Jump to content

Prevent Post Abuse On A Php Form Script

section31

By section31
in Scripting Talk

 Share

Recommended Posts

section31 Rising Star

section31

Posted
Posted

HI, do any of you guys know what would be the most efficient way of preventing a form from being spammed. When I say spammed, I mean preventing the user from submitting data numerous times with a few minutes. Ex. This mail script I made. http://davesrig.us/new/emailme.php?userid=1

 

What should I do to prevent people from going back and abusing that submit button? I was thinking about using cookies or sessions but they can easily just restrict cookies. Any other options I missed?

surefire Mentor

surefire

Posted
Posted

Log the IP in a database with the server time when the form is submitted. Before posting data, query the database for any other entries by that IP and determine the time that has elapsed. If the time interval is too short, kill the script and send an error code... maybe add the IP to another table for banned IP's.

 

When the code runs, it could also go ahead and delete all entries in the table that have passed the required time frame.

section31 Rising Star

section31

Posted
  • Author
Posted

Well I suppose I could do that. But I would have to create a dummy table b/c this particular form data isn't going into my database. It's being emailed to me. I want my database clean...hehe... Any other suggestions? If not, i'll go ahead and have to do that. I still feel that there should be a more efficient way. I was looking at sessions and the only way to make them work if the user has cookies disabled is too pass the sessionid variable and thats no good.

 

Dave

surefire Mentor

surefire

Posted
Posted

If you use sessions or cookies, then you would get over 95% of the folks out there. Very few have cookies disabled.

 

It sounds like you want a super fool proof method.

 

Do a cookie check to see if they can accept cookies and if not, tell them they need to have cookies enabled in order to use your form.

Cyber-dog Explorer

Cyber-dog

Posted
Posted

I noticed you use PHP

 

>if((!$name) || (!$email) || (!$feedback)){
echo 'You did <b>NOT</b> submit the following required information! <br><br>';
if(!$name){
 echo " - Your Name is a required field. Please <a href=javascript:history.back()>go back</a> and try again.<br><br>";
}
if(!$email){
 echo " - E-mail address is a required field. Please <a href=javascript:history.back()>go back</a> and try again. <br><br>";
}
if(!$comments){
 echo " - You failed to submit any feedback! <a href=javascript:history.back()>go back</a> and try again.<br><br>";
}
exit();
}

 

That is what I use for field verification on my site, I know its not quite what your'e looking for, but it prevents abuse to a degree! I plan to include this in the release of PHP Form Mail on my site shortly!

 

As you can see with the code above it's pretty easy to edit, and add more verification! Hope this helps

 

Regards, Cyber-dog

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...