PDA

View Full Version : Form verification to stop Spam


cocoonfx
11-01-2008, 02:21 PM
Hello Chaps


I am starting to receive a lot of spam through the form i have on my website. I need to add a verification code to the form or add some script to my php verification.

Would it be best to create a database with random codes which the php calls and then the user has to enter these or are there any other simple php i can add?

I have attached my code:

domedia
11-02-2008, 12:56 AM
I think that and other CAPTCHA methods seem to be most effective.

edbr
11-03-2008, 01:13 AM
good tut and example for CAPTCHA http://frikk.tk/comments-273-03.15.06.htm

or
on one site i just use one small image of a number, and have a text box validated just for that 1 number. that works very well
if ($formval == "") {
echo "<h4>Please enter number in the anti spam box</h4>";

}
elseif ($formval != 127) {
echo "<h4>Please enter correct number in the anti spam box</h4>";

}

cocoonfx
12-27-2008, 11:52 AM
Hello chaps


I think i have pickled my brian with to much booze, but i can not think how to add the captcha code to my existing form. I am normally one for having a go myself but i can not get this to work.

I have already attached the my contact from and php in the first post. HELP :confused: :confused: :confused:

domedia
12-28-2008, 02:41 PM
Just add a a field and instruct the user to type in something in it. Then check for the value in that field just like you check the other values.

edbr
12-29-2008, 06:12 AM
try this' i haven't tested it so pls keep copy of your original
537

cocoonfx
12-29-2008, 08:12 AM
Hello Edbr

Thanks . i can see where i was going wrong i was placing all the captcha code at the top of the contact.php. However if you don't enter the code the email will still send.

Do i have to do something with the session start to allow cookies?

edbr
12-29-2008, 08:57 AM
no just delete or comment it out ,

cocoonfx
12-29-2008, 11:51 AM
All sort now it works.... thank you for pointing me in the right direction.

I need to update all my clients sites now :lol:

Here is how the php looked in the end:

<?php

if ($_SERVER["REQUEST_METHOD"] <> "POST")
die("You can only reach this page by posting from the html form");
session_start();

$capt = $_POST["captcha_input"];

$valid_ref1="http://www.web.co.uk/contact.html";
$valid_ref2="http://www.web.co.uk/contact.html";
$replyemail="email@email.co.uk";
function clean_input_4email($value, $check_all_patterns = true)
{
$patterns[0] = '/content-type:/';
$patterns[1] = '/to:/';
$patterns[2] = '/cc:/';
$patterns[3] = '/bcc:/';
if ($check_all_patterns)
{
$patterns[4] = '/\r/';
$patterns[5] = '/\n/';
$patterns[6] = '/%0a/';
$patterns[7] = '/%0d/';
}

//NOTE: can use str_ireplace as this is case insensitive but only available on PHP version 5.0.
return preg_replace($patterns, "", strtolower($value));

}

$name = clean_input_4email($_POST["name"]);
$email = clean_input_4email($_POST["email"]);
$thesubject = clean_input_4email($_POST["thesubject"]);
$themessage = clean_input_4email($_POST["themessage"], false);

if ($_POST["captcha_input"] != $_SESSION["pass"]) {

$error_msg='<p align="center"><strong>&nbsp;</strong></p>
<p align="center"><strong>SORRY ERROR - NOT SENT</strong>';
echo "<a href='javascript:history.back(1);'>Back to e mail form</a>";


}

elseif($name && $email && thesubject && themessage && $capt == $_SESSION["pass"]){


$success_sent_msg='<p align="center"><strong>&nbsp;</strong></p>
<p align="center"><strong>Your message has been successfully sent to us<br>
</strong> and we will reply as soon as possible.</p>
<p align="center">A copy of your query has been sent to you.</p>
<p align="center">Thank you for contacting us.</p>
<p align="center">Please <a href="http://www.web.co.uk">click here</a> to return</p>
<p align="center"><img src="http://www.web.co.uk/New.png"></a></p>';

$replymessage = "Hello $name

Thank you for your email.

I will endeavour to reply to you shortly.


Please DO NOT reply to this email.

Below is a copy of the message you submitted:
--------------------------------------------------
Subject: $thesubject
Query:
$themessage
--------------------------------------------------
Please visit again http://www.website.co.uk

Kind Regards
Cocoonfxmedia";

// email variable not set - load $valid_ref1 page
if (!isset($_POST['email']))
{
echo "<script language=\"JavaScript\"><!--\n ";
echo "top.location.href = \"$valid_ref1\"; \n// --></script>";
exit;
}

$ref_page=$_SERVER["HTTP_REFERER"];
$valid_referrer=0;
if($ref_page==$valid_ref1) $valid_referrer=1;
elseif($ref_page==$valid_ref2) $valid_referrer=1;
if(!$valid_referrer)
{
echo "<script language=\"JavaScript\"><!--\n alert(\"$error_msg\");\n";
echo "top.location.href = \"$valid_ref1\"; \n// --></script>";
exit;

}
$themessage = "name: $name \nQuery: $themessage";
mail("$replyemail",
"$thesubject",
"$themessage",
"From: $email\nReply-To: $email");
mail("$email",
"Receipt: $thesubject",
"$replymessage",
"From: $replyemail\nReply-To: $replyemail");
echo $success_sent_msg;

}else{

echo $error_msg;

}
?>

edbr
12-30-2008, 03:12 AM
good i wa so wrong saying no to the sessions i was thinking just of the if ($_SERVER["REQUEST_METHOD"] <> "POST")
die("You can only reach this page by posting from the html form");
part. it is sad you have to use captcha and i avoid it as long as i can but there does seem to be a big spam campaign going on principally tp russian addresses (?)

Flinth-design
08-23-2010, 10:56 PM
Hello,

I have downloaded the captcha.zip file from http://frikk.tk and it works.
Now I want to enter the "The Form.html" in my own bestelformulier.html form.
That also is a .php file.

Can I add 2 form actions in one form?

<form action="bestelformulier.php" method="post"> This is my onw form..

This is the captcha form which I want to enter in my form action above.

<form action="captcha.php" method="post">
<table class="bigone">
<tr>
<td align="center">
A message:
</td>
<td align="center">
<input type="text" maxlength="16" name="message" size="15">
</td>
</tr>
<tr>
<td align="center">
what text do you see<br />
in the black box <br />
<img src="captcha_image.php" />:
</td>
<td align="center">
<input type="text" name="captcha_input" size="15">
</td>
</tr>
<tr>
<td align="center" colspan="2">
<input type="submit" id="scratch_submit" value="Post Message">
</td>
</tr>
</table>
</form>

Please advise.. If I enter the submit button I want my form to check if the captcha code is ok, and then send the form to my e-mailadres given in the .php file from my form.

Thanks for your answer.

edbr
08-24-2010, 01:53 AM
no but you modify the mail sending script . Perhaps you could use some thing like this
if (!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/", $email)) {
echo "<h4>Invalid email address</h4>";
echo "<a href='javascript:history.back(1);'>Back</a>";
} elseif ($email == "") {
echo "<h4>you did not enter your e mail address</h4>";
echo "<a href='javascript:history.back(1);'>Back to e mail form</a>";
}
elseif ($_POST["captcha_input"] != $_SESSION["pass"]) {
echo "<h4>please enter the correct code in the anti spam box</h4>";
echo "<a href='javascript:history.back(1);'>Back to e mail form</a>";
}

/* Sends the mail and outputs the "Thank you" string if the mail is successfully sent, or the error string otherwise. */

elseif ( mail($recipient,$email,$message, $from)) {
echo "<h4>Thank you for sending email</h4>";
} else {
echo "<h4>Can't send email</h4>";
}

Flinth-design
08-24-2010, 05:29 AM
Ok, now I have entered your code into bestelformulier.php
In the bestelformulier.html my old code is <form action="bestelformulier.php" action ="post">

This is my code in bestelformulier.php
-----------------------------------------------------
<?php
if ($_POST['submit'] {
echo "Je bent vergeten iets te doen";
}

/* Subject and Email Variables */
$emailSubject = 'Bestelling kaartje';
$webMaster = 'info@flinth-design.nl';

/* Gathering Data Variables */
$ordernummerField = $_POST['ordernummer']
$naamField = $_POST['naam'];
$adresField = $_POST['adres'];
$postcodeField = $_POST['postcode'];
$woonplaatsField = $_POST['woonplaats'];
$telnoField = $_POST['telno'];
$emailField = $_POST['email'];
$kaartjeField = $_POST['kaartje'];
$aantalField = $_POST['aantal'];
$uitgerekendField = $_POST['uitgerekend'];
$naamkidsField = $_POST['naamkids'];
$jongenField = $_POST['jongen'];
$meisjeField = $_POST['meisje'];
$onbekendField = $_POST['onbekend'];
$trouwdatumField = $_POST['trouwdatum'];
$papierField = $_POST['papier'];
$enveloppenField = $_POST['enveloppen'];
$voorafField = $_POST['vooraf'];
$verzendkostenField = $_POST['verzendkosten'];
$tekstField = $_POST['tekst'];
$gevondenField = $_POST['gevonden'];
$akkoordField = $_POST['akkoord'];

$body = <<<EOD
<br><hr><br>
Ordernummer: $ordernummerField <br>
Naam: $naamField <br>
Adres: $adresField <br>
Postcode: $postcodeField <br>
Woonplaats: $woonplaatsField <br>
Telefoonnummer: $telnoField <br>
Email: $emailField <br>
Kaartje: $kaartjeField <br>
Aantal Kaartjes: $aantalField <br>
Uitrekendatum: $uitgerekendField <br>
Naam kind: $naamkidsField <br>
Jongen: $jongenField <br>
Meisje: $meisjeField <br>
Onbekend: $onbekendField <br>
Datum trouwen/adoptie/geboorte: $trouwdatumField <br>
Papiersoort: $papierField <br>
Soort enveloppen: $enveloppenField <br>
Enveloppen vooraf ontvangen: $voorafField <br>
Verzendkosten: $verzendkostenField <br>
Tekst: $tekstField <br>
Naam gevonden: $gevondenField <br>
EOD;
$headers = "From: $emailField\r\n";
$headers .= "Content-type: text/html\r\n";
$success = mail ($webMaster, $emailSubject, $body, $headers);
require_once 'capya.php'
askapache_captche ();
/* Results rendered as HTML */
$Resultaat = <<<EOD
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Bedankt</title>
</head>

<body>
<div>
<div align="left">Bedankt voor uw bestelling. Binnenkort ontvangt u de bevestiging samen met de factuur.</div><br />
<div align="left"><a href="

edbr
08-24-2010, 05:48 AM
$success = mail ($webMaster, $emailSubject, $body, $headers);is the part that send the mail so you could use an if condition on this . try
if ($_POST["captcha_input"] == $_SESSION["pass"]) {
$success = mail ($webMaster, $emailSubject, $body, $headers);
}

davidj
08-24-2010, 07:43 AM
use code tags

its a pain trying to read code like that