DBookatay Posted January 6, 2008 Share Posted January 6, 2008 I have several forms on my site that submits data into my dB, and lately more and more "spammers" are attacking them, posting everything from cheap viagra to "increased manhood..." How can I edit my codes to prevent it from happening? <?php function formatText($inputName,$text)//checks a givin field to see if its empty, if so change color and print it out. { if ($_SERVER['REQUEST_METHOD']=="POST") { if(empty($_POST[$inputName])) { echo "<span class='redBold'>" . $text . "</span>"; $_SESSION['ispassed']=false; } else { echo $text; } } else echo $text; } if (isset($_POST['nmF'])){ $time = time(); if (is_uploaded_file ($_FILES['image']['tmp_name'])) {if (move_uploaded_file($_FILES['image']['tmp_name'], "images/Testimonials/" . $time . "{$_FILES['image']['name']}")) $i = $time.$_FILES['image']['name'];} $query = "INSERT INTO Testimonials SET nmF = '$nmF', nmL = '$nmL', add1 = '$add1', add2 = '$add2', salesman = '{$_POST['salesman']}', year = '$vehYear', make = '$vehMake', model = '$vehModel', pic = '$i', comments = '$comments', status = 'on', posted = NOW(), ip = '{$_POST['ip']}'"; } if ($result = mysql_query ($query)) {} else {echo mysql_error();} if ($nmF && $nmL && $add1 && $add2 && $vehYear && $vehMake && $vehModel && $comments) echo "<meta http-equiv=\"Refresh\" content=\"0; url=testimonials.php\">"; ?> Quote Link to comment Share on other sites More sharing options...
rab Posted January 6, 2008 Share Posted January 6, 2008 Implement a CAPTCHA system, http://www.captcha.net/. Quote Link to comment Share on other sites More sharing options...
revraz Posted January 6, 2008 Share Posted January 6, 2008 I prefer some type of validation keyword. Quote Link to comment Share on other sites More sharing options...
DBookatay Posted January 6, 2008 Author Share Posted January 6, 2008 I prefer some type of validation keyword. Would you mind explaining? Quote Link to comment Share on other sites More sharing options...
revraz Posted January 6, 2008 Share Posted January 6, 2008 On the page, have a sentence that says something like. "Hi there, welcome to the site" Then in your area where they submit the form, ask "What is the 2nd word in the sentence above" A bot won't know the answer, but a human will. Quote Link to comment Share on other sites More sharing options...
redarrow Posted January 6, 2008 Share Posted January 6, 2008 <?php session_start(); $strlength = rand(4,7); $captchastr = ""; for($i=1;$i<=$strlength;$i++) { $textornumber = rand(1,3); if($textornumber == 1) { $captchastr .= chr(rand(49,57)); } if($textornumber == 2) { $captchastr .= chr(rand(65,78)); } if($textornumber == 3) { $captchastr .= chr(rand(80,90)); } } $randcolR = rand(100,230); $randcolG = rand(100,230); $randcolB = rand(100,230); //initialize image $captcha is handle dimensions 200,50 $captcha = imageCreate(190,50); $backcolor = imageColorAllocate($captcha, $randcolR, $randcolG, $randcolB); $txtcolor = imageColorAllocate($captcha, ($randcolR - 60), ($randcolG - 60), ($randcolB - 60)); for($i=1;$i<=$strlength;$i++) { $clockorcounter = rand(1,2); if ($clockorcounter == 1) { $rotangle = rand(0,45); } if ($clockorcounter == 2) { $rotangle = rand(315,360); } //$i*25 spaces the characters 25 pixels apart imagettftext($captcha,rand(14,20),$rotangle,($i*25),30,$txtcolor,"/arial.ttf",substr($captchastr,($i-1),1)); } for($i=1; $i<=4;$i++) { imageellipse($captcha,rand(1,200),rand(1,50),rand(50,100),rand(12,25),$txtcolor); } for($i=1; $i<=4;$i++) { imageellipse($captcha,rand(1,200),rand(1,50),rand(50,100),rand(12,25),$backcolor); } //Send the headers (at last possible time) header('Content-type: image/png'); //Output the image as a PNG imagePNG($captcha); //Delete the image from memory imageDestroy($captcha); $_SESSION["captchastr"] = $captchastr; ?> <img src="captcha.php" alt="security image" /> Quote Link to comment Share on other sites More sharing options...
eRott Posted January 6, 2008 Share Posted January 6, 2008 There is a VERY simple and easy to use script --> HERE. <-- It works well, and the script is small. Quote Link to comment Share on other sites More sharing options...
Taorluath Posted January 7, 2008 Share Posted January 7, 2008 Another way to stop bots is using hidden fields. For example, you can have a text field named something arbitrary, like "Name". Then you use CSS to hide this field from normal people. Since people won't see it, they won't fill it out, but bots will still "see" it. Then you just filter out all the submissions that have the "Name" field filled out. Quote Link to comment Share on other sites More sharing options...
redarrow Posted January 7, 2008 Share Posted January 7, 2008 Taorluath that really silly way around bots ................ why not do it the correct way m8..... Quote Link to comment Share on other sites More sharing options...
Taorluath Posted January 7, 2008 Share Posted January 7, 2008 Well, I thought it was a rather "out-of-the-box" way to do it. Also, there hardly any coding required to use it, so maybe a newbie would find it easier. Quote Link to comment Share on other sites More sharing options...
PHPNewbie55 Posted January 7, 2008 Share Posted January 7, 2008 Yes CAPTCHA is the way to go... I just implemented the CAPTCHA method on one of my forms and it stopped the bots and spammers.... eRott posted a really good example of CAPTCHA.. wish I had seen that yesterday... LOL Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.