[SOLVED] Form robots/bots disturbing me! How to prevent ?

[plodos]

<?php
include("dbconfig.php");

if(empty($_REQUEST['title']) && empty($_REQUEST['name']) && empty($_REQUEST['surname']) && 
empty($_POST['email']) && empty($_POST['country']) && empty($_POST['university']) && empty($_POST['university_dept']) &&
empty($_POST['phone']) && empty($_POST['committee']) && empty($_POST['research']) && empty($_POST['address']))
{
header("Location: /committee.html");
exit();
}
else {

	if(isset($_POST['Submit'])) {

	$title=trim(mysql_real_escape_string($_POST['title']));
	$name =trim(mysql_real_escape_string($_POST['name']));
	$surname = trim(mysql_real_escape_string($_POST['surname']));
	$email = trim(mysql_real_escape_string($_POST['email']));
	$country = trim(mysql_real_escape_string($_POST['country']));
	$university = trim(mysql_real_escape_string($_POST['university']));
	$university_dept = trim(mysql_real_escape_string($_POST['university_dept']));
	$phone=mysql_real_escape_string($_POST['phone']); 
	$fax = mysql_real_escape_string($_POST['fax']);
	$committee = trim(mysql_real_escape_string($_POST['committee']));
	$research = trim(mysql_real_escape_string($_POST['research']));
	$address = trim(mysql_real_escape_string($_POST['address']));
	$date = date("Y-m-d H:m:s");



	$sql = mysql_query("SELECT * FROM person WHERE email='$email'");
	if(mysql_num_rows($sql) < 1){

                 $add_person= mysql_query(" INSERT INTO person (title,fname,lname,email,country,university,university_dept,phone,fax,research_field,address,date,committee_no) VALUES ('$title','$name','$surname','$email','$country','$university','$university_dept','$phone','$fax','$research','$address','$date','$committee')  "); 

                 if($add_person)
                 {
                    if($committee=="1")
                    {
                    header("Location: /NaturalandAppliedSciences.php");
                    }
                    
                     if($committee=="2")
                    {
                    header("Location: /HealthandMedicalSciences.php");
                    }
                    
                     if($committee=="3")
                    {
                    header("Location: /HumanitiesandSocialSciences.php");
                    }
                 }
        }
        else
	{
		echo "<p>Error : The email address [$email] already exists in our database. Thank you for your registration.</p>";
	}
}
}
?>

that script is adding the from variables in the database.

but there are lots of fake records in my database.

im using javascript for form validation.

 

how can I prevent form bots?

 

country commitee  title variables coming from the combobox

others from textbox

 

for ex. entities

 	
name = bqnomuv  	
surname = bqnomuv  	
....and aothers....
emkoln@nxqsvs.com  	
MA  	
kpIzfkAVPJKuX  	
wtkuGsbQ  	
723235174  	
htdZUFcoeEkaWa  	
p2La3W  <a href=\"http://nriakpmproxe.com/\">nriak...  	
p2La3W  <a href=\"http://nriakpmproxe.com/\">nriak...  	
2009-01-02 19:01:18  	

[flyhoney]

A popular method to prevent bots is to use a CAPTCHA.  Recaptcha is a popular one.

 

You could also check the user agent data.  But that will only slightly help.

[GingerRobot]

1.) im using javascript for form validation.

 

Solely relying on javascript for form validation is always a bad idea. What about users who turn it off? You should always back up client side validation which may be done to improve the user experience with server side validation.

 

2.) To prevent bots, you could use a captcha. You'll find plenty of tutorials or existing scripts if you google. Alternatively, you could set a hidden field in your page. Users will never see it and thus wont fill it in. The majority of bots wouldn't realise it was hidden so will fill it in. You can then set up your script to only process the rest of the form if this field isn't filled in.

 

You could also check the user agent data.  But that will only slightly help.

 

Or probably not at all. I can't imagine too many bots being sent out with a spurious user agent being specified.

[revraz]

I prefer adding a unique phrase to my forms, like making them answer a simple question.

[plodos]

thnx for urgent reply

 

but form page has HTML extension, i cant use <?php ?> tags or captcha ???

 

[flyhoney]

Then adding a hidden form field might be the only way.

[plodos]

Then adding a hidden form field might be the only way.

 

can you explain? what will I carry with hidden field?

[revraz]

Then change it to a .php extension.

[flyhoney]

You add an empty hidden form field, and most likely the BOT will fill it with some value.  So check the form field in the PHP code for a value, and you know it was a bot.

 

But, it is probably better to hide the form field with CSS instead of making it type="hidden".

[plodos]

50% of website has HTML pages , if I change .html to .php it will take lots of time

 

at first I will try to put a hidden field :s if it is not work i try to use captcha

 

thnx for everything!

[revraz]

It won't take anytime at all.  Just change it to .php and then add whatever php code you want.  You don't have to recode any of the HTML.

 

50% of website has HTML pages , if I change .html to .php it will take lots of time

 

at first I will try to put a hidden field :s if it is not work i try to use captcha

 

thnx for everything!

[flyhoney]

I think he means he will need to update all links to the page.  That would be a big hassle.

[GingerRobot]

I think he means he will need to update all links to the page.  That would be a big hassle.

 

A simple mod-rewrite would prevent any problems.

[Altec]

*cough*

 

http://www.codegravity.com/projects/mathguard

 

I have a trimmed down file (40 lines versus his 200+), and if you want, I can post it so you don't have to register on his site.