R0CKY Posted July 3, 2011 Share Posted July 3, 2011 I'm using a now unsupported PHP download system that has a public front end where the visitor can send a message when a file download is broken. The problem is now I need some kind of anti spam measure to stop robots sending me rubbish through the form. Here's is a part of the php page.... //Send the mail if (isset($_GET['process'])) { if (!check_input($_POST, array('message'))) { smarty_error(lang('emptyfield')); } //Make sure the spam response is valid if ($_POST['spamcheck']=="recon") { } //Make sure the "from" address is valid if (!eregi('^[a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.([a-zA-Z]{2,4})$', $_POST['fromemail'])) { smarty_error(lang('emailinvalid')); } The //Make sure the spam response is valid part was inserted by me, but it is not working. The visitor can type anything he likes in the spamcheck form field and the form is still being accepted. Any hints, please? Thanks in advance. Quote Link to comment Share on other sites More sharing options...
EdwinPaul Posted July 3, 2011 Share Posted July 3, 2011 I'm using a now unsupported PHP download system that has a public front end where the visitor can send a message when a file download is broken. The problem is now I need some kind of anti spam measure to stop robots sending me rubbish through the form. Here's is a part of the php page.... //Send the mail if (isset($_GET['process'])) { if (!check_input($_POST, array('message'))) { smarty_error(lang('emptyfield')); } //Make sure the spam response is valid if ($_POST['spamcheck']=="recon") { } //Make sure the "from" address is valid if (!eregi('^[a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.([a-zA-Z]{2,4})$', $_POST['fromemail'])) { smarty_error(lang('emailinvalid')); } The //Make sure the spam response is valid part was inserted by me, but it is not working. The visitor can type anything he likes in the spamcheck form field and the form is still being accepted. Any hints, please? Thanks in advance. You didn't put an error-message after your checking. Try: //Make sure the spam response is valid if ($_POST['spamcheck']=="recon") { smarty_error(lang('spam')); // <-- you will have to add this in smarty-table } Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted July 3, 2011 Share Posted July 3, 2011 This isn't actually doing anything. There's no action specified if the condition is TRUE. if ($_POST['spamcheck']=="recon") { } Quote Link to comment Share on other sites More sharing options...
R0CKY Posted July 3, 2011 Author Share Posted July 3, 2011 @ Edwin, I'll add the text once I get it working, thanks. @ Pika, if true it continues through the code and sends the form data in an e-mail (isn't that how it works... unsure....)... I'll post the entire code for the page below so you can see... //Check if reporting is disabled if ($settings[0]['enable_report'] == 0) { smarty_error(lang('feature_disabled')); } //Get file info $file = $db->GetArray("SELECT * FROM ".$dbPrefix."files WHERE file_id = ".intval($_GET['id'])); if (count($file) == 0) { smarty_error(lang('file_exist')); } $file = $file[0]; //Send the mail if (isset($_GET['process'])) { if (!check_input($_POST, array('message'))) { smarty_error(lang('emptyfield')); } //Make sure the spam response is valid if ($_POST['spamcheck']=="recon") { } //Make sure the "from" address is valid if (!eregi('^[a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.([a-zA-Z]{2,4})$', $_POST['fromemail'])) { smarty_error(lang('emailinvalid')); } $usermessage = trim($_POST['message']); $message .="BROKEN DOWNLOAD REPORT FOR website.NET\n"; $message = $_POST['fromname'].' ('.$_SERVER['REMOTE_ADDR'].') has reported a broken link at '.$settings[0]['dbname'].".\n"; if (!empty($usermessage)) { // $message .= $_POST['fromname']." has included this message:\n"; $message .= $usermessage."\n\n"; } $message .= "File: ".$file['file_name']."\n"; $message .= "URL: ".$file['file_dlurl']."\n\n"; $message .= "Please visit the following link to view the file:\n"; $message .= $settings[0]['dburl'].'/index.php?act=view&id='.$_GET['id']."\n\n"; // $message.= "If you have verified that the link is broken, you may edit the download URL in the paFileDB admin center at ".$settings[0]['dburl']."/admin.php\n\n"; // $message .= "The IP address of the person who reported the broken link is: ".$_SERVER['REMOTE_ADDR']."\n\n"; $message .= "To report abuse of this feedback system, please visit ".$settings[0]['dburl']; $to = array(); $admins = $db->GetArray("SELECT user_username, user_email FROM ".$dbPrefix."users"); foreach ($admins as $a) { $to[] = array("name" => $a['user_username'], "address" => $a['user_email']); } pafiledb_mail($_POST['fromname'], $_POST['fromemail'], $to, 'Broken link reported at '.$settings[0]['dbname'], $message); smarty_redirect(lang('report_sent'), 'index.php?act=view&id='.$_GET['id']); } $smarty->assign('id', $_GET['id']); //Fetch the category info from the database // Generate the navbar. We're using the dropdown cache to save // system resources. $navbar = array(); $navbar[] = array('name' => lang('report_broken'), 'url' => ''); $navbar[] = array('name' => $file['file_name'], 'url' => '?act=view&id='.intval($_GET['id'])); $allcats = unserialize($settings[0]['dropdown']); $tempcat = $file['file_catid']; $templvl = -1; // 0 = start. We need to identify that this hasn't been set so -1 works for($x = count($allcats)-1; $x >= 0; $x--) { // Step #1 - Determine the level of the current category // and then work our way down. if ($templvl == -1 && $allcats[$x]['id'] == $tempcat) { $navbar[] = array('name' => $allcats[$x]['name'], 'url' => '?act=category&id='.$allcats[$x]['id']); $templvl = $allcats[$x]['sub']-1; } else if ($templvl != -1 && $allcats[$x]['sub'] == $templvl) { $navbar[] = array('name' => $allcats[$x]['name'], 'url' => '?act=category&id='.$allcats[$x]['id']); $templvl--; if ($templvl == -1) { break; } } } $navbar[] = array('name' => $settings[0]['dbname'], 'url' => ''); // And then we reverse it for paFileDB $navbar = array_reverse($navbar); $smarty->assign('navbar', $navbar); // We already handled the recursion so let's cheat and use it like a cache for the titlebar. $title = array(); foreach ($navbar as $c) { $title[] = $c['name']; } $smarty->assign('title', implode(' » ', $title)); ?> Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted July 3, 2011 Share Posted July 3, 2011 I should have said that the way the conditional is in the code, it doesn't matter what the result is, nothing happens. there's nothing to be executed if it evaluates to TRUE, nor is there an else{} for an evaluation of FALSE. Quote Link to comment Share on other sites More sharing options...
R0CKY Posted July 3, 2011 Author Share Posted July 3, 2011 Ah, okay so I changed it to this... //Make sure the spam response is valid if ($_POST['spamcheck']=="recon") { smarty_error(lang('emptyfield')); } So basically if it fails antispam check, it does the same thing as if there was an empty field and rejects the form. The thing is, I tried it, and it's working the opposite way, if the spam check passes, it is rejecting the form, and if the spam check fails, it is accepting the form! Sorry, I am not very good at this and am just trying to bluff my way through! thanks. Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted July 3, 2011 Share Posted July 3, 2011 Without knowing how you have the form set up, and what the value of $_POST['spamcheck'] is supposed to be, this is kind of a guess, but I'm assuming that the user either types 'recon' into a text field, or there's a checkbox that has the value 'recon'. If that's the case, change the comparison to != instead of == and see if that's what you're after. Quote Link to comment Share on other sites More sharing options...
R0CKY Posted July 3, 2011 Author Share Posted July 3, 2011 Yeh I am asking the user to type "recon" to verify they are human. I did the !+ thing and it worked, many thanks! Quote Link to comment Share on other sites More sharing options...
EdwinPaul Posted July 3, 2011 Share Posted July 3, 2011 Without knowing how you have the form set up, and what the value of $_POST['spamcheck'] is supposed to be, this is kind of a guess, but I'm assuming that the user either types 'recon' into a text field, or there's a checkbox that has the value 'recon'. If that's the case, change the comparison to != instead of == and see if that's what you're after. My mistake. I should have thought. :'( Quote Link to comment Share on other sites More sharing options...
R0CKY Posted July 3, 2011 Author Share Posted July 3, 2011 Thanks for your helps guys, it's great to finally have this sorted out. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.