Spam is the bane of every web owners existence. In the further refinement of FormM@iler I am attempting to add some logic to help catch and stop probable spam from clogging up users inboxes. it is up to the user to understand the risks associated with each type of logic. One thing outside of these features one can do it help is also to have the form itself open in a popup window via a JavaScript window.open function, as this would stop many bots from ever getting to the form, and it would stop the need of having the success/error page redirects so you could use FormM@iler default pages with all the proper error messages generated by the script. You can also decide how to handle the spam. With the $flag_spam[0] variable set to anything except empty, it will edit the subject line and prepend it with the value of $flag_spam[0]. If it is set to empty, it will simply not send the email flagged as spam at all and display an error message to the user. To not use any of these features, simply make their value empty. Empty Field The $empty_field[0] variable will hold the name of the empty field in your form. Only one field per form allowed and the field must be in the following format: <input type="text" name="fieldname" value="" style="display:none;" /> The logic of this is that many automated systems simply enter data into any field it see on the form and submits it, so this is bait. Upon form submission, if anything is in this field, the form processing is stopped, no error messages or anything, just stopped. RISKS: There is virtual no risk to using this method that I can see. Character Scan The $character_scan[0] field will hold a comma separated list of the fields that will run through the character scan. This scan looks for < and > or [ and ] to flag as spam and kill the processing. Spam often uses HTML or bbCode when submitting, HTML is easy, it's < and >, bbCode is markup used on forums and bulletin boards, and it usually uses [ and ] instead of the < and >. Fortunately both sets of these characters are rarely used in contact forms, so they are handy to scan for. If the script finds these it will display an error, though it would be best for the user to add a JavaScript error check for these characters as well for the rare occassion a real user does actually use them. Finding only < or only > will not trigger it, only finding both, same with [ and ]. The characters also have to be found IN that order. RISKS: There is the possibility these characters could commonly be used in your email depending on the type of business you run, particularly with the less than greater than symbols as they are shortcuts for math comparisons. You be the judge of how often they will both be used in that order in your emails. The fact they must be found in pairs and in the specific order lessens the the risk of annoying a non-spam submission as well. Time Delay To use this feature your form must be a php based file that can have the field populated with the timestamp of the server time and must be named "time", such as in the example below: <input type="hidden" name="time" value="<?php echo time(); ?>" /> The value of the $time_delay[0] variable must be empty if not used, if used it must be a number. This number represents the minimum number of seconds that the form must take to be filled out in. The logic behind this is that automated form submission applications generally submit almost instantaneously. So, when the form is submitted it will check that time stamp against the current time stamp, if they form has been filled out in less than the stated number of seconds, an error is displayed and the form is not processed. As well, if there is not a "time" field sent, this means the bot likely didn't even use the form but went straight to the script, and it will stop that as well. RISKS: I see very little risk in this feature, as the time is being pulled from the server on both sides of the process, with no client interaction at all. The only possible risk is in a very small form you need to set the timer very low or you may actually catch legitimate users with it if it can actually be filled out very quickly. sorta-CAPTCHA This isn't a real CAPTCHA, as it is somewhat predictable, but it's a good random option that is relatively easy for even a newbie to configure and install. The user can have as many or as few images with characters as they want, the only rule is the must be .jpg format. I have included four as an example, which you can use if you wish as long as you follow the naming convention and ordering described below. The list of images must always start at 0 (zero) not 1.
You can add img_4.jpg, img_5.jpg, etc, using as many or as few images as you want as long as the numeric progression of names is consistent. For this option you also need a php driven form. The form need to generate a random number to determine the image to show, and thereby the code associated with it. First, the images must be number from 0 up sequentially to however many images you have. Then, in your form, to generate a random number use the following code: <?php $random = rand(0,3); ?> The "3" in the example above is the number of the highest numbered image. Then, to display the image and the associated hidden field use the following code: <img src="path/to/img_<?php echo $random; ?>.jpg"/> <input type="hidden" name="captcha_code" value="<?php echo $random; ?>"/> <input type="text" name="captcha_entry" value=""/> The "captcha_code" field is a hidden field to hold the number that was generated by the random number function, the "captcha_entry" field is what the user will enter his validation code in. Then you set up the $captcha_codes[0] you create a comma separated list of the values of your images in the order of their numbers, so, with the sample images the variable would look like: $captcha_codes[0]="9C2449,EEADC8,77A585,D72838"; Upon submission the script will check the entry against the proper code in the list, and the test will be case insensitive. NOTE: Be sure to add the "captcha_entry" field name to your required fields list. RISKS: The biggest risk is annoying the hell out of your users. Personally, I'd try everything else before sorta-CAPTCHA, but lots of people have asked for it, and a true CAPTCHA is very complicated, I have found this about as effective as the real thing and a much less complicated system. I would also recommend more than 4 images as a bigger pool means a better appearance of random numbers. I use 20 on one site and it's worked as well as sites I have genuine CAPTCHA installed on. Maximum URL Count This feature will count the number of URL's found in any field, or list of fields, if too many are found, the message will be flagged as spam. The $max_urls[0] variable will be set to the number of URL's that will be allowed in any one field, the $max_url_fields[0] is a comma separated list of fields that should be checked. RISKS: Depending on your use of the form, you may catch legitimate users if the number is set too low. Think carefully before setting this number very low.
|
|||||||||||||||||||||||
 |
dB Masters MultimediaAudio, Video and Web Production Services for Small Business |
NavigationUser login |
|
| © Copyright 2009 - dB Masters Multimedia - All Rights Reserved |