Jump to content

not submiting form if containing www. or http:// preventing spam


Recommended Posts

I want a website to have a form that DOES NOT use captha but I get alot of spam.

I want to use a couple of methods that will not deter the user. My methods are

 

honeypot technique(hidden form)

and not submitting form if contain certain words.

 

 

 

I want to use is a hidden field that if a spam bot fills out it will  disregard the form the spam bot will think the form was submited but it will actually disappear into the abyss .

 

if the form contains www. or .com or http:// or armani,Pharmacy,Viagra... you get the idea . it will not submit the form but will still take you to the thank you page

As for the form is a hidden field

<input type="text" name="secret" style="display: none;">

or

<input type="hidden" name="secret" value="">

Then can do a check and take whatever action you desire, die,exit,redirect...up to you.

<?php
if(isset($_POST['secret']) && trim($_POST['secret']) !=''){
die();
}
?>

As for checking words or if is a url, this can be done so many ways and could even depend where and how you would like to check them.

 

Make a banned words list, could be a text file, database results or even a created array...possibly even in a function

Check if the word/characters exist using functions such as preg_match() , preg_match_all(), in_array()

Now take some sort of action to prevent them from doing something like redirect to the Thank You page as you said.

 

I'll write a simple form and script checking from a text file

<form action="" method="post">
  Name: <br><input type="text" name="name"><br>
  Message: <br><textarea cols="40" rows="5" name="message"></textarea><br>
  <input type="text" name="secret" style="display: none;">
  <input type="submit" value="Submit">
</form>

<?php
//check if post form was submitted
if(isset($_POST)){

//check if hidden value was used
if(isset($_POST['secret']) && trim($_POST['secret']) !=''){
die('Hidden value was used');
}

//implode all the post data and check against bad words in a text file
$my_bad_file = "bad.txt"; //make a new file and insert any bad items one per line, Phrases work as well
if(!file_exists($my_bad_file)){
die("Can't find $my_bad_file");
}

$check_content = implode(",", $_POST);
$bad_content_array = array_map('rtrim', file($my_bad_file));
                    foreach ($bad_content_array as $bad_content) {
                    $bad_content = strtolower($bad_content);
                        if (strpos(strtolower($check_content), $bad_content) !== false) {
                            die('Ban value was found');
                        }
                    }

echo $_POST['name'].": ".$_POST['message'];            
                    
}
?>
Edited by QuickOldCar

so how do you come up with that code?

 

 

//check if hidden value was used
if(isset($_POST['secret']) && trim($_POST['secret']) !=''){
die('Hidden value was used');
}

 

from this code I dont see how you got the word isset what does it do? and how did you get to know to use it here? and how does trim make it die? when i see the word trim i think its just going to cut some of the words and not all of them. and how do you know when to use !=" and all these brackets {}][.

is there a simple code to php like: if this contains this. do this. or check this depending on the answer do this or this....\

 

does that make any sense? im just trying to grasp the concept of php

from this code I dont see how you got the word isset what does it do? and how did you get to know to use it here?

 

The manual provides more information and examples:

http://php.net/isset

 

 

and how does trim make it die? when i see the word trim i think its just going to cut some of the words and not all of them. and how do you know when to use !=" and all these brackets {}][.

is there a simple code to php like: if this contains this. do this. or check this depending on the answer do this or this....\

 

The following manual page provides more information for trim():

http://php.net/manual/en/function.trim.php

 

Perhaps the following will answer your other questions:

http://php.net/manual/en/control-structures.if.php

There is a post named secret in the form which is hidden.

 

If the form is submitted by a normal person, since they do not see it in the actual form, there should never be anything passed through $_POST['secret']

Bots on the other hand try to fill in every value of a form usually, so $_POST['secret'] might have data.

 

isset() is checking if something "is set", in this case $_POST['secret']

 

trim() with no additional parameters will trim just whitespace

 

trim didn't make it die, because all my conditions were met, it executed my statement that had die()

 

I myself determined to use the != and check for blank, which is either "" or ''

The comparison operators are located here

 

curly braces are a wrap for a block of statements

 

Is hard to tell you everything about how to code php, is many tutorials on the net, books, or can refer to php.net

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.