HI, do any of you guys know what would be the most efficient way of preventing a form from being spammed. When I say spammed, I mean preventing the user from submitting data numerous times with a few minutes. Ex. This mail script I made. <a href="http://davesrig.us/new/emailme.php?userid=1" target="_blank">http://davesrig.us/new/emailme.php?userid=1</a><br /><br />What should I do to prevent people from going back and abusing that submit button? I was thinking about using cookies or sessions but they can easily just restrict cookies. Any other options I missed?<!--content-->
Log the IP in a database with the server time when the form is submitted. Before posting data, query the database for any other entries by that IP and determine the time that has elapsed. If the time interval is too short, kill the script and send an error code... maybe add the IP to another table for banned IP's.<br /><br />When the code runs, it could also go ahead and delete all entries in the table that have passed the required time frame.<!--content-->
Well I suppose I could do that. But I would have to create a dummy table b/c this particular form data isn't going into my database. It's being emailed to me. I want my database clean...hehe... Any other suggestions? If not, i'll go ahead and have to do that. I still feel that there should be a more efficient way. I was looking at sessions and the only way to make them work if the user has cookies disabled is too pass the sessionid variable and thats no good. <br /><br />Dave<!--content-->
If you use sessions or cookies, then you would get over 95% of the folks out there. Very few have cookies disabled.<br /><br />It sounds like you want a super fool proof method.<br /><br />Do a cookie check to see if they can accept cookies and if not, tell them they need to have cookies enabled in order to use your form.<!--content-->
Force the user to enter a randomly generated "key". See <a href="http://www.jsnmp.com/cgi-bin/download.pl" target="_blank">http://www.jsnmp.com/cgi-bin/download.pl.</a><!--content-->
I noticed you use PHP<br /><br /><!--c1--><div class='codetop'>CODE</div><div class='codemain'><!--ec1-->if((!$name) || (!$email) || (!$feedback)){<br />Â Â Â Â echo 'You did <b>NOT</b> submit the following required information! <br><br>';<br />Â Â Â Â if(!$name){<br /> Â echo " - Your Name is a required field. Please <a href=http://www.totalchoicehosting.com/forums/lofiversion/index.php/javascript:history.back()>go back</a> and try again.<br><br>";<br />Â Â Â Â }<br />Â Â Â Â if(!$email){<br /> Â echo " - E-mail address is a required field. Please <a href=http://www.totalchoicehosting.com/forums/lofiversion/index.php/javascript:history.back()>go back</a> and try again. <br><br>";<br />Â Â Â Â }<br />Â Â Â Â if(!$comments){<br /> Â echo " - You failed to submit any feedback! <a href=http://www.totalchoicehosting.com/forums/lofiversion/index.php/javascript:history.back()>go back</a> and try again.<br><br>";<br />Â Â Â Â }<br />exit();<br />}<!--c2--></div><!--ec2--><br /><br />That is what I use for field verification on my site, I know its not quite what your'e looking for, but it prevents abuse to a degree! I plan to include this in the release of PHP Form Mail on my site shortly! <br /><br />As you can see with the code above it's pretty easy to edit, and add more verification! Hope this helps<br /><br />Regards, Cyber-dog<!--content-->
Actually I went ahead and did write a function to push/check the ips in my database. I have them set to expire 24 hours to restrict people from posting more than once a day. <br /><br />Feel free to try them out and tell me what you think. <br /><br /><a href="http://davesrig.us/new/emailme.php?userid=1" target="_blank">http://davesrig.us/new/emailme.php?userid=1</a><br /><a href="http://davesrig.us/new/guestbook.php" target="_blank">http://davesrig.us/new/guestbook.php</a><!--content-->
Log the IP in a database with the server time when the form is submitted. Before posting data, query the database for any other entries by that IP and determine the time that has elapsed. If the time interval is too short, kill the script and send an error code... maybe add the IP to another table for banned IP's.<br /><br />When the code runs, it could also go ahead and delete all entries in the table that have passed the required time frame.<!--content-->
Well I suppose I could do that. But I would have to create a dummy table b/c this particular form data isn't going into my database. It's being emailed to me. I want my database clean...hehe... Any other suggestions? If not, i'll go ahead and have to do that. I still feel that there should be a more efficient way. I was looking at sessions and the only way to make them work if the user has cookies disabled is too pass the sessionid variable and thats no good. <br /><br />Dave<!--content-->
If you use sessions or cookies, then you would get over 95% of the folks out there. Very few have cookies disabled.<br /><br />It sounds like you want a super fool proof method.<br /><br />Do a cookie check to see if they can accept cookies and if not, tell them they need to have cookies enabled in order to use your form.<!--content-->
Force the user to enter a randomly generated "key". See <a href="http://www.jsnmp.com/cgi-bin/download.pl" target="_blank">http://www.jsnmp.com/cgi-bin/download.pl.</a><!--content-->
I noticed you use PHP<br /><br /><!--c1--><div class='codetop'>CODE</div><div class='codemain'><!--ec1-->if((!$name) || (!$email) || (!$feedback)){<br />Â Â Â Â echo 'You did <b>NOT</b> submit the following required information! <br><br>';<br />Â Â Â Â if(!$name){<br /> Â echo " - Your Name is a required field. Please <a href=http://www.totalchoicehosting.com/forums/lofiversion/index.php/javascript:history.back()>go back</a> and try again.<br><br>";<br />Â Â Â Â }<br />Â Â Â Â if(!$email){<br /> Â echo " - E-mail address is a required field. Please <a href=http://www.totalchoicehosting.com/forums/lofiversion/index.php/javascript:history.back()>go back</a> and try again. <br><br>";<br />Â Â Â Â }<br />Â Â Â Â if(!$comments){<br /> Â echo " - You failed to submit any feedback! <a href=http://www.totalchoicehosting.com/forums/lofiversion/index.php/javascript:history.back()>go back</a> and try again.<br><br>";<br />Â Â Â Â }<br />exit();<br />}<!--c2--></div><!--ec2--><br /><br />That is what I use for field verification on my site, I know its not quite what your'e looking for, but it prevents abuse to a degree! I plan to include this in the release of PHP Form Mail on my site shortly! <br /><br />As you can see with the code above it's pretty easy to edit, and add more verification! Hope this helps<br /><br />Regards, Cyber-dog<!--content-->
Actually I went ahead and did write a function to push/check the ips in my database. I have them set to expire 24 hours to restrict people from posting more than once a day. <br /><br />Feel free to try them out and tell me what you think. <br /><br /><a href="http://davesrig.us/new/emailme.php?userid=1" target="_blank">http://davesrig.us/new/emailme.php?userid=1</a><br /><a href="http://davesrig.us/new/guestbook.php" target="_blank">http://davesrig.us/new/guestbook.php</a><!--content-->