Help with guestbook to make it not spam-bot friendly

micko_escalade

Hi all!

I'm tierd to block ip's of spam bots in my guest book
source code
I was thinking to add at least a small check box so that is not easy to sign, can anyone help or have better idea?

here's the sign.php first part ( can't fit everything in this post)

<?php

/*
Xeobook v0.935 [2002-11-28]
http://xeoman.com
(c) 2002 Xeoman
*/

if ($trashnow == 'false') {
	header("Location: index.php");
}

$gb_user_ip = $REMOTE_ADDR;
$gb_user_host = @getHostByAddr($REMOTE_ADDR);
$gb_user_agent = $HTTP_USER_AGENT;
$gb_user_lang = substr($HTTP_ACCEPT_LANGUAGE, 0, 2);
if (!$gb_user_lang) {$gb_user_lang = 'en';}

include('config.php');

$conf_magicquotes = get_magic_quotes_gpc();
if (!$gb_lang_installed) {$gb_langpath = 'lang/en.php';}
if (eregi($gb_user_lang, $gb_lang_installed)) {
    @include('lang/' . $gb_user_lang . '.php');
} else {
    @include($gb_langpath);
}

session_start();
if (!$PHPSESSID) {
	session_register('gb_parole_try');
} elseif (!$gb_parole_try) {
	session_register('gb_parole_try');
}

if (($gb_flood_ip == $gb_user_ip) && (abs(time() - $gb_flood_last) < ($gb_flood_min * 60))) {
    $gb_flooding = 'true';
} else {
    $gb_flooding = NULL;
}
echo $testme;

function format_entries($reval) {
	if ($reval) {
		global $gb_tags, $gb_entrymaxlength;
		$reval = trim($reval);
		$reval = strip_tags($reval, $gb_tags);
		if (strlen($reval) > $gb_entrymaxlength) {
			$reval = substr($reval, 0, $gb_entrymaxlength);
			$reval .= $m_maxchars;
		}
		$reval = str_replace("  ", " ", $reval);
		$reval = str_replace("\n ", "\n", $reval);
	}
	return $reval;
}

function format_wordlength($text) {
	global $gb_entrywordlength;
	$text_array = split (Chr(32), $text);
	for ($i=0; $i < sizeof($text_array); $i++) {
		if (strlen($text_array[$i]) > $gb_entrywordlength) {
			$text_array[$i] = substr($text_array[$i], 0, $gb_entrywordlength);
        }
    }
	$text = implode(Chr(32), $text_array);
	return $text;
}

function format_entrylength($entryval, $entrylength) {
	if (!$entrylength) {
	    $entrylength == 40;
	}
	if (strlen($entryval) < $entrylength) {
	   	$entryval = substr($entryval, 0, $entrylength); 
	}
	return $entryval;
}

if (strlen(format_entries($gb_entry_text)) < $gb_entryminlength) {
    $gb_entry_text = NULL;
}
#========================================
#  This will happen if you click SIGN GUESTBOOK
#========================================
if (($todo == 'add') && ($gb_flooding)) {
	$msg = "<p class=\"messagetext\">$m_signedalready<br></p><p><a class=\"buttonview\" href=\"index.php\">Back</a><br></p>";

} elseif  ($todo == 'add' && ($gb_entry_text)) {

$gb_entry_date = date("Y-m-d H:i:s");

if (!eregi("^[_a-z0-9-]+(\\.[_a-z0-9-]+)*@([0-9a-z][0-9a-z-]*[0-9a-z]\\.)+[a-z]{2,4}$", $gb_email)) {
	$gb_email = NULL;
}
if ($gb_homepage == 'http://') {
	$gb_homepage = NULL;
}
if (!eregi("^http://[_a-z0-9-]+\\.[_a-z0-9-]+", $gb_homepage)) {
	$gb_homepage = NULL;
}

if (!$gb_fullname) {
	$gb_fullname = $gb_noname;
}
$gb_fullname = format_entries($gb_fullname);
$gb_fullname = format_entrylength($gb_fullname, 20);
$gb_sex = format_entries($gb_sex);
$gb_sex = format_entrylength($gb_sex, 6);
$gb_location = format_entries($gb_location);
$gb_location = format_entrylength($gb_location, 20);
$gb_url = format_entries($gb_url);
$gb_url = format_entrylength($gb_url, 100);
$gb_email = format_entries($gb_email);
$gb_email = format_entrylength($gb_email, 50);
$gb_entry_text = format_entries($gb_entry_text);
$gb_entry_text = format_wordlength($gb_entry_text);
$gb_comment_text = format_entries($gb_comment_text);
$gb_comment_text = format_wordlength($gb_comment_text);
$gb_mess_brand = format_entries($gb_mess_brand);
$gb_mess_brand = format_entrylength($gb_mess_brand, 20);
$gb_mess_nick = format_entries($gb_mess_nick);
$gb_mess_nick = format_entrylength($gb_mess_nick, 15);
$gb_user_pass = md5(session_id() . rand(1, 999) . time());

$link = @mysql_connect ("$sql_host", "$sql_id", "$sql_pass")
or die ($sql_error);
@mysql_select_db("$sql_db");

if ($conf_magicquotes == 0) {
	foreach($GLOBALS as $k=>$v) {
		if (substr_count($k, "gb_") > 0) {
				$GLOBALS[$k] = addslashes($v);
		}
	}
}

$insertstring = "INSERT INTO $sql_table(gb_fullname, gb_sex, gb_email, gb_homepage, gb_location, gb_entry_text, gb_entry_date, gb_mess_brand, gb_mess_nick, gb_user_ip, gb_user_host, gb_user_agent, gb_user_lang, gb_user_pass) VALUES "  .
"('$gb_fullname', '$gb_sex', '$gb_email', '$gb_homepage', '$gb_location', '$gb_entry_text', '$gb_entry_date', '$gb_mess_brand', '$gb_mess_nick', '$gb_user_ip', '$gb_user_host', '$gb_user_agent', '$gb_user_lang', '$gb_user_pass');";

mysql_query($insertstring);
mysql_close ($link);
session_register('gb_flood_ip');
session_register('gb_flood_last');
$gb_flood_ip = $gb_user_ip;
$gb_flood_last = time();
$msg = "<p class=\"messagetext\"><strong>" . $gb_fullname . "</strong><br><br>" . $gb_entry_text . "</p><p><a class=\"buttonview\" href=\"index.php\">$m_back</a><br></p>";
$msg = stripslashes($msg);
$msg = nl2br($msg);

if (($domain_emailnewentries == 'true') || ($domain_emailguest == 'true')) {
	if (!$gb_email) {
		$gb_emailfrom = $domain_emailadmin;
	} else {
		$gb_emailfrom = $gb_email;
	}
	$mailheaders = 'From: ' . $gb_fullname . ' <' . $gb_emailfrom . ">\n";
	$mailheaders .= 'Reply-To: ' . $gb_fullname . ' <' . $gb_emailfrom . ">\n";
	$gb_sendmail = $domain_title . $m_subject2 . $gb_fullname . "\n";
	$gb_sendmail .= "__________________________________________________\n\n";
	$gb_sendmail .= strip_tags(stripslashes($gb_entry_text));
	$gb_sendmail .= "\n\n__________________________________________________\n";
	$gb_sendmail .= 'date: ' . date("Y-m-d H:i:s") . "\n";
	$gb_sendmail .= 'host:  ' . $gb_user_host . "\n";
	$gb_sendmail .= 'agent: ' . $gb_user_agent . "\n";
	$gb_sendmail .= 'url:   ' . $domain_url . '?uid=' . $gb_user_pass . "\n\n";
	if ($domain_emailnewentries == 'true') {
		@mail($domain_emailadmin, $m_subject1 . $domain_title, $gb_sendmail, $mailheaders);
	}
	if ($domain_emailguest == 'true' && $gb_email != '') {
		$mailheaders = "From: " . $domain_title . " <" . $gb_emailadmin . ">\n";
		$mailheaders .= "Reply-To: " . $domain_title . " <" . $gb_emailadmin . ">\n";
	    @mail($gb_email, $m_subject1 . $domain_title, $gb_sendmail, $mailheaders);
	}
}

} elseif (($todo == 'add') && (!$gb_entry_text)) {
	$msg = "<p class=\"messagetext\">$m_notext</p><p><a class=\"buttonview\" href=\"sign.php\">$m_back</a><br></p>";
}

#========================================
#  This will happen if icon/button TRASH was clicked
#========================================
if (($todo == 'trash') && (!$gb_parole_try)) {
	$msg = "<p class=\"messagetext\">$m_trash<strong> " . $name . "</strong>.";
	$msg .= "<br>$m_password<br><br>";
	$msg .= "<input type=\"hidden\" name=\"todo\" value=\"trash\">";
	$msg .= "<input type=\"hidden\" name=\"gb_parole_status\" value=\"true\">";
	$msg .= "<input type=\"hidden\" name=\"name\" value=\"$name\">";
	$msg .= "<input type=\"hidden\" name=\"id\" value=\"$id\">";
	$msg .= "<input type=\"password\" name=\"gb_parole_try\" maxlength=\"100\"></p>";
	$msg .= "<p><input class=\"buttonsend\" type=\"submit\" value=\"$m_continue\"></p>";
}

if (($todo == 'trash') && ($id) && ($gb_parole_try)) {
	if (($gb_parole_try == $gb_parole) || ($gb_parole_try == md5($gb_parole))) {
		if (!$trashnow) {
			$msg = "<p class=\"messagetext\"><strong>$m_confirmation</strong><br>";
			$msg .= "<input class=\"radio\" type=\"radio\" name=\"trashnow\" value=\"false\" checked onFocus=\"if(this.blur)this.blur()\">$m_trashkeep $name<br>";
			$msg .= "<input class=\"radio\" type=\"radio\" name=\"trashnow\" value=\"true\" onFocus=\"if(this.blur)this.blur()\">$m_trashnow $name<br></p><p>";
			$msg .= "<input type=\"hidden\" name=\"todo\" value=\"trash\">";
			$msg .= "<input type=\"hidden\" name=\"id\" value=\"$id\">";
			$msg .= "<input type=\"hidden\" name=\"name\" value=\"$name\">";
			$msg .= "<input class=\"buttonsend\" type=\"submit\" value=\"$m_continue\"></p>";
		} elseif ($trashnow == 'true')  {
			$link = @mysql_connect ("$sql_host", "$sql_id", "$sql_pass")
			or die ($sql_error);
			@mysql_select_db("$sql_db");

		$killstring = "DELETE from $sql_table WHERE gb_number='$id';";
		@mysql_query($killstring);
		@mysql_close ($link);
		$msg = "<p class=\"messagetext\"><strong>" . $name . "</strong> $m_trashdone</p><p><a class=\"buttonview\" href=\"index.php\">$m_back</a><br></p>";

	}
}
}
#========================================
#  This will happen if icon COMMENT was clicked
#========================================

any help is appreciated!

micko_escalade

if ($todo == 'comment' && ($id) && (!$gb_parole_try)) {
		$msg = "<p class=\"messagetext\">$m_comment <strong>$name</strong>.";
		$msg .= "<br>$m_password<br><br>";
		$msg .= "<input type=\"hidden\" name=\"todo\" value=\"comment\">";
		$msg .= "<input type=\"hidden\" name=\"gb_parole_status\" value=\"true\">";
		$msg .= "<input type=\"hidden\" name=\"name\" value=\"$name\">";
		$msg .= "<input type=\"hidden\" name=\"id\" value=\"$id\">";
		$msg .= "<input type=\"password\" name=\"gb_parole_try\" maxlength=\"50\"></p>";
		$msg .= "<p><input class=\"buttonsend\" type=\"submit\" value=\"$m_comment\"></p>";
}

if ($todo == 'commentnow') {
	if ($gb_parole_try == $gb_parole || $gb_parole_try == md5($gb_parole)) {
	$gb_comment_date = date("Y-m-d H:i:s");		# current date for comment
	$link = @mysql_connect ("$sql_host", "$sql_id", "$sql_pass")
	or die ($sql_error);
	@mysql_select_db("$sql_db");

$gb_fullname = format_entries($gb_fullname);
$gb_fullname = format_entrylength($gb_fullname, 20);
$gb_sex = format_entries($gb_sex);
$gb_sex = format_entrylength($gb_sex, 6);
$gb_location = format_entries($gb_location);
$gb_location = format_entrylength($gb_location, 20);
$gb_url = format_entries($gb_url);
$gb_url = format_entrylength($gb_url, 100);
$gb_email = format_entries($gb_email);
$gb_email = format_entrylength($gb_email, 50);
$gb_entry_text = format_entries($gb_entry_text);
$gb_entry_text = format_wordlength($gb_entry_text);
$gb_comment_text = format_entries($gb_comment_text);
$gb_comment_text = format_wordlength($gb_comment_text);
$gb_mess_aim = format_entries($gb_mess_brand);
$gb_mess_aim = format_entrylength($gb_mess_brand, 20);
$gb_mess_icq = format_entries($gb_mess_nick);
$gb_mess_icq = format_entrylength($gb_mess_nick, 15);

if ($conf_magicquotes == 0) {
	foreach($GLOBALS as $k=>$v) {
		if (substr_count($k, "gb_") > 0) {
				$GLOBALS[$k] = addslashes($v);
		}
	}
}

$commentstring = "UPDATE $sql_table SET gb_fullname = \"$gb_fullname\", gb_sex = \"$gb_sex\", gb_email = \"$gb_email\", gb_homepage = \"$gb_homepage\", gb_location = \"$gb_location\", gb_entry_text = \"$gb_entry_text\", gb_comment_text = \"$gb_comment_text\", gb_comment_date = \"$gb_comment_date\" WHERE gb_number=\"$id\"";
@mysql_query($commentstring);
@mysql_close ($link);

if (($domain_emailcomments == 'true') && ($gb_email)) {
	$mailheaders = "From: " . $gb_fullname . " <" . $gb_emailfrom . ">\n";
	$mailheaders .= "Reply-To: " . $gb_fullname . " <" . $gb_emailfrom . ">\n";
	$gb_sendmail = $m_subject1 . $domain_title . "\n";
	$gb_sendmail .= $m_commentmail . "\n" . $domain_url . '?uid=' . $uid . "\n";
	$mailheaders = "From: " . $domain_title . " <" . $gb_emailadmin . ">\n";
	$mailheaders .= "Reply-To: " . $domain_title . " <" . $gb_emailadmin . ">\n";
	@mail($gb_email, $m_subject1 . $domain_title, $gb_sendmail, $mailheaders);
}

$msg = "<p class=\"messagetext\">$m_comment <strong>$gb_fullname</strong> $m_commentdone</p><p><a class=\"buttonview\" href=\"index.php\">$m_back</a><br></p>";
}
}
#========================================
#  This will happen if PASSWORD incorrect
#========================================
if ($gb_parole_status == 'true') {
	if (($gb_parole_try != $gb_parole) && ($gb_parole_try != md5($gb_parole))) {
	session_unregister('gb_parole_try');
	$msg = "<p class=\"messagetext\">$m_passwordwrong</p><p><a class=\"buttonview\" href=\"index.php\">$m_back</a><br></p>";
	}
}
#========================================
#  Html-Code starts
#========================================

micko_escalade

?>
<html>
<head>
<title><?php echo $m_subject1 . $domain_title; ?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="keywords" content="<?php echo "$domain_title Xeobook $gb_version"; ?> Guestbook PHP MySQL http://xeoman.com">
<meta name="author" content="Xeoman">
<meta name="revisit-after" content="1 month">
<meta name="robots" content="index follow">
<link rel="STYLESHEET" type="text/css" href="<?php echo $gb_themepath . "style.css"; ?>">
</head>

<body>

<?php
#========================================
# If there is a MESSAGE show it and abort script
#========================================
if ($msg) {
	echo "<form action=\"sign.php\" method=\"post\" ";
	if ($todo || $gb_flooding) {
	    echo "onsubmit=\"document.forms[0].gb_parole_try.value = calcMD5(document.forms[0].gb_parole_try.value)\">";
	}
	if (file_exists($gb_header)) {
		@readfile($gb_header);
	}
	echo "\n<table width=\"$table_width\" align=\"center\" border=\"0\">\n";
	echo "\n<tr><td><p><a class=\"buttonview\" href=\"index.php\" target=\"_self\">$m_view</a></p>\n";
	echo $msg;
	echo "\n</td></tr></table></form>\n";
	if (!$gb_parole_try){
		echo "<script language=\"JavaScript\" src=\"" . $gb_path_md5 . "\"> </script>\n";
		echo "<script language=\"JavaScript\">\n<!--\n";
		echo "document.forms[0].gb_parole_try.select();\n";
		echo "document.forms[0].gb_parole_try.focus();\n";
		echo "//-->\n</script>\n";
	}
	if (file_exists($gb_footer)) {
		@readfile($gb_footer);
	}
	echo "</body></html>";
	exit;
}
#========================================
# Otherwise go on checking if we sign or comment
#========================================

if (file_exists($gb_header)) {
	@readfile($gb_header);
}
?>

<table width="<?php echo $table_width; ?>" align="center" border="0">
<tr><td width="100">&nbsp;</td>
<td><p class="columnright"><a class="buttonview" href="index.php" target="_self"><?php echo $m_view; ?></a></p></td></tr></table>
<form action="sign.php" method="post">
<table class="adminbg" width="<?php echo $table_width; ?>" align="center" cellspacing="0">

<?php
if ($todo == 'comment' && ($id)) {
	if ($gb_parole_try == $gb_parole ||  $gb_parole_try == md5($gb_parole)) {
		$link = mysql_connect ("$sql_host", "$sql_id", "$sql_pass")
		or die ($sql_error);
		mysql_select_db("$sql_db");

	$query = "SELECT * FROM $sql_table WHERE gb_number='$id' ";
	$show = mysql_query( $query );	
	$row = mysql_fetch_object( $show );
	mysql_close ($link);
}
}
?>
<tr><td colspan="2">&nbsp;</td></tr>
<tr><td width="100">
<p class="columnleft"><?php echo $m_name; ?></p></td>
<td><p class="columnright">
<input type="text" name="gb_fullname" maxlength="40" tabindex="1"  title="<?php echo $m_name_title; ?>" value="<?php if ($todo == 'comment' ) {echo $row->gb_fullname;} ?>"></p></td></tr>

<?php
if ($gb_sexask == "true") {
	echo "<tr><td>&nbsp;</td>";
	echo "<td><p class=\"columnright\"><input class=\"radio\" type=\"radio\" name=\"gb_sex\" value=\"female\"";
      if ($todo == 'comment' && $row->gb_sex == "female") {
	   echo " checked";
	   }
	echo " onFocus=\"if(this.blur)this.blur()\">$m_sex_female <input class=\"radio\" type=\"radio\" name=\"gb_sex\" value=\"male\"";
	   if ($todo == 'comment' && $row->gb_sex == "male") {
	   echo " checked ";
	   }
	echo " onFocus=\"if(this.blur)this.blur()\">$m_sex_male </p></td>";
}
?>

</tr>
<tr>
      <td><p class="columnleft"><?php echo $m_location; ?></p></td>
      <td><p class="columnright"><input type="text" name="gb_location" maxlength="40" tabindex="2" title="<?php echo $m_location_title; ?>" value="<?php if ($todo == 'comment' ) {echo $row->gb_location;} ?>"></p></td>
</tr>
  <tr>
      <td><p class="columnleft"><?php echo $m_email; ?></p></td>
      <td><p class="columnright"><input type="text" name="gb_email" maxlength="60" tabindex="3" value="<?php if ($todo == 'comment' ) {echo $row->gb_email;} ?>"></p></td>
  </tr>
  <tr>
      <td><p class="columnleft"><?php echo $m_url; ?></p></td>
      <td><p class="columnright"><input type="text" name="gb_homepage" maxlength="100" tabindex="4" title="<?php echo $m_url_title; ?>" value="<?php if ($todo == 'comment') {echo $row->gb_homepage;} else {echo "http://";} ?>"></p></td>
  </tr>
  <tr>
    <td><p class="columnleft"><?php echo $m_text; ?></p><br></td>
    <td><p class="columnright">
      <textarea name="gb_entry_text" cols="47" rows="7" lang="<?php echo $gb_user_lang; ?>" tabindex="5" title="<?php echo $m_text_title; ?>"><?php if ($todo == 'comment') {echo $row->gb_entry_text;}?></textarea></p>
    </td>
  </tr>

<tr>
<?php
if ($todo == 'comment' && ($id)) {
	if ($gb_parole_try == $gb_parole ||  $gb_parole_try == md5($gb_parole)) {	
		echo "
		<td><p class=\"columnleft\">$m_comment</p></td><td><p class=\"columnright\">
		<textarea name=\"gb_comment_text\" cols=\"47\" rows=\"7\" title=\"$m_text_title\">";
		if ($row->gb_comment_text) {
			echo $row->gb_comment_text;
		}
			echo "</textarea></p>";
		if ($row->gb_email) {
			echo "<p class=\"columnright\"><input class=\"radio\" type=\"checkbox\" name=\"domain_emailcomments\" value=\"true\" onFocus=\"if(this.blur)this.blur()\">$m_commentnotify $row->gb_email</p>";
		}
		echo "</td></tr><tr><td colspan=\"2\">&nbsp;</td></tr></table>
				<table width=\"$table_width\" align=\"center\"><tr>
				<td width=\"100\">&nbsp;</td>
				<td><p class=\"columnright\">
				<input type=\"hidden\" name=\"todo\" value=\"commentnow\">
				<input type=\"hidden\" name=\"gb_parole_status\" value=\"true\">
				<input type=\"hidden\" name=\"uid\" value=\"$row->gb_user_pass\">
				<input type=\"hidden\" name=\"id\" value=\"$id\">
				<input class=\"buttonsend\" type=\"submit\" value=\"$m_comment\"></p></td>";
	}
} else {
	echo "<td colspan=\"2\">&nbsp;</td></tr></table>
			<table width=\"$table_width\" align=\"center\"><tr>
			<td width=\"100\">&nbsp;</td>
			<td><p class=\"columnright\">
			<input type=\"hidden\" name=\"todo\" value=\"add\">
			<input class=\"buttonsend\"  type=\"submit\" value=\"$m_sign\"></p></td>";
}
?>

</tr>
<tr><td>
</table>
</form>

<?php
if (file_exists($gb_footer)) {
	@readfile($gb_footer);
}
?>

<script language="JavaScript" type="text/javascript">
<!--
document.forms[0].gb_fullname.select();
document.forms[0].gb_fullname.focus();
//-->
</script>
</body>
</html>