1

Anyone able to help prevent form submittions that contain URL links in "message" field? Or better yet, let it go thru so (some) spammers think it went. Those submits which DO NOT contain a hyperlink get greenlighted to our inbox. Doable or pipedream?

HTML form in include php file:

<!-- Side form contact -->
 <form id="side-form" name="side-form" action="form-mailers.php" class="side-form" role="form" method="POST" onsubmit="return validateForm()">
  <h5 class="font-weight-bold mb-2 primary">Questions?</h5>
  <p class="serif mb-3">Ask the pros and receive the answers you seek.</p>
  <!-- Name -->
  <div class="form-row">
    <label for="name" class="sr-only"></label>
    <input type="text" name="name" class="form-control mb-3" id="name" placeholder="Name*">

  </div>
  <!-- Email -->
  <div class="form-row">
    <label for="email" class="sr-only"></label>
    <input type="email" name="email" class="form-control mb-3" id="email" placeholder="Email*">

  </div>
  <!-- Phone -->
  <div class="form-row">
    <label for="phone" class="sr-only"></label>
    <input type="tel" name="phone" class="form-control mb-3" id="phone" placeholder="Phone">
  </div>

  <!-- Subject -->
  <div class="form-group">
    <label for="subject" class="sr-only"></label>
    <select id="subject" class="custom-select browser-default" name="subject">
      <option value="">Choose topic</option>
      <option value="Feedback">Feedback</option>
      <option value="Issue">Report an Issue</option>
      <option value="NewOrder">New Order</option>
      <option value="Pricing">Price or Payment</option>
      <option value="Time">Timeline</option>
    </select>
    <div class="invalid-feedback">Please choose a topic</div>
  </div>
  <!-- Message -->
  <div class="form-group">
    <textarea class="form-control rounded-2" name="message" id="message" rows="3" placeholder="Message"></textarea>
  </div>
  <!-- Send button -->
  </form>
  <div class="center-on-small-only">
    <a class="btn btn-primary btn-md animate" onclick="validateForm()">Send Form</a>
  </div><div class="status" id="status"></div>

Validate JS @ bottom of webpage (not certain it's even used/needed):

// Validate Form AJAX (side-form)
function validateForm() {

    document.getElementById('status').innerHTML = "Sending...";
    formData = {
        'name'     : $('input[name=name]').val(),
        'email'    : $('input[name=email]').val(),
        'phone'    : $('input[name=phone]').val(),
        'subject'  : $('input[name=subject]').val(),
        'message'  : $('textarea[name=message]').val()
    };
   $.ajax({
    url : "form-mailers.php",
    type: "POST",
    data : formData,
    success: function(data, textStatus, jqXHR)
    {
        $('#status').text(data.message);
        if (data.code) //If mail was sent successfully, reset the form.
        $('#side-form').closest('form').find("input[type=text], input[type=email], textarea").val("");
    },
    error: function (jqXHR, textStatus, errorThrown)
    {
        $('#status').text(jqXHR);
    }
});
}

I have a form-mailers.php working fine:

<?php
$name = $_POST['name'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$message = $_POST['message'];
$subject = $_POST['subject'];
header('Content-Type: application/json');
if ($name === ''){
print json_encode(array('message' => 'Name cannot be empty', 'code' => 0));
exit();
}
if ($email === ''){
print json_encode(array('message' => 'Email cannot be empty', 'code' => 0));
exit();
} else {
if (!filter_var($email, FILTER_VALIDATE_EMAIL)){
print json_encode(array('message' => 'Email format invalid.', 'code' => 0));
exit();
}
}
if ($subject === ''){
print json_encode(array('message' => 'Subject cannot be empty', 'code' => 0));
exit();
}
if ($message === ''){
print json_encode(array('message' => 'Message cannot be empty', 'code' => 0));
exit();
}
$content="From: $name \nEmail: $email \nPhone: $phone \nMessage: $message";
$recipient = "email_address_goes_here";
$mailheader = "From: $email \r\n";
mail($recipient, $subject, $content, $mailheader) or die("Error!");
print json_encode(array('message' => 'Email successfully sent!', 'code' => 1));
exit();
?>
infin80
  • 1,343
  • 1
  • 9
  • 10
  • 1
    Obviously, you can't do this with client-side jQuery or AJAX, since spammers could just edit that out. You have to do it on the server, which for you means PHP. – Joseph Sible-Reinstate Monica Jan 05 '20 at 00:52
  • Yes, i agree. So how is it done? Is it possible?? – infin80 Jan 05 '20 at 00:54
  • You could do something like `Don’t click me` and then use JavaScript to hide it. Spambots love to click stuff so ignore any mail where that is set. – Tim Morton Jan 05 '20 at 01:14
  • Ya that's what I'm going for...have the bot enter a URL or check a box. How do I then prevent the email from reaching my inbox? I've put in the suggested code from this question: https://stackoverflow.com/questions/36227376/better-honeypot-implementation-form-anti-spam. But I'm sure I did it wrong. – infin80 Jan 05 '20 at 03:46

0 Answers0