I really wonder that how someone adding records to my existing blog comment table. I am using my own custom blog script where user add comment on any particular blog. I have a separate comment table with blog id. I have tried several CAPTCHA technique but nothing works. I am using PDO for mysql. I am also doing JavaScript validation before submitting the form. I am not sure if he/she is real people or some bots are doing that. Within 1 hour thousands of records being added.
I am posing my code below. Can someone help me please?
<?php
if(isset($_POST['user_comment']))
{
if ($_SESSION['answer'] == $_POST['answer'] )
{
$name = $_POST['name'];
$email = $_POST['email'];
$website = $_POST['website'];
$web = $website;
$comment = addslashes(nl2br($_POST['comment_text']));
$comment =strip_tags($comment);
$id = $article_id;
$ref = $_SERVER["HTTP_REFERER"];
$userip = $_SERVER['REMOTE_ADDR'];
$useragent = $_SERVER['HTTP_USER_AGENT'];
$submit_date = date('Y-m-d H:i:s');
if ((($name) && ($email) && ($comment))) {
$conn = new PDO("mysql:host=$hostname;dbname=$database",$username,$password);
$sql = "INSERT INTO blog_comments (user,email,website,message,date,storyid,userip,useragent,block) VALUES (:user,:email,:website,:message,:date,:storyid,:userip,:useragent,:block)";
$q = $conn->prepare($sql);
$q->execute(array(':user'=>$name, ':email'=>$email, ':website'=>$website, ':message'=>$title, ':date'=>$submit_date, ':storyid'=>$id, ':userip'=>$userip, ':useragent'=>$useragent,':block'=>'1'));
}
}
else
{
?>
<tr><td>
<p style="text-align:center; color:#CC0000; font-size:14px; font-weight:bold; padding-bottom:10px;">Wrong Answer! Please try again!!</p>
</td>
</tr>
<?php
}
}
?>
THIS IS MY CAPTCHA CODE:
<?php
session_start();
$digit1 = mt_rand(1,20);
$digit2 = mt_rand(1,20);
if( mt_rand(0,1) === 1 ) {
$math = "$digit1 + $digit2";
$_SESSION['answer'] = $digit1 + $digit2;
} else {
$math = "$digit1 - $digit2";
$_SESSION['answer'] = $digit1 - $digit2;
}
?>
THIS IS JS VALIDATION:
<script type="text/javascript" language="javascript">
function validate()
{
if( document.getElementById( "name" ).value == ""){
alert("Please enter your name.");
document.getElementById( "name" ).focus();
return false;
}
if( document.getElementById( "email" ).value == ""){
alert("Please enter Your email ID.");
document.getElementById( "email" ).focus();
return false;
}
if( document.getElementById( "comment_text" ).value == ""){
alert("Please enter your comment.");
document.getElementById( "comment_text" ).focus();
return false;
}
if( document.getElementById( "answer" ).value == ""){
alert("Please solve this math.");
document.getElementById("answer").focus();
return false;
}
}
</script>
THIS IS MY FORM:
<form action="" method="POST" onSubmit="return validate();">
<table cellpadding="5" cellspacing="5" width="100%">
<tr><td colspan="3">
<input type="hidden" name="id" value="<? print($id);?>">
</td></tr>
<tr>
<td style="font-size:12px; font-weight:bold; width:150px;">Your Name</td>
<td style="width:260px;"><input type="text" name="name" id="name" style="width:250px; height:20px;"></td>
<td style="text-align:left;">Required</td>
</tr>
<tr>
<td style="font-size:12px; font-weight:bold; width:150px;">Your E-mail</td>
<td style="width:260px;"><input type="text" name="email" id="email" style="width:250px; height:20px;"></td>
<td style="text-align:left;">Required</td>
</tr>
<tr>
<td style="font-size:12px; font-weight:bold; width:150px;">Your Website</td>
<td style="width:260px;"><input type="text" name="website" style="width:250px; height:20px;"></td>
<td style="text-align:left;">Optional</td>
</tr>
<tr>
<td style="font-size:12px; font-weight:bold; width:150px;">Your Comment</td>
<td style="width:260px;"><textarea name="comment_text" id="comment_text" style="width:250px; height:100px;"></textarea></td>
<td style="text-align:left;">Required</td>
</tr>
<tr>
<td style="font-size:12px; font-weight:bold; width:150px;">What's <?php echo $math; ?> = </td>
<td style="width:260px;"><input type="text" name="answer" id="answer" style="width:250px; height:20px;"></td>
<td style="text-align:left;">Required</td>
</tr>
<tr>
<td colspan="3" style="text-align:center;">
<input type="submit" class="submit" value="Submit" name="user_comment">
</td></tr>
</table>
</form>
After all I have found the solution myself. Now I am showing the last commented date time instead of CAPTCHA and asking user to input that value as it is in input box. All captcha techniques failed whereas this technique works perfectly and i am not getting spam any more.
Thanks you so much to all you experts for giving your valuable suggestions.
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments