There is another alternative that I have found very effective at keeping bot spam out. Basically all you do is make the contact us form's action URL be "#", and use JavaScript to modify it to its real value when the page loads. The result is that spam bots cannot submit the form, since they don't know the real action URL (because most spam bots don't evaluate JavaScript).
In the context of Zen Cart, the modification I used was this. At about line #17 of the file includes/templates/template_default/templates/tpl_contact_us_default.php, replace the line
Code:
<?php echo zen_draw_form('contact_us', zen_href_link(FILENAME_CONTACT_US, 'action=send')); ?>
with
Code:
<?php echo zen_draw_form('contact_us', '#'); ?>
And at the bottom of the file, add this:
Code:
<script>
document.forms.contact_us.action = "<?php echo zen_href_link(FILENAME_CONTACT_US, 'action=send') ?>";
</script>
The only downside is that it doesn't work if the user's browser doesn't have JavaScript enabled, but that's usually not a major concern.
I'd like to know what you folks think of this approach.
Regards,
Apsona
Bookmarks