...

View Full Version : my contact form is getting spammed and javascript is being by passed :(



kevinkhan
05-24-2011, 09:09 PM
Hi guys. I have a contact form that looks like this


<form method="post" action="contact.html.php" onsubmit="return validateForm();">
<p id="errormsg"></p>
<p>
<label>First Name:</label>
<input type="text" id="firstName" name="firstName" value="" />
</p>
<p>
<label>Last Name:</label>
<input type="text" id="lastName" name="lastName" value="" />
</p>
<p>
<label>Email:</label>
<input type="text" id="email" name="email" value="" />

</p>
<p>
<label>Phone:</label>

<input type="text" id="mobile" name="mobile" value="" />

</p>
<p>
<label>Comments:</label>
<textarea name="comments" id="comment" cols="30" rows="3" ></textarea>
</p>

<p> <input class="submit" type="image" src="images/send.gif" name="submit" value="Submit" /></p>
</form>

and my javascript file is like this


var $j = jQuery.noConflict();
function isValidEmail(str)
{
var reg = /^([A-Za-z0-9_\-\.])+\@([A-Za-z0-9_\-\.])+\.([A-Za-z]{2,4})$/;
if(reg.test(str) == false) {
return false;
}
else
{
return true;
}
}

function validateForm(){
var firstName;
var lastName;
var email;
var mobile;
var comment;
var error;

firstName = $j('#firstName').val();
lastName = $j('#lastName').val();
email = $j('#email').val();
mobile = $j('#mobile').val();
comment = $j('#comment').val();
if(firstName=='' || firstName.length < 3){
error = 'Please enter your first name';
$j('#errormsg').html('<p class="errors">'+ error +'</p>');
return false;
}
if(lastName=='' || lastName.length < 3){
error = 'Please enter your last name';
$j('#errormsg').html('<p class="errors">'+ error +'</p>');
return false;
}
if(email=='' || !isValidEmail(email)){
error = 'Please enter your correct email address';
$j('#errormsg').html('<p class="errors">'+ error +'</p>');
return false;
}
//mob
//$jmob_pattern = '^\d{10}$j';
if(isNaN(mobile))
{
error = 'Please enter your correct phone number';
$j('#errormsg').html('<p class="errors">'+ error +'</p>');
return false;
}
else
{
if(mobile.length<7 || mobile.length>12)
{
error = 'Please enter your correct phone number';
$j('#errormsg').html('<p class="errors">'+ error +'</p>');
return false;
}
}




if(comment.length < 3){
error = 'Please Enter A Comment';
$j('#errormsg').html('<p class="errors">'+ error +'</p>');
return false;
}
return true;
}

how can i make a php file that will validate the user input the same way as my java script file is doing...

I also want to display a message if there is fields left out by user. so far this is my php file


<p id="errormsg">

<?php if(isset($_POST['submit']))
{
$firstName = $_POST['firstName'];
$lastName = $_POST['lastName'];
$email = $_POST['email'];
$mobile = $_POST['mobile'];
$comments = $_POST['comments'];

// initialize an array to hold our errors
$to = "";
$subject = "";
$body =

"\nName: " . $firstName . " " . $lastName .
"\nEmail: " . $email .
"\nPhone Number: " . $mobile .
"\nMessage: " . $comments;

$headers = "From: ". $firstName ." ". $lastName . " <" . $email . ">\r\n";


if (mail($to, $subject, $body, $headers)) {
echo("<p class=\"errors\">Thanks for submitting your enquiry.</p>");
}
else {
echo("<p class=\"errors\">Message delivery failed. Please fill in or Quick Contact Form again or call us on 087-9850714 to get immediate assistance.</p>");
}
}

?> </p>

can anybody help me create the correct php for this.. I know it might be a bit big of a job to do but hopefully someone can help. Thanks

angst
05-24-2011, 09:23 PM
your best just to use a 'Captcha' method to avoid these kinds of issues.

have a look at this, i'm sure you've seen these around; http://www.google.com/recaptcha/learnmore

bullant
05-25-2011, 01:59 AM
my contact form is getting spammed and javascript is being by passedThat's because the hacker is sending data directly to your form's action url contact.html.php, hence by-passing the javascript, and you can't stop that.

That is why javascript validation on its own is pretty much useless. You must have server side validation to have any chance of 100% protection from spam or any other malicious code. Just a captcha with no server side validation still leaves you vulnerable to spam and other attacks.

I would recommend adding some sort of captcha test to your form to hopefully stop data from non-humans (bots etc, not aliens :eek: ) being sent your php script and then at the top of your php script add validation code to validate all user inputs, similar to the way you have with your javascript. You can use regular expressions in php as well.

There are plenty of examples on the interweb on how to use regex's in php to validate common form user inputs.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum