Topic: Portfoli spam problem.

I have been getting way too much spam lately and wanted to know how I could get rid of them. My contact form is Here

And here is the code:

<?php
	if($_REQUEST){
		function spamcheck($field){
			if(eregi("to:",$field) || eregi("cc:",$field)){
				return TRUE;
	    	}
	  		else {
	    		return FALSE;
	    	}
	  	}
	
		if (isset($_REQUEST['email'])){
			$mailcheck = spamcheck($_REQUEST['email']);
			if ($mailcheck==TRUE) {
	    		$status = "<div class='red'>Invalid email address</div>";
	    	}
	    	
	    	if($_REQUEST['name'] == "") {
		    	$status = "<div class='red'>Please fill out your name</div>";
	    	}
	    	else if($_REQUEST['email'] == "") {
		    	$status = "<div class='red'>Please fill out your email address</div>";
	    	}
	    	
	    	else if($_REQUEST['pages'] == "") {
		    	$status = "<div class='red'>Please specify how many pages</div>";
	    	}
		    else if($_REQUEST['purpose'] == "") {
		    	$status = "<div class='red'>Please let us know the purpose of your site</div>";
	    	}
	    	else {

		   		$email = $_REQUEST['email']; 
				$message = $_REQUEST['name'] . " sent an email from the website contact form! \n\n Name: " . $_REQUEST['name'] . "\n Email: " . $_REQUEST['email'] . "\n Company name: " . $_REQUEST['companyname'] . "\n Pages: " . $_REQUEST['pages'] . "\n Much graphic work: " . $_REQUEST['graphicwork'] . "\n Domain name: " . $_REQUEST['domainname'] . "\n Purpose: " . $_REQUEST['purpose'] . "\n Comments: " . $_REQUEST['comments'];
				$recipient = 'adrian@adrian-rodriguez.net'; // Input your email address here
				$subject = 'Email from portfolio'; // Email subject here. You must put a back slash in front of any symbols
				
					    
				mail($recipient, $subject, $message, "From: $email" );
				if($error != TRUE){
					$status = "<div class='green'>Thank you for contacting us.</div>";
				}
			}
		}
	}
?>

Should I add another small section for spam? Like captcha or  a question or something? And what would I put in the php?

Re: Portfoli spam problem.

What I've fond to help cut back on this is a captcha, which i can zip up and send you if you like, but here's an even simpler method.

Make a new text field, and hide it with CSS display:none; The user will not see this and won't fill it out.  But when a robot browses the site, they don't take CSS into account and they just fill out every text field avalible.  So, just add a check in your PHP that if this field contains anything, don't post it.

if($_REQUEST['robots'] !=""){
	//not valid - it's not blank
}else{
	//valid - it's blank
}

Last edited by C.Barr (2008-10-19 12:12:22)

Re: Portfoli spam problem.

So where the quotation is in that code, I would put in the name of the form element?

Re: Portfoli spam problem.

I would also have a label associated with that text field (having it hidden with css as well) explaining to leave it blank.  Just in case a user has css turned off (like a lot of mobile users).

Re: Portfoli spam problem.

Can't you just do type="hidden" on the input and it will be hidden when CSS is off too?

Re: Portfoli spam problem.

Yes but bots can easily read ="hidden" and so can guess what you're doing!

You want a perfectly 'normal' looking field that they auto fill in and so fall into the trap!!!

James Cooper --  God loving, banjo playing, geek!

Re: Portfoli spam problem.

Ah, gotcha. smile Makes sense.

Re: Portfoli spam problem.

I tried adding the code in, but I don't know exactly where to put it. Where should I put it in the code above?

Re: Portfoli spam problem.

You need to add a field first, something like this:

<div class="hidden">
    <label for="robotsID">Do not fill this out</label>
    <input type="text" id="robotsID" name="robots" />
</div>

And then some CSS to hide it:

.hidden{display:none;}

So to add it into your exiting PHP code you posted, check below.  Remember, this is the only field we want to be SURE that IS NOT filled out, the opposite of all the rest.  So instead of using == to check if it is equal to something, we will use != for "not equal to"

.....
		else if($_REQUEST['purpose'] == "") {
		    	$status = "<div class='red'>Please let us know the purpose of your site</div>";
	    	}
		else if($_REQUEST['robots'] != "") {
		    	$status = "<div class='red'>You are a robot! Beep Bop boop 10110110111010101110!</div>";
	    	}
	    	else {
....

The $_REQUEST['name'] in PHP is an array of all the form names and values that were submitted.  so when you say $_REQUEST['robots'] you are asking for the form with the property name="robots" and PHP will give you the value (or what was typed into) that field.

Last edited by C.Barr (2008-10-25 09:12:49)