Hi I just did this today and would like some feedback on how to improve on this.
I highly doubt any spam bot would ever get around this but maybe i can learn something more by getting feedback on this or maybe help others to implement a simple php spam bot program on their forms.
I'm not taking credit for the password gen function which i found a long time ago.
I'm using mysql real escape for all my post hence the safe () around the post variables.PHP Code:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Spam Bot Blocker</title>
</head>
<body>
<?php
include("login/include/session.php");
if ((isset($_POST['authenticate']))&&(!empty($_POST['authenticate']))) {
if (!empty($_POST['HumanCode0'])){$HumanCode0 =safe($_POST['HumanCode0']);}else{$HumanCode0 = "";}
if (!empty($_POST['HumanCode1'])){$HumanCode1 =safe($_POST['HumanCode1']);}else{$HumanCode1 = "";}
if (!empty($_POST['HumanCode2'])){$HumanCode2 =safe($_POST['HumanCode2']);}else{$HumanCode2 = "";}
if (!empty($_POST['HumanCode3'])){$HumanCode3 =safe($_POST['HumanCode3']);}else{$HumanCode3 = "";}
if (!empty($_POST['HumanCode4'])){$HumanCode4 =safe($_POST['HumanCode4']);}else{$HumanCode4 = "";}
if (!empty($_POST['HumanCode5'])){$HumanCode5 =safe($_POST['HumanCode5']);}else{$HumanCode5 = "";}
if (!empty($_POST['HumanCode6'])){$HumanCode6 =safe($_POST['HumanCode6']);}else{$HumanCode6 = "";}
$HumanCodeCombined = $HumanCode0.$HumanCode1.$HumanCode2.$HumanCode3.$HumanCode4.$HumanCode5.$HumanCode6;
$SessionHumanCodeCombined = $_SESSION['HumanCode0'].$_SESSION['HumanCode1'].$_SESSION['HumanCode2'].$_SESSION['HumanCode3'].$_SESSION['HumanCode4'].$_SESSION['HumanCode5'].$_SESSION['HumanCode6'];
echo "Posted code = ".$HumanCodeCombined."<br>";
echo "Session code = ".$SessionHumanCodeCombined."<br>";
if ($HumanCodeCombined == $SessionHumanCodeCombined){echo "code match<br>";}
if ($HumanCodeCombined != $SessionHumanCodeCombined){echo "code did not match<br>";}
$_SESSION['HumanCode0'] = "";
$_SESSION['HumanCode1'] = "";
$_SESSION['HumanCode2'] = "";
$_SESSION['HumanCode3'] = "";
$_SESSION['HumanCode4'] = "";
$_SESSION['HumanCode5'] = "";
$_SESSION['HumanCode6'] = "";
}
?>
<form action="" method="post" name="" />
<table width="120" border="0" cellspacing="0" cellpadding="0">
<?php
function generatePassword($length=5,$level=1){
list($usec, $sec) = explode(' ', microtime());
srand((float) $sec + ((float) $usec * 100000));
$validchars[1] = "0123456789abcdfghjkmnpqrstvwxyz";
$validchars[2] = "0123456789abcdfghjkmnpqrstvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
$validchars[3] = "0123456789_!@#$%&*()-=+/abcdfghjkmnpqrstvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_!@#$%&*()-=+/";
$password = "";
$counter = 0;
while ($counter < $length) {
$actChar = substr($validchars[$level], rand(0, strlen($validchars[$level])-1), 1);
// All character must be different
if (!strstr($password, $actChar)) {
$password .= $actChar;
$counter++;
}
}
return $password;
}
// genearate random code
$HumanCode = generatePassword(7,2);
// randomize the 7 variables to either be emtpy or not
$HumanCode0active = rand(0,1);
$HumanCode1active = rand(0,1);
$HumanCode2active = rand(0,1);
$HumanCode3active = rand(0,1);
$HumanCode4active = rand(0,1);
$HumanCode5active = rand(0,1);
$HumanCode6active = rand(0,1);
?>
<tr align="center" valign="middle">
<td height="20"><?php echo $HumanCode[0];?></td>
<td><?php echo $HumanCode[1];?></td>
<td><?php echo $HumanCode[2];?></td>
<td><?php echo $HumanCode[3];?></td>
<td><?php echo $HumanCode[4];?></td>
<td><?php echo $HumanCode[5];?></td>
<td><?php echo $HumanCode[6];?></td>
</tr>
<tr align="center" valign="middle" >
<td height="20"><?php if (!empty($HumanCode0active)) {?><input type="text" name="HumanCode0" style="width:10px" value=""/> <?php $_SESSION['HumanCode0'] = $HumanCode[0]; } else { echo $HumanCode[0]; $_SESSION['HumanCode0'] = "";}?> </td>
<td><?php if (!empty($HumanCode1active)) {?><input type="text" name="HumanCode1" style="width:10px" value=""/> <?php $_SESSION['HumanCode1'] = $HumanCode[1]; } else { echo $HumanCode[1]; $_SESSION['HumanCode1'] = "";}?> </td>
<td><?php if (!empty($HumanCode2active)) {?><input type="text" name="HumanCode2" style="width:10px" value=""/> <?php $_SESSION['HumanCode2'] = $HumanCode[2]; } else { echo $HumanCode[2]; $_SESSION['HumanCode2'] = "";}?> </td>
<td><?php if (!empty($HumanCode3active)) {?><input type="text" name="HumanCode3" style="width:10px" value=""/> <?php $_SESSION['HumanCode3'] = $HumanCode[3]; } else { echo $HumanCode[3]; $_SESSION['HumanCode3'] = "";}?> </td>
<td><?php if (!empty($HumanCode4active)) {?><input type="text" name="HumanCode4" style="width:10px" value=""/> <?php $_SESSION['HumanCode4'] = $HumanCode[4]; } else { echo $HumanCode[4]; $_SESSION['HumanCode4'] = "";}?> </td>
<td><?php if (!empty($HumanCode5active)) {?><input type="text" name="HumanCode5" style="width:10px" value=""/> <?php $_SESSION['HumanCode5'] = $HumanCode[5]; } else { echo $HumanCode[5]; $_SESSION['HumanCode5'] = "";}?> </td>
<td><?php if (!empty($HumanCode6active)) {?><input type="text" name="HumanCode6" style="width:10px" value=""/> <?php $_SESSION['HumanCode6'] = $HumanCode[6]; } else { echo $HumanCode[6]; $_SESSION['HumanCode6'] = "";}?> </td>
</tr>
</table>
<input name="authenticate" type="submit" value="Authenticate" />
</form>
</body>
</html>
The function is inside session.php as seen below
PHP Code:
function safe($value){
return mysql_real_escape_string($value);
}