php update my web form HONEY POT + CSRF TOKEN -- 2
$10-30 AUD
In Progress
Posted over 2 years ago
$10-30 AUD
Paid on delivery
I have a simple web form and would like some one to implement the below HONEY POT + CSRF TOKEN
simple instructions are below on how to add the 2 things
this should take less than a hour to update, I will provide zip files or cpanel.
Quote under $50 thank you, mention "HG" in comments or your bid will be ignored
1 =======================================
HONEY POT
This method relies on the assumption that SPAM software doesn't recognize CSS and/or JavaScript. The "honey pot" technique use a non-visible field to fool the less-intelligent robots whos automatically fills out all the input fields prior to submit the form data for further processing.
<form action="[login to view URL]" method="post">
<p>
<label>Name</label>
<input type="text" name="your_name">
</p>
<p>
<label>Email</label>
<input type="email" name="your_email">
</p>
<p class="fax">
<label>Fax</label>
<input type="text" name="your_fax">
</p>
<p>
<label>Comment</label>
<textarea name="your_comment"></textarea>
</p>
<p>
<button type="submit">Submit</button>
</p>
</form>
Then use CSS to hide the "honey pot" from your form so visitors are not able to see and fill it.
<style>
.fax {
display: none;
}
</style>
You can also use JavaScript to assure yourself this input field will not harm your form.
<script>
[login to view URL]('.fax').[login to view URL] = 'none';
</script>
So, if visitors can't see and fill the non-visible input fields we can consider that the form submission with not empty fax is spam.
<?php
// [login to view URL]
if (!empty($_POST['fax'])) {
// It's SPAM
}
?>
==============================================
2 ==============================================
CSRF TOKEN
Synchronizer token pattern uses a unique token that is embedded into the HTML forms and verified on the server side. The CSRF token should be a random value that is hard to predict, preferably generated by a cryptographical algorithm. This is how to build a CSRF token:
<?php
// PHP 7
$token = bin2hex(random_bytes(32));
// PHP 5.3 with mcrypt
$token = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));
// PHP 5.3 with openssl
$token = bin2hex(openssl_random_pseudo_bytes(32));
// PHP 4
$token = base64_encode(time() . sha1($_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT']) . md5(uniqid(rand(), true)));
// Store the token into a session variable!
$_SESSION['token'] = $token;
?>
Then include the token into your HTML form.
<form action="[login to view URL]" method="post">
<input type="hidden" name="token" value="<?php echo $token; ?>">
</form>
To validate a token you must compare the form value with the session value.
<?php
// [login to view URL]
if ($_SESSION['token'] !== $_POST['token']) {
// It's SPAM
}
?>
=================================================
=================================================
Hi, dear employer. Thanks for posting your project and your attention,
I read ur project carefully. I can carry out your task with the lowest budgets than anybody.
PHP/WordPress/CI/Laravel/Python/Vue.js/Node.js/Magento/Animation/SEO/
are all my major skills
I have the WP and HTML5/Mobile responsible samples and lots of logos. And i am carrying out WP task, i can also accept other task.
I hope u'll be good luck. :-)
HG
I can start right now with this Honey Pot + CSRF token :)
Don't worry about my skills about this project.
---Fast work, High quality, The Best result.---
These are my slogans and my main goal is to satisfy client.
✦Can we have quick chat right now so that we can discuss the project briefly?✦
Please give me a chance to work as your on-going partner!
Best Regards.
Sergey B.
This surely is an easy task, moreover the instruction is clearly provided. The real question is how many forms should be updated with this honey pot & CSRF protection. I assume updating one form will take no more than 5 mins.
Hello, "HG"
I have read your project description. I am an experienced web developer and I can work according to your requirements. I have 4+ years of experience with PHP, MySQL, HTML, CSS, JavaScript.
I am available to start quick work on your project & assure you to provide highly performable clean code within the preferred timeline.
Looking for your reply to start this work immediately.
Thank You. Best Regards.
Jafar TL (SE).
"HG"
Hello, I can complete it within 1 hrs.
I know how to add it.
If you feel that my abilities are lacking even in the slightest while carrying out the project, you may reject me and don't pay.
It will be enough for an hour to confrim whether I can do it or not.
I will never let you down and I will always make you smile.
Kind regards.