anti spam security question php contact form

Question

I have a working contact field. Although I am using standard spam-protection things like honeypot etc. I am getting spam nearly every day. So I thought I might us an security question. So Ive adde this:

Spam-question: Which colour has the sky? (lowercase) <input name="spamprotection">

Now I want to only send the form if this question is answered right otherwise it should show the error message. But its not sending anymore but still showing the success message. What am I doing wrong?

Ive added this to the send-sequence and before it was working properly: !empty($_POST['spamprotection']) || ($_POST["spamprotection"] = 'blau') ||

// Send the email. 

if (!empty($_POST['spamprotection']) || ($_POST["spamprotection"] = 'blau') ||  mail($to, $subject, $message, $header)) {

    $result = ["color" => "green", "msg" => "Ich habe Ihre Mail erhalten und melde mich in Kürze!"];

    if ($file_type) {

      $result['msg'] .= "";

    }

} else {

    $result = ["color" => "red", "msg" => "Nachricht konnte nicht gesendet werden. Bitte senden Sie mir Ihre Anfrage an bm-translations@email.de"];

}

Answer 1

Your logic in your if statement is not valid.

You need to change your code to this.

if (isset($_POST['spamprotection']) && $_POST["spamprotection"] == 'blau') {

    $result = ["color" => "green", "msg" => "Ich habe Ihre Mail erhalten und melde mich in Kürze!"];
    mail($to, $subject, $message, $header);

    if ($file_type) {

      $result['msg'] .= "";

    }

} else {

    $result = ["color" => "red", "msg" => "Nachricht konnte nicht gesendet werden. Bitte senden Sie mir Ihre Anfrage an bm-translations@email.de"];

}

When it comes to equality:

$a = '5'; //This sets $a = 5(string);
$b = 5; //This sets $b = 5(int);
$a == $b;  //This checks to see if $a is equal to $b. Will return true.
$a === $b; //This is a strict comparison of $a & $b.  It checks to see if $a is equal to $b as well as the type.  Meaning $a(string) is equal to $b(int). Will return false.