Jump to content

simple guestbook antispam - I'm tearing my hair out! (ok rubbing the bald spot)


bettsy

Recommended Posts

Hi,

I know, I know I will feel so stupid asking....

Could someone please give me that light bulb moment? For the life of me I can't understand why this won't work...

A simple antibot verification.

Works without adding verification check..

 

 

html page:

 

<div style="margin-left:2px; margin-top:5px " class="onang3">your name</div>

<div style="margin-left:0px; margin-top:1px " ><input type="text" class="input" name="name" style="width:180px; height:17px; border-style:solid; border-width:1px; background-color:#000000; border-color:#BE0A0B "/></div>

 

<div style="margin-left:2px; margin-top:3px " class="onang3">your location</div>

<div style="margin-left:0px; margin-top:1px " ><input type="text" class="input" name="location" style="width:180px; height:17px; border-style:solid; border-width:1px; background-color:#000000; border-color:#BE0A0B " /></div>

 

<div style="margin-left:2px; margin-top:3px " class="onang3">your e-mail</div>

<div style="margin-left:0px; margin-top:1px " ><input type="text" class="input" name="email" style="width:180px; height:17px; border-style:solid; border-width:1px; background-color:#000000; border-color:#BE0A0B " /></div>

 

<div style="margin-left:2px; margin-top:3px " class="antispam1"> Leave this empty:</div>

<div style="margin-left:0px; margin-top:1px " ><input class="antispam" type="text" name="url" style="width:180px; height:17px; border-style:solid; border-width:1px; background-color:#000000; border-color:#BE0A0B " /></div>

 

 

<div style="margin-left:2px; margin-top:3px " class="onang3">your message</div>

<div style="margin-left:0px; margin-top:1px " ><input type="text" class="input" name="comment" style="width:180px; height:65px; border-style:solid; border-width:1px; background-color:#000000; border-color:#BE0A0B " /></div>

<div style="margin-left:25px; margin-top:5px; margin-right:0px" class="red">

<div align="left"><span class="red" style="margin-left:10px; margin-top:5px; margin-right:0px">

</span>

</div>

 

<span class="onang1">

<button type="reset" style="border: 0; background: transparent">

<img src="images/reset.jpg" alt="reset" style="margin-right:19px "/>

</button>

</span>

<span class="onang1">

<button type="submit" style="border: 0; background: transparent">

<img src="images/submit.jpg" alt="submit" />

</button>

</span>

</div>

</form>

 

 

add php page:

 

<?php

 

 

 

 

header("Location: guestbook.html");

if(isset($_POST['url']) && $_POST['url'] == ''){

 

 

$$dbservertype='mysql';

$servername='localhost';

$dbusername='xxxx';

$dbpassword='xxxx';

$dbname='xxxxx';

 

connecttodb($servername,$dbname,$dbusername,$dbpassword);

function connecttodb($servername,$dbname,$dbuser,$dbpassword)

{

global $link;

$link=mysql_connect ("$servername","$dbuser","$dbpassword");

if(!$link){die("Could not connect to MySQL");}

mysql_select_db("$dbname",$link) or die ("could not open db".mysql_error());

}

 

 

 

 

 

$name = $_POST['name'];

$email = $_POST['email'];

$location = $_POST['location'];

$comment = $_POST['comment'];

$datetime=date("d-m-y"); //date time

 

$rt=mysql_query("insert into guestbook(name,email,location,comment,datetime) VALUES('$name','$email','$location','$comment','$datetime')");

echo mysql_error();

 

 

 

 

 

}

 

 

 

 

?>

 

 

Database and all is correct, works without "if" check

Is the antispam class hiding the url field?

Can also do this as type="hidden"

 

This will always be set when the form is submitted

if(isset($_POST['url']) && $_POST['url'] == ''){

 

You can trim it and check for it not being blank

if(isset($_POST['url']) && trim($_POST['url'] != '')){
die('spammer');
} else {
//do the insert
}

Here is something that can use to stop a lot of spammers

It uses ip's from stopforumspam database.

$ip = getenv('HTTP_CLIENT_IP')?:
getenv('HTTP_X_FORWARDED_FOR')?:
getenv('HTTP_X_FORWARDED')?:
getenv('HTTP_FORWARDED_FOR')?:
getenv('HTTP_FORWARDED')?:
getenv('REMOTE_ADDR');

if (strstr($ip, ', ')) {
    $ips = explode(', ', $ip);
    $ip = $ips[0];
}

$spam_ip = "http://api.stopforumspam.org/api?ip=".$ip;
$spamdata = @simplexml_load_file($spam_ip);
if ($spamdata) {
  
    $spamarray = array();
  
    $spamarray = json_decode(json_encode($spamdata), TRUE);
  
    //print_r($spamarray);
   if($spamarray['appears'] == "yes" ){
   die('spammer');
   }
}

I've not tested this so it could be completely wrong, but try putting value="" into your antispam field so it reads

 

<input class="antispam" type="text" name="url" style="width:180px; height:17px; border-style:solid; border-width:1px; background-color:#000000; border-color:#BE0A0B " value ="" />

 

This way you know the variable is set and is an empty string before the form is posted

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.