I have taken over the maintenance of a website which was built by someone else. This site is mainly HTM/CSS, however it uses the odd javascript code along with PHP which was implemented by a back-end programmer that was contracted in.
The issue I'm having is this - the site consists of a lot of pages, each one with its own unique e-mail form. Each one of these forms were created without concern for spam. Now these forms are receiving a ton of spam, and I am expected to rectify the issue (regardless of the fact that I am neither a Javascript nor PHP programmer). I need some help, as I can't try and guesstimate a solution due to the importance of this e-mail system.
I'm hoping I can post the code up and have someone guide me through the process of implementing a honeypot or an easy mathematical equation (I know that isn't 100% foolproof, but these are just poorly made spambots, and this site likely won't be actively targeted).
The Form Page: This page consists of some PHP, some Javascript but mostly just content which I will avoid posting as it is of little importance. However, I'll post the scripts in order. (Also, the productformvalidation.js file is a simple Javascript script that throws pop-up messages if the e-mail/phone number doesn't have correct characters. I can provide that too if necessary)
<?php
/* validation function for when they press the submit button */
function validateFields($fields, $form_vars) {
$errors = array();
foreach($fields as $field_name => $error_msg) {
$value_entered = trim(@$form_vars[$field_name]);
if(empty($value_entered)) {
$errors[$field_name] = $error_msg;
}
}
return $errors;
}
function safe($str) { return htmlentities(strip_tags($str)); }
?>
<head>
<script type="text/javascript" src="js/productFormValidation.js"></script>
</head>
<body>
<div class="contact_links">
<form name="contact" method="post" action="/sendmail/send-mail-start.php" enctype="multipart/form-data" onsubmit="return checkForm(this);">
<label>Name: (required) </label><input class="input1" id="name" name="name" type="text" value="" />
<label>Email: (required) </label><input class="input1" id="email" name="email" type="text" value="" /><br />
<label>Phone: (required) </label><input class="input1" id="phone" name="phone" type="text" value="" />
<label>Company: (required) </label><textarea class="input2" name="comments" id="comments" cols="" rows="1"></textarea><br />
<input type="image" src="images/individualProducts/submit.png" alt="" value="" class="submit" />
</form>
<!-- INDIVIDUAL CONTACT LINK ENDS --></div>
</body>
The "Action" Page:
<?php
$date1=date("F d,Y");
$nameField=$_POST['name'];
$companyField=$_POST['company'];
$countryField=$_POST['country'];
$stateField=$_POST['state'];
$emailField=$_POST['email'];
$phoneField=$_POST['phone'];
$urlField=$_POST['url'];
$messageField=nl2br($_POST['comments']);
$body="
$body is followed by the table setup which contains the code. Basically just font-specifications, padding etc.
//$from=$firstNameField;
$sub="Contact Form - From the Start Page".$titleField;
$name=$firstNameField."< ".$emailField." >";
$to="info@mysite.com";
if (mail($to,$sub,$body,"From:".$name."\nContent-Type: text/html; charset=iso-8859-1"))
{
print "<meta http-equiv=\"refresh\" content=\"3;URL=/start.php\">";
}
else{
print "<meta http-equiv=\"refresh\" content=\"0;URL=error.php\">";
}
?>
That is then followed by the HTML that basically thanks them for contacting. So these are the scripts involved.
I'd be able to implement CAPTCHA myself had I created the site myself, simply by finding the right guide and following the steps. Unfortunately someone else has organized this mail structure, and I'm forced to work with a setup I don't fully understand - nor did I learn to understand. I get syntax errors, I'm not sure where to paste pieces of code etc.
I need someone who can see what I've got on my plate, that understands what is happening, to help me implement a simple spam solution that will prevent the annoying bot mail from happening.
Also - reCaptcha is not an option due to its size and difficulty reading.
Thank you in advance.
A quick (but not perfect) solution would be to add a hidden field that bots would fill out (call it "username" and hide it with CSS), and cancel submission if this field has content. That would at least remove a lot of the spam submissions.
Your form would look something like this:
<form name="contact" method="post" action="/sendmail/send-mail-start.php" enctype="multipart/form-data" onsubmit="return checkForm(this);">
<label>Name: (required)</label>
<input class="input1" id="name" name="name" type="text" value="" />
<label class="hidethis">Username: (required)</label>
<input class="input1 hidethis" id="username" name="username" type="text" value="" />
<label>Email: (required)</label>
<input class="input1" id="email" name="email" type="text" value="" />
<br />
<label>Phone: (required)</label>
<input class="input1" id="phone" name="phone" type="text" value="" />
<label>Company: (required) </label>
<textarea class="input2" name="comments" id="comments" cols="" rows="1">
</textarea>
<br />
<input type="image" src="images/individualProducts/submit.png" alt="" value="" class="submit" />
</form>
and /sendmail/send-mail-start.php
would begin like this:
<?php
if($_POST['username']!= "") {die("No spam");}
$date1=date("F d,Y");
$nameField=$_POST['name'];
$companyField=$_POST['company'];
$countryField=$_POST['country'];
... // Rest of your code