We have a custom registration form on our wordpress website. we are using google recaptcha and input Human question field to stop spam registrations but still the spam registrations won't stop.
Could anyone suggest what exactly needs to be done?
The Registration form code is as follows.
The JS code has 2 functions one for Recaptcha and another for Validate the "Question field".
The register submit button is by default disabled and gets enabled only when the recaptcha call backs the function.
function recaptchaCallback() {
$('#submitBtn').removeAttr('disabled');
}
function validateForm() {
var a = document.forms["registerform"]["question"].value;
var b = document.forms["registerform"]["user_login"].value;
var c = document.forms["registerform"]["user_email"].value;
if (a == null || a != "5") {
alert("Bitte fülle alle Felder richtig aus");
return false;
}
}
<script src="https://www.google.com/recaptcha/api.js"></script>
<form name="registerform" onsubmit="return validateForm()" method="post">
<div class="form-group">
<label style="font-size:18px;">Register</label>
</div>
<div class="input-group input-group-md">
<span class="input-group-addon"><span class="glyphicon glyphicon-user"></span></span>
<input type="text" name="user_login" class=" form-control" placeholder="Username">
</div>
<br>
<div class="input-group input-group-md">
<span class="input-group-addon"><span class="glyphicon glyphicon-envelope"></span></span>
<input type="email" name="user_email" class="form-control" placeholder="E-Mail">
</div>
<br>
<input type="hidden" name="redirect_to" value="Redirect_URL">
<div class="input-group input-group-md">
<span class="input-group-addon"><span class="glyphicon glyphicon-question-sign"></span></span>
<input type="number" name="question" class="form-control" placeholder="2+3 = ?">
</div>
<br>
<div id="captcha" class="form-group">
<div class="g-recaptcha" data-sitekey="6LdOGg4TAAAAAJsTt_ZGoK67cyF277uIYwWRxJPW" data-callback="recaptchaCallback"></div>
</div>
<div id="pass-info" class="clearfix"></div>
<button class="btn_full" id="submitBtn" disabled>Register</button>
</form>
The whole thing works fine, Recaptcha and Human question field. When we manually test registerform, we can't register without accepting the Recaptcha and inserting exactly the value to process the form.
But this is not preventing automatic spam bots which registers on our site.
Is there any other way through which these spam bots are registering ?
Also we disabled "MEMBERS CAN REGISTER" in the admin dashboard.
Are we doing anything wrong?
Thanks in advance for the feedback and suggestions.
you need to do validate it in the backend, in the front end, validation can be bypassed.
store the ip address for each registration.dont allow registeration from the same ip within some period of time, but user can use some proxy tool which changes the ip address every second.
validate the email, foreach email send the validation email to registered email address, and if the user click on the activation click, activate the account, otherwise no.
You probably forgot the server-side part of recaptcha.
A robot should not be able to pass it multiple times,
See this complete tutorial from google : https://developers.google.com/recaptcha/intro
You must configure a key on the server, as explained, that is secret, and which google will send to you if the captcha is valid.
Related
I have a problem that I have not known since yesterday, I have searched on google still not found, hope someone knows the cause of this problem
I made a form like this:
<form action="{{ route('file') }}" method="post" enctype="multipart/form-data">
<div class="form-group">
<label>Name</label>
<input type="text" name="name" class="form-control">
<span class="help-block text-danger"></span>
</div>
<div class="form-group ">
<label>address</label>
<textarea type="text" name="address" class="form-control"></textarea>
<span class="help-block text-danger"></span>
</div>
<div class="form-group ">
<label>date</label>
<input type="text" name="date" class="date form-control"></input>
<span class="help-block text-danger"></span>
</div>
<div class="form-actions">
<button type="submit" class="btn btn-primary">Upload</button>
</div>
</form>
My problem is, when someone submits, someone can re-submit, which I want when someone submits he cannot submit it again until a certain time limit, for example 2 hours.but other people who have not submitted can still submit (this is like a google form questionnaire , and people no need to login)
please help me if you can solve this problem, thank you very much
I think you don't need to do any database work, but this is more dependent on your case.
However, to answer your question straight-forward, you could add the Illuminate\Routing\Middleware\ThrottleRequests on your file route.
Throttling is done at IP level, so I think it's exactly what you need: https://monosnap.com/file/PXayGqUwDI5C3kGwiwgFEFodT70nJd
// route is accessible from IP once every 120 seconds
Route::post('file')->name('file')->middleware('throttle:1,120');
By doing this, when the same IP tries to access the route again in those 120 seconds, he'll get a ThrottleRequestsException exception (which you can handle in your App\Exceptions\Handler class)
You can find the throttle middleware defined in your App\Http\Kernel.php file.
Here's the documentation for it: https://laravel.com/docs/7.x/routing#rate-limiting
I'm creating a new website for my company using mobirise. The mobirise templates come with predesigned email forms that were created using formoid. When a user uses the email form to send an email the information is sent to formoid and then formoid sends the information to me at my email address. All of the coding in the email form is behind the scenes, so I can't actually see what it's doing.
On one of my forms I need to have the page redirect to another page where users will be able to upload a file to my server using another script. I have contacted mobirise to ask them if they could tell me how to redirect after the user clicks the submit button, but they said I had to contact formoid. So far I haven't gotten a response back from formoid so I thought I would try to look for a solution on my own.
I have tried adding javascript code to the coding on the page, but as I said, most of the coding of the form is somewhere behind the scenes and I can't figure out exactly which coding is performing the form's submit action.
What I was hoping for is a suggestion about how I could add some additional JavaScript coding that would watch for the submit button in the form being clicked and then redirect the page. I'm not positive this is even possible, but I figured that if anyone would be helpful it would be the people who post solutions here. I'm rather new to JavaScript, so I'm not sure where to start and I don't want to experiment for hours and hours and get frustrated because nothing is working.
So, if anyone can give me an idea here I would greatly appreciate it. Below is the coding for the form in case it helps:
<div data-form-alert="true">
<div hidden="" data-form-alert-success="true" class="alert alert-form alert-success text-xs-center">Thanks for uploading your audio file!</div>
</div>
<form action="https://mobirise.com/" method="post" data-form-title="FTP Upload">
<input type="hidden" value="NTcF3QgiRzQHgm5xv+UnYlBBGPR27Q6NZwj5EPuecwUNxuL8vndMlaaoM2PpzlkXlNaFBrtr2mU+CfZxfef01mKMpaQkezUMhyWXZgieem0/pt/V/nU0iUetLNqsEpj7" data-form-email="true">
<div class="row row-sm-offset">
<div class="col-xs-12 col-md-4">
<div class="form-group">
<label class="form-control-label" for="form1-3o-name">Name<span class="form-asterisk">*</span></label>
<input type="text" class="form-control" name="name" required="" data-form-field="Name" id="form1-3o-name">
</div>
</div>
<div class="col-xs-12 col-md-4">
<div class="form-group">
<label class="form-control-label" for="form1-3o-email">Email<span class="form-asterisk">*</span></label>
<input type="email" class="form-control" name="email" required="" data-form-field="Email" id="form1-3o-email">
</div>
</div>
<div class="col-xs-12 col-md-4">
<div class="form-group">
<label class="form-control-label" for="form1-3o-phone">Phone</label>
<input type="tel" class="form-control" name="phone" data-form-field="Phone" id="form1-3o-phone">
</div>
</div>
</div>
<div class="form-group">
<label class="form-control-label" for="form1-3o-message">One or more files are being uploaded to the WORDsmart server. </label>
<textarea class="form-control" name="message" rows="7" data-form-field="Message" id="form1-3o-message"></textarea>
</div>
<div><button type="submit" class="btn btn-info">CONTACT US</button></div>
</form>
in this case, I would recommend you to use another form. As far as I know form wouldn't work if you would bring any changes to form of Mobirise. Just use another form creator and implement it manually to Mobirise's project after publication to the local folder (the project of Mobirise).
You can read tutorial about publishing here: https://mobirise.com/help/local-host-369.html
Just change the action field in the first line of the form, to the page were you would like to send the data.
The next hidden input line with the public key may be deleted also.
I want to write a simple Greasemonkey script, to complete and submit this form every time the page loads.
Enter a predefined email address (email#gmail.com) into the script, then submit it each time
<div class="col-md-4">
<label for="Content_C001_LI_02_txtEmail">Send proof of delivery email to:</label>
</div>
<div class="col-md-5">
<input name="ctl00$Content$C001$LI_02_txtEmail" type="text" value="email#gmail.com" id="Content_C001_LI_02_txtEmail" class="form-control" onkeypress="return clickButton(event,'Content_C001_LI_02_btnSend')"><span id="Content_C001_ctl23" style="display:none;"></span>
</div>
<div class="col-md-3">
<button onclick="if (typeof(Page_ClientValidate) == 'function') Page_ClientValidate('LI_02'); __doPostBack('ctl00$Content$C001$LI_02_btnSend','')" id="Content_C001_LI_02_btnSend" type="button" class="btn btn-primary btn-inline-label" validationgroup="LI_02">Send</button>
</div>
Once the form has been submitted, this piece of code changes.
So I will need to figure out how to only run the script if it hasn't already been submitted before.
<div id="Content_C001_ctl00" class="alert alert-success" style="display:none;">
to
<div id="Content_C001_ctl00" class="alert alert-success">
Proof of delivery has been successfully emailed to email#gmail.com <br>
Your help is much appreciated! :)
Something like this maybe?
document.addEventListener ("DOMContentLoaded", checkSubmitEmail);
function checkSubmitEmail(){
var myEmail = 'vns#gmail.com';
// 1- check if email has been submitted
var submitted = document.getElementById('Content_C001_ctl00').innerHTML.startsWith('\nProof of delivery has been successfully emailed to ' + myEmail);
// 2- if not continue
if (!submitted){
// 3- fill in email
document.getElementById('Content_C001_LI_02_txtEmail').value='' + myEmail;
// 4- click button
document.getElementById('Content_C001_LI_02_btnSend').click();
}
}
It's hard to tell precisely, but a cookie may be what you are looking for here.
MDN's documentation on the JS Cookie interface
I have a Coming soon page and have a countdown to beta launch and a field where user can enter their email to be added to a mailing list for the beta launch.
How do I receive the email from the field and email myself the user's email upon submit?
Is there a third party service I can use for this? And javascript or jquery plugin?
This is the form with no javascript:
<form class="form-inline" role="form">
<div class="form-group">
<label class="sr-only" for="exampleInputEmail2">Email address</label>
<input type="email" class="form-control transparent" placeholder="Your email">
</div>
<button type="submit" class="btn btn-warning btn-fill">Notify Me</button>
</form>
You have to write backed code with whatever you have on server if it is PHP you could store data from form in file or send it to mail.
Form guide with better description of your problem
I'm trying to get rid of the "put your password in again to confirm it" field in my sign up form. The design pattern I've seen to get around this is a checkbox which will reveal the password to the user - so they can verify it. However, implementing it seems to be a pain.
Here's my relevant html:
<form name="signup">
<div class="form-group">
<input id="usernameInput" class="form-control" placeholder="username">
</div>
<div class="form-group">
<input type="email" id="emailInput" class="form-control" placeholder="email">
</div>
<div class="form-group">
<input type="password" name="passwordInput" class="form-control" placeholder="password">
</div>
<div class="checkbox">
<label>
<input type="checkbox" name="show-pass" value='1' onchange="showPass()"> Show password
</label>
</div>
<button type="submit" class="btn btn-info btn-lg">Sign Up</button>
Back
</form>
And the accompanying javascript:
function showPass() {
document.signup.passwordInput.type=(document.signup.show-pass.value=(document.signup.show-pass.value==1)?'-1':'1')=='1'?'text':'password';
}
However, when I try it in firefox, I get the following console error:
Password fields present on an insecure (http://) page. This is a security risk that allows user login credentials to be stolen.
The error is a little cryptic seeing as the issue isn't with having a password field on a non-https website (I had it working before). Is there something I'm missing here?
If you have ever heard about jQuery use it, it will be easirer
$('#id-of-checkbox').change(function(){
if($(this).is(':checked')){
$('.password-fields').attr('type','text');
} else {
$('.password-fields').attr('type','password');
}
});