Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I'm in the process of learning more PHP. I've not really done any PHP before, only enough for basic emailing on contact forms. In the past when I've made such forms I've occasionally had spam emails come through via that script. From the frequency of the emails and the content it is very much apparent that it isn't someone coming on the website and spamming via the form but rather they know the url of the php file and are submitting data to it via that in some way; what is the best way to prevent this sort of thing happening.
If you're in your very early stages of PHP (or programming in general) I would recommend that you create an input in your form which you hide or move off screen using css.
This would mean that no real user would fill this, but when when a bots comes to your page and submit the form, they would fill it in with some garbage data.
In your php code handling the submission, simply check to see if this field has been submitted or not. If it has then you know it was not a real person, so discard the submission and do not proceed further with sending the email.
Note: I'm only recommending the approach above for learning purposes and for tiny projects that are not really in production use. If you need a more robust solution, then look into some sort of capcha solution or some javascript that adds some csrf type of checks to your form.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I'm writing up my first website and I am down to the last part; the contact form. Everything has been just HTML5 and CSS so far. From the searches I've done online it would seem that PHP is necessary to make contact forms. Is that true? If not what are some other ways? I'm guess making a contact form with just HTML5 and CSS isn't possible.
Is PHP absolutely necessary to make a contact form?
PHP, no. A server side scripting language of some description, yes.
PHP is generally used because it's common and is shipped with most standard web servers.
You could also use ASP, Python, node.js, whatever you want.
I'm guess making a contact form with just HTML5 and CSS isn't possible.
Making the form is, you just won't be able to send any emails without it.
The only way you could achieve this without using your own server side validation is to use someone else's (i.e. a third party to send your email for you). You'll still be exposing your connection to them, which isn't ideal.
Just add it with PHP if your web server has it installed already! See the documentation for examples. Otherwise there's plenty of tutorials online if you search "[language here] contact form tutorial".
No, PHP is not necessary. To make a contact form which a user can send you'll need some kind of a server-side implementation, and PHP is one of the easiest ways to go.
But you are correct in that HTML and CSS wont be enough.
You could send an email directly from the user's device to your email address using javascript like this
window.open('mailto:oliver#example.com?subject=subject&body=body');
the subject and body could be made from the form content. When you receive the email, you do what you want with it.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
Is it possible to run a PHP file which doesnt contain any html?
I have a form, from which I want to submit data to a database. If I were to have the submit buttons action property set to a php file which solely deals with data submission, and then have a redirect on this page to the next visible webpage, would this work?
My reason for asking is I have quite a few different forms, some of which use the same submission code. If I were to have all this on one page and then use conditional logic to determine where the data came from (thus being able to determine what data was submitted and which page to load next) it would make my webpages much more readable, and the submission code much more re-usable.
PHP can take care of all kinds of things behind the scenes. That's the basic meaning of server-side scripting. So yes -- HTML or on-screen presentation are not necessarily in the code everywhere.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
I am creating a form that users will use to register for an event. However, I just discovered that there are some really tight security limitations due to policies due to the site's hosting and also policies the organization has about external-facing scripts (such as PHP) that are seen as an unneeded vulnerability.
I haven't been told flat-out that all PHP is completely banned, but I think that I won't be able to create a file and send email with it. However, I do want to be able to have an online registration form that can be filled out and emailed in as low-tech a way as possible.
I'm aware that you can use mailto: to prepopulate the subject and body of an email sent through the users normal email client:
mailto:my#addy.com?subject=subject+here&body=body+of+email
This is not the best solution because not everyone will be able to use mailto in this way, and for those that do, they must be relied upon not to mess up the formatting of the email. It isn't very consistent. Is there anything better than mailto: but which is still less of a security risk than PHP?
If you don't have the ability to run server side code, then sending an email is pretty much out of the question. Unless of course, you can make javascript calls to some other website that emails or store the form information for you.
Your best bet might be outsourcing it entirely, and using a Google Doc form or something.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
My site has a PHP contact form which emails me the form data. It is works well when I test it. Also I have received lots of emails from site visitors via that form but ocassionally I receive very strange emails from the form like the one below:
v0lMO8 tqiptnoljxnt,
[url=http://fqnyptgpiqbp.com/]fqnyptgpiqbp[/url],
[link=http://atmsirfurmic.com/]atmsirfurmic[/link],
http://uoaxeaumrkvo.com/
I have no clue whether there something wrong with the form or this is something deliberately sent to me as spam?
Thanks
It's spam. You need to add some kind of spam protection to your website to avoid such situations - simple question or rewritting code from the image. It should reduce number of this kind of mails.
It looks like spam since the URL is typed in different ways so that one may work for you to click it.
I think you need to secure your form by adding random hidden inputs that are stored in sessions and checked while sending to protect your script from cross-site scripting along with better way of human verification.
It's spam. You options are either:
a) Just live with it if the number of emails is manageable
b) Implement some kind of 'human check'. Google recaptcha is free + easy to implement one, but bear in mind that it can be annoying for legitimate users, so only do this if you think you can't easily cope with the amount of spam email you receive.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed last year.
Improve this question
What is the most secure way to fight spam? Any algorithm?O r way to fight back spammers?
Get a captcha dude, it's probably the best way to defeat spam. Here is a great one called reCaptcha. It's pretty easy to integrate with PHP and is mighty effective. Here is how you do it.
Mollom is a more user-friendly alternative to reCaptcha. It can be set to only require CAPTCHA validation if the content of the submission looks "spammy", so it doesn't interfere with users entering safe submissions.
3 simple methods that I use on my employer's website contact form that really help out:
Set a serverside timestamp when the contact page loads, and check the
time again when it posts. If your form was submitted in under 5 seconds (or
whatever minimal time is reasonable for your form) then you know its a bot since
humans aren't that fast.
Check for multiple tag types in the message. Much of spam we see spam tries to mix html and
bulletin board style tags, so you get <a> and [url=] [link=] in the
same message, this is an easy to check red flag
Create a hidden text input field called email and name the visible
email field something different. Human visitors won't see that field, so if it has a
value its a bot(technically could be a
blind person with a screen reader but highly unlikely)