script>
        // 获取验证码图片的函数
        function refreshCaptcha_jQuery() {
            $.get('/api/captcha', function(res) {
                $('#captcha_id').val(res.data.captcha_id);
                $('#get-captcha').attr("src", res.data.captcha);
            }, 'json').fail(function(jqXHR, textStatus, errorThrown) {
                console.error('Failed to load CAPTCHA:', textStatus, errorThrown);
            });
        }

        // 页面加载时立即刷新一次验证码
        $(document).ready(refreshCaptcha_jQuery);
        // 点击图片时刷新验证码
        $('#get-captcha').on("click", refreshCaptcha_jQuery);
    </script>
</div>

    Code analysis:

    • <input type="hidden" name="captcha_id" id="captcha_id">This is a hidden field used to store the unique identifier for the captcha.Each time a new captcha is requested, this ID will be updated and sent to the server for verification at the same time when the form is submitted.
    • <input type="text" name="captcha" required placeholder="请输入验证码" ...>This is the text box for entering the user's input captcha.name="captcha"This is the key field that the server receives the user's input captcha.
    • <img src="" id="get-captcha" ...>This is the place to display the captcha image. Itssrcproperty is updated dynamically through JavaScript.cursor: pointer;andtitle="点击刷新验证码"improves user experience, prompting users that the image can be clicked to refresh.
    • <script>Block: This JavaScript code is responsible for:
      • Immediately send a request to the interface after the page is loaded,/api/captchato obtain and display the new captcha image and its ID.
      • Add a click event listener to the captcha image, so that when the user clicks the image, the captcha can be refreshed.

  4. Save and update the cache:Be sure to save the template file after making changes. If AnQiCMS