Captcha (request?)

I have a longstanding client web site which uses the PHP Feedback Form Action. Of late, there have been some spurious returns from Eastern Europe, which may be via spambots, but as they are only a few, could be just manual entry by mischief makers. The problem is quite manageable at the moment, but I am concerned (if spambots) it might grow.

Is there an easy way to add a Captcha to the form - I’m happy to copy/paste or key in a little code, if I’m shown what to do - or is it something that could be added to a future version of the Action.

I have found one coded possibility here -

http://www.white-hat-web-design.co.uk/articles/php-captcha.php

However I am not sure how this may affect the existing action. Any help would be appreciated.

Colin

---

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Colin,

you could do a search on hotscripts and see what that turns up, there
are also the PHP easiForm and PHP easiCaptcha actions for use with
Freeway although the latter action cannot be used with another form
that is not a PHP easiForm form the standard easiCaptcha most probably
could although this would involve a small amount of hand coding to
your form and to the processing script.

The following is for adding the match sum version of easiCaptcha, to
use the image captcha see:
http://www.easibase.com/easiCaptcha/index.php

NOTE: The following does not apply if using the PHP easiCaptcha action
with PHP easiForm as they along with Freeway do all the code
implementation, so you have no hand coding to do.

1. You would need to check for the ‘captcha error’ before running the
   form through the engine of the form processing script. This could
   probably be achieved by using a piece of code like the following and
   placing the processing code where ‘// Form processing stuff’ is
   written below.

<?php if ($ef_errors) { // Do not load the processing side of the script so the email is not sent if the captcha is not correct // And the easicaptcha error can be shown to the user } else { // Form processing stuff } ?>

2. You would need to place an include for easiCaptcha at the top of
   your form

<?php include_once('easiCaptchaM_config.php'); include_once('easiCaptchaM_a.php'); ?>

3. You should the add for following at the top of the form elements so
   if there is a captcha error the user can be shown some error text.

if ($ef_errors) {
echo $ef_errors;
}

4. You need the include for the captcha at the position the captcha is
   to appear

<?php include_once('easiCaptchaM_b.php'); ?>

5. You will need to upload ioncube loader for your server if not
   already available (Server needs to be ioncube compatible).

The link for the standard easiCaptcha is:
http://www.easibase.com/easiCaptcha/index.php

6. Your form of course needs to end in .php

If you need any help implementing this then just let me know.

HTH

On Nov 20, 2008, at 12:03 PM, ColinJA wrote:

I have a longstanding client web site which uses the PHP Feedback
Form Action. Of late, there have been some spurious returns from
Eastern Europe, which may be via spambots, but as they are only a
few, could be just manual entry by mischief makers. The problem is
quite manageable at the moment, but I am concerned (if spambots) it
might grow.

Is there an easy way to add a Captcha to the form - I’m happy to
copy/paste or key in a little code, if I’m shown what to do - or is
it something that could be added to a future version of the Action.

I have found one coded possibility here -

http://www.white-hat-web-design.co.uk/articles/php-captcha.php

However I am not sure how this may affect the existing action. Any
help would be appreciated.

Colin

---

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Thanks MIke

That’s helpful. I had thought about Easiform/Easicaptcha, but having a
form that works well I didn’t want to make too many changes until the
next site upgrade, which may not be that far away.

However, I’ll have a play in a few days, when I 'm less busy, as this
is not a client request, but my own concern at the moment.

I appreciate not just your reply, but your taking the time to show me
the way - and providing something that may help others on the Forum,
too.

Colin

On 20 Nov 2008, at 11:32, Mike B wrote:

… there are also the PHP easiForm and PHP easiCaptcha actions for
use with Freeway although the latter action cannot be used with
another form that is not a PHP easiForm form the standard
easiCaptcha most probably could although this would involve a small
amount of hand coding to your form and to the processing script.

---

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

I read that with interest, too, Mike, thanks for the explanations and instructions.

Out of pure interest…is there any logic to spambots finding and abusing forms? I ask this because I have several clients with fairly large, long-standing sites, some on the first page of a google search, with open (unprotected) forms…who receive no spam to my knowledge. However, I have several smaller clients like photographers and so on, nowhere on a google search and with relatively ‘minor’ sites, who are assaulted by spam all the time!

I find that curious…and wondered why?

Hugh

---

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

BTW, with easiForm you can also block messages that the user may try to send links in etc.

I started to get some mail from people/a person sending mail with [url] and [http] type tags as the form had ‘http://’ blocked, I guess they thought they would try that option when the http didn’t work, I simply added ‘[url,[http’ to the badwords filter and now have none of these type messages come any more. A C.A.P.T.C.H.A. would not stop these messages because they where being sent by an actual person, so that person just needs to answer the captcha but if the words they are using in these spam messages are blocked then it doesn’t matter if it is a bot or a person, they wouldn’t be able to send the email.

HTH

---

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

On 20 Nov 2008, 11:16 am, hugh wrote:
Out of pure interest…is there any logic to spambots finding and abusing forms? I ask this because I have several clients with fairly large, long-standing sites, some on the first page of a google search, with open (unprotected) forms…who receive no spam to my knowledge. However, I have several smaller clients like photographers and so on, nowhere on a google search and with relatively ‘minor’ sites, who are assaulted by spam all the time!

I find that curious…and wondered why?

Hugh

But are you sure these bigger companies don’t receive spam, I am sure they must do to some extent, or maybe they have a ‘Bad words’ filter option like I explained the PHP easiForm has ‘although I guess if you created these sites then you would know that where the case!’.
One other reason might be the fact that many smaller sites scripts are written with very basic email sending scripting that makes no attempt at stopping the forms from being used in various ways, if the script just picks up the form values passed on then run them through PHP’s mail() function for example then the script is wide open to abuse.

HTH

---

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

No, I know for a fact that they don’t receive spam. And the thing is, they’re using just the same ‘open’ form as the smaller sites - I found a couple of easy to implement PHP scripts at Hotscripts a while back and use them. There’s no additional trickery added to filter anything.

Weird isn’t it!

---

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

It’s a long time since you gave me your useful answer, Mike, but
thought I should record the outcome, now being used. It was easiForm
and easiCaptcha that captured me!

For such a small outlay it proved the easy answer - with the caveat
that this method works best without layers, which did give me an
initial headache, as layers cause a problem with the display of errors
and the Captcha message. They appeared in miniscule size if used with
a layer, even when styled.

Many thanks for your help Mike.

Colin

On 20 Nov 2008, at 11:32, Mike B wrote:

Colin,

you could do a search on hotscripts and see what that turns up,
there are also the PHP easiForm and PHP easiCaptcha actions for use
with Freeway although the latter action cannot be used with another
form that is not a PHP easiForm form the standard easiCaptcha most
probably could although this would involve a small amount of hand
coding to your form and to the processing script.

The following is for adding the match sum version of easiCaptcha, to
use the image captcha see:
Easibase: easiCaptcha

NOTE: The following does not apply if using the PHP easiCaptcha
action with PHP easiForm as they along with Freeway do all the code
implementation, so you have no hand coding to do.

1. You would need to check for the ‘captcha error’ before running
   the form through the engine of the form processing script. This
   could probably be achieved by using a piece of code like the
   following and placing the processing code where ‘// Form processing
   stuff’ is written below.

<?php if ($ef_errors) { // Do not load the processing side of the script so the email is not sent if the captcha is not correct // And the easicaptcha error can be shown to the user } else { // Form processing stuff } ?>

2. You would need to place an include for easiCaptcha at the top of
   your form

<?php include_once('easiCaptchaM_config.php'); include_once('easiCaptchaM_a.php'); ?>

3. You should the add for following at the top of the form elements
   so if there is a captcha error the user can be shown some error text.

if ($ef_errors) {
echo $ef_errors;
}

4. You need the include for the captcha at the position the captcha
   is to appear

<?php include_once('easiCaptchaM_b.php'); ?>

5. You will need to upload ioncube loader for your server if not
   already available (Server needs to be ioncube compatible).

The link for the standard easiCaptcha is:
Easibase: easiCaptcha

6. Your form of course needs to end in .php

If you need any help implementing this then just let me know.

HTH

---

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Hi Colin,

Freeway sets the style automatically in some circumstances where it
thinks there is no text, but if you type a space in that cell for
example, the problem should be solved and the style you have applied
will then show up. This is not the action but a Freeway idiosyncrasy.

Let me know if that doesn’t do the trick.

Best
Mike

On Jan 13, 2009, at 5:46 PM, Colin Alcock wrote:

It’s a long time since you gave me your useful answer, Mike, but
thought I should record the outcome, now being used. It was
easiForm and easiCaptcha that captured me!

For such a small outlay it proved the easy answer - with the caveat
that this method works best without layers, which did give me an
initial headache, as layers cause a problem with the display of
errors and the Captcha message. They appeared in miniscule size if
used with a layer, even when styled.

Many thanks for your help Mike.

Colin

On 20 Nov 2008, at 11:32, Mike B wrote:

Colin,

you could do a search on hotscripts and see what that turns up,
there are also the PHP easiForm and PHP easiCaptcha actions for use
with Freeway although the latter action cannot be used with another
form that is not a PHP easiForm form the standard easiCaptcha most
probably could although this would involve a small amount of hand
coding to your form and to the processing script.

The following is for adding the match sum version of easiCaptcha,
to use the image captcha see:
Easibase: easiCaptcha

NOTE: The following does not apply if using the PHP easiCaptcha
action with PHP easiForm as they along with Freeway do all the code
implementation, so you have no hand coding to do.

1. You would need to check for the ‘captcha error’ before running
   the form through the engine of the form processing script. This
   could probably be achieved by using a piece of code like the
   following and placing the processing code where ‘// Form processing
   stuff’ is written below.

<?php if ($ef_errors) { // Do not load the processing side of the script so the email is not sent if the captcha is not correct // And the easicaptcha error can be shown to the user } else { // Form processing stuff } ?>

2. You would need to place an include for easiCaptcha at the top of
   your form

<?php include_once('easiCaptchaM_config.php'); include_once('easiCaptchaM_a.php'); ?>

3. You should the add for following at the top of the form elements
   so if there is a captcha error the user can be shown some error text.

if ($ef_errors) {
echo $ef_errors;
}

4. You need the include for the captcha at the position the captcha
   is to appear

<?php include_once('easiCaptchaM_b.php'); ?>

5. You will need to upload ioncube loader for your server if not
   already available (Server needs to be ioncube compatible).

The link for the standard easiCaptcha is:
Easibase: easiCaptcha

6. Your form of course needs to end in .php

If you need any help implementing this then just let me know.

HTH

---

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

---

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Colin,

I just read the rest of the email and didn’t actually realise that it
was that long ago, so… there are actions now for using easiForm
with Freeway and this makes using the easiForm and easiCaptcha a lot
easier, if you are using easiForm then download the PHP easiForm
actions and use them, no hand coding, no need to set the form or form
action tags, basically:

1. Add the PHP easiForm ‘page’ action to the form page.

2. Add your form elements and give them a name in the inspector then
   add each one an instance of the PHP easiForm Elements action (The
   action will handle the value side). Do not use spaces in the element
   name, if you wanted a space in the formatting of the email and where
   using ‘Your name’ then enter ‘your_name’ (without quotes) as the name
   of the element in the inspector, the script will then convert this to
   ‘Your name: Jo Soap’ in the email and in cell or html item the PHP
   easiForm Errors’ is set will return: 'You need to enter a value for
   the ‘Your name’ field if it is set as required and the user doesn’t
   enter a value. The PHP easiForm Elements action should also be applied
   to the Submit button, it will set the name of the button but you can
   give it a value of what you prefer for your form.

3. Add an instance of the PHP easiForm Errors action to a cell above
   the form elements or into an html item, this will return feedback
   errors to the user if you have a required field set in the PHP
   easiForm action inspector and the user does not enter a value.

If you use the actions you do not need to do any more than this
(except upload the ioncube folder to the root or home folder of your
server, so if you have any hand coding added as was explained earlier
in this thread you should remove it all as the actions do all this,
they also create the processing script and config file so you no
longer need those now either.

There is a PHP easiForm actions tutorial here:
http://www.easibase.com/freeway/freeway_form.php

This also tells you a little about the option used in the action as
there are now quite a few, at least there are in the ‘Advanced’ mode.
At the end of the tutorial there is a bit about using the PHP
easiCaptcha action with your form, no need to do any hand coding here
now either… as long as your using Pro.

HTH
Mike

---

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Mike

Thanks for showing so much interest in the original problem. I had
already discovered the Actions and used these - and I have just
successfully tried the “space trick”, which would have a saved me un-
layering the ‘Error’ and ‘Captcha’ boxes. Useful anyway for another
two sites currently in progress. (What had puzzled me originally was
that it was only the two empty HTML boxes that had the problem, even
though styles where applied - now I know it’s just a FW quirk).

I am sure your answer will help others, too.

Colin

On 13 Jan 2009, at 20:08, Mike B wrote:

… if you are using easiForm then download the PHP easiForm actions
and use them …

---

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options