|
Posted by Jerry Stuckle on 11/10/06 19:47
Matthew Wilson wrote:
> "J.O. Aho" <user@example.net> wrote in message
> news:4rjiogFrvinbU1@mid.individual.net...
>
>
>>Just add another input of text type (you can name it what ever you want,
>>say fun), you random two values and make another input of hidden type (you
>>can call it what ever you want, but not the same as the previous, say
>>real), then on the script where you receive the form you compare the two
>>values
>
>
> That's great but a little complex for our needs. The actual capture form is
> HTML, only the receive script is PHP. Can you offer a simpler version which
> just expects the number "5" rather than random numbers?
>
> Here is the format we follow, and the relevant field that expects a 5 is
> "human":
>
> <?
> // ------------- CONFIGURABLE SECTION ------------------------
>
> // $mailto - set to the email address you want the form
> // sent to, eg
> //$mailto = "youremailaddress@example.com" ;
>
> $mailto =
>
> // $subject - set to the Subject line of the email, eg
> //$subject = "Feedback Form" ;
>
> $subject = "Feedback" ;
>
> // the pages to be displayed, eg
> //$formurl = "http://www.example.com/feedback.html" ;
> //$errorurl = "http://www.example.com/error.html" ;
> //$thankyouurl = "http://www.example.com/thankyou.html" ;
>
> $formurl =
> $errorurl =
> $thankyouurl =
>
> $uself = 0;
>
> // -------------------- END OF CONFIGURABLE SECTION ---------------
>
> $headersep = (!isset( $uself ) || ($uself == 0)) ? "\r\n" : "\n" ;
> $name = $_POST['name'] ;
> $email = $_POST['email'] ;
> $referee = $_POST['referee'] ;
> $human = $_POST['human'] ;
> $comments = $_POST['comments'] ;
> $http_referrer = getenv( "HTTP_REFERER" );
>
> if (!isset($_POST['email'])) {
> header( "Location: $formurl" );
> exit ;
> }
> if (empty($email) || empty($comments) || empty($human)) {
> header( "Location: $errorurl" );
> exit ;
> }
> if ( ereg( "[\r\n]", $name ) || ereg( "[\r\n]", $email ) ) {
> header( "Location: $errorurl" );
> exit ;
> }
> if (get_magic_quotes_gpc()) {
> $comments = stripslashes( $comments );
> }
>
> $messageproper =
>
> "This message was sent from:\n" .
> "$http_referrer\n" .
> "------------------------------------------------------------\n" .
> "Name of sender: $name\n" .
> "Email of sender: $email\n" .
> "Referred by: $referee\n" .
> "2+3=$human\n" .
> "------------------------- COMMENTS -------------------------\n\n" .
> $comments .
> "\n\n------------------------------------------------------------\n" ;
>
> mail($mailto, $subject, $messageproper,
> "From: \"$name\" <$email>" . $headersep . "Reply-To: \"$name\" <$email>" .
> $headersep . "X-Mailer: chfeedback.php 2.07" );
> header( "Location: $thankyouurl" );
> exit ;
>
> ?>
>
>
> Thanks so much!
>
> Matt
>
>
Matt,
If you're always expecting the same number, your spambots will quickly
pick up on that and you're no longer secure.
Aho's response is good, and very easy to implement. The one thing I
should add, though, is to encrypt the hidden value some way. A one-way
hash would work, for instance. Then when they enter the value on the
form, encrypt it the same way and compare the results with what's in the
hidden field.
For instance:
<input type="text" name="real" value="<?PHP echo crypt($a+$b,
'oUrSeCrEt'); ?>">
And on the other end:
if(crypt($_REQUEST['fun'], 'oUrSeCrEt')!=$_REQUEST['real'] ...
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
[Back to original message]
|