what errors have I made implementing osgood's antispam code

WolfShade  wrote Part of the problem is that you're using client-side (Javascript) validation that requires jQuery, but you're loading jQuery AFTER the validation.js file. I sincerely hope you're also using server-side PHP validation.  Using JS alone is a very bad idea. HTH, ^ _ ^

I would assume whatever it is that I supplied is in the php file because I dont see any client side validation for the spam form field.

I clicked the link to his site, did a View Source, and noticed that there is a "validation.js" file loading before jQuery.  I looked at the .js file source, and the client-side form validation is in there, using jQuery selectors for the form elements.

It may not be the only thing that's not properly working, but moving the jQuery load before the .js file should be a huge improvement. 

V/r,

^ _ ^

WolfShade  wrote I clicked the link to his site, did a View Source, and noticed that there is a "validation.js" file loading before jQuery.  I looked at the .js file source, and the client-side form validation is in there, using jQuery selectors for the form elements.

Yes but theres nothing in that validation file that addresses the spam field that I could see, so it must only be being checked in the php file.

OK here;s the code

<?php

error_log( "DH0010 ***************  HIGGS  *********************************", 0 );

error_log( "DH0020 - from contact5", 0 );

// Set email variables

$email_to = 'billy@higgsy.com';

$email_subject = 'Form submission';

$required_fields = array( 'fullname', 'email', 'comment' );

// set error messages

$error_messages = array(

'fullname' => 'Please enter a Name to proceed.',

'email' => 'Please enter a valid Email Address to continue.',

'comment' => 'Please enter your Message to continue.'

);

error_log( "DH0030 - array error messages created", 0 );

// Set form status

$form_complete = FALSE;

// configure validation array

$validation = array();

error_log( "DH0035 - two vars set", 0 );

// check form submittal

if ( !empty( $_POST ) ) {

error_log( "DH0035a - printing the POST contents...", 0 );

// print_r($_POST); prints the data across top of web page

error_log( "DH0040 - POST array found NOT empty, so checking value of security question field, alien_attack", 0 );

// Security check

$alien_attack = $_POST[ 'alien_attack' ];

if ( empty( $alien_attack ) ) {

$error[ 'alien_attack' ] = "Please provide the correct answer";

error_log( "DH0050 - security question (alien_attack) is empty", 0 );

}

if ( $alien_attack != "12" ) {

$error[ 'alien_attack' ] = "Please provide the correct answer";

error_log( "DH0060 - security question (alien_attack) not = 12", 0 );

}

$alien = $_POST[ 'alien' ];

if ( !empty( $alien ) ) {

error_log( "DH0070 - alien attack detected, exiting process", 0 );

exit;

}

// Sanitise POST array

error_log( "DH0080 - sanitising post array", 0 );

foreach ( $_POST as $key => $value )$_POST[ $key ] = remove_email_injection( trim( $value ) );

error_log( "DH0090 - First foreach completed", 0 );

// Loop into required fields and make sure they match our needs

foreach ( $required_fields as $field ) {

// the field has been submitted?

if ( !array_key_exists( $field, $_POST ) )array_push( $validation, $field );

// check there is information in the field?

if ( $_POST[ $field ] == '' )array_push( $validation, $field );

// validate the email address supplied

if ( $field == 'email' )

if ( !validate_email_address( $_POST[ $field ] ) )array_push( $validation, $field );

}

error_log( "DH0100 - Second foreach completed", 0 );

// basic validation result

if ( count( $validation ) == 0 && !isset( $error[ 'alien_attack' ] ) ) {

// if ( count( $validation ) == 0 ) {

error_log( "DH0110 - Preparing our content string (sets email_content var)", 0 );

// Prepare our content string

$email_content = 'from my ancestry website v38 ' . "\n\n";

error_log( "DH0120 - Now entering foreach loop to ...?", 0 ); // simple email content

foreach ( $_POST as $key => $value ) {

if ( $key != 'submit' )$email_content .= $key . ': ' . $value . "\n";

}

// if validation passed ok then send the email

error_log( "DH0130 - validation passed, sending email", 0 ); // simple email content

mail( $email_to, $email_subject, $email_content );

// Update form switch

$form_complete = TRUE;

}

}

error_log( "DH5000 - post array was empty OR post array processed and mail sent ok", 0 );

function validate_email_address( $email = FALSE ) {

error_log( "DH0130 - function validate_email_address entered", 0 ); // simple email content

return ( preg_match( '/^[^@\s]+@([-a-z0-9]+\.)+[a-z]{2,}$/i', $email ) ) ? TRUE : FALSE;

}

function remove_email_injection( $field = FALSE ) {

error_log( "DH0140 - function remove_email_injection entered", 0 ); // simple email content

return ( str_ireplace( array( "\r", "\n", "%0a", "%0d", "Content-Type:", "bcc:", "to:", "cc:" ), '', $field ) );

}

?>

<!DOCTYPE html>

<html lang="en">

<head>

<?php include("includes/ANC_head_tag.php"); ?>

HERE's THE ANC_HEAD_TAG.PHP:

<!-- *** START include meta, javascript and css links *** -->

<meta charset="UTF-8">

<meta name="description" content="A site for recording the family tree of the higgs family from Holborn London UK">

<!-- older requirement -->

<meta name="keywords" content="ancestry, binning, higgs, peterson, rockliffe, frederick higgs, rosina higgs, elizabeth higgs, richard higgs, robert higgs, harry higgs, david higgs, family, ancestry, holborn, london, family tree, amber"/>

<meta name="author" content="David Charles Higgs">

<meta name="viewport" content="width=device-width, initial-scale=1">

<!--<script src="js/jquery.js"></script>-->

<script src="js/jquery-3.3.1.min.js"></script>

<script src="js/myscripts.js"></script>

<!-- jQuery (necessary for Bootstrap's JavaScript plugins) -->

<!-- <script src="js/jquery-3.2.1.min.js"></script>-->

<!-- Include all compiled plugins (below), or include individual files as needed -->

<script src="js/popper.min.js"></script>

<script src="js/bootstrap-4.0.0.js"></script>

<link href="https://fonts.googleapis.com/css?family=Istok+Web" rel="stylesheet"/>

<link href="css/bootstrap-4.0.0.css" rel="stylesheet"/>

<link href="css/main.css" rel="stylesheet"/>

<link href="css/ancestry.css" rel="stylesheet"/>

<link href="css/common.css" rel="stylesheet"/>

<link href="css/mybootstrap-overrides.css" rel="stylesheet"/>

<!-- *** END include meta, javascript and css links *** -->

<title>Ancestry of the Higgs family, Contact Formn</title>

<!-- Contact Form Designed by James Brand @ dreamweavertutorial.co.uk -->

<!-- Covered under creative commons license - http://dreamweavertutorial.co.uk/permissions/contact-form-permissions.htm -->

<link href="contact/css/contactform.css" rel="stylesheet" type="text/css"/>

<script src="https://ajax.googleapis.com/ajax/libs/mootools/1.3.0/mootools-yui-compressed.js"></script>

<script src="contact/validation/validation.js"></script>

<script>

var nameError = '<?php echo $error_messages['

fullname ']; ?>';

var emailError = '<?php echo $error_messages['

email ']; ?>';

var commentError = '<?php echo $error_messages['

comment ']; ?>';

</script>

</head>

<body>

<div class="container">

<img class="banner_image" id="top" src="archive/multiphoto_logo2.jpg" alt="banner image showing some nice pictures"/>

<?php include("includes/ANC_main_menu1_with_banner_image.php"); ?>

<!-- superfish menu removed from here  -->

<div class="content">

<div id="formWrap">

<h2 class="centered_text">Contact.</h2>

<div id="form">

<?php if($form_complete === FALSE): ?>

<form action="contact5.php" method="post" id="comments_form">

<!--Each form element is in a row, so there are 4 rows below-->

<div class="row">

<div class="label">Your Name</div>

<!--end .label -->

<div class="input">

<input type="text" id="fullname" class="detail" name="fullname" value="<?php echo isset($_POST['fullname'])? $_POST['fullname'] : ''; ?>"/>

<?php if(in_array('fullname', $validation)): ?>

<span class="error">

<?php echo $error_messages['fullname']; ?>

</span>

<?php endif; ?>

</div>

<!-- end .input -->

<div class="context">e.g. John Smith or Jane Doe</div>

<!-- end .context -->

</div>

<!--end .row -->

<div class="row">

<div class="label">Your Email Address</div>

<!--end .label -->

<div class="input">

<input type="text" id="email" class="detail" name="email" value="<?php echo isset($_POST['email'])? $_POST['email'] : ''; ?>"/>

<?php if(in_array('email', $validation)): ?>

<span class="error">

<?php echo $error_messages['email']; ?>

</span>

<?php endif; ?>

</div>

<!-- end .input -->

<div class="context">I will never share your details</div>

<!-- end .context -->

</div>

<!--end .row -->

<div class="row">

<div class="label">Your Message</div>

<!--end .label -->

<div class="input">

<textarea id="comment" name="comment" class="mess">

<?php echo isset($_POST['comment'])? $_POST['comment'] : ''; ?>

</textarea>

<?php if(in_array('comment', $validation)): ?>

<span class="error">

<?php echo $error_messages['comment']; ?>

</span>

<?php endif; ?>

</div>

<!-- end .input -->

</div>

<!--end .row -->

<div class="row">

<div class="label">Security Question: 3 x 4 = ?</div>

<!--end .label -->

<input type="text" name="alien_attack" class="alien_attack" value="<?php if(!isset($error['alien_attack'])) {echo $alien_attack;} ?>"/>

<?php if(isset($error['alien_attack'])) {echo $error['alien_attack'];} ?>

</div>

<!-- end .input -->

<!--end .row -->

<!-- class names are case sensitive!

-->

<div class="Submit">

<input type="submit" id="submit" name="submit" value="Send Message"/>

</div>

<!-- end .submit -->

<input type="hidden" name="alien"/>

</form>

<?php else: ?>

<p style="font-size:18px; font-family:Verdana, Geneva, sans-serif; font-weight:bold; color:#000; margin-left:25px;">Thank you for your Message!</p>

<?php endif; ?>

</div>

<!--end of form -->

</div>

<!-- end of .formWrap -->

</div>

<br>

<!-- end .content -->

<div class="footer">

<?php include("includes/footer.htm"); ?>

</div>

<!-- end .footer -->

</div>

<!-- end .container -->

</body>

</html>

I cant be sure as the form looks overly complex to me BUT you could try the direct approach and wrap the mail function in an 'if' statement to test that $error['alien_attack'] is NOT set. ie that 12 has been sent as the answer, so no error is set. I know it looks like you have done exactly that eariler on in the validation process but its a bit knee deep in { } so complex to visualise

If you set it again as below its definitely functioning and should not affect anything else.

if(!isset($error['alien_attack'])) {

mail( $email_to, $email_subject, $email_content );

}

Thanks everybody.  I think Wolfshade's comment about putting my jquery call in the wrong place needs to be corrected before any further debugging need take place.   So I have moved the jquery call to appear before the validation.js  and I'll wait a few days and see if that fixes it.  BTW Nancy, are you suggesting some poor soul is sitting each day filling in my contact form manually?  I find it hard to believe but, hey, what do I know? 🙂 Thanks again. 

https://forums.adobe.com/people/Nancy+OShea  wrote nothing will stop human spam.

Apart from a shotgun