DBookatay Posted January 6, 2008 Share Posted January 6, 2008 I have several forms on my site that submits data into my dB, and lately more and more "spammers" are attacking them, posting everything from cheap viagra to "increased manhood..." How can I edit my codes to prevent it from happening? <?php function formatText($inputName,$text)//checks a givin field to see if its empty, if so change color and print it out. { if ($_SERVER['REQUEST_METHOD']=="POST") { if(empty($_POST[$inputName])) { echo "<span class='redBold'>" . $text . "</span>"; $_SESSION['ispassed']=false; } else { echo $text; } } else echo $text; } if (isset($_POST['nmF'])){ $time = time(); if (is_uploaded_file ($_FILES['image']['tmp_name'])) {if (move_uploaded_file($_FILES['image']['tmp_name'], "images/Testimonials/" . $time . "{$_FILES['image']['name']}")) $i = $time.$_FILES['image']['name'];} $query = "INSERT INTO Testimonials SET nmF = '$nmF', nmL = '$nmL', add1 = '$add1', add2 = '$add2', salesman = '{$_POST['salesman']}', year = '$vehYear', make = '$vehMake', model = '$vehModel', pic = '$i', comments = '$comments', status = 'on', posted = NOW(), ip = '{$_POST['ip']}'"; } if ($result = mysql_query ($query)) {} else {echo mysql_error();} if ($nmF && $nmL && $add1 && $add2 && $vehYear && $vehMake && $vehModel && $comments) echo "<meta http-equiv=\"Refresh\" content=\"0; url=testimonials.php\">"; ?> Link to comment https://forums.phpfreaks.com/topic/84742-preventing-spammers-and-bots-from-submiting-my-forms/ Share on other sites More sharing options...
rab Posted January 6, 2008 Share Posted January 6, 2008 Implement a CAPTCHA system, http://www.captcha.net/. Link to comment https://forums.phpfreaks.com/topic/84742-preventing-spammers-and-bots-from-submiting-my-forms/#findComment-431853 Share on other sites More sharing options...
revraz Posted January 6, 2008 Share Posted January 6, 2008 I prefer some type of validation keyword. Link to comment https://forums.phpfreaks.com/topic/84742-preventing-spammers-and-bots-from-submiting-my-forms/#findComment-431867 Share on other sites More sharing options...
DBookatay Posted January 6, 2008 Author Share Posted January 6, 2008 I prefer some type of validation keyword. Would you mind explaining? Link to comment https://forums.phpfreaks.com/topic/84742-preventing-spammers-and-bots-from-submiting-my-forms/#findComment-431898 Share on other sites More sharing options...
revraz Posted January 6, 2008 Share Posted January 6, 2008 On the page, have a sentence that says something like. "Hi there, welcome to the site" Then in your area where they submit the form, ask "What is the 2nd word in the sentence above" A bot won't know the answer, but a human will. Link to comment https://forums.phpfreaks.com/topic/84742-preventing-spammers-and-bots-from-submiting-my-forms/#findComment-431899 Share on other sites More sharing options...
redarrow Posted January 6, 2008 Share Posted January 6, 2008 <?php session_start(); $strlength = rand(4,7); $captchastr = ""; for($i=1;$i<=$strlength;$i++) { $textornumber = rand(1,3); if($textornumber == 1) { $captchastr .= chr(rand(49,57)); } if($textornumber == 2) { $captchastr .= chr(rand(65,78)); } if($textornumber == 3) { $captchastr .= chr(rand(80,90)); } } $randcolR = rand(100,230); $randcolG = rand(100,230); $randcolB = rand(100,230); //initialize image $captcha is handle dimensions 200,50 $captcha = imageCreate(190,50); $backcolor = imageColorAllocate($captcha, $randcolR, $randcolG, $randcolB); $txtcolor = imageColorAllocate($captcha, ($randcolR - 60), ($randcolG - 60), ($randcolB - 60)); for($i=1;$i<=$strlength;$i++) { $clockorcounter = rand(1,2); if ($clockorcounter == 1) { $rotangle = rand(0,45); } if ($clockorcounter == 2) { $rotangle = rand(315,360); } //$i*25 spaces the characters 25 pixels apart imagettftext($captcha,rand(14,20),$rotangle,($i*25),30,$txtcolor,"/arial.ttf",substr($captchastr,($i-1),1)); } for($i=1; $i<=4;$i++) { imageellipse($captcha,rand(1,200),rand(1,50),rand(50,100),rand(12,25),$txtcolor); } for($i=1; $i<=4;$i++) { imageellipse($captcha,rand(1,200),rand(1,50),rand(50,100),rand(12,25),$backcolor); } //Send the headers (at last possible time) header('Content-type: image/png'); //Output the image as a PNG imagePNG($captcha); //Delete the image from memory imageDestroy($captcha); $_SESSION["captchastr"] = $captchastr; ?> <img src="captcha.php" alt="security image" /> Link to comment https://forums.phpfreaks.com/topic/84742-preventing-spammers-and-bots-from-submiting-my-forms/#findComment-431910 Share on other sites More sharing options...
eRott Posted January 6, 2008 Share Posted January 6, 2008 There is a VERY simple and easy to use script --> HERE. <-- It works well, and the script is small. Link to comment https://forums.phpfreaks.com/topic/84742-preventing-spammers-and-bots-from-submiting-my-forms/#findComment-432094 Share on other sites More sharing options...
Taorluath Posted January 7, 2008 Share Posted January 7, 2008 Another way to stop bots is using hidden fields. For example, you can have a text field named something arbitrary, like "Name". Then you use CSS to hide this field from normal people. Since people won't see it, they won't fill it out, but bots will still "see" it. Then you just filter out all the submissions that have the "Name" field filled out. Link to comment https://forums.phpfreaks.com/topic/84742-preventing-spammers-and-bots-from-submiting-my-forms/#findComment-432300 Share on other sites More sharing options...
redarrow Posted January 7, 2008 Share Posted January 7, 2008 Taorluath that really silly way around bots ................ why not do it the correct way m8..... Link to comment https://forums.phpfreaks.com/topic/84742-preventing-spammers-and-bots-from-submiting-my-forms/#findComment-432303 Share on other sites More sharing options...
Taorluath Posted January 7, 2008 Share Posted January 7, 2008 Well, I thought it was a rather "out-of-the-box" way to do it. Also, there hardly any coding required to use it, so maybe a newbie would find it easier. Link to comment https://forums.phpfreaks.com/topic/84742-preventing-spammers-and-bots-from-submiting-my-forms/#findComment-432885 Share on other sites More sharing options...
PHPNewbie55 Posted January 7, 2008 Share Posted January 7, 2008 Yes CAPTCHA is the way to go... I just implemented the CAPTCHA method on one of my forms and it stopped the bots and spammers.... eRott posted a really good example of CAPTCHA.. wish I had seen that yesterday... LOL Link to comment https://forums.phpfreaks.com/topic/84742-preventing-spammers-and-bots-from-submiting-my-forms/#findComment-432893 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.