austin350s10 Posted May 26, 2009 Share Posted May 26, 2009 Im sure other people have have this problem before. I have a form on my website that automatic from filling robots have been filling out and submitting. I guess by doing this the person in charge of the operation can somehow send out spam through my website. This is what I've been told anyway, not sure if its true or not. Anyway I don't want people using my website as a spam portal, so I am wondering if there is a way I can modify my existing PHP form script to filter out invalid characters. The one thing that i noticed is that the robots like to use characters like <>/?()[]{} and when there is a first name last name field they are filled out with the same name. I have tried to use SpryValidation to solve this problem but when it comes to text boxes there is no good way to remove unwanted characters. Below is an example of the HTML and the PHP code I am using. <form action="newletterForm.php" method="post"> <fieldset class="radius"> <legend>Receive Our Newletter</legend> <dl> <dt><label for="Fname">First Name:</label></dt><dd><span id="sprytextfield1"> <input type="text" name="Fname" id="Fname" tabindex="1" title="first name"/> <span class="textfieldRequiredMsg">Your first name is required.</span></span></dd> <dt><label for="Lname">Last Name:</label></dt><dd><span id="sprytextfield2"> <input type="text" name="Lname" id="Lname" tabindex="2" title="last name"/> <span class="textfieldRequiredMsg">Your last name is required.</span></span></dd> <dt><label for="email">Email:</label></dt><dd><span id="sprytextfield3"> <input type="text" name="email" id="email" tabindex="3" title="email address"/> <span class="textfieldRequiredMsg">A email address is required.</span><span class="textfieldInvalidFormatMsg">Invalid format.</span></span></dd> <dt><label for="occ">Occupation:</label></dt><dd><span id="sprytextfield4"> <input type="text" name="occ" id="occ" tabindex="4" title="type on your occupation"/> <span class="textfieldRequiredMsg">Please let us know your occupation.</span></span> <dt><label for="referral">How did you hear of us?</label> </dt><dd><span id="spryselect1"> <select name="referral" id="dub" title="referral source" tabindex = "5"> <option value="-1">--select one--</option> <option value="google">google</option> <option value="web_search">web search</option> <option value="email">email</option> <option value="news_paper">news paper</option> <option value="radio">radio</option> <option value="TV">TV</option> <option value="phone_book">phone book</option> <option value="van">our van</option> <option value="mail">personal mail</option> <option value="senior directory">senior directory</option> <option value="trade show">trade show</option> <option value="hospital directory">hospital directory</option> <option value="nurse">nurse</option> <option value="social worker">social worker</option> <option value="case manager">case manager</option> <option value="friend">friend</option> <option value="family member">family member</option> <option value="AHC Client">AHC Client</option> <option value="AHC employee">AHC employee</option> <option value="none">none of the above</option> </select> <span class="selectInvalidMsg">Please let us know how you heard of us.</span> <span class="selectRequiredMsg">Please select an item.</span></span> <div align="center"> <input name="submit" type="submit" value="Submit" /> </div> </fieldset> </form> <?php /*subject and email variables*/ $emailSubject = 'Newsletter Request'; $webMaster = '[email protected]'; /*gathering data variables*/ $FnameField = $_POST['Fname']; $LnameField = $_POST['Lname']; $emailField = $_POST['email']; $occField = $_POST['occ']; $referralField = $_POST['referral']; /*email field*/ $body = <<<EOD <br><hr><br> <h2>Send This Person Our Newsletter</h2> <h3>Also put them on our mailing list</h3> <hr> $Fname <br> $Lname <br> $email <br> $occ <br> $referral <br> EOD; /*email sender script*/ $headers = "From: $email\r\n"; $headers .= "Content-type: text/html\r\n"; $success = mail($webMaster, $emailSubject, $body, $headers); /*resultes*/ $theResults = <<<EOD <html> test </html> EOD; echo "$theResults"; ?> Link to comment https://forums.phpfreaks.com/topic/159695-form-filling-robots/ Share on other sites More sharing options...
kickstart Posted May 26, 2009 Share Posted May 26, 2009 Hi There is no simple solution. Anything can be bypassed with sufficient effort by the spammers. Captchas are one method. Can be bypassed but take a fair bit of effort. Tend to annoy people. You can add a question to the form, and validate the answer. Question can be simple, just so long as it changes to stop the bots from being able to just pick one value. Just something like "What is two plus three", "How many a's in Apple", etc, and the users select the answer from a drop down list. However bot could recognise anything in the background saying which question was asked and change it to one it is programmed to answer (so save the question id in a database table rather than on the form), and nothing to stop a bot just sending the form back once for each answer. You can change the form field names. Won't stop the spammers if they are determined but will make it more difficult to automate the responses. Send a time stamp with the form and if the response is too quick then you know it was a bot. Again won't stop them but does make it more difficult. The list goes on. All the best Keith Link to comment https://forums.phpfreaks.com/topic/159695-form-filling-robots/#findComment-842279 Share on other sites More sharing options...
austin350s10 Posted May 26, 2009 Author Share Posted May 26, 2009 Ok that Captcha is a really good idea. I found a great tutorial at http://www.webcheatsheet.com/PHP/create_captcha_protection.php but the way they set up the code just tells the user if they entered the wrong or the right code. I would like to make it work so when the user clicks the submit button it directs them to my mail handling PHP code. Im a total newbie at PHP but I think I found out what i need to change, but i just don't know how to do it. <?php //Continue the session session_start(); //Make sure that the input come from a posted form. Otherwise quit immediately if ($_SERVER["REQUEST_METHOD"] <> "POST") die("You can only reach this page by posting from the html form"); //Check if the security code and the session value are not blank //and if the input text matches the stored text if ( ($_REQUEST["txtCaptcha"] == $_SESSION["security_code"]) && (!empty($_REQUEST["txtCaptcha"]) && !empty($_SESSION["security_code"])) ) { echo "<h1>Test successful!</h1>"; } else { echo "<h1>Test failed! Try again!</h1>"; } ?> Where it says echo "<h1>Test successful!</h1>"; I think it should direct the program to open up a separate mail handling file I already have made. I tried echo "optout.php" but that just shows the user the string not the file. How do i fix this so that if the test is successful it will open a separate PHP file? Link to comment https://forums.phpfreaks.com/topic/159695-form-filling-robots/#findComment-842345 Share on other sites More sharing options...
kickstart Posted May 26, 2009 Share Posted May 26, 2009 Hi Try header('Location:optout.php'); . Note that this will only work if you have output NOTHING at all before the statement (not even a blank line outside the <?php ?> ). All the best Keith Link to comment https://forums.phpfreaks.com/topic/159695-form-filling-robots/#findComment-842348 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.