anti spam field in form

2020-05-09 19:07发布

站内问答 / PHP
1644 2 6

i am using vtiger and recieveing alot of spam on the website contact page i am using this code

        <form name="contact" action="REMOVED" method="post" accept-charset="utf-8"> 
    <input type="hidden" name="publicid" value="REMOVED"></input>
    <input type="hidden" name="name" value="contact"></input>        
    <label>First Name</label>
    <input type="text" value="" name="firstname"  required="true"></input>  
    <label>Phone</label>
    <input type="text" value="" name="phone"  required="true"></input>  
    <label>Last Name</label>
    <input type="text" value="" name="lastname"  required="true"></input>   
    <label>Email</label>
    <input type="text" value="" name="email"  required="true"></input>  
    <label><span>*</span>Street</label>
    <input type="text" value="" name="lane"  ></input>  
    <label><span>*</span>Postal Code</label>
    <input type="text" value="" name="code"  ></input>  
    <label><span>*</span>City</label>
    <input type="text" value="" name="city"  ></input>  
    <label>Country</label>
    <input type="text" value="" name="country"  ></input>   
    <label><span>*</span>County</label>
    <input type="text" value="" name="state"  ></input> 
        <label for="comments"><span>*</span>Description</label>d
    <textarea name="description" cols="40" rows="3" name="description"  id="description"></textarea>

the isue im having is the submit is to another URL thats not on the site and every anti spam method i have tried (12+1 =) still sends the form no matter the answer

i have deleted the links to the sites

Any help on this would be great

标签: php forms
举报
2条回答
Animai°情兽
2楼-- · 2020-05-09 19:34

I would recommend You other antiSpam method - with token/private key.

In HTML form You put this:

<form action="..." method="post">
<?php
$publicKey = rand()%9;
$privateKey = 0.9;
$token = sha1( $publicKey * $privateKey + $privateKey );    
?>
<input type="hidden" name="publicKey" value="<?php echo $publicKey; ?>" />
<input type="hidden" name="token" value="<?php echo $token; ?>" />
</form>


And add also few lines of code before IF condition - for example: fragment with SQL query or send mail, just to check/validate sended token by POST method:

<?php
$publicKey = $_POST['publicKey'];
$privateKey = 0.9;
$token = sha1( $publicKey * $privateKey + $privateKey );

if ( $token == $_POST['token'] ) {

// do something, eg: SQL query, send mail

}
?>

AND REMEMBER! Always validate and sanitize all Your input data! :)

查看更多
0人赞 添加讨论(0) 举报
老娘就宠你
3楼-- · 2020-05-09 19:52

Add an extra field to the form that you do not use. Hide it with css.

Spam bots visiting the page will fill all fields, even if they are not shown.

If there's something in the hidden field, the whole form is spam, and you can discard the data.

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)