javascript - Check the security of form. -


my account suspended because of spam several times , host provider told me check website security. may forms not secured enough. think form can used send spam?

here code:

<script type="text/javascript"> $(document).ready(function () {     $('#form').ajaxform({         beforesubmit: validate     });      function validate(formdata, jqform, options) {         var name = $('input[name=name]').fieldvalue();         var email = $('input[name=email]').fieldvalue();         var company = $('input[name=company]').fieldvalue();         var location = $('input[name=location]').fieldvalue();         var phone = $('input[name=phone]').fieldvalue();         var message = $('textarea[name=message]').fieldvalue();          if (!name[0]) {             alert('please enter name');             return false;         }         if (!company[0]) {             alert('please enter name of organization');             return false;         }         if (!email[0]) {             alert('please enter e-mail address');             return false;         }         if (!phone[0]) {             alert('please enter phone number');             return false;         }         if (!location[0]) {             alert('please enter location');             return false;         }         if (!message[0]) {             alert('please enter message');             return false;         }          else {          $("#form").fadeout(1000, function () {             $(this).html("<img src='note.png' style='position: relative;margin: 0 auto;width: 500px;left: 20px;top: 30px;'/>").fadein(2000);         });          var message = $('textarea[name=message]').val('');         var name = $('input[name=name]').val('');         var email = $('input[name=email]').val('');         var phone = $('input[name=phone]').val('');         var company = $('input[name=company]').val('');         var location = $('input[name=location]').val('');              }      }  });  </script>

html:

<form id="form" method="post" name="form" action="send.php">  <input id="name" type="text" name="name"/>  <input id="company" type="text" name="company"/>  <input id="email" type="text" name="email"/>  <input id="phone" type="text" name="phone"/>  <input id="location" type="text" name="location"/>  <textarea name="message" id="message" rows="10"></textarea>  <input class="submit" type="submit" value="send" name="submit"></input>  </form>

php:

<?php         if($_post){                 $email = $_post['email'];                 $name = $_post ['name'];                 $company = $_post ['company'];                 $phone = $_post ['phone'];                 $location = $_post ['location'];                 $message = $_post ['message'];                  // response hash                 $ajaxresponse = array('type'=>'', 'message'=>'');                  try {                         // sort of data validations, simple example below                         $all_fields = array('name', 'email', 'message');                         filter_var($email, filter_validate_email);                          foreach($all_fields $field){                                 if(empty($_post[$field])){                                         throw new exception('required field "'.ucfirst($field).'" missing input.');                                 }                         }                          // ok, if field validations ok                         // send email, ect.                          // let's assume ok, setup successful response                         $subject = "someone has contacted you";                         //get todays date                         $todayis = date("l, f j, y, g:i a") ;                          $message = " $todayis \n                         attention: \n\n                         please see message below: \n\n                         email address: $email \n\n                         organization: $company \n\n                         phone: $phone \n\n                         location: $location \n\n                         name: $name \n\n                         message: $message \n\n                          ";                          $from = "from: $email\r\n";                           //put email address here                         mail("...@yahoo.com", $subject, $message, $from);                          //prep json response                         $ajaxresponse['type'] = 'success';                         $ajaxresponse['message'] = 'thank you! in touch soon';                   } catch(exception $e){                         $ajaxresponse['type'] = 'error';                         $ajaxresponse['message'] = $e->getmessage();                 }                 // ready turn hash json                 print json_encode($ajaxresponse);                 exit;         } ?>

many thanks!

your form not safe against bots, because dont got captcha or something.

2 options you:

  1. captcha

captcha -> got fill in -> know this!:)

https://www.google.com/recaptcha

  1. honeypot

honeypot means, adding hidden fields in form. , if hidden fields have changed - know bot has entered content in form. aswell, better captchas, because user doesnt has fill in captcha

i prefer honeypot, because don't forms, have fill in captcha once or twice, when failed or captcha wasnt readable.

http://haacked.com/archive/2007/09/11/honeypot-captcha.aspx/


Comments

Post a Comment

Popular posts from this blog

apache - Remove .php and add trailing slash in url using htaccess not loading css -

i have add following code htaccess file removing .php extension , add trailing slash urls. worked fine reduced page loading speed , css code not loading @ all. pages ugly. please help rewriteengine on rewritebase / ## hide .php extension snippet # externally redirect /dir/foo.php /dir/foo rewritecond %{the_request} ^[a-z]{3,}\s([^.]+)\.php [nc] rewriterule ^ %1/ [r,l] # add trailing slash rewritecond %{request_filename} !-f rewritecond %{request_uri} !/$ rewriterule . %{request_uri}/ [l,r=301] # internally forward /dir/foo /dir/foo.php rewritecond %{request_filename} !-d rewritecond %{request_filename}.php -f rewriterule ^(.*?)/?$ $1.php [l] we can rewrite urls using .htaccess files. before writing in .htaccess files need verify kind of server using. can check server adding a <?php phpinfo(); ?> in php page. ensure mod_rewrite module enabled in apache server. can identified checking phpinfo included page. common methods used url rewriting follows ...
Read more

javascript - jQuery show full size image on click -

pretty self explanatory not workking . i want display full image when user click on image... yes know there tons of plugins but i want keep simple. any idea ? css : .full { display: none; width: 500px; height: 500px; margin-left: 100px; margin-top: -300px; position: fixed; background-color: #f00; z-index: 6; } .thumbnail { width: 50px; height: 50px; } html: <img class="thumbnail" src="http://4.bp.blogspot.com/-uhbdp2esxng/txneptvi92i/aaaaaaaaaky/upfqis7zto0/s1600/rihanna-wallpaper.jpg"> jquery: $(document).ready(function() { $('.thumbnail').on('click', function() { var img = $('<img />',{src:this.src,'class':'full'}); $('.full').html(img).show(); console.log('done!'); }); }); try looking how jquery works. $(document).ready(function() { $('.thumbnail').on('click', function(...
Read more