PDA

View Full Version : form validation


edbr
07-16-2007, 03:27 AM
I am getting a lot of bogus form submissions on one site (about 100 a day) I added a javascript validation which asks for a number to be added to a box, thinking it would eliminate robot submission but still they come. the required field gets though as 'unknown' . Any one got any ideas?

davidj
07-16-2007, 05:47 AM
so are the robots defeating your number validation? I am asuming your using PHP and the mail() function?

edbr
07-16-2007, 06:21 AM
yes. the validaton box Is a simple one I put an image with a number on it and in javascript made that number value required

davidj
07-16-2007, 06:47 AM
and the robots are defeating it?

how are they guessing the number? are you using letters and numbers and are you randomising these every time

edbr
07-16-2007, 07:14 AM
not randomised and just a number. it is not being read though ss the form either comes in as unknown or with a lot of links in it.

davidj
07-16-2007, 07:23 AM
have you tried submitting the form yourself without keying data

to see if your logic is correct

edbr
07-16-2007, 07:53 AM
yes. I realise it is a simole validatin but i thought it would beat robots.
http://www.archipelagodive.com/enquiry.html

Is it possible to defeat this if javascript is disabled?

davidj
07-16-2007, 08:24 AM
you need to do it in php

anyone can get round javascript

davidj
07-16-2007, 08:25 AM
my head was elsewhere

i never relised you were doing this using JS

edbr
07-16-2007, 08:35 AM
ok thanks. can I validate with a seperate from my mailing script? if i make the contact page php and add a function can i call that on submit?

davidj
07-16-2007, 08:40 AM
is your mail script perl

you could do the whole thing in PHP

edbr
07-16-2007, 09:06 AM
no it is php, i will look at adding a validation. would I need to have random images (and values) do you think or will '!= a number ' be enough do you think

davidj
07-16-2007, 09:10 AM
just use

rand(0,20000);

this will produce a random numeric between 0 - 20000

then just display it as an image and match it.

you could use 5 - 6 alpha's and create a random function

edbr
07-16-2007, 09:24 AM
that went so far over my head I didnt even feel it. lost me at 'display as an image ...............' I will check my books tonight, got a feeling I will be back though.

davidj
07-16-2007, 09:40 AM
http://www.devshed.com/c/a/PHP/Security-Images-in-PHP/

edbr
07-16-2007, 10:11 AM
Thanks I had a quick look I will have to check re gd library

domedia
07-18-2007, 09:24 PM
just an afterthought;
Spambots are not javascript enabled, so your 'form security' doesn't not even pertain to them.

I use the same type of captcha, asking user to repeat a word in an input field, but I'm having PHP authenticate the value.
so something like
if ($yourverificationfield!= 'yoursecretword') {
kicktheirbutts
}

edbr
07-19-2007, 12:51 AM
Thanks I re wrote the mail script and did the same using the same validation as the javascript. so as the error comes up directly rather than submitting and being rejected.
I will look at the link for captcha later but for the meantime it has stopped the bots.