This contact form works fairly well, but I do get spam. Can you add something to this existing form that will make it a little better at not letting spam thru? <form action="../page.php?page=1" method="post" name="contact_us" onSubmit="return capCheck(this);"> <table cellpadding="5" width="100%"> <tr> <td width="10" class="required_field">*</td> <td width="80">Name</td> <td><input type="text" name="name" maxlength="50" style="width:400px; border: 1px solid #696969;" /><br /><br /></td> </tr> <tr> <td class="required_field">*</td> <td>Email Address</td> <td><input type="text" name="email" maxlength="40" style="width:400px; border: 1px solid #696969;" /><br /><br /></td> </tr> <tr> <td></td> <td>Subject:</td> <td><input type="text" name="subject" maxlength="40" style="width:400px; border: 1px solid #696969;"/><br /><br /></td> </tr> <tr> <td class="required_field">*</td> <td>Enter Image Code:</td> <td><input type="text" value="" name="captext" style="width: 100px" maxlength="6" /></td> </tr> <tr> <td></td> <td><a onclick="refresh_security_image(); return false;" style="cursorointer;"><u>Refresh Image</u></a></td> <td><img src="../includes/captcha.php" border="0" id="verificiation_image" /></a></td> </tr> </table> <br/> <p> <input type="hidden" name="submited" value="1" /> <input type="submit" name="submit" value="Submit" style="margin:7px 10px 0px 0px; padding:10px 0px 10px 0px; font-size:15px; font-style:Century-Gothic;" /> </p> </form> </td> </tr> </table> </div> <script type="text/javascript"> <!-- function refresh_security_image() { var new_url = new String("../includes/captcha.php?width=132&height=36&charcators="); new_url = new_url.substr(0, new_url.indexOf("width=") + 37); // we need a random new url so this refreshes var chr_str = "123456789"; for(var i=0; i < 6; i++) new_url = new_url + chr_str.substr(Math.floor(Math.random() * 2), 1); document.getElementById("verificiation_image").src = new_url; } --> </script> <!-- captch start --> <script type="text/javascript" id="clientEventHandlersJS" language="javascript"> </script> <!-- captch end --> Thanks
Well, yeah... first thing would be to create a form that's actually well-written HTML - not that it will help much in creating a more secure form, but it will stop our eyes bleeding. As for more secure, captchas have been broken a long time ago - I'd rather add a field where a user need to do something only a human can do/understand simply enough. Like adding a field with a calculation (random) where the user needs to answer with letter (2 + 6) = eight for instance - the calculation will of course be random each time, so that bots can't just do the automatic choice. Of course this won't prevent manual input of spam (it happens), or a repeat try (automated - depending on the amount of possible answers, it will be going through on pure chance once in a while).
Thanks for your reply. Sorry about your bleeding eyes. I understand what I have is not state-of-the-art. Yes, the calculation is a good idea. Could you please help me replace the Captcha, in this script, with "adding a field with a calculation (random) where the user needs to answer with letter (2 + 6) = eight for instance - the calculation will of course be random each time, so that bots can't just do the automatic choice"?
Here's another trick. Add a new <input> field to your form. Hide it with CSS (preferable using an external CSS file) Give it a common name, make it sound like an important (required) field. On the server side, make sure that field is empty before processing any data. If it's not, output the same "success" message you usually would, but don't save or send anything. Works most of the time, because bots tend to fill out all fields automatically.