Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    Regular Coder
    Join Date
    Jun 2009
    Posts
    351
    Thanks
    75
    Thanked 0 Times in 0 Posts

    my contact form is getting spammed and javascript is being by passed :(

    Hi guys. I have a contact form that looks like this

    PHP Code:
     <form method="post" action="contact.html.php" onsubmit="return validateForm();"
                     <
    p id="errormsg"></p>    
                  <
    p
                        <
    label>First Name:</label>
                        <
    input type="text" id="firstName" name="firstName" value="" />      
                    </
    p
                    <
    p
                        <
    label>Last Name:</label>
                        <
    input type="text" id="lastName" name="lastName" value="" />      
                    </
    p
                    <
    p
                        <
    label>Email:</label>
                        <
    input type="text" id="email" name="email" value="" /> 
                        
                    </
    p>               
                    <
    p
                        <
    label>Phone:</label>
        
                        <
    input type="text" id="mobile" name="mobile" value="" /> 
                        
                    </
    p>                                  
                    <
    p
                        <
    label>Comments:</label
                        <
    textarea name="comments" id="comment" cols="30" rows="3" ></textarea>    
                    </
    p
                  
                    <
    p>    <input class="submit" type="image" src="images/send.gif" name="submit" value="Submit"  /></p
                  </
    form
    and my javascript file is like this

    PHP Code:
    var $j jQuery.noConflict();
        function 
    isValidEmail(str)
    {
    var 
    reg = /^([A-Za-z0-9_-.])+@([A-Za-z0-9_-.])+.([A-Za-z]{2,4})$/;
    if(
    reg.test(str) == false) {
    return 
    false;
    }
    else
    {
    return 
    true;
    }
    }

        function 
    validateForm(){
                var 
    firstName;
                var 
    lastName;
                var 
    email;
                var 
    mobile;
                var 
    comment;
                var 
    error;
                
                
    firstName $j('#firstName').val();
                
    lastName $j('#lastName').val();
                
    email $j('#email').val();
                
    mobile $j('#mobile').val();
                
    comment $j('#comment').val();
                if(
    firstName=='' || firstName.length 3){
                    
    error 'Please enter your first name';
                    
    $j('#errormsg').html('<p class="errors">'error +'</p>');
                    return 
    false;
                }
                if(
    lastName=='' || lastName.length 3){
                    
    error 'Please enter your last name';
                    
    $j('#errormsg').html('<p class="errors">'error +'</p>');
                    return 
    false;
                }
                if(
    email=='' || !isValidEmail(email)){
                    
    error 'Please enter your correct email address';
                    
    $j('#errormsg').html('<p class="errors">'error +'</p>');
                    return 
    false;
                }
                
    //mob
                //$jmob_pattern = '^\d{10}$j';
                
    if(isNaN(mobile))
                {
                
    error 'Please enter your correct phone number';
                
    $j('#errormsg').html('<p class="errors">'error +'</p>');
                return 
    false;
                }
                else
                {
                if(
    mobile.length<|| mobile.length>12)
                {
                
    error 'Please enter your correct phone number';
                
    $j('#errormsg').html('<p class="errors">'error +'</p>');
                return 
    false;
                }
                }


                
                
                if(
    comment.length 3){
                    
    error 'Please Enter A Comment';
                    
    $j('#errormsg').html('<p class="errors">'error +'</p>');
                    return 
    false;
                }
                return 
    true;
        } 
    how can i make a php file that will validate the user input the same way as my java script file is doing...

    I also want to display a message if there is fields left out by user. so far this is my php file

    PHP Code:
        <p id="errormsg">
                    
                      <?php  if(isset($_POST['submit']))
          {
              
    $firstName $_POST['firstName'];
              
    $lastName $_POST['lastName'];
              
    $email $_POST['email'];
              
    $mobile $_POST['mobile'];
              
    $comments $_POST['comments'];

            
    // initialize an array to hold our errors
            
    $to "";
            
    $subject "";
            
    $body 
      
               
    "\nName: " $firstName " " $lastName .
               
    "\nEmail: " $email 
               
    "\nPhone Number: " $mobile 
               
    "\nMessage: " $comments;

            
    $headers "From: "$firstName ." "$lastName " <" $email ">\r\n";


           if (
    mail($to$subject$body$headers)) {
            echo(
    "<p class=\"errors\">Thanks for submitting your enquiry.</p>");
            }
            else {
            echo(
    "<p class=\"errors\">Message delivery failed. Please fill in or Quick Contact Form again or call us on 087-9850714 to get immediate assistance.</p>");
           }
        }
     
    ?>                  </p>
    can anybody help me create the correct php for this.. I know it might be a bit big of a job to do but hopefully someone can help. Thanks

  • #2
    Senior Coder angst's Avatar
    Join Date
    Apr 2004
    Location
    Toronto, Ontario
    Posts
    2,114
    Thanks
    15
    Thanked 122 Times in 122 Posts
    your best just to use a 'Captcha' method to avoid these kinds of issues.

    have a look at this, i'm sure you've seen these around; http://www.google.com/recaptcha/learnmore

  • #3
    Banned
    Join Date
    Feb 2011
    Posts
    2,699
    Thanks
    13
    Thanked 395 Times in 395 Posts
    my contact form is getting spammed and javascript is being by passed
    That's because the hacker is sending data directly to your form's action url contact.html.php, hence by-passing the javascript, and you can't stop that.

    That is why javascript validation on its own is pretty much useless. You must have server side validation to have any chance of 100% protection from spam or any other malicious code. Just a captcha with no server side validation still leaves you vulnerable to spam and other attacks.

    I would recommend adding some sort of captcha test to your form to hopefully stop data from non-humans (bots etc, not aliens ) being sent your php script and then at the top of your php script add validation code to validate all user inputs, similar to the way you have with your javascript. You can use regular expressions in php as well.

    There are plenty of examples on the interweb on how to use regex's in php to validate common form user inputs.
    Last edited by bullant; 05-25-2011 at 02:02 AM.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •