Simple CSS/PHP AntiSpam solution for a contact form

[makenoiz]

Thanks for all who have contributed to this thread. This is much much lighter and more customer friendly than a captcha!

Remember the bots fill in the hidden form because they read the code and think its a valid input field. We test to see if the hidden field IS filled in. If it is, then its a bot, if it is not filled in then its a human and is A-OK. Some folks are having a hard time with the logic

filled in hidden form = bot > fail/redirect
empty hidden form = human > pass


...........

Just implemented on 1.3.9h create an account and Seems to work. I disabled the inline css, Filled out all the fields - including the one that should be hidden -as a bot would, and no new customer. I have mine redirecting like this:

// FOOL-A-ROBOT-HACK ZC POST 1069448 vf
if (!empty($leaveblank)) {
zen_redirect(zen_href_link(FILENAME_TIME_OUT, 'action=success'));
}

On to add to Contact Us now ........

[Elarya]

don't take this the wrong way, but if you can't work out what to do with what i've given, I dare say you shouldn't be editing files that WILL STOP customers from shopping at your store if you get it wrong...

good luck!

I don't think anyone will take it wrong. Everyone appreciates anyone who takes the time to help out. However, I will say (and speaking for myself only) it helps to understand "the why" of things to further our knowledge. For example, I cannot work out what to do with your instructions with what you have given but I do not feel I shouldn't be editing those files, especially when I have a backup.

I think if I understood for example why yours when on "line 78" then I could figure out where mine should go (in case our 78s are different). I tend to learn by example and I think that may be why many people are asking for an example.

I am going to go again slowly through this entire thread. I am still a novice but I am determined to figure this out as these signups are becoming a mini nightmare on my site.

[shartlesville]

I've been adding mods, updating, and generally mucking around in the zen code for the past two years and I have to say, "Wow, this was the most confusing change I have ever had to make!"

That said, I worked it out for both the Contact Us and the Report A Price mod. (I have not figured out the Create Account yet b/c the header file looks NOTHING like the ones in the examples, lol).

Here is what I did on the contact us form:

in /includes/templates/template_default/tpl_contact_us_default.php find:

Code:

<label class="inputLabel" for="email-address"><?php echo ENTRY_EMAIL; ?></label>
<?php echo zen_draw_input_field('email', ($email_address), ' size="40" id="email-address"') . '<span class="alert">' . ENTRY_REQUIRED_SYMBOL . '</span>'; ?>
<br class="clearBoth" />

directly under it put this:

Code:

<!-- NOSPAM -->
<input style="visibility:hidden; display:none;" name="leaveblank" type="text">
<br class="clearBoth" />
<!-- NO SPAM -->

*** You probably should save this and upload it to YOURTEMPLATE folder as well so it won't be over-ridden with an update. ***

Then in includes/modules/pages/contact_us/header.php make the following changes:

Highlight this (around line 14):

Code:

$error = false;
if (isset($_GET['action']) && ($_GET['action'] == 'send')) {
  $name = zen_db_prepare_input($_POST['contactname']);
  $email_address = zen_db_prepare_input($_POST['email']);
  $subject = zen_db_prepare_input($_POST['subject']);
  $enquiry = zen_db_prepare_input(strip_tags($_POST['enquiry']));

  $zc_validate_email = zen_validate_email($email_address);
  if ($zc_validate_email and !empty($enquiry) and !empty($name)) {

and replace it with this:

Code:

$error = false;
if (isset($_GET['action']) && ($_GET['action'] == 'send')) {
  $name = zen_db_prepare_input($_POST['contactname']);
  $email_address = zen_db_prepare_input($_POST['email']);
  $subject = zen_db_prepare_input($_POST['subject']);
  // NO SPAM
  $leaveblank = zen_db_prepare_input($_POST["leaveblank"]);
  // NO SPAM
  $enquiry = zen_db_prepare_input(strip_tags($_POST['enquiry']));
  
  //edited for NO SPAM
  $zc_validate_email = zen_validate_email($email_address);

  if ($zc_validate_email and !empty($enquiry) and !empty($name) and !empty($subject) and empty($leaveblank)) {

Then find (around line 93):

Code:

    if (empty($enquiry)) {
      $messageStack->add('contact', ENTRY_EMAIL_CONTENT_CHECK_ERROR);
    }

Directly under it add:

Code:

    //NO SPAM
    if (!empty($leaveblank)) {
    zen_redirect(zen_href_link(FILENAME_TIME_OUT, 'action=success'));
    }
    //NO SPAM

Test the form normally to make sure you DO get mail from customers. Then using firefox, disable the inline CSS styles filling out all the lines including the one that should be blank. When you hit send, you should be redirected to the session timed out page. If you get blank pages or the email goes through when it shouldn't, verify all the changes for missing punctuation and check the CACHE file for errors.

For the Report A Cheaper Price mod in includes/templates/template_default/tpl_report_a_price_default.php find (about line 74):

Code:

<label class="inputLabel" for="email-address"><?php echo ENTRY_EMAIL; ?></label>
<?php echo zen_draw_input_field('email', ($error ? $_POST['email'] : $email), ' size="40" id="email-address"') . '<span class="alert">' . ENTRY_REQUIRED_SYMBOL . '</span>'; ?>
<br class="clearBoth" />

directly under it add:

Code:

<!-- NOSPAM -->
<input style="visibility:hidden; display:none;" name="leaveblank" type="text">
<br class="clearBoth" />
<!-- NO SPAM -->

Then in includes/modules/pages/report_a_price/header.php find (about line 35):

Code:

$error = false;
if (isset($_GET['action']) && ($_GET['action'] == 'send')) {
  $name = zen_db_prepare_input($_POST['contactname']);
  $email_address = zen_db_prepare_input($_POST['email']);
  $other_store = zen_db_prepare_input(strip_tags($_POST['other_store']));
  $other_store_location = zen_db_prepare_input(strip_tags($_POST['other_store_location']));
  $other_price = zen_db_prepare_input(strip_tags($_POST['other_price']));

  $zc_validate_email = zen_validate_email($email_address);

  if ($zc_validate_email and !empty($other_store) and !empty($other_store_location) and !empty($other_price) and !empty($name)) {

Replace with

Code:

$error = false;
if (isset($_GET['action']) && ($_GET['action'] == 'send')) {
  $name = zen_db_prepare_input($_POST['contactname']);
  $email_address = zen_db_prepare_input($_POST['email']);
  // NO SPAM
  $leaveblank = zen_db_prepare_input($_POST['leaveblank']);
  // NO SPAM
  $other_store = zen_db_prepare_input(strip_tags($_POST['other_store']));
  $other_store_location = zen_db_prepare_input(strip_tags($_POST['other_store_location']));
  $other_price = zen_db_prepare_input(strip_tags($_POST['other_price']));

  $zc_validate_email = zen_validate_email($email_address);

  if ($zc_validate_email and !empty($other_store) and !empty($other_store_location) and !empty($other_price) and !empty($name) and empty($leaveblank)) {

Test the form normally to make sure you DO get mail from customers. Then using firefox, disable the inline CSS styles filling out all the lines including the one that should be blank. When you hit send, you should be redirected to the session timed out page. If you get blank pages or the email goes through when it shouldn't, verify all the changes for missing punctuation and check the CACHE file for errors.

If you get a blank page after this, check for syntax errors - I had an extra } on line 128 next to

Code:

} // end action==send

When I deleted it, it worked.

If anyone knows the edits for the Create Account pages, please let me know.

Thank you!
Blessings,
K

[windsurfer]

Is there a mod available for version 1.5 or will the above work ?

[Decostyle]

Worked!!! Thank you!

Iǘe prepared the files with this CSS trick for login... see attachment.

Use at own risk off course .

[paperthreads]

I found the solution to the problem I had previously discussed.

for some reason, I didn't have a subject box and in the code in this thread , the line '!empty($name) and !empty($subject) and empty($leaveblank)) {' can't be used because when a real person submits enter, zen cart will be waiting for an entry in a subject box that doesn't exist, so just modify the line by

!empty($name) and empty($leaveblank)) {

alone

Thanks, I too don't have a subject line, so edited per your suggestion, and got this to work finally!

[yaseent]

Hi Everyone,

here is a very simple and modest contribution for all those who get spams sent with their contact forms.

You're a damn champion Denis.

Hate to have to use the word "stupid" but some customers...well...Let's just say they're CAPTCHA-CHALLENGED.

[windsurfer]

Just installed shartlesville spam modification this in V1.5 and works like a charm. Thank you so much :)

[windsurfer]

Hey eentje your anti spam create account mod works like a bute in V1.5

[micmed]

I have this working in 1.3.9h on the Create Account and Contact Us forms thanks to the work of shartlesville and eentje. 1.5 is next.