FORUMS


The Form Tools forums are no longer active, but the old posts have been archived here. Please see the Help page on how to get help / report issues.

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Hidden Fields Method of Spam Prevention
#1
Hello:

I have created a few forms using Form Tools version 2.0. I have employed the hidden fields method of spam prevention as outlined in this page:

http://modules.formtools.org/submission_...on_example

All seems to work fine, with no messages appearing in the control panel when the hidden fields are filled in. The problem is that the system still sends an email to the owner of the form telling him/her that there is a new message and with all of the fields on the email message blank.

Anyway to have the system not send any kind of message at all when a hacker bot fills in a hidden field?

Any help is appreciated.
Reply
#2
Hi,

Can you confirm that the 'spam' form submissions aren't showing up in the FT admin panel (as you would expect).

Martin
Reply
#3
Correct...they are not showing up in the form's admin section.
Reply
#4
Damn... this is a bug. I refactored the ft_api_process_form() function a little while back and must have missed this. Drat!

I know this isn't ideal, but you can fix this by manually changing your api.php file. Assuming all goes well I'll include this fix in the next API version so that you'll be able to upgrade safely.

Here's how to do it.
1. Edit your /global/api/api.php file,
2. Scroll down to line 850. You should see this chunk of code:

PHP Code:
if ($passes_captcha && !empty($next_page) && !$is_deleting_file)
  {
    
// if the user wasn't putting through a test submission or initializing the form, we can send safely
    // send emails at this juncture, but ONLY if it was just finalized
    
if ($form_id != "test" && $submission_id != "test" && !isset($_SESSION[$namespace]["form_tools_initialize_form"]))
    {
      
// send any emails attached to the on_submission trigger
      
if ($is_finalized == "yes")
        
ft_send_emails("on_submission"$form_id$submission_id);
    }

    
header("location: $next_page");
    exit;
  } 

Change it to this:

PHP Code:
if ($passes_captcha && !empty($next_page) && !$is_deleting_file)
  {
    
// if the user wasn't putting through a test submission or initializing the form, we can send safely
    // send emails at this juncture, but ONLY if it was just finalized
    
if ($form_id != "test" && $submission_id != "test" && !isset($_SESSION[$namespace]["form_tools_initialize_form"])
      && !isset(
$form_data["form_tools_ignore_submission"]))
    {
      
// send any emails attached to the on_submission trigger
      
if ($is_finalized == "yes")
        
ft_send_emails("on_submission"$form_id$submission_id);
    }

    
header("location: $next_page");
    exit;
  } 

I haven't confirmed this fix, so you're going to be the Beta tester I'm afraid. Smile But it should work fine.

Let me know how it goes.

- Ben
Reply
#5
Thanks, Ben. I appreciate the fix. I'll employ it and have the client let me know if he see's any more problems.


(Mar 7th, 2010, 11:00 AM)Ben Wrote: Damn... this is a bug. I refactored the ft_api_process_form() function a little while back and must have missed this. Drat!

I know this isn't ideal, but you can fix this by manually changing your api.php file. Assuming all goes well I'll include this fix in the next API version so that you'll be able to upgrade safely.

Here's how to do it.
1. Edit your /global/api/api.php file,
2. Scroll down to line 850. You should see this chunk of code:

PHP Code:
if ($passes_captcha && !empty($next_page) && !$is_deleting_file)
  {
    
// if the user wasn't putting through a test submission or initializing the form, we can send safely
    // send emails at this juncture, but ONLY if it was just finalized
    
if ($form_id != "test" && $submission_id != "test" && !isset($_SESSION[$namespace]["form_tools_initialize_form"]))
    {
      
// send any emails attached to the on_submission trigger
      
if ($is_finalized == "yes")
        
ft_send_emails("on_submission"$form_id$submission_id);
    }

    
header("location: $next_page");
    exit;
  } 

Change it to this:

PHP Code:
if ($passes_captcha && !empty($next_page) && !$is_deleting_file)
  {
    
// if the user wasn't putting through a test submission or initializing the form, we can send safely
    // send emails at this juncture, but ONLY if it was just finalized
    
if ($form_id != "test" && $submission_id != "test" && !isset($_SESSION[$namespace]["form_tools_initialize_form"])
      && !isset(
$form_data["form_tools_ignore_submission"]))
    {
      
// send any emails attached to the on_submission trigger
      
if ($is_finalized == "yes")
        
ft_send_emails("on_submission"$form_id$submission_id);
    }

    
header("location: $next_page");
    exit;
  } 

I haven't confirmed this fix, so you're going to be the Beta tester I'm afraid. Smile But it should work fine.

Let me know how it goes.

- Ben
Reply
#6
Hi Ben,

I experienced the same problem, blank emails are send even though the submission is ignored. So I updated to v 2.0.1 (with the new API - I can confirm that the new code is included). However, blank emails are still send whenever a spammer uses the form (sorry). Any other suggestion how to handle this?

Thanks,
Erwin
Reply
#7
I am having the same problem. It continues after adding the suggested code. Any further suggestions?

I am using Formtools 2.0.0


thank you
roy degler
Reply
#8
I'm sorry to rehash an old post here...

I'm still having a problem here with this situation, even though I had employed the requested fix. For various reasons, we don't want to upgrade to the latest version just yet. Is there another workaround for this?

Thank you in advance.

Reply
#9
Hi Waizen,

Is this still a problem? If so, let me know (ben.keen@gmail.com) - I think I may need to take a look at it directly on your server to figure out what's going on.

- Ben
Reply
#10
Wow...been quite a while since I've visited this thread and I didn't see Ben's offer to take a look at my situation. Sorry, Ben.

I've got a new one related to this method: is this method of spam prevention supposed to work with the latest version of Form Tools (v. 2.2.7)? All of a sudden, I can't get this tutorial to work at all...all submissions go through, even if I enter something in in "bad", hidden, field. Has something change in the latest and greatest version of Form Tools since way back in 2011? I've followed the tutorial to the letter and everything submits.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)