CODEWITHSUNDEEP
phpforms
user1710552
user1710552

Reputation:

anti spam field in form

i am using vtiger and recieveing alot of spam on the website contact page i am using this code

        <form name="contact" action="REMOVED" method="post" accept-charset="utf-8"> 
    <input type="hidden" name="publicid" value="REMOVED"></input>
    <input type="hidden" name="name" value="contact"></input>        
    <label>First Name</label>
    <input type="text" value="" name="firstname"  required="true"></input>  
    <label>Phone</label>
    <input type="text" value="" name="phone"  required="true"></input>  
    <label>Last Name</label>
    <input type="text" value="" name="lastname"  required="true"></input>   
    <label>Email</label>
    <input type="text" value="" name="email"  required="true"></input>  
    <label><span>*</span>Street</label>
    <input type="text" value="" name="lane"  ></input>  
    <label><span>*</span>Postal Code</label>
    <input type="text" value="" name="code"  ></input>  
    <label><span>*</span>City</label>
    <input type="text" value="" name="city"  ></input>  
    <label>Country</label>
    <input type="text" value="" name="country"  ></input>   
    <label><span>*</span>County</label>
    <input type="text" value="" name="state"  ></input> 
        <label for="comments"><span>*</span>Description</label>d
    <textarea name="description" cols="40" rows="3" name="description"  id="description"></textarea>

the isue im having is the submit is to another URL thats not on the site and every anti spam method i have tried (12+1 =) still sends the form no matter the answer

i have deleted the links to the sites

Any help on this would be great

Upvotes: 0

Views: 4092

Answers (2)

Arek - Krakiewicz.pl
Arek - Krakiewicz.pl

Reputation: 292

I would recommend You other antiSpam method - with token/private key.

In HTML form You put this:

<form action="..." method="post">
<?php
$publicKey = rand()%9;
$privateKey = 0.9;
$token = sha1( $publicKey * $privateKey + $privateKey );    
?>
<input type="hidden" name="publicKey" value="<?php echo $publicKey; ?>" />
<input type="hidden" name="token" value="<?php echo $token; ?>" />
</form>


And add also few lines of code before IF condition - for example: fragment with SQL query or send mail, just to check/validate sended token by POST method:

<?php
$publicKey = $_POST['publicKey'];
$privateKey = 0.9;
$token = sha1( $publicKey * $privateKey + $privateKey );

if ( $token == $_POST['token'] ) {

// do something, eg: SQL query, send mail

}
?>

AND REMEMBER! Always validate and sanitize all Your input data! :)

Upvotes: 1

circusdei
circusdei

Reputation: 1967

Add an extra field to the form that you do not use. Hide it with css.

Spam bots visiting the page will fill all fields, even if they are not shown.

If there's something in the hidden field, the whole form is spam, and you can discard the data.

Upvotes: 4

Related Questions