Protect form from spam (PHP) with empty fields (honeypot)
Question
I have a simple contact form in a Wordpress website, that needs some protecting.
I gave it two empty fields named "website" and "email" and hid them with CSS (visibility: hidden;). So far, so good.
The problem now is, I just cannot give the PHP commands
if(isset($_POST['website'])) die();
if(isset($_POST['email'])) die();
the proper position in my PHP file. Can you tell me where to position it correctly?
Here is my PHP file:
<?php
if(isset($_POST['website'])) die();
if(isset($_POST['email'])) die();
if(isset($_POST['submitted'])) {
if(trim($_POST['contactVorname']) === '') {
$vornameError = '*';
$hasError = true;
} else {
$vorname = trim($_POST['contactVorname']);
}
if(trim($_POST['contactName']) === '') {
$nameError = '*';
$hasError = true;
} else {
$name = trim($_POST['contactName']);
}
if(trim($_POST['contactEmail']) === '') {
$emailError = '*';
$hasError = true;
} else if (!preg_match("/^[[:alnum:]][a-z0-9_.-]*@[a-z0-9.-]+\.[a-z]{2,4}$/i", trim($_POST['contactEmail']))) {
$emailError = '*';
$hasError = true;
} else {
$email = trim($_POST['contactEmail']);
}
if(trim($_POST['unternehmen']) === '') {
/* $unternehmenError = '*';
$hasError = true; */
} else {
$unternehmen = trim($_POST['unternehmen']);
}
if(trim($_POST['ort']) === '') {
/* $ortError = '*';
$hasError = true; */
} else {
$ort = trim($_POST['ort']);
}
if(trim($_POST['telefon']) === '') {
/* $telefonError = '*';
$hasError = true; */
} else {
$telefon = trim($_POST['telefon']);
}
if(trim($_POST['betreff']) === '') {
$betreffError = '*';
$hasError = true;
} else {
$betreff = trim($_POST['betreff']);
}
if(trim($_POST['comments']) === '') {
$commentError = '*';
$hasError = true;
} else {
if(function_exists('stripslashes')) {
$comments = stripslashes(trim($_POST['comments']));
} else {
$comments = trim($_POST['comments']);
}
}
if(!isset($hasError)) {
$emailTo = get_option('tz_email');
if (!isset($emailTo) || ($emailTo == '') ){
$emailTo = get_option('admin_email');
}
$subject = 'Kontaktformular | '.$vorname.' '.$name;
$body = "\n.: Kontaktformular-E-Mail :. \n\nName: $vorname $name \nE-Mail: $email \n\nUnternehmen: $unternehmen \nOrt: $ort \nTelefon: $telefon \n\nBetreff: $betreff \n\nNachricht: $comments";
$headers = 'From: '.$vorname.' '.$name.' <'.$emailTo.'>' . "\r\n" . 'Reply-To: ' . $email;
wp_mail($emailTo, $subject, $body, $headers);
$emailSent = true;
}
}
?>
<?php get_header(); ?>
<?php if (have_posts()) : while (have_posts()) : the_post(); ?>
<article class="post" id="post-<?php the_ID(); ?>">
<h2 class="gross"><?php the_title(); ?></h2>
<div id="inhalt">
<div class="seitebeitrag">
<?php if(isset($emailSent) && $emailSent == true) { ?>
<div><p>Vielen Dank für die Nachricht. Wir melden uns so schnell wie möglich zurück.</p></div>
<?php } else { ?>
<?php the_content(); ?>
<form action="" id="contactForm" method="post">
<div id="kf0"> </div>
<div id="kf1">
<p><label for="contactVorname">Vorname *</label><br />
<input type="text" name="contactVorname" id="contactVorname" value="<?php if(isset($_POST['contactVorname'])) echo $_POST['contactVorname'];?>" maxlength="50" />
<?php if(!empty($vornameError)) { ?>
<span class="fehler"><?=$vornameError;?></span>
<?php } ?></p>
<p><label for="contactName">Nachname *</label><br />
<input type="text" name="contactName" id="contactName" value="<?php if(isset($_POST['contactName'])) echo $_POST['contactName'];?>" maxlength="50" />
<?php if(!empty($nameError)) { ?>
<span class="fehler"><?=$nameError;?></span>
<?php } ?></p>
<p><label for="contactEmail">E-Mail *</label><br />
<input type="text" name="contactEmail" id="contactEmail" value="<?php if(isset($_POST['contactEmail'])) echo $_POST['contactEmail'];?>" maxlength="50" />
<?php if(!empty($emailError)) { ?>
<span class="fehler"><?=$emailError;?></span>
<?php } ?></p>
<p><label for="unternehmen">Unternehmen</label><br />
<input type="text" name="unternehmen" id="unternehmen" value="" maxlength="50" /></p>
<p><label for="ort">Ort</label><br />
<input type="text" name="ort" id="ort" value="" maxlength="50" /></p>
<p><label for="telefon">Telefon</label><br />
<input type="text" name="telefon" id="telefon" value="" maxlength="50" /></p>
<input type="text" id="website" name="website" value="" maxlength="80" /><br />
<input type="text" id="email" name="email" value="" maxlength="80" />
</div>
<div id="kf2">
<p><label for="betreff">Betreff *</label><br />
<input type="text" name="betreff" id="betreff" value="<?php if(isset($_POST['betreff'])) echo $_POST['betreff'];?>" maxlength="50" />
<?php if(!empty($betreffError)) { ?>
<span class="fehler"><?=$betreffError;?></span>
<?php } ?></p>
<p><label for="commentsText">Nachricht *</label><br />
<textarea name="comments" id="commentsText" rows="20" cols="30"><?php if(isset($_POST['comments'])) { if(function_exists('stripslashes')) { echo stripslashes($_POST['comments']); } else { echo $_POST['comments']; } } ?></textarea>
<?php if(!empty($commentError)) { ?>
<span class="fehler"><?=$commentError;?></span>
<?php } ?></p>
<p>* Pflichtfelder</p>
</div>
<div id="kf3">
<input type="submit" value="SENDEN" alt="senden" class="btn" /><br /><input type="hidden" name="submitted" id="submitted" value="true" />
</div>
<div id="kf4">
<?php if(isset($hasError) || isset($captchaError)) { ?>
<div><p class="error fehler">* ungültige oder fehlende Daten</p></div>
<?php } ?></div>
</form>
<?php } ?>
<?php wp_link_pages(array('before' => __('Pages: '), 'next_or_number' => 'number')); ?>
</div>
<?php // edit_post_link(__('Edit this entry.'), '<p>', '</p>'); ?>
</article>
<?php // comments_template(); ?>
<?php endwhile; endif; ?>
<?php // get_sidebar(); ?>
<?php get_footer(); ?>
Right now, the form gets totally blocked out, after sending the data, ALTHOUGH the two fields in question are NOT FILLED IN.
1 answers
solution1
1 ACCPTED 2017-07-26 11:24:29
$_POST['website'] & $_POST['email'] will always be 'set'. An empty form field still sets the corresponding $_POST entry to an empty string ('') and will always be true to isset . Try using !empty .
if (!empty($_POST['website'])) die();
if (!empty($_POST['email'])) die();
See more here: http://php.net/manual/en/function.empty.php and with a bit more detail here: https://www.virendrachandak.com/techtalk/php-isset-vs-empty-vs-is_null/
Be careful using this approach with commonly named fields. They may be automatically filled in by a browser's auto-fill feature meaning you'll be getting false-positives and real users will end up on a blank screen.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
PHP Comment Form Validation to Protect Against Spam
Honeypot PHP for Comment Form
PHP form - with validation honeypot
Honeypot technique for php form
Html form with php validation and honeypot
A Good Way to Protect a Mailto Link From Spam in PHP
PHP test if POST is empty from FORM fields
PHP Form Spam Filter
PHP Form Spam Prevention
PHP Not Reading Form Fields As Empty
Related Tags