Configuring form with hidden antispam field
Posted: Sun May 04, 2008 9:55 am
Hi
I have a contact form script I like and have used in several places. It's simple and I understand what it does and I can add and require as many fields as I want easily - so inevitably it's been hit by the spammers.
I don't really want a captcha adding on to the page. What I would like to do is to add a honeypot type trap - so there is a text field hidden by CSS and if it gets filled in (such as by a bot filling in all fields) it rejects the submission.
The code works fine until the introduction of the section
I added the 'Thanks' so if anyone actually see it, they think it's gone through and there's no error messaging for them to see.
I've tried several variations on empty functions, but each time all I get is the blank white page, so something is breaking it but not so that it will hint why.
I've also tried with a second $nothanks type of thing earlier in the script, looking for any character in the field but same result.
Can anyone offer the correct syntax to make it work?
Thanks.
I have a contact form script I like and have used in several places. It's simple and I understand what it does and I can add and require as many fields as I want easily - so inevitably it's been hit by the spammers.
I don't really want a captcha adding on to the page. What I would like to do is to add a honeypot type trap - so there is a text field hidden by CSS and if it gets filled in (such as by a bot filling in all fields) it rejects the submission.
The code works fine until the introduction of the section
Code: Select all
<?php
}
}else if (empty($COMMENT2)) {
?>
<p>Thanks for your message</a></p>
I've tried several variations on empty functions, but each time all I get is the blank white page, so something is breaking it but not so that it will hint why.
I've also tried with a second $nothanks type of thing earlier in the script, looking for any character in the field but same result.
Can anyone offer the correct syntax to make it work?
Thanks.
Code: Select all
<?php
$to='My Name <web@mysite.co.uk>';
$messageSubject=$_POST['NAME']." : ".$_POST['REF'];
$confirmationSubject="My Name: ".$_POST['REF'];
$confirmationBody="Thank you for your email.\n\nI aim to reply to you within 24 hours.\n\nPlease see below for a copy of the information you supplied.\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\n";
$REF='';
$NAME='';
$EMAIL='';
$MESSAGE='';
$displayForm=true;
if ($_POST){
$REF=stripslashes($_POST['REF']);
$NAME=stripslashes($_POST['NAME']);
$EMAIL=stripslashes($_POST['EMAIL']);
$MESSAGE=stripslashes($_POST['MESSAGE']);
foreach ($_POST as $Field=>$Value)
$MsgBody .= "$Field: $Value\n\n";
$valid=eregi('^([0-9a-z]+[-._+&])*[0-9a-z]+@([-0-9a-z]+[.])+[a-z]{2,6}$',$EMAIL);
$nothanks=eregi("(\r|\n)(to:|from:|cc:|bcc:)",$MESSAGE);
if ($EMAIL && $MESSAGE && $valid && !$nothanks){
if (mail($to,$messageSubject,$MsgBody,'From: '.$EMAIL."\r\n")
&& mail($EMAIL,$confirmationSubject,$confirmationBody.$MsgBody,'From: '.$to."\r\n")){
$displayForm=false;
?>
<p>Thank you - your message was successfully sent.
A copy has also been sent to your email address</p>
<br />
<br />
</p>
<?php
echo '<p>','<em>'.htmlspecialchars($REF).'</em>','</p>';
echo '<p>','<em>'.htmlspecialchars($NAME).'</em>','</p>';
echo '<p>','<em>'.htmlspecialchars($EMAIL).'</em>','</p>';
echo '<p>','<em>'.htmlspecialchars($MESSAGE).'</em>','</p>';
}else{
?>
<p>
Sorry, something went wrong when the server tried to send your message<br />
<br />
This is usually due to a server error, and is probably not your fault<br />
<br />
Please try again in a few minutes, or drop me an email at <a href="mailto:mail@mysite.co.uk">mailto:mail@mysite</a></p>
<?php
}
}else if ($nothanks){
?>
<p><strong>
Your message contained email headers within the message body.<br />
<br />
This seems to be a spam attempt and the message has not been sent.</strong></p>
<p>If you believe this to be an error, then please drop me an email at <a href="mailto:web@mysite.co.uk">web@mysite.co.uk</a></p>
//Here's the section with a problem
<?php
}
}else if (empty($COMMENT2)) {
?>
<p>Thanks for your message</a></p>
//End problem section
<?php
}
}else{
?>
<p><strong>
Sorry, your message could not be sent<br />
<br />
</strong>You must include both a valid email address and a message</p><?php
}
}
if ($displayForm){
?>
<form action="contact.php" method="post">
// Form HTML goes here
// Includes 'hidden' text box, as below
<tr>
<td>
<div align="left">
<label for="COMMENT2">Comment 2</label>
<br />
<input type="text" name="COMMENT2" class="textboxh" />
</div></td></tr>
// End form HTML
</form>
<?php
}
?>