PHPFanBase JavaScript Spam Protection

Note: PHPFanBase is an old script with known security issues. Use with caution.

This tutorial will show you how to implement basic JavaScript protection to deter automated spam bots from filling in fake applications at your PHPFanBase-powered fanlisting.

Open join.php and find the following line (and fix the typo “Subtmit”; this should be “Submit”):
<td><input type="submit" name="Subtmit Button" value="Join!" size="30" class="button"> <input type="reset" name="Reset Button" value="Don't" size="30" class="button"></td>

..just after the reset button code, and just before the </td>, add the following:
<script type="text/javascript">
document.write('<input type="hidden" name="spamproofing" id="spamproofing" value="SPAMWORD" />');
<noscript><div>JavaScript must be enabled to join due to spam restrictions in place.</div></noscript>

Next, find:
<? } elseif (isset($_GET['action']) && $_GET['action'] == "process") {
After it, add:
if (!isset($_POST['spamproofing']) || $_POST['spamproofing'] != "SPAMWORD") {
echo "<p>JavaScript must be enabled to join here due to spam restrictions in place.</p>";

Swap SPAMWORD for a word of your choice — make sure both occurances are absolutely identical otherwise people won’t be able to join your fanlistings!

You can test your new spam proofing by turning off JavaScript and trying to join your own fanlisting/s.

Please note: this method of spam reduction is not completely foolproof. There is no way to 100% prevent spam. This method will only work against spam bots that do not understand JavaScript.

Speak Your Mind