Chief Delphi

Chief Delphi (http://www.chiefdelphi.com/forums/index.php)
-   Website Design/Showcase (http://www.chiefdelphi.com/forums/forumdisplay.php?f=64)
-   -   Easiest way to block spam (http://www.chiefdelphi.com/forums/showthread.php?t=56821)

ThomasP 13-04-2007 19:30

Easiest way to block spam
 
Our guestbook has been attacked by spam bots quite a bit recently and I finally got around to stopping the spam with a neat little trick from the ASP.NET AJAX Control Toolkit that real users won't even notice (as long as they have Javascript enabled...)

PHP Code:

<?PHP
    
if($_POST['Bot'] == "Yes")
        echo 
'You're a botStop messing with my form!'
    else if($_POST['
Bot'] == "No")
        echo '
Hi ' . $_POST['name'] . '!'
?>
<form action="test.php" method="POST">
Name: <input type="text" name="name">
<input type="hidden" id="Bot" name="Bot" value="Yes">
<script type="text/javascript" language="javascript">
document.getElementById('
Bot').value = "No"
</script>
<input type="submit">
</form>

A lot of spam bots don't execute javascript so you are safe from them. For people that disable javascript, you can modify the above code to do something like...

PHP Code:

<form action="test.php" method="POST">
<?PHP
    
if($_POST['Bot'] == "Yes") {
?>
I'm not sure if you're a bot or not... what is five plus eight?<br />
<input type="text" name="HumanTest">
<input type="hidden" name="name" value="<? echo $_POST['name'?>">
<input type="submit">
<?
    
} else if($_POST['Bot'] == "No" || $_POST['HumanTest'] == "13" || $_POST['HumanTest'] = "thirteen") {
        echo 
'Hi ' $_POST['name'] . '!'
    
} else {
?>
Name: <input type="text" name="name">
<input type="hidden" id="Bot" name="Bot" value="Yes">
<script type="text/javascript" language="javascript">
document.getElementById('Bot').value = "No"
</script>
<input type="submit">
<? ?>
</form>

And that will allow regular people that have javascript enabled to not be bothered by proving they're human while also allowing for the occasional user that disables it.


Disclaimer: It has been a while since I've wrote any PHP so I can't guarantee any of that PHP code will work.

artdutra04 13-04-2007 22:31

Re: Easiest way to block spam
 
Quote:

Originally Posted by ThomasP (Post 616524)
Disclaimer: It has been a while since I've wrote any PHP so I can't guarantee any of that PHP code will work.

The code looks good so far, but I found an error in the second block of code. The changes I made are added in red: ;)
Code:

...
<input type="submit">
<?
    } else if($_POST['Bot'] == "No" || $_POST['HumanTest'] == "13" || strtolower($_POST['HumanTest'] == "thirteen")) {
        echo 'Hi ' . $_POST['name'] . '!'
    } else {
?>
Name: <input type="text" name="name">
...

This change fixes the single equals sign operator error, as well as added in a strtolower() command, so that if the user inputs Thirteen or tHirTeeN you know they still had the right answer.

ThomasP 14-04-2007 03:22

Re: Easiest way to block spam
 
Quote:

Originally Posted by artdutra04 (Post 616562)
The code looks good so far, but I found an error in the second block of code. The changes I made are added in red: ;)
Code:

...
<input type="submit">
<?
    } else if($_POST['Bot'] == "No" || $_POST['HumanTest'] == "13" || strtolower($_POST['HumanTest'] == "thirteen")) {
        echo 'Hi ' . $_POST['name'] . '!'
    } else {
?>
Name: <input type="text" name="name">
...

This change fixes the single equals sign operator error, as well as added in a strtolower() command, so that if the user inputs Thirteen or tHirTeeN you know they still had the right answer.

Thanks artdutra, I've been doing too much with VB.NET and SQL at work lately, I kept starting to type "OR" instead of "||" also but managed to catch all of those mistakes.

I was thinking about the spam blocking code a minute ago and think there may actually be a better way to do the thing...

PHP Code:

<html>
<body>
<?PHP
    
if((strtolower($_POST['Bot']) != "thirteen" && $_POST['Bot'] != "13"))
        echo 
"You're a bot! Stop messing with my form!";
    else
        echo 
'Hi ' $_POST['name'] . '!';
?>
<form action="test.php" method="POST">
Name: <input type="text" name="name">
<script type="text/javascript" language="javascript">
document.write('<input type="hidden" id="Bot" name="Bot" value="Yes">');
document.getElementById('Bot').value = "13";
</script>
<noscript>
  What is eight plus five? <input type="text" id="Bot" name="Bot" />
</noscript>
<input type="submit">
</form>
</body>
</html>

I also caught another error when I actually tested that before posting... I had used apostrophes in my PHP strings and had one in "You're", switched that string to quotation marks.


All times are GMT -5. The time now is 16:06.

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Copyright © Chief Delphi