Protect Guest Book from evil SPAM

How do you all suggest I protect my guest book from Spam.  I am getting eat up with it lately.  I don't want to buy a service, I want to build it myself.  Any help/suggestions would be greatly appreciated....

[Join us @ facebook]

You can add an image verification, and also add a bad word lexicon too.

[Free WordPress Themes]

you can create a form like in this tutorial:

http://www.finalwebsites.com/tutorials/php_ajax_contact_form.php

(of course you need to safe the data to the database)

I already have the form.  I need to protect it....

How do I do image verification?  And bad word lexicon? 

Can you direct me to a good tutorial?

Thanks.

[Free WordPress Themes]

I already have the form.  I need to protect it....

How do I do image verification?  And bad word lexicon? 

Can you direct me to a good tutorial?

Thanks.

do you tried google?

I just did, and I found something.  I am working on it right now.  The only thing is it doesn't explain where in the code I am suppose to place the verification code.  Should it go by my guest book or should it go above the header?

If it should go in the guest book, where should it go so it will show up in the correct spot?

Here is what I have now....

Code:

<?php
// include the database configuration and
// open connection to database
include 'config.php';
include 'opendb.php';

// check if the form is submitted
if(isset($_POST['btnSign']))
{
    // get the input from $_POST variable
    // trim all input to remove extra spaces
    $name    = trim($_POST['txtName']);
    $email   = trim($_POST['txtEmail']);
    $url     = trim($_POST['txtUrl']);
    $message = trim($_POST['mtxMessage']);
    
    // escape the message ( if it's not already escaped )
    if(!get_magic_quotes_gpc())
    {
        $name    = addslashes($name);
        $message = addslashes($message);
    }
    
    // if the visitor do not enter the url
    // set $url to an empty string
    if ($url == 'http://')
    {
        $url = '';
    }
    
    // prepare the query string
    $query = "INSERT INTO guestbook (name, email, url, message, entry_date) " .
             "VALUES ('$name', '$email', '$url', '$message', current_date)";

    // execute the query to insert the input to database
    // if query fail the script will terminate         
    mysql_query($query) or die('Error, query failed. ' . mysql_error());
    
    // redirect to current page so if we click the refresh button 
    // the form won't be resubmitted ( as that would make duplicate entries )
    header('Location: ' . $_SERVER['REQUEST_URI']);
    
    // force to quite the script. if we don't call exit the script may
    // continue before the page is redirected
    exit;
}
?><?php
// we must never forget to start the session
session_start();

$errorMessage = '';
   // first check if the number submitted is correct
   $number = $_POST['txtNumber'];

   if (md5($number) == $_SESSION['image_random_value']) {
      include 'config.php';
      include 'opendb.php';

         // remove the random value from session
         $_SESSION['image_random_value'] = '';


      include 'closedb.php';
   } else {
      $errorMessage = 'Sorry, wrong number. Please try again';
   }
?><?php
session_start();

// make a string with all the characters that we 
// want to use as the verification code
$alphanum  = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";

// generate the verication code 
$rand = substr(str_shuffle($alphanum), 0, 5);

// choose one of four background images
$bgNum = rand(1, 4);

// create an image object using the chosen background
$image = imagecreatefromjpeg("background$bgNum.jpg");

$textColor = imagecolorallocate ($image, 0, 0, 0); 

// write the code on the background image
imagestring ($image, 5, 5, 8,  $rand, $textColor); 


// create the hash for the verification code
// and put it in the session
$_SESSION['image_random_value'] = md5($rand);

// send several headers to make sure the image is not cached
// taken directly from the PHP Manual

// Date in the past 
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); 

// always modified 
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); 

// HTTP/1.1 
header("Cache-Control: no-store, no-cache, must-revalidate"); 
header("Cache-Control: post-check=0, pre-check=0", false); 

// HTTP/1.0 
header("Pragma: no-cache"); 


// send the content type header so the image is displayed properly
header('Content-type: SOURCEIMAGES/jpeg');

// send the image to the browser
imagejpeg($image);

// destroy the image to free up the memory
imagedestroy($image);
?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<h1>Please Sign Our Guest book</h1>
<script language="JavaScript">
/*
    This function is called when
    the 'Sign Guestbook' button is pressed
    Output : true if all input are correct, false otherwise
*/
function checkForm()
{
    // the variables below are assigned to each
    // form input
    var gname, gemail, gurl, gmessage;
    with(window.document.guestform)
    {
        gname    = txtName;
        gemail   = txtEmail;
        gurl     = txtUrl;
        gmessage = mtxMessage;
    }
   
    // if name is empty alert the visitor
    if(trim(gname.value) == '')
    {
        alert('Please enter your name');
        gname.focus();
        return false;
    }
    // alert the visitor if email is empty or the format is not correct
    else if(trim(gemail.value) != '' && !isEmail(trim(gemail.value)))
    {
        alert('Please enter a valid email address or leave it blank');
        gemail.focus();
        return false;
    }
    // alert the visitor if message is empty
    else if(trim(gmessage.value) == '')
    {
        alert('Please enter your message');
        gmessage.focus();
        return false;
    }
    else
    {
        // when all input are correct
        // return true so the form will submit       
        return true;
    }
}

/*
Strip whitespace from the beginning and end of a string
Input  : a string
Output : the trimmed string
*/
function trim(str)
{
    return str.replace(/^\s+|\s+$/g,'');
}

/*
Check if a string is in valid email format.
Input  : the string to check
Output : true if the string is a valid email address, false otherwise.
*/
function isEmail(str)
{
    var regex = /^[-_.a-z0-9]+@(([-a-z0-9]+\.)+(ad|ae|aero|af|ag|ai|al|am|an|ao|aq|ar|arpa|as|at|au|aw|az|ba|bb|bd|be|bf|bg|bh|bi|biz|bj|bm|bn|bo|br|bs|bt|bv|bw|by|bz|ca|cc|cd|cf|cg|ch|ci|ck|cl|cm|cn|co|com|coop|cr|cs|cu|cv|cx|cy|cz|de|dj|dk|dm|do|dz|ec|edu|ee|eg|eh|er|es|et|eu|fi|fj|fk|fm|fo|fr|ga|gb|gd|ge|gf|gh|gi|gl|gm|gn|gov|gp|gq|gr|gs|gt|gu|gw|gy|hk|hm|hn|hr|ht|hu|id|ie|il|in|info|int|io|iq|ir|is|it|jm|jo|jp|ke|kg|kh|ki|km|kn|kp|kr|kw|ky|kz|la|lb|lc|li|lk|lr|ls|lt|lu|lv|ly|ma|mc|md|mg|mh|mil|mk|ml|mm|mn|mo|mp|mq|mr|ms|mt|mu|museum|mv|mw|mx|my|mz|na|name|nc|ne|net|nf|ng|ni|nl|no|np|nr|nt|nu|nz|om|org|pa|pe|pf|pg|ph|pk|pl|pm|pn|pr|pro|ps|pt|pw|py|qa|re|ro|ru|rw|sa|sb|sc|sd|se|sg|sh|si|sj|sk|sl|sm|sn|so|sr|st|su|sv|sy|sz|tc|td|tf|tg|th|tj|tk|tm|tn|to|tp|tr|tt|tv|tw|tz|ua|ug|uk|um|us|uy|uz|va|vc|ve|vg|vi|vn|vu|wf|ws|ye|yt|yu|za|zm|zw)|(([0-9][0-9]?|[0-1][0-9][0-9]|[2][0-4][0-9]|[2][5][0-5])\.){3}([0-9][0-9]?|[0-1][0-9][0-9]|[2][0-4][0-9]|[2][5][0-5]))$/i;
    return regex.test(str);
}
</script>
<form method="post" name="guestform">
<table width="90%" border="0" cellpadding="2" cellspacing="1">
  <tr>
   <td width="90%">Name *</td> <td>
    <input name="txtName" type="text" id="txtName" size="30" maxlength="30"></td>
</tr>
  <tr>
   <td width="90%">Email</td>
   <td>
    <input name="txtEmail" type="text" id="txtEmail" size="30" maxlength="50"></td>
</tr>
  <tr>
   <td width="90%">Web site URL</td>
   <td>
    <input name="txtUrl" type="text" id="txtUrl" value="http://" size="30" maxlength="50"></td>
</tr>
  <tr>
   <td width="50%">Message *</td> <td>
    <textarea name="mtxMessage" cols="60" rows="8" id="mtxMessage"></textarea></td>
</tr>
<tr>
<td width="150">Enter Number</td>
<td><input name="txtNumber" type="text" id="txtNumber" value="">
&nbsp;&nbsp;<img src="randomImage.php"></td>
</tr>
  <tr>
   <td width="90%">&nbsp;</td>
   <td>
    <input name="btnSign" type="submit" id="btnSign" value="Sign Guestbook" onClick="return checkForm();"></td>
</tr>
</table>
</form>
<br>
<br>
<div class="newsArticle"  >
  <div id="entriesHeader" class="headerText" onMouseDown="hideThisNews( 'entriesHolder', 'entriesHeader' );">See who has signed our guest book</div>
  <div id="entriesHolder" class="newsHolder">
<?php


// =======================
// Show guestbook entries
// =======================

// how many guestbook entries to show per page
$rowsPerPage = 100;

// by default we show first page
$pageNum = 1;

// if $_GET['page'] defined, use the value as page number
if(isset($_GET['page']))
{
    $pageNum = $_GET['page'];
}

// counting the offset ( where to start fetching the entries )
$offset = ($pageNum - 1) * $rowsPerPage;

// prepare the query string
$query = "SELECT id, name, email, url, message, DATE_FORMAT(entry_date, '%d.%m.%Y') ".
         "FROM guestbook ".
         "ORDER BY id DESC ".            // using ORDER BY to show the most current entry first
         "LIMIT $offset, $rowsPerPage";  // LIMIT is the core of paging

// execute the query 
$result = mysql_query($query) or die('Error, query failed. ' . mysql_error());

// if the guestbook is empty show a message
if(mysql_num_rows($result) == 0)
{
?>
<p><br>
<br>
Guest book is empty </p>
<?php
}
else
{
    // get all guestbook entries
    while($row = mysql_fetch_array($result))
    {
        // list() is a convenient way of assign a list of variables
        // from an array values 
        list($id, $name, $email, $url, $message, $date) = $row;

        // change all HTML special characters,
        // to prevent some nasty code injection
        $name    = htmlspecialchars($name);
        $message = htmlspecialchars($message);        

        // convert newline characters ( \n OR \r OR both ) to HTML break tag ( <br> )
        $message = nl2br($message);
?>
<table width="100%" border="0" cellpadding="2" cellspacing="0">
<tr>
  <td width="100%" align="left"> <a href="mailto:<?=$email;?>" class="email">
   <?=$name;?>
   </a> </td>
  <td align="right"><small>
   <?=$date;?>
   </small></td>
</tr>
<tr>
  <td colspan="2">
   <?=$message;?>
   <?php
           // if the visitor input her homepage url show it
        if($url != '')
        {   
            // make the url clickable by formatting it as HTML link
            $url = "<a href='$url' target='_blank'>$url</a>";
?>
   <br> <small>Homepage : <?=$url;?></small>
   <?php
        }
?>
  </td>
</tr>
</table>
<br>
<?php
    } // end while

// below is the code needed to show page numbers

// count how many rows we have in database
$query   = "SELECT COUNT(id) AS numrows FROM guestbook";
$result  = mysql_query($query) or die('Error, query failed. ' . mysql_error());
$row     = mysql_fetch_array($result, MYSQL_ASSOC);
$numrows = $row['numrows'];

// how many pages we have when using paging?
$maxPage  = ceil($numrows/$rowsPerPage);
$nextLink = '';

// show the link to more pages ONLY IF there are 
// more than one page
if($maxPage > 1)
{
    // this page's path
    $self     = $_SERVER['PHP_SELF'];
    
    // we save each link in this array
    $nextLink = array();
    
    // create the link to browse from page 1 to page $maxPage
    for($page = 1; $page <= $maxPage; $page++)
    {
        $nextLink[] =  "<a href=\"$self?page=$page\">$page</a>";
    }
    
    // join all the link using implode() 
    $nextLink = "Go to page : " . implode(' &raquo; ', $nextLink);
}

// close the database connection since
// we no longer need it
include 'closedb.php';

?>
<table width="550" border="0" cellpadding="2" cellspacing="0">
<tr>
  <td align="right" class="text">
   <?=$nextLink;?>
  </td>
</tr>
</table>
<?php
}
?>
</div>
</body>
</html>

there is other stuff on this page, but I think I got all of the guest book stuff....

It's not really working right now, if you want to see it email me & I will send you the link....

[Join us @ facebook]

That's a lot of code, and I guess none is going to read it.....

As you have problems with this, why don't you use a hosted guestbook? They can protect you better.

BTW note that smart bots can even bypass image verifications.

What would you suggest I do, besides use a hosted guest book?  I really want to do this myself, but I just need to know how do something....  As of right now I am just deleting spam entries about every day....

[Free WordPress Themes]

I really want to do this myself, but I just need to know how do something.... 

doesn't look like...

[Just Visit...]

search for "CAPTCHA"...

[Guest]

[36.904]

Yahoo crawler, Googlebot, Msnbot, Nikolas