2008 May | reviewmylife

Archive for May, 2008

Hidden field spam trap for PHPFormMail

Friday, May 30th, 2008

If you have a form mail script on your website you may find that you reguarly recieve automated spam to your email account. Even worse it is possible that spammers may use your form mail script to send spam to other people.

One well known method of significantly reducing (or even stopping) spam without having any impact on your website visitor is to add a hidden field to your form. Real human visitors will not see this field and leave it blank. Automated spam scripts will fill it in. You can therefore easily tag or reject any emails that have this hidden field filled in. This method of stopping spam has been talked about on many other blogs – for example on modernblue, and horizonweb.

I’m not going to explain the technique in depth – you can read about it on the above links. I’m just going to show you how to apply this form of spam protection if you are using the PHPFormMail script.

You will need to add an entry to your style sheet to hide the spam trapping field. I use two fields with similar names – one to display a field as normal and one to hide a field. I suggest you use different names to me to make it less likely that spam scripts will work around this trap.

style.css

div#formstyle1 { display: inline; }
div#formstyle2 { display: none; visibility: hidden; }

In blue you can see where I have added the spam trap field next to the usual message field.

contactus.html

<tr>
<td>Message</td>
<td>
<p>
<div id="formstyle1">
  <textarea name="message" rows="10" cols="40"></textarea>
</div>
<div id="formstyle2">
  <p>Please leave the following field blank: </p><input type="text" name="spamtrap">
</div>
</p>
</td>
</tr>

There are two things I can do in the PHPFormMail script if spam is detected (i.e. if the spamtrap field is not empty). I can either tag the email with a [spam?] tag, or I can reject it.

I have commented out the ‘email rejection’ lines so the below modification will tag the email. If you want to enable the ‘email rejection’ then you can simply uncomment the relevant two lines.

PHPFormMail.php

function send_mail()
{
	global $form, $invis_array, $valid_env, $fieldname_lookup, $errors;

	$email_replace_array = "\r|\n|to:|cc:|bcc:";

	### Anti-spam: start - reject email ###
	#if (($form['spamtrap']) != '')
	#	return true;
	### Anti-spam: end                  ###
	if (!isset($form['subject']))
			$form['subject'] = 'WWW Form Submission';
	if (isset($form['subject_prefix']))
			$form['subject'] = $form['subject_prefix'] . $form['subject'];

	if (!isset($form['email']))
			$form['email'] = 'email@example.com';
	### Anti-spam: start - tag email ###
	if (($form['spamtrap']) !='' )
			$form['subject'] = '[SPAM?]: ' . $form['subject'];
	### Anti-spam: end               ###
	switch ($form['mail_newline']) {
		case 2:		$mail_newline = "\r";
				break;
		case 3:		$mail_newline = "\r\n";

Since applying these changes to my various sites, the script has caught all the formmail spam that I was previously getting.

If you do decide to adopt these changes then make sure you test them carefully – first try testing with the spam trap field visible, before making it invisible. I’d also suggest that you adjust the field and style sheet names to make it harder for spammers to bypass.

Tags: css, form mail, HTML, PHP, PHPFormMail, spam, spam trap
Posted in Website building | 1 Comment »

Writing and releasing a free software tool in two weeks

Tuesday, May 27th, 2008

Two weeks ago I started a mini-project to write a simple piece of software in C#, package it up and release it. Although I had initially given myself two weeks, the actual time I spent on this project was less than a week due to a pest problem, a birthday, and a family visit. The purpose of this project was to learn the basics of a new programming language, and to learn how to package and release the initial version of a new piece of simple software.

Picking a language

I had never written a line of C# in my life but knew that it had similarities to both C++ and Java. I’ve been programming with C++ and Java professionally (by which I mean that someone pays me to do it) for many years so it seemed an interesting new language to experiment with.

I downloaded the free Microsoft Visual C# 2008 Express Edition and installed it. I followed the initial tutorial to learn how to build a very basic application and then started experimenting with adding new features.

Visual C#

Version control

The version control system that I am used to working with is Perforce. I therefore wanted to use a different version control system for this project (remember this is a learning exercise so I want to try new technologies!).

I picked the well known subversion as the version control tool with TortoiseSVN as the front end to subversion. Subversion is a popular choice and is easy to use if you are used to using something like Perforce. It has many differences but also many similarities.

tortoisesvn

What to write?

I had decided to write a Windows clipboard extender. There are loads of other clipboard extenders available but that didn’t worry me. My goal isn’t to create something original, just something that I would use myself.

The core features that I wanted to include was stack and queue support for the clipboard. Normally copying an item of text to the clipboard overwrites the previous item. I wanted the previous values to be stored in either a queue or a stack. e.g.

I copy (using Ctrl-C) the values ‘one’, ‘two’, ‘three’.
I then paste (using Ctrl-V) and the pasted values are ‘one’, ‘two’ and then ‘three’. This is the queue behaviour.
If using the stack the pasted values would be ‘three’, ‘two’ and finally ‘one’.

Online help with writing the software

As I was completely new to C# and its APIs, I had to do a lot of searching to find out how to do Clipboard operations. The Visual C# help system was also very good.

There is a huge amount of help for almost any C# problem you can think of on the internet so it wasn’t hard to find out how to solve any problem that I had. In particular the following articles were very helpful:

Writing a EULA

When releasing software you would normally ship an end-user licence agreement (EULA) along with the software. This tell the user what they can and can’t do with your software.

If you want to open source your software there is a good source of licensing information at the Free Software Foundation.

In my case I wanted the software to be free to use but proprietary (I’m not shipping the source). It is harder to find information on how to produce a licence in this case. One option is to look at existing licences and adapt any bits you like. I used the XS EULA Generator and then adapted it for my needs.

Creating an install package

Once I had written my clipboard extender (which I named nbClipboard) I needed some way to package it up with a Windows installer.

After looking around the best option seemed to be Inno Setup combined with ISTool (a front end for Inno Setup). You can download both together by going to the Inno Setup website and downloading the QuickStart Pack.

ISTool

This creates a professional looking software install executable which looks identical to the install tools used by many popular software applications.

nbClipboard setup wizard

Making a PAD file

To release software you can add it to your own website and in addition you may want it to be added to the many software download websites out there. Almost all software download websites require you to submit a PAD file (Portable Application Description). This file describes all the attributes of your software (purpose, author, screenshots, OS requirements etc) in a standard format which allows these download sites to stay up to date.

The format was created by the Association of Shareware Professionals (ASP) and they have a free PADGen tool that you can use to create the PAD file.

padgen

Releasing the software

After creating the install package and the PAD file I uploded both of them to my website and then submitted the PAD file to the ASP repository (a store of PAD files that many software download sites use as a data source).

Just two hours after making the submission nbClipboard had appeared on two download sites and was even appearing in the Google search results as a result of one of these download sites being indexed. In the next few days it appeared on other download sites as well. You may want to note that the sites that pick these PAD files up automatically seem to be the small download sites. If you want your software to appear on better known directories such as Tucows and download.com you’ll need to handle the submission manually.

nbClipboard

nbClipboard is available from the below link and it might be available from some small software download sites as well – if you can find them!

nbClipboard Clipboard Extender

It certainly won’t win any awards but then I was more interested in going through the whole process of writing and releasing a new software tool than creating something which was groundbreaking.

Tags: C#, clipboard, clipboard extender, eula, Inno Setup, ISTool, nbClipboard, PAD, Software, subversion, TortoiseSVN, visual c#
Posted in Programming | No Comments »

Custom error pages on 1and1 when HTML files are set as PHP types

Monday, May 26th, 2008

A long time ago I set up custom error pages on my 1&1 hosted websites. However recently I noticed that they had stopped working. When a 404 error occured, instead of redirecting to my error page I got an advert filled parking page.

1and1 error page

I re-checked their instructions for setting up the error pages on their FAQ and I was pretty sure that I was setting the pages up correctly.

After spending over an hour trying to figure out what was going wrong I stumbled on the ‘Empty Parking Pages’ link on the Domain Overview in their Administration control panel. You can see the position of this link in the red box.

1and1 admin page

On this page is the option to turn off their ‘Empty Parking Pages’. I turned this option off – it then took a few minutes for the change to be visible on my website.

1and1 empty pages parking

Part of the message says:

When using this service, a page from our webserver will be displayed instead. Unless, of course, you have set up your own error message.

Now instead of getting the advert filled parking page I got a plain:

Error 404 – Not found
Your browser can’t find the document corresponding to the URL you typed in.

It is better than before but it is still not my error message!

It seemed the only way I could get correctly working error files is to create files with the following file names in your site’s root directory – ‘error400.html’, ‘error403.html’, ‘error404.html’ and ‘error500.html’. No entry in the .htaccess file is needed – 1&1 automatically picks these files up as your error pages.

So why weren’t the ErrorDocument lines in my .htaccess working?

In my .htaccess file I also have the following line:
AddType x-mapp-php4 .html .htm

This line allows PHP code to be processed from .htm and .html files. If I remove this line then my ErrorDocument lines start working. It therefore seems that 1and1 have configured their servers so that you can only errors generated when you try to access static pages will cause the ErrorDocument directive to be used. Usually .html and .htm are static, however my AddType line in the .htaccess changed them into dynamic pages.

I removed .html from the AddType line. After doing this the ErrorDocument worked for .html files but not for .htm.

After all this I have deduced the following:

If you want to get rid of the advert filled parking pages you need to use the control panel.
If you configure your 1&1 .htaccess file to allow PHP in .htm and .html then the ErrorDocument line won’t work for any missing .htm or .html files. However the ErrorDocument will work for non-PHP files types.
The ErrorDocument directive will never work for .php file types as these are always registered as being PHP types.
The only way to get working error files for all types of errors is to create ‘error400.html’, ‘error403.html’, ‘error404.html’ and ‘error500.html’ files.

Final tip

In the 1&1 FAQ on creating error pages they give three suggestion for creating custom error pages:

Using ErrorDocument in .htaccess (which only works for static document types).
Adding the errorXXX.html error pages (which does work for all document types).
Adding the below code to your .htaccess.

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule (.*) /errordocument.html

I would suggest that you don’t add this to your .htaccess! This redirects any 404 ‘not found’ errors to the errordocument.html webpage. This causes a 200 error code to be returned rather than a 404 error code. This is a bad idea as it could cause search engines to end up indexing all the error pages on your website.

Tags: .htaccess, ErrorDocument
Posted in Website building | 8 Comments »

reviewmylife

Archive for May, 2008

Hidden field spam trap for PHPFormMail

Writing and releasing a free software tool in two weeks

Custom error pages on 1and1 when HTML files are set as PHP types

Recent Posts

Recent Comments

Twitter Feed

Categories

Archives

Search

Blogroll

Pages