Adding Spambot protection and getting it working

webiter · August 19, 2011, 2:28pm

I have form and processor on one page. It shows errors for fields not filled in. Having trouble with the visitorcode input. I highlight the components that may be relevent in the code. Can also view on line at Test Link

Form will not accept visitorcode and clear error to present thanku.html

Any direction would be great?

<?php
/////////// LINK FORM AND MAIL PROCCESOR (ALL ON ONE PAGE) VALIDATION STARTS HERE ////////////////////	
	$errors = array();
	function validate_form_items()
	{
	    $form_items = array(		   
		   "name"  => array(
						   "regex" => "/^([a-zA-Z '-]+)$/",
						   "error" => "<i> Appears in an improper format!</i>",
						   ),
		   "email" => array(
						   "regex" =>
							"/^[A-Za-z0-9](([_\\.\\-]?[a-zA-Z0-9]+)*)@([A-Za-z0-9]+)(([\\.\\-]?[a-zA-Z0-9]+)*)\\.([A-Za-z]{2,})$/",
						   "error" => "<i> Enter a valid Email address!</i>",	
						   ),					   
	[COLOR="Red"] "visitorcode" => array(
						   "" =>"/^([a-zA-Z '-]+)$/",
						   "error" => "<i> Please enter a correct Validate Code!</i>",			   
	                       ),[/COLOR]
						   );
						   
	global $errors;		
		if(!preg_match($form_items["name"]["regex"], $_POST["your_name"]))
			$errors[] = "<b>Your Name:</b> ".$form_items["name"]["error"];
		if(!preg_match($form_items["email"]["regex"], $_POST["your_email"]))
			$errors[] = "<b>Your Email:</b> ".$form_items["email"]["error"];
		if(!preg_match($form_items["email"]["regex"], $_POST["friend_email1"]))
			$errors[] = "<b>Friend 1 Email:</b> ".$form_items["email"]["error"];
		if(trim($_POST["friend_email2"]) != "")
		{if(!preg_match($form_items["email"]["regex"], $_POST["friend_email2"]))
				$errors[] = "<b>Friend 2 Email:</b> ".$form_items["email"]["error"];}		
		if(trim($_POST["friend_email3"]) != "")
		{if(!preg_match($form_items["email"]["regex"], $_POST["friend_email3"]))
				$errors[] = "<b>Friend 3 Email:</b> ".$form_items["email"]["error"];}
				
		[COLOR="Red"]if (md5(trim($_POST[$visitorcode]))!=$_SESSION['image_random_value'])				
				$errors[] = "<b>Validate Code:</b> ".$form_items["visitorcode"]["error"];[/COLOR]
						
	   return count($errors);
	   
	 }
/////////FORM MAIL STARTS HERE//////////////////////////////////////////////////////////////////////////////////	
	function email($from, $from_name, $to, $message)
	{
		//header("Location: thanku.html");return;

		$headers .= "From: ".$from."\\r\
";
		$headers .= "Content-type: text/plain; charset=ISO-8859-1";		
		$domian_name = "www.domain.net";
		$subject = $from_name."- An invitation to view $domian_name";
		$your_message = "Hi!\\r\
";
		$your_message.= ucfirst($from_name);
		$your_message.= "would like you to check out this website at $domian_name\\r\
";
		$message=$your_message.stripslashes($message);
		if (mail($to,$subject,$message,$headers) ) {
			return true;
		} else {
			return false;
		}
	}

	function print_error($errors)
	{foreach($errors as $error)
		{$err.=$error."<br/>";}
		echo "<div style=\\"font-size:14px; font-weight:normal; color:red;\\"><span style=\\"background-color:yellow\\">$err</span><div>";		
	}
		
//////////////POSTING AND THANK YOU STARTS HERE///////////////////////////////////////////////////////////////////////////	
	function form_process()
	{	
	    [COLOR="Red"]$visitorcode = $_POST['visitorcode'];[/COLOR]//verification code
		$from_name = $_POST["your_name"];
		$fromyour_email = $_POST["your_email"];
		$to = $_POST["your_email"].",".$_POST["friend_email1"].",".$_POST["friend_email2"].",".$_POST["friend_email3"];
		//$message = $_POST["message"];
		
        		
		$error_count = validate_form_items();
		if($error_count == 0)
		
		{if(email($fromyour_email, $from_name, $to, $message)) header("Location: thanku.html");
			else
		{global $errors; $errors[] = "Email could not be send at this time. <br />Please report this to the Webmaster.";}}		
	}
		if(isset($_POST["submit"])) form_process();
?>

<html><title>Link to my Friend/s</title>
<head>
<style type="text/css">
fieldset{width:315px;height:450px;background-color:#f1f1f1;}
legend{margin-left:31px;font-family:verdana;font-size:1.45em;font-weight:bold;color:#ff0000;}
label{float:left;width:110px;font-family:verdana;font-size:0.775em;color:#0000ff;}
#textfield{width:180px;margin-bottom:5px;}
#submit{margin-left:10px;margin-top:15px;width:330px;}
br{clear:left;}
</style>
</head>
<body>
<fieldset>
<legend>Link to my Friend/s.</legend><br />
Install your friend/'s email details to forward link to this website.<br /><br />
<i>Required *</i>
    <form id="link" method="post" action="<?php echo $PHP_SELF?>" >
    <div>[COLOR="Red"]<?php global $errors; if(count($errors) != 0){ print_error($errors);} ?>[/COLOR]</div>	
	<label for="your_name">My Name:*</label><input type="text" name="your_name" id="textfield" value="<?php echo $_POST["your_name"]?>" /><br />	
    <label for="your_email">My Email:*</label><input type="text" name="your_email" id="textfield" value="<?php echo $_POST["your_email"]?>" /><br /><br />
    <label for="friend_email1">Friend's Email:*</label><input type="text" name="friend_email1" id="textfield" value="<?php echo $_POST["friend_email1"]?>" />1<br />
<i>Optional</i><br />
    <label for="friend_email2">Friend's Email:</label><input type="text" name="friend_email2" id="textfield" value="<?php echo $_POST["friend_email2"]?>" />2<br />
    <label for="friend_email3">Friend's Email:</label><input type="text" name="friend_email3" id="textfield" value="<?php echo $_POST["friend_email3"]?>" />3<br /><br />
	
	<div>
	    <label>[COLOR="DarkGreen"]Validate Form:</label>&nbsp;&nbsp;<img src="randomImage.php"/>
		<a href><img src="refresh.jpg" img style="border:0;" onclick="history.go()" alt="Get new Code" /></a>&nbsp;&nbsp;
		<input type="text" name="visitorcode" size="5"  />[/COLOR]
	</div>
	
	<br />	
    <label>Send Link:</label><input type="submit" name="submit" value="Send Website Link" />
</form>
</fieldset>
</body></html>

StarLion · August 19, 2011, 5:56pm

what’s your code for randomImage.php ? Where’s your session_start on this page?

webiter · August 19, 2011, 7:20pm

The randomImage.php is as follows:

<?php
session_start();

$alphanum = "AaBbCcDdEeFfGgHhJjKkLMmNnPpQqRrSsTtUuVvWwXxYyZz23456789";
$rand = substr(str_shuffle($alphanum), 0, 5);
$_SESSION['image_random_value'] = md5($rand);
$image = imagecreate(60, 30);
$bgColor = imagecolorallocate ($image, 255, 255, 255);
$textColor = imagecolorallocate ($image, 0, 0, 0);

// write the random number
imagestring ($image, 5, 10, 8, $rand, $textColor);

// choose one of the background images
$bgNum = rand(1, 11);
$image = imagecreatefromjpeg("captcha_album/background$bgNum.jpg");
$textColor = imagecolorallocate ($image, 0, 0, 0);
imagestring ($image, 5, 10, 8, $rand, $textColor);

// Date in the past
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");

// always modified
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");

// HTTP/1.1
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);

// HTTP/1.0
header("Pragma: no-cache");

// send the content type header so the image is displayed properly
header('Content-type: image/jpeg');

// send the image to the browser
imagejpeg($image);

// destroy the image to free up the memory
imagedestroy($image);
?>

I have now included session start.

webiter · August 21, 2011, 1:07pm

Have revised the visitorcode regular expression line to:

"regex" =>"/^([a-zA-Z '-]+)$/",

StarLion · August 21, 2011, 10:04pm

EDIT: Didnt see that extra line.

You’re double-calling post.
$visitorcode = $_POST[‘visitorcode’];

	if (md5(trim($_POST[$visitorcode]))

which translates to ($_POST[$_POST[‘visitorcode’]])

webiter · August 22, 2011, 10:47am

Thanks StarLion for pointing out the double call. I have rectified the double call and also added 0-9 to the regular expression. I then tried the form inputs again but the captcha element refuses to perform as required!

StarLion · August 22, 2011, 1:06pm

Your randomimage string can only contain a-zA-Z0-9, why are you regexing in other things?

webiter · August 22, 2011, 1:26pm

Thanks StarLion,

I had taken out the 0-9 bit as some point so I just replaced it again. I think the regex for the visitorcode is correct again! The link has been updated to reflect all the changes to date at the Test Link

webiter · August 24, 2011, 5:03pm

Hi There,

I have not as yet got this Test Link form working with its captcha! Any directions that could help greatly appreciated.

Regards

StarLion · August 24, 2011, 6:54pm

So what does the code look like now?

webiter · August 24, 2011, 7:20pm

I positioned the code at path as follows: > Test Link > on the second line Tell a friend script that I am working on. Click this link and then click on the View Source button on your tool bar thing. > View Source
Thanks for your attention. I trust that StarLions knowledge can help with what I am missing!

StarLion · August 24, 2011, 7:26pm

Mkay, so we’ve gone from double-POST to undefined variable

	if (md5(trim($_POST[$visitorcode]))!=$_SESSION['image_random_value'])

$visitorcode is undefined. I assume you meant to turn this line into

if (md5(trim($_POST['visitorcode']))!=$_SESSION['image_random_value'])

webiter · August 24, 2011, 7:43pm

Thanks StarLion, you done a great job and the thing works a treat. That lesson should stick with me.