valoukh Posted May 26, 2008 Share Posted May 26, 2008 Hi all. I have a php guestbook on our website and recently we've been getting a lot of ridiculous spam messages! I'm looking for advice on preventing it. I've looked into using image verification but it's proving difficult to set up so until I manage to figure it out (unless someone knows of some easy code that works!) I'm trying to find a temporary solution. I've noticed that 99% of the spam messages contain URLs, so I thought an IF statement like "if comment doesn't contain "http"" might do the trick. I've tried stuff like this but can't seem to get it working: if not ($row['Comment'] =~ /http/) { if not ($row['Comment']) =~ /http/ { if not ($row['Comment'] =~ "http") { etc Any help is much appreciated, valoukh. Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted May 26, 2008 Share Posted May 26, 2008 if (stristr($row['Comment'], 'http')) { // http is in the string Quote Link to comment Share on other sites More sharing options...
valoukh Posted May 26, 2008 Author Share Posted May 26, 2008 Thank you. I want it so that it prints all records without 'http' in them so i've written: if not (stristr($row['Comment'], 'http')) { // http is in the string but I'm getting the error: Parse error: syntax error, unexpected T_STRING, expecting '(' in /home/l21denb/public_html/HTML/guestbook.php on line 155 Can't work out what's missing! Quote Link to comment Share on other sites More sharing options...
valoukh Posted May 26, 2008 Author Share Posted May 26, 2008 I suppose I could do "if it contains http then nothing, else something"? Quote Link to comment Share on other sites More sharing options...
valoukh Posted May 26, 2008 Author Share Posted May 26, 2008 that seems to work! http://www.denbygrace.com/HTML/guestbook.php Quote Link to comment Share on other sites More sharing options...
valoukh Posted May 26, 2008 Author Share Posted May 26, 2008 ah no, I just did a test message and its still printing URLs . Am I missing something? Quote Link to comment Share on other sites More sharing options...
Gighalen Posted May 26, 2008 Share Posted May 26, 2008 This is just an idea I have, and I'm going to write the example off the top of my head, but hopefully it will help. Essentially its a number verification system. Have this on your page inside the form where the user signs the guestbook. It generats a number from 1-100000 and saves it as a variable. It then asks the user to type the number in the textbox. $number = rand(1, 100000); echo "$number"; echo "<input type=\"hidden\" value=\"$number\" name=\"realnumber\">"; echo "<input type=\"text\" name=\"usernumber\">"; Here, the script compares the two numbers. If they match, it executes the guestbook script. If else, it well, doesnt. $number = $_POST['number']; $usernumber = $_POST['usernumber']; if($number == $usernumber){ execute guestbook script } else { echo "Incorrect Verification Code!"; } Crude example, but I hope it helps. Quote Link to comment Share on other sites More sharing options...
valoukh Posted May 26, 2008 Author Share Posted May 26, 2008 Thanks for the code! Seems to be working, although you can get around it by not entering anything! Do I need something like this? if not(empty($usernumber )) { if($number == $usernumber){ not sure of the syntax for the first IF Quote Link to comment Share on other sites More sharing options...
darkfreaks Posted May 26, 2008 Share Posted May 26, 2008 <?php if (!empty($usernumber )) { //code } if($number==$usernumber){ //code }?> Quote Link to comment Share on other sites More sharing options...
Gighalen Posted May 27, 2008 Share Posted May 27, 2008 Opps, my bad. And thank you darkfreaks. Quote Link to comment Share on other sites More sharing options...
valoukh Posted May 27, 2008 Author Share Posted May 27, 2008 I've put this: if (!empty($usernumber )) { echo "<style>body{font-size:12}</style>Incorrect Verification Code!"; } but it still works :S Quote Link to comment Share on other sites More sharing options...
valoukh Posted May 27, 2008 Author Share Posted May 27, 2008 Ah, seems to be working. I think it was because it was requesting POST from form "number" when it was called "realnumber". Working: http://www.denbygrace.com/HTML/guestbook.php Thanks everyone for your help! Quote Link to comment Share on other sites More sharing options...
jonsjava Posted May 27, 2008 Share Posted May 27, 2008 um..bad news. I just broke your security. go look at your site. Quote Link to comment Share on other sites More sharing options...
jonsjava Posted May 27, 2008 Share Posted May 27, 2008 let me explain further: using Spam-Me-Not(I'm not crazy about writing my own decimal codes for letters), I converted http://jonsjava.com to http://jonsjava.com so I could then just do this: <a href="http://jonsjava.com">Mysite</a>(example) so it would output the link to my site. Your site doesn't protect against people posting html. you fix that, and you'll have fixed most of your problem. Quote Link to comment Share on other sites More sharing options...
valoukh Posted May 27, 2008 Author Share Posted May 27, 2008 Thanks for your input! I've replied on the site; I'm going to monitor it today and tomorrow. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.