Forums

Hi,

in my installation I get a lot of spam from China and Ukraine.
Strange thing is, that at least one required field seems not to be filled (email). It has required=yes and email=yes.

Anyway, as there seem to be only a few different IPs, I wanted to block them with this code:

<?php
$banned_ips = array(
  '111.111.111.111',
  '999.999.999.999'
);
$ip_address = JRequest::getString( 'REMOTE_ADDR', '', 'server' );
if ( in_array($ip_address, $banned_ips) ) {
  $mainframe->redirect('index.php');
}
?> 

But after safing the custom code action, there will be some backslashas added:

<?php
$banned_ips = array(
  \'111.111.111.111\',
  \'999.999.999.999\'
);
$ip_address = JRequest::getString( \'REMOTE_ADDR\', \'\', \'server\' );
if ( in_array($ip_address, $banned_ips) ) {
  $mainframe->redirect(\'index.php\');
}
?> 

And it doesn't work.

So I have a few questions:
I think a php-setting causes the backslashes. Any idea which one?
2. Is there a simple possibility to add a hidden field in V5? A honeypot which blocks submitting if filled.
3. Is there a possibility to block form-submittion within the first 5 seconds after loading? I know this option from "EasyCalcCheck Plus". It seems to be really helpful, but ecc+ doesn't support Chronoforms.

Any other ideas? I would like to avoid using a captcha....🙂

Thanks in advance,
Viktor

Hi Max,

thanks for your answer. I'll get in touch with you!

Magic quotes setting was the reason as you said!

Server validation means I have to use php like it's described here?
How do I use Custom Serverside validation?
I'm asking in case it was changed in V5 🙄

Thanks for your help!
Viktor

Hi Viktor,

In v5 there is "Server validation", which is the "auto server sever side validation" in v4, and there is the "Event switcher", you should just use the "server validation" to validate the email field for example.

Regards,
Max

Hi Max,
thanks for your answers and the honeypot action!

Now sorry for asking, but should I use the load honeypot action in the onload area? Before the load HTML? 🙄
I don't know how to check if it's working, so that's why I'm asking to make it all correct.

And another question: I've seem in the server validation action there is also a NOT NULL check. This one combined with a hidden field (which is present in designer), does not have the same effect right?

Thanks,
Viktor

Hi,

OK it seems to work as expected.

It works with the time. If the form is submittet too fast, an error occurs. That's great!
:)

Just to be sure I got you right: The honeypot action offers the feature that submitting works only after x seconds. And it also installs a hidden field which shall be empty in order to procceed successfully. Right?

Thanks,
Viktor

Hi Viktor,

It mainly adds the security token field, and checks it on submit, that token would not be present if the form is submitted directly, you can also choose to add the token "dynamically", which forces the users to have javascript enabled.

Regards,
Max