hi,

I have been trying to stop spam being submitted via one of my forms. I have managed to filter out <a href=""> and [url] using the code below, checking 2 fields. I am using nms_formmail.pl to process the forms.


use CGI;
sub spam {
my $q = new CGI;
my $spamcheck = $q->param('lastname') || '';
my $comcheck = $q->param('address') || '';
my $corecheck = $q->param('core_products') || '';
my $urlcheck = $q->param('address') || '';
my $url2check = $q->param('core_products') || '';
if ($spamcheck ne '') {
print "Location: http://www.xxxxxxxxx.com/thankyou.asp\n\n";
exit;
}
elsif ($comcheck =~ /<(.|\n)*>/) {
print "Location: http://www.google.com/\n\n";
exit;
}
elsif ($corecheck =~ /<(.|\n)*>/) {
print "Location: http://www.google.com/\n\n";
exit;
}
elsif ($urlcheck =~ /[(.|\n)*]/) {
print "Location: http://www.google.com/\n\n";
exit;
}
elsif ($url2check =~ /[(.|\n)*]/) {
print "Location: http://www.google.com/\n\n";
exit;
}
}
spam();

I would also like to stop messages being sent if the postcode is over a certain length but i am seriously lacking perl scripting skills. Can anyone help please?

** EDIT ** A typical entry i get submitted for postcode is " postcode: sLGEEQUJUmPrioMeZR " i would like to filter out any entries that have 8 or more characters.

To limit input to, say, 8 digits/chars you should look up regexes. I am not near my O'reilly book until tomorrow but I shall try to send you a pointer ( a potential solution) if no-one has answered by then.

sorry I can't do it sooner.

bazz

OK, thihs is what I use for making sure that the entry is an 11 digit number.

\d means it looks for 0-9 only and the 11 means that it is to be an 11 char string.

so:

my $post_code = '12345678';

if ($postcode =~ /^\d{11}$/)
{
print qq( that's OK );
}
else
{
print qq ( wrong!! );
}


You can change the 11 to whatever length you like and of course you can change the \d to perhaps \w

bazz

this part of the sub spam make useless the rest of the code:

if ($spamcheck ne '') {
print "Location: http://www.xxxxxxxxx.com/thankyou.asp\n\n";
exit;
}

if $spamcheck is not '' the user is redirected, that means anytime when the field lastname is not empty the rest of the code is not executed.

another thing, don't redirect the user to google or other domain, is rude for the owner of the domain and annoying for inocent users. Some of your user can by mistake, don't pass this filter and are not spammers.

the solution for restricting length to 8 chars was already posted by Bazz, :)

regards

Sorry for not getting back sooner - i was away on holiday :)

Thanks Bazz, worked a treat.

this part of the sub spam make useless the rest of the code:

if ($spamcheck ne '') {
print "Location: http://www.xxxxxxxxx.com/thankyou.asp\n\n";
exit;
}

if $spamcheck is not '' the user is redirected, that means anytime when the field lastname is not empty the rest of the code is not executed.

another thing, don't redirect the user to google or other domain, is rude for the owner of the domain and annoying for inocent users. Some of your user can by mistake, don't pass this filter and are not spammers.

the solution for restricting length to 8 chars was already posted by Bazz, :)

regards

Thanks oesxyl for the heads up but this is intentional as i have a hidden input field within the form that only bots will see and fill in.

Point noted about the forward, thanks again.