SitePoint Sponsor

User Tag List

Page 4 of 5 FirstFirst 12345 LastLast
Results 76 to 100 of 103
  1. #76
    SitePoint Wizard bronze trophy PicnicTutorials's Avatar
    Join Date
    Dec 2007
    Location
    Carlsbad, California, United States
    Posts
    3,634
    Mentioned
    15 Post(s)
    Tagged
    0 Thread(s)
    @ScallioXTX hey thanks a lot for the alternate method! While your solution does seem to be more secure for the reasons mentioned is it necessarily needed? My thought is JS is basically only used to give hints to the user and etc. And the php backend ultimately protects from spambots and such? So my thought is (maybe I'm wrong?) is that js gives the user hints and makes it pretty while php makes it secure. So if thats the case, if a bot can read the JS captcha, can it therefore also read the mirrored php captcha? Maybe I'm totally off base - if so feel free to let me know.

    I am in no way opposed to your method if the above statement is untrue. In which case I just need clarification on where to place said code. The post.php and the validation-captcha.php are identical aside from one line. Is that by design I assume? AND do both snippets go in my formmail.php (aka the php that processes the form)?. If so does order matter? Thanks for your thoughts

  2. #77
    Utopia, Inc. silver trophy
    ScallioXTX's Avatar
    Join Date
    Aug 2008
    Location
    The Netherlands
    Posts
    8,907
    Mentioned
    139 Post(s)
    Tagged
    2 Thread(s)
    Quote Originally Posted by EricWatson View Post
    @ScallioXTX hey thanks a lot for the alternate method! While your solution does seem to be more secure for the reasons mentioned is it necessarily needed? My thought is JS is basically only used to give hints to the user and etc. And the php backend ultimately protects from spambots and such? So my thought is (maybe I'm wrong?) is that js gives the user hints and makes it pretty while php makes it secure. So if thats the case, if a bot can read the JS captcha, can it therefore also read the mirrored php captcha? Maybe I'm totally off base - if so feel free to let me know.
    The main difference is that in the JS only version the answer is encoded in the page. So all a spam bot needs to do is fetch that answer and post it with the rest of the form. They only need to figure out first it needs to be multiplied by 2, which is quite easy to find out since it says so in the JS.
    In my variant the answer is known by PHP and PHP only (although parsing a simple math question is also quite easy for hackers, but that aside). Tje JS still makes it pretty by sending the answer to the server after it's filled to see if the given answer is correct.

    Quote Originally Posted by EricWatson View Post
    I am in no way opposed to your method if the above statement is untrue. In which case I just need clarification on where to place said code. The post.php and the validation-captcha.php are identical aside from one line. Is that by design I assume? AND do both snippets go in my formmail.php (aka the php that processes the form)?. If so does order matter? Thanks for your thoughts
    Yes, that is by design.

    • post.php checks if the posted values are correct; this is the part that goes in your formmail.php.
    • validate-captcha.php is called by the bassistance validation plugin to see if the entered value is correct and returns either an error message which the bassistance plugin will then show the user, or the text "true", indicating to the bassistance plugin the user entered the correct value. No need to put this one in your formmail.php too; this is just a simple stand alone script for the bassistance validation interaction.
    Rémon - Hosting Advisor

    Minimal Bookmarks Tree
    My Google Chrome extension: browsing bookmarks made easy

  3. #78
    Grüße aus'm Pott gold trophysilver trophybronze trophy
    Pullo's Avatar
    Join Date
    Jun 2007
    Location
    Germany
    Posts
    5,359
    Mentioned
    179 Post(s)
    Tagged
    9 Thread(s)
    Quote Originally Posted by ScallioXTX View Post
    So all a spam bot needs to do is fetch that answer and post it with the rest of the form. They only need to figure out first it needs to be multiplied by 2, which is quite easy to find out since it says so in the JS.
    This is a fascinating subject and something that I have been wondering throughout this thread: do you think that your average bot is in a position to do this?
    Do you have any idea or insight about the level of "intelligence" one could attribute to a bot?
    I would have thought that it would have been easier for a bot to eval any maths questions they encountered (which would render the whole process futile anyway).

  4. #79
    Utopia, Inc. silver trophy
    ScallioXTX's Avatar
    Join Date
    Aug 2008
    Location
    The Netherlands
    Posts
    8,907
    Mentioned
    139 Post(s)
    Tagged
    2 Thread(s)
    Quote Originally Posted by Pullo View Post
    This is a fascinating subject and something that I have been wondering throughout this thread: do you think that your average bot is in a position to do this?
    Do you have any idea or insight about the level of "intelligence" one could attribute to a bot?
    I would have thought that it would have been easier for a bot to eval any maths questions they encountered (which would render the whole process futile anyway).
    The average bot is stupid as crap. All they see is some form on a page which they will then fill out by guessing what each field is for. But I can well imagine that some people are scavenging the internet for forms they can abuse, find out how they work, write a script (or rather, customise one they've lying around that already fits quite well) and run it, spamming the form without end. If the answer to hacking the captcha is in the JS this is of course dead simple. Indeed, in this case letting the script fetch the page first, scrape the sum of it, calculate it, and send it with the form isn't much harder. Indeed, this theory applies more to "real" captchas (ie, random strings) than to simple math. Another option would be to ask questions like "What color is the sky?", or show an image and ask the user to click the white cat, stuff like that. When the answer is server side, there is nothing the hacker can do but to work out all different questions and answers, which is time consuming so he'll probably just mosey on to the next form he can get his greasy fingers on.

    This is also an interesting read on the subject: http://nedbatchelder.com/text/stopbots.html
    Rémon - Hosting Advisor

    Minimal Bookmarks Tree
    My Google Chrome extension: browsing bookmarks made easy

  5. #80
    SitePoint Wizard bronze trophy PicnicTutorials's Avatar
    Join Date
    Dec 2007
    Location
    Carlsbad, California, United States
    Posts
    3,634
    Mentioned
    15 Post(s)
    Tagged
    0 Thread(s)
    Thank you very much for the detailed answer ScallioXTX I will most likely use your method as it is more secure and therefore better for its intended purpose.

    However, my read on what bots are capable of or not tells me that "probably" 99.5% of the time the extra measure is not necessary. I personally don't think bots are going to scour the code to put all the pieces together to figure out the captcha. In fact, I think they simply click Submit and move on not knowing if it was successful or not. That being today in 2012/2013. However, year 2015-2020 may tell a different story. Bots will inevitably get more sufisticated. In the future they will be able to put the pieces together. Although capable or not, the whole point to the captcha is security so one mine as well go the more secure route.

    Thanks a lot guys! With your input this thread is invaluable.

  6. #81
    SitePoint Wizard bronze trophy PicnicTutorials's Avatar
    Join Date
    Dec 2007
    Location
    Carlsbad, California, United States
    Posts
    3,634
    Mentioned
    15 Post(s)
    Tagged
    0 Thread(s)
    @ScallioXTX or @Pullo bugger, I'm having a bit of trouble accurately putting all the pieces together with my script. MY SCRIPT, and accompanying JS need to do the following... The on page JS (or Ajax?) need to show no messages only display the red blinking outline. No incorrect answer, correct answer, or required field. And then on the php side if there is an error it needs to go to the error-page.php, and if successfully needs to go to confirmation-page.php.

    I'm on vacation so only have access to my iPad. I tend to miss the obvious on my iPad sometimes. But I messed with it for we'll over an hour and couldn't seem to get all the pieces to work correctly. Anyway you can work that up for me so that it works the way I originally intended? Thank a lot!

    Here is my formmail script again http://www.visibilityinherit.com/projects/formmail.txt
    And here is the test page http://www.visibilityinherit.com/projects/formtest.php

    PS I appreciate how the numbers are completely random - that's cool. And also a little something I noticed (maybe it was just the way I had it) after submitting if going back and trying to submit again the captcha would just say incorrect answer even though it was correct. Probably a moot issue.

  7. #82
    Utopia, Inc. silver trophy
    ScallioXTX's Avatar
    Join Date
    Aug 2008
    Location
    The Netherlands
    Posts
    8,907
    Mentioned
    139 Post(s)
    Tagged
    2 Thread(s)
    See attached. Tried and tested. Works
    Attached Files Attached Files
    Rémon - Hosting Advisor

    Minimal Bookmarks Tree
    My Google Chrome extension: browsing bookmarks made easy

  8. #83
    SitePoint Wizard bronze trophy PicnicTutorials's Avatar
    Join Date
    Dec 2007
    Location
    Carlsbad, California, United States
    Posts
    3,634
    Mentioned
    15 Post(s)
    Tagged
    0 Thread(s)
    Amazing. Thank you very much! Now that I'm back to my dinosaur computer I should be able to follow it. Thanks a ton. I'll post back with my results...

  9. #84
    SitePoint Wizard bronze trophy PicnicTutorials's Avatar
    Join Date
    Dec 2007
    Location
    Carlsbad, California, United States
    Posts
    3,634
    Mentioned
    15 Post(s)
    Tagged
    0 Thread(s)
    I'm sorry to come back again, but is there a way to have the option to display messages as I had it before? Before I just used a blank value in order to show no messages. And if I wanted to just put a value in. Like...

    Code JavaScript:
    <script type="text/javascript">
    /* Fire Valaidate */
    $(document).ready(function(){
    		$.validator.addMethod("nourl", 
                        function(value, element) {
                             return !/http\:\/\/|www\.|link\=|url\=/.test(value);
                            }, 
                            "No URL's"
          );
    $("form").validate({
    				rules: {
    					name: {
    					required: true
    					},
    					email: {
    					required: true,
    					email: true
    					},
    					comments: {
    					required: true,
    					minlength: 5,
    					nourl: true
    					},
    					spam: {
    					required: true
    					}
    				},
    				messages: {
    					name: "",
    					email: "",
    					comments: "",
    					spam: ""
    				}
    		  });				
    	});
    </script>

    I'll keep messing with it but I havn't been able to crack it.

  10. #85
    Utopia, Inc. silver trophy
    ScallioXTX's Avatar
    Join Date
    Aug 2008
    Location
    The Netherlands
    Posts
    8,907
    Mentioned
    139 Post(s)
    Tagged
    2 Thread(s)
    Quote Originally Posted by EricWatson View Post
    I'll keep messing with it but I havn't been able to crack it.
    Me neither, which is why I just added to function to suppress everything.
    Here is a good demo of what you can do with custom messages, maybe that helps? http://jquery.bassistance.de/validate/demo/milk/
    Rémon - Hosting Advisor

    Minimal Bookmarks Tree
    My Google Chrome extension: browsing bookmarks made easy

  11. #86
    SitePoint Wizard bronze trophy PicnicTutorials's Avatar
    Join Date
    Dec 2007
    Location
    Carlsbad, California, United States
    Posts
    3,634
    Mentioned
    15 Post(s)
    Tagged
    0 Thread(s)
    Thanks! I thought just adding that function on the spam would do it - no apparently

  12. #87
    SitePoint Wizard bronze trophy PicnicTutorials's Avatar
    Join Date
    Dec 2007
    Location
    Carlsbad, California, United States
    Posts
    3,634
    Mentioned
    15 Post(s)
    Tagged
    0 Thread(s)
    Cracked it! Thats why I couldnt because I was using my iPad before with no firebug able to change rules so I got focus on the js side. Before I just fed the error display inline verses none so I didnt have to say !important (which is a sign of failer to me). Display none fixes it. So now it gives the option to give messages if so wish.

    Code CSS:
    label.error {
    display:none !important;
    }

    Code JavaScript:
    <script type="text/javascript">
    /* Fire Valaidate */
    $(document).ready(function(){
    		$.validator.addMethod("nourl", 
                        function(value, element) {
                             return !/http\:\/\/|www\.|link\=|url\=/.test(value);
                            }, 
                            "No URL's"
          );
    $("form").validate({
    				rules: {
    					name: {
    					required: true
    					},
    					email: {
    					required: true,
    					email: true
    					},
    					comments: {
    					required: true,
    					minlength: 5,
    					nourl: true
    					},
    					spam: {
    					required: true,
    					remote: {
              			url: "validate-captcha.php",
              			type: "post",
           				 }
    					}
    				},
    				messages: {
    					name: "",
    					email: "",
    					comments: "",
    					spam: ""
    				}
    		  });				
    	});
    </script>

  13. #88
    SitePoint Wizard bronze trophy PicnicTutorials's Avatar
    Join Date
    Dec 2007
    Location
    Carlsbad, California, United States
    Posts
    3,634
    Mentioned
    15 Post(s)
    Tagged
    0 Thread(s)
    Man I could almost go eat. Anybody have any any idea why it's not working in IE8? I don't have ie9 so I can't see it there. It just bypasses the js altogether. Works perfect in good browsers. Here is the live test page taken strait from the zip above. http://www.visibilityinherit.com/pro...t/formmail.php. If whomever needs to see the php just download the zip. Thanks!

  14. #89
    SitePoint Wizard bronze trophy PicnicTutorials's Avatar
    Join Date
    Dec 2007
    Location
    Carlsbad, California, United States
    Posts
    3,634
    Mentioned
    15 Post(s)
    Tagged
    0 Thread(s)
    If I go back to jquery v1.3.2 then ie8 works without the remote stuff. seen here http://www.visibilityinherit.com/cod...ation-demo.php. If I use the most recent version of jquery then regardless if I use remote or not it doesnt work in ie8?

  15. #90
    SitePoint Wizard bronze trophy PicnicTutorials's Avatar
    Join Date
    Dec 2007
    Location
    Carlsbad, California, United States
    Posts
    3,634
    Mentioned
    15 Post(s)
    Tagged
    0 Thread(s)
    OK! narrowing it down here. But I think I reached my limit. Here his captcha works in ie8 http://jquery.bassistance.de/validat...tcha/index.php. He is using jquery v1.3.2 and validation plugin v1.10.0

    Here I have setup my test page of his setup http://www.visibilityinherit.com/pro...t/formmail.php. It almost works except the captcha doesnt validate correctly. Put in the correct answer and it sees the wrong etc.

    Thanks for any help!

  16. #91
    SitePoint Wizard bronze trophy PicnicTutorials's Avatar
    Join Date
    Dec 2007
    Location
    Carlsbad, California, United States
    Posts
    3,634
    Mentioned
    15 Post(s)
    Tagged
    0 Thread(s)
    ok here is a stripped down test page working in all but ie8 with the latest jquery and jquery validation plugin http://www.visibilityinherit.com/projects/test/test.php.

  17. #92
    Grüße aus'm Pott gold trophysilver trophybronze trophy
    Pullo's Avatar
    Join Date
    Jun 2007
    Location
    Germany
    Posts
    5,359
    Mentioned
    179 Post(s)
    Tagged
    9 Thread(s)
    Hi Eric,

    The test page you provide works for me in IE8.
    The question I got was 2+5. If I enter anything other that 7, focus is drawn back to the input box.
    If I enter 7, then the form submits to /projects/test/formtestformmail.php, which is a 404.

    However, if I change to IE7, I can bypass the validation altogether.
    Even if I enter "Father Christmas" into the field, then the form still submits to /projects/test/formtestformmail.php.

    Did you mix the version numbers up, or have I found a new bug?

  18. #93
    Grüße aus'm Pott gold trophysilver trophybronze trophy
    Pullo's Avatar
    Join Date
    Jun 2007
    Location
    Germany
    Posts
    5,359
    Mentioned
    179 Post(s)
    Tagged
    9 Thread(s)
    Hey,

    I just found out why it's crashing in IE7.

    This is your validate function:

    Code JavaScript:
    $("form").validate({
      rules: {
        name: {
          required: true
        },
        email: {
          required: true,
          email: true
        },
        comments: {
          required: true,
          minlength: 5,
          nourl: true
        },
        spam: {
          required: true,
          remote: {
            url: "validate-captcha.php",
            type: "post",
          }
        }
      },
      messages: {
        name: "",
        email: "",
        comments: "",
        spam: ""
      }
    });

    If you look at the spam section you have:

    Code JavaScript:
    type: "post",

    This should be:

    Code JavaScript:
    type: "post"

    without the trailing comma.

    It's weird that this makes IE7 crash, as it's such a good browser otherwise ...

  19. #94
    SitePoint Wizard bronze trophy PicnicTutorials's Avatar
    Join Date
    Dec 2007
    Location
    Carlsbad, California, United States
    Posts
    3,634
    Mentioned
    15 Post(s)
    Tagged
    0 Thread(s)
    What the heck! I've been testing this thing for hours both live and via local Wamp. I guess this combo of scripts works in ie8 and I failed to test it live. Because live your right it does work but locally in wamp it doesnt. I guess thats why I missed it. Well thanks again Pullo. You set me back on path again. Hopefully it works the same when I add it back to the full page. Happy new years

  20. #95
    SitePoint Wizard bronze trophy PicnicTutorials's Avatar
    Join Date
    Dec 2007
    Location
    Carlsbad, California, United States
    Posts
    3,634
    Mentioned
    15 Post(s)
    Tagged
    0 Thread(s)
    Wow too many pieces to put together. I finally got it all working I believe. Thanks again guys!

  21. #96
    SitePoint Member
    Join Date
    Apr 2013
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by EricWatson View Post
    Wow too many pieces to put together. I finally got it all working I believe. Thanks again guys!
    The one with pieces I think is too much for users.

    Because it takes time and user may navigate away from website

    I am trying to make a arithmetic text based captcha using the tutorial below

    http://www.bestwebsitesdesigner.com/...ite/#more-1319

    I have almost got it set up but from above quotes it seems that it is not going to work?

    Though it has a java script and if bots disables java script can they send the spam emails even if they don't answer the question.

    If java script is disable what kind of captcha will work. Isn't there any simple captcha which does not need a java script.

    Any simple way to do this with perfect solution please?

    Thanks

  22. #97
    Grüße aus'm Pott gold trophysilver trophybronze trophy
    Pullo's Avatar
    Join Date
    Jun 2007
    Location
    Germany
    Posts
    5,359
    Mentioned
    179 Post(s)
    Tagged
    9 Thread(s)
    Quote Originally Posted by Bonty6954 View Post
    I have almost got it set up but from above quotes it seems that it is not going to work?
    Nah, it'll work because of step 5.
    The script relies on JS validation for humans, but still catches incorrect submissions server side.

    Quote Originally Posted by Bonty6954 View Post
    If java script is disable what kind of captcha will work.
    Any captcha which relies on server side validation.
    This is something the bots cannot easily bypass.

  23. #98
    SitePoint Zealot
    Join Date
    Oct 2012
    Posts
    137
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Hello again. This is Greg and I am the guy who started this big long thread so long ago

    The original PHP version of the form that @Pullo ; created for me has been working great and has minimized my junk email volume!

    But I am switching my web hosting. This means part of the PHP file will need changed and I need a little more help. The current code (PHP and HTML) is pasted in below so you don't have to dig back through all the old pages of this thread. You can see the actual contact page by going to: http://www.bestdryingrack.com/

    It now needs to send the form contents to a different place since I will not be using Yahoo webhosting anymore. Maybe you bright folks could tell me how to do it in two ways? (so that at least one works for sure when I make the hosting switch) They are:

    1) straight to my email at contact@mysite.com
    2) to me through my new webhosting service, which is greengeeks.com and their site says that "path to send mail" is /usr/sbin/sendmail

    My guess is that #1 is easier, but that #2 will be better at hiding my email address from the bots.

    My guess is that just the PHP line that starts with $url will need to change, but I'm just guessing as I don't speak PHP

    I appreciate any assistance you can provide. Thank you!

    Greg

    pullo-bdr.php
    PHP Code:
    <?php
    $checker 
    $_POST['checker'];
    if (
    $checker != 12){
    header('Location: [url]http://bestdryingrack.com/contact-error.html');[/url]
    exit();
    }

    $url "http://us.1.p2.webhosting.yahoo.com/forms?login=xxxxxx";
    $post_data = array (
    "person" => $_POST['person'],
    "onlineaddress" => $_POST['onlineaddress'],
    "ringer" => $_POST['ringer'],
    "country" => $_POST['country'],
    "reporting" => $_POST['reporting']
    );
    $ch curl_init();
    curl_setopt($chCURLOPT_URL$url);
    curl_setopt($chCURLOPT_RETURNTRANSFER1);
    curl_setopt($chCURLOPT_POST1);
    curl_setopt($chCURLOPT_POSTFIELDS$post_data);
    curl_exec($ch);
    curl_close($ch);

    //It's all good brother. POST data submitted, let's redirect!
    header('Location: [url]http://bestdryingrack.com/Confirmation.html');[/url]
    ?>

    HTML Code:
    <!-- Contact Form -->
    <form id="edf" method="post" autocomplete="off" action="pullo-bdr.php" >
         <fieldset>
         
    	 <div class="form-actions" >
    		 <legend> Contact Form </legend>
    		 	 		 
             <label for="reporting">Message</label>
             <textarea class="input-block-level" rows="3" name="reporting" id="reporting" maxlength="1000">
    		 </textarea>
    		 
    		 <span class="help-block">
    		 If you would like us to reply to your message, please provide a good email or phone number.
    		 </span>
    		 
    		 <label for="person">Name</label>
             <input class="input-block-level" type="text"
                 name="person" id="person" onkeypress="return event.keyCode != 13;">
    	     
    		 <label for="onlineaddress">Email</label>
             <input class="input-block-level" type="text" 
    	         name="onlineaddress" id="onlineaddress" onkeypress="return event.keyCode != 13;">
    	
    	     <label for="ringer">Phone Number</label>
             <input class="input-block-level" type="text" 
    	         name="ringer" id="ringer" onkeypress="return event.keyCode != 13;">
    		
    		 <label for="country">Country &nbsp; <small class="muted"> If not USA, we can only email or text you.</small>
    		 </label>
             <input class="input-block-level" type="text" 
    	         name="country" id="country" onkeypress="return event.keyCode != 13;">
             
    	     <div  style=text-align:center;>
                 <label for="checker">
                 <strong>To prevent automated emails, you must answer this question:</strong><br />
                         What is 6 + 6 ?
                 </label>	
                 <input class="input-mini" type="text" name="checker" id="checker" >
                 <p> &nbsp; </p>
                 <button class="btn btn-large btn-primary" type="submit">&nbsp; Send Message &nbsp;</button>
                 <p> &nbsp; </p>
    		 </div>
         </div>
    		 
         </fieldset>
    </form>

  24. #99
    Grüße aus'm Pott gold trophysilver trophybronze trophy
    Pullo's Avatar
    Join Date
    Jun 2007
    Location
    Germany
    Posts
    5,359
    Mentioned
    179 Post(s)
    Tagged
    9 Thread(s)
    Hi Greg,

    So, it's been a long time since we started this thread.
    I appreciate you summarizing the code thus far, so we don't have to read back through things, but the solution we eventually came up with for your old hosting company was rather "special".

    Maybe it's a good idea to recap, as with a different hosting company, a different solution might be better.

    Let's start with the basics: you have a contact form which sends emails to your email account. To this form you want to add a captcha to minimize the amount of spam you receive.
    Is this correct?

    Also, do you already have access to your new hosting environment?

  25. #100
    SitePoint Zealot
    Join Date
    Oct 2012
    Posts
    137
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    I would like to use the same form, but just alter the PHP file to send the form data to my email.

    Because I have not yet switched completely to the new host, I would first like to have it just send it straight to my email address.
    (This is something I can test while still using Yahoo hosting and be comfortable it will likely work when I switch over to GreenGeeks hosting)

    Later, when I have fully switched to the new hosting company, I would like to explore doing it through there server like we originally did with the Yahoo system.

    Hopefully this makes sense...


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •