homepage Welcome to WebmasterWorld Guest from 54.226.235.222
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
Contact form with captcha or validation
davidh6781




msg:4264654
 2:47 pm on Feb 9, 2011 (gmt 0)

Hello I am after a little guidance for a php form that uses captcha or some thing the human user has to think about.

Currently a client is using a cgi that is getting spammed due to no captcha etc.

any help will be great

 

Matthew1980




msg:4264659
 3:03 pm on Feb 9, 2011 (gmt 0)

Hi there davidh6781,

This is a bone of contention amongst programmers; captcha doesn't always work, yes it helps, but captcha is useless if the bot/spammer/hacker goes via the command line, and totally circumvents the form itself.

Realistically, you need to code the form properly, and make sure that you have relevant measures in place that filter out user input, then if this isn't met, redirect to the firm with the errors that are caught.

ABOVE all make sure that the email headers can't be manipulated, as one email could turn into thousands.

Though if you do want captcha, just google it, there are loads of tutorials out there that can help you.

Cheers,
MRb

rocknbil




msg:4264788
 6:25 pm on Feb 9, 2011 (gmt 0)

Agrees. Just say no to CAPTCHA. IMO it's a patch to solve a problem not fully understood by many programmers. I have never needed to use one.

Scratch that - I needed it once. A second programmer was brought in on a project and convinced the client we needed a captcha. I said we didn't. Suddenly we got *one* spam that got through my filters. One, and it never came back. He'd gone in and looked at my code, figured out how to pass a rare pattern through it, loggedin via proxy to a hacked Asian server, and submitted it to prove who is the BMOC. I couldn't prove it, so now the site has an unnecessary user barrier. LOL

We have a parallel conversation [webmasterworld.com] going on that will be of use to you, see comments and links in that thread.

Matthew1980




msg:4264883
 10:50 pm on Feb 9, 2011 (gmt 0)

Hey Rocknbil,

>>I said we didn't. Suddenly we got *one* spam that got through my filters

I would love to know what that was...

Haha, I have to admit, I have a captcha script that I cobbled together one afternoon to see if there was any difference in having it there as an option, then I got a few people at work saying, I can't get past that dang picture - "Well how secure do you want this" was my reply, my point is, captcha's can be too difficult to read, at least choose a font & background distractions that don't make the actual chars difficult to read!

And secondly, you will never please all of the people all of the time :)

Cheers,
MRb

rocknbil




msg:4265274
 6:25 pm on Feb 10, 2011 (gmt 0)

It was something obscure. I think he sent it in encoded Chinese or something, it was an obvious thread through the filters of ordinary spam. I just don't waste energy on breast beating. :-)

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved