...

View Full Version : Email form word verification error still attempts to Post



superstar
02-15-2007, 10:43 PM
Hello,

I have an email form on a website. There was a lot of spam email coming through so I put a "word verification" box in the form. At the end of the form, I created a regular text box and ask users to enter the word "happy" without quotes.

In the JavaScript, I have a simple IF statement checking to see if the value of the box is equal to the word "happy."

The JavaScript works for the most part. When the correct word is entered, it posts the email and arrives in my inbox shortly thereafter.

Unfortunately, when I enter the wrong word, the appropriate alert window pops up but it continues with the action and tries to post.

I would appreciate any help you could provide. I've posted the JavaScript and the form so you can see the general idea behind the page. I've deleted most of the form entries to conserve on code space. Thanks

superstar


====================================================

JavaScript

function checkPw() {

if (document.form.pw1.value!="happy") {
alert ("\nYou did not enter the word. Please type happy in the verification box.");
window.location.href=window.location.href
}
else
document.form.action = 'http://formmail.dreamhost.com/cgi-bin/formmail.cgi';
return true;
}



============================================

Form

<form name=form method="POST" align="center">
<font face="Arial, Helvetica, sans-serif">
<input type="hidden" name="recipient" value="siteadmin@sitename.com">
<input type="hidden" name="subject" value="Guestbook Response">
<input type="hidden" name="redirect" value="http://www.sitename.com/thanks.html">

<input type="hidden" name="env_report" value="REMOTE_HOST,HTTP_USER_AGENT">
</font>
<div align="center">
<center>
<table border="0" width="561">
<tr>
<td width="169" align="right"><font face="Arial, Helvetica, sans-serif">Please type happy in the box in order to send. (Spam filter)</font></td>
<td width="384">
<input type="text" name="pw1" size="10" tabindex="8">
</td>
</tr>

</table>
</center>

</div>
<center>
<p align="center"><font face="Arial, Helvetica, sans-serif">
<input type="submit" value="Send" name="B1" tabindex="10" onclick="checkPw();">
<input type="reset" value="Reset" name="B2" tabindex="11">
</font></p>
</center>
</form>

ess
02-16-2007, 12:46 AM
Hello there,

You should remove the following line and replace it with "return false;"


window.location.href=window.location.href

Also, although i can see that you are trying to force the user to use JavaScript, I am afraid it is very easy to bypass this (just add the line in the url and you will see what I mean) and as such, you should not rely on JavaScript submitting the form. So, I suggest that you remove it and add an action to the form.

document.form.action = 'http://formmail.dreamhost.com/cgi-bin/formmail.cgi';

Further more, I would change the submit buttom from

<input type="submit" value="Send" name="B1" tabindex="10" onclick="checkPw();">

to the following


<input type="submit" value="Send" name="B1" tabindex="10">

finally, I would add the following to the form declaration.


onsubmit="javascript: return checkPw();"

your form declaration should now be

<form name=form method="POST" action = "http://formmail.dreamhost.com/cgi-bin/formmail.cgi" align="center" onsubmit="javascript: return checkPw();">

Also, I just realized that you are using dreamhost. I believe that they support PHP and as such, you should be able to use the following captcha script as an alternative to using JavaScript. here is a website that provide an example of using captcha.
http://www.white-hat-web-design.co.uk/articles/php-captcha.php

Cheers,
Ess



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum