ReCaptcha or Anti-Spam for Enthusiast?

Home Forums Scripts Enthusiast ReCaptcha or Anti-Spam for Enthusiast?

Tagged: , ,

This topic contains 3 replies, has 3 voices, and was last updated by  Vera 1 year, 8 months ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • September 12, 2011 at 10:57 pm #13974

    Eden
    Participant

    Does anyone know of a way to add recaptcha to Enthusiast? I’m getting a ton of spam members and it’s driving me insane! If not recaptcha, maybe another type of anti-spam?

    September 13, 2011 at 12:20 am #14952

    amphigory
    Participant

    Oftentimes I find the best anti-spam is the simplest and needs no action on the user’s part. Usually a bot scours the web for forms, grabs the names of each field in the form, then blasts your server with POST requests containing the field names.

    What I do is create a key when a user visits the site. That key is submitted with the form, and if it doesn’t match the value that’s stored for that visitor, the form fails.

    <?php
    
session_start();
    

    
// Initiates a key. If one doesn't exist, it's created and will expire
    
// 15 minutes after creation (after which a new one is created).
    
function nonce($reset = false)
    
{
    
$secret_key = 'Replace this with some super random string.';
    

    
// Create a new key if the nonce isn't set, it's expired, or
    
// if ordered to reset it
    
if (
    
!isset($_SESSION)
    
|| time() > $_SESSION
    
|| $reset
    
) {
    
// Return the new key
    
return $_SESSION = array(
    
'key' => md5($secret_key . microtime(1)),
    
'expire' => time() + 900
    
);
    
}
    

    
// Return the existing key
    
return $_SESSION;
    
}
    

    
// Creates or retrieves a key
    
$nonce = nonce_key();
    

    
// If a POST request is active (i.e., submitting a form)
    
if ($_SERVER === 'POST') {
    

    
// Check that the key is valid
    
if ($_POST === $nonce) {
    
// Everything's cool. Do what you need to do.
    
} else {
    
die('Stupid bots.');
    
}
    

    
}
    
?>

    The “nonce” function should be included on every page that you have a form, because you’ll need to retrieve the value of the key.

    <!DOCTYPE html>
    
<head></head>
    
<body>
    
<form action="." method="post">
    
<div>
    
<input type="hidden" name="hello_bots" value="<?php echo $nonce; ?>">
    
<input name="name">
    
<input name="email">
    
<input type="submit">
    
</div>
    
</form>
    
</body>
    
</html>

    Because the key is unique, bots will never know the value of it. There’s a very slim chance they could ever correctly guess it. That means the value of the “hello_bots” is wrong, and the form doesn’t process.

    There’s at least one downside. If a visitor is on the same page for more than 15 minutes, the key will have expired. If they submit the form, it will fail because they’re submitting the old key. It also won’t work on cached pages.

    September 20, 2011 at 11:01 pm #14953

    Eden
    Participant

    Thanks for this but… this question was specifically for adding Anti-Spam to the Fanlisting script “Enthusiast”, not a general web form. I don’t manually add forms on my fanlistings, Enthusiast does this for me.

    September 21, 2011 at 10:56 am #14954

    Vera
    Participant

    ^ you could however, edit the form templates with amphigory’s suggestion.

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.