Help
I have created a form so students ca apply for scholarship from my website. Every so often some go through my website and submit all the application without filling out the form. However last night someone fill out the script with lot of junk does this mean that my site is been hack and if so how can I prevent this from happening
need help with Web security
Moderator: General Moderators
-
manojsemwal1
- Forum Contributor
- Posts: 217
- Joined: Mon Jun 29, 2009 4:13 am
- Location: India
Re: need help with Web security
how to come to know that your site is hacked ?
the student form is open for every one or any userid and password is there.
the student form is open for every one or any userid and password is there.
Re: need help with Web security
No password ... I though about doing a registration and login to this part of the site but what would prevent someone from just registering some false identity... to this I would have to have access to all the student id and check against them... That I do know how to do... this seem like database job.
thanks
thanks
Re: need help with Web security
For the empty form problem, there are two routes: the first is to use javascript to check if all the fields have something in them when the form is submitted, and the second is to use php to check after the form has been submitted.
For the javascript, you just pop up an "alert" asking them to fill out the missing field. One common way is to do it on the "onclick" event of the submit button, returning "false" so that the form isn't submitted. Of course, you might also want to check the content of what's in the field to see if it's relevant (for example, more than just one letter or something).
Since it's simple to turn off javascript, you would also want to check the fields after the form is submitted. If something is missing, you send them back and display a message asking them to fill out the missing field(s). If you're nice, you re-fill in the fields that they did complete.
As for junk, it would be kind of a pain to create a filter to look for actual words, although I wouldn't be surprised if someone's already created one that you could just plug in. My experience is that nonsense is usually generated by a robot. Since you said you don't want to use registration, you could use a CAPTCHA system, or maybe even something simpler -- like a registration code that you gave them on a previous page.
For the javascript, you just pop up an "alert" asking them to fill out the missing field. One common way is to do it on the "onclick" event of the submit button, returning "false" so that the form isn't submitted. Of course, you might also want to check the content of what's in the field to see if it's relevant (for example, more than just one letter or something).
Since it's simple to turn off javascript, you would also want to check the fields after the form is submitted. If something is missing, you send them back and display a message asking them to fill out the missing field(s). If you're nice, you re-fill in the fields that they did complete.
As for junk, it would be kind of a pain to create a filter to look for actual words, although I wouldn't be surprised if someone's already created one that you could just plug in. My experience is that nonsense is usually generated by a robot. Since you said you don't want to use registration, you could use a CAPTCHA system, or maybe even something simpler -- like a registration code that you gave them on a previous page.