AV1611 Posted May 13, 2007 Share Posted May 13, 2007 I have have several websites that use a simple mail form to send email to site admin. I noticed on of them is getting hit by a "bot" and spamming viagra ads to the site admin. How can I prevent this? Do I do one of those pictures with letters, which seems annoying to the visitor or is there a way in the code? if needed here is my php that processes the form... <<<snip>>> $to = "xxxx@xxxx.com"; // $name = $_POST['name']; $email = $_POST['email']; $subject = $_POST['subject']; $msg = $_POST['msg']; $sub = "Online Email Form"; $messub = "Subject: ".$subject."\r\n" ; $mesmsg .= "Message: ".$msg."\r\n" ; $mesname .= "Name: ".$name."\r\n" ; $mesemail .= "Email: ".$email."\r\n" ; $body=$messub.$mesname.$mesemail.$mesmsg; $headers = 'From: '. $name . "\r\n" . 'Reply-To: '. $email . "\r\n" . 'X-Mailer: PHP/' . phpversion(); if(empty($name) || empty($email) || empty($subject) || empty($msg)) { echo " <h3>You must fill in all the information.</h3>"; } elseif(!ereg("^[_a-zA-Z0-9-]+(.[_a-zA-Z0-9-]+)*@[a-zA-Z0-9-]+(.[a-zA-Z0-9-]+)*(.[a-zA-Z]{2,3})$",$email)){ print " <h3>You entered an invalid email address</h3>"; } else { mail($to, $sub, $body, $headers); print " <h3><center>Thanks, ".$name.", for contacting us...</center></h3>"; } <<<snip>>> Quote Link to comment https://forums.phpfreaks.com/topic/51187-solved-mail-form/ Share on other sites More sharing options...
chigley Posted May 13, 2007 Share Posted May 13, 2007 Your best bet is a CAPTCHA/Turner code. I made one myself a while back if you want to use it: index.php <?php // Begin the session to receive the code used from the image.php file session_start(); ?> <form action="action.php" method="post"> <img src="image.php" alt="Security Image" /><input type="text" id="code" name="code" /> <input type="submit" value="Submit" /> </form> action.php <?php // Start the session to check the codes session_start(); // Check the code if(($_SESSION['code'] == $_POST['code']) && (!empty($_SESSION['code'])) ) { echo "Code correct"; unset($_SESSION['code']); } else { echo "Code incorrect"; } ?> image.php <?php /*-----------------------------------------------------------*\ | **************** User Editable Variables ****************** | +-------------------------------------------------------------+ | $length -> the length of the string displayed on the image | | $chars -> the character range used in the string | | $fontsize -> the size of the font to be used in pixels | | $fontfile -> the TTF font file you want to be used | | $imagewidth -> the image width in pixels | | $imageheight -> the image height in pixels | | $textcolour -> comma separated RGB values of the text colour| | $noisetotal -> the number of noise pixels required | | $noisecolour -> RGB values of the noise colour | \*-----------------------------------------------------------*/ $length = 6; $chars = "ABCDEFGHJKLMNOPQRSTUVWXYZabcdefhkmnorstuvwx123456789"; $fontsize = 14; $fontfile = "mono.ttf"; $imagewidth = 45; $imageheight = 22; $textcolour = "0,0,0"; $noisetotal = 100; $noisecolour = "0,0,255"; /*------------------------------------------------------------*\ | ********************** Captcha Code ************************ | \*------------------------------------------------------------*/ // Start the session, to send the code used to other pages session_start(); // Reset the variables $code = ""; // Split the availiable character range into separate characters $chars = preg_split('//', $chars, -1, PREG_SPLIT_NO_EMPTY); // Choose $length number of random characters from the array $keys = array_rand($chars, $length); // Add each of the chosen characters to the $code array $codearr = array(); foreach($keys as $key => $value) { $value = $chars[$value]; array_push($codearr, $value); $code .= $value; } // Create the image // Begin to make the image using GD header ("Content-type: image/png"); $img = imagecreatetruecolor($imagewidth, $imageheight); // Define the colours $white = imagecolorallocate($img, 255, 255, 255); $colour = explode(",", $textcolour); $colour = imagecolorallocate($img, $colour[0], $colour[1], $colour[2]); $noise = explode(",", $noisecolour); $noise = imagecolorallocate($img, $noise[0], $noise[1], $noise[2]); // Add the data imagefill($img, 0, 0, $white); // Add the noise while($noisecount < $noisetotal) { $randomx = rand(0, imagesx($img)); $randomy = rand(0, imagesy($img)); imagesetpixel($img, $randomx, $randomy, $noise); $noisecount++; } // Calculate the angle to be used $angle = rand(-5, 5); if($angle < 0) { $y = $imageheight - 10; } else { $y = $imageheight; } imagettftext($img, $fontsize, $angle, 0, $y, $colour, $fontfile, $code); // Output the image imagepng($img); imagedestroy($img); // Send the session variable to the next page accessed to check if the code was correct $_SESSION['code'] = $code; ?> I hope you find that useful, Chigley Quote Link to comment https://forums.phpfreaks.com/topic/51187-solved-mail-form/#findComment-252032 Share on other sites More sharing options...
AV1611 Posted May 13, 2007 Author Share Posted May 13, 2007 So the graphic thingy is my only real choice then? :-\ (Thanks for the code...) Quote Link to comment https://forums.phpfreaks.com/topic/51187-solved-mail-form/#findComment-252037 Share on other sites More sharing options...
chigley Posted May 13, 2007 Share Posted May 13, 2007 Yeah unless you want to have a list of emails that are not allowed, I'd go with the image though if it was me. Quote Link to comment https://forums.phpfreaks.com/topic/51187-solved-mail-form/#findComment-252041 Share on other sites More sharing options...
AV1611 Posted May 14, 2007 Author Share Posted May 14, 2007 the script image.php above gives me this: dunno what to do... The image “http://xxx.com/image.php” cannot be displayed, because it contains errors. I have made no changes to it... Quote Link to comment https://forums.phpfreaks.com/topic/51187-solved-mail-form/#findComment-253028 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.