SPAM, it's not just a type of meat featured in Monty Python, it is also one of the most annoying plagues of modern day life. If you've got an email address then chances are you know what it's like to get spammed, and the same goes for Forums too. This guide uses PHP and the GD Image Library to show one possible method of stopping "Spam-bots" from submitting junk on your site's forms.
During the early days of the 'net (aka teh Intarweb) there was never any real problem with receiving "spam" emails or having "spam" posts made to feedback forms or forums. Nowadays though it's hard to not have a site running long before it is bombarded with SPAM to comments forms, spam posts made to forums, and a whole slew of spam emails to any addresses you may have listed on the site. Here on newearthonline.co.uk I rarely get any spam to my associated email account and the reason for this is being careful with where the email address is put. You will find that no where on this site is my email address as text, nor the email address of any members - though users logged in will see these if permission is given. In order to allow people to still email me comments about this site I decided to put a feedback form up. Spambots today are clever and can submit spam to the forms without any problem - this is where the need for making automated submission harder is needed. In this example I'm using the feedback form on this site as the example, but it would work with any sort of form that needs to avoid automated submission by 'bots.
The intention of this spam blocker is that a random image is created so that the user will need to type in what is shown to confirm the user is human, and not a 'bot. The following code will generate a random string containing alphanumeric characters of the specified length.
function generatePassword ($length=8) {
$password = "";
$possible = "0123456789bcdfghjkmnpqrstvwxyz";
$i = 0;
while ($i < $length) {
$char = substr($possible, mt_rand(0, strlen($possible)-1), 1);
if (!strstr($password, $char)) {
$password .= $char;
$i++;
}
}
return $password;
}
$sec_check = generatePassword(8);Now this password will need to be used to generate an image. In order to create an image we will use the GD Image Library which can be used in PHP when it has been compiled with --with-gd. If you don't know if this is installed, or how to compile Apache then please contact your system administrator (though this will be covered in a future article).
<form action="contact.php" method="post">
<fieldset>
<legend>Contact Details and Message</legend>
<input type="hidden" name="sec_check"
id="sec_check" value="<?php print sha1($sec_check); ?>" />
<div>
<label for="contact_name">Name</label>
<input type="text" name="contact_name"
id="contact_name" value="<?php print $contact_name; ?>" />
</div>
<div>
<label for="contact_email">Email Address</label>
<input type="text" name="contact_email"
id="contact_email" value="<?php print $contact_email; ?>" />
</div>
<div>
<label for="contact_message">Message</label>
<textarea id="contact_message" name="contact_message"
rows="4" cols="31"><?php print $contact_message; ?></textarea>
<php
if(isset($errorMes) && $errorMes) {
print 'required';
}
?>
</div>
<div>
<img src="text2word.php?word=<?php print $sec_check; ?>"
alt="Please type <?php print $sec_check; ?> in the next box."
title="Please type <?php print $sec_check; ?> in the next box." />
</div>
<div>
<label for="contact_sec">Security Code</label>
<input type="text" name="contact_sec" id="contact_sec" value="" />
<?php
if(isset($errorSec) && $errorSec) {
print 'required';
}
?>
</div>
<div>
<input type="submit" name="submit_contact" value="Send" />
</div>
</fieldset>
</form>If you insert the above form in the position you want it to appear, adjusting the filename in the action property accordingly, you will then ahve a number of fields that visitors can fill in, as well as a field for verifying they are not a bot. The fields values contain PHP code so that if the first submission failed and they are having to resubmit then they don't have to retype it all. The image with the src of "text2word.php?word=<?php print $sec_check; ?>" references a PHP file that outputs an image using the GD Image Library. The code for this file is listed on the next page.
