Highlighted

what errors have I made implementing osgood's antispam code

Participant ,
Dec 03, 2018

Copy link to clipboard

Copied

Our Mr Osgood kindly provided some code which I have added to my contact page but spam keeps arriving, usually one or two emails each day.  It attempts to defeat the spammer by requiring an answer to the calculation:  3 x 4 to be entered.  Could he or one of his esteemed colleagues take a look at the code please?  The page is at http://ancestry.higgsy.co.uk/contact5.php

Views

727

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

what errors have I made implementing osgood's antispam code

Participant ,
Dec 03, 2018

Copy link to clipboard

Copied

Our Mr Osgood kindly provided some code which I have added to my contact page but spam keeps arriving, usually one or two emails each day.  It attempts to defeat the spammer by requiring an answer to the calculation:  3 x 4 to be entered.  Could he or one of his esteemed colleagues take a look at the code please?  The page is at http://ancestry.higgsy.co.uk/contact5.php

Views

728

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Dec 03, 2018 0
LEGEND ,
Dec 03, 2018

Copy link to clipboard

Copied

As Osgoods code is probably in php we will be unable to view it, as php code is applied on the server, not in the browser.

Osgood may look in on the forum, so patience is necessary.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 03, 2018 0
LEGEND ,
Dec 03, 2018

Copy link to clipboard

Copied

Part of the problem is that you're using client-side (Javascript) validation that requires jQuery, but you're loading jQuery AFTER the validation.js file.

I sincerely hope you're also using server-side PHP validation.  Using JS alone is a very bad idea.

HTH,

^ _ ^

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 03, 2018 1
LEGEND ,
Dec 04, 2018

Copy link to clipboard

Copied

WolfShade  wrote

Part of the problem is that you're using client-side (Javascript) validation that requires jQuery, but you're loading jQuery AFTER the validation.js file.

I sincerely hope you're also using server-side PHP validation.  Using JS alone is a very bad idea.

HTH,

^ _ ^

I would assume whatever it is that I supplied is in the php file because I dont see any client side validation for the spam form field.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 04, 2018 1
LEGEND ,
Dec 04, 2018

Copy link to clipboard

Copied

I clicked the link to his site, did a View Source, and noticed that there is a "validation.js" file loading before jQuery.  I looked at the .js file source, and the client-side form validation is in there, using jQuery selectors for the form elements.

It may not be the only thing that's not properly working, but moving the jQuery load before the .js file should be a huge improvement. 

V/r,

^ _ ^

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 04, 2018 0
LEGEND ,
Dec 04, 2018

Copy link to clipboard

Copied

WolfShade  wrote

I clicked the link to his site, did a View Source, and noticed that there is a "validation.js" file loading before jQuery.  I looked at the .js file source, and the client-side form validation is in there, using jQuery selectors for the form elements.

Yes but theres nothing in that validation file that addresses the spam field that I could see, so it must only be being checked in the php file.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 04, 2018 0
Participant ,
Dec 04, 2018

Copy link to clipboard

Copied

OK here;s the code

<?php

error_log( "DH0010 ***************  HIGGS  *********************************", 0 );

error_log( "DH0020 - from contact5", 0 );

// Set email variables

$email_to = 'billy@higgsy.com';

$email_subject = 'Form submission';

$required_fields = array( 'fullname', 'email', 'comment' );

// set error messages

$error_messages = array(

'fullname' => 'Please enter a Name to proceed.',

'email' => 'Please enter a valid Email Address to continue.',

'comment' => 'Please enter your Message to continue.'

);

error_log( "DH0030 - array error messages created", 0 );

// Set form status

$form_complete = FALSE;

// configure validation array

$validation = array();

error_log( "DH0035 - two vars set", 0 );

// check form submittal

if ( !empty( $_POST ) ) {

error_log( "DH0035a - printing the POST contents...", 0 );

// print_r($_POST); prints the data across top of web page

error_log( "DH0040 - POST array found NOT empty, so checking value of security question field, alien_attack", 0 );

// Security check

$alien_attack = $_POST[ 'alien_attack' ];

if ( empty( $alien_attack ) ) {

$error[ 'alien_attack' ] = "Please provide the correct answer";

error_log( "DH0050 - security question (alien_attack) is empty", 0 );

}

if ( $alien_attack != "12" ) {

$error[ 'alien_attack' ] = "Please provide the correct answer";

error_log( "DH0060 - security question (alien_attack) not = 12", 0 );

}

$alien = $_POST[ 'alien' ];

if ( !empty( $alien ) ) {

error_log( "DH0070 - alien attack detected, exiting process", 0 );

exit;

}

// Sanitise POST array

error_log( "DH0080 - sanitising post array", 0 );

foreach ( $_POST as $key => $value )$_POST[ $key ] = remove_email_injection( trim( $value ) );

error_log( "DH0090 - First foreach completed", 0 );

// Loop into required fields and make sure they match our needs

foreach ( $required_fields as $field ) {

// the field has been submitted?

if ( !array_key_exists( $field, $_POST ) )array_push( $validation, $field );

// check there is information in the field?

if ( $_POST[ $field ] == '' )array_push( $validation, $field );

// validate the email address supplied

if ( $field == 'email' )

if ( !validate_email_address( $_POST[ $field ] ) )array_push( $validation, $field );

}

error_log( "DH0100 - Second foreach completed", 0 );

// basic validation result

if ( count( $validation ) == 0 && !isset( $error[ 'alien_attack' ] ) ) {

// if ( count( $validation ) == 0 ) {

error_log( "DH0110 - Preparing our content string (sets email_content var)", 0 );

// Prepare our content string

$email_content = 'from my ancestry website v38 ' . "\n\n";

error_log( "DH0120 - Now entering foreach loop to ...?", 0 ); // simple email content

foreach ( $_POST as $key => $value ) {

if ( $key != 'submit' )$email_content .= $key . ': ' . $value . "\n";

}

// if validation passed ok then send the email

error_log( "DH0130 - validation passed, sending email", 0 ); // simple email content

mail( $email_to, $email_subject, $email_content );

// Update form switch

$form_complete = TRUE;

}

}

error_log( "DH5000 - post array was empty OR post array processed and mail sent ok", 0 );

function validate_email_address( $email = FALSE ) {

error_log( "DH0130 - function validate_email_address entered", 0 ); // simple email content

return ( preg_match( '/^[^@\s]+@([-a-z0-9]+\.)+[a-z]{2,}$/i', $email ) ) ? TRUE : FALSE;

}

function remove_email_injection( $field = FALSE ) {

error_log( "DH0140 - function remove_email_injection entered", 0 ); // simple email content

return ( str_ireplace( array( "\r", "\n", "%0a", "%0d", "Content-Type:", "bcc:", "to:", "cc:" ), '', $field ) );

}

?>

<!DOCTYPE html>

<html lang="en">

<head>

<?php include("includes/ANC_head_tag.php"); ?>

HERE's THE ANC_HEAD_TAG.PHP:

<!-- *** START include meta, javascript and css links *** -->

<meta charset="UTF-8">

<meta name="description" content="A site for recording the family tree of the higgs family from Holborn London UK">

<!-- older requirement -->

<meta name="keywords" content="ancestry, binning, higgs, peterson, rockliffe, frederick higgs, rosina higgs, elizabeth higgs, richard higgs, robert higgs, harry higgs, david higgs, family, ancestry, holborn, london, family tree, amber"/>

<meta name="author" content="David Charles Higgs">

<meta name="viewport" content="width=device-width, initial-scale=1">

<!--<script src="js/jquery.js"></script>-->

<script src="js/jquery-3.3.1.min.js"></script>

<script src="js/myscripts.js"></script>

<!-- jQuery (necessary for Bootstrap's JavaScript plugins) -->

<!-- <script src="js/jquery-3.2.1.min.js"></script>-->

<!-- Include all compiled plugins (below), or include individual files as needed -->

<script src="js/popper.min.js"></script>

<script src="js/bootstrap-4.0.0.js"></script>

<link href="https://fonts.googleapis.com/css?family=Istok+Web" rel="stylesheet"/>

<link href="css/bootstrap-4.0.0.css" rel="stylesheet"/>

<link href="css/main.css" rel="stylesheet"/>

<link href="css/ancestry.css" rel="stylesheet"/>

<link href="css/common.css" rel="stylesheet"/>

<link href="css/mybootstrap-overrides.css" rel="stylesheet"/>

<!-- *** END include meta, javascript and css links *** -->

<title>Ancestry of the Higgs family, Contact Formn</title>

<!-- Contact Form Designed by James Brand @ dreamweavertutorial.co.uk -->

<!-- Covered under creative commons license - http://dreamweavertutorial.co.uk/permissions/contact-form-permissions.htm -->

<link href="contact/css/contactform.css" rel="stylesheet" type="text/css"/>

<script src="https://ajax.googleapis.com/ajax/libs/mootools/1.3.0/mootools-yui-compressed.js"></script>

<script src="contact/validation/validation.js"></script>

<script>

var nameError = '<?php echo $error_messages['

fullname ']; ?>';

var emailError = '<?php echo $error_messages['

email ']; ?>';

var commentError = '<?php echo $error_messages['

comment ']; ?>';

</script>

</head>

<body>

<div class="container">

<img class="banner_image" id="top" src="archive/multiphoto_logo2.jpg" alt="banner image showing some nice pictures"/>

<?php include("includes/ANC_main_menu1_with_banner_image.php"); ?>

<!-- superfish menu removed from here  -->

<div class="content">

<div id="formWrap">

<h2 class="centered_text">Contact.</h2>

<div id="form">

<?php if($form_complete === FALSE): ?>

<form action="contact5.php" method="post" id="comments_form">

<!--Each form element is in a row, so there are 4 rows below-->

<div class="row">

<div class="label">Your Name</div>

<!--end .label -->

<div class="input">

<input type="text" id="fullname" class="detail" name="fullname" value="<?php echo isset($_POST['fullname'])? $_POST['fullname'] : ''; ?>"/>

<?php if(in_array('fullname', $validation)): ?>

<span class="error">

<?php echo $error_messages['fullname']; ?>

</span>

<?php endif; ?>

</div>

<!-- end .input -->

<div class="context">e.g. John Smith or Jane Doe</div>

<!-- end .context -->

</div>

<!--end .row -->

<div class="row">

<div class="label">Your Email Address</div>

<!--end .label -->

<div class="input">

<input type="text" id="email" class="detail" name="email" value="<?php echo isset($_POST['email'])? $_POST['email'] : ''; ?>"/>

<?php if(in_array('email', $validation)): ?>

<span class="error">

<?php echo $error_messages['email']; ?>

</span>

<?php endif; ?>

</div>

<!-- end .input -->

<div class="context">I will never share your details</div>

<!-- end .context -->

</div>

<!--end .row -->

<div class="row">

<div class="label">Your Message</div>

<!--end .label -->

<div class="input">

<textarea id="comment" name="comment" class="mess">

<?php echo isset($_POST['comment'])? $_POST['comment'] : ''; ?>

</textarea>

<?php if(in_array('comment', $validation)): ?>

<span class="error">

<?php echo $error_messages['comment']; ?>

</span>

<?php endif; ?>

</div>

<!-- end .input -->

</div>

<!--end .row -->

<div class="row">

<div class="label">Security Question: 3 x 4 = ?</div>

<!--end .label -->

<input type="text" name="alien_attack" class="alien_attack" value="<?php if(!isset($error['alien_attack'])) {echo $alien_attack;} ?>"/>

<?php if(isset($error['alien_attack'])) {echo $error['alien_attack'];} ?>

</div>

<!-- end .input -->

<!--end .row -->

<!-- class names are case sensitive!

-->

<div class="Submit">

<input type="submit" id="submit" name="submit" value="Send Message"/>

</div>

<!-- end .submit -->

<input type="hidden" name="alien"/>

</form>

<?php else: ?>

<p style="font-size:18px; font-family:Verdana, Geneva, sans-serif; font-weight:bold; color:#000; margin-left:25px;">Thank you for your Message!</p>

<?php endif; ?>

</div>

<!--end of form -->

</div>

<!-- end of .formWrap -->

</div>

<br>

<!-- end .content -->

<div class="footer">

<?php include("includes/footer.htm"); ?>

</div>

<!-- end .footer -->

</div>

<!-- end .container -->

</body>

</html>

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 04, 2018 1
osgood_ LATEST
LEGEND ,
Dec 04, 2018

Copy link to clipboard

Copied

I cant be sure as the form looks overly complex to me BUT you could try the direct approach and wrap the mail function in an 'if' statement to test that $error['alien_attack'] is NOT set. ie that 12 has been sent as the answer, so no error is set. I know it looks like you have done exactly that eariler on in the validation process but its a bit knee deep in { } so complex to visualise

If you set it again as below its definitely functioning and should not affect anything else.

if(!isset($error['alien_attack'])) {

mail( $email_to, $email_subject, $email_content );

}

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 04, 2018 1
Adobe Community Professional ,
Dec 03, 2018

Copy link to clipboard

Copied

We would need to see the PHP code.  Maybe there's nothing wrong with your code.     Math problems will only defeat spambots.  It won't stop human spammers.   Unless you block their IP address at the server level, nothing will stop human spam.

Nancy O'Shea, ACP
Alt-Web Design & Publishing

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 03, 2018 1
Participant ,
Dec 04, 2018

Copy link to clipboard

Copied

Thanks everybody.  I think Wolfshade's comment about putting my jquery call in the wrong place needs to be corrected before any further debugging need take place.   So I have moved the jquery call to appear before the validation.js  and I'll wait a few days and see if that fixes it.  BTW Nancy, are you suggesting some poor soul is sitting each day filling in my contact form manually?  I find it hard to believe but, hey, what do I know? 🙂 Thanks again. 

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 04, 2018 0
LEGEND ,
Dec 04, 2018

Copy link to clipboard

Copied

https://forums.adobe.com/people/Nancy+OShea  wrote

nothing will stop human spam.

Apart from a shotgun

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Dec 04, 2018 0