Menu
I’m getting fed up of getting automated posts from a form which I have on my site, almost always containing just junk, and by looking at the server logs they do not appear to be sent via a browser.
Is there a way of introducing a check stage, where the person has to retype a series of numbers from an image, to verify that it is not an automated post, and is completed by a human, before posting the form?
I use ‘formail’ and the form functions by;
<form action=”/cgi-bin/formposter.pl” method=”post”>
but I have been told that I should seek a server-side solution as that would be the most effective.
Any ideas please?
Consider adding a captcha to your form. Check my signature for more info.[/QUOTE]
Can the php code be integrated into a HTML doc, or does the entire form need to be written in php?
[/QUOTE]
The problem is this is the php forum and your handler is a perl script. If you are considering switching to php post your html form and perl script to see if it can easily be converted.[/QUOTE]
<HTML><HEAD><TITLE>Example Form</TITLE></HEAD>
<BODY>
<font face='arial' size=2><b>All fields marked with a * are required:<br>
<form enctype='multipart/form-data' action='process.php' method='post'>
<table border=1 bordercolor='#000000'><tr><tr>
<table width='50%' border=0>
<tr><td bgcolor='#C0C0C0'> Name<font color='#ff0000'>*</font></td>
<td bgcolor='#C0C0C0'>
<input type=text name='Name'></td></tr>
<tr><td bgcolor='#CCCCCC'> Email Address</td>
<td bgcolor='#CCCCCC'>
<input type=email name='EmailAddress'></td></tr>
<tr><td bgcolor='#C0C0C0'> Comments</td>
<td bgcolor='#C0C0C0'>
<textarea name='Comments' rows=20 cols=20></textarea></td></tr>
</table>
</td></tr></table>
<input type='submit' value='Submit Form'> <input type=reset value='Clear Form'></form>
<br><br><br>
</BODY></HTML>
[/QUOTE]
<?php
include("global.inc.php");
$errors=0;
$error="The following errors occured while processing your form input.<ul>";
pt_register('POST','Name');
pt_register('POST','EmailAddress');
pt_register('POST','Comments');
$Comments=preg_replace("/( 15 12)|( 15)|( 12)/"," <br />", $Comments);if($Name=="" ){
$errors=1;
$error.="<li>You did not enter one or more of the required fields. Please go back and try again.";
}
if(!eregi("^[a-z0-9]+([_.-][a-z0-9]+)*" ."@"."([a-z0-9]+([ . -][a-z0-9]+)*)+".".[a-z]{2,}"."$",$EmailAddress)){
$error.="<li>Invalid email address entered";
$errors=1;
}
if($errors==1) echo $error;
else{
$where_form_is="http".($HTTP_SERVER_VARS["HTTPS"]=="on"?"s":"")."://".$SERVER_NAME.strrev(strstr(strrev($PHP_SELF),"/"));
$message="Name: ".$Name."
Email Address: ".$EmailAddress."
Comments: ".$Comments."
";
$message = stripslashes($message);
mail("[email protected] ","Form Submitted by your website",$message,"From: Name of your site");
?>
<!-- This is the content of the Thank you page, be careful while changing it -->
<h2>Thank you!</h2>
<table width=50%>
<tr><td>Name: </td><td> <?php echo $Name; ?> </td></tr>
<tr><td>Email Address: </td><td> <?php echo $EmailAddress; ?> </td></tr>
<tr><td>Comments: </td><td> <?php echo $Comments; ?> </td></tr>
</table>
<!-- Do not change anything below this line -->
<?php
}
?>[/QUOTE]
So what is in this file: [I]global.inc.php[/I] Also if you want to make the form sticky, the form and the handler will need to be the same php script.
You really should get your hands dirty and write the PHP yourself rather than some GUI program writing it for you. It's a terrible mess. A tables layout and the php code is pretty out of date too.[/QUOTE]
<?php
function pt_register()
{
$num_args = func_num_args();
$vars = array();
if ($num_args >= 2) {
$method = strtoupper(func_get_arg(0));
if (($method != 'SESSION') && ($method != 'GET') && ($method != 'POST') && ($method != 'SERVER') && ($method != 'COOKIE') && ($method != 'ENV')) {
die('The first argument of pt_register must be one of the following: GET, POST, SESSION, SERVER, COOKIE, or ENV');
}
$varname = "HTTP_{$method}_VARS";
global ${$varname};
for ($i = 1; $i < $num_args; $i++) {
$parameter = func_get_arg($i);
if (isset(${$varname}[$parameter])) {
global $$parameter;
$$parameter = ${$varname}[$parameter];
}
}
} else {
die('You must specify at least two arguments');
}
}
?>
[/QUOTE]
That is so poor!
Delete both, stick with your first form, the form is not the problem.
integrating CAPTCA is not hard
try writing your own mail script usinghttp://php.net/mail with bokehs CAPTCHA script[/QUOTE]
[code=php]<?php
# fill this in with the address to which the email will be sent
$recipient = '';
session_start();
if(isset($_GET['i']))
{
captcha_image();
}
elseif(isset($_POST['submit']))
{
if(!($error = error()))
{
$subject = 'Mail from '.$_SERVER['HTTP_HOST'].' webform';
$message = "Sender: ".ucwords($_POST['name'])." rnrn".
"Email: {$_POST['email']} rnrn".
"Message: {$_POST['comments']} rnrn";
if(@mail($recipient, $subject, $message))
{
header('Location: http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'].'?success');
}
else
{
header('Location: http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'].'?failure');
}
}
}
function error()
{
if(empty($_POST['name']))
{
return 'ERROR: The name field is empty.';
}
if(preg_match('/[^a-zA-Z ]/', $_POST['name']))
{
return 'ERROR: The name field contains invalid characters.';
}
if(empty($_POST['email']))
{
return 'ERROR: The email field is empty.';
}
if(!eregi('^([_a-z0-9-]+)(.[_a-z0-9-]+)*@([a-z0-9-]+)(.[a-z0-9-]+)*(.[a-z]{2,6})$', $_POST['email']))
{
return 'ERROR: The email field contains invalid syntax.';
}
if(empty($_POST['comments']))
{
return 'ERROR: The comments field is empty.';
}
if(!captcha_validate())
{
return 'ERROR: Incorrect security code entered.';
}
return false;
}
function captcha_validate()
{
if($_POST['captcha'] == $_SESSION['captcha'])
{
$_SESSION['captcha'] = NULL;
return TRUE;
}
return FALSE;
}
function captcha_image($length = 5)
{
$_SESSION['captcha'] = substr(strtr(base64_encode(pack("h*", sha1(mt_rand()))), "+/=", "xyz"), 0, $length);
$image = imagecreate(80, 20);
$background_colour = imagecolorallocate($image, 255,255,255);
imagecolortransparent($image, $background_colour);
$text_shadow = imagecolorallocate($image, 127,127,127);
$text_colour = imagecolorallocate($image, 0,0,127);
imagestring($image, 5, 1, 3, $_SESSION['captcha'], $text_shadow);
imagestring($image, 5, 0, 2, $_SESSION['captcha'], $text_colour);
header ('Content-type: image/png');
imagepng($image, null, 100);
imagedestroy($image);
exit;
}
# variables for sticky form
$self = 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];
$name = empty($_POST['name']) ? NULL : ucwords(stripslashes($_POST['name'])) ;
$email = empty($_POST['email']) ? NULL : stripslashes($_POST['email']) ;
$comments = empty($_POST['comments']) ? NULL : stripslashes($_POST['comments']) ;
$src = $self.'?i='.uniqid();
# start HTML output
?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1">
<title>Email script with captcha</title>
<style type="text/css">
#mailer {
width: 25em;
margin: 1em auto;
padding:0 2em 2em 2em ;
border:1px solid #bbb;
color: #333;
background:#ffd;
font: 0.9em verdana, sans-serif;
}
#mailer h1{
font: 1.4em bold verdana, sans-serif;
margin: 0;
padding:1em 0;
text-align:center;
}
#mailer label{
float: left;
width: 8em;
}
#mailer input{
width: 160px;
}
#mailer textarea{
width: 160px;
}
#error{
color:red;
}
</style>
</head>
<body>
<?php if(isset($_GET['success'])){ ?>
<div id="mailer">
<h1>Thank you</h1>
<p>Your your message has been sent successfully.</p>
</div>
<?php }elseif(isset($_GET['failure'])){?>
<div id="mailer">
<h1>Sorry</h1>
<p>Your your message has not been sent due to a server configuration error.</p>
</div>
<?php }else{ ?>
<form id="mailer" action="<?php echo $self ?>" method="post">
<h1>
Email Form
</h1>
<p id="error"><?php echo $error ?></p>
<p>
<label for="name">Name</label>
<input id="name" type="text" name="name" value="<?php echo $name ?>">
</p>
<p>
<label for="email">Email Address</label>
<input id="email" type="text" name="email" value="<?php echo $email ?>">
</p>
<p>
<label for="comments">Comments</label>
<textarea id="comments" name="comments" rows="5" cols="18"><?php echo $comments ?></textarea>
</p>
<p>
<label for="captcha"><img src="<?php echo $src ?>" width="80" height="20" alt="captcha"></label>
<input id="captcha" type="text" name="captcha">
</p>
<p>
<label for="submit">Press to...</label>
<input id="submit" type="submit" name="submit" value="send message!">
</p>
</form>
<?php } ?>
</body>
</html>
[/code]
The Captcha image is really small, is that because it no size is specified, or is it related to the system font size?[/QUOTE]Size 5 is the largest built in font and because I wanted to do it all with one file this is the only possible way... But that image is 80 x 20... if in the <img> element you specified different dimmensions you could stretch the image. For example change the <img> to:
[code=php]<img src="<?php echo $src ?>" width="120" height="30" alt="captcha">[/code]
The resulting image might look a bit pixelated and aliased but at least it would be a bit bigger.Size 5 is the largest built in font and because I wanted to do it all with one file this is the only possible way... But that image is 80 x 20... if in the <img> element you specified different dimmensions you could stretch the image. For example change the <img> to:[code=php]<img src="<?php echo $src ?>" width="120" height="30" alt="captcha">[/code]
The resulting image might look a bit pixelated and aliased but at least it would be a bit bigger.
The only other method is using an external truetype font as does the captcha script in my signature. Size is no problem then because ttf text is scaleable.[/QUOTE]
Can I see the resulting code?[/QUOTE]
[CODE]<?php
# fill this in with the address to which the email will be sent
$recipient = 'my.email.co.uk';
session_start();
define('CAPTCHA_PATH', $_SERVER['DOCUMENT_ROOT'].'/captcha/');
if(isset($_GET['i']))
{
captcha_image();
}
elseif(isset($_POST['submit']))
{
if(!($error = error()))
{
$subject = 'Mail from '.$_SERVER['HTTP_HOST'].' webform';
$message = "Sender: ".ucwords($_POST['name'])." rnrn".
"Email: {$_POST['email']} rnrn".
"Message: {$_POST['comments']} rnrn";
if(@mail($recipient, $subject, $message))
{
header('Location: http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'].'?success');
}
else
{
header('Location: http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'].'?failure');
}
}
}
function error()
{
if(empty($_POST['name']))
{
return 'ERROR: The name field is empty.';
}
if(preg_match('/[^a-zA-Z ]/', $_POST['name']))
{
return 'ERROR: The name field contains invalid characters.';
}
if(empty($_POST['email']))
{
return 'ERROR: The email field is empty.';
}
if(!eregi('^([_a-z0-9-]+)(.[_a-z0-9-]+)*@([a-z0-9-]+)(.[a-z0-9-]+)*(.[a-z]{2,6})$', $_POST['email']))
{
return 'ERROR: The email field contains invalid syntax.';
}
if(empty($_POST['comments']))
{
return 'ERROR: The comments field is empty.';
}
if(!captcha_validate())
{
return 'ERROR: Incorrect security code entered.';
}
return false;
}
function captcha_validate()
{
if(trim($_POST['captcha']) == $_SESSION['captcha'])
{
$_SESSION['captcha'] = NULL;
return true;
}
return false;
}
function captcha_image()
{
function create_captcha_code($len = 4){
$e = base64_encode(pack("h*", sha1(mt_rand())));
$_SESSION['captcha'] = str_replace('l', '2', str_replace('O', '3', str_replace('0', '4', str_replace('1', '5', str_replace('o', '6', str_replace('I', '7', substr(strtr($e, "+/=", "xyz"), 0, $len)))))));//substr(strtr($e, "+/=", "xyz"), 0, $len);
}
function rand_string($len = 28){
$e = base64_encode(pack("h*", sha1(mt_rand())));
return substr(strtr($e, "+/=", "xyz"), 0, $len);
}
$dir = opendir(CAPTCHA_PATH);
while (false !== ($file = readdir($dir))) {
if (eregi('ttf{1}$', $file)){
$fonts[] = CAPTCHA_PATH.$file;
}
}
closedir($dir);
if(!empty($fonts) and is_array($fonts)){
shuffle($fonts);
$font = $fonts['0'];
if(isset($fonts['1'])){
$background_font = $fonts['1'];
}else{
$background_font = $fonts['0'];
}
}
create_captcha_code();
$colour1 = mt_rand(125, 175);
$colour2 = mt_rand(50, 235);
$colour3 = ((420 - ($colour1 + $colour2)) + mt_rand(-10, 10));
$colours = array($colour1, $colour2, $colour3);
shuffle($colours);
$text_colour1 = mt_rand(55, 75);
$text_colour2 = mt_rand(20, 145);
$text_colour3 = ((240 - ($text_colour1 + $text_colour2)) + mt_rand(-5, 5));
$text_colours = array($text_colour1, $text_colour2, $text_colour3);
shuffle($text_colours);
if($text_colour1 > 60){ $text_shadow1 = $text_colour1 - 60; }else{ $text_shadow1 = 0;}
if($text_colour2 > 60){ $text_shadow2 = $text_colour2 - 60; }else{ $text_shadow2 = 0;}
if($text_colour3 > 60){ $text_shadow3 = $text_colour3 - 60; }else{ $text_shadow3 = 0;}
$alpha_string = '';
for($i = 0; $i < 25; $i++){
$alpha_string .= rand_string().rand_string().rand_string()."n";
}
foreach($colours as $colour){
$hidden[] = $colour + (mt_rand(15, 255 - $colour) - 15);
}
header ('Content-type: image/jpeg');
$image = @imagecreate(140, 90); // image dimensions
$background_colour = imagecolorallocate($image, $colours['0'],$colours['1'],$colours['2']);
$text_shadow = imagecolorallocate($image, $text_shadow1, $text_shadow2, $text_shadow3);
$text_colour = imagecolorallocate($image, $text_colours['0'],$text_colours['1'],$text_colours['2']);
$hidden = imagecolorallocate($image, $hidden['0'],$hidden['1'],$hidden['2']);
if(!empty($font) and is_readable($font)){
$angle = mt_rand(-20, 20);
$xCoord = mt_rand(4, 36);
$xCoord = $xCoord + round($angle/4);
$yCoord = mt_rand(0, 22);
imagettftext($image, mt_rand(10,15), mt_rand(60, 120), -70, 180, $hidden, $background_font, $alpha_string);
imagettftext($image, 27, $angle, 2 + $xCoord, 43 + ceil($angle/1.5) + $yCoord, $text_shadow, $font, $_SESSION['captcha']);
imagettftext($image, 27, $angle, $xCoord, 42 + ceil($angle/1.5) + $yCoord, $text_colour, $font, $_SESSION['captcha']);
}else{
imagestring($image, 5, 26, 19, $_SESSION['captcha'], $text_shadow);
imagestring($image, 5, 25, 18, $_SESSION['captcha'], $text_colour);
}
imagejpeg($image, null, 100);
imagedestroy($image);
exit;
}
# variables for sticky form
$self = 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];
$name = empty($_POST['name']) ? NULL : ucwords(stripslashes($_POST['name'])) ;
$email = empty($_POST['email']) ? NULL : stripslashes($_POST['email']) ;
$comments = empty($_POST['comments']) ? NULL : stripslashes($_POST['comments']) ;
$src = $self.'?i='.uniqid();
# start HTML output
?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1">
<title>Report from Website</title>
<style type="text/css">
#mailer {
width: 25em;
margin: 1em auto;
padding:0 2em 2em 2em ;
border:1px solid #bbb;
color: #333;
background:#ffd;
font: 0.9em verdana, sans-serif;
}
#mailer h1{
font: 1.4em bold verdana, sans-serif;
margin: 0;
padding:1em 0;
text-align:center;
}
#mailer label{
float: left;
width: 12em;
}
#mailer input{
width: 160px;
}
#mailer textarea{
width: 160px;
}
#error{
color:red;
text-align:center;
}
</style>
</head>
<body>
<?php if(isset($_GET['success'])){ ?>
<div id="mailer">
<h1>Thank you</h1>
<p>Your your message has been sent successfully.</p>
</div>
<?php }elseif(isset($_GET['failure'])){?>
<div id="mailer">
<h1>Sorry</h1>
<p>Your your message has not been sent due to a server configuration error.</p>
</div>
<?php }else{ ?>
<form id="mailer" action="<?php echo $self ?>" method="post">
<h1>
Email Form
</h1>
<p>
<label for="name">Name</label>
<input id="name" type="text" name="name" value="<?php echo $name ?>">
</p>
<p>
<label for="email">Email Address</label>
<input id="email" type="text" name="email" value="<?php echo $email ?>">
</p>
<p>
<label for="comments">Comments</label>
<textarea id="comments" name="comments" rows="5" cols="18"><?php echo $comments ?></textarea>
</p>
<p>
<label for="captcha"><img src="<?php echo $src ?>" width="140" height="90" alt="captcha"></label>
<input id="captcha" type="text" name="captcha">
</p>
<p>
<label for="submit">Press to...</label>
<input id="submit" type="submit" name="submit" value="send message!">
</p>
<p id="error"><?php echo $error ?></p>
</form>
<?php } ?>
</body>
</html>[/CODE]
[code=php]<?php
$recipient = $cfg['emaikl'];
if(isset($_GET['i']))
{
captcha_image();
}
elseif(isset($_POST['submit']))
{
if(!($error = error()))
{
$subject = 'Mail from Limos 2000 Ltd.'.$_SERVER['HTTP_HOST'];
$message = "Sender: ".ucwords($_POST['name'])." rnrn".
"Email: {$_POST['email']} rnrn".
"Message: {$_POST['comments']} rnrn";
if(@mail($recipient, $subject, $message))
{
header('Location: http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'].'?action=contact&success');
}
else
{
header('Location: http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'].'?action=contact&failure');
}
}
}
function error()
{
if(empty($_POST['name']))
{
return 'ERROR: The name field is empty.';
}
if(preg_match('/[^a-zA-Z ]/', $_POST['name']))
{
return 'ERROR: The name field contains invalid characters.';
}
if(empty($_POST['email']))
{
return 'ERROR: The email field is empty.';
}
if(!eregi('^([_a-z0-9-]+)(.[_a-z0-9-]+)*@([a-z0-9-]+)(.[a-z0-9-]+)*(.[a-z]{2,6})$', $_POST['email']))
{
return 'ERROR: The email field contains invalid syntax.';
}
if(empty($_POST['comments']))
{
return 'ERROR: The comments field is empty.';
}
if(!captcha_validate())
{
return 'ERROR: Incorrect security code entered.';
}
return false;
}
function captcha_validate()
{
if($_POST['captcha'] == $_SESSION['captcha'])
{
$_SESSION['captcha'] = NULL;
return TRUE;
}
return FALSE;
}
function captcha_image($length = 5)
{
$_SESSION['captcha'] = substr(strtr(base64_encode(pack("h*", sha1(mt_rand()))), "+/=", "xyz"), 0, $length);
$image = imagecreate(80, 20);
$background_colour = imagecolorallocate($image, 255,255,255);
imagecolortransparent($image, $background_colour);
$text_shadow = imagecolorallocate($image, 127,127,127);
$text_colour = imagecolorallocate($image, 0,0,127);
imagestring($image, 5, 1, 3, $_SESSION['captcha'], $text_shadow);
imagestring($image, 5, 0, 2, $_SESSION['captcha'], $text_colour);
header ('Content-type: image/png');
imagepng($image, null, 100);
imagedestroy($image);
exit;
}
# variables for sticky form
$self = 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']."?action=contact";
$name = empty($_POST['name']) ? NULL : ucwords(stripslashes($_POST['name'])) ;
$email = empty($_POST['email']) ? NULL : stripslashes($_POST['email']) ;
$comments = empty($_POST['comments']) ? NULL : stripslashes($_POST['comments']) ;
$src = $self.'&i='.uniqid();
# start HTML output
if(isset($_GET['success'])){ ?>
<div id="mailer">
<h1>Thank you</h1>
<p>Your your message has been sent successfully.</p>
</div>
<?php }elseif(isset($_GET['failure'])){?>
<div id="mailer">
<h1>Sorry</h1>
<p>Your your message has not been sent due to a server configuration error.</p>
</div>
<?php }else{ ?>
<form id="mailer" action="<?php echo($self); ?>" method="post">
<h1>
Email Form
</h1>
<p id="error"><?php echo($error); ?></p>
<p>
<label for="name">Name</label>
<input id="name" type="text" name="name" value="<?php echo($name); ?>">
</p>
<p>
<label for="email">Email Address</label>
<input id="email" type="text" name="email" value="<?php echo($email); ?>">
</p>
<p>
<label for="comments">Comments</label>
<textarea id="comments" name="comments" rows="5" cols="18"><?php echo($comments); ?></textarea>
</p>
<p>
<label for="captcha"><img src="<?php echo($src); ?>" width="80" height="20" alt="captcha"></label>
<input id="captcha" type="text" name="captcha">
</p>
<p>
<label for="submit">Press to...</label>
<input id="submit" type="submit" name="submit" value="contact us!">
</p>
</form>
<?php } ?>[/code]
Bokeh, Im not so lucky I cany get the captchga image to show?[/QUOTE]That's weird because I copied your code and it worked for me. GD.
0.1.9 — BETA 5.27