Integrating measures to stop bots from exploiting your forms is quite simple and very easy when using this code.
First of all you'll need PHP, I recommend version 5.
Secondly, you'll need it to be compiled with the GD library.
I'm going to have to go through this just brushing on your user systems as I don't know how they've been made, but I'll go through the logic and what you'll have to do.
1. Make a new file, call it generatecode.php and shove this in it:
|
<?php
header("Content-type: image/png"); $code = $_GET['code']; $width = 90; $height = 30; $im = @imagecreatetruecolor($width, $height) or die("Image creation b0rked"); for ($i = 0; $i < 250; $i++) { $rx1 = rand(0,$width); $rx2 = rand(0,$width); $ry1 = rand(0,$height); $ry2 = rand(0,$height); $rcVal = rand(0,255); $rc1 = imagecolorallocate($im, rand(0,255), rand(0,255), rand(0,250)); imageline ($im, $rx1, $ry1, $rx2, $ry2, $rc1); } $text_color = imagecolorallocate($im, rand(200,255), rand(0,100), rand(0,100)); $white = imagecolorallocate($im,255,255,255); imagestring($im, 1, 5, 5, "$code", $text_color); imagettftext($im, 20, -2, 10, 25, $text_color, $font, $code); // Write the text with a font imageline($im,5,15,80,20,$white); imagepng($im); imagedestroy($im); ?> |
2. Link to this image in your signup script and put a form field next to it. Something like this:
|
<?
$unique = rand(100000,999999); ?> <img src="/img_articles/11148/generatecode.php?code=<?=$unique?>" width="90" height="30" /> |
3. Make a copy of the unique variable in a hidden input tag:
| <input type="hidden" name="uniqt" id="uniqt" value="<?=$unique?>" /> |
4. Now when the user submits the form, check the value against the hidden input value. If it matches, continue. If it doesn't, exit.
That's about it really, to make it more secure you could also stop the page from loading in itself (i.e. making the process page a different page, not <?=$PHP_SELF?>) and then redirecting it to a different page.
Other methods would be to allow one submission per IP, email address or username. I've used this method on this site and it's so far stopped a few attacks from that Matt guy..
