As the title would indicate, I know a lil about PHP, but zero about ASP. I was having problems with spam from one of my forms, and one solution I did was to have a form field I named "message" that is hidden. Humans can not see it, and thus will not fill it out. Spambots however, just look at the internal code, and will fill out the field automatically. What was done, was to designate that if any data was contained within the "invisible" field, to reject the form: // spam trap begin if($_POST["message"] != ""){ exit; }else{ // human // continue as normal... } // spam trap end PHP: I have an ASP form processor that is working quite well in all aspects except filtering for spam, so I am not looking for an all new one -- just some ASP snippet that acts like the above PHP that I can slide right into the existing code. Also, it would be nice to have the form rejected if certain fields contain links, but alas, I do not know how to do that either in ASP. (if someone is feeling especially generous, how does one snag the IP # of the form sender?) Anyway, here is my existing ASP processor I am using: <%@language = "VBscript"%> <% 'Tom Germain's Standard Cgiware Global Variables and set-up 'DO NOT REMOVE THIS SECTION OR NOTHING WILL WORK Dim strError Response.Buffer = True If ScriptEngineMajorVersion < 2 Then ReportError "Host system needs scripting engine upgrade to use this script" End If Set objFM = CreateObject("Scripting.Dictionary") If IsObject(objFM) = False Then ReportError "Host system lacks component(s) required by this script" End If Set objMailx = CreateObject("CDONTS.Newmail") If IsObject(objMailx) = False Then ReportError "Host system lacks component(s) required by this script" End If Set objMailx = Nothing %> <% 'aspmailer.asp by Tom Germain, Copyright 1998-2004 'Version 1.0 'cgiwaresoftware@yahoo.com 'Visit http://www.cgiware.com for latest version, documentation, and other resources 'This is freeware - Use at your own risk. No warranties provided. 'Redistribution of this program, in whole or in part, is strictly 'prohibited without the expressed written consent of the author. 'Custom programming available on hourly fee basis. %> <%'variables you can set start here%> <% strRcpt = "sales@goodwillsv.org" 'Put the address you want the form sent to here strFromVar = "Email" 'If you want a reply-to email address to be taken from the form ' put the name of the input item here. strDefFrom = "GoodSourceForm@goodwillsv.org" 'Put a default, even fake, From address here strDefSubject = "Form submitted" 'Put the subject of the letter here. If an input item called 'subject exists in the form, its value will be used instead. strRedirect = "rfq.html" 'Url to redirect to after a successful form submission. If an input item called 'redirect exists in the form, its value will be used instead. %> <%'variables you can set end here%> <% ParseForm CheckForm If Len(strError) > 0 Then ReportError strError End If strOutX = SeqForm If Len(strOutX) < 1 Then strOutX = FormToString End If If Len(strOutX) < 1 Then ReportError "Submitted form is empty" End If strSubject = strDefSubject If objFM.Exists("TGsubject") Then strSubject = objFM.Item("TGsubject") End If strFrom = strDefFrom If Len(strFromVar) > 0 Then If objFM.Exists(strFromVar) Then strFrom = objFM.Item(strFromVar) End If End If SendMail strFrom,strRcpt,strSubject,strOutX If Len(strRedirect) > 0 Then Response.redirect(strRedirect) Response.End End If If objFM.Exists("TGredirect") = True Then If Len(objFM.Item("TGredirect")) > 0 Then Response.redirect(objFM.Item("TGredirect")) Response.End End If End If %> <!--*******SUCCESSFUL SUBMISSION RESPONSE - START*******--> <!--ADD YOUR OWN HTML TOP SECTION STARTING HERE--> <h1>Form Sent!</h1> Your request has been received and will be processed shortly. <!--ADD YOUR OWN HTML TOP SECTION UP TO HERE--> <!--*******SUCCESSFUL SUBMISSION RESPONSE - END********--> <% Credit Response.End %> <% Function IsValidEmail(Email) Dim Temp,Temp2 strNotValid = "<br>Email address not valid" strTooLong = "<br>Email address too long" If Len(Email) > 100 Then ReportError strTooLong End If Email = LCase(Email) Temp = Split(Email,"@",2,1) If UBound(Temp) < 1 Then ReportError strNotValid End If Temp2 = Split(Temp(1),".",-1,1) If UBound(Temp2) < 1 Then ReportError strNotValid End If End Function %> <% Function SendMail(From,Rcpt,Subject,Body) Trim(From) Trim(Rcpt) If Len(From) < 1 Then ReportError strError & "<br>No Reply-to address (From) for this letter" End If If Len(Rcpt) < 1 Then ReportError strError & "<br>No recipient for this letter" End If IsValidEmail Rcpt IsValidEmail From Set objMailer = CreateObject("CDONTS.Newmail") objMailer.From = From objMailer.To = Rcpt objMailer.Subject = Subject objMailer.Body = Body objMailer.Send Set objMailer = Nothing End Function %> <% Function CheckForm() Dim Temp,strTmp,strForce strInputReq = "<br>Input required for " If objFM.Exists("TGrequire") = False Then Exit Function ElseIf isEmpty(objFM.Item("TGrequire")) Then Exit Function End If strForce = objFM.Item("TGrequire") Temp = Split(strForce,",",-1,1) For Each strTmp in Temp If objFM.Exists(strTmp) = False Then strError = strError & strInputReq & strTmp ElseIf Len(objFM.Item(strTmp)) < 1 Then strError = strError & strInputReq & strTmp End If Next End Function %> <% Function ParseForm() For Each Item in Request.Form If objFM.Exists(Item) Then objFM.Item(Item) = objFM.Item(Item) & "," & Request.QueryString(Item) Else objFM.Add Item,Request.Form(Item) End If Next For Each Item in Request.QueryString If objFM.Exists(Item) Then objFM.Item(Item) = objFM.Item(Item) & "," & Request.QueryString(Item) Else objFM.Add Item,Request.QueryString(Item) End If Next End Function %> <% Function SeqForm() Dim Temp,strTmp,strOrder,strOut If objFM.Exists("TGorder") = False Then Exit Function ElseIf isEmpty(objFM.Item("TGorder")) Then Exit Function End If strOrder = objFM.Item("TGorder") Temp = Split(strOrder,",",-1,1) For Each strTmp in Temp If objFM.Exists(strTmp) Then strOut = strOut & strTmp & "=" & objFM.Item(strTmp) & Chr(10) End If Next SeqForm = strOut End Function %> <% Function FormToString() Dim strOut strKeys = objFM.Keys strValues = objFM.Items For intCnt = 0 To objFM.Count -1 strOut = strOut & strKeys(intCnt) & "=" & strValues(intCnt) & Chr(10) Next FormToString = strOut End Function %> <% Function ReportError(strMess) If Len(strMess) < 1 Then strMess = strError End If strErr = "The following error(s) happened: <br>" & strMess Response.Clear %> <!--*******ERRONEOUS SUBMISSION RESPONSE - START*******--> <!--ADD YOUR OWN HTML TOP SECTION STARTING HERE--> <h1>Error!</h1> <!--ADD YOUR OWN HTML TOP SECTION UP TO HERE--> <%'Error messages will be output here, between your html%> <% Response.Write(strErr) %> <!--ADD YOUR OWN HTML BOTTOM SECTION STARTING HERE--> <p> <b>Click on you browser's <i>Back</i> button to correct any mistakes in your input</b> </p> <!--ADD YOUR OWN HTML BOTTOM SECTION UP TO HERE--> <!--******ERRONEOUS SUBMISSION RESPONSE - END*******--> <% Credit Response.End End Function %> <%Function Credit%> <!--START OF CREDIT - DO NOT CHANGE OR REMOVE ANYTHING BELOW THIS LINE--> <p align=center> <font face="Arial,Helvetica" size=1> Mailer software is freeware by <a href="http://www.cgiware.com/" target="_top">CGIware</a> <a href="http://www.cgiware.com/" target="_top"><img src="http://www.cgiware.com/powered.gif" align="absmiddle" border="0"></a> </font> </p> <!--END OF CREDIT--> <%End Function%> Code (markup): I ask that you please be verbose as to what to write and where to place it, since time is kinda of the essence on this, and the learning curve would be kinda steep since ASP is an unknown for me. Many thanks :cheesy:
spambots don't care either that it cant be seen, they will fill all forms, and auto-post. What I suggest is to have a validator server-side. just Set a session on First Load and put a hidden variable with the value of the Session Value in the Form. Then, when you do a post - verfiy that the Session Variable matches the Posted Variable.
Thanks for the reply ccoonen, but that is exactly the point -- the spambots do see the invisible field and fill it it. The script says that if there is any data in that hidden field, to reject it. Its sort of a reverse CAPTCHA concept -- instead of proving the visitor is human, it is proving the visitor is not human.
To get the value of your form field, use: i=request.form("message") 'Process form if hidden field is empty. if i = "" then ' Process the form here else ' redirect to error page, or do nothing... end if I'm also not an ASP coder, more of PHP, but this was I learnt last time I tried learning asp... Bye
Hi Jeet, Thanks for the reply Looks like your code is likely to work. Can I bother you a bit more and ask exactly where I would put it in the code? Also, I see that ASP doesn't use semi-colons to set off statements? Again. thanks. Rick