diff --git a/assets/js/contact_form.js b/assets/js/contact_form.js index 2197618..9f90099 100644 --- a/assets/js/contact_form.js +++ b/assets/js/contact_form.js @@ -5,6 +5,7 @@ const message = document.getElementsByClassName('contact_form__message')[0]; const name = document.getElementsByClassName('contact_form__name')[0]; const email = document.getElementsByClassName('contact_form__email')[0]; const captcha = document.getElementsByClassName('contact_form__captcha')[0]; +const now = (new Date().getTime/1000).toFixed(); contact_form.addEventListener('submit', function(event) { event.preventDefault(); @@ -12,6 +13,7 @@ contact_form.addEventListener('submit', function(event) { formData.append('message', message.value); formData.append('name', name.value); formData.append('email', email.value); + formData.append('time_sent', now); // If some bot entered some value, return. if (typeof captcha.value == 'undefined') { diff --git a/assets/php/contact_form.php b/assets/php/contact_form.php index 9f2d077..ece2992 100644 --- a/assets/php/contact_form.php +++ b/assets/php/contact_form.php @@ -57,7 +57,18 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") { if (empty($_POST['name'])) { $response['errors'][] = 'Du hast keinen Namen eingegeben.'; } - if ($_POST['captcha'] != 'Nudelsuppe') { + /* + Idee zur Bot-Erkennung: + 1. Ein Bot hat das Pseudocaptcha entweder leer abgeschickt, oder sich selbst etwas ausgedacht. + 2. Ein Bot schickt die Daten in unter 5s ab. + 3. Ein Mensch braucht nicht länger als 60min. + */ + if ( + $_POST['captcha'] != 'Nudelsuppe' || + preg_match('d{10}', $_POST['time_sent']) != 1 || + (preg_match('d{10}', $_POST['time_sent']) != 1 && time() - $_POST['time_sent'] < 5) || + (preg_match('d{10}', $_POST['time_sent']) != 1 && time() - $_POST['time_sent'] > 3600) + ) { $response['errors'][] = 'Wir glauben du bist ein Bot.'; } } else {