Forum Moderators: coopster
Basically i am trying to stop robots from spamming the form with links to porn sites and other such junk.
My form posts to this code "thankyou.php" and it sends it on to the site owner.
<?php
function check_referer($referers)
{
//If there are any referrers in the list ...
if (count($referers))
{
$found = false;
// Use the browsers referrer header.
$temp = explode("/",getenv("HTTP_REFERER"));
$referer = $temp[2];
if ($referer=="")
{
$referer = $_SERVER['HTTP_REFERER'];
list($remove,$stuff)=split('//',$referer,2);
list($home,$stuff)=split('/',$stuff,2);
$referer = $home;
}
// Check agains list.
for ($x=0; $x < count($referers); $x++)
{
if (eregi ($referers[$x], $referer))
{
$found = true;
}
}
// Refererer is blank.
if ($referer =="")
$found = false;
if (!$found)
{
// You might alter this to print some sort of error of your own.
echo ("You are coming from an <b>unauthorized domain.</b>");
error_log("[formMail.php] Illegal Referer. (".getenv("HTTP_REFERER").")", 0);
}
return $found;
}
else
{
return true;
}
}
?>
<?php
//check referer
$referers = array ('anydomain.com','www.anydomain.com','205.48.267.71');
if (!check_referer($referers))
{
echo "<h1>Sorry It didn't work.</h1>\n";
echo "<p>Please go back to the form you came from and try again</p>";
}
else {
$sent =0;
$email = $HTTP_POST_VARS[Email];
$mailto = "me@anydomain.com";
$mailsubj = "Booking Enquiry from website(new form)";
$mailhead = "From: $email\n";
reset ($HTTP_POST_VARS);
$mailbody = "Details submitted from new web site form:\n";
while (list ($key, $val) = each ($HTTP_POST_VARS)) { $mailbody .= "$key : $val\n"; }
if (!eregi("\n",$HTTP_POST_VARS[email])) { mail($mailto, $mailsubj, $mailbody, $mailhead); }
echo "<h1>Thank you for your enquiry</h1>\n";
echo "<p>Your booking enquiry has been sent to us.</p>\n";
echo "<p>We will endeavour to contact you as soon as possible.</p>\n";
}
?>
Any help would be appreciated.
as follows code from chadseo
<script>
function validateform(frm) {
if(frm.name.value.length ==0 ) {
alert("Please enter a Name!");
return false;
}
else {return true; }
}
</script>
<form ... onSubmit="return validateform(this);">
Of course, javascript can be disabled, so always validate the information on next page as well using PHP, but this will notify most people if they forget a required field, etc. You can do multiple checks to: make sure an email address is entered, make sure it's in the correct format, make sure a "new_name" has a value if they choose "New" from a drop-down, etc.
as far as your top code
is it not working or are there errors?
<?
$referers = array ('127.0.0.1','192.168.0.0','192.168.0.1','http://localhost');//problem here because of testing server setup?
function check_referer($referers)
{
5 if (count($referers))
{
$found = false;
$temp = explode("/",getenv("HTTP_REFERER"));
$referer = $temp[2];
if ($referer=="")
11 {
$referer = $_SERVER['HTTP_REFERER'];
list($remove,$stuff)=split('//',$referer,2);
list($home,$stuff)=split('/',$stuff,2);
15 $referer = $home;
16 }
17 for ($x=0; $x < count($referers); $x++)
{
if (eregi ($referers[$x], $referer))
{
$found = true;
}
}
if ($referer =="")
$found = false;
if (!$found)
{
echo "You are coming from an <b>unauthorized domain.</b>";
return $found;
}
else
return false;
}
}
?>
No matter what I do, I get the following:
Notice: Undefined offset: 2 in C:\Program Files\Apache Software Foundation\Apache2\htdocs\SGFG-root\19910606\chkref.php on line 11
Notice: Undefined index: HTTP_REFERER in C:\Program Files\Apache Software Foundation\Apache2\htdocs\SGFG-root\19910606\chkref.php on line 15
Notice: Undefined offset: 1 in C:\Program Files\Apache Software Foundation\Apache2\htdocs\SGFG-root\19910606\chkref.php on line 16
Notice: Undefined offset: 1 in C:\Program Files\Apache Software Foundation\Apache2\htdocs\SGFG-root\19910606\chkref.php on line 17
You are coming from an unauthorized domain.
Warning: Missing argument 1 for check_referer() in C:\Program Files\Apache Software Foundation\Apache2\htdocs\SGFG-root\19910606\chkref.php on line 5
Notice: Undefined offset: 2 on line 11
I am betting that is here
$referer = $temp[2];
the referer probably didn't have three parts, which means your offset is no good and therefore it throws off your whole script
always fix the top error first and then rerun the script to see what changes. Try using something static that is of the desired format and then go from there.
I don't really get parts of that script to be honest. Not that I don't understand the code, it is more the logic I find a little vague.
Are you just trying to take the referer and test it against an array of banned referers? Then show them a blocked message if they come from one of them?
Make the mailer Ip/time secured so an external IP can only send an email with your system every 5 minits or so. You should keep a log too.
The mailer should only be allowed to work when the referring page is within the domain of the mailer itself; i.e.- if you havent landed on the mailer page via a navigation button elsewhere on the same site, the mailer shouldn't work, infact I'd prefer if the form didn't even materialize on the page, just a redirect. But for now, as long as it doesnt send mail, that's fine. The script from which I hacked this code did keep a log, but I don't much feel I need to do that; I could reimplement it, but dont think I need it.
The mail only goes to one address too (the form-filler-person doesnt get to enter an email to send to; the mail technically goes from me and to me, regardless).
Now, Jatar: The referer indeed doesn't have 3 parts, because I am running this on my testing server (my to-be host isn't ready yet, they are transferring to a new server and having some difficulties, and meanwhile, my current host doesn't support php so I can't test it live); I think that might be part of the problem, but havent come up with a way of simulating a real referer or altering the allowed-referer-array to work with the localhost address, which is something like:
Http://localhost/directory/directory/directory/filename.php.
This code is cut from a free open source form mail script, and I haven't altered it other than to remove irrelevant stuff (logging, banned-IP check, etc); so if it is illogical, LOL blame the original designer, as I am not proficient near enough in this stuff yet to detect illogicalness :)
And no, it isnt to check for banned referers, it is only to see if the referer is on my site (so the mail script cannot be used by someone outside the site/domain) in other words, every referer is a banned one, except those within the same site.
Thank you guys for the help;
Since I will know what the absolute path of the referer calling this script should be, can't I simply compare the actual referer and what the referer should be and if they don't match, redirect the user to another page or an error?
This mail script should ONLY be accessed by the user having pressed the CONTACT link on the navigation bar of my site; anywhere else calling the script should be NOT allowed.
Sasha
I would still like to get the referer header thing working, if only for my own knowledge/learning. The captcha is neato too; I'd really like them both working, and then decide what to use... :)
