www.webdeveloper.com
Results 1 to 3 of 3

Thread: Help with comment form using hidden field to deter spam

  1. #1
    Join Date
    Nov 2011
    Posts
    2

    Help with comment form using hidden field to deter spam

    Hi

    I have a comment form on my website which is on every page (it's built into the template). I'm trying to use the hidden field method to combat spamming of the contact form.

    I am trying to set up my form so that if a bot fills in the hidden field they will be sent to a dummy thanks page (form_thanks.html) and no email will be sent to me, and if the field is blank then the email will be generated and the user will go to the real thanks page.(thanks.html). The client does not want to use captchas or questions (e.g. 2+1 = [] ) as we want to keep the comment form as clean and simple as possible.

    This is my form code:

    <form action="../scripts/FormToEmail.php" method="post" id="commentForm" name="commentForm" >
    <label for="name">Your name:</label><input name="name" type="text" id="name" class="required" required=="required" />
    <label for="email">E-Mail Address:</label><input name="email" type="text" id="email" class="required" required=="required"
    />
    <label for="phone">Phone Number (optional):</label> <input name="phone" type="text" class="digits" id="phone"/>
    <label for="comments">Message:</label> <textarea name="comments" type="text" id="comments" class="required" cols="80" rows="4" required=="required"></textarea>

    <!-- The following field is for robots only, invisible to humans: -->
    <label class="lastname">Please do not fill</label><input type="text" name="<?= $default_1 ?>" />

    <!-- TemplateBeginEditable name="PageID" -->
    <input name="FromPage" type="hidden" id="FromPage" value="" />
    <!-- TemplateEndEditable -->
    <input type="submit" name="Submit" value="Submit" />
    <input type="reset" name="Clear" id="Clear" value="Clear Form" />
    </form>

    The class 'lastname' is set to hidden. The form works but spam still gets through as all emails are sent regardless of whether the hidden field is filled or not.

    I've been trying to add code to FormToEmail.php to tackle this but have been unsuccessful.

    The additional code I have added is :


    $decoy = array('d_name','d_password','d_pw','d_user','d_username','d_comment');

    $default_1 = $decoy[array_rand($decoy)];

    if ($decoy == $value)
    {
    header("Location: http://www.mywebsite.com/form_thanks.html");
    }

    else header("Location: http://www.mywebsite.com/forms/thanks.html");

    I'm thinking that if the $decoy field has a value then it's probably filled with spam and they should be redirected to the dummy page at form_thanks.html and if its blank, it's most likely genuine and then they should be sent to thanks.html and an email submitted. I'm not sure how to redirect the spammer and end the submission, whilst allowing genuine comments to be submitted and then sent to the thanks page.

    Any help is greatly appreciated!

  2. #2
    Join Date
    Jul 2010
    Location
    /ramdisk/
    Posts
    865
    redirecting someone to the pretend "thanks" page is hilarious. It's playing the same game as they are.

    Anyways, if what you say is true you can do this:

    <input type="hidden" name="abcd" value ="qwerty" />

    PHP Code:
    if(isset($_POST['abcd'])) header('Location: fakethanks.php'); 
    captcha is just to tell a human from computer.
    You can easily trick a computer into telling you that it's a computer Think about how a spammer will attack your form:
    he'll try hitting it with some script like this first:
    post:
    input name value
    input2 name2 value2

    Remember this, spammers are out for $$, they don't want to prove they can reverse engineer some stupid little form generator. All you have to do is be harder to spam than the next person, and in a few years that standard will be raised; unfortunately spam is so last century, we're combating phishing now.
    Last edited by eval(BadCode); 11-17-2011 at 01:44 PM.
    I use (, ; : -) as I please- instead of learning the English language specification: I decided to learn Scheme and Java;

  3. #3
    Join Date
    Nov 2011
    Posts
    2
    Hi

    Thanks for your reply, the idea behind the 'fake' thanks page was really just so I could make sure this worked when testing out the form.

    I tried adding your code but it didn't work unfortunately. I've been reading up on various simple ways to help combat spam on a contact form and read about this hidden field method. e.g. http://blog.primalskill.com/5-layer-spam-filter/ and http://devgrow.com/simple-php-honey-pot/ both mention something similar.

    I think the problem is the form is still validating either way, whether the hidden field has text in it or not.

    Thanks again.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles