Jono Posted March 17, 2009 Report Posted March 17, 2009 I saw this tip on another web site to prevent spam on contact forms. In the contact form you add a hidden field And then in the PHP file you add if ( $_POST['to_address'] ) { echo 'Tastes Like spam!'; } else {...send email...} But my PHP file is a little different as also activates some JavaScript on the webpage depending on whether the form is filled out correctly or not (If successful shows a little ?Your email has been sent...? with animation. If the fields aren?t filled out correctly it shows what?s missing). Someone else made the contact form for me as I don?t know any PHP (or ajax), but I?ve tried to adapt the code above & add it to my PHP form. I?ve tested it & it seems to work OK, but thought I?d just check that it shouldn?t potentially cause any problems, or if it needs tweaking/formatting a little. Here?s the last part of my original PHP file $Body .= "Message: "; $Body .= $Message; $Body .= "\n"; $success = true; mail($EmailTo, $Subject, $Body, "From: <$Email>"); } // call success or error js functions if ($success){ print "doThanks()"; } else{ print "doError()"; } ?> And here it is after I added the (hopefully) anti spam code $Body .= "Message: "; $Body .= $Message; $Body .= "\n"; $success = true; mail($EmailTo, $Subject, $Body, "From: <$Email>"); } // call success or error js functions if ( $_POST['to_address'] ) { echo 'Tastes Like spam!'; } else if ($success){ print "doThanks()"; } else{ print "doError()"; } ?> Does the code I added look OK, or does it need changing in any way? Quote
jlhaslip Posted March 17, 2009 Report Posted March 17, 2009 The concept is that only a Bot (spammer) will see the Hidden field, so if there are any contents in that field, then you know a Bot completed the Form, so disregard the email or comment. It works to filter out Bot submitted Forms, but not intentional Human provided Spams. Quote
Jono Posted March 17, 2009 Author Report Posted March 17, 2009 (edited) Thanks jlhaslip. Does the code I added to the PHP file look OK, or could it cause any problems? (I ask because I don't know PHP at all, & don't want to break the functionality of the existing contact forms.) Edited March 17, 2009 by Jono Quote
jlhaslip Posted March 17, 2009 Report Posted March 17, 2009 You have not posted the entire code block, but from what i see, there is only one comment I would make. The Mail function needs to be performed only if there is no input in the 'hidden' field. // call success or error js functions if ( $_POST['to_address'] ) { echo 'Tastes Like spam!'; } else { $success = true; mail($EmailTo, $Subject, $Body, "From: "); } if ($success){ print "doThanks()"; } else{ print "doError()"; } ?> You could also tighten up the code by moving the ajax calls into the If-else above them. Quote
Jono Posted March 17, 2009 Author Report Posted March 17, 2009 (edited) <?phpfunction getPostVal($paramName){ global $_POST; return (array_key_exists($paramName, $_POST)) ? Trim(stripslashes($_POST[$paramName])) : '';}$Name = getPostVal('Name');$Company = getPostVal('Company');$Web_Site = getPostVal('Web_Site');$Country = getPostVal('Country');$Email = getPostVal('Email_Address');$Subject = getPostVal('Subject');$Message = getPostVal('Message');$EmailTo = "user@emailaddress.com";// validation$missing = '';$success = false;if (!$Name) $missing = "You forgot to add your Name\n";if (!$Email) $missing .= "You forgot to add your Email Address\n";if (!$Subject) $missing .= "You forgot to add a Subject\n";if (!$Country) $missing .= "You forgot to add your Country\n";if (!$Message) $missing .= "You forgot to add a Message\n";if ($missing != '') { // include missing error messages print "" . $missing;}else{ // prepare email body text $Body = "Sent via 'websiteurl.com'"; $Body .= "\n"; $Body .= "\n"; $Body .= "Name: "; $Body .= $Name; $Body .= "\n"; $Body .= "Email Address: "; $Body .= $Email; $Body .= "\n"; $Body .= "Company: "; $Body .= $Company; $Body .= "\n"; $Body .= "Web Site: "; $Body .= $Web_Site; $Body .= "\n"; $Body .= "Country: "; $Body .= $Country; $Body .= "\n"; $Body .= "\n"; $Body .= "Subject: "; $Body .= $Subject; $Body .= "\n"; $Body .= "\n"; $Body .= "Message: "; $Body .= $Message; $Body .= "\n"; $success = true; mail($EmailTo, $Subject, $Body, "From: <$Email>");}// call success or error js functionsif ( $_POST['to_address'] ) { echo 'Tastes Like spam!'; } else if ($success){ print "doThanks()";}else{ print "doError()";}?> Edited March 17, 2009 by Jono Quote
lwsimon Posted March 17, 2009 Report Posted March 17, 2009 I would not use this technique. What happens when someone has javascript turned off? They see your form, fill it out, hit reply, and get an insulting message. Then, you never email them back. Nice. Quote
Jono Posted March 17, 2009 Author Report Posted March 17, 2009 (edited) What happens when someone has javascript turned off? They see your form, fill it out, hit reply, and get an insulting message. Then, you never email them back. Nice. The message still sends with JavaScript turned off (obviously the animations don't work). Insulting message? Why would you think that? It's nice & polite. There's also a 'If you prefer to use your own email client' link at the bottom of the form. So they can use that if they want to open up an email in their email client & send it that way (or have any trouble). I want to use the form because in the past people have tended not to send the info I need. With the contact form's required fields more often than not I get the info I need without having to send an email saying 'Can you send this info over?' Edited March 17, 2009 by Jono Quote
Guest dmorph Posted March 28, 2009 Report Posted March 28, 2009 just use the Captcha project, create and image with php. Quote
Jono Posted April 6, 2009 Author Report Posted April 6, 2009 A lot of people don't like Captcha, myself included. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.