...

View Full Version : Anti-Spam on a form?



littlemiss
11-14-2007, 01:05 PM
Hi, I am pretty new to PHP (I.E I suck at PHP) Anyway, i read a tutorial and i built a form, and I put session controls in it as an anti-spam method, But I have been getting spam through the form, can someone help me out and maybe explain was I should do to stop the spam, here is the basic code



<?php
session_start();
?>
<? include('header.php'); ?>
<!--start-->

<h


<!--- HTML OF FORM --->


<?php
} else {
error_reporting(0);
// initialize a variable to
// put any errors we encounter into an array
$errors = array();
// test to see if the form was actually
// posted from our form
$page = $_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];
if (!session_is_registered("SESSION")){
$errors[] = "Invalid form submission";
}
if (!ereg($page, $_SERVER['HTTP_REFERER']))
$errors[] = "Invalid referer\n";
// check to see if a name was entered
if (!$_POST['Name'])
// if not, add that error to our array
$errors[] = "Name is required";
// check to see if a subject was entered
if (!$_POST['email'])
// if not, add that error to our array
$errors[] = "Name is required";
if (!$_POST['phone'])
// if not, add that error to our array
$errors[] = "Subject is required";
// check to see if a message was entered
if (!$_POST['inquiry'])
// if not, add that error to our array
$errors[] = "An Enqury is required";
// if there are any errors, display them
if (count($errors)>0){
echo "<strong>ERROR:<br>\n";
foreach($errors as $err)
echo "$err<br>\n";
} else {
// no errors, so we build our message
$recipient = 'email';
$from = stripslashes($_POST['Name']);
$subject = "Inquiry Form ".stripslashes($_POST['subject']);
$msg = "Message from: $from\n\n Email: $email\n\n Phone Number: $phone\n \n Company: $company\n\n Enquiry\n".stripslashes($_POST['inquiry']);
$email = stripslashes($_POST['email']);
$phone = stripslashes($_POST['phone']);
$company = stripslashes($_POST['company']);
if (mail($recipient,$subject,$msg))
echo "Thanks for your message!";
else
echo "An unknown error occurred.";
}

ini_set("sendmail_from", " email ");
$recipient = 'email';
$subject = "Inquiry Form ".stripslashes($_POST['subject']);
$from = stripslashes($_POST['Name']);
$email = stripslashes($_POST['email']);
$company = stripslashes($_POST['company']);
$phone = stripslashes($_POST['phone']);
$msg = "Message from: $from\n\n Email: $email\n\n Phone Number: $phone\n \n Company: $company\n\n Enquiry\n".stripslashes($_POST['inquiry']);
if (mail($recipient, $subject, $msg))
echo nl2br("<b>Message Sent:</b>
To: $recipient
Subject: $subject
Message: $msg");
else
echo "Message failed to send";
}
?>


I took out the HTML and email addresses, any help would be great. I think it something simple and my brain is just not working today.

Thanks in advance.

mlseim
11-14-2007, 01:19 PM
Do you think the spam might be from an automatic spam robot,
or could the spam be from a real person hired to do spam?

That's what a lot of the middle-eastern countries are doing now ...
hiring people to actually go online and spam forms. They of course
can get past the "captcha" code boxes, and do everything a normal
person would do...

Not much you can do about it except don't have any forms on your site.

Just display a basic email address to a free Yahoo email account.
When that email address starts to get too much spam, open up
a new email account.

It's sort of sad that the internet is heading in the direction in which it's
going now ... but the spammers wouldn't be "spamming" if people didn't
actually buy their stuff.

littlemiss
11-14-2007, 01:23 PM
i am not sure where it is coming from. But I assume it must be actual people coz I have put in anti spam things, thats just annoying. Thanks for your help !

aedrin
11-14-2007, 05:08 PM
session controls

Session controls are worthless as an anti spam measure.

littlemiss
11-23-2007, 01:32 PM
then what is, give me some help please!

Ahri
11-23-2007, 04:26 PM
Session controls attempt to work around the "stateless" nature of HTTP.

Normally each HTTP request is individual; no 2 requests (ie. for your page) are connected, even if they come from the same user in the same minute.

A session is maintained by PHP to get around this; PHP gives the user of your site a cookie with a unique identifier or puts it in the GET request of pages if they're not accepting cookies -- which is why you may have seen "?PHPSESSID" in some requests. The unique identifier is 32 alphanumeric characters long.

What happens is that every time a user looks at your page, and you've told PHP it's part of the session by doing session_start(), PHP looks at the cookies supplied by the user and says "ah hah, this person is part of session X!" and therefore makes sure that the $_SESSION global array you have access to contains the appropriate variables for that session. Otherwise PHP might say "no cookie, right, you're now part of session Y!"

This system exists to maintain information such as "what username is this user logged in as?", but note that it's not exactly the most secure system in the world as if I'm the user with session Y and want to hijack session X, I just need to find out that 32 character string and tell the webserver (and therefore PHP) I'm part of that session.

Hope that helps instead of confusing.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum