Forum Moderators: open
I am sure you know what captcha is since it is largely used in the web nowadays... When the user is asked to retype text shown in a picture generated by PHP. This way, you are sure that users are humans and not bots.
It's likely that the source of the spam is diverse though (many users machines are compromised and therefore do the dirty work for spammers), if that's the case then the above will not work.
Let's hope it's a noob spammer.
Google for "Captcha".
You mentioned PHP
did you create the script
if so many things server side can be done about security.
Post at the PHP forum
<?php
$org=$_POST['org'];
$address1=$_POST['address1'];
$address2=$_POST['address2'];
$address3=$_POST['address3'];
$city=$_POST['city'];
$pcode=$_POST['postcode'];
$region=$_POST['region'];
$tel=$_POST['tel'];
$fax=$_POST['fax'];
$email=$_POST['email'];
$web=$_POST['web'];
$name=$_POST['name'];
$image=$_POST['image'];
$projdesc=$_POST["projdesc"];
$cats1=$_POST['cats1'];
$rate1=$_POST["rate1"];
$cats2=$_POST['cats2'];
$rate2=$_POST["rate2"];
$cats3=$_POST['cats3'];
$rate3=$_POST["rate3"];
$cats4=$_POST['cats4'];
$rate4=$_POST["rate4"];
$cats5=$_POST['cats5'];
$rate5=$_POST["rate5"];$min_age=$_POST['agefrom'];
$max_age=$_POST['ageto'];
$gptext=$_POST['pracbite'];
$gptitle=$_POST['practitle'];
$gpc1=$_POST['gpc1'];
$rate1=$_POST["rate1"];
$gpc2=$_POST['gpc2'];
$rate2=$_POST["rate2"];
$gpc3=$_POST['gpc3'];
$rate3=$_POST["rate3"];
$gpc4=$_POST['gpc4'];
$rate4=$_POST["rate4"];
$gpc5=$_POST['gpc5'];
$rate5=$_POST["rate5"];
$praccontact=$_POST["praccontact"];
mail ("wendy@example.com", "Practice Bite",
"New Practice Bite
Project Info:
Organisation: $org
Address: $address1
$address2
$address3
City: $city
Post code: $pcode
Region: $region
Tel: $tel
Fax: $fax
Email: $email
Web: $web
Contact Name: $name
Image: $image
Project Desc: $projdesc
C1: $cats1
R1: $rate1
C2: $cats2
R2: $rate2
C3: $cats3
R3: $rate3
C4: $cats4
R4: $rate4
C5: $cats5
C5: $rate5
Practice Example:
Min age: $min_age
Max age: $max_age
P Title; $gptitle
P Text: $gptext
P1: $gpc1
R1: $rate1
P2: $gpc2
R2: $rate2
P3: $gpc3
R3: $rate3
P4: $gpc4
R4: $rate4
P5: $gpc5
R5: $rate5
Contact Name: $praccontact"
);
echo ("<p>Your practice bite has been submitted.</p>
<p>Many thanks.</p>");
?>
[edited by: encyclo at 2:10 pm (utc) on June 14, 2006]
[edit reason] examplified [/edit]
If you do not wish to address the PHP script, you may leave it here and ask for JS client side validation help.
At very first glance in its actual state you offer no protection.
you need to validate the form input and verify that the expected input is really the expected one.
