Home/ Questions/Q 9096659
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-16T23:54:26+00:00

Introduction We were dealing with some spam-issue in an earlier project we did and

  • 0

Introduction

We were dealing with some spam-issue in an earlier project we did and prevent any spam bots with the following simple concept. I now want to implement this into a way larger project. Before I do this I wish to optimize it that this works in multiple forms on the same page, but I’m not getting the trick yet or I’m not sure if its worth rebuild this into a more complex version if its useless.

For clarification: I don’t want to deal with CAPTCHA or similar things. Just do a native solution.

Concept

If the user focus any input field of the form an AJAX-Query will be sent where a random hash-tag will be generated and stored into a $_SESSION variable. This hash will be also written into a hidden input-field called spamKey (for example).

After the user submit the form I check if the $_SESSION["spamKey"] variable is equal to the $_POST["spamKey"] variable so I decide to process the query or not.

The code

Simple form

<form action="index.php" method="post" id="formOne">

    <label for='input_eins'>Name</label>
        <input type='text' id='input_eins' name='name' />
    <label for='input_user'>E-Mail</label>
        <input type='text' id='input_user' name='user' />
    <label for='ta_text'>Comment</label>
        <textarea name='text'></textarea>
    <label for='input_spamKey'>spamKey</label>
        <input type='text' id='input_spamKey' name='spamKey' />
    <input type='submit' value='Senden'>
</form>

script.js (using jQuery)

var spamKey = false;
$("#formOne > input").focus(function() {
         if(spamKey == false) {
        dataString = "action=getSpamKey";
        $.ajax({
            url: 'asyncresponse.php',
            data: dataString,
            type: "POST",
            success: function(data) {
                $("#input_spamKey").val(data);
                if(data != "") {
                    spamKey = true;
                }
              }
        });
    }
});

asyncresponse.php (Info: The POST-Variables are sanitized)

if($_POST["action"] == "getSpamKey") {
    $spamKey = md5(time().microtime());
    $_SESSION["spamKey"] = $spamKey;
    echo $spamKey;
}

check routine in PHP

($_SESSION["spamKey"] == $_POST["spamKey"] && !empty($_SESSION["spamKey"]))

Okay – whats my question?

Which steps you would suggest me to protect multiple forms? And probably a basic question – is this a valid solution to deal with the spam issue?

Thanks for your help in advance.

A simple demo you can find here:
http://godesign.ch/labor/antispam/index.php

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Captcha used to be an effective method of preventing spam. It is now broken because it was widely implemented, creating an economic incentive to break it (google “captcha broken”).

    I have seen this method be effective in projects. You risk that someone, at some point, will be motivated to break it. Correctly implemented, I believe it provides reasonable protection against spam at this point in time.

    • 0