Add Captcha to Sugar CRM Web to Lead forms

Howdy!

Capturing leads via web based forms is something that is pretty standard in many industries that rely on internet marketing for sales.

One of the many leading CRM (Customer relationship management) systems, which also happens to have an open source “community” edition is Sugar CRM.

Out of the box, Sugar CRM community edition does not offer the ability for anti-spam measures such as captcha. By default, implementing a web to lead form that integrates Sugar onto your public facing website appears to become a magnet for spam form submissions. Spammers can scrape indexed google results for specific fingerprints that are indicative of “spammable” web forms. This can happen quickly after implementing a form, as your site gets re-indexed by google.

Sometimes it can be very bad, which for us, it motivated us to implement reCaptcha (Google’s Captcha library) with the web to lead Sugar CRM forms.

It was much easier than we thought. Here’s how to do it with your Sugar CRM web to lead form :

Implement Recaptcha right near your submit button on the form

Add the following code (or the code in reCaptcha’s latest instructions) :

Its important to note that you’re not fundamentally altering how the Sugar CRM web to lead form works. Your just including the recaptcha library and displaying the captcha input box, with the captcha image of course.

The form, at this point, will still submit and be processed by Sugar regardless of what you enter in the captcha box. The next step is to include the recaptcha “check” in the actual Sugar Lead processing function.

Basically the recaptcha check, out of the box, does a simple check of the captcha input and “dies” if the input is incorrect. If its correct, you can put whatever php code in the “else” statement, which in Sugars case would be the actual form processing.

Process the captcha and submit the lead form

For Sugar CRM 6.5.x, the file you want to edit is modules/Campaigns/WebToLeadCapture.php. This file is supposed to have a check built in that allows you to overwrite this file with a leadCapture_override.php file in the root folder. This allows the changes you make to be “upgrade safe”, meaning that if you upgrade sugar, the changes wont get overwritten.

Here is the recaptcha “check” that verifies captcha input :

Notice the “else” statement at the bottom, thats what you want to have the Sugar code that processes the lead form execute. You dont want Sugar to do ANYTHING if the captcha was not verified.

Edit the WebToLeadCapture.php file and add the above code around line 58, or above the following code that starts checking the html form’s POST values :

Simply put the else statement right above the above code, and ensure the opening and closing brackets for the recaptcha else statement encompass all the subsequent code, right to the bottom of the file, ensuring the closing bracket is below the following line :

Hopefully this will help reduce your spam entries with your Sugar CRM lead forms!