Zola Posted May 16, 2012 Share Posted May 16, 2012 I have a simple contact form I did a while ago for a small company. They emailed me saying they are getting bits of spam mail from the site occasionally and would like to get it stopped if possible. This is how my form looks: <form method="post" action="mailer.php"> <div class="form_left"> <p>Name:<br> <input type="text" name="name" size="24" autofocus="true" placeholder="Type Here" required="true" /></p> </div> <div class="form_right"> <p>Email:<br> <input type="email" name="email" size="24" placeholder="Type Here" required="true" /></p> </div> <div class="form_left"> <p>Company Name:<br /> <input type="text" name="company" size="24" placeholder="Type Here" required="true" /></p> </div> <div class="form_right"> <p>Phone Number:<br /> <input type="text" name="phone" size="24" placeholder="Type Here" required="true" /></p> </div> <div class="form_left"> <p>Your Message:<br /> <textarea rows="6" name="message" cols="55" placeholder="Type Here" ></textarea></p> </div> <p class="submit"><input type="submit" value="Send Mail" name="submit" /></p> </form> <?php if(isset($_POST['submit'])) { // $to = "mail@mydomain.com"; $to = "mail@mydomain.com"; $subject = "Web Enquiry"; $name = $_POST['name']; $email = $_POST['email']; $company = $_POST['company']; $phone = $_POST['phone']; $message = $_POST['message']; if (strlen(trim($message)) > 0) { $body = "From: $name \n\n Email: $email \n \n Company: $company \n\n Phone Number: $phone \n\n Message: $message"; if (mail($to, $subject, $body)) { echo "<h3>Thanks! Your email has been sent <br />We will answer your enquiry as soon as possible.</h3>"; } else { echo 'Cannot sent mail'; } } else { echo "<h3>Error! <br />Please ensure that all fields are filled out correctly in order to email us.</h3>"; } } ?> Any help or pointers as to how I could add in a little security would be appreciated. Quote Link to comment Share on other sites More sharing options...
huddy Posted May 16, 2012 Share Posted May 16, 2012 You could ask a question, or use recapture: http://www.google.com/recaptcha, or use both. This should help you, I'd recommend using both a question and recaptcha in combination to increase security. Billy Quote Link to comment Share on other sites More sharing options...
Zola Posted May 16, 2012 Author Share Posted May 16, 2012 Thanks I have tried to implement a simple math question but I am getting loads of php errors, I've made mistakes somewhere but cant see where. <?php $name = $_POST['name']; $email = $_POST['email']; $company = $_POST['company']; $phone = $_POST['phone']; $message = $_POST['message']; $to = 'me@mydomain.com'; $subject = 'User Mail'; $human = $_POST['human']; $body = "From: $name\n E-Mail: $email\n Company: $company\n Phone: $phone\n Message:\n $message"; $headers = "From: Website Visitor <someone_from@yourwebsite.com>"; if ($_POST['submit']) { if ($name != '' && $email != '' && $company != '' && $phone != '' && $message != '') { if ($human == '10') { if (mail ($to, $subject, $body, $headers)) { echo '<h2>Your message has been sent! We will get back to you very soon.</h2>'; } else { echo '<h2>Something went wrong. Please try again.</h2>'; } } else if ($_POST['submit'] && $human != '10') { echo '<h2>You answered the anti-spam question incorrectly. Please try again.</h2>'; } } else { echo '<h2>You need to fill in all the fields. </h2>'; } } ?> <form method="post" action="enquiry_form.php"> <div class="form_left"> <p>Name:<br> <input type="text" name="name" size="24" autofocus="true" placeholder="Type Here" required="true" /></p> </div> <div class="form_right"> <p>Email:<br> <input type="email" name="email" size="24" placeholder="Type Here" required="true" /></p> </div> <div class="form_left"> <p>Company Name:<br /> <input type="text" name="company" size="24" placeholder="Type Here" required="true" /></p> </div> <div class="form_right"> <p>Phone Number:<br /> <input type="text" name="phone" size="24" placeholder="Type Here" required="true" /></p> </div> <div class="form_left"> <p>Your Message:<br /> <textarea rows="6" name="message" cols="55" placeholder="Type Here" required="true"></textarea></p> </div> <div class="form_left"> <p>What is 7 + 3 (Anti Spam):<br /> <input type="text" name="human" size="24" placeholder="Type Here" required="true" /></p> </div> <div class="send_callback"> <p class="submit"><input type="submit" value="Send" name="submit" /></p> </div> Quote Link to comment Share on other sites More sharing options...
Zola Posted May 16, 2012 Author Share Posted May 16, 2012 I was testing this in local host. I put it live and it seems to work. Do these forms not perform in localhost? Quote Link to comment Share on other sites More sharing options...
noXstyle Posted May 16, 2012 Share Posted May 16, 2012 Hi, Just to pitch in here: you don't necessarily need captcha to prevent spam. What I usually do is: 1. Give a random name (e.g. kifer32w39) to email field. Validate this field as email. 2. Create email field and hide it. When the form is submitted check that this field is not filled. If it is, don't submit the form. Pretty efficient against spam bots since most of them fill out most used email field names. Of course this doesn't eliminate manual spam, nor does captcha for that matter. Quote Link to comment Share on other sites More sharing options...
Jessica Posted May 16, 2012 Share Posted May 16, 2012 Hi, Just to pitch in here: you don't necessarily need captcha to prevent spam. What I usually do is: 1. Give a random name (e.g. kifer32w39) to email field. Validate this field as email. 2. Create email field and hide it. When the form is submitted check that this field is not filled. If it is, don't submit the form. Pretty efficient against spam bots since most of them fill out most used email field names. Of course this doesn't eliminate manual spam, nor does captcha for that matter. Seconded. Quote Link to comment Share on other sites More sharing options...
darkfreaks Posted May 16, 2012 Share Posted May 16, 2012 i got most of your errors fixed BTW. but i agree with jesirose and others recaptcha or captcha helps ALOT while i agree it is not 100% spam proof it helps. <?php $name = $_POST['name']; $email = $_POST['email']; $company = $_POST['company']; $phone = $_POST['phone']; $message = $_POST['message']; $to = 'me@mydomain.com'; $subject = 'User Mail'; $human = $_POST['human']; $submit= $_POST['submit']; $body = <<<EOL From: $name\n E-Mail: $email\n Company: $company\n Phone: $phone\n Message:\n $message EOL; $headers = "From: Website Visitor <someone_from@yourwebsite.com>"; if (isset($submit)) { if ($name !== '' && $email !== '' && $company !== '' && $phone !== '' && $message !== '') { if ($human === '10') { if (mail ($to, $subject, $body, $headers)) { echo '<h2>Your message has been sent! We will get back to you very soon.</h2>'; } else { echo '<h2>Something went wrong. Please try again.</h2>'; } } else if ($submit && $human !== '10') { echo '<h2>You answered the anti-spam question incorrectly. Please try again.</h2>'; } } else { echo '<h2>You need to fill in all the fields. </h2>'; } } ?> Quote Link to comment Share on other sites More sharing options...
rythemton Posted May 16, 2012 Share Posted May 16, 2012 Hi, Just to pitch in here: you don't necessarily need captcha to prevent spam. What I usually do is: 1. Give a random name (e.g. kifer32w39) to email field. Validate this field as email. 2. Create email field and hide it. When the form is submitted check that this field is not filled. If it is, don't submit the form. Pretty efficient against spam bots since most of them fill out most used email field names. Of course this doesn't eliminate manual spam, nor does captcha for that matter. Seconded. I'll give this a third. I've never created a fake email field before, but like the idea. I check the domain in the email to make sure there is a valid MX record for that domain. checkdnsrr( $host, 'MX' ) Most spam bots fill in fields they don't recognize with random stuff. As for Manual Spam, a notice stating that all SPAM will be deleted without being read, or something to that effect, will have most manual spammers moving on to another site. Quote Link to comment Share on other sites More sharing options...
darkfreaks Posted May 16, 2012 Share Posted May 16, 2012 that is a waste of code. filter_var should cover most of the validation there is some stuff it doesn't filter but it's effective for most everything. Updated code with filter var email validate: <?php $name = $_POST['name']; $email = $_POST['email']; $company = $_POST['company']; $phone = $_POST['phone']; $message = $_POST['message']; $to = 'me@mydomain.com'; $subject = 'User Mail'; $human = $_POST['human']; $submit= $_POST['submit']; $body = <<<EOL From: $name\n E-Mail: $email\n Company: $company\n Phone: $phone\n Message:\n $message EOL; $headers = "From: Website Visitor <someone_from@yourwebsite.com>"; if (isset($submit)) { if(filter_var($email,FILTER_VALIDATE_EMAIL)){ if ($name !== '' && $email !== '' && $company !== '' && $phone !== '' && $message !== '') { if ($human === '10') { if (mail ($to, $subject, $body, $headers)) { echo '<h2>Your message has been sent! We will get back to you very soon.</h2>'; } else { echo '<h2>Something went wrong. Please try again.</h2>'; } } else if ($submit && $human !== '10') { echo '<h2>You answered the anti-spam question incorrectly. Please try again.</h2>'; } } else { echo '<h2>You need to fill in all the fields. </h2>'; } } else { echo 'Please supply a valid email.'; } } ?> Quote Link to comment Share on other sites More sharing options...
darkfreaks Posted May 17, 2012 Share Posted May 17, 2012 redid code so it removes illegal stuff from the email as well as checks for proper format. <?php function spamcheck($field) { //filter_var() sanitizes the e-mail //address using FILTER_SANITIZE_EMAIL $field=filter_var($field, FILTER_SANITIZE_EMAIL); //filter_var() validates the e-mail //address using FILTER_VALIDATE_EMAIL if(filter_var($field, FILTER_VALIDATE_EMAIL)) { return TRUE; } else { return FALSE; } } $name = $_POST['name']; $email = spamcheck($_POST['email']); $company = $_POST['company']; $phone = $_POST['phone']; $message = $_POST['message']; $to = 'me@mydomain.com'; $subject = 'User Mail'; $human = $_POST['human']; $submit= $_POST['submit']; $body = <<<EOL From: $name\n E-Mail: $email\n Company: $company\n Phone: $phone\n Message:\n $message EOL; $headers = "From: Website Visitor <someone_from@yourwebsite.com>"; if (isset($submit)) { if($email=== FALSE) { echo "Please Supply a Valid Email.";} else { if ($name !== '' && $email !== '' && $company !== '' && $phone !== '' && $message !== ''){ if ($human === '10') { if (mail ($to, $subject, $body, $headers)) { echo '<h2>Your message has been sent! We will get back to you very soon.</h2>'; } else { echo '<h2>Something went wrong. Please try again.</h2>'; } } else if ($submit && $human !== '10') { echo '<h2>You answered the anti-spam question incorrectly. Please try again.</h2>'; } } else { echo '<h2>You need to fill in all the fields. </h2>'; } } } ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.