Member Avatar for Ender330

Hello,

I have a form that I really don't want to use captchas with.
The problem I have is that people cURL my site and send messages
on my system slowing it down for my legit users.

I am looking for a way to change the name of the form fields.
In a way they would change together my submit page and my action
page.

Where I could add a list of names for the form fields and they
either change with every submit or they change every so many
hours of the day.

Anyone with any ideas...I would really appreciate this.

Thank You
Ender

  • 2 Contributors
  • 7 Replies
  • 329 Views
  • 1 Week Discussion Span
  • Latest Post Latest Post by pritaeas

Recommended Answers

All 7 Replies

Member Avatar for pritaeas

When rendering the form, you can generate any name you want for all the fields, and store them in a session variable. After submit, the submit file can read the names from the session and use them in a predefined order. After that reset the session, so those names will no longer be available. It is not fail proof, but will avoid direct posting to your submit script. I have used a similar logic in a guestbook, and it drastically reduced spam.

Edited by pritaeas because: n/a
Member Avatar for Ender330

@pritaeas Thanks for the advice. Do you think you can provide me with a sample code or point me to a place where I can get an idea of the code. Honestly I am not up to speedn on this stuff :(

Thank You

Member Avatar for pritaeas

You need to know how to use session variables (see the PHP manual), you need a function to generate random strings (I think I wrote one on in this forum, you'll have to look). If I get the time, I'll write a small sample.

Member Avatar for pritaeas

I lost this thread I see now. How's your status, any improvements, or do you still need a sample ?

Member Avatar for Ender330

Hello again...yes I could really use a sample for this.

Tell me would changing the name of the submit button randomly work?

Member Avatar for pritaeas

Try this (quick example):

index.php

<?php
  session_start();
	
  function randomName() {
    $chars = array(
      'B','C','D','F','G','H','J','K','L','M',
      'N','P','Q','R','S','T','V','W','X','Y',
      'Z','b','c','d','f','g','h','j','k','m',
      'n','p','q','r','s','t','v','w','x','y'
    );

    $name = '';
    for ($i = 0; $i < 8; $i++) {
      $name .= $chars[rand(0, 39)];
    }

    return $name;
  }

  $_SESSION['formfields'] = array (
    'company' => randomName(),
    'name'    => randomName(),
    'email'   => randomName()
  );	
?>
<html>
<body>
<form action="submit.php" method="post">
<?php
  echo '<label>Company</label><br/>';
  echo '<input name="' . $_SESSION['formfields']['company'] . '" value="" /><br/>';
  echo '<label>Name</label><br/>';
  echo '<input name="' . $_SESSION['formfields']['name'] . '" value="" /><br/>';
  echo '<label>E-mail</label><br/>';
  echo '<input name="' . $_SESSION['formfields']['email'] . '" value="" /><br/>';
?>
<input type="submit" name="submit" value="submit" />
</form>
</body>
</html>

submit.php

<?php
  session_start();
	
  if (isset($_SESSION['formfields'])) {
    foreach ($_SESSION['formfields'] as $field => $randomName) {
      echo $field . ' has value ' . $_POST[$randomName] . '<br/>';
    }
  }
	
  unset($_SESSION['formfields']);
?>
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.