Jami Posted August 4, 2007 Share Posted August 4, 2007 Hello, I thought I had the spammers shut out, but their back and running right through my php like it wasn't there. I just don't know enough code to secure my forms, please help! Here is an example of the JUNK getting through: generic viagra online pharmacy for sexual health <a href="http://query.nytimes.com/search/query?&query=site:pharmacy-deal.com&srchst=g">generic viagra</a> http://query.nytimes.com/search/query?&query=site:pharmacy-deal.com&srchst=g generic viagra generic viagra generic viagra <Street> <Street> Ottawa <State> <ZIP> Germany [email protected] 370927411318 Here is what I'm using for testing field data $errors = array(); if($_SERVER['REQUEST_METHOD'] == "POST"){$form_input = $_POST;}elseif($_SERVER['REQUEST_METHOD'] == "GET"){$form_input = $_GET;}else{exit;} // Remove leading whitespace from all values. function recursive_array_check(&$element_value) { if(!is_array($element_value)){$element_value = ltrim($element_value);} else { foreach($element_value as $key => $value){$element_value[$key] = recursive_array_check($value);} } return $element_value; } recursive_array_check($form_input); // Check referrer is from same site. if(!(isset($_SERVER['HTTP_REFERER']) && !empty($_SERVER['HTTP_REFERER']) && stristr($_SERVER['HTTP_REFERER'],$_SERVER['HTTP_HOST']))){$errors[] = "You must enable referrer logging to use the form";} // Strip HTML tags from all fields. function recursive_array_check2(&$element_value) { if(!is_array($element_value)){$element_value = strip_tags($element_value);} else { foreach($element_value as $key => $value){$element_value[$key] = recursive_array_check2($value);} } return $element_value; } recursive_array_check2($form_input); // Validate FirstName field. if(isset($form_input['FirstName']) && !empty($form_input['FirstName'])) { if(preg_match("`[\r\n]`",$form_input['FirstName'])){$errors[] = "You have submitted an invalid new line character";} if(preg_match("/[^a-z' -]/i",stripslashes($form_input['FirstName']))){$errors[] = "You have submitted an invalid character in the frist name field";} } // Validate LastName field. if(isset($form_input['LastName']) && !empty($form_input['LastName'])) { if(preg_match("`[\r\n]`",$form_input['LastName'])){$errors[] = "You have submitted an invalid new line character";} if(preg_match("/[^a-z' -]/i",stripslashes($form_input['FirstName']))){$errors[] = "You have submitted an invalid character in the last name field";} } // Validate Phone field. if(isset($form_input['Phone']) && !empty($form_input['Phone'])) { if(preg_match("`[\r\n]`",$form_input['Phone'])){$errors[] = "You have submitted an invalid new line character";} // if(preg_match("/[^a-z' -]/i",stripslashes($form_input['FirstName']))){$errors[] = "You have submitted an invalid character in the phone field";} } // Validate Street1 field. if(isset($form_input['Street1']) && !empty($form_input['Street1'])) { if(preg_match("`[\r\n]`",$form_input['Street1'])){$errors[] = "You have submitted an invalid new line character";} } // Validate Street2 field. if(isset($form_input['Street2']) && !empty($form_input['Street2'])) { if(preg_match("`[\r\n]`",$form_input['Street2'])){$errors[] = "You have submitted an invalid new line character";} } // Validate City field. if(isset($form_input['City']) && !empty($form_input['City'])) { if(preg_match("`[\r\n]`",$form_input['City'])){$errors[] = "You have submitted an invalid new line character";} } // Validate email field. if(isset($form_input['Email']) && !empty($form_input['Email'])) { if(preg_match("`[\r\n]`",$form_input['Email'])){$errors[] = "You have submitted an invalid new line character";} if(!preg_match('/^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-z]{2,4}$/i',$form_input['Email'])){$errors[] = "Email address is invalid";} } // Display any errors and exit if errors exist. if(count($errors)){foreach($errors as $value){print "$value<br>";} exit;} As far as I can tell they are not adding new recipients or blind copying, but I could be very wrong - I hope not. So that means they are just spamming us, which is still no good. Why isn't this php striping those <>?/|{[ html tags? And how can I be sure they are not using our forms to send out their spam to others? And why is safe guarding form-data so hard and confusing? Doing a search only brings up conflicting information and websites of discussions where no one agrees and no solutions are given. Oy! I need straight, simple answers - can anyone help me? Thanks Link to comment https://forums.phpfreaks.com/topic/63349-one-more-time-around-form-data-validation-please-help/ Share on other sites More sharing options...
Jami Posted August 4, 2007 Author Share Posted August 4, 2007 Oh, I am posting here, because the code I'm using is from a third party and I am not altogether sure how it works. But this might not be the proper place for this request - so please move it if it's placed wrong, and forgive me.... I'm new around here. The php version I am using is 4.3.10 but I can switch to 5. Link to comment https://forums.phpfreaks.com/topic/63349-one-more-time-around-form-data-validation-please-help/#findComment-315752 Share on other sites More sharing options...
tippy_102 Posted August 5, 2007 Share Posted August 5, 2007 I can't help you with preg_match - that's way over my head, but I have found the best way to get rid of the spambots is to add some form of captcha. Link to comment https://forums.phpfreaks.com/topic/63349-one-more-time-around-form-data-validation-please-help/#findComment-316308 Share on other sites More sharing options...
XeoWolf Posted August 6, 2007 Share Posted August 6, 2007 I just had to look it up, and for anyone else curious... http://en.wikipedia.org/wiki/Captcha I had to add something like this to my phpNews script and even though I still get some spam it cut out more than 90% of it. I guess some spammers get so desperate that they actually do it manually. By the way... Maybe this will help... http://tips-scripts.com/captcha Link to comment https://forums.phpfreaks.com/topic/63349-one-more-time-around-form-data-validation-please-help/#findComment-316648 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.