Simple CSS/PHP AntiSpam solution for a contact form
Hi Everyone,
here is a very simple and modest contribution for all those who get spams sent with their contact forms.
I have had a look at CAPTCHA method, but it's it's one more field for your visitors, and it's sometimes a pain to decipher the letters in the image. I did some searches and found that some people had come up with a simpler and more user friendly method. Search Google for "CSS antispam" and you will find many articles about this clever idea :
Basically, you insert in the contact form a field which is hidden thanks to CSS. It acts as a trap for bots, which try to fill in every field they find. In the php file that sends the mail, you then kill the script when that field is not empty.
All I did to adapt this idea to ZenCart is the following :
edit the file tpl_contact_us_default.php (in templates folder)
add the new hidden field somewhere like between existing fields around line 70 or so :
Code:
<input style="visibility:hidden; display:none;" name="leaveblank" type="text">
edit the file : header_php.php (in modules/pages/contact_us/)
after the line :
$enquiry = zen_db_prepare_input(strip_tags($_POST['enquiry']));
add
Code:
$leaveblank = zen_db_prepare_input($_POST["leaveblank"]);
edit this line as follows (you will find it around line 23)
Code:
if ($zc_validate_email and !empty($enquiry) and !empty($name) and !empty($subject) and empty($leaveblank)) {
after this line (down around line 80)
if (empty($enquiry)) {
$messageStack->add('contact', ENTRY_EMAIL_CONTENT_CHECK_ERROR);
}
add this test that kills the page if the field was not empty, i.e. filled in by a bot.
Code:
if (!empty($leaveblank)) {
exit;
}
To verify, you can install the firefox extension WebDeveloper, disable Inline CSS and add something to the now-not-hidden field.
I hope that helps. The only catch would be for users who have disabled CSS, but who does that, right.. Any comments or improvements or doubts, let me know.
Best regards,
Denis
Re: Simple CSS/PHP AntiSpam solution for your contact form
forgot to mention : ZenCart version 1.3.8
Re: Simple CSS/PHP AntiSpam solution for your contact form
How ingenious! I did a Google as you suggested and if you go here:
http://blog.motane.lu/2008/12/19/ema...am-protection/
at the bottom of the page there is a reference to writing the email address backwards and using CSS to display or render it correctly...
This would be the CSS (not sure how the email should be written)
a.email {
direction:rtl;
unicode-bidi: bidi-override;
}
Re: Simple CSS/PHP AntiSpam solution for your contact form
Hi nohart,
that's interesting solution to scramble an email address. Thanks,
Denis
Re: Simple CSS/PHP AntiSpam solution for your contact form
This works perfectly! I added it to all pages that use a contact form such as the Ask A Question mod. I gave the input a label of Confirm Email Address to make it look like a natural part of the form. Now we are getting 0 spam emails through our site!
Thanks!!!
Re: Simple CSS/PHP AntiSpam solution for your contact form
Denis - many thanks for that, very useful.
Your clear instructions also helped me to add a "What is 2+2?" type question.
Bob.
Re: Simple CSS/PHP AntiSpam solution for your contact form
Re: Simple CSS/PHP AntiSpam solution for your contact form
1. Found the following hides well in templates/tpl_whatever.
Code:
<div style="visibility:hidden; display:none;">
<label class="inputLabel" for="confirm_email">Confirm Email: </label>
<input id="confirm_email" name="leaveblank" type="text"><span class="alert"><strong> * </strong></span>
<br class="clearBoth" />
</div>
2. Also replaced the following in modules/pages/whatever/header_php.php
Code:
if (!empty($leaveblank)) {
exit;
}
with
Code:
if (!empty($leaveblank)) {
zen_redirect(zen_href_link(FILENAME_WHATEVER, 'action=success'));
}
as it gives the impression of the form passing.
Cheers and thanks for the heads up.
Re: Simple CSS/PHP AntiSpam solution for your contact form
Being a novice at Zencart/PHP I could do with a little guidance.
First what I understand.
Your adding a blank field to be filled in. The field is not available/usable for a human to fill in and so is left empty.
Therefore all that can fill it in is a program and these can't differentiate between usable and hidden fields and so fills them in.
You used the "confirm email" address on the contact us page as this is not used and tricks the bots into filling them in.
On the site I'm creating, (the previous website the wrestling company i'm doing the work for was a UK2 tradingeye site), they also implemented an invisible field on the sign up page as they had bots signing up to get the email address via the auto email system.
And finally the question.
Would this solution work on the sign-up page, and what would I need to look at editing?
p.s. please indicate which if any are core files i'd need to edit and which are in my override template to edit.
Example isn't another way to teach, it is the only way to teach. - Albert Einstein.
Re: Simple CSS/PHP AntiSpam solution for your contact form
I've worked out how to get it into the contact us page.
Could someone give me a couple of pointers for the account registration page please.