Jump to content

Recommended Posts

I have several forms on my site that submits data into my dB, and lately more and more "spammers" are attacking them, posting everything from cheap viagra to "increased manhood..."

 

How can I edit my codes to prevent it from happening?

<?php 
function formatText($inputName,$text)//checks a givin field to see if its empty, if so change color and print it out. 
{
	if ($_SERVER['REQUEST_METHOD']=="POST")
      {
           if(empty($_POST[$inputName]))
           {
              echo "<span class='redBold'>" . $text . "</span>";  
              $_SESSION['ispassed']=false;  
           } 
              
           else
           {
              echo $text;
           } 
      }
      else echo $text; 
}


if (isset($_POST['nmF'])){

	$time = time();
	if (is_uploaded_file ($_FILES['image']['tmp_name'])) {if (move_uploaded_file($_FILES['image']['tmp_name'], "images/Testimonials/" . $time . "{$_FILES['image']['name']}")) $i = $time.$_FILES['image']['name'];}

	$query = "INSERT INTO Testimonials SET
		nmF = '$nmF',
		nmL = '$nmL',
		add1 = '$add1',
		add2 = '$add2',
		salesman = '{$_POST['salesman']}',
		year = '$vehYear',
		make = '$vehMake',
		model = '$vehModel',
		pic = '$i',
		comments = '$comments',
		status = 'on',
		posted = NOW(),
		ip = '{$_POST['ip']}'"; }
	if ($result = mysql_query ($query)) {} else {echo mysql_error();}
if ($nmF && $nmL && $add1 && $add2 && $vehYear && $vehMake && $vehModel && $comments) echo "<meta http-equiv=\"Refresh\" content=\"0; url=testimonials.php\">";
?>

On the page, have a sentence that says something like.

 

"Hi there, welcome to the site"

 

Then in your area where they submit the form, ask "What is the 2nd word in the sentence above"

 

A bot won't know the answer, but a human will.

<?php
session_start();
$strlength = rand(4,7);
$captchastr = "";
for($i=1;$i<=$strlength;$i++)
{
$textornumber = rand(1,3);
if($textornumber == 1)
{
$captchastr .= chr(rand(49,57));
}
if($textornumber == 2)
{
$captchastr .= chr(rand(65,78));
}
if($textornumber == 3)
{
$captchastr .= chr(rand(80,90));
}
}
$randcolR = rand(100,230);
$randcolG = rand(100,230);
$randcolB = rand(100,230);

//initialize image $captcha is handle dimensions 200,50
$captcha = imageCreate(190,50);
$backcolor = imageColorAllocate($captcha, $randcolR, $randcolG, $randcolB);

$txtcolor = imageColorAllocate($captcha, ($randcolR - 60), ($randcolG - 60), ($randcolB - 60));
for($i=1;$i<=$strlength;$i++)
{

$clockorcounter = rand(1,2);
if ($clockorcounter == 1)
{
$rotangle = rand(0,45);
}
if ($clockorcounter == 2)
{
$rotangle = rand(315,360);
}

//$i*25 spaces the characters 25 pixels apart
imagettftext($captcha,rand(14,20),$rotangle,($i*25),30,$txtcolor,"/arial.ttf",substr($captchastr,($i-1),1));
}
for($i=1; $i<=4;$i++)
{
imageellipse($captcha,rand(1,200),rand(1,50),rand(50,100),rand(12,25),$txtcolor);
}
for($i=1; $i<=4;$i++)
{
imageellipse($captcha,rand(1,200),rand(1,50),rand(50,100),rand(12,25),$backcolor);
}
//Send the headers (at last possible time)
header('Content-type: image/png');

//Output the image as a PNG
imagePNG($captcha);

//Delete the image from memory
imageDestroy($captcha);

$_SESSION["captchastr"] = $captchastr;
?>

 

<img src="captcha.php" alt="security image" />

Another way to stop bots is using hidden fields.

For example, you can have a text field named something arbitrary, like "Name".

Then you use CSS to hide this field from normal people. Since people won't see it, they won't fill it out, but bots will still "see" it.  Then you just filter out all the submissions that have the "Name" field filled out.

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.