Jump to content

Recommended Posts

I am trying to get mathguard to work to stop bots from using my form. This is what my form looks like: http://www.newmedia.lincoln.ac.uk/jecgardner/entry/journal.php?id=5

 

If i fill in all the options except the maths question the comment still submits. The point of having this maths question is so if the user/bot cant figure out the answer then the comment wont submit. Please can someone tell me why the comment still submits?

 

This form works with 3 pages 1. comments page (journal.php) 2. process.php 3. ClassMathGuard.php - i am trying to link the three... If the user doesnt enter an email with the @ sign then the comment won't submit so this validation works. I just cant get the mathguard to work!?!?!? Please help!

 

Comment form:

<form method="post" action="../process.php" name="book" >
<p><input type="hidden" name="entry" id="entry" value="<?php echo $id; ?>" />
<input type="hidden" name="timestamp" id="timestamp" value="<?php echo $commenttimestamp; ?>">
<strong><label for="name">Name:</label></strong> <input type="text" name="name" id="name" size="25" /><br />
<strong><label for="email">E-mail:</label></strong> <input type="text" name="email" id="email" size="25" /><br />
<strong><label for="url">URL:</label></strong> <input type="text" name="url" id="url" size="25" value="http://" /><br />
<strong><label for="comment">Comment:</label></strong><br />
<textarea cols="25" rows="5" name="comment" id="comment"></textarea></p>
<? require("ClassMathGuard.php"); MathGuard::insertQuestion(); ?>
<input type='hidden' name='action' value='submit'/>
<p><input type="submit" name="submit_comment" id="submit_comment" value="Add Comment" class="input" onclick="nospam();"/>
</p>
</form>

 

process.php:

<?
/* first we need to require our MathGuard class */
require ("ClassMathGuard.php");
/* this condition checks the user input. Don't change the condition, just the body within the curly braces */
if (MathGuard :: checkResult($_REQUEST['mathguard_answer'], $_REQUEST['mathguard_code'])) {
echo ("Great !"); //insert your code that will be executed when user enters the correct answer
} else {
echo ("Bad answer, go back to school !"); //insert your code which tells the user he is spamming your website
die();
}
?>
<?php
if (isset($_POST['submit_comment'])) {

    if (empty($_POST['name']) || empty($_POST['email']) || empty($_POST['comment'])) {
        die("You have forgotten to fill in one of the required fields! Please make sure you submit a name, e-mail address and comment.");
    }

    $entry = htmlspecialchars(strip_tags($_POST['entry']));
    $timestamp = htmlspecialchars(strip_tags($_POST['timestamp']));
    $name = htmlspecialchars(strip_tags($_POST['name']));
    $email = htmlspecialchars(strip_tags($_POST['email']));
    $url = htmlspecialchars(strip_tags($_POST['url']));
    $comment = htmlspecialchars(strip_tags($_POST['comment']));
    $comment = nl2br($comment);

    if (!get_magic_quotes_gpc()) {
        $name = addslashes($name);
        $url = addslashes($url);
        $comment = addslashes($comment);
    }

    if (!eregi("^([_a-z0-9-]+)(\.[_a-z0-9-]+)*@([a-z0-9-]+)(\.[a-z0-9-]+)*(\.[a-z]{2,4})$", $email)) {
         die("The e-mail address you submitted does not appear to be valid. Please go back and correct it.");
    }

include "connect.php";

@ mysql_connect($server, $connect, $pass) or die(__LINE__. mysql_error());
@ mysql_select_db($database) or die(__LINE__. mysql_error());

    $result = mysql_query("INSERT INTO php_blog_comments (entry, timestamp, name, email, url, comment) VALUES ('$entry','$timestamp','$name','$email','$url','$comment')");

    header("Location: entry/journal.php?id=" . $entry);
}
else {
    die("Error: you cannot access this page directly.");
}
?>

 

ClassMathGuard.php:

<?
class MathGuard {

/** A main hashing function: concat of user's answer, hour and the additional prime number (default 37) */
function encode($input, $prime) {
	return md5($input.date("H").$prime);
}

/** This function generates the hash code from the two numbers 
 * @param $a 	first number
 * @param $b	second sumber
 * @param $prime	additional number to encode with
 * */
function generateCode($a, $b, $prime) {
	$code = MathGuard::encode($a + $b, $prime);
	return $code;
}

/** This function checks whether the answer and generated security code match 
 * @param $mathguard_answer		answer the user has entered
 * @param $mathguard_code		hashcode the mathguard has generated
 */
function checkResult($mathguard_answer, $mathguard_code, $prime = 37) {

//		echo("prime; $prime, $mathguard_answer");
	$result_encoded = MathGuard::encode($mathguard_answer, $prime);

	if ($result_encoded == $mathguard_code)
		return true;
	else
		return false;

}

/** this function inserts the two math term into your form, the parameter is optional */
function insertQuestion($prime = 37) { //default prime is 37, you can change it when specifying the different parameter
	$a = rand() % 10; // generates the random number
	$b = rand() % 10; // generates the random number
	$code = MathGuard :: generateCode($a, $b, $prime);
	echo ("<a href='http://www.codegravity.com/projects/mathguard'>MathGuard</a> security question: $a + $b =
			<input type='input' name='mathguard_answer' size='2'/><input type='hidden' name='mathguard_code' value='$code' />");

}

/** this function returns math expression into your form, the parameter is optional 
 * quite simmilar to insertQuestion, but returns the output as a text instead of echoing
 */
function returnQuestion($prime = 37) { //default prime is 37, you can change it when specifying the different parameter
	$a = rand() % 10; // generates the random number
	$b = rand() % 10; // generates the random number
	$code = MathGuard :: generateCode($a, $b, $prime);
	return ("<a href='http://www.codegravity.com/projects/mathguard'>MathGuard</a> security question: $a + $b =
			<input type='input' name='mathguard_answer' size='2'/><input type='hidden' name='mathguard_code' value='$code' />");

}

}
?>

Link to comment
https://forums.phpfreaks.com/topic/67902-mathguard-help-comment-form-spam-ahhhh/
Share on other sites

I have also tried adding this but it still doesnt work :(

 

if (empty($_POST['name']) || empty($_POST['email']) || empty($_POST['comment']) || empty($_POST['mathguard_answer'])) {

        die("You have forgotten to fill in one of the required fields! Please make sure you submit a name, e-mail address and comment.");

    } 

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.