Topic: Getting rid of spam on a guestbook.

I am having trouble getting rid of a post on http://nltts.com/viewguestbook.php

How can I remove that post?


Also, how can I prevent spam from posting? I tried using a method a friend told me about, but it wound up spitting out a blank page when you try and post.

What he told me to do was create another text field and hide it through css and then add this:

if ($lastname) {
    $result=false;
}

to the php, but when I did that, i now can't post.

I will go ahead and show you my html:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
    <title>New Life Turtle and Tortoise Sanctuary</title>
    <link href="stylesheet.css" rel="Stylesheet" media="screen,tv" type="text/css" />
    <link href="css/lightbox.css" rel="stylesheet" type="text/css" media="screen" />
    <script type="text/javascript" src="js/prototype.js"></script>
    <script type="text/javascript" src="js/scriptaculous.js?load=effects"></script>
    <script type="text/javascript" src="js/lightbox.js"></script>

    
    <style type="text/css">

    #head {

        background: #ffffff url(images/header5.jpg) no-repeat center;
}

    table td.lname {
    display: none;
}

    input#lname {
    display: none;
}

    </style>
</head>
<body>


<div id="wrapper">
<div id="nav">
<ul>
<li><a href="home.htm">Home</a></li>
<li><a href="fnv.htm">Faith & Vision</></li>
<li><a href="friends.htm">Friends & Contributors</a></li>

<li><a href="donations.htm">Donations</a></li>
<li><a href="">Guests</a></li>
<li><a href="contact.htm">Contact</a></li>
</ul>
</div>

<div id="head">&nbsp;</div>

<div id="contentwrapper">
    <div id="gallery">
    <a href="gallery.htm"><h3>View Gallery</h3></a>

        <ul>
            <li><a href="gallery/1.jpg" rel="lightbox"><img src="gallery/thumbs/1.jpg" /></a></li>
            <li><a href="gallery/2.jpg" rel="lightbox"><img src="gallery/thumbs/2.jpg" /></a></li>
            <li><a href="gallery/24.jpg" rel="lightbox"><img src="gallery/thumbs/24.jpg" /></a></li>
        </ul>
        <div id="gallerybottom">
    </div>
    </div>
    
    
    <div id="content">

<p>Feel free to sign the guestbook at any time. If you would like to contact NLTTS, please go to the <a href="contact.htm">contact page</a> instead. Thank You.</p>

    <table width="400" border="0" align="center" cellpadding="3" cellspacing="0">
<tr>
<td><strong>Sign Guestbook</strong> | <strong>
  <a href="viewguestbook.php">View Guestbook</a>

</strong>
</td>
</tr>
</table>
<table width="400" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form id="form1" name="form1" method="post" action="addguestbook.php">
<td>
<table width="400" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td width="117">Name</td>
<td width="14">:</td>
<td width="357"><input name="name" type="text" id="name" size="40" /></td>
</tr>
<tr>

<tr>
<td width="117" class="lname">Last Name</td>
<td width="14" class="lname">:</td>
<td width="357" class="lname"><input name="name" type="text" id="lname" size="40" /></td>
</tr>
<tr>

<td>Email</td>
<td>:</td>
<td><input name="email" type="text" id="email" size="40" /></td>
</tr>
<tr>
<td valign="top">Comment</td>

<td valign="top">:</td>
<td><textarea name="comment" cols="40" rows="3" id="comment"></textarea></td>
</tr>
<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td><input type="submit" name="Submit" value="Submit" /> <input type="reset" name="Submit2" value="Reset" /></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
<table width="400" border="0" align="center" cellpadding="3" cellspacing="0">

</table>


    
</div>

<div class="clear">&nbsp;</div>

<div id="footerwrap">
<div id="footer"><p>Copyright &copy; 2008 New Life Turtle and Tortoise Sanctuary. Website designed and developed by <a href="http://adrian-rodriguez.net">Adrian Rodriguez</a></p></div>
</div>

</div>

</body>
</html>

And now this is what the php looks like:

<?php

    
$host="localhost"; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name=""; // Database name
$tbl_name=""; // Table name



// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect server ");
mysql_select_db("$db_name")or die("cannot select DB");

if ($name && $comment) {
    $datetime=date("y-m-d h:i:s"); //date time
    $comment = str_replace("\n", "<br />\n", htmlentities($comment));
    $name = str_replace("\n", "<br />\n", htmlentities($name));
    $email = str_replace("\n", "<br />\n", htmlentities($email));
    
    $sql="INSERT INTO $tbl_name(name, email, comment, datetime)VALUES('$name', '$email', '$comment', '$datetime')";
    $result=mysql_query($sql);
}
else {
    $result=false;
}

//check if query successful
if($result){
echo "Successful";
echo "<BR>";
echo "<a href='viewguestbook.php'>View guestbook</a>"; // link to view guestbook page
}

if ($lname) {
    $result=false;
}

else {
echo "ERROR";
}

mysql_close();
?>

I hid the database info for display purposes. Thanks ahead of time. I have no time to learn php, I am learning this as I am getting the help, but an answer to the problem would be better than learning to do something right now. Thanks. Maybe once I get the problem solved, you guys can point me to some resources in learning how to fix this kind of situation. God Bless. wink

Adrian

EDIT: I am now getting an error instead of a blank page, but I still don't know if the spam thing I tried works or not. I know that the field "lname" is hidden, because I cannot see it, but I don't know if the bots are. Thanks!

Last edited by Adrian (2008-04-23 07:18:58)

Re: Getting rid of spam on a guestbook.

I do something similar on my contact form on my blog. There's a field hidden with CSS that, if filled in, causes the form to not do anything, but I have it set up differently. My field is called "spam" and my if statement looks like this:

if ($spam != "") {
		echo "Stupid Spammer";
	} else {

After the "else" is what I want to happen when legitimate users post.

It looks like you're telling the form to stop if it gets a "lastname" field, which is going to happen every time.

What I did instead is say "if the spam field has data entered in it, do nothing, otherwise, carry on." In your case you might just need to change the code to look like this:

if ($lastname != "") {
    $result=false;
}

This seems to be a good technique for me. The reason it works is because spam bots won't know the field is not supposed to be filled in and they'll fill any field they can with their junk, and they don't read CSS so they won't know the field is really invisible. So by completing the field, they're stopping the form from processing. Here's a great article with more on how to build a spam-free form: Bulletproof Contact Form

Re: Getting rid of spam on a guestbook.

Thanks Natalie. I will go ahead and try that.

Re: Getting rid of spam on a guestbook.

I am still getting an error. ARGH!! What did I do wrong? The source code is here so I don't have to copoy and paste. http://nltts.com/addguestbook.phps

Re: Getting rid of spam on a guestbook.

Not sure if this will solve it or not, but this portion:

if($result){
echo "Successful";
echo "<BR>";
echo "<a href='viewguestbook.php'>View guestbook</a>"; // link to view guestbook page
}

if ($lastname != "") {
    $result=false;
}
else {
echo "ERROR";
}

seems to be out of order a bit.  First you check if $result is true, and if so go ahead with it.  After that, you are setting $result to false if $lastname is not blank.  I think this check of $lastname may need to be above the $result check, otherwise you are resetting it.  Also, not 100% sure here, you you may want to check if $lastname is blank, not if it isn't blank.

Conditionals confuse me a lot too, so don't worry if this is the problem.  When it comes to a greater-than or less-than symbol, I still have to think back to 2nd grade to think about how the alligator wants to eat the bigger number.

Re: Getting rid of spam on a guestbook.

:?? I am a bit confused.

Re: Getting rid of spam on a guestbook.

What I mean is you have this:

if($result){
    echo "Successful";
    echo "<br />";
    echo "<a href='viewguestbook.php'>View guestbook</a>"; // link to view guestbook page
}

if ($lastname != "") {
    $result=false;
}else {
    echo "ERROR";
}

and you should try this: (maybe)

if ($lastname == "") {
    $result=false;
}else {
    echo "ERROR";
}

if($result){
    echo "Successful";
    echo "<br />";
    echo "<a href='viewguestbook.php'>View guestbook</a>"; // link to view guestbook page
}

Last edited by C.Barr (2008-04-24 18:52:56)

Re: Getting rid of spam on a guestbook.

See I thought that's what you meant, but I had to make sure. I don't mean to hassle you. I am still a beginner you know. Thanks and I will try that. God Bless.

Re: Getting rid of spam on a guestbook.

Argh. Spam is going crazy here. I really need a solution. I think I will just have to do away with it until I figure it out. Thanks for the help anyway guys.

Re: Getting rid of spam on a guestbook.

Well. I got it fixed. A friend helped me. Thanks for your help too guys.

Re: Getting rid of spam on a guestbook.

Great to hear. I'm a bit curious as to how you fixed it though

Re: Getting rid of spam on a guestbook.

Umm. I don't know exactly, but I will make a .phps file for you to see.