I recently built a contact form for my employers corporate site and it was fine until a week or so ago. Suddenly I started getting tons of SEO spam from various different bots it seems. I immediately installed a reCaptcha and also a blank dummy field to try and catch spammers. Neither of these items seemed to work so I made a list ditch effort to try and make a "no-javascript" catch since most bots can't use javascript. This didn't work either! Any ideas what I could do from this point, I'm kind of limited by GoDaddy's hosting which doesn't allow my to use the standard mail() function. I have to use some of their code to make the php mail work... Here is the current code I am using. Could somebody please give me a suggestion about what I am doing wrong? I'm fairly new to PHP. Thank you in advance!
Both of these files are missing the reCaptcha keys for my security. I promise I usually have them in there.
Contact.php - I left out the Javascript in the header which removes the "spambot" input field if Javascript is enabled.
<div class="pageDetail">
<?php
if (isset($_GET['success']))
{
$success = $_GET['success'];
if($success=="yes")
{
echo '<p class="yay">Thank you for submitting your message! We will get back to your as soon as possible.</p>';
}
if($success=="spam")
{
echo '<p class="oops">Sorry, your message did not send.</p>';
}
}
?>
<form action="contactAction.php" method="post" id="contact" name="contact">
<fieldset>
<legend><h2>Contact DigitalTown</h2></legend>
<input type="hidden" name="subject" value="Form Submission" />
<input type="hidden" name="redirect" value="contact.php?success=yes" />
<label for="name">Name</label>
<input type="text" id="name" name="name" class="required" minlength="2"/>
<label for="email">E–mail</label>
<input type="text" id="email" name="email" class="required email"/>
<label for="message">Message</label>
<textarea id="message" name="message" cols="50" rows="10" class="required"></textarea>
<label>Special</label>
<div class="security">
<?php
require_once('recaptchalib.php');
$publickey = " My Public Key is in here"; // you got this from the signup page
echo recaptcha_get_html($publickey);
?>
</div>
<input type="text" name="question" class="question" value="">
<input class="spam" name="spambot" type="hidden" value="contact.php?success=spam" />
<button type="submit">Send</button>
</fieldset>
</form>
</div>
contactAction.php
<?php
if (isset($_POST['spambot'])) {
// redirect user to location specified in spambot
header("Location: http://" . $_SERVER["HTTP_HOST"] . "/" . $_POST['spambot']);
die();
}
if(!empty($_POST['question']))
{
die('Something went wrong, please try again.');
}
else
{
/* start recaptcha code */
require_once('recaptchalib.php');
$privatekey = "My Private key is here";
$resp = recaptcha_check_answer ($privatekey,
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
if (!$resp->is_valid)
{
die ("The reCAPTCHA wasn't entered correctly. Go back and try it again." .
"(reCAPTCHA said: " . $resp->error . ")");
}
else
{
$request_method = $_SERVER["REQUEST_METHOD"];
if($request_method == "GET")
{
$query_vars = $_GET;
}
elseif ($request_method == "POST")
{
$query_vars = $_POST;
}
reset($query_vars);
$t = date("U");
$file = $_SERVER['DOCUMENT_ROOT'] . "\ssfm\gdform_" . $t;
$fp = fopen($file,"w");
while (list ($key, $val) = each ($query_vars))
{
fputs($fp,"<GDFORM_VARIABLE NAME=$key START>\r\n");
fputs($fp,"$val\r\n");
fputs($fp,"<GDFORM_VARIABLE NAME=$key END>\r\n");
if ($key == "redirect")
{
$landing_page = $val;
}
}
fclose($fp);
if ($landing_page != "")
{
header("Location: http://".$_SERVER["HTTP_HOST"]."/$landing_page");
}
else
{
header("Location: http://".$_SERVER["HTTP_HOST"]."/");
}
}
/* end recaptcha code */
}
?>
