wads24 Posted June 1, 2011 Share Posted June 1, 2011 I have been getting a lot of bots spamming this script, and need to add captcha to it. I am new to php and was wondering if someone would help me with this issue. Below is the script, and I really would appreciate the help. <?php include "admin/conf.php"; $setting1="SELECT * FROM ".$prefix."settings"; $setting2=mysql_query($setting1) or die("Sorry, Could not select sites table"); $setting=mysql_fetch_array($setting2); include "lang/$setting[lang]/main.php"; print "<title>$lang_reg1</title>"; print "<link rel='stylesheet' href='skin/$setting[style]/style.css' type='text/css'>"; print "<body bgcolor='#FFFFFF'>"; print "<table cellpadding='0' cellspacing='0' align='center' class='outtable'><tr><td>"; /*----------------- Bread ------------------*/ print "<br /><table><tr><td width='100%'><a href='index.php'>$setting[title]</a> > $lang_reg4</td></tr></table><br />"; /*----------------- Bread End ------------------*/ print "<table cellpadding='0' cellspacing='0' align='center' width='100%'><tr><td valign='middle'><img src='skin/$setting[style]/images/pen.gif' style='vertical-align: middle;'></td> <td valign='middle'>$lang_reg1</td></tr></table>"; print "<table cellspacing='0' cellpadding='0' width='100%' align='center'><tr> <td><img src='skin/$setting[style]/images/cat_left_shadow.gif' style='vertical-align: middle;'></td> <td><img src='skin/$setting[style]/images/cat_left.gif' style='vertical-align: middle;'></td> <td class='tilecat' width='100%'><img src='skin/$setting[style]/images/tile_back.gif' style='vertical-align: middle;'></td> <td><img src='skin/$setting[style]/images/cat_right.gif' style='vertical-align: middle;'></td><td><img src='skin/$setting[style]/images/cat_right_shadow.gif' style='vertical-align: middle;'></td> </tr></table>"; print "<table cellspacing='0' cellpadding='0' width='100%' align='center'><tr> <td class='shadowL'><img src='skin/$setting[style]/images/left_shadow.gif' style='vertical-align: middle;'></td> <td width='100%'>"; print "<form name='topsite' action='source/reguser.php' method='post' onSubmit='return check_it();'>"; print "<table cellspacing='0' cellpadding='2' align='center' class='maintable'>"; print "<tr><td colspan='2' class='titlemedium' style='padding: 3px;' align='center'>$lang_reg4</td></tr>"; print "<tr><td class='tileshadow' colspan='2' align='center'><img src='skin/$setting[style]/images/spacer.gif' width='1' height='3' alt='' /></td></tr>"; print "<tr class='row5'><td nowrap valign='top'>$lang_reg5</td>"; print "<td><input type='text' name='topsiteuser' size='60'></td></tr>"; print "<tr class='row5'><td valign='top'>$lang_reg6</td>"; print "<td><input type='password' name='password' size='60'></td></tr>"; print "<tr class='row5'><td valign='top'>$lang_reg7</td>"; print "<td><input type='text' name='email' size='60'></td></tr>"; print "<tr class='row5'><td valign='top'>$lang_reg8</td>"; print "<td><input type='text' name='title' size='60'></td></tr>"; print "<tr class='row5'><td valign='top'>$lang_reg9</td>"; print "<td><input type='text' name='url' size='60' value=''></td></tr>"; print "<tr class='row5'><td valign='top'>$lang_reg10</td>"; print "<td><input type='text' name='button' size='60' value=''> <a href=\"javascript:void(window.open('http://www.imageshack.us/iframe.php?txtcolor=111111&type=blank&size=30','','height=100,width=275,left=0,top=0,toolbar=0,scrollbars=0'))\" target=\"_self\"><font face=\"Arial\" size=\"1\">UPLOAD HERE</font></a></td></tr>"; $selects="SELECT * FROM ".$prefix."categories where 1"; $selects2=mysql_query($selects) or die("Sorry, Could not select"); $selects3=mysql_fetch_array($selects2); if($selects3[iD]<1) {print"";}else { print "<tr class='row5'><td valign='top'>$lang_reg11</td>"; $selectcategory="SELECT * FROM ".$prefix."categories"; $selectcategory2=mysql_query($selectcategory) or die("Sorry, Could not select category"); print "<td><select name='catname'>"; $selectcategory="SELECT * FROM ".$prefix."categories"; $selectcategory2=mysql_query($selectcategory) or die("Sorry, Could not select category"); while($selectcategory3=mysql_fetch_array($selectcategory2)) {print "<option>$selectcategory3[catname]</option>";} print "</select></td></tr>";} print "<tr class='row5'><td width='40%' valign='top'>$lang_reg13<br>$lang_reg12</td>"; print "<td width='60%' ><textarea name='description' rows='5' cols='50'></textarea></td></tr>"; print "</table><br /><br />"; print "</td> <td class='shadowR'><img src='skin/$setting[style]/images/right_shadow.gif' style='vertical-align: middle;'></td> </tr></table>"; print"<table cellspacing='0' cellpadding='0' width='100%' align='center'><tr> <td><img src='skin/$setting[style]/images/mainfoot_left_shadow.gif' style='vertical-align: middle;'></td> <td><img src='skin/$setting[style]/images/mainfoot_left.gif' style='vertical-align: middle;'></td> <td class='footer' width='100%'><img src='skin/$setting[style]/images/mainfoot.gif' style='vertical-align: middle;'></td> <td><img src='skin/$setting[style]/images/mainfoot_right.gif' style='vertical-align: middle;'></td><td><img src='skin/$setting[style]/images/mainfoot_right_shadow.gif' style='vertical-align: middle;'></td> </tr></table><br />"; print "<table cellspacing='0' cellpadding='0' width='100%' align='center'><tr> <td><img src='skin/$setting[style]/images/cat_left_shadow.gif' style='vertical-align: middle;'></td> <td><img src='skin/$setting[style]/images/cat_left.gif' style='vertical-align: middle;'></td> <td class='tilecat' width='100%'><img src='skin/$setting[style]/images/tile_back.gif' style='vertical-align: middle;'></td> <td><img src='skin/$setting[style]/images/cat_right.gif' style='vertical-align: middle;'></td><td><img src='skin/$setting[style]/images/cat_right_shadow.gif' style='vertical-align: middle;'></td> </tr></table>"; print "<table cellspacing='0' cellpadding='0' width='100%' align='center'><tr> <td class='shadowL'><img src='skin/$setting[style]/images/left_shadow.gif' style='vertical-align: middle;'></td> <td width='100%'>"; print "<table cellspacing='0' cellpadding='2' align='center' class='maintable'>"; print "<tr><td class='titlemedium' style='padding: 3px;' align='center'>$lang_rul</td></tr>"; print "<tr><td class='tileshadow' align='center'><img src='skin/$setting[style]/images/spacer.gif' width='1' height='3' alt='' /></td></tr>"; print "<tr class='row5'><td nowrap valign='top' align='center'><textarea cols='60' rows='10'>$setting[rules]</textarea></td></tr>"; Print"<tr><td class='subs' colspan='2' align='center'><input type='submit' name='submit' value='$lang_agree'></td></tr></table></form>"; print "</td> <td class='shadowR'><img src='skin/$setting[style]/images/right_shadow.gif' style='vertical-align: middle;'></td> </tr></table>"; print"<table cellspacing='0' cellpadding='0' width='100%' align='center'><tr> <td><img src='skin/$setting[style]/images/mainfoot_left_shadow.gif' style='vertical-align: middle;'></td> <td><img src='skin/$setting[style]/images/mainfoot_left.gif' style='vertical-align: middle;'></td> <td class='footer' width='100%'><img src='skin/$setting[style]/images/mainfoot.gif' style='vertical-align: middle;'></td> <td><img src='skin/$setting[style]/images/mainfoot_right.gif' style='vertical-align: middle;'></td><td><img src='skin/$setting[style]/images/mainfoot_right_shadow.gif' style='vertical-align: middle;'></td> </tr></table><br />"; print "<table width='100%' border='0' cellspacing='0' cellpadding='0'> <tr><td colspan='$cols' nowrap style='padding: 3px;' id='runtime' ><div><span><center>$setting[magic]</center></span></div></td></tr></table>"; print "</td></tr></table>"; ?> Quote Link to comment Share on other sites More sharing options...
monkeytooth Posted June 1, 2011 Share Posted June 1, 2011 Whats the issue your having exactly? If we know that we can better help you with your issue.. You haven't presented a problem, all you've presented is a bit of code.. Quote Link to comment Share on other sites More sharing options...
.josh Posted June 1, 2011 Share Posted June 1, 2011 Captchas are annoying and bad for UX, and you should avoid it unless you absolutely must use it. Instead, look into using a honeypot and/or token/time system instead. They are passive and do not require the user to jump through any hoops, and are very effective. I'm sure you know how to google, but to summarize: honeypot : basically you add a field to your form but use css to hide it from the user. A bot doesn't know it's hidden so it fills it out. In your validation script, you then check if it was filled out. If it was, then count as spam and discard. token system: Basically you generate a unique id and save it in a session var and also output it as a hidden field value in your form. When user submits form, check for the id and if it matches the session value. If it doesn't, count as spam and discard. time system: Output a timestamp to hidden field in form (better if you encrypt it). When form is submitted, compare hidden value to current timestamp. If it is something ridiculously low like < 1s then count as spam, discard. But you can go even higher, depending on how long you think it should take the average user to fill out the form. This is not an exact science and not 100%, as a bot can simply time itself out to get around it. But most bots don't, and even if they do, it's still effective, combined with the above methods (you can even combine this with the token system). Quote Link to comment Share on other sites More sharing options...
xyph Posted June 1, 2011 Share Posted June 1, 2011 I've designed bots to submit forms. All of your solutions can be bypassed by a couple lines of code. The plus side is an attacker has to customize their bot to work for that specific form. Then again, with $10 and http://decaptcher.com/client/ I can bypass 5000 CAPTCHAs. Anti-spam is hard. My personal approach would probably involve giving each input a random name, and storing those names with their 'real' names in a session. This allows your form data to be decoded on the next page, and stops a bot from guessing what the form should contain. Randomize the order that your elements show up, confusing the bots further. Use an AJAX call to grab the labels you want for each form, and populate your form. Combine with a honeypot, and you're pretty much in reCAPTCHA territory without annoying the user. The problem, though, is you're alienating users who don't allow server-side scripting. Quote Link to comment Share on other sites More sharing options...
.josh Posted June 1, 2011 Share Posted June 1, 2011 I've designed bots to submit forms. All of your solutions can be bypassed by a couple lines of code. The plus side is an attacker has to customize their bot to work for that specific form. Yes this is true. If someone wants to specifically analyze a form and find which fields to avoid etc.. then sure, it is easy to handcode a spambot to get around that stuff. But that kind of defeats the purpose of having a bot in the first place. People who try and spam generally avoid trying to have to program bots for individual forms. Doing those things once will go a long way in reducing spam from bots that try to parse generic or "standard" forms. Changing your "rules" up on a fairly regular basis will make it go even further. But there is no 100% solution no matter what you do. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.