PHP表格垃圾邮件过滤器

Question

So I'm trying to learn PHP but I'm have trouble with a certain code.

What I am trying to achieve is I have a very simple comment form on my site, visitor can use it to send me an email, but I am getting a lot of spam.

So I am trying to do is put in a hidden empty field then only send the email if it is empty. If any one have suggestions they would be much appreciated.

Here is my HTML code:

<form id="contact" name="contact" method="post" action="send.php">
   <h3 class="send-comments-hdr">Your Comments?</h3>
   <ul class="form-holder">
      <li><label for="name" class="comment-labels">Name</label></li>
      <li><input type="text" name="name" id="name" class="comment-inputs" placeholder="Your Name"/></li>
      <li><label for="email-input" class="comment-labels">Email</label></li>
      <li><input type="email" name="email" id="email-input" class="comment-inputs" placeholder="your.name@example.com" /></li>
      <li><label for="comments" class="comment-labels">Comments</label></li>
      <li><textarea name="comments" id="comments" class="comment-inputs" rows="4"></textarea></li>
      <li class="center"><button id="send-comments" type="submit" class="send-button">Send</button></li>
   </ul>
</form>

And my PHP sending file:

<?
$parent = $_SERVER["HTTP_REFERER"];

$name = $_POST['name'];
$email = $_POST['email'];
$comments = $_POST['comments'];

$to = "myemail@gmail.com";
$subject = "Comments From a Website Visitor";
$message = "<p>A visitor from mydomain.com has left the following comments:</p>";
$message .= '<html><body>';
$message .= '<table rules="all" style="border-color: #666" cellpadding="10">';
$message .= "<tr style='background: #eee;'><td><strong>Name:</strong> </td><td>" . $name . "</td></tr>";
$message .= "<tr><td><strong>Email:</strong> </td><td>" . $email . "</td></tr>";
$message .= "<tr><td><strong>Comments:</strong> </td><td>" . $comments . "</td></tr>";
$message .= "</table>";
$message .= "</body></html>";
$message .= "<p>Please reply ASAP, Thank you.</p>";

$headers = "From: $name <$email>" . "\r\n";
$headers .= "Reply-To: $email" . "\r\n";
$headers .= 'MIME-Version: 1.0' . "\r\n";
$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";

if (mail($to, $subject, $message, $headers)) {
    header("Location:$parent"); 
}

?>

I tried all day yesterday several code variations but could not seem to get it to work. Thank for all the advice, hoping to learn something today.

Answer 1

First add the empty field to your form.

<form id="contact" name="contact" method="post" action="send.php">
<input type="text" name="phone_number" id="phone_number">

Add to your CSS files to hide it from actual people:

#phone_number { display: none; }

Check if the field has something to detect spam:

if ($_POST['phone_number']) {
    echo "Thank you for your lovely spam.";
    exit();
}

Answer 2

When a spam bot reads your site for the first time it will actually scrape up and store your field names and the action="send.php" attribute of your form and then on an interval it will simply cURL the data directly to your send.php file so it completely ignores your form's new content.

So for immediate relief you would actually want to do this:

html page

<input type="hidden" name="HIDDEN_TRAP" value="" />
<!-- ^ Add this line inside of your <form> -->

send.php

// HIDDEN_TRAP will be missing completely when the spam bot sends again
if(isset($_POST['HIDDEN_TRAP'])) {
    if (mail($to, $subject, $message, $headers)) {
        header("Location:$parent"); 
    }
}

Answer 3

This page contains many spammer accounts: http://www.stopforumspam.com/ You can download the file as a CSV file and block them with php.

And the easiest must be setting a capthca. Here is a tutorial for Creating a Captcha image in PHP: THENEWBOSTON

If you think that spam bots fill all the form data with some information. Basicly create a hidden field as you told.

<input type="hidden" name="antibot" value="" />

and to your php code:

if ( $_POST['antibot'] !== "" ) {
throw new Exception ("Bot detected.");
}else {
//--- THE REST OF YOUR CODE
}