Form Tools
IP filtering - Printable Version

+- Form Tools (https://forums.formtools.org)
+-- Forum: Modules / Other (https://forums.formtools.org/forumdisplay.php?fid=8)
+--- Forum: Form Validation: JS + PHP (https://forums.formtools.org/forumdisplay.php?fid=18)
+--- Thread: IP filtering (/showthread.php?tid=2721)



IP filtering - webfoundry - Oct 28th, 2013

Dear All,

I've installed FormTools several months ago, and it runs smooth !
Now some stupid person has found a way to spam the contest (where we use the formtool for).

We filter on unique email, but he keeps entering/spamming the contest with unique emailaddresses from the same domain and within the same IP number.

I've been looking for it in the tuts and this forum, but have not found the right solution.

Is there a way to blacklist a certain IP, or perhaps limit form submissions to 1 entry per IP ?

If you like I can past my PHP code of the form if that helps !

Thanks for :
1) a great formscript
2) your kind support


RE: IP filtering - Joe - Oct 28th, 2013

This extension blocks specific IP addresses: http://modules.formtools.org/ip_security_check/

Cheers,

Joe


RE: IP filtering - webfoundry - Oct 28th, 2013

I thought this module would solve it, but it looks like it only handles "users", and not form-submitters.

We don't have a problem with unauthorized users, but someone who is filling in front-end forms, always with different e-mailadresses so he bypasses the unique email-checker, so the submission-list is getting filled with non-existing e-mailadresses, all coming from the same IP-address.

my code :

PHP Code:
<?php
require_once("../wedstrijdformulier/global/api/api.php");
$fields ft_api_init_form_page(4);
$errors = array();
if (isset(
$_POST["submit_button"]))
{
  
$rules = array();
  
$rules[] = "required,naam,Vergeet je naam niet in te vullen.";
  
$rules[] = "required,mail,Vergeet je e-mailadres niet in te vullen.";
  
$rules[] = "valid_email,mail,Voer een geldig e-mailadres in.";
  
$rules[] = "required,akkoord,Je moet akkoord gaan met de actievoorwaarden.";
  
$errors validate_fields($_POST$rules);
 
  
$criteria = array("mail" => $_POST["mail"]);
  if (!
ft_api_check_submission_is_unique(4$criteria$fields["form_tools_submission_id"]))
  {
    
$errors[] = "Sorry, dit e-mailadres heeft reeds deelgenomen aan onze wedstrijd.";
  }
 
  
// no errors - great! Now we process the page. The ft_api_process_form does
  // the job of both updating the database and redirecting to the next page
  
if (empty($errors))
  {
    
$params = array(
      
"submit_button" => "submit_button",
      
"next_page" => "thankyou.php",
      
"form_data" => $_POST,
      
"finalize"  => true
    
);
    
ft_api_process_form($params);
  }
 
  
// it failed validation. Update $fields with the latest contents of the form data
  
else
  {
    
$fields array_merge($_SESSION["form_tools_form"], $_POST);
  }
}
?>



RE: IP filtering - Joe - Oct 28th, 2013

You can just block the IP with PHP: http://stackoverflow.com/questions/2869893/block-specific-ip-block-from-my-website-in-php

Cheers,

Joe


RE: IP filtering - webfoundry - Oct 29th, 2013

Cool ! Simple and effective !
Thanks Joe


RE: IP filtering - Joe - Oct 31st, 2013

No problem! Happy Halloween!

Cheers,

Joe