How to control SPAMMERS ?

[rockaclimba]

I have following script working for me - but this is being abused by few geeks with lot of porn links.
Can i put image verification code on this script ?
Can i control 2 submissions/ IP on this script ?
If any answer is yes-please help in simplest words as I donot know about this language. I am not from computer field.
------------------------------------------------------------------

<?php

  $sendto = "mymail@gmail.com";


  $ccto = "";

$report_errors = "NONE";


$setokurl = "2";

$okurls = "http://www.mysite.net,http://www.mysite.,00.00.00.000";


$footer = "<br><br><br><br><br><center><font face=\"Arial\"><a href=\"http://www.mysite.com/index.htm/\" target=\"_blank\"><font color=\"#ff0000\">If you want to SPAM US and think that it hurts me-Please try again</font></a> </center></font>";

$backbutton = "<br><br><b>Hit your browsers back button and resubmit the form.</b>";


if ($report_errors == "NONE") {
error_reporting(0);
}else{
error_reporting(E_ALL);
}


/* --- I F  S E T  O K  U R L  = 1  ----- */

if ($setokurl == "1"){

  $found_url = "1";
  $referer =$_SERVER["HTTP_REFERER"];
  $referer = str_replace("://", "[CS]", $referer);
  $referer_sp = explode("/", $referer);
  $referer = "$referer_sp[0]";
  $referer .= "/";
  $referer = str_replace("[CS]", "://", $referer);
  $referer = strtolower($referer);

  $okurls = split(",", $okurls);

foreach ($okurls as $myokurls) {

$myokurls = strtolower($myokurls);

    if ($referer == strtolower($myokurls)) {
      $found_url = "1";
      }

  }

  if ($found_url == "0") {
  $ERROR_action = "bad_okurl";
  include("$PATH_error$PAGE_error");
  }

}
/* --- E N D  I F  S E T  O K  U R L  = 1  --- */



/* check to see if posted */
if ($HTTP_GET_VARS || ! $HTTP_POST_VARS || $_GET || ! $_POST) {
include("nverror.php");
no_pst();

}else{


/* IF OLDER VERSION OF PHP CONVERT TO NEWER VARIABLES */
if (! $_POST) {
$_POST = "$HTTP_POST_VARS";
}

if (! $_SERVER) {
$_SERVER = "$HTTP_SERVER_VARS";
}


$year = date("Y");
$month = date("m");
$day = date("d");
$hour = date("h");
$min = date("i");
$tod = date("a");


$ip=$_SERVER["REMOTE_ADDR"];

$SEND_prnt = "The form below was submited by " . $_POST{"email"} . " from Ip address: $ip on $monthnameactual $month/$day/$year at $hour:$min $tod \n";
$SEND_prnt .= "-------------------------------------------------------------------------\n\n";


/* CHECK TO SEE IF $_POST{"required"} IS SET */
if ($_POST{"required"}){


  $post_required = $_POST{"required"};
  $required = split(",", $post_required);
  $reqnum = count($required);

for ($req=0; $req < $reqnum; $req++) {

$REQ_name = $required[$req];
$REQ_value = $POST{"$REQ_name"};


  if ($REQ_name == "email") {
    $goodem = ereg("^[^@ ]+@[^@ ]+\.[^@ \.]+$", $_POST{"email"}, $trashed);

        if (! $goodem) {
include("nverror.php");
msng_email();
        }  /* end ! $goodem */

  }
  elseif (! $_POST{"$REQ_name"}) {
$isreqe = "1";
$REQ_error .= "<li> $REQ_name ";
  } /* end ! req val */

          } /* end REQ for loop  */


                /* IF THERE ARE ANY REQUIRED FIELDS NOT FILLED IN */

if ($isreqe == "1") {
include("nverror.php");
msng_required();
}


} /* END CHECK TO SEE IF $_POST{"required"} IS SET */


/* END IF THERE ARE ANY REQUIRED FIELDS NOT FILLED IN */


/* GET POSTED VARIABLES */


foreach ($_POST as $NVPOST_name => $NVPOST_value) {

$NVPOST_value = str_replace("\n", "", $NVPOST_value);
$NVPOST_value = str_replace("\r", "", $NVPOST_value);

$NVPOST_value = preg_replace("'\cc:'si", "Cc ", $NVPOST_value);
$NVPOST_value = preg_replace("'\bcc:'si", "bcc ", $NVPOST_value);
$NVPOST_value = preg_replace("'\to:'si", "to ", $NVPOST_value);
$NVPOST_value = preg_replace("'\bc:'si", "bc ", $NVPOST_value);



if (strtolower($NVPOST_name) == "subject") {

$NVPOST_value = str_replace(":", ";", $NVPOST_value);
}


            /* G E T  E M A I L */
     
            if (strtolower($NVPOST_name) == "email") {
            $SEND_email = "$NVPOST_value";
    $SEND_email = str_replace(":", "", $SEND_email);
    $SEND_email = str_replace(" ", "", $SEND_email);
            }

            /* END GET LEADS EMAIL */

  if (! $_POST{"sort"}) {


                            /* CHECK TO SEE IF CONFIG FIELD */
                            if ($NVPOST_name == "subject" || $NVPOST_name == "sort" || $NVPOST_name == "required" || $NVPOST_name == "success_page"){}else{
                            $SEND_prnt .= "$NVPOST_name;  $NVPOST_value \n";
                            }
  } /* end ! sort */
 

} /* end foreach */


  /* END GET POSTED VARIABLES */




  if ($_POST{"sort"}) {

  /* SORT VARIABLES */

$sortvars = split(",", $_POST{"sort"});
$sortnum = count($sortvars);

              for ($num=0; $num < $sortnum; $num++) {
      $SEND_prnt .= "$sortvars[$num]: " . $_POST{"$sortvars[$num]"} . " \n";
      }

  }  /* END SORT VARIABLES */




/* send mail */


if (! $ccto) {
$header = "From: $SEND_email\r\nReply-to: $SEND_email";
}else{
$header = "From: $SEND_email\r\nReply-to: $SEND_email\r\nCc: $ccto";
}


mail($sendto, $_POST{"subject"}, $SEND_prnt, $header);

/* END sendmail */

    /* CHECK TO SEE IF FORM SPECIFYS A SUCCESS PAGE */
    if (! $_POST{"success_page"}) {

include("nverror.php");
default_success();

    }else{
    $successpage=$_POST{"success_page"};
    header("Location: $successpage");  /* redirect */ 
    exit;
    }



} /* END IF POSTED */


?>

[genericnumber1]

What you describe is possible, image verification would be a "CAPTCHA" and you would want to just save the IPs in a database.

Someone else might want to go through the script for you (more patience than me) but I'll just suggest looking at the tutorials on this site. Good luck! After you try to get it working you can post here again and we can help you with the bugs.

[rockaclimba]

generic !

Thanks a lot for such a quick reply. I do not know about databses and how to handle them..use them. I am a mountaineer  :'(

But I understand that I can solve this issue ...i do not know..this gut feeling after going through your lines ...may be withimage verification....we could control spamming.

I will wait...ya...with patience for someone to help me out.

Thanka again for your time...

rockaclimba

[PC Nerd]

um, the image verification you mentioned, doesnt necisarily need a ip address record to be saved.  i use this sort of verification on my website im building, so its stops automated scripts from logging in and doing harm, as you discribed.  ( this would only work, if this spam is being generated by an automated script, and no in person using copy and paste in messages)

heres the code for mine, although i have hand made the images using photoshop, so it would require some effort.  also, i use xampp for my server but in its administration there is sample code for an image generator, that create a picture using text imput from the user, ( so you could add random characters to the variable to make it possible ( its just an idea)).  i wont post the xampp script here, becauaswe i dont know about whether itll brech copyright, but if you donwload xampp, ( its only like 20 or 30 MB i think) you can check it for your self.

this is the code ive written

[code]

<?PHP
$num = rand(1,6);
echo "<img src = 'Graphics/Logins/B_A-Login_$num.gif' alt = 'Security Login' width = '70%' hight = '70%'>";
?>



[/code]
within that code, the images are saved wuth names such as "B_A-Login_1.gif" and the number increments, so the random mnumber variable just selects it like that.  good luch, and i hope that xampp suggestion works out....

[corbin]

[code]
$ips = array("127.0.0.1", "192.168.1.1", "some other ip");
if(!in_array($_SERVER['REMOTE_ADDR'], $ips))
{
die("incorrect IP!");
}
[/code]

If you placed that at the top of the script, with the IPs you wished to allow in $ips, then if the user's IP wasn't in the array the script would die.

[PC Nerd]

but by specifying specific IP address' those people with dynamic IP addresses changeing each time they connect, they wont be able to login or use the site. 

besides, if worst comes to worst, you could alwayz delete those users who are abusing the system, and theyre details, so like there em ail address cant be used to sign up anymore.  and then you might be able to write some code that searches the database for email addresses that are reasonabily similar to those that are blocked, and it would bring it to the administrators attention ( ie you , and you could manually see other stuff about that user, or block it or do as you see fit.  that might help to stop it.  but if its just an automated script doing the harm, you could either use the graphic verification login, or run a proper validation, like stripping speciall characters and replacing them, that way, any code that is entered into a field, will only be able to be displayed as text, and wont be able to do anhthing else.  or you could limit the text enrty character length, so that anything of a script sized character length enetered into the field, wont be accepted, and will be forced to enter the script many times, different bits in different fields, therefore stopping the full script from being entered an d being used on the server

hope this all helps

[rockaclimba]

Allmy hard work and HIT and TRIAL has led me to this script...

<?php
session_start();
define('CAPTCHA_PATH', $_SERVER['DOCUMENT_ROOT'].'/captcha/'); // Path to captcha
require_once(CAPTCHA_PATH.'captcha/captcha.php');
// Validation section

if(isset($_POST['captcha'])){
if(captcha_validate()){
print '';
}else{
print '<p>Failure! <br>You entered the wrong code! <br><a href="http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'].'">Here\'s another one to try!</a></p>';
}

// Form section   
}else{
print  '<div style="float: left;"><img id="mainimage" style="border: 1px solid #555;" src="http://'.$_SERVER['HTTP_HOST'].
$_SERVER['PHP_SELF'].'?image" width="140" height="90" alt="CAPTCHA image">'."\n".
        '<br>I can\'t read that image...<br>'."\n".
        '<a href="#" onclick="document.getElementById(\'mainimage\').src=\'http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'].'?image=\' + new Date; return false;">give me an easier one!</a>'."\n".
        '</div><form style="margin-top: 0; margin-bottom: 3px;" action="http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'].'" method="post">'."\n".
        '<input type="text" name="captcha" style="width: 100px; height: 24px; margin-top: 5px; border: 1px solid #555; margin-left: 10px; text-align: center;">'."\n".
        '<span style="color: red;">*</span> <i>case sensitive</i><br>'."\n".
        '<input type="submit" name="submit" value="try me" style="width: 100px; height: 24px; margin-left: 10px; margin-top: 5px;">'."\n".
        '</form><br><br><br><br>'."\n".
       
        '<div style="clear: both"><p> <a href="http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'].'?audio">CAPTCHA code in audio form</a>'."\n".
        ' (.wav file, typically 60kB)</div>'."\n";
}
$email = "myemail@yahoo.com";
$subject = "Contacting me";
$formheader = "My Form";
$formintro = "Use this form to contact me";
// ( 1 = True or ON / 0 = False or OFF )
$snopt = 0;
$adopt = 0;
$htopt = 0;
$wtopt = 0;
$ftopt = 0;
$mtopt = 0;
?>


But i succeeded in bringing image verification but data is not being sent to email ID .Can someone tell me how this script can be used?