I have a site that was created back when the dinosaours were around and of course there is a feedback form that wasn't secure and was generating spam via injections. I have implemented my typical measures; CAPTCHA, preg_match, trim, stripslashes, strip_tags, and even preg_replace. Still the spam continues.
I have implemented the creation of a txt file to log each submit of the form with the idea of seeing what exactly is being injected to cause this.
The problem is nothing is apparent in the log. The only obvious indication is that a drop down form field right after the email field is blank in the log which would be impossible if the form was being used the correct way.
Here is the code to generate the log, this is placed before any modification to the post data.
$myFile = "spamlog/"; $myFile .= $DateTime; $myFile .= ".txt"; $fh = fopen($myFile, 'w') or die("can't open file"); $stringData = "Visitor Field Entry<br><br>"; $stringData .= "Subject: ".$_POST['txttitle']."<br>"; $stringData .= "Name: ".$_POST['txtname']."<br>"; $stringData .= "Email: ".$_POST['txtemail']."<br>"; $stringData .= "Country: ".$_POST['txtcountry']."<br>"; $stringData .= "Comments: ".$_POST['txtcomments']."<br><br>"; $stringData .= "Visitor IP: ".$_SERVER["REMOTE_ADDR"]; fwrite($fh, $stringData); fclose($fh); chmod($myFile, 0777);
I guess what I am tried to ask is; How can you properly echo POST data as they were entered, special characters and all? I want to see EVERYTHING that is being entered into the form.