From 614da0d2abb3c14d8f08228a741df9fe7862041d Mon Sep 17 00:00:00 2001
From: Doug Bell <doug@plainblack.com>
Date: Sun, 27 Apr 2008 21:28:18 +0000
Subject: [PATCH] added CAPTCHA to DataForm

---
 docs/changelog/7.x.x.txt                      |   2 +
 .../root_import_dataform.wgpkg                | Bin 0 -> 4524 bytes
 docs/upgrades/upgrade_7.5.10-7.5.11.pl        |  14 +
 lib/WebGUI/Asset/Wobject/DataForm.pm          | 257 ++++++++++++------
 lib/WebGUI/Form/Captcha.pm                    |  15 +-
 lib/WebGUI/Help/Asset_DataForm.pm             |  13 +-
 lib/WebGUI/i18n/English/Asset_DataForm.pm     |  36 +++
 7 files changed, 247 insertions(+), 90 deletions(-)
 create mode 100644 docs/upgrades/packages-7.5.11/root_import_dataform.wgpkg

diff --git a/docs/changelog/7.x.x.txt b/docs/changelog/7.x.x.txt
index 661196e18..09c0a645a 100644
--- a/docs/changelog/7.x.x.txt
+++ b/docs/changelog/7.x.x.txt
@@ -41,6 +41,8 @@
  - Fixed all Test::WWW::Mechanize tests and updated the skeleton. Should be 
    usable now.
  - fixed: Registration form now saves all progress if there is an error
+ - added: DataForm now can use CAPTCHA for Visitors
+ - Spent some time cleaning up DataForm, but it could use more.
 
 
 7.5.10
diff --git a/docs/upgrades/packages-7.5.11/root_import_dataform.wgpkg b/docs/upgrades/packages-7.5.11/root_import_dataform.wgpkg
new file mode 100644
index 0000000000000000000000000000000000000000..90b93746bc6522bb658fbdbe13186860da73686c
GIT binary patch
literal 4524
zcmV;d5mW9TiwFP!000001MOXVbK5o&&)@wN9CzBZH?^#{EXC)U#EFyik~G)2N!!z%
zhZ13l2}SBi%8uK~cfZ}mn=eU@tn;LDW^4%r7K_DVvHQb<solH%pL)IC>vZnj!@s?{
z{_Cip`n^V@Uhgz|^>(9u&uKIot<F6Mn%w@+B1zpCSi54Q$-*!1Z`pGg9Q@GW=x;ft
zJN1OP2HC?8{chE3?~^FpD33t9+ivT5hwr2ZV)~oCMk6!-tsc%lNb~l8ZfpK)x6k?}
zdie7zn1#J0jbeAg_MCz9FD!r`{PXW0=;=I;<}6NqmS6>HK~<bR&rjxodwu4o0X5!h
z>`@c(IB=8n$;WvVr_6gujl)F{m^H>RbK&8mYoxr_vRcE!OgYv0VifqvlzG<kkX^m=
zLod3bwsq@SavetV#4qeKx(ZqROTyykUO}(yV;Z~9nCqRnlfveUIG|>66r~6L3`ck1
zxv6^*#WRZsH%VA3`q=-+;j{Pc&TPbj;Qg!qe*NUv-#<>Q>VEP%j?yT-p7TN51M-t+
zzUQ&9V62yZ;=}x%xZ^21^Jgqtq<mc6x=mveM~nG$?}_L03XP`4K$2bu?2OG|MpGvE
ze*Gwg?`R$LPuHgEv1A<k^VE+xb4T;zZ^KbCe{gg#Kejp;gFYm$+!-I=J2ray%k#nD
zA&O}*co&V{voU-)jRKFwR>Qy#nNZI?;=?jnR#j4(lc^g{O0-G{;jPcO-t?^IsnX=f
zFr}y2DNR23^H)*oU-)BJ4cHdPjD-um9*U`eVlPOy_S`uvuFH&Klj6Mb|KM_JWoFS&
zUPR*$a&*}RWsaY;px^KH`<-6X<}zleHBkus@m?CudcW1|^tx?J9-x%&_=A+ay}Hxo
zs?s~OsIhPyU(eImlAg^|>Q02#u|?<c+YhrBFG6-XZ~xvrd-`_dXIIOc>jXF`SPu!T
z$cMpv>W)|n^ArT!xY(Wf2{%mcsL*nee58ysc8P43CA&r&<koC=?a|KNn1#{+ynaNp
zs#g(yve(}{_QMqUd9(UL6vq0~SD$XU8RVA}FWICQ02HhC|6aG#%k2Mcaszk!{|zT~
zjb@*>|KH6Ge(4ro?E%OQe&+hYdF8HNv^!=D?HaqfZC#ga*3$Tr{X24<5VqC75BGfU
z2siBWOE-4N;5_$^hkK6il|DN@I&hDN@i62K{R<~y32qHFpiy(ZnIHZXQiWj(Te~Jd
zj>0sKf&>W6Ie`P}+P~nnO_HXcC}~Zb1~J-qff5uFFXg0I97pka5JjTXMc|NM0Ry}M
zj^3~|^}|Ur+~b6ZC9Lga8p3D-|M+NRFhMnHGZ;Q>P{7Q{<VE**un5cth2zye5mklG
zJpZza(P0X8)YKV1m27_i1eSF>c0+XTWD~PX^iWU4j0xFLm##C7*#!tscMh9YeEq^t
z(i*G;&>mAl>QMl@YoK%oNqsv4-~NFEx|pX(F+dGAw*r#-S)QiSN#Y508MF#JtL)BW
z0ZUoFD^Xt1jje8KDk>Ml5++>FJM~%M<=IeA@{Cjt3)-C(Nl=vMsU2m8b+lB6&}^W^
zt05@D_2`IP5~aFm6wxitudfRntzMW?oflyM3(BFVH5tXIc|1yEP%lrB$Ic(?#RI16
z(hdAc2nw1;b5n7JttqrtN^RtV(8|sEFl?8!Sy^F8{z)V>kzBx11EIcWu}*SAe}4t0
zr8FM%_?elCo#hn-uwaJ3(7dxC(M5SqQHr`nMhj$hP;SY_&+NYoKL#%TRv?9B?uOR<
zyjhG=*kaKzjAG}&Fb|ww!k>e2z@{c2Ag}|Na4tg871s|c6D8Wx$~j&n?8Kd?<0;>%
za0HSHe)f+4^E^yh98yf?2H)M6yQ4Ga%^aG$`#;>LVDnr?W%s{_AQhUcIi)F;`zI{~
zK>!(-_247#UGOV50HMmfCNgDABrPcx()bM_00H#(dH-s^RErQBAZu0(RT)H|iIB`{
zQ5`*Vci(DY#*l@`%&IZ;OE4A=S__-}@*o<bGuX#UVlz8DZg%>1WQW{WMb~zKUd$qd
zZh#MwZ<T>5q=W~9XJ;>8$Zyv8ssr>XKueDTh~T;BMxcv>pbwfjSXKw)L^?0i=AT?M
z(XrXTaA$sSJ#b^+4Ic3FnHx|1a33t=pf&$!7mlJdjb^I+6Sk<C9?}xp)Mo-9#GpS<
zi8Lo6HvlK~Zb-p$MSv?oW`7p_u|JAF?n9^G!3{=H3^)*$Q18QZ1V{vGUg!<J?)LDX
zcrcEFC?0%$QpbOy?8^7j=>Tw|Z$tsgcAxf=LF`Yad`QD|4!bAzrsbC(_%K~E0YcUt
zF$Y{w<}e)>#s4RtHO}tU)K8h<O?P=HWIarYUyqFem_?*%0K;Z6E@f&{)Wu*5NK)*G
zUb5}O$ZQI>89@dcpEK7zY3DlFQLE8ubTjL~#EvqHbQ)bf579Jm9L$b=Fqnb8W6Yr`
zX{{~dt3pZPi5L8Ie)8(&c|19NG#OvVr}4)ti<F;~LP?uNiJI+Jztip8QnFB@5}5e2
zQJ!)@palPEZV~@!cbeJrpLQFL(st)R<<qvYCp-KnckU$dACFzQiy%E`xaC<ELm(?;
zBa1Mg!;V#bI~Wl6#pyThGu-<m<b&LD9hu394vwP4?gy?%3!;`Wl%Uy#{SZo;P{Q|M
z_)>>2w57u5!}>QW5aYdMVm$PzPBCN>j&;UcSA?1^AmqsSj&^12b3z*=boBM(Q~U>I
zv{^xkb^-Rqrq8Q9pkT!GxQ&R-86cFy9e9KeKsXq?W7sK&)axK8M$e~p{8!mCuR=X5
z+=d50JYwS=QfKf{#w+j<;|n|LQ9*!ssv@AwM1n_bOrs5;0Wu&F012W|Pox3Ru(mBN
zP<=tPe+M){v%|%+MQzYsZ%!jj4Y7>Ot;B`)0hQ?=epX!gm|IroNzSsaaKO4oY}jaY
z^C<<Z$A;x>ZYw_A;OTDj@UVSYdAj?5^3dlah+6Q#fm~7X%Z>;B(jNN8T)jd<CH{YF
zoBn^Z)y|#&)|)&3zi`4fT)6Z9m-_zzJB86zz`O|q>@c-<-6fGgqn=BrSvAMYwt(9`
z4Gv}aP<8+Y4s^v?a44J<1jdn+c@CKoCI%8nOnK0m=kQdVS`km^DBD4aJp0YGBf2Fa
zkO+-RgO<XWhG*XiX6-X8aPtC&8G|gwFhmW72LsY6$KwMUsXpwYhKOzzG&4L#kS0VA
zQm7(w5F(awgnY^)2mHokituO-Cp6Hw;8YfaDRDZf&Udiv1s?5MEKyB45IBQ@x!A_3
zMBaB}8_Dbw-si)Lb-iIfwBE`%S8JV7NI$fS;ca=Odq<@w7GVvP$F!7)c!SCtrxb*c
zho9giB2yJk6GUx|h10nMv@ZbPk;E``Yoh?@aDC-{2~?oj?;Q4?JQ(tNn+3Z?vR@{7
z)=ren%=Wgx?wu>WVejb6Cs*SCx3}p3cRP*j{U5;pcmDrYlyB$%m;3+VnVrMEleIkl
zdee5?w}bsxdv}IUn)BqiyISh!ujb_oCllOEa(;oDOuWMV-}3*>Q*m<Am!#1#ogSFa
zM%2$N=hV#Ko4UypNLqxuOXPkp>5XRyJ`4iUM!LsQI1c>r2RMPy?)`iB(&aZ_YLHHL
z;m0#NsIMs+cIu=mmZWnm>pU$Gnv97`X9lY*OBbX=nAH*xsmo>b&Q?o5<m_9+kwIK0
zGNdR)ox)(Y2I&MH7=bcnLM0Vrp$M;?=Z}FJMpb-Haz|aE<M1b?k=_uhV5PEt^kf&r
za?sE`%TdX6#+ip1mGS4|_@-iPkX<+PDFNGo(2&U?iWpEI>BN{CBJ(YQ9)^eoW0B!y
zfra1{Y78>1@;V|PqNE}37L&vUD^jW?Z&3|bwHz83sXpX#j5_v_5J|si0wmKalr~8i
zkujgY%siNNtrI8|51+Ae)^oa0#tI}kifMuxtTtWDAk{H5S-H-nh@hSb&$kgq+Yr>|
z4sl@49ZVCq0I|&m&do+U4+5-lfK$lgT?myiwGYf>QD{3f17=D~gNh=CHk0}&jHW9K
zNd>KJIE}HlNNhmWrYycvMhY84D|L~82i;Yfdq5j~j%?l@6pK(@X6-?VnX?C9^BH?k
zXyxm{_biJ`WNK#WkpMkoIFO}hq6i{G&+3Ho^CWM@*?9$IRc2m6OP-g9jW!HZbn0*`
zu~oOT%{C2F9OMkZs)>0!tYRzi-Lg(f;{VR};(s`#hhX1+|3|wGDS^BEzh#rRf#<vU
zzcl^_A8qaHpP<Z^JG8Cv|MRbZ>Qu9`kdvpf-MuTI5Gq$+0@cwpIsUnep!9tCWzeGo
zsH3t6wR11C9C!CZ;mW9iYKT0`N>E{act>S#VuT5*%0z@JC#JGHaRW4mB#H7o^CDoB
zcYK$^GOLVP-T%z7p`PR!sT`KL0a`>4A)7q4?6Asih8h3}U13wVLdjZ~=lWnQ<+UXV
zUD0AgBZ?pN!lC<w8c<84$pl_I<Bq=5ok62o0(TO@mt@D^Ll!RGUx(6?Do{h_0YD||
z=o(4!@k<5aG%AgpHW*M%L78f9<pA-b9@1C0No5yMftv?YZwg9``;nr75|uF{8uNk9
zOkrlEp(lsblyW5uvEXGJMAy_Xcyl>R+5BLXftG`S&~UUI3d`N()%9hnvn=6MG{%Pa
zDp$JWYZDObz5MM2W_8}DXi_wTW@THBe0&9SYBkBt<{D2Gtfj?itEi?0Y9X`ebs_4X
z7AFu17>B9KE=$`@g;aFseo}M~Ip0X?JC_j0;j}vG`dprwJIeZTcKL8}s1=5C>gxHW
zq@PJruuRS2RNZH`8j~%OYXmvacbkg_2HmOq6($}2xk!!VUFafenfuY2VBw@gp}nw#
zTx152Ue-C!1Sy+$F!*=SAb5KR+|Y(o4Y=!(k^PY+8W66Qj6F^{!h+Fc#$k;BzHkUs
z@NEj#?m*sx7UR_xl9mz7ym34H=J&wGQGvR9t?qsEYc<w#*ZiT%)DriSU*Xo}sEmFn
z-o&Acsk$7G6(^7mmc1IS@Rsokx4P|HNE-uw&)m^%U+Qi(`}Q#^GQT?RTgc%ZfPF#N
z@8q3sP}ft?<lU8Sz-Miw{V#r{yW6od*)|OyTQ+c2<T&jwKEC_yS%*Ds?Em<q>zzLR
z`I)=B(tR^9umu0@ZV~@&HoE!yAI<I#|Gn9auGeaZ|CZvv^AUQOv_RyqM%#8vmR<kI
zRNtY&(r3TD7Xm`4W1zwOeB6j`xHC?m$KAq#6(~^f?mxQ20nVccfh4MgB~qX^#!;Da
zCnK(clpq3AznEA5IT~fuF<5ol-cKQfa^@wTn;^qx&Y=)?C48Gp4dg)X4cLdw#Ul2N
zgvRAquz{&mV{H{Ld{jVo5hQ(TyqiJ3e3XM9)f6GB%jc;H=zICF3_!Iqm{%yOd`$+v
zv>YH3BWXsM6HIi&AH$>&l%*kB{#^g&H8bgm@@5%mimqvYlHiS9n*V0Pf`~ONMOpJC
zic6H4DbtAJX62=dplP?tt5-ka#0a_})v~bL>ZbXpwvEj{FD|)ZD`oUK2C7lu;$Czq
z^v7{wT~z$ZR0#<4tB~Si0{K!kcbw@gdYo@iU6P$WjVo8T(@!}Cg*WR5t9{BcfGda4
z(AAo&tWvQpuiQ#*-BOHYsP)POEyxx}p)p&;pI4<L>uE?<maO_WD^ZCNufv6bCok)E
z>0*Ei96Qfa63f=W&}9wrM4`>bu4v%R9M+fSS>ftp%gCAF4Zf$;Jn$@A)W$S`GSn2L
zEo}#k2?ZmDD%2OgDPUe}K!#KS<c))^No*VCVqrVCf^XZYHXFmY<#k&;Q#*xGSp(T@
zesimL*tf~Ag>zSO`laICGUb^(>w*MoU0(3^Qp1beq1|5s+MTmBrWsiOC8qVmzWpBp
z-3i2deieJo-+q4k>l=7=@XL4qymsIIa<=mShx6sX#B@E#b60yOft>_)64*%qB=A49
KAWx|Pb^rjwg!Hfg

literal 0
HcmV?d00001

diff --git a/docs/upgrades/upgrade_7.5.10-7.5.11.pl b/docs/upgrades/upgrade_7.5.10-7.5.11.pl
index eedb6dc74..15e6d8c6e 100644
--- a/docs/upgrades/upgrade_7.5.10-7.5.11.pl
+++ b/docs/upgrades/upgrade_7.5.10-7.5.11.pl
@@ -43,9 +43,23 @@ convertTransactionLog($session);
 upgradeEMS($session);
 migrateOldProduct($session);
 mergeProductsWithCommerce($session);
+addCaptchaToDataForm( $session );
 
 finish($session); # this line required
 
+#----------------------------------------------------------------------------
+# Add the useCaptcha field to DataForm assets
+sub addCaptchaToDataForm {
+    my $session = shift;
+    print "\tAdding CAPTCHA to DataForm... " unless $quiet;
+
+    $session->db->write( 
+        q{ ALTER TABLE DataForm ADD COLUMN useCaptcha INT(1) DEFAULT 0 }
+    );
+
+    print "DONE!\n" unless $quiet;
+}
+
 #----------------------------------------------------------------------------
 sub addReferralHandler {
     my $session = shift;
diff --git a/lib/WebGUI/Asset/Wobject/DataForm.pm b/lib/WebGUI/Asset/Wobject/DataForm.pm
index 8dd6123c2..aa146b8fc 100644
--- a/lib/WebGUI/Asset/Wobject/DataForm.pm
+++ b/lib/WebGUI/Asset/Wobject/DataForm.pm
@@ -175,40 +175,44 @@ sub definition {
 			templateId =>{
 				fieldType=>"template",
 				defaultValue=>'PBtmpl0000000000000141',
-				},
+                        },
 			acknowledgement=>{
 				fieldType=>"textarea",
 				defaultValue=>undef
-				},
+                        },
 			emailTemplateId=>{
 				fieldType=>"template",
 				defaultValue=>'PBtmpl0000000000000085',
-				},
+                        },
 			acknowlegementTemplateId=>{
 				fieldType=>"template",
 				defaultValue=>'PBtmpl0000000000000104',
-				},
+                        },
 			listTemplateId=>{
 				defaultValue=>'PBtmpl0000000000000021',
 				fieldType=>"template"
-				},
+                        },
 			mailData=>{
 				defaultValue=>0,
 				fieldType=>"yesNo"
-				},
+                        },
 			mailAttachments=>{
 				defaultValue=>0,
 				fieldType=>'yesNo',
-				},
+                        },
 			defaultView=>{
 				defaultValue=>0,
 				fieldType=>"integer"
-				},
+                        },
 			groupToViewEntries=>{
 				defaultValue=>7,
 				fieldType=>"group"
-				},
-			}
+                        },
+                        useCaptcha  => {
+                            fieldType       => "yesNo",
+                            defaultValue    => 0,
+                        },
+                    }
 		});
         return $class->SUPER::definition($session, $definition);
 }
@@ -354,6 +358,13 @@ sub getEditForm {
 		-value=>$self->getValue("mailAttachments"),
 		);
 
+        $tabform->getTab("properties")->yesNo(
+            -name       => "useCaptcha",
+            -label      => $i18n->get( "editForm useCaptcha label" ),
+            -hoverHelp  => $i18n->get( "editForm useCaptcha description" ),
+            -value      => $self->getValue( "useCaptcha" ),
+        );
+
 	$tabform->getTab("security")->group(
 		-name=>"groupToViewEntries",
 		-label=>$i18n->get('group to view entries'),
@@ -605,6 +616,18 @@ sub getRecordTemplateVars {
 	$var->{tab_loop} = \@tabs;
 	$var->{"form.send"} = WebGUI::Form::submit($self->session,{value=>$i18n->get(73)});
 	$var->{"form.save"} = WebGUI::Form::submit($self->session,);
+        
+        # Create CAPTCHA if configured and user is not a Registered User
+        if ( $self->useCaptcha ) {
+            # Create one captcha we can use multiple times
+            my $captcha
+                = WebGUI::Form::Captcha( $self->session, {
+                    name        => 'captcha',
+                } );
+
+            $var->{ "form.captcha" } = $captcha;
+        }
+
 	$var->{"form.end"} = WebGUI::Form::formFooter($self->session,);
 	return $var;
 }
@@ -621,24 +644,25 @@ as well as shared template vars.
 sub getTemplateVars {
     my $self        = shift;
     my $var         = $self->get;
-	my $i18n = WebGUI::International->new($self->session,"Asset_DataForm");
+    my $i18n = WebGUI::International->new($self->session,"Asset_DataForm");
 
-	$var->{canEdit} = ($self->canEdit);
+    $var->{ useCaptcha } = ( $self->useCaptcha ? 1 : 0 );
+    $var->{canEdit} = ($self->canEdit);
     $var->{canViewEntries}  = ($self->session->user->isInGroup($self->get("groupToViewEntries")));
-	$var->{"hasEntries"} = $self->hasEntries;
-	$var->{"entryList.url"} = $self->getListUrl;
-	$var->{"entryList.label"} = $i18n->get(86);
-	$var->{"export.tab.url"} = $self->getUrl('func=exportTab');
-	$var->{"export.tab.label"} = $i18n->get(84);
-	$var->{"addField.url"} = $self->getUrl('func=editField');
-	$var->{"addField.label"} = $i18n->get(76);
-	$var->{"deleteAllEntries.url"} = $self->getUrl("func=deleteAllEntriesConfirm");
-	$var->{"deleteAllEntries.label"} = $i18n->get(91);
-	$var->{"javascript.confirmation.deleteAll"} = sprintf("return confirm('%s');",$i18n->get('confirm delete all'));
-	$var->{"javascript.confirmation.deleteOne"} = sprintf("return confirm('%s');",$i18n->get('confirm delete one'));
-	$var->{"addTab.label"}=  $i18n->get(105);;
-	$var->{"addTab.url"}= $self->getUrl('func=editTab');
-	$var->{"tab.init"}= $self->_createTabInit($self->getId);
+    $var->{"hasEntries"} = $self->hasEntries;
+    $var->{"entryList.url"} = $self->getListUrl;
+    $var->{"entryList.label"} = $i18n->get(86);
+    $var->{"export.tab.url"} = $self->getUrl('func=exportTab');
+    $var->{"export.tab.label"} = $i18n->get(84);
+    $var->{"addField.url"} = $self->getUrl('func=editField');
+    $var->{"addField.label"} = $i18n->get(76);
+    $var->{"deleteAllEntries.url"} = $self->getUrl("func=deleteAllEntriesConfirm");
+    $var->{"deleteAllEntries.label"} = $i18n->get(91);
+    $var->{"javascript.confirmation.deleteAll"} = sprintf("return confirm('%s');",$i18n->get('confirm delete all'));
+    $var->{"javascript.confirmation.deleteOne"} = sprintf("return confirm('%s');",$i18n->get('confirm delete one'));
+    $var->{"addTab.label"}=  $i18n->get(105);;
+    $var->{"addTab.url"}= $self->getUrl('func=editTab');
+    $var->{"tab.init"}= $self->_createTabInit($self->getId);
 
     return $var;
 }
@@ -854,6 +878,29 @@ sub sendEmail {
     }
 }
 
+#----------------------------------------------------------------------------
+
+=head2 useCaptcha ( )
+
+Returns true if we should use and process the CAPTCHA.
+
+We should use the CAPTCHA if it is selected in the asset properties and the
+user is not a Registered User.
+
+=cut
+
+sub useCaptcha {
+    my $self        = shift;
+
+    if ( $self->get('useCaptcha') ) {
+        if ( !$self->session->user->isInGroup( '2' ) ) {
+            return 1;
+        }
+    }
+
+    return 0;
+}
+
 #-------------------------------------------------------------------
 sub view {
 	my $self = shift;
@@ -1257,65 +1304,107 @@ sub www_moveTabLeft {
 
 #-------------------------------------------------------------------
 sub www_process {
-	my $self = shift;
-	return $self->session->privilege->insufficient() unless $self->canView;
-	my $entryId = $self->setCollateral("DataForm_entry","DataForm_entryId",{
-		DataForm_entryId=>$self->session->form->process("entryId") || undef,
-                assetId=>$self->getId,
-                userId=>$self->session->user->userId,
-                username=>$self->session->user->username,
-                ipAddress=>$self->session->env->getIp,
-                submissionDate=>$self->session->datetime->time()
-		},0);
-	my ($var, %row, @errors, $updating, $hadErrors);
-    $var = $self->getTemplateVars;
-	$var->{entryId} = $entryId;
-	my $i18n = WebGUI::International->new($self->session,"Asset_DataForm");
-	tie %row, "Tie::CPHash";
-	my $sth = $self->session->db->read("select DataForm_fieldId,label,name,status,type,defaultValue,isMailField from DataForm_field 
-		where assetId=".$self->session->db->quote($self->getId)." order by sequenceNumber");
-	while (%row = $sth->hash) {
-		my $value = $row{defaultValue};
-		if ($row{status} eq "required" || $row{status} eq "editable") {
-			$value = $self->session->form->process($row{name},$row{type},$row{defaultValue});
-			WebGUI::Macro::filter(\$value);
-		}
-		if ($row{status} eq "required" && ($value =~ /^\s$/ || $value eq "" || not defined $value)) {
-			push (@errors,{
-				"error.message"=>$row{label}." ".$i18n->get(29).".",
-				});
-			$hadErrors = 1;
-			delete $var->{entryId};
-		}
-		if ($row{status} eq "hidden") {
-			$value = $row{defaultValue};
-                        WebGUI::Macro::process($self->session,\$value);
+    my $self = shift;
+    return $self->session->privilege->insufficient() unless $self->canView;
+    my $session = $self->session;
+    my $db      = $self->session->db;
+    my $i18n    = WebGUI::International->new($session,"Asset_DataForm");
+    # TODO: Why do we create the entire entry instead of just generating the entryId 
+    # and only adding the entry data if there are no errors?
+    my $entryId 
+        = $self->setCollateral("DataForm_entry","DataForm_entryId", {
+            DataForm_entryId    => $session->form->process("entryId") || undef,
+            assetId             => $self->getId,
+            userId              => $session->user->userId,
+            username            => $session->user->username,
+            ipAddress           => $session->env->getIp,
+            submissionDate      => $session->datetime->time,
+        }, 0
+    );
+    my $var = $self->getTemplateVars;
+    $var->{entryId} = $entryId;
+    
+    # Process form
+    my (@errors, $updating, $hadErrors);
+    tie my %row, "Tie::CPHash";
+    my $sth = $self->session->db->read(
+        "SELECT * FROM DataForm_field WHERE assetId=? ORDER BY sequenceNumber",
+        [ $self->getId ]
+    );
+    while (%row = $sth->hash) {
+        my $value = $row{defaultValue};
+        if ($row{status} eq "required" || $row{status} eq "editable") {
+            $value = $self->session->form->process($row{name},$row{type},$row{defaultValue});
+            WebGUI::Macro::filter(\$value);
+        }
+        if ($row{status} eq "required" && (!$value || $value =~ /^\s*$/)) {
+            push @errors, {
+                "error.message" => $row{label} . " " . $i18n->get(29) . ".",
+            };
+            $hadErrors = 1;
+            delete $var->{entryId};
+        }
+        if ($row{status} eq "hidden") {
+            $value = $row{defaultValue};
+            WebGUI::Macro::process($self->session,\$value);
+        }
+
+        # Keep adding rows unless there was an error
+        unless ($hadErrors) {
+            # Check if this entry / field exists and do what's appropriate
+            # TODO: This should be refactored into a method
+            my $exists 
+                = $db->quickScalar(
+                    "SELECT COUNT(*) FROM DataForm_entryData WHERE DataForm_entryId=?
+                    AND DataForm_fieldId=?",
+                    [ $entryId, $row{DataForm_fieldId} ]
+                );
+            if ($exists) {
+                if ( $self->canEdit ) {
+                    $db->write(
+                        "UPDATE DataForm_entryData SET value=?
+                        WHERE DataForm_entryId=? AND DataForm_fieldId=?",
+                        [ $value, $entryId, $row{DataForm_fieldId} ],
+                    );
+                    $updating = 1;
                 }
-		unless ($hadErrors) {
-			my ($exists) = $self->session->db->quickArray("select count(*) from DataForm_entryData where DataForm_entryId=".$self->session->db->quote($entryId)."
-				and DataForm_fieldId=".$self->session->db->quote($row{DataForm_fieldId}));
-			if ($exists) {
-				$self->session->db->write("update DataForm_entryData set value=".$self->session->db->quote($value)."
-					where DataForm_entryId=".$self->session->db->quote($entryId)." and DataForm_fieldId=".$self->session->db->quote($row{DataForm_fieldId})) if $self->canEdit;
-				$updating = 1;
-			} else {
-				$self->session->db->write("insert into DataForm_entryData (DataForm_entryId,DataForm_fieldId,assetId,value) values
-					(".$self->session->db->quote($entryId).", ".$self->session->db->quote($row{DataForm_fieldId}).", ".$self->session->db->quote($self->getId).", ".$self->session->db->quote($value).")");
-			}
-		}
-	}
-	$sth->finish;
-	$var->{error_loop} = \@errors;
-	$var = $self->getRecordTemplateVars($var);
-	if ($hadErrors && !$updating) {
-		$self->session->db->write("delete from DataForm_entryData where DataForm_entryId=".$self->session->db->quote($entryId));
-		$self->deleteCollateral("DataForm_entry","DataForm_entryId",$entryId);
-		$self->prepareView($var);
-		$self->processStyle($self->view);
-	} else {
-		$self->sendEmail($var) if ($self->get("mailData") && !$updating);
-		return $self->session->style->process($self->processTemplate($var,$self->get("acknowlegementTemplateId")),$self->get("styleTemplateId")) if $self->defaultViewForm;
-	}
+            } else {
+                $db->write(
+                    "INSERT INTO DataForm_entryData ( DataForm_entryId, DataForm_fieldId, assetId, value) 
+                    VALUES ( ?, ?, ?, ? )",
+                    [ $entryId, $row{DataForm_fieldId}, $self->getId, $value ],
+                );
+            }
+        }
+    }
+    $sth->finish;
+
+    # Process CAPTCHA
+    if ( $self->useCaptcha ) {
+        if ( !$self->session->form->process( 'captcha', 'captcha' ) ) {
+            $hadErrors  = 1;
+            delete $var->{ entryId };
+            push @errors, {
+                "error.message" => $i18n->get( 'error captcha' ),
+            };
+        }
+    }
+
+    $var->{error_loop} = \@errors;
+    $var = $self->getRecordTemplateVars($var);
+    if ($hadErrors && !$updating) {
+        # TODO: This is not right. See the TODO at the top of this method (where the entry is created)
+        $db->write(
+            "DELETE FROM DataForm_entryData WHERE DataForm_entryId=?",
+            [ $entryId ]
+        );
+        $self->deleteCollateral("DataForm_entry","DataForm_entryId",$entryId);
+        $self->prepareView($var);
+        $self->processStyle($self->view);
+    } else {
+        $self->sendEmail($var) if ($self->get("mailData") && !$updating);
+        return $self->session->style->process($self->processTemplate($var,$self->get("acknowlegementTemplateId")),$self->get("styleTemplateId")) if $self->defaultViewForm;
+    }
 }
 
 
diff --git a/lib/WebGUI/Form/Captcha.pm b/lib/WebGUI/Form/Captcha.pm
index e428c2512..77f7e942a 100644
--- a/lib/WebGUI/Form/Captcha.pm
+++ b/lib/WebGUI/Form/Captcha.pm
@@ -100,11 +100,16 @@ Returns a boolean indicating whether the string typed matched the image.
 =cut
 
 sub getValue {
-	my $self = shift;
-    my $value = $self->SUPER::getValue(@_); 
-	my $challenge = $self->session->scratch->get("captcha_".$self->get("name"));
-	$self->session->scratch->delete("captcha_".$self->get("name"));
-	return (lc($value) eq lc($challenge));
+    my $self        = shift;
+    my $value       = $self->SUPER::getValue(@_); 
+    my $challenge   = $self->session->scratch->get("captcha_".$self->get("name"));
+    $self->session->scratch->delete("captcha_".$self->get("name"));
+    my $passed  = lc $value eq lc $challenge;
+    $self->session->errorHandler->info( 
+        "Checking CAPTCHA '" . $self->get("name") . "': " . ( $passed ? "PASSED!" : "FAILED!" )
+        . " Got: '" . $value . "', Wanted: '" . $challenge . "'"
+    );
+    return $passed;
 }
 
 #-------------------------------------------------------------------
diff --git a/lib/WebGUI/Help/Asset_DataForm.pm b/lib/WebGUI/Help/Asset_DataForm.pm
index 7c6d9dc6f..a6645751e 100644
--- a/lib/WebGUI/Help/Asset_DataForm.pm
+++ b/lib/WebGUI/Help/Asset_DataForm.pm
@@ -111,7 +111,18 @@ our $HELP = {
             },
             {   'required' => 1,
                 'name'     => 'form.end'
-            }
+            },
+            {
+                name        => 'useCaptcha',
+                required    => 1,
+                description => 'helpvar useCaptcha',
+            },
+            {
+                name        => 'form.captcha',
+                required    => 1,
+                description => 'helpvar form.captcha',
+            },
+
         ],
         related => [
             {   tag       => 'data form list template',
diff --git a/lib/WebGUI/i18n/English/Asset_DataForm.pm b/lib/WebGUI/i18n/English/Asset_DataForm.pm
index 4b06ed2e9..a52bfe713 100644
--- a/lib/WebGUI/i18n/English/Asset_DataForm.pm
+++ b/lib/WebGUI/i18n/English/Asset_DataForm.pm
@@ -955,6 +955,42 @@ be useful, others may not.|,
 		 lastUpdated => 1164910794,
         },
 
+        'error captcha' => {
+            message     => q{CAPTCHA entered incorrectly. Please try again.},
+            lastUpdated => 0,
+            context     => q{Error message for CAPTCHA "Verify Your Humanity" failure},
+        },
+        
+        'template captcha label' => {
+            message     => q{Verify Your Humanity},
+            lastUpdated => 0,
+            context     => q{Label for CAPTCHA field in data form},
+        },
+
+        'editForm useCaptcha label' => {
+            message     => q{Use Captcha for Visitors?},
+            lastUpdated => 0,
+            context     => q{Label for asset property},
+        },
+
+        'editForm useCaptcha description' => {
+            message     => q{If 'yes', the DataForm will require a CAPTCHA for Visitors. Registered users
+                            will not see the CAPTCHA.},
+            lastUpdated => 0,
+            context     => q{Description of asset property},
+        },
+
+        'helpvar useCaptcha' => {
+            message     => q{This variable is true when the CAPTCHA should be shown.},
+            lastUpdated => 0,
+            context     => q{Description of template variable},
+        },
+
+        'helpvar form.captcha' => {
+            message     => q{The input field and image for the CAPTCHA},
+            lastUpdated => 0,
+            context     => q{Description of template variable},
+        },
 };
 
 1;