Adding Spam Protection in Form

I am trying to implement the "Spam Protection" code below into the "Comment Code" below so that everytime a spammer attempts to post a posting with "www," it will throw a error message.

Does my "Spam Protection" statement look correct?

I have been trying to add the spam protection code into my comment form code, but keep getting an error.

In the Comment Code, where do you think would be the best place for me to add the spam protection code?

Thanks!




Spam Protection
$SpamErrorMessage = "No Website URLs permitted";

if (preg_match("/www/i", "$name")) {

die($SpamErrorMessage);

}elseif{preg_match("/www/i", "$comment")) {

die($SpamErrorMessage);

}


Comment Form

<?php
##			Configurations				##

$tag_loc = "tags.txt"; 				//The Location of your tag files database. Remember to chmod this file to 777 or something similar!
$allowed_html = "<b><a><i><u>";		//HTML tags to allow in your tags
$tz = 8; 							//The Timezone you want to see your logged time in
$restricted_time = 5;				//The time in seconds between each posts a user must wait. Set it to 0 to diable flooding protection.
$emoticon_db = "smile.txt";			//The file that holds refernces to the emoticons
$data_life = 480000;				//The cookie life for data cookies
if (!$tag_show){
	$tag_show = 50;					//The Number of tags to show on each page
}
if (!$tag_order){
	$tag_order = "new";				//Default tag ordering. Possible values: new, old
}
$auto_chmod = false;				//Enable or disables auto chmod. This should be disabled on a windows platform as the chmod function will add a read-only attribute to the file and make it unreadable by the script.
##			End Configurations			##
##########################################

##########################################
##				Functions				##
//This function will change the give timestamp into the current time in the $tz timezone
function getGmt($when = "now",$format = "j\\<\\s\\u\\p>S\\<\\/\\s\\u\\p\\> \\o\\f F Y"){
	global $tz;
	if ($when == "now"){
		$when = time();
	}
	$time = $when;
	$time = gmdate($format,$when + (3600 * $tz));
	return $time;
}
//Check whether cookie exists
function check_ptag(){
	global $ptag;
	if ($ptag){
		return true;
	}
	else{
		return false;
	}
}
//Function to remove a stated field from QUERY_STRING and returns it
function querystring_remove($field, $string = "default"){
	//echo $string."<br>";
	if ($string == "default"){
		global $QUERY_STRING;
		$string = $QUERY_STRING;
	}
	$database = explode("&",$string);
	//Find the specified field and delete it by replacing it with a "del" string
	for ($i = 0; $i <= count($database)-1; $i++){
		$data = explode("=",$database[$i]);
		if ($data[0] == $field){
			$database[$i] = "del";
		}
		//echo $database[$i]."<br>";
	}
	//Piece it back up and return it
	$return_string = "";
	$count = 0;
	for ($i = 0; $i <= count($database)-1; $i++){
		if ($database[$i] != "del"){
			if ($count != 0){
				$return_string .= "&";
			}
			$count ++;
			$return_string .= $database[$i];
		}
	}
	//Return it
	return $return_string;
}
//Function used to retrieve the cookie data
function parse_ptag_data(){
	global $ptag;
	if ($ptag){
		$database1 = explode("\t",$ptag);
		$database[0] = $database1[0];
		$database[1] = $database1[1];
		$database[2] = $database1[2];
	}
	else{
		$database[0] = "";
		$database[1] = "";
		$database[2] = "";
	}
	return $database;
}
//Function to check whether the user has posted.
function check_posted(){
	//Globalise the cookie
	global $restricted_time,$_SESSION;
	//Check if it exists
	if (time() - $_SESSION["ptag_flood"] > $restricted_time || $_SESSION["ptag_flood"] == ""){
		return false;
	}
	return true;
}
//Function to add emoticons into a string
function smilee($texttobe){
	global $smiledata , $filet , $datat , $smile;
	//Smiles
	$smilesnos = count($smiledata) - 1;
	for ($i = 1; $i <= $smilesnos; $i++){
		$database = explode("\t",$smiledata[$i]);
		if ($msg4){
			$message = $msg4[$i-1];
		}
		else{
			$message = $texttobe;
		}
	$_1 = $database[0];
	$_2 = trim($database[1]);
	$msg4[$i] = str_replace($_1,$_2,$message);

	}
	$msgss = count($msg4);
	$msgfinal = $msg4[$msgss];
	//$msgfinal = $msg4;
	//Smiles end
	return $msgfinal;
}
//Function to parse and turn text into Hyperlinks. With Credit from User Comment on http://sg2.php.net/preg_replace by cgamedude at yahoo dot com
function insert_links ( $Text )
{
//  First match things beginning with http:// (or other protocols)
   $NotAnchor = '(?<!"|href=|href\s=\s|href=\s|href\s=)';
   $Protocol = '(http|ftp|https):\/\/';
   $Domain = '[\w]+(.[\w]+)';
   $Subdir = '([\w\-\.,@?^=%&:\/~\+#]*[\w\-\@?^=%&\/~\+#])?';
   $Expr = '/' . $NotAnchor . $Protocol . $Domain . $Subdir . '/i';

   $Result = preg_replace( $Expr, "<a href=\"$0\" title=\"$0\" class='link'>$0</a>", $Text );

//  Now match things beginning with www.
   $NotAnchor = '(?<!"|href=|href\s=\s|href=\s|href\s=)';
   $NotHTTP = '(?<!:\/\/)';
   $Domain = 'www(.[\w]+)';
   $Subdir = '([\w\-\.,@?^=%&:\/~\+#]*[\w\-\@?^=%&\/~\+#])?';
   $Expr = '/' . $NotAnchor . $NotHTTP . $Domain . $Subdir . '/i';

   return preg_replace( $Expr, "<a href=\"http://$0\" title=\"http://$0\" class='link' target='_blank'>$0</a>", $Result );
} 


##				Functions				##
##########################################

##########################################
##				Start Script			##
 session_save_path("/phpsessions");
session_start();
if ($auto_chmod == true){
	//Attempts to chmod the DB in case the user has forgotten. Pls note that this will NOT ALWAYS work as it depends on the server's permission settings.
	@chmod($tag_loc,777);
}
//Open a file handle for the DB
$filet = @fopen($tag_loc,"a+");
if (!$filet){
	die("An error has occurred. The Tags database could not be accessed.");
}
$datat = file($tag_loc);
flock($filet,2);
//Get the emoticons data into an array
$smiledata = @file("$emoticon_db");
if (!$smiledata){
	die("The emoticon database file could not be accesse.");
}
$countsmilet = count($smiledata) - 1;
//Splice out the header
array_splice($datat,0,1);
$tag_count = count($datat)-1;
flock($filet,2);
//The following is used to show only the latest $tag_show no of entries.
if ($tag_all == "true"){
	$tag_start = 0;
	$tag_end = $tag_count;
}
elseif ($tag_page){
	$tag_page = $tag_page-1;
	$tag_start = $tag_page*$tag_show;
	$tag_end = $tag_start + $tag_show - 1;
		if ($tag_end >= $tag_count){
			$tag_end = $tag_count;
		}
}
else{
	if (!$tag_start){
		$tag_start = 0;
	}
	if (!$tag_end){
		$tag_end = $tag_start + $tag_show - 1;
		if ($tag_end >= $tag_count){
			$tag_end = $tag_count;
		}
	}
}
//The Following code is brought forward from Verson 2 with only minor changes as thers is really nothing much to change
if ($HTTP_POST_VARS["tag"] == "true"){
	//If there are posts of tags
	if ($HTTP_POST_VARS["name"] != "" && $HTTP_POST_VARS["comment"] != "" && check_posted() == false){
		$newname = eregi_replace("<","&lt;",$HTTP_POST_VARS["name"]);
		$newname2 = eregi_replace(">","&gt;",$newname);
		$write = "\r\n".$newname2."\t";
			if ($HTTP_POST_VARS["website"] != ""){
				$web = eregi_replace("http://","",$HTTP_POST_VARS["website"]);
				$web2 = eregi_replace("<","&lt;",$web);
				$web3 = eregi_replace(">","&gt;",$web2);
				$write .= $web3;
			}
			else{
				$write .= "none";
			}
		$write .= "\t";
			if ($HTTP_POST_VARS["email"] != ""){
				$mail = eregi_replace("mailto:","",$HTTP_POST_VARS["email"]);
				$mail2 = eregi_replace("<","&lt;",$mail);
				$mail3 = eregi_replace(">","&gt;",$mail2);
				$write .= $mail3;
			}
			else{
				$write .= "none";
			}
		$write .= "\t";
		$msg = eregi_replace("<","&lt;",$HTTP_POST_VARS["comment"]);
		$msg2 = eregi_replace(">","&gt;",$msg);
		$msg3 = strip_tags($msg2,$allowed_html);
		$msg4 = str_replace("\n","&nbsp;",$msg3);
		$msg4 = str_replace("\n","&nbsp;",$msg4);
		$msg4 = insert_links(str_replace("\r","&nbsp;",$msg4));
		$write .= $msg4;
		$write .= "\t".$REMOTE_ADDR."\t".getGmt("now","j\\<\\s\\u\\p>S\\<\\/\\s\\u\\p\\> \\o\\f F Y, l, h:i a")."\t".$HTTP_USER_AGENT;
		fwrite($filet,stripslashes(strip_tags($write,$allowed_html)));
		$tagsoutput = "Thanks For Posting!. Click <a href=\"javascript:re()\" class='link'><u>here</u></a> to go back.";
		//**************
		//Anti Flood
		$_SESSION["ptag_flood"] = time();
		//**************
		//**************
		//Store Data Cookie
		setcookie("ptag" ,$_POST["name"]."\t".$_POST["Email Me"]."\t".$_POST["website"], time()+$data_life);
		//*************
	}
	else{
	$tagsoutput  = "Error! You cannot leave the name or message field blank. You can also only tag $restricted_time seconds after your last post. Click <a href='javascript:re()' class='link'>here</a> to go back.";
	}
}
//Nothing? Lets display the tags then!
else{
	if ($tag_order == "old"){
		$sorteddata = $datat;
	}
	elseif ($tag_order == "new"){
		$sorteddata = array_reverse($datat);
		$i = 0;
	}
	$entriesnost = count($datat);
	if ($order == "old"){
		$sorteddata = $datat;
		$i = 1;
		$entriesnot = $entriesnost - 1;
	}
	if ($order == "new"){
		$sorteddata = array_reverse($datat);
		$i = 0;
		$entriesnot = $entriesnost - 2;
	} 
	for ($i = $tag_start; $i <= $tag_end; $i++){
		$database = explode("\t",$sorteddata[$i]);
		$tagsoutput .= "<!--$i-->.:";
		if ($database[1] != "none"){
			$tagsoutput .= "<a class='link' href='http://";
			$tagsoutput .= $database[1];
			$tagsoutput .="' target='_blank'>";
			$tagsoutput .= smilee(stripslashes($database[0]));
			$tagsoutput .="</a>";
		}
		else{
			$tagsoutput .= smilee($database[0]);
		}
		$tagsoutput .= "";
		if ($database[2] != "none"){
			$tagsoutput .= " <a class='link' href='mailto:";
			$tagsoutput .= stripslashes($database[2]);
			$tagsoutput .= "'>[E-Mail Me]</a>";
		}
		$tagsoutput .= ":.&nbsp;&nbsp;";
		$texttobe = stripslashes(strip_tags($database[3],$allowed_html));
		$msgfinal = smilee($texttobe);
		$tagsoutput .= stripslashes($msgfinal);
		$tagsoutput .= "<hr>";
	}
}
flock($filet,3);
fclose($filet);
//Code to Generate the List of Smiles
$nosmile = count($smiledata) - 1;
for ($i = 1; $i <= $nosmile; $i++){
	$database = explode("\t",$smiledata[$i]);
		$smilesoutput .=  "<a onmouseout='window.status=\"\";return true;' href='javascript:addcode(\" ";
		$smilesoutput .=  stripslashes($database[0]);
		$smilesoutput .=  " \",current)' onmouseover='window.status=\"";
		$smilesoutput .=  $database[0];
		$smilesoutput .=  "\";return true;'>";
		$smilesoutput .=  trim(stripslashes($database[1]));
		$smilesoutput .= "</a> ";
		$smilesoutput .=  "\n";
}
//Deprecated
if (eregi("MSIE",$HTTP_USER_AGENT)){
	$msie1 = '<span id="smilehide" style="display: none"><div class="subtext"><a class="link" href=\'javascript:smile("hide")\' onmouseover=\'window.status="";return true\'>Hide Smiles »</a></div></span><span id="smileshow" style="display:"><div class="subtext"><a class="link" href=\'javascript:smile("show")\' onmouseover=\'window.status="";return true\'>Show Smiles »</a></font></span><span id="smilecontent" style="display:none">';
	$msie2 = "</span>";
}
else{
	$msie1 = "";
	$msie2 = "";
}
//Pagination
if ($tag_page){
	$tag_page++;
}
//Previous
if (!$tag_page){
	$tag_prev = "&lt;&lt; Previous";
}
else{
	$prev = $tag_page-1;
		//Remove the tag_page from the query string and also removeptag
		$string = querystring_remove("tag_page");
		$string = querystring_remove("removeptag",$string);
		$prev_link = $PHP_SELF."?".htmlspecialchars($string)."&amp;tag_page=$prev";
	if (!$QUERY_STRING || $string == ""){
		$prev_link = $PHP_SELF."?tag_page=$prev";
	}
	$tag_prev = "<a href=\"$prev_link\" class=\"link\">&lt;&lt; Previous $tag_show</a>";
}
//Next
if ($tag_end >= $tag_count){
	$tag_next = "Next &gt;&gt;";
}
else{
	if (!$tag_page){
		$tag_page = 1;
	}
	$next = $tag_page + 1;
		//Remove the tag_page from the query string and also removeptag
		$string = querystring_remove("tag_page");
		$string = querystring_remove("removeptag",$string);
		$next_link = $PHP_SELF."?".htmlspecialchars($string)."&amp;tag_page=$next";
	if (!$QUERY_STRING || $string == ""){
		$next_link = $PHP_SELF."?tag_page=$next";
	}
	$tag_next = "<a href=\"$next_link\" class=\"link\">Next $tag_show &gt;&gt;</a>";
}

//tag_all
	//Remove the tag_page from the query string and also removeptag
	$string = querystring_remove("tag_page");
	//die($string);
	$string = querystring_remove("removeptag",$string);
	$string = querystring_remove("tag_all",$string);
	$tag_all = $PHP_SELF."?".htmlspecialchars($string)."&amp;tag_all=true";
if (!$QUERY_STRING || $string == ""){
	$tag_all = $PHP_SELF."?tag_all=true";
}
//Tag_order_string
if ($tag_order == "new"){
		//Remove the tag_page from the query string and also removeptag and tag_order
		$string = querystring_remove("tag_page");
		$string = querystring_remove("removeptag",$string);
		$string = querystring_remove("tag_order",$string);
		$tag_order_string = "<a href=\"".$PHP_SELF."?".htmlspecialchars($string)."&amp;tag_order=old"."\" class=\"link\">Oldest First</a>";
	if (!$QUERY_STRING || $string == ""){
		$tag_order_string = "<a href=\"".$PHP_SELF."?tag_order=old"."\" class=\"link\"></a>";
	}
}
else{
		//Remove the tag_page from the query string and also removeptag and tag_order
		$string = querystring_remove("tag_page");
		$string = querystring_remove("removeptag",$string);
		$string = querystring_remove("tag_order",$string);
		$tag_order_string = "<a href=\"".$PHP_SELF."?".htmlspecialchars($string)."&amp;tag_order=new"."\" class=\"link\">Newest First</a>";
	if (!$QUERY_STRING || $string == ""){
		$tag_order_string = "<a href=\"".$PHP_SELF."?tag_order=new"."\" class=\"link\">Newest First</a>";
	}
}
//pagination
if (!$tag_page){
	$tag_page = 1;
}
$pagination = "Page(s): ";
$pages = ceil((count($datat)-1)/$tag_show);
if (!$tag_page){
	$tag_page = 1;
}
if ($pages == 0){
	$pagination .= "<b>1</b>";
}
else{
	for ($i = 1; $i <= $pages; $i++){
		if ($i != 1){
			$pagination .= " - ";	
		}
		if ($i == $tag_page){
			$pagination .= "<b>$i</b>";
		}
		else{
			if ($QUERY_STRING){
				$string = querystring_remove("tag_page");
				$string = querystring_remove("removeptag",$string);
				$string = querystring_remove("tag_all",$string);
				$string = $PHP_SELF."?".htmlspecialchars($string)."&amp;tag_page=$i";
			}
			else{
				$string = $PHP_SELF."?tag_page=$i";
			}
		$pagination .= "<a href='$string' class='link'>$i</a>";
		}
	}
}
//Data cookie stuff
$ptag_data = parse_ptag_data();
$self_url= $PHP_SELF."?".$QUERY_STRING;
if (check_ptag() && !$removeptag){
	if ($QUERY_STRING){
		$removecookie = "<a href=\"$self_url&amp;removeptag=true\" class=\"link\">Remove All Cookies   </a>";
	}
	else{
		$removecookie = "<a href=\"$self_url?removeptag=true\" class=\"link\">Remove All Cookies   </a>";
	}
}
	if ($removeptag && check_ptag()){
		setcookie("ptag","",time()-1);
		$removecookie = "Cookie Removed";
	}
if (!check_ptag()){
	if ($removeptag){
		$removecookie = "No Cookies To Remove";
	}
	else{
		$removecookie = "";
	}
}
##				End Script				##
##########################################
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link rel="stylesheet" href="style.css" type="text/css">
<script type="text/javascript">
//Insert at Claret position. Code from
// http://www.faqts.com/knowledge_base/view.phtml/aid/1052/fid/130
current = "nothing"
function storeCaret(textEl) {
	if (textEl.createTextRange) textEl.caretPos = document.selection.createRange().duplicate();
current = textEl
}
function addcode(text,whatever){
if (whatever == "nothing"){
alert("Error, please select a field to insert the smile/code.")
}
else if (whatever.createTextRange && whatever.caretPos) {
		var caretPos = whatever.caretPos;
		caretPos.text = caretPos.text.charAt(caretPos.text.length - 1) == ' ' ? text + ' ' : text;
		whatever.focus();
	} else {
	whatever.value  += text;
	whatever.focus();
	}
}
function smile(mode){

if (mode == "show"){
smilehide.style.display=''
smileshow.style.display='none'
smilecontent.style.display=''
}
if (mode == "hide"){
smilehide.style.display='none'
smileshow.style.display=''
smilecontent.style.display='none'
}
}
function re(){
	self.location = '<?=htmlspecialchars($PHP_SELF."?".$QUERY_STRING)?>'
}
</script>
</head>
<body style="background-color:transparent">
<table class="borderless" width="100%"><tr><tr><td class="menutable" valign="top">
<form action="" method="Post" name="tag"><center>
<div class="menu"><?=htmlentities("")?></div></center><div class="tagboard">
<div class="subtext">
<!--Dont edit this part-->
<?=$tagsoutput?>
<!-- You can edit -->
</div>
</div>
<div class="subtext" align="right">
<?=$tag_prev?> | <?=$tag_next?>
<br><?=$pagination?>
<br><?=$removecookie?><?=$tag_order_string?><a href="<?=$tag_all?>" class="link"></a>
</div>
<div class="menu">
<table class="borderless" width="100%">
<tr>
	<td class="menutable" width="25%"><div class="menu">Name: </div> </td>
	<td class="menutable" width="75%"><input type="text" name="name" class="inputtext" size="6" style="width:100%" value="<?=$ptag_data[0]?>" onselect="storeCaret(this);" onclick="storeCaret(this);" onkeyup="storeCaret(this);"></td>
</tr>


<tr>
	<td class="menutable"><div class="menu">
Comment: </div> </td><td class="menutable">

<input type="text" name="comment" class="inputtext" size="6" onselect="storeCaret(this);" onclick="storeCaret(this);" onkeyup="storeCaret(this);" style="width:100%" ></td></tr></table><br><!-- dont edit this part -->
<?=$smilesoutput?>
<!--you can start editing-->
<br>
<input type="submit" class="buttontext" value="Post!"> <input type="reset" value="Clear Comment" class="buttontext"><input type="hidden" name="tag" value="true">
</div>
</div>
</form></td></tr>
</table>
</body>
</html>

Code (markup):

 

Maybe they want to post something like wowww nice site!
or wwwooooottt! nice site!

So yeah, this can have negative effect.

 

Thanks for bringing that up - that is true. I will change it to http.



$SpamErrorMessage = "No Website URLs permitted";

if (preg_match("/http/i", "$name")) {

die($SpamErrorMessage);

}elseif{preg_match("/http/i", "$comment")) {

die($SpamErrorMessage);

}

 

More efficient way.

$SpamErrorMessage = "No Website URLs permitted";

if (preg_match("/http/i", $name) || preg_match("/http/i", $comment)) {
    die($SpamErrorMessage);
}

PHP:

 

Thank you Kaizoku

Is there something that I can add to the Spam Protection code so that when the error page with the "No Websites URLS permitted" message appears, the page will automatically refresh to its original page after 3-4 seconds?

thanks again

 

$SpamErrorMessage = "No Website URLs permitted";

if (preg_match("/http/i", $name) || preg_match("/http/i", $comment)) {
    echo $SpamErrorMessage;
    sleep(mt_rand(3, 4));
    header("Location: ".$_SERVER['PHP_SELF']);
    exit;
}

PHP:

 

Thanks again

For some reason, when the page displayed the error message, it was not able to refresh to its original page. Any ideas?

Thank you again

 

Try this, save the image to your server for better performance.

$SpamErrorMessage = "No Website URLs permitted";

if (preg_match("/http/i", $name) || preg_match("/http/i", $comment)) {
    die($SpamErrorMessage."<img src='http://www.hostelsamsterdam.com/achtergrond/g2/blank.gif' width='1' height='1' onload=\"setTimeout('window.location.href=\'{$_SERVER['PHP_SELF']}\'', 5000);\">");
}

PHP:

 

Thank you - It worked. I appreciate it

 

Is there a way to apply a style from a stylesheet to the error message of "No Website URLs permitted"?

Thanks

 

hi, wrote a spamcheck class a while ago, check it out in my hardly updated blog:

http://johnnybravooo.wordpress.com/2007/08/12/spam-check-for-you-php-sites/

maybe this helps...

 

Just use a div or span and apply a style attribute to it like below

$SpamErrorMessage = "<div style='font-weight: bold;'>No Website URLs permitted</a></div>";

PHP: