simple guestbook antispam - I'm tearing my hair out! (ok rubbing the bald spot)

bettsy · February 17, 2015

Hi,

I know, I know I will feel so stupid asking....

Could someone please give me that light bulb moment? For the life of me I can't understand why this won't work...

A simple antibot verification.

Works without adding verification check..

html page:

<div style="margin-left:2px; margin-top:3px " class="onang3">your location</div>

<div style="margin-left:2px; margin-top:3px " class="antispam1"> Leave this empty:</div>

<div style="margin-left:2px; margin-top:3px " class="onang3">your message</div>

</span>

</div>

</button>

</span>

</button>

</span>

</div>

</form>

add php page:

<?php

header("Location: guestbook.html");

if(isset($_POST['url']) && $_POST['url'] == ''){

$$dbservertype='mysql';

$servername='localhost';

$dbusername='xxxx';

$dbpassword='xxxx';

$dbname='xxxxx';

connecttodb($servername,$dbname,$dbusername,$dbpassword);

function connecttodb($servername,$dbname,$dbuser,$dbpassword)

{

global $link;

$link=mysql_connect ("$servername","$dbuser","$dbpassword");

if(!$link){die("Could not connect to MySQL");}

mysql_select_db("$dbname",$link) or die ("could not open db".mysql_error());

}

$name = $_POST['name'];

$email = $_POST['email'];

$location = $_POST['location'];

$comment = $_POST['comment'];

$datetime=date("d-m-y"); //date time

$rt=mysql_query("insert into guestbook(name,email,location,comment,datetime) VALUES('$name','$email','$location','$comment','$datetime')");

echo mysql_error();

}

?>

Database and all is correct, works without "if" check

QuickOldCar · February 17, 2015

Is the antispam class hiding the url field?

Can also do this as type="hidden"

This will always be set when the form is submitted

if(isset($_POST['url']) && $_POST['url'] == ''){

You can trim it and check for it not being blank

if(isset($_POST['url']) && trim($_POST['url'] != '')){
die('spammer');
} else {
//do the insert
}

QuickOldCar · February 17, 2015

Here is something that can use to stop a lot of spammers

It uses ip's from stopforumspam database.

$ip = getenv('HTTP_CLIENT_IP')?:
getenv('HTTP_X_FORWARDED_FOR')?:
getenv('HTTP_X_FORWARDED')?:
getenv('HTTP_FORWARDED_FOR')?:
getenv('HTTP_FORWARDED')?:
getenv('REMOTE_ADDR');

if (strstr($ip, ', ')) {
    $ips = explode(', ', $ip);
    $ip = $ips[0];
}

$spam_ip = "http://api.stopforumspam.org/api?ip=".$ip;
$spamdata = @simplexml_load_file($spam_ip);
if ($spamdata) {
  
    $spamarray = array();
  
    $spamarray = json_decode(json_encode($spamdata), TRUE);
  
    //print_r($spamarray);
   if($spamarray['appears'] == "yes" ){
   die('spammer');
   }
}

grissom · February 17, 2015

I've not tested this so it could be completely wrong, but try putting value="" into your antispam field so it reads

This way you know the variable is set and is an empty string before the form is posted

Sign In

simple guestbook antispam - I'm tearing my hair out! (ok rubbing the bald spot)

Recommended Posts

bettsy

Link to comment

Share on other sites

QuickOldCar

Link to comment

Share on other sites

QuickOldCar

Link to comment

Share on other sites

grissom

Link to comment

Share on other sites

Archived

Browse

Activity

Important Information