SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Member
    Join Date
    May 2011
    Posts
    2
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    blocking someone from usuing my form

    We are a group of cloistered nuns with a web site that has a page with a form for people to submit their prayer requests to us. Mount Grace Convent
    It is simple and anonymous; the people submit their requests and we receive them by email. The form uses PHP.
    Unfortunately, we have been recently plagued by a sick pervert who is sending us disgusting messages. My question is: is there a way to block his access to our form, or even better yet block him from visiting our website? I was thinking of using Javascript to put a cookie on his computer. Is this possible? How can we do it? My knowledge of Javascript is minimal; I used it on a few places on our web site but I had to cut & paste other people's code.
    I did manage to change the PHP code so that when he types a certain name into the "Your Name" field, the message is not sent to us. This is only partially effective however since now he is starting to use different names.
    Please help!

  2. #2
    Barefoot on the Moon! silver trophy Force Flow's Avatar
    Join Date
    Jul 2003
    Location
    Northeastern USA
    Posts
    4,606
    Mentioned
    56 Post(s)
    Tagged
    1 Thread(s)
    JavaScript is a client-side language, so it wouldn't be very effective since it can be turned off or bypassed.

    With every message that is submitted, you can opt to capture the IP address. Then, when the malicious user submits his/her message, you can take that IP address and block them--either from the server entirely (through your hosing provider's management tools), or with PHP if-statement

    Code:
    if($_SERVER['REMOTE_ADDR']=='10.10.10.10'){
         echo "<p>Access denied</p>";
    }else{
       //your form
    }
    However, by capturing an IP address with the submitted message, it would no longer be completely anonymous. In that case, the other option would be to filter out key words, or use a "bad word filter".

    Code:
    $badwords = array('badword1', 'badword2', 'ew', 'yuck');
    $badword_count = 0 //number of bad words detected
    $badword_threshold = 5 //number of bad words allowed before message is rejected
    
    if(isset($_POST['message'])){
         $result_str = str_ireplace($badwords, '****', $_POST['message'], $badword_count);  //this finds the bad words and returns the count to $badword_count
         if($badword_count>$badword_threshold){ //check threshold for number of bad words allowed
               echo '<p>Sorry, your message cannot be submitted due to vulgar language.</p>';
         }
         else{
                //submit the message
          }
    }
    
    $_POST['message']
    The risk with this second option is that you might detect a few false positives, but with the threshold count in place, it makes it less likely.
    Visit The Blog | Follow On Twitter
    301tool 1.1.5 - URL redirector & shortener (PHP/MySQL)
    Can be hosted on and utilize your own domain

  3. #3
    SitePoint Enthusiast rainner's Avatar
    Join Date
    Apr 2011
    Posts
    25
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    There's really no way to block an individual from accessing your public site. If you decide to capture and block the user's IP address, that person can simply connect to the internet through another network or use a proxy server and do it all over again.

    Most sites use something called Captcha to help prevent people from sending spam messages. This requires the user to look at a picture and copy into the form what the picture says before sending the message.

    You can read more about captcha here The Official CAPTCHA Site or by searching it on google.

  4. #4
    Barefoot on the Moon! silver trophy Force Flow's Avatar
    Join Date
    Jul 2003
    Location
    Northeastern USA
    Posts
    4,606
    Mentioned
    56 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by rainner View Post
    There's really no way to block an individual from accessing your public site. If you decide to capture and block the user's IP address, that person can simply connect to the internet through another network or use a proxy server and do it all over again.

    Most sites use something called Captcha to help prevent people from sending spam messages. This requires the user to look at a picture and copy into the form what the picture says before sending the message.

    You can read more about captcha here The Official CAPTCHA Site or by searching it on google.
    Captcha only prevents automated spam. From the sounds of it, submissions are coming from an actual individual.
    Visit The Blog | Follow On Twitter
    301tool 1.1.5 - URL redirector & shortener (PHP/MySQL)
    Can be hosted on and utilize your own domain

  5. #5
    SitePoint Member
    Join Date
    May 2011
    Posts
    2
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks, Force Flow. I don't think a Captcha would help. This is definitely a real person sending us these messages. Your second option looks like my best choice...unfortunately my knowledge of PHP is even less than Java Script. Below is part of my PHP. He changes his name, but so far there has always been "yik" in the name so that is what I tried to note. The message then still comes to us, but with a different subject so I know to delete it without opening. I left the same message that other people receive as the echo since I didn't want him to have the satisfaction of knowing he was bothering us. Can you write your above code to fit in with what is below? Thanks!

    $your_name = $_POST['Sender'] ;
    $recepient = $_POST['Recipient'] ;
    $intention = $_POST['Intentions'] ;
    $to = '****';
    $subject = 'web site prayer request';
    $subtoo = "do not open";
    $msg = "$your_name \n" .
    "is requesting the following prayers for $recepient: \n" .
    "$intention";
    $name = explode(' ', $your_name);

    //if from pervert, mail with warning subject
    foreach ($name as $word){
    if ($word == 'yik') {
    mail($to, $subtoo, $msg);
    echo ?> <h3>We are praying for you.</h3> <?php ;
    break;}


    else {


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •