foevah Posted September 4, 2007 Share Posted September 4, 2007 I am trying to get mathguard to work to stop bots from using my form. This is what my form looks like: http://www.newmedia.lincoln.ac.uk/jecgardner/entry/journal.php?id=5 If i fill in all the options except the maths question the comment still submits. The point of having this maths question is so if the user/bot cant figure out the answer then the comment wont submit. Please can someone tell me why the comment still submits? This form works with 3 pages 1. comments page (journal.php) 2. process.php 3. ClassMathGuard.php - i am trying to link the three... If the user doesnt enter an email with the @ sign then the comment won't submit so this validation works. I just cant get the mathguard to work!?!?!? Please help! Comment form: <form method="post" action="../process.php" name="book" > <p><input type="hidden" name="entry" id="entry" value="<?php echo $id; ?>" /> <input type="hidden" name="timestamp" id="timestamp" value="<?php echo $commenttimestamp; ?>"> <strong><label for="name">Name:</label></strong> <input type="text" name="name" id="name" size="25" /><br /> <strong><label for="email">E-mail:</label></strong> <input type="text" name="email" id="email" size="25" /><br /> <strong><label for="url">URL:</label></strong> <input type="text" name="url" id="url" size="25" value="http://" /><br /> <strong><label for="comment">Comment:</label></strong><br /> <textarea cols="25" rows="5" name="comment" id="comment"></textarea></p> <? require("ClassMathGuard.php"); MathGuard::insertQuestion(); ?> <input type='hidden' name='action' value='submit'/> <p><input type="submit" name="submit_comment" id="submit_comment" value="Add Comment" class="input" onclick="nospam();"/> </p> </form> process.php: <? /* first we need to require our MathGuard class */ require ("ClassMathGuard.php"); /* this condition checks the user input. Don't change the condition, just the body within the curly braces */ if (MathGuard :: checkResult($_REQUEST['mathguard_answer'], $_REQUEST['mathguard_code'])) { echo ("Great !"); //insert your code that will be executed when user enters the correct answer } else { echo ("Bad answer, go back to school !"); //insert your code which tells the user he is spamming your website die(); } ?> <?php if (isset($_POST['submit_comment'])) { if (empty($_POST['name']) || empty($_POST['email']) || empty($_POST['comment'])) { die("You have forgotten to fill in one of the required fields! Please make sure you submit a name, e-mail address and comment."); } $entry = htmlspecialchars(strip_tags($_POST['entry'])); $timestamp = htmlspecialchars(strip_tags($_POST['timestamp'])); $name = htmlspecialchars(strip_tags($_POST['name'])); $email = htmlspecialchars(strip_tags($_POST['email'])); $url = htmlspecialchars(strip_tags($_POST['url'])); $comment = htmlspecialchars(strip_tags($_POST['comment'])); $comment = nl2br($comment); if (!get_magic_quotes_gpc()) { $name = addslashes($name); $url = addslashes($url); $comment = addslashes($comment); } if (!eregi("^([_a-z0-9-]+)(\.[_a-z0-9-]+)*@([a-z0-9-]+)(\.[a-z0-9-]+)*(\.[a-z]{2,4})$", $email)) { die("The e-mail address you submitted does not appear to be valid. Please go back and correct it."); } include "connect.php"; @ mysql_connect($server, $connect, $pass) or die(__LINE__. mysql_error()); @ mysql_select_db($database) or die(__LINE__. mysql_error()); $result = mysql_query("INSERT INTO php_blog_comments (entry, timestamp, name, email, url, comment) VALUES ('$entry','$timestamp','$name','$email','$url','$comment')"); header("Location: entry/journal.php?id=" . $entry); } else { die("Error: you cannot access this page directly."); } ?> ClassMathGuard.php: <? class MathGuard { /** A main hashing function: concat of user's answer, hour and the additional prime number (default 37) */ function encode($input, $prime) { return md5($input.date("H").$prime); } /** This function generates the hash code from the two numbers * @param $a first number * @param $b second sumber * @param $prime additional number to encode with * */ function generateCode($a, $b, $prime) { $code = MathGuard::encode($a + $b, $prime); return $code; } /** This function checks whether the answer and generated security code match * @param $mathguard_answer answer the user has entered * @param $mathguard_code hashcode the mathguard has generated */ function checkResult($mathguard_answer, $mathguard_code, $prime = 37) { // echo("prime; $prime, $mathguard_answer"); $result_encoded = MathGuard::encode($mathguard_answer, $prime); if ($result_encoded == $mathguard_code) return true; else return false; } /** this function inserts the two math term into your form, the parameter is optional */ function insertQuestion($prime = 37) { //default prime is 37, you can change it when specifying the different parameter $a = rand() % 10; // generates the random number $b = rand() % 10; // generates the random number $code = MathGuard :: generateCode($a, $b, $prime); echo ("<a href='http://www.codegravity.com/projects/mathguard'>MathGuard</a> security question: $a + $b = <input type='input' name='mathguard_answer' size='2'/><input type='hidden' name='mathguard_code' value='$code' />"); } /** this function returns math expression into your form, the parameter is optional * quite simmilar to insertQuestion, but returns the output as a text instead of echoing */ function returnQuestion($prime = 37) { //default prime is 37, you can change it when specifying the different parameter $a = rand() % 10; // generates the random number $b = rand() % 10; // generates the random number $code = MathGuard :: generateCode($a, $b, $prime); return ("<a href='http://www.codegravity.com/projects/mathguard'>MathGuard</a> security question: $a + $b = <input type='input' name='mathguard_answer' size='2'/><input type='hidden' name='mathguard_code' value='$code' />"); } } ?> Link to comment https://forums.phpfreaks.com/topic/67902-mathguard-help-comment-form-spam-ahhhh/ Share on other sites More sharing options...
foevah Posted September 4, 2007 Author Share Posted September 4, 2007 I have also tried adding this but it still doesnt work if (empty($_POST['name']) || empty($_POST['email']) || empty($_POST['comment']) || empty($_POST['mathguard_answer'])) { die("You have forgotten to fill in one of the required fields! Please make sure you submit a name, e-mail address and comment."); } Link to comment https://forums.phpfreaks.com/topic/67902-mathguard-help-comment-form-spam-ahhhh/#findComment-341600 Share on other sites More sharing options...
foevah Posted September 6, 2007 Author Share Posted September 6, 2007 no answers? neither mathguard or captcha works on my comments form Link to comment https://forums.phpfreaks.com/topic/67902-mathguard-help-comment-form-spam-ahhhh/#findComment-343359 Share on other sites More sharing options...
foevah Posted September 11, 2007 Author Share Posted September 11, 2007 noone can help? Link to comment https://forums.phpfreaks.com/topic/67902-mathguard-help-comment-form-spam-ahhhh/#findComment-345887 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.