Spamming in Public Message Board

[skyriders]

Hi this is my friend's website http://www.babysam.info/index.php

 

On the lower left corner on this page there's a light-a-candle script where the public can post their messages simply by clicking on Submit, nothing else required.  The big problem is spammers keep on bombarding it with viagra, cialis and stuff. :-\

 

Is there a code that filters out these text? Or do you have a suggestion? Hmm this is not my site, so the appearance and layout has to remain the same..

 

Thanks in advance for your help!!!

 

This is what I found in the source code of the page [javascript]

function validate_form_candle()

{

var ctr="";

if(document.form_candles.fname.value==""){ctr=ctr+"Insert First name\n";}

if(document.form_candles.lname.value==""){ctr=ctr+"Insert First name\n";}

if(document.form_candles.message.value==""){ctr=ctr+"Insert Message\n";}

 

}

[HuggieBear]

Search this forum for further details on CAPTCHA.

 

Regards

Huggie

[ToonMariner]

check the post to see if it contains a url - if so don't allow it to be processed. You will need a regular expression for this something like

 

<?php

$string = $_POST['message'];

if (preg_match('/(a href)|(www\.(.*)?\.)/',$string)
{
// url detected - don't process.
// maybe record ip address and ban it from entering site again.
}
else
{
// message ok write to database so it is included..
}

?>

 

Something like that - someone will be able to come up with a far more elegant and sopisticated regular expression for your needs though. CAPTCHA is an option but perhaps a little overkill for your needs.

[skyriders]

Captcha will help for automated entries, but it won't help for human-entries...

[HuggieBear]

The regular expression line maybe better like this...

 

if (preg_match('/(?:<a.*?href|www\.)/is',$string)

 

Regards

Huggie

[skyriders]

Haha thanks for the info guys, but how do I implement em. Well, hope this will help, i found in on the source code of the main page:

 

1. I guess this is the form

 

<td align="center"><form name="form_candles" method="post" onSubmit="return " action="validate.php?add=message">

<table cellpadding="0" cellspacing="2" border="0" class="candle-form">

<tr>

<td align="left"><strong class="candle-font">First Name:</strong></td>

</tr>

<tr>

<td><input type="text" name="fname"></td>

</tr>

<tr>

<td align="left"><strong class="candle-font">Last Name:</strong></td>

</tr>

<tr>

<td><input type="text" name="lname"></td>

</tr>

<tr>

<td align="left"><strong class="candle-font">Message:</strong></td>

</tr>

<tr>

<td><textarea name="message" rows="5" cols="10"></textarea></td>

</tr>

<tr>

<td align="center"><input type="submit" name="submit" value="submit" style="width:70px; cursor:hand; cursor:pointer;"></td>

</tr>

</table></form></td>

 

 

2. See up there the "candle-form" ?

 

I think it links here to the candle-form.js source is

function validate_form_candle()

{

var ctr="";

if(document.form_candles.fname.value==""){ctr=ctr+"Insert First name\n";}

if(document.form_candles.lname.value==""){ctr=ctr+"Insert First name\n";}

if(document.form_candles.message.value==""){ctr=ctr+"Insert Message\n";}

 

}

 

_________________________________________

 

Okay can anybody tell me how I can add this into the script??

 

<?php

 

$string = $_POST['message'];

 

if (preg_match('/(?:<a.*?href|www\.)/is',$string)

{

// url detected - don't process.

// maybe record ip address and ban it from entering site again.

}

else

{

// message ok write to database so it is included..

}

 

?>

 

[Azu]

You put it into the .php that processes the input.