+- Form Tools (https://forums.formtools.org)
+-- Forum: Modules / Other (https://forums.formtools.org/forumdisplay.php?fid=8)
+--- Forum: Form Validation: JS + PHP (https://forums.formtools.org/forumdisplay.php?fid=18)
+--- Thread: IP filtering (/showthread.php?tid=2721)
IP filtering - webfoundry - Oct 28th, 2013
Dear All,
I've installed FormTools several months ago, and it runs smooth !
Now some stupid person has found a way to spam the contest (where we use the formtool for).
We filter on unique email, but he keeps entering/spamming the contest with unique emailaddresses from the same domain and within the same IP number.
I've been looking for it in the tuts and this forum, but have not found the right solution.
Is there a way to blacklist a certain IP, or perhaps limit form submissions to 1 entry per IP ?
If you like I can past my PHP code of the form if that helps !
Thanks for :
1) a great formscript
2) your kind support
RE: IP filtering - Joe - Oct 28th, 2013
This extension blocks specific IP addresses: http://modules.formtools.org/ip_security_check/
Cheers,
Joe
RE: IP filtering - webfoundry - Oct 28th, 2013
I thought this module would solve it, but it looks like it only handles "users", and not form-submitters.
We don't have a problem with unauthorized users, but someone who is filling in front-end forms, always with different e-mailadresses so he bypasses the unique email-checker, so the submission-list is getting filled with non-existing e-mailadresses, all coming from the same IP-address.
my code :
PHP Code:
<?php
require_once("../wedstrijdformulier/global/api/api.php");
$fields = ft_api_init_form_page(4);
$errors = array();
if (isset($_POST["submit_button"]))
{
$rules = array();
$rules[] = "required,naam,Vergeet je naam niet in te vullen.";
$rules[] = "required,mail,Vergeet je e-mailadres niet in te vullen.";
$rules[] = "valid_email,mail,Voer een geldig e-mailadres in.";
$rules[] = "required,akkoord,Je moet akkoord gaan met de actievoorwaarden.";
$errors = validate_fields($_POST, $rules);
$criteria = array("mail" => $_POST["mail"]);
if (!ft_api_check_submission_is_unique(4, $criteria, $fields["form_tools_submission_id"]))
{
$errors[] = "Sorry, dit e-mailadres heeft reeds deelgenomen aan onze wedstrijd.";
}
// no errors - great! Now we process the page. The ft_api_process_form does
// the job of both updating the database and redirecting to the next page
if (empty($errors))
{
$params = array(
"submit_button" => "submit_button",
"next_page" => "thankyou.php",
"form_data" => $_POST,
"finalize" => true
);
ft_api_process_form($params);
}
// it failed validation. Update $fields with the latest contents of the form data
else
{
$fields = array_merge($_SESSION["form_tools_form"], $_POST);
}
}
?>RE: IP filtering - Joe - Oct 28th, 2013
You can just block the IP with PHP: http://stackoverflow.com/questions/2869893/block-specific-ip-block-from-my-website-in-php
Cheers,
Joe
RE: IP filtering - webfoundry - Oct 29th, 2013
Cool ! Simple and effective !
Thanks Joe
RE: IP filtering - Joe - Oct 31st, 2013
No problem! Happy Halloween!
Cheers,
Joe