Help - Search - Members - Calendar
Full Version: My Spam-stopping Code
Zymic Webmaster Forums > Web Design & Development > Server Side Scripting > PHP
Jetteh22
Apr 3 2008, 04:41 PM
Okay,somebody posted a question saying that they were getting spambots on their phpbb forums.. Well I don't have a forums, but I do have a contact form and I wanted to stop spam.. But I really don't like those text-images (like captcha). I find them annoying, ect, So i made up my own.

How well do you think this will work for the most part.

CODE
session_start();
$sessid = session_id(); // returns sessions id
session_regenerate_id(); // gives the session a new id
session_destroy(); // ends the session, only do this if session isn't needed obviously.
$sessid = substr($sessid,-8); // cuts the variable sessid to have only 8 characters left.


Then you would create a form...

CODE
<form action="dothis.php" method="post">
//give sessid it's own value in the form
<input type="hidden" name="sessid" value="<?php echo $sessid;?>">
// REST OF FORM HERE
// REST OF FORM HERE
Enter the security code: <?php echo $sessid; ?><br>
<input type="text" name="security"><br>
<input type="submit">


And then you check the security code, if wrong send back to previous page w/ error code... The following would obviously be "dothis.php"

CODE
$sessid = $_POST['sessid'];
$security = $_POST['security'];

if ($sessid != $security)
{
echo ?>
RELOCATION CODE HERE
<?php
}
else
{
//else if $sessid does equal $security, then finish the code.
}


You can see a working version of this on my contact/FAQ page on my site (http://www.creactiveonline.com) - it works against inputting the wrong code, but would it stop an actual bot in your opinion?

NOTE: I always like to use sessid because I, personally, do not know how to generate a completely random string with letters and #'s like sessid does - so i basically use sessid for everything (my chat rooms, for instance). This one i just chop it down to 8 characters. If you know how to generate random # and letter string, i'm sure it'll work the same for you if you used that instead of the session id.
Alex
Apr 3 2008, 05:01 PM
No, there is very little obfuscation here. In fact, less than I was expecting from the inclusion of sessions. You're comparing two POST values, those can easily be made to match by posting from a form other than yours - or just by copying the value from the hidden input to the security input.

I would suggest you look at the implementation of some captcha's to get an idea of how spam prevention (from bots) is done.
Jetteh22
Apr 3 2008, 05:10 PM
Hmm.. See, that's what I wasn't very sure about.. Thanks for your help.

So you think that it won't help at all? Ugh.. Might as well take it off lol.
Alex
Apr 3 2008, 05:27 PM
By the by, a method of generating random strings: http://pastesite.com/5
Jetteh22
Apr 3 2008, 05:31 PM
Heh - You know they should make a dang default function to do that in php

CODE
$randstr = string_random(7);


Wouldn't that be nice?

I find the sessid way easier than the above. And i'm all about easy.. Considering they both probably do the same thing.

Thanks, though. At least now I know there is a way.

Too bad it isn't an easier way biggrin.gif
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2012 Invision Power Services, Inc.