Jump to content

Adding reCAPTCHA to php script

wads24

By wads24
in PHP Coding Help

 Share

Recommended Posts

wads24 Member

wads24

Posted
Posted

I have been getting a lot of bots spamming this script, and need to add captcha to it.  I am new to php and was wondering if someone would help me with this issue.  Below is the script, and I really would appreciate the help.

 

<?php 

include "admin/conf.php";
$setting1="SELECT * FROM ".$prefix."settings";
$setting2=mysql_query($setting1) or die("Sorry, Could not select sites table");
$setting=mysql_fetch_array($setting2);
include "lang/$setting[lang]/main.php";
print "<title>$lang_reg1</title>";
print "<link rel='stylesheet' href='skin/$setting[style]/style.css' type='text/css'>"; 
print "<body bgcolor='#FFFFFF'>";
print "<table cellpadding='0' cellspacing='0' align='center' class='outtable'><tr><td>";

/*-----------------
Bread
------------------*/
print "<br /><table><tr><td width='100%'><a href='index.php'>$setting[title]</a> > $lang_reg4</td></tr></table><br />";
/*-----------------
Bread End
------------------*/
print "<table cellpadding='0' cellspacing='0' align='center' width='100%'><tr><td valign='middle'><img src='skin/$setting[style]/images/pen.gif' style='vertical-align: middle;'></td>
<td valign='middle'>$lang_reg1</td></tr></table>";

print "<table cellspacing='0' cellpadding='0' width='100%' align='center'><tr>
<td><img src='skin/$setting[style]/images/cat_left_shadow.gif' style='vertical-align: middle;'></td>
<td><img src='skin/$setting[style]/images/cat_left.gif' style='vertical-align: middle;'></td>
<td class='tilecat' width='100%'><img src='skin/$setting[style]/images/tile_back.gif' style='vertical-align: middle;'></td>
<td><img src='skin/$setting[style]/images/cat_right.gif' style='vertical-align: middle;'></td><td><img src='skin/$setting[style]/images/cat_right_shadow.gif' style='vertical-align: middle;'></td>
</tr></table>";
print "<table cellspacing='0' cellpadding='0' width='100%' align='center'><tr>
<td class='shadowL'><img src='skin/$setting[style]/images/left_shadow.gif' style='vertical-align: middle;'></td>
<td width='100%'>";
print "<form name='topsite' action='source/reguser.php' method='post' onSubmit='return check_it();'>";
print "<table cellspacing='0' cellpadding='2' align='center' class='maintable'>";
print "<tr><td colspan='2' class='titlemedium' style='padding: 3px;' align='center'>$lang_reg4</td></tr>";
print "<tr><td class='tileshadow' colspan='2' align='center'><img src='skin/$setting[style]/images/spacer.gif' width='1' height='3' alt='' /></td></tr>";
print "<tr class='row5'><td nowrap valign='top'>$lang_reg5</td>";
print "<td><input type='text' name='topsiteuser' size='60'></td></tr>";
print "<tr class='row5'><td valign='top'>$lang_reg6</td>";
print "<td><input type='password' name='password' size='60'></td></tr>";
print "<tr class='row5'><td valign='top'>$lang_reg7</td>";
print "<td><input type='text' name='email' size='60'></td></tr>";
print "<tr class='row5'><td valign='top'>$lang_reg8</td>";
print "<td><input type='text' name='title' size='60'></td></tr>";
print "<tr class='row5'><td valign='top'>$lang_reg9</td>";
print "<td><input type='text' name='url' size='60' value=''></td></tr>";
print "<tr class='row5'><td valign='top'>$lang_reg10</td>";
print "<td><input type='text' name='button' size='60' value=''>  <a href=\"javascript:void(window.open('http://www.imageshack.us/iframe.php?txtcolor=111111&type=blank&size=30','','height=100,width=275,left=0,top=0,toolbar=0,scrollbars=0'))\" target=\"_self\"><font face=\"Arial\" size=\"1\">UPLOAD HERE</font></a></td></tr>";
$selects="SELECT * FROM ".$prefix."categories where 1";
$selects2=mysql_query($selects) or die("Sorry, Could not select");
$selects3=mysql_fetch_array($selects2);
if($selects3[iD]<1)
{print"";}else
{
print "<tr class='row5'><td valign='top'>$lang_reg11</td>";
$selectcategory="SELECT * FROM ".$prefix."categories";
$selectcategory2=mysql_query($selectcategory) or die("Sorry, Could not select category");
print "<td><select name='catname'>";
$selectcategory="SELECT * FROM ".$prefix."categories";
$selectcategory2=mysql_query($selectcategory) or die("Sorry, Could not select category");
while($selectcategory3=mysql_fetch_array($selectcategory2))
{print "<option>$selectcategory3[catname]</option>";}
print "</select></td></tr>";}
print "<tr class='row5'><td width='40%' valign='top'>$lang_reg13<br>$lang_reg12</td>";
print "<td width='60%' ><textarea name='description' rows='5' cols='50'></textarea></td></tr>";
print "</table><br /><br />";
print "</td>
<td class='shadowR'><img src='skin/$setting[style]/images/right_shadow.gif' style='vertical-align: middle;'></td>
</tr></table>";
print"<table cellspacing='0' cellpadding='0' width='100%' align='center'><tr>
<td><img src='skin/$setting[style]/images/mainfoot_left_shadow.gif' style='vertical-align: middle;'></td>
<td><img src='skin/$setting[style]/images/mainfoot_left.gif' style='vertical-align: middle;'></td>
<td class='footer' width='100%'><img src='skin/$setting[style]/images/mainfoot.gif' style='vertical-align: middle;'></td>
<td><img src='skin/$setting[style]/images/mainfoot_right.gif' style='vertical-align: middle;'></td><td><img src='skin/$setting[style]/images/mainfoot_right_shadow.gif' style='vertical-align: middle;'></td>
</tr></table><br />";

print "<table cellspacing='0' cellpadding='0' width='100%' align='center'><tr>
<td><img src='skin/$setting[style]/images/cat_left_shadow.gif' style='vertical-align: middle;'></td>
<td><img src='skin/$setting[style]/images/cat_left.gif' style='vertical-align: middle;'></td>
<td class='tilecat' width='100%'><img src='skin/$setting[style]/images/tile_back.gif' style='vertical-align: middle;'></td>
<td><img src='skin/$setting[style]/images/cat_right.gif' style='vertical-align: middle;'></td><td><img src='skin/$setting[style]/images/cat_right_shadow.gif' style='vertical-align: middle;'></td>
</tr></table>";
print "<table cellspacing='0' cellpadding='0' width='100%' align='center'><tr>
<td class='shadowL'><img src='skin/$setting[style]/images/left_shadow.gif' style='vertical-align: middle;'></td>
<td width='100%'>";
print "<table cellspacing='0' cellpadding='2' align='center' class='maintable'>";
print "<tr><td class='titlemedium' style='padding: 3px;' align='center'>$lang_rul</td></tr>"; 
print "<tr><td class='tileshadow' align='center'><img src='skin/$setting[style]/images/spacer.gif' width='1' height='3' alt='' /></td></tr>";
print "<tr class='row5'><td nowrap valign='top' align='center'><textarea cols='60' rows='10'>$setting[rules]</textarea></td></tr>";

Print"<tr><td class='subs' colspan='2' align='center'><input type='submit' name='submit' value='$lang_agree'></td></tr></table></form>";
print "</td>
<td class='shadowR'><img src='skin/$setting[style]/images/right_shadow.gif' style='vertical-align: middle;'></td>
</tr></table>";
print"<table cellspacing='0' cellpadding='0' width='100%' align='center'><tr>
<td><img src='skin/$setting[style]/images/mainfoot_left_shadow.gif' style='vertical-align: middle;'></td>
<td><img src='skin/$setting[style]/images/mainfoot_left.gif' style='vertical-align: middle;'></td>
<td class='footer' width='100%'><img src='skin/$setting[style]/images/mainfoot.gif' style='vertical-align: middle;'></td>
<td><img src='skin/$setting[style]/images/mainfoot_right.gif' style='vertical-align: middle;'></td><td><img src='skin/$setting[style]/images/mainfoot_right_shadow.gif' style='vertical-align: middle;'></td>
</tr></table><br />";

print "<table width='100%' border='0' cellspacing='0' cellpadding='0'>
<tr><td colspan='$cols' nowrap style='padding: 3px;' id='runtime' ><div><span><center>$setting[magic]</center></span></div></td></tr></table>";
print "</td></tr></table>";
?>

Link to comment
https://forums.phpfreaks.com/topic/238108-adding-recaptcha-to-php-script/
Share on other sites
.josh Advanced Member

.josh

Posted
Posted

Captchas are annoying and bad for UX, and you should avoid it unless you absolutely must use it.  Instead, look into using a honeypot and/or token/time system instead.  They are passive and do not require the user to jump through any hoops, and are very effective.

 

I'm sure you know how to google, but to summarize:

 

honeypot : basically you add a field to your form but use css to hide it from the user.  A bot doesn't know it's hidden so it fills it out.  In your validation script, you then check if it was filled out.  If it was, then count as spam and discard.

 

token system: Basically you generate a unique id and save it in a session var and also output it as a  hidden field value in your form.  When user submits form, check for the id and if it matches the session value. If it doesn't, count as spam and discard.

 

time system: Output a timestamp to hidden field in form (better if you encrypt it).  When form is submitted, compare hidden value to current timestamp.  If it is something ridiculously low like < 1s then count as spam, discard.  But you can go even higher, depending on how long you think it should take the average user to fill out the form.  This is not an exact science and not 100%, as a bot can simply time itself out to get around it.  But most bots don't, and even if they do, it's still effective, combined with the above methods (you can even combine this with the token system).

 

 

xyph Advanced Member

xyph

Posted
Posted

I've designed bots to submit forms. All of your solutions can be bypassed by a couple lines of code. The plus side is an attacker has to customize their bot to work for that specific form.

 

Then again, with $10 and http://decaptcher.com/client/ I can bypass 5000 CAPTCHAs.

 

Anti-spam is hard. My personal approach would probably involve giving each input a random name, and storing those names with their 'real' names in a session. This allows your form data to be decoded on the next page, and stops a bot from guessing what the form should contain. Randomize the order that your elements show up, confusing the bots further. Use an AJAX call to grab the labels you want for each form, and populate your form. Combine with a honeypot, and you're pretty much in reCAPTCHA territory without annoying the user.

 

The problem, though, is you're alienating users who don't allow server-side scripting.

.josh Advanced Member

.josh

Posted
Posted

I've designed bots to submit forms. All of your solutions can be bypassed by a couple lines of code. The plus side is an attacker has to customize their bot to work for that specific form.

 

Yes this is true.  If someone wants to specifically analyze a form and find which fields to avoid etc.. then sure, it is easy to handcode a spambot to get around that stuff.  But that kind of defeats the purpose of having a bot in the first place.  People who try and spam generally avoid trying to have to program bots for individual forms.  Doing those things once will go a long way in reducing spam from bots that try to parse generic or "standard" forms.  Changing your "rules" up on a fairly regular basis will make it go even further.  But there is no 100% solution no matter what you do.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.