http://www.leedaviesracing.com/guestbook_sign.php
I've been playing around with setting up my own 'Captura' and
despite successfully getting it to run the script ok I'm still getting hit
by spam. Has anyone got any ideas? I cant understand with all the
conditional statements in run in the form fields plus the image to insert text from, spam is still
getting through. I can supply code no problem if necessary.
Thanks for any help
B
Spam what to do next?
Moderator: General Moderators
Hi ya,
Thanks for the reply. This is the code I'm using to enter the details. I know there are probably better ways but I'm only learning PHP for the last 6 months so be patient.
This is the captura code thats in a separate page under the root folder.
Thanks for the reply. This is the code I'm using to enter the details. I know there are probably better ways but I'm only learning PHP for the last 6 months so be patient.
Code: Select all
<?php //session start for captcha
session_start();
// Test whether the POST array has been set and makes certain
// variables are initialzed with no content.
$pattern = '/^\w[-.\w]*@([-a-z0-9]+\.)+[a-z]{2,4}$/i';
if ($_POST && array_key_exists('sendCom',$_POST)) {
$nomessage='';
$error=array();
$error_email=array();
$message='';
$GuestEmail= $_POST['GuestEmail'];
$trimmedGuestDetails = $_POST['GuestDetails'];
// Trim out white space and srtip out unwanted HTML
$trimmedLocation=trim(strip_tags($_POST['GuestLocation']));
// Check each field and build errors array if problems found
if (isset($_POST['GuestDetails']) && !empty($_POST['GuestDetails'])) {
$trimmedGuestDetails=trim(strip_tags($_POST['GuestDetails']));
}
else {
$nomessage = 'Message Required';
}
if (isset($_POST['GuestName']) && !empty($_POST['GuestName'])) {
$trimmedGuestName=trim(strip_tags($_POST['GuestName']));
}
else {
$error['GuestName'] = 'Name Required';
}
// run Captcha
if (md5($_POST['code']) != $_SESSION['key']) {
$error_code = 'Incorrect entry. Try again!';
}
// Removes HTTP:// or http:// and strips white space and unwanted html tags
$url = trim(strip_tags($_POST['GuestWebsite']));
if (strpos(strtolower($url), 'http://') ===0) {
$url = substr($url, 7);
}
if (empty($_POST['GuestEmail'])) {// validation of email if inserted otherwise ignore
} else {
if (!preg_match($pattern,$GuestEmail)) $error_email['invalid'] = 'ERROR! Your email address seems to be invalid. <br> It should be similar to the following: info@me.com';
}
}
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
if (!$nomessage && !$error) {
if (!$nomessage && !$error_email)
if (!$nomessage && !$error_code)
//if (!$nomessage && !$nospam)
{
// If no errors, send email
mail($to,$subject,$message,$headers); etc...
$insertSQL = sprintf("INSERT INTO guestbook (GuestName, GuestLocation, GuestDetails, GuestWebsite, GuestEmail, ip, GuestDate) VALUES (%s,%s, %s, %s, %s, '".$_SERVER['REMOTE_ADDR']."', CURDATE())",
GetSQLValueString("$trimmedGuestName", "text"),
GetSQLValueString("$trimmedLocation", "text"),
GetSQLValueString("$trimmedGuestDetails", "text"),
GetSQLValueString("$url", "text"),
GetSQLValueString($_POST['GuestEmail'], "text"));
mysql_select_db($database_davies, $davies);
$Result1 = mysql_query($insertSQL, $davies) or die(mysql_error());
$insertGoTo = "guestbook.php";
if (isset($_SERVER['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));
}}}?>Code: Select all
<?php
//Start the session so we can store what the code actually is.
session_start();
//Now lets use md5 to generate a totally random string eg f918f 4b8ead7cbbe96fa003abc32dec1
$md5 = md5(microtime() * mktime());
/*
We dont need a 32 character long string so we trim it down to 5 eg f918f of above
*/
$string = substr($md5,0,5);
/*
Now for the GD stuff, for ease of use lets create
the image from a background image.
*/
$captcha = imagecreatefrompng("image.png");
/*
Lets set the colours, the colour $line is used to generate lines.
Using a blue misty colours. The colour codes are in RGB
*/
$black = imagecolorallocate($captcha, 0, 0, 0);
$line = imagecolorallocate($captcha,233,239,239);
/*
Now to make it a little bit harder for any bots to break,
assuming they can break it so far. Lets add some lines
in (static lines) to attempt to make the bots life a little harder
*/
imageline($captcha,0,0,39,29,$line);
imageline($captcha,40,0,64,29,$line);
imageline($captcha,20,0,14,31,$line);
imageline($captcha,10,0,1,31,$line);
/*
Now for the all important writing of the randomly generated string to the image.
*/
imagestring($captcha, 5, 20, 10, $string, $black);
/*
Encrypt and store the key inside of a session
*/
$_SESSION['key'] = md5($string);
/*
Output the image
*/
header("Content-type: image/png");
imagepng($captcha);
?>Hi Aaron,Are you checking that the same form data hasn't already been submitted?
Only getting to reply to this now too!
I’m not sure I follow what you ask me. In the database usually the values are all ‘null’ which really baffles me as I have statements running to try and stop this. When I do get a run of similar email addresses showing up in the database or anything else I usually run something like
Code: Select all
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
if ($_POST['GuestEmail'] !== 'rgergerger')
if ($_POST['GuestEmail'] !== 'radtt@hotmail.com')
if ($_POST['GuestEmail'] !== 'jryfibofbvc')
if ($_POST['GuestEmail'] !== 'red@red.com')
if ($_POST['GuestEmail'] !== 'red%40red.com')
if ($_POST['GuestEmail'] !== 'dim@serbin.com')
if (!$nomessage && !$error) {
if (!$nomessage && !$error_email)
if (!$nomessage && !$error_code)Let me know more if you can.
Thanks a mil
-
nickvd
- DevNet Resident
- Posts: 1027
- Joined: Thu Mar 10, 2005 5:27 pm
- Location: Southern Ontario
- Contact:
I was having the same spam problem on my email contact form... the solution i used was not to use standard names for the input elements... the spam bots will search out any input fields named "name, email, contact, etc..." so i just changed the names to "input_1, input_2" etc... it stopped the spam cold...