Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 6 of 6
  1. #1
    New Coder
    Join Date
    Aug 2007
    Posts
    66
    Thanks
    2
    Thanked 0 Times in 0 Posts

    Anti-Spam on a form?

    Hi, I am pretty new to PHP (I.E I suck at PHP) Anyway, i read a tutorial and i built a form, and I put session controls in it as an anti-spam method, But I have been getting spam through the form, can someone help me out and maybe explain was I should do to stop the spam, here is the basic code

    Code:
    <?php
    session_start();
    ?>
    <? include('header.php'); ?>
    <!--start-->
    
    <h
    
    
    <!--- HTML OF FORM --->
    
    
    <?php
       } else {
          error_reporting(0);
    // initialize a variable to 
       // put any errors we encounter into an array
       $errors = array();
       // test to see if the form was actually 
       // posted from our form
       $page = $_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];
    	if (!session_is_registered("SESSION")){
       $errors[] = "Invalid form submission";
    	}
       if (!ereg($page, $_SERVER['HTTP_REFERER']))
          $errors[] = "Invalid referer\n";
       // check to see if a name was entered
       if (!$_POST['Name'])
          // if not, add that error to our array
          $errors[] = "Name is required";
       // check to see if a subject was entered
       if (!$_POST['email'])
          // if not, add that error to our array
          $errors[] = "Name is required";
       if (!$_POST['phone'])
          // if not, add that error to our array
          $errors[] = "Subject is required";
       // check to see if a message was entered
       if (!$_POST['inquiry'])
          // if not, add that error to our array
          $errors[] = "An Enqury is required";
       // if there are any errors, display them
       if (count($errors)>0){
          echo "<strong>ERROR:<br>\n";
          foreach($errors as $err)
            echo "$err<br>\n";
       } else {
          // no errors, so we build our message
          $recipient = 'email';
          $from = stripslashes($_POST['Name']);
          $subject = "Inquiry Form  ".stripslashes($_POST['subject']);
                $msg = "Message from: $from\n\n Email: $email\n\n Phone Number: $phone\n \n Company: $company\n\n Enquiry\n".stripslashes($_POST['inquiry']);
    	$email = stripslashes($_POST['email']);
    	$phone = stripslashes($_POST['phone']);
    	$company = stripslashes($_POST['company']);
          if (mail($recipient,$subject,$msg))
             echo "Thanks for your message!";
          else
             echo "An unknown error occurred.";
       }
       
    	ini_set("sendmail_from", " email ");
          $recipient = 'email';
                $subject = "Inquiry Form  ".stripslashes($_POST['subject']);
          $from = stripslashes($_POST['Name']);
    		$email = stripslashes($_POST['email']);
    	$company = stripslashes($_POST['company']);
    	$phone = stripslashes($_POST['phone']);
          $msg = "Message from: $from\n\n Email: $email\n\n Phone Number: $phone\n \n Company: $company\n\n Enquiry\n".stripslashes($_POST['inquiry']);
          if (mail($recipient, $subject, $msg))
             echo nl2br("<b>Message Sent:</b>
             To: $recipient
             Subject: $subject
             Message: $msg");
          else
             echo "Message failed to send";
    }
    ?>
    I took out the HTML and email addresses, any help would be great. I think it something simple and my brain is just not working today.

    Thanks in advance.

  • #2
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,502
    Thanks
    8
    Thanked 1,089 Times in 1,080 Posts
    Do you think the spam might be from an automatic spam robot,
    or could the spam be from a real person hired to do spam?

    That's what a lot of the middle-eastern countries are doing now ...
    hiring people to actually go online and spam forms. They of course
    can get past the "captcha" code boxes, and do everything a normal
    person would do...

    Not much you can do about it except don't have any forms on your site.

    Just display a basic email address to a free Yahoo email account.
    When that email address starts to get too much spam, open up
    a new email account.

    It's sort of sad that the internet is heading in the direction in which it's
    going now ... but the spammers wouldn't be "spamming" if people didn't
    actually buy their stuff.

  • Users who have thanked mlseim for this post:

    littlemiss (11-14-2007)

  • #3
    New Coder
    Join Date
    Aug 2007
    Posts
    66
    Thanks
    2
    Thanked 0 Times in 0 Posts
    i am not sure where it is coming from. But I assume it must be actual people coz I have put in anti spam things, thats just annoying. Thanks for your help !

  • #4
    Senior Coder
    Join Date
    Jan 2007
    Posts
    1,648
    Thanks
    1
    Thanked 58 Times in 54 Posts
    session controls
    Session controls are worthless as an anti spam measure.

  • #5
    New Coder
    Join Date
    Aug 2007
    Posts
    66
    Thanks
    2
    Thanked 0 Times in 0 Posts
    then what is, give me some help please!

  • #6
    New Coder
    Join Date
    May 2007
    Location
    Manchester, UK
    Posts
    72
    Thanks
    0
    Thanked 2 Times in 2 Posts
    Session controls attempt to work around the "stateless" nature of HTTP.

    Normally each HTTP request is individual; no 2 requests (ie. for your page) are connected, even if they come from the same user in the same minute.

    A session is maintained by PHP to get around this; PHP gives the user of your site a cookie with a unique identifier or puts it in the GET request of pages if they're not accepting cookies -- which is why you may have seen "?PHPSESSID" in some requests. The unique identifier is 32 alphanumeric characters long.

    What happens is that every time a user looks at your page, and you've told PHP it's part of the session by doing session_start(), PHP looks at the cookies supplied by the user and says "ah hah, this person is part of session X!" and therefore makes sure that the $_SESSION global array you have access to contains the appropriate variables for that session. Otherwise PHP might say "no cookie, right, you're now part of session Y!"

    This system exists to maintain information such as "what username is this user logged in as?", but note that it's not exactly the most secure system in the world as if I'm the user with session Y and want to hijack session X, I just need to find out that 32 character string and tell the webserver (and therefore PHP) I'm part of that session.

    Hope that helps instead of confusing.
    Every PHP programmer of any skill level should set error_reporting(E_ALL); at the top of their scripts or in their php.ini


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •