In inc/show.addcomment.php find this: Around lines 200
- Code: Select all
if (!$name){
?>
<div class="error_message"><?=$echo['nameEmpty']; ?></div>
<?
return;
}
and add above: (Intentionally Left Blank)
- Code: Select all
if ($spam_check != ""){
?>
<div class="error_message">Error: Wrong code.</div>
<?
return;
}
Next add this CSS code to your css file or above your page. Code works in all browsers. Usually display:none works for all but on IE it tweaked out for me so I added height and filter properties. But will definately work on all browsers.
- Code: Select all
.web_address {
display: none;
height: 1px; width: 1px;
filter:alpha(opacity=0); opacity:.0;
}
Next add this into your Comment Form Template. Right below the e-mail input is the best place.
- Code: Select all
<div class="web_address"><b>Web Address:</b> <input type="text" name="spam_check" value="" /></div>
What this Does
Instead of letting the robot enter the code, this is a method called "negative effect" (or some crap like that). Its basically making the robot confirm that it's a robot. Because all robots (most) automatically fill out every fields in a form. To a human, you won't see it, so it'll be blank and left alone and you can comment.
The reason I named it web address is because it's a trick. Robots are smart, so if you use something tricky like web address, they will think it's a web address field and enter some crap there. I wanted to changed name="spam_check" to something more tricky but couldn't get it to work maybe FI-DD can shed some light on it.
Other stuff you can do
In inc/show.addcomment.php find this:
- Code: Select all
if (strlen($name) > 50) (lines 9)
if (strlen($mail) > 50) (line 18)
Change the values to something smaller. Most robots have long url's and long e-mails. Try limiting to 10-20 characters.
Find:
- Code: Select all
if (strlen($comments) > $config_comment_max_long and $config_comment_max_long and $config_comment_max_long != '0'){
Replace with:
- Code: Select all
if (strlen($comments) > 210){
Change the value to your liking. Next you need to tell your visitors how many characters are allowed. Place this at the top of your page, between the head tags.
- Code: Select all
<script language="javascript" type="text/javascript">
function limitText(limitField, limitCount, limitNum) {
if (limitField.value.length > limitNum) {
limitField.value = limitField.value.substring(0, limitNum);
} else {
limitCount.value = limitNum - limitField.value.length;
}
}
</script>
Add this into your Comment Form Template:
- Code: Select all
<textarea cols="40" rows="8" id="limitedtextarea" onKeyDown="limitText(this.form.limitedtextarea,this.form.countdown,200);"
onKeyUp="limitText(this.form.limitedtextarea,this.form.countdown,200);" name="comments" tabindex="3"></textarea><br />
<font size="1">(Maximum characters: 200)<br>
You have <input readonly type="text" name="countdown" size="3" value="200"> characters left.</font>
<br />
Even though I set 210 in the php file, i put 200 here. Just incase some crap screws up.
What this Does
Basically this saves your server from crazy dude trying to enter 6000 lines of smilies or 10,000 text or something. It'll help your site go faster and keep people from entering massive amounts of data. Also the shorted url and e-mail helps fight spam and robots. The javascript is mainly to protect from humans, because robots usually bypass javascript.
Dealing With Weird Characters and Symbols In Your Forms
People usually hackers, trying to hack your site or delete your files through bad php scripts will enter weird and malicious symbols and codes into your inputs and textarea forms. To defeat this purpose (well alteast to the noob hackers) I use this code in my name, and textarea field.
- Code: Select all
onchange="this.value=this.value.replace(/[^a-z\d]+/ig,' ')"
This will remove all wierd symbols and multiple spaces, except alpha numeric stuff that you type. It will remove more than 1 space between words. No periods as well which sucks...there's a way to fix it, but I lost the code.
Here's What Final Comment Form Looks Like
- Code: Select all
[if-logged]
<input type="hidden" name="name" tabindex="1" value="{username}" />
<input type="hidden" name="mail" tabindex="2" value="{usermail}" />
<input type="hidden" name="password" tabindex="3" value="{password}" />
[/if-logged]
[not-logged]
<b>Name: </b> <input id="name" type="text" size="20" name="name" tabindex="1" value="{savedname}" onchange="this.value=this.value.replace(/[^a-z\d]+/ig,' ')" /><br />
<b>E-mail:</b> <input id="mail" type="text" size="20" name="mail" tabindex="2" value="{savedmail}" /> <i>(optional)</i><br />
<div class="web_address"><b>Web Address:</b> <input type="text" name="spam_check" value="" /></div>
[/not-logged]
<textarea cols="40" rows="8" id="limitedtextarea" onKeyDown="limitText(this.form.limitedtextarea,this.form.countdown,200);"
onKeyUp="limitText(this.form.limitedtextarea,this.form.countdown,200);" onchange="this.value=this.value.replace(/[^a-z\d]+/ig,' ')" name="comments" tabindex="3"></textarea><br />
<font size="1">(Maximum characters: 200)<br>
You have <input readonly type="text" name="countdown" size="3" value="200"> characters left.</font>
<br />
<input class="input" type="submit" tabindex="4" name="submit" value="Leave a comment" />
<br />
<label for="rememberme">{remember} Remember?</label>
Basically I have all the stuff I talked about above in the form. I also use http://www.projecthoneypot.org code to help identify spammers and stuff. It's free and only requires one line of code. After you use them, you can get a list of know IP's which have been spamming.
Other Tips
Try to use the captcha and hidden field together
Error pages, should be tricky as well for the hidden field (like say "thank you" to trick the robot after it gets to the page)
Create multiple fields? (not sure if possible)
Use PHP, to randomize the class of the field so it tricks a robot. (need php mod)
Use Spam Filter (block out "http", "www") common spam words.
---------------------------------
EDIT. January 20th
Here's an example:
http://www.cursors-4u.com/cursor/2008/1 ... inter.html
