Make my form not spamable and validation of fields?

How can I make the below script so people can not spam it and also make it verify that all three fields have something written inside of them?

When I mean no spamming, a function that doesn´t allow users to post more than 1 message each minute would be nice.

<?

$name = $_GET['name'] ;
$email = $_GET['email'] ;
$text = $_GET['text'] ;

$name = $_POST['name'] ;
$email = $_POST['email'] ;
$text = $_POST['text'] ;

mail( "contact@getastranger.com", "Contest", "$name

EMAIL: $email\n

$text", "From: $name <$email>\r\n" );

header( "Location: http://www.homepage.com" );

?>

 

to lessen the spam bots, you could use some sort of image to identify. if they identify the image correctly, the mail goes through. it might be a lot of work though.

as for checking that all fields are filled out, try

$name = trim($_GET['name']);
$email = trim($_GET['email']);
$text = trim($_GET['text']); 
$error = "";
if (empty($name)) {
$error .= "Please fill in your name";
}

if (empty($email)) {
$error .= "Please fill in your email";
}

if (empty($text)) {
$error .= "Please write a message";
}

if ($error != "") {
echo "Please fix the errors: $error";
} else {
// send email
}

PHP:

 

look into PEAR Mail library its free

 

PEAR is great if you can really take advantage of it but that might be overkill for a simple email script. You usually have to install PEAR on your system and there is a bit of a learning curve with very little documentation. If Johank82 is just starting out, PEAR might be even more difficult.

 

try using cookies/sessions to keep messages send in control. there are other ways to do this too.

 

how are cookies or sessions going to prevent spam?

 

But he can definetely make sure that not more than 1 message has been posted per minute. and mind you I said earlier that there are other ways to do so too.

 

ahh, yes. thats true.

another way to check for spammers is to do what wordpress does and count the number of <a> tags in the message. if there are more than 2, deny the email.

 

here is a simple form but protect you against email injections and validate the fields is a lite example only

<?php
session_start();
// language files
$_C1="code is wrong";
$_C2="requeride file";
$_C3="submit this";
$_C4="invalid email";
error_reporting(0);
if(isset($_POST['smeform']))
{
// i add this to aditional protection spamers have a lot of time free to make a bad actions if i make a mistake in for this protect you agains email injections!
function smeprotect($a)
{
    $bad_str = array("content-type:","charset=","mime-version:","multipart/mixed","bcc:","../");
    $suspect_found = false;
    foreach($bad_str as $suspect)
      {
    if(eregi($suspect, strtolower($a)))
	  {
	$suspect_found = true;
   $a = eregi_replace($suspect, " (>>><strong>".$suspect."</strong><<<) ", $a);
die("Script processing cancelled: string ".$a." contains text portions that are potentially dangerous to this server. Please use your browser's back-button to return to the previous page .</p>");
      }
      }

}
foreach ($_POST as $value)
{
    smeprotect($value);
}
if(empty($_POST['Name'])) {	$_rerror.="Name $_C2<br>"; }
if (!ereg("(^[_a-zA-Z0-9-]+(\.[_a-zA-Z0-9-]+)*@([a-zA-Z0-9-]+\.)+([a-zA-Z]{2,4})$)", $_POST['Email'], $adress )){$_rerror.="$_C4<br/>";}
if(empty($_POST['Email'])) {	$_rerror.="Email $_C2<br>"; }
if(empty($_POST['Subject'])) {	$_rerror.="Subject $_C2<br>"; }
if(empty($_POST['Message'])) {	$_rerror.="Message $_C2<br>"; }
if(!isset($_SESSION['verification']) || trim($_POST['code']) != $_SESSION['verification'])
{
$_rerror.= $_C1;
}
if(empty($_rerror))
{
$date = date("m/d/Y H:i:s");
$ip = $_SERVER['REMOTE_ADDR'];
// SEND EMAIL FROM YOUR EMAIL 
@mail("email@email.com","test form","".$date." ip :".$ip."\n--------------------------------------------------------\nName : ".$_POST['Name']."\nEmail : ".$_POST['Email']."\nSubject : ".$_POST['Subject']."\nMessage : ".$_POST['Message']."\n\n--------------------------------------------------------\n\n","From:".$_POST['Email']."\nMime-Version: 1.0\nContent-Type: text/plain;charset=UTF-8\nContent-Transfer-Encoding: 7bit");
echo "<div id=form>The form has sent </div>";
$_ALLAREOK="1";
unset($_SESSION['verification']);
}
}
$letters =
array('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','0','1','2','3','4','5','6','7','8','9');
srand((double) microtime() * 1000000);
for ($c = 0; $c <= "4"; $c++)
$randomkey .= $letters[rand(0,count($letters))];
if(!isset($_SESSION['verification']))
 {
	$_SESSION['verification']=$randomkey;
}
if(empty($_ALLAREOK))
{
?>
<form action="" id="form" method="post" name="smeform">
<p align="center"><?=$_rerror;?></p>
<label for="Name">Name</label><input type="text" name="Name" maxlength="255"  value="<?=$_POST['Name']?>"><br /><label for="Email">Email</label><input type="text" name="Email" maxlength="255"  value="<?=$_POST['Email']?>"><br /><label for="Subject">Subject</label><input type="text" name="Subject" maxlength="255"  value="<?=$_POST['Subject']?>"><br /><label for="Message">Message</label><textarea name="Message" ></textarea><br /><label for="code">Code</label>
<input name="code" type="text" maxlength="10" size="10"> <strong><?=$_SESSION['verification'];?></strong><br /><input name="smeform" id="go" value="<?=$_C3;?>"  type="submit" /></form>
<?php
}
?>

PHP:

 

Create a database table with two fields, one IP address, other one timestamp. Then, whenever someone sends you a mail, do the following:

1. Delete all records over a minute old
2. Check wether there is still a record for this same IP
3. If there is, deny the request.
4. If there isn't, send the mail, and add the IP and time()'stamp to the DB.

Of course, you can customise that to have nicer features as well!