Ask Question Forum:
Model Library:2025-02-08 Updated:A.I. model is online for auto reply question page
C
O
M
P
U
T
E
R
2
8
Show
#
ASK
RECENT
←
- Underline
- Bold
- Italic
- Indent
- Step
- Bullet
- Quote
- Cut
- Copy
- Paste
- Table
- Spelling
- Find & Replace
- Undo
- Redo
- Link
- Attach
- Clear
- Code
Below area will not be traslated by Google,you can input code or other languages
Hint:If find spelling error, You need to correct it,1 by 1 or ignore it (code area won't be checked).
X-position of the mouse cursor
Y-position of the mouse cursor
Y-position of the mouse cursor
Testcursor
caretPos
Attachment:===
Asked by ddantes
at 2024-07-21 01:36:13
ModifyPoint:500 Replies:5 POST_ID:829051USER_ID:11876
Topic:
JavaScript;;
I have a contact form with a submit button which is disabled by default. This is done to interfere with spambots which have abused the form. The button is enabled by javascript. This contact page is intended for mobile visitors, and it is loaded in a frameset. In order to assure that the contact form loads at the top of the page, and not at the level of a link embedded in the page from which it is loaded, there is onLoad code in the contact form. The onLoad code forces the contact form to scroll to the top when the page is loaded. However, there is a dilemma. The javascript which enables the submit button somehow interferes with the onLoad code, such that the page does not scroll to the top when loaded. However, without that javascript, the submit button is disabled. I'm looking for a method of enabling the submit button without conflicting with the onLoad code. I've simplified the contact form, rendering only the essential elements of it in the snippet. The actual contact form is at www.mauitradewinds.com/RezEasy/mobile/rez_m-contact.html
<!doctype html><html><head></head><body onLoad="window.parent.parent.scrollTo(0,0)"><button type="submit" id="submit" disabled>Submit Form</button><script> function load() { document.getElementById('submit').disabled = false; //alert("load event detected!"); } window.onload = load; </script></body></html> 1:2:3:4:5:6:7:8:9:10:11:12:13:14:15:
Author: ddantes replied at 2024-07-21 10:50:10
Thank you. I'll change the text field to "name". I've posted a new question about applying a timer. http://www.experts-exchange.com/Programming/Languages/Scripting/PHP/Q_28480522.html
Expert: Tom Beck replied at 2024-07-21 10:40:19
"How" would not be a good choice for a field name for a "honeypot" if you are trying to trap a spambot. Just call it "Name" and the spambot will fill in a fake name.
A sophisticated spambot can do a form submit at the DOM level or do a POST transaction of it's own on the form fields. It reads the field names and the form action from the source.
To capture a form submit you can use jQuery like this;
$( "#myform" ).submit(function( event ) {
alert( "Handler for .submit() called." );
event.preventDefault(); //prevent the form submission until you check the timer
});
This will be invoked whether the form is submitted via a button press or by way of scripting. Won't work if the spambot is initiating a POST of it's own.
Your using PHP. This site suggests a form token.
http://community.developer.authorize.net/t5/The-Authorize-Net-Developer-Blog/Handling-Online-Payments-Part-7-Preventing-Automated-Form/ba-p/11778
A sophisticated spambot can do a form submit at the DOM level or do a POST transaction of it's own on the form fields. It reads the field names and the form action from the source.
To capture a form submit you can use jQuery like this;
$( "#myform" ).submit(function( event ) {
alert( "Handler for .submit() called." );
event.preventDefault(); //prevent the form submission until you check the timer
});
This will be invoked whether the form is submitted via a button press or by way of scripting. Won't work if the spambot is initiating a POST of it's own.
Your using PHP. This site suggests a form token.
http://community.developer.authorize.net/t5/The-Authorize-Net-Developer-Blog/Handling-Online-Payments-Part-7-Preventing-Automated-Form/ba-p/11778
Author: ddantes replied at 2024-07-21 10:13:11
Thank you both for your comments. Tom: I do have an invisible text field, which is checked in validation. The PHP exits if that field is not blank. The text field is named "how", and it is preceded with the question: "How did you learn about Maui Tradewinds?"
In a previous question about captcha methods, an Expert suggested that I use an auxiliary method, namely, disabling the submit button unless the visitor uses javascript, because most bots don't use javascript. Now, understanding that bots usually don't load a form in a browser, I'm not so interested in disabling the Submit button.
I very much like your suggestion about canceling a form which is submitted before a predetermined number of seconds. Are you able to supply code for that? If I should start a new question about this, let me know. Here is the present PHP code...
In a previous question about captcha methods, an Expert suggested that I use an auxiliary method, namely, disabling the submit button unless the visitor uses javascript, because most bots don't use javascript. Now, understanding that bots usually don't load a form in a browser, I'm not so interested in disabling the Submit button.
I very much like your suggestion about canceling a form which is submitted before a predetermined number of seconds. Are you able to supply code for that? If I should start a new question about this, let me know. Here is the present PHP code...
<?phpif($_POST['how'] != '') { //show thankyou page and exit. header("Location: m_reply.html"); /* Redirect to thankyou page */ exit; }$errors = '';$myemail = 'stay@mauitradewinds.com';//<-----Put Your email address here.if(empty($_POST['firstname']) || empty($_POST['lastname']) || empty($_POST['email']) || empty($_POST['message'])){ $errors .= " Error: At a minimum, we need your name, Email address and message in order to transmit your form.";}else{ $firstname = array_key_exists('firstname',$_POST) ? $_POST['firstname']:''; $lastname = array_key_exists('lastname',$_POST) ? $_POST['lastname']:''; $Address = array_key_exists('Address',$_POST) ? $_POST['Address']:''; $City = array_key_exists('City',$_POST) ? $_POST['City']:''; $State = array_key_exists('State',$_POST) ? $_POST['State']:''; $Zip = array_key_exists('Zip',$_POST) ? $_POST['Zip']:''; $Country = array_key_exists('Country',$_POST) ? $_POST['Country']:''; $Phone = array_key_exists('Phone',$_POST) ? $_POST['Phone']:''; $email_address = array_key_exists('email',$_POST) ? $_POST['email']:''; $message = array_key_exists('message',$_POST) ? $_POST['message']:''; if (!preg_match( '/^[_a-z0-9-]+(.[_a-z0-9-]+)*@[a-z0-9-]+(.[a-z0-9-]+)*(.[a-z]{2,3})$/i', $email_address)) { $errors .= " Error: Invalid email address"; }}if( empty($errors)){ $to = $myemail; $email_subject = "m_Rez-contact form"; $email_body = "You have received a contact form from m_RezEasy. ". " Here are the details: First Name: $firstname Last Name: $lastname Address: $Address City: $City State: $State Zip: $Zip Country: $Country Phone: $Phone Email: $email_address Message: $message"; $headers = "From: $myemail"; $headers .= "Reply-To: $email_address"; mail($to,$email_subject,$email_body,$headers); //redirect to the 'thank you' page header('Location: m_reply.html'); exit;//You should always "exit" immediately after a redirection request}?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head> <title>Contact form handler</title></head><body><!-- This page is displayed only if there is some error --><?phpecho nl2br($errors);?></body></html> 1:2:3:4:5:6:7:8:9:10:11:12:13:14:15:16:17:18:19:20:21:22:23:24:25:26:27:28:29:30:31:32:33:34:35:36:37:38:39:40:41:42:43:44:45:46:47:48:49:50:51:52:53:54:55:56:57:58:59:60:61:62:63:64:65:
Accepted Solution
Expert: Tom Beck replied at 2024-07-21 04:35:04
500 points EXCELLENT
A spambot doesn't need a submit button at all to submit a form so disabling it is pointless. Plus, you are disabling and re-enabling on the same page in the onLoad event.
There are a few other methods that work better (though not perfectly). I assume you don't want to use a CAPTCHA method.
1.) Insert a text box and label set to visibility:hidden and leave it blank. Label it something normal like First Name. Test that that field is blank in validation. Spambots tend to fill in every field to get past the validators.
2.) Use javascript to capture and cancel any submitting of the form before a predetermined number of seconds has passed, say 15 seconds. Humans take much longer to fill out forms than spambots. If it's filled out too quickly, it's a spambot.
3.) Require the user to delete text from a field before clicking submit. "Delete this text before submitting the form." Check that that field is blank in validation. Again, spambots tend to fill in every field.
There are a few other methods that work better (though not perfectly). I assume you don't want to use a CAPTCHA method.
1.) Insert a text box and label set to visibility:hidden and leave it blank. Label it something normal like First Name. Test that that field is blank in validation. Spambots tend to fill in every field to get past the validators.
2.) Use javascript to capture and cancel any submitting of the form before a predetermined number of seconds has passed, say 15 seconds. Humans take much longer to fill out forms than spambots. If it's filled out too quickly, it's a spambot.
3.) Require the user to delete text from a field before clicking submit. "Delete this text before submitting the form." Check that that field is blank in validation. Again, spambots tend to fill in every field.
Expert: duncanb7 replied at 2024-07-21 01:51:26
Could you this code putting load() on body onload ?
Duncan
Duncan
<!doctype html><html><head></head><body onLoad="javascript:load();"><button type="submit" id="submit" disabled>Submit Form</button><script> function load() { document.getElementById('submit').disabled = false; //alert("load event detected!"); } ' window.onload = load; </script></body></html> 1:2:3:4:5:6:7:8:9:10:11:12:13:14:15:
