Simple CSS/PHP AntiSpam solution for a contact form

[kcb410]

Hello Everyone,

I tried using dlg_ie's method and shatleville's method and neither of them seem to actually work. They don't break the contact us page but I can turn off CSS fill in the fields including the invisible and successfully send and receive the contact email.

Does anyone have this method functioning properly on the contact us form for Zen 139h?

Any comments would be appreciated..Thank you!

[lankeeyankee]

Hello Everyone,

I tried using dlg_ie's method and shatleville's method and neither of them seem to actually work. They don't break the contact us page but I can turn off CSS fill in the fields including the invisible and successfully send and receive the contact email.

Does anyone have this method functioning properly on the contact us form for Zen 139h?

Any comments would be appreciated..Thank you!

You must have missed something because this definitely works on the contact us, ask a question, tell a friend, create account and write review pages on our 1.3.9h. I suggest going back and retracing each step to make sure you did everything correctly.

[kcb410]

You must have missed something because this definitely works on the contact us, ask a question, tell a friend, create account and write review pages on our 1.3.9h. I suggest going back and retracing each step to make sure you did everything correctly.

Okay I'll try it again...Do you recall if you used dlg_ie's method or shatleville's method? I've tried both.
Thank you for the reply lankeeyankee.

[lankeeyankee]

Okay I'll try it again...Do you recall if you used dlg_ie's method or shatleville's method? I've tried both.
Thank you for the reply lankeeyankee.

I used the method in the first post of this thread, I have never had a problem with it so I haven't even looked at these other methods and don't know how they might differ.

[mcpisik]

Could anyone who added it to Tell A Friend, tell me what lines they added the bits in: /modules/pages/tell_a_friend/header_php ?
I've done it successfully for contact us and ask a question mod, but just looks a bit different for this one.
Cheers!

[lankeeyankee]

Could anyone who added it to Tell A Friend, tell me what lines they added the bits in: /modules/pages/tell_a_friend/header_php ?
I've done it successfully for contact us and ask a question mod, but just looks a bit different for this one.
Cheers!

It's the same principal as the other pages, you just need to take in the part of the code that is POSTing input from the page's fields. In the header file look for:

PHP Code:

$from_email_address = zen_db_prepare_input($_POST['from_email_address']); 


and add this after

PHP Code:

$leaveblank = zen_db_prepare_input($_POST['leaveblank']); 


then find this line:

PHP Code:

$messageStack->add('friend', ERROR_TO_ADDRESS); 


and add this after:

PHP Code:

}
  if (!empty($leaveblank)) {
    exit; 


In all of these header files you are looking for the messageStack areas, this is where the error logic is and that is where this needs to go. Basically, it's saying "if this condition is met" (being the spam bot entered text into the $leaveblank field) "then do this" (which is exit the script and do not proceed further).

I put this on our main site as soon as this thread was started and since then we have had 0 and I really mean 0 spam entries. It's simple, effective, and doesn't make your customer fill in an extra field (CAPTCHA) that can be hard to read and thus annoying when you are trying to make it as easy as possible for them to give you their money.

[mcpisik]

It's the same principal as the other pages, you just need to take in the part of the code that is POSTing input from the page's fields. In the header file look for:

Terrific clear instructions thank you.
Yes, I am really looking forward to the difference this will make. Shame it's not a default part of zen-cart, but I guess there are a lot of things to decide what is best included, so great to have this thread! Minus most of page 3s ranting lol :)
Appreciate the help.

[DivaVocals]

This is the second time I've tried this on my Contact Us form and I still cannot get it to work.. The store I am trying this on is a Zen Cart v1.5 store..

I've read this whole thread, made all the changes correctly.. When I turn off inline CSS and test the form from the bot POV, things work as I expect.. However when I fill out the form as a legit visitor would and click "Submit" I am not taken to the form filled successfully page. I click "Submit" and NOTHING happens.. (Nothing as in my form is not submitted at all)

Can I buy a vowel here.. what do I need to check?? Does anyone have this solution working in a Zen Cart v1.5 store??

[DivaVocals]

So answering my own question I found the HINT why this has not worked on the Contact Us for for quite a few folks (based on the posts in this thread -- this is why it pays to read the ENTIRE support thread..)

BURIED in this thread was this post:

I found the solution to the problem I had previously discussed.

for some reason, I didn't have a subject box and in the code in this thread , the line '!empty($name) and !empty($subject) and empty($leaveblank)) {' can't be used because when a real person submits enter, zen cart will be waiting for an entry in a subject box that doesn't exist, so just modify the line by

!empty($name) and empty($leaveblank)) {

alone

My Contact Us form doesn't have a subject line either.. So this post caught my eye.. The part highlighted in red is the issue for ANYONE who has tried this solution on the Contact Us form and found that their Contact Us form doesn't submit, show an error message, or do ANYTHING that you would normally expect to see happen when you submit a form.. It does what several folks have reported happens, NOTHING.. To fix it, delete the part in red and your Contact Us form will MIRACULOUSLY work.


In the name of full disclosure, here are the two posts I used as guide for the Contact Us form.. (Please note I made a small edit to the path information in shartlesville's post).

I followed shartlesville's instructions because I thought they were a little easier to read and because I like the idea introduced earlier in this post by
dw08gm of faking a success message for the bots.. But I compared them to the original instructions to make sure everything aligned with the basic solution (it does)

Hi Everyone,

here is a very simple and modest contribution for all those who get spams sent with their contact forms.

I have had a look at CAPTCHA method, but it's it's one more field for your visitors, and it's sometimes a pain to decipher the letters in the image. I did some searches and found that some people had come up with a simpler and more user friendly method. Search Google for "CSS antispam" and you will find many articles about this clever idea :

Basically, you insert in the contact form a field which is hidden thanks to CSS. It acts as a trap for bots, which try to fill in every field they find. In the php file that sends the mail, you then kill the script when that field is not empty.

All I did to adapt this idea to ZenCart is the following :

• 1 -

edit the file tpl_contact_us_default.php (in templates folder)
add the new hidden field somewhere like between existing fields around line 70 or so :

Code:

 <input style="visibility:hidden; display:none;" name="leaveblank" type="text">

• 2 -

edit the file : header_php.php (in modules/pages/contact_us/)

• 2.1

after the line :
$enquiry = zen_db_prepare_input(strip_tags($_POST['enquiry']));
add

Code:

$leaveblank = zen_db_prepare_input($_POST["leaveblank"]);

• 2.2

edit this line as follows (you will find it around line 23)

Code:

if ($zc_validate_email and !empty($enquiry) and !empty($name) and !empty($subject) and empty($leaveblank)) {

• 2.3

after this line (down around line 80)
if (empty($enquiry)) {
$messageStack->add('contact', ENTRY_EMAIL_CONTENT_CHECK_ERROR);
}
add this test that kills the page if the field was not empty, i.e. filled in by a bot.

Code:

    if (!empty($leaveblank)) {
      exit;
    }

To verify, you can install the firefox extension WebDeveloper, disable Inline CSS and add something to the now-not-hidden field.

I hope that helps. The only catch would be for users who have disabled CSS, but who does that, right.. Any comments or improvements or doubts, let me know.

Best regards,

Denis

I've been adding mods, updating, and generally mucking around in the zen code for the past two years and I have to say, "Wow, this was the most confusing change I have ever had to make!"

That said, I worked it out for both the Contact Us and the Report A Price mod. (I have not figured out the Create Account yet b/c the header file looks NOTHING like the ones in the examples, lol).

Here is what I did on the contact us form:

in /includes/templates/template_default/templates/tpl_contact_us_default.php find:

Code:

<label class="inputLabel" for="email-address"><?php echo ENTRY_EMAIL; ?></label>
<?php echo zen_draw_input_field('email', ($email_address), ' size="40" id="email-address"') . '<span class="alert">' . ENTRY_REQUIRED_SYMBOL . '</span>'; ?>
<br class="clearBoth" />

directly under it put this:

Code:

<!-- NOSPAM -->
<input style="visibility:hidden; display:none;" name="leaveblank" type="text">
<br class="clearBoth" />
<!-- NO SPAM -->

*** You probably should save this and upload it to YOURTEMPLATE folder as well so it won't be over-ridden with an update. ***

Then in includes/modules/pages/contact_us/header.php make the following changes:

Highlight this (around line 14):

Code:

$error = false;
if (isset($_GET['action']) && ($_GET['action'] == 'send')) {
  $name = zen_db_prepare_input($_POST['contactname']);
  $email_address = zen_db_prepare_input($_POST['email']);
  $subject = zen_db_prepare_input($_POST['subject']);
  $enquiry = zen_db_prepare_input(strip_tags($_POST['enquiry']));

  $zc_validate_email = zen_validate_email($email_address);
  if ($zc_validate_email and !empty($enquiry) and !empty($name)) {

and replace it with this:

Code:

$error = false;
if (isset($_GET['action']) && ($_GET['action'] == 'send')) {
  $name = zen_db_prepare_input($_POST['contactname']);
  $email_address = zen_db_prepare_input($_POST['email']);
  $subject = zen_db_prepare_input($_POST['subject']);
  // NO SPAM
  $leaveblank = zen_db_prepare_input($_POST["leaveblank"]);
  // NO SPAM
  $enquiry = zen_db_prepare_input(strip_tags($_POST['enquiry']));
  
  //edited for NO SPAM
  $zc_validate_email = zen_validate_email($email_address);

  if ($zc_validate_email and !empty($enquiry) and !empty($name) and !empty($subject) and empty($leaveblank)) {

Then find (around line 93):

Code:

    if (empty($enquiry)) {
      $messageStack->add('contact', ENTRY_EMAIL_CONTENT_CHECK_ERROR);
    }

Directly under it add:

Code:

    //NO SPAM
    if (!empty($leaveblank)) {
    zen_redirect(zen_href_link(FILENAME_TIME_OUT, 'action=success'));
    }
    //NO SPAM

Test the form normally to make sure you DO get mail from customers. Then using firefox, disable the inline CSS styles filling out all the lines including the one that should be blank. When you hit send, you should be redirected to the session timed out page. If you get blank pages or the email goes through when it shouldn't, verify all the changes for missing punctuation and check the CACHE file for errors.

For the Report A Cheaper Price mod in includes/templates/template_default/tpl_report_a_price_default.php find (about line 74):

Code:

<label class="inputLabel" for="email-address"><?php echo ENTRY_EMAIL; ?></label>
<?php echo zen_draw_input_field('email', ($error ? $_POST['email'] : $email), ' size="40" id="email-address"') . '<span class="alert">' . ENTRY_REQUIRED_SYMBOL . '</span>'; ?>
<br class="clearBoth" />

directly under it add:

Code:

<!-- NOSPAM -->
<input style="visibility:hidden; display:none;" name="leaveblank" type="text">
<br class="clearBoth" />
<!-- NO SPAM -->

Then in includes/modules/pages/report_a_price/header.php find (about line 35):

Code:

$error = false;
if (isset($_GET['action']) && ($_GET['action'] == 'send')) {
  $name = zen_db_prepare_input($_POST['contactname']);
  $email_address = zen_db_prepare_input($_POST['email']);
  $other_store = zen_db_prepare_input(strip_tags($_POST['other_store']));
  $other_store_location = zen_db_prepare_input(strip_tags($_POST['other_store_location']));
  $other_price = zen_db_prepare_input(strip_tags($_POST['other_price']));

  $zc_validate_email = zen_validate_email($email_address);

  if ($zc_validate_email and !empty($other_store) and !empty($other_store_location) and !empty($other_price) and !empty($name)) {

Replace with

Code:

$error = false;
if (isset($_GET['action']) && ($_GET['action'] == 'send')) {
  $name = zen_db_prepare_input($_POST['contactname']);
  $email_address = zen_db_prepare_input($_POST['email']);
  // NO SPAM
  $leaveblank = zen_db_prepare_input($_POST['leaveblank']);
  // NO SPAM
  $other_store = zen_db_prepare_input(strip_tags($_POST['other_store']));
  $other_store_location = zen_db_prepare_input(strip_tags($_POST['other_store_location']));
  $other_price = zen_db_prepare_input(strip_tags($_POST['other_price']));

  $zc_validate_email = zen_validate_email($email_address);

  if ($zc_validate_email and !empty($other_store) and !empty($other_store_location) and !empty($other_price) and !empty($name) and empty($leaveblank)) {

Test the form normally to make sure you DO get mail from customers. Then using firefox, disable the inline CSS styles filling out all the lines including the one that should be blank. When you hit send, you should be redirected to the session timed out page. If you get blank pages or the email goes through when it shouldn't, verify all the changes for missing punctuation and check the CACHE file for errors.

If you get a blank page after this, check for syntax errors - I had an extra } on line 128 next to

Code:

} // end action==send

When I deleted it, it worked.

If anyone knows the edits for the Create Account pages, please let me know.

Thank you!
Blessings,
K

[WhitePhoenix]

Hi, this works on my site, haven't had any spam since implementing the code,


edit file - header_php.php (in modules/pages/contact_us/)

after the line : (around 16)
$subject = zen_db_prepare_input($_POST['subject']);

add:

// NO SPAM
$leaveblank = zen_db_prepare_input($_POST["leaveblank"]);
// NO SPAM

just underneath, after:
$zc_validate_email = zen_validate_email($email_address);

change:
if ($zc_validate_email and !empty($enquiry) and !empty($name)) {

to:
if ($zc_validate_email and !empty($enquiry) and !empty($name) and empty($leaveblank)) {



edit the file tpl_contact_us_default.php (modules/templates/MY TEMPLATE/templates/)

look for: (around line 68)
<label class="inputLabel" for="email-address"><?php echo ENTRY_EMAIL; ?></label>
<?php echo zen_draw_input_field('email', ($email_address), ' size="40" id="email-address"') . '<span class="alert">' . ENTRY_REQUIRED_SYMBOL . '</span>'; ?>
<br class="clearBoth" />

directly underneath add:

<!-- NOSPAM -->
<input style="visibility:hidden; display:none;" name="leaveblank" type="text">
<br class="clearBoth" />
<!-- NO SPAM -->

Hope this helps,