Search

Hi Everyone,

I’m having some trouble with a form that I want to make “Spam proof”. The form I creating is just a basic form with event and it work’s fine. But now I implemented a hidden field to check if the person submitting the form is a spambot or not.

For this check I use this JavaScript:

function checkSpambot() {

 var valid = true;
 var error_string = "";

 /* validate the hidden field */
  if (window.document.newsletter.spamField.value.length > 0) {
  error_string = "You are a spambot.n";
  valid = false;  
 }

    if (valid == false) {
        alert (error_string);
 } else {
  document.newsletter.submit()
 }
}

This is my markup for the form:

<xsl:if test="data/events/newsletter/@result = 'error'">
    <p class="errors-newsletter">Failed</p>
</xsl:if>
<xsl:if test="data/events/newsletter/@result = 'success'">
    <p class="success-newsletter">Succes!</p>
</xsl:if>

<form id="newsletter" name="newsletter" method="post" action="" enctype="multipart/form-data">
    <input type="hidden" name="MAX_FILE_SIZE" value="5242880" />
    <!-- this is the spambot field -->
    <input type="text" name="spamField" value="" class="spam-field" /> 
     <table>
            <tr>
              <td></td>
              <td>Join Our Newsletter:</td>
            </tr>
            <tr>
               <td><label for="name">Name:</label></td>
               <td><input type="text"
                           id="name" name="fields[name]"
                           value="{events/newsletter/post-values/name}"  />
               </td>
            </tr>
            <tr>
               <td><label for="e-mail">Email:</label></td>
               <td><input type="text"
                           id="e-mail" name="fields[e-mail]"
                           value="{events/newsletter/post-values/e-mail}"  />
               </td>
            </tr>
      </table>
         <input class="send-newsletter"
                type="button"
                onClick="checkSpambot()"
                name="action[newsletter]" value="" />
</form>

Now the problem is: In my JS function, at the end I say: ‘if everything is o.k, submit the form’. But the button to submit needs the name=”action[newsletter]” to run the function done by Symphony. So the alert message work’s, and if everything is alright the form is being submitted but nothing is being parsed to xml.

How can I submit this form so that it passes trough to xml and content?

Thanks

Have you tried using onsubmit on the form instead? When the form is submitted, pause the submit, do the check, if valid, submit the form, if not, show errors.

There’s another active thread at the moment which might be useful: Best Spam Preventor

@designermonkey Yeah that’s what I do now right? I check ‘newsletter’ which is the name of my form. If there are errors, show them, if not submit form. But the form that is submitted then, is not well processed to XML and content. I think it has something to do with the name=”action[newsletter]” on the button. When I use type=”submit” if work’s but after the js check, the form is submitted anyway….

No, it’s not. You’re using onclick on the submit button. I mean to use onsubmit on the form element. If you have your JS return true if everything validates or false (with an error message) when it fails, if it is false, the form will not submit.

<form id="newsletter" name="newsletter" method="post" action="" enctype="multipart/form-data" onsubmit="return checkSpambot();">
    <input type="hidden" name="MAX_FILE_SIZE" value="5242880" />
    <!-- this is the spambot field -->
    <input type="text" name="spamField" value="" class="spam-field" /> 
        <table>
            <tr>
              <td></td>
              <td>Join Our Newsletter:</td>
            </tr>
            <tr>
               <td><label for="name">Name:</label></td>
               <td><input type="text" id="name" name="fields[name]" value="{events/newsletter/post-values/name}"  />
               </td>
            </tr>
            <tr>
               <td><label for="e-mail">Email:</label></td>
               <td><input type="text" id="e-mail" name="fields[e-mail]" value="{events/newsletter/post-values/e-mail}"  />
               </td>
            </tr>
        </table>
    <input class="send-newsletter" type="button" name="action[newsletter]" value="" />
</form>

Using

function checkSpambot() {
    /* validate the hidden field */
    if (document.newsletter.spamField.value.length > 0) {
        alert("You are a spambot.n");
            return false;
    }else{
        return true;
    }
}

It simplifies your code a little.

I’ve just re-read your html…

You have an <input type="button" />, this should be either <input type="submit" /> or <button type="submit" />. The way you have it set up is that there is no submit button present in the form.

Most spambots will not have javascript support. So it doesn’t really make sense to have the validation in the javascript..

It would be a better idea to only check in the php, and remove the javascript. Also, it is generally a good idea to name the “spam” field “email”, and hide it using css (some bots are smart enough not to fill in any hidden forms, but none will have css engines in place).

Hope that helped.

Thanks guys, I’m going to find it out now.

Create an account or sign in to comment.

Symphony • Open Source XSLT CMS

Server Requirements

  • PHP 5.3-5.6 or 7.0-7.3
  • PHP's LibXML module, with the XSLT extension enabled (--with-xsl)
  • MySQL 5.5 or above
  • An Apache or Litespeed webserver
  • Apache's mod_rewrite module or equivalent

Compatible Hosts

Sign in

Login details