probleme de spam malgrer le code anti spam

Répondre
nicolas917
le 02/06/2009 à 15:06
nicolas917
le probleme est meme sans la pages qui permet de l ajout des commentaire sur mon blog la base se rempli de message de spam donc comment faire cela

pour eviter les spam
LA GLOBULE
le 02/06/2009 à 15:44
LA GLOBULE
Tu veux dire que même avec une page d'anti spam tu recois toujours des spams ?

Utilises tu un script perso de blog ? ou bien un truc connu genre dotclear / wordpress ? Si oui, quel plugin anti spam utilises tu ?
nicolas917
le 02/06/2009 à 15:48
nicolas917
<?<?php 
$cryptinstall="./../crypt/cryptographp.fct.php";
include $cryptinstall;
?>
<?php
include '../lib/config.inc.php';
$db = mysql_connect($sql_host,$sql_user,$sql_pass);
mysql_select_db($sql_bdd,$db);
$ipNow = $_SERVER['REMOTE_ADDR'];
$sql = "SELECT * FROM ".$mysql_prefix."identvisites WHERE nom='".$_GET['IDblog']."' AND ipNow='$ipNow'";
$result = mysql_query($sql);
if(mysql_fetch_array($result) == 0)
{
$sql = "INSERT INTO ".$mysql_prefix."identvisites (id, nom, ipNow, dateVisite) VALUES ('', '".$_GET['IDblog']."', '$ipNow', '".date("d.m.Y")."')";
$result = mysql_query($sql);
$sql3 = "SELECT * FROM ".$mysql_prefix."identstats WHERE nom='".$_GET['IDblog']."' AND mois='".date("m.Y")."'";
$re = mysql_query($sql3);
$raw = mysql_fetch_array($re);
$nb_total = $raw['hits']+1;
$sql8 = "UPDATE ".$mysql_prefix."identstats SET hits='$nb_total' WHERE nom='".$_GET['IDblog']."' AND mois='".date("m.Y")."'";
$result = mysql_query($sql8);
}
else
{
$sql2 = "SELECT * FROM ".$mysql_prefix."identvisites WHERE nom='".$_GET['IDblog']."' AND ipNow='$ipNow'";
$resul = mysql_query($sql2);
$row = mysql_fetch_array($resul);
$sql4 = "SELECT * FROM ".$mysql_prefix."identstats WHERE nom='".$_GET['IDblog']."' AND mois='".date("m.Y")."'";
$re = mysql_query($sql4);
$raw = mysql_fetch_array($re);
if($row['dateVisite'] <> "".date("d.m.Y")."")
{
$sql7 = "UPDATE ".$mysql_prefix."identvisites SET dateVisite='".date("d.m.Y")."' WHERE nom='".$_GET['IDblog']."' AND ipNow='$ipNow'";
$result = mysql_query($sql7);
$nb_total = $raw['hits']+1;
$sql5 = "UPDATE ".$mysql_prefix."identstats SET hits='$nb_total' WHERE nom='".$_GET['IDblog']."' AND mois='".date("m.Y")."'";
$result = mysql_query($sql5);
}
}
include 'lib/http_get.php';
include 'lib/select.inc.php';
include 'lib/select_prefs.inc.php';
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Commentaire Blog <?php echo $_GET['IDblog'] ; ?> <?php echo $_GET['msgID'] ; ?></title>
<link href="<?php echo $url_site; ?>/template/<?php echo $style; ?>/style.css" rel="stylesheet" type="text/css">
<meta name="description" content="<?php echo $titre ; ?> - blog gratuit espace illimitée" />
<?php echo $metaTag; ?>
</head>
<body>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="27%" background="<?php echo $url_site; ?>/template/<?php echo $style; ?>/fond_logo.gif"><a href="http://<?php echo $_GET['IDblog']; ?>.easy4blog.com"><img src="<?php echo $url_site; ?>/template/<?php echo $style; ?>/logo.gif" width="341" height="101" border="0" alt="Accueil de <?php echo $_GET['IDblog']; ?>"></a></td>
<td width="73%" colspan="2" background="<?php echo $url_site; ?>/template/<?php echo $style; ?>/fond_logo.gif">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td height="73"><?php include 'include/header.php'; ?></td>
</tr>
<tr>
<td><?php include '../include/dedi.php'; ?></td>
</tr>
</table>
</td>
</tr>
<tr valign="top">
<td height="49" colspan="3">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="12%" height="75" valign="top" background="template/<?php echo $style; ?>/menu_gauche.gif">
<div id="gauche">
<img src="template/<?php echo $style; ?>/menu_gauche.gif" alt="Sommaire Gauche" width="200" height="17" border="0" />
<?php include'include/gauche.php'; ?>
</div>
</td>
<td width="73%" valign="top" nowrap background="<?php echo $enzo; ?>">
<div align="left">
<?php
include 'bbcode.php';
$db = mysql_connect($sql_host,$sql_user,$sql_pass) or die(mysql_error());
mysql_select_db($sql_bdd,$db);

$query = "SELECT * FROM ".$mysql_prefix."identbillet WHERE nom='".$_GET['IDblog']."' AND msg_ID='".$_GET['msgID']."'";
$result = mysql_query($query) or die (mysql_error());
$nb_result = mysql_num_rows($result);
$row = mysql_fetch_array($result);
$sql = "SELECT * FROM ".$mysql_prefix."identcomment WHERE nom='".$_GET['IDblog']."' AND msgID='".$row['msg_ID']."'";
$res = mysql_query($sql) or die (mysql_error());
$nb_res = mysql_num_rows($res);
$imgg = "../picture/".$row['nom']."/".$row['image']."";
echo '<table width="80%" border="0" align="center" cellpadding="0" cellspacing="0">';
echo '<tr><td height="26" class="back_menu"><table width="95%" border="0" align="center" cellpadding="0" cellspacing="0">';
echo '<tr><td class="txt_menu">'.stripslashes($row['titre']).'</td>';
echo '</tr></table></td></tr><tr>';
echo '<td><table width="100%" border="0" cellspacing="2" cellpadding="0">';
echo '<tr><td>Post&eacute; le '.$row['date_post'].' par <a href="mailto:'.stripslashes($row['mail']).'">'.stripslashes($row['auteur']).'</a></td>';
echo '</tr><tr><td><br><p>';
if($row['image'] == "")
{
echo '';
}
elseif($row['image'] == ".")
{
echo '';
}
elseif(file_exists($imgg))
{
echo redim($imgg);

}
echo bbcode(stripslashes(nl2br($row['billet'])));
echo '</p></td>';
echo '</tr><tr><td><div align="right">';
if($row['comment'] == "1")
{
echo "<A HREF=\"#comm\"><b>".$nb_res." commentaires</b></a>";

{
echo "&nbsp;<img src='http://www.easy4blog.com/img/icons/commentaires.png' border='0'>&nbsp;<A HREF=\"http://".$_GET['IDblog'].".easy4blog.com/ajout-commentaire-" . str_replace(" ","-",OterAccents($row['titre'])) . '-' . $row['msg_ID'].".html#commentaire\">Ajouter un commentaire</a>";
}
{
echo "&nbsp;<img src='http://www.easy4blog.com/img/icons/image.png' border='0'>&nbsp;<A HREF=\"http://".$_GET['IDblog'].".easy4blog.com/imprimer-".$row['msg_ID'].".html#\">Imprimer cette photo</a>";
}
}
echo '</div></td></tr></table></td></tr></table><br>';
mysql_close($db);

?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title><?php echo $titre ; ?>danois</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="template/<?php echo $style; ?>/style.css" rel="stylesheet" type="text/css">
<script type="text/javascript">
var ns6=document.getElementById&&!document.all
function restrictinput(maxlength,e,placeholder){
if (window.event&&event.srcElement.value.length>=maxlength)
return false
else if (e.target&&e.target==eval(placeholder)&&e.target.value.length>=maxlength){
var pressedkey=/[a-zA-Z0-9\.\,\/]/
if (pressedkey.test(String.fromCharCode(e.which)))
e.stopPropagation()
}
}
function countlimit(maxlength,e,placeholder){
var theform=eval(placeholder)
var lengthleft=maxlength-theform.value.length
var placeholderobj=document.all? document.all[placeholder] : document.getElementById(placeholder)
if (window.event||e.target&&e.target==eval(placeholder)){
if (lengthleft<0)
theform.value=theform.value.substring(0,maxlength)
placeholderobj.innerHTML=lengthleft
}
}
function displaylimit(thename, theid, thelimit){
var theform=theid!=""? document.getElementById(theid) : thename
var limit_text='<b><span id="'+theform.toString()+'">'+thelimit+'</span></b> caractères maximum.'
if (document.all||ns6)
document.write(limit_text)
if (document.all){
eval(theform).onkeypress=function(){ return restrictinput(thelimit,event,theform)}
eval(theform).onkeyup=function(){ countlimit(thelimit,event,theform)}
}
else if (ns6){
document.body.addEventListener('keypress', function(event) { restrictinput(thelimit,event,theform) }, true);
document.body.addEventListener('keyup', function(event) { countlimit(thelimit,event,theform) }, true);
}
}
</script>
<p>&nbsp;</p><table width="80%" border="0" align="center" cellpadding="0" cellspacing="0">
<tr> <td height="26" class="back_menu"><table width="95%" border="0" align="center" cellpadding="0" cellspacing="0">
<tr> <td class="txt_menu">Ajouter un commentaires</td></tr> </table></td></tr>
<tr> <td><table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr>
<td><br> <table width="70%" border="0" align="center" cellpadding="0" cellspacing="0">
<tr> <td><div align="center"> <?php
if($post == "1")
{
if (empty($_POST['nom']) || empty($_POST['msgID']) || empty($_POST['auteur']) || empty($_POST['mail']) || empty($_POST['titre']) || empty($_POST['code']) ||empty($_POST['comment']))
{
echo "<span class=\"txt_rouge\">Tous les champs sont obligatoires !</span>";
}
elseif(!ereg('^[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+'.'@'.'[-!#$%&\'*+\\/0-9=?A-Z^_`a-z{|}~]+\.'.'[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+$', $mail))
{
echo "<span class=\"txt_rouge\">Votre adresse email est invalide !</span>";
}
else
{
if (chk_crypt($_POST['code']))
{
$db = mysql_connect($sql_host,$sql_user,$sql_pass) or die(mysql_error());
mysql_select_db($sql_bdd,$db) or die(mysql_error());

$query = "INSERT INTO ".$mysql_prefix."identcomment (id, nom, msgID, auteur, mail, titre, comment, blog, date) VALUES ('', '".$_GET['IDblog']."', '".$_GET['msgID']."', '".strip_tags($auteur)."', '".strip_tags($mail)."', '".strip_tags($titre)."', '".strip_tags($comment)."', 'http://".$blog.".easy4blog.com/', '".date("d.m.Y")."')";
mysql_query($query) or die(mysql_error());
echo "<strong><span class=\"txt_rouge\">Votre commentaire &agrave; bien &eacute;t&eacute; post&eacute; !</span></strong>";
if($_POST["ajouter"][$i]=="ok");
mysql_close($db);
}
else
{
echo "<tr><td height=\"30\" colspan=\"2\"><strong><span class=\"txt_rouge\">ERREUR de saisie du code !</span></strong></td></tr>";
}
}
}
?> </div></td></tr> </table><br> <form action="?IDblog=<?php echo $_GET['IDblog']; ?>&msgID=<?php echo $_GET['msgID']; ?>" method="post" name="commentaire" id="commentaire">
<table width="95%" border="0" align="center" cellpadding="0" cellspacing="2">
<tr> <td height="30"><strong>:: Poster un commentaire</strong></td></tr> <tr>
<td>
<table width="89%" border="0" align="center" cellpadding="0" cellspacing="2">
<tr> <td width="41%" height="20">Votre NOM : <span class="txt_rouge">*</span>
</td><td width="59%" height="20"><input name="auteur" type="text" class="form_input_txt" id="auteur" value="<?php echo "$auteur"; ?>" size="30"></td></tr>
<tr> <td height="20">Votre adresse email : <span class="txt_rouge">*</span> </td><td height="25"><input name="mail" type="text" class="form_input_txt" id="mail" value="<?php echo "$mail"; ?>" size="30"></td></tr>
<tr> <td height="20">Titre du commentaire : <span class="txt_rouge">*</span> </td><td height="25"><input name="titre" type="text" class="form_input_txt" id="titre" value="<?php echo "$titre"; ?>" size="30"></td></tr>
<tr> <td height="20">Votre message : <span class="txt_rouge">*</span> </td><td height="25"><textarea name="comment" cols="40" rows="10" class="form_input_txt" id="easy4blog.com"><?php echo "$comment"; ?></textarea>
<br><script>
displaylimit("","easy4blog.com",30000)
</script></td></tr> <tr>
<td height="20">Votre blog :</td>
<td height="15">http://<input name="blog" type="text" class="form_input_txt" id="blog" value="<?php echo "$blog"; ?>" size="10">.easy4blog.com</td>
</tr>
<tr>
<td align="center"><br></td>
</tr>
<tr>
<td height="15">&nbsp;</td>
<td height="20"><?php dsp_crypt(1,1); ?></td>
</tr>
<tr>
<td height="15">Recopier le code:</td>
<td height="20"><input type="text" class="form_input_txt" name="code" value="<?php echo "$code"; ?>" size="35" maxlength="50"><input type='checkbox' name='ajouter[$i]' value='ok'></td>
</tr>
<tr>
<td height="15">&nbsp;</td>
<td height="20">&nbsp;</td>
</tr>
<tr> <td height="15">&nbsp;</td><td height="20"><input type="submit" name="Submit" class="form_button" value=" Poster votre messages" onClick="this.form.submit();this.disabled=true;this.value='Patientez...'">
<input name="post" type="hidden" id="post" value="1"></td></tr> </table></td></tr>
</table></form></td></tr> </table></td></tr> </table>
<p>&nbsp;</p><table width="80%" align="center" cellpadding="0" cellspacing="0" BORDERCOLOR="#333333">
<tr> <td height="26" class="back_menu"><table width="95%" border="0" align="center" cellpadding="0" cellspacing="0">
<tr> <td class="txt_menu"><a name="comm">Lires Les commentaires</a></td></tr> </table></td></tr>
<tr> <td><table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr>
<td><br>
<?php
$guest_page_03 = "15";
if(!isset($d))
$d = "0";
if(!isset($f))
$f = $guest_page_03;
$db = mysql_connect($sql_host,$sql_user,$sql_pass);
mysql_select_db($sql_bdd,$db);
$query = "SELECT * FROM ".$mysql_prefix."identcomment WHERE nom='".$_GET['IDblog']."' AND msgID='".$_GET['msgID']."' ORDER BY date DESC LIMIT ".$d.", ".$guest_page_03."";
$result = mysql_query($query) or die(mysql_error());
$nb_result = mysql_num_rows($result);
$sql = "SELECT * FROM ".$mysql_prefix."identcomment WHERE nom='".$_GET['IDblog']."' AND msgID='".$_GET['msgID']."'";
$resultat = mysql_query($sql);
$nb_result_nb = mysql_num_rows($resultat);
while ($row = mysql_fetch_array($result))
{
echo '<div class="citation">
<p class="titre_billet">&nbsp;<img src="http://www.easy4blog.com/img/icons/commentaires.png" border="0">&nbsp;<b>'.stripslashes($row['titre']).'</b></p>
<p class="auteur">Post&eacute; par <strong><a href="'.$row['blog'].'" target="_blank"><b>Voir mon blog</b></a></strong> <a href="mailto:'.$row['mail'].'" target="_blank">'.stripslashes($row['auteur']).'</a> le '.$row['date'].'<br /></p>
<p class="texte">'.stripslashes(nl2br($row['comment'])).'<br />
</div></div>';
}
mysql_close($db);
echo "<center>\n";
if ($d != "0")
{
$d_new1 = $d-$guest_page_03;
$f_new1 = $d;
echo "<a href=\"http://".$_GET['IDblog'].".easy4blog.com/commentaires-" . str_replace(" ","-",OterAccents($row['titre'])) . "-$d_new1-$f_new1-" . $row['msg_ID'] . ".html\">[« Commentaires Pr&eacute;c&eacute;dents ]</a> | \n";
}
$nb_pages = intval($nb_result_nb/$guest_page_03)+1;
if ($nb_pages > "1")
{
for ($i=0;$i<$nb_pages;$i++)
{
if (isset($d_page))
$d_page = $d_page+$guest_page_03;
else
$d_page = "0";
$f_page = $f_page+$guest_page_03;
$num_page = $i+1;
if ($d == $d_page)
echo "".$num_page." ";
else
{
if ($d_page < $nb_result_nb)
echo " <a href=\"http://".$_GET['IDblog'].".easy4blog.com/commentaires" . str_replace(" ","-",OterAccents($row['titre'])) . "-$d_page-$f_page-" . $row['msg_ID'] . ".html\">".$num_page."</a> \n";
}
}
}
if ($f < $nb_result_nb)
{
$d_new2 = $f;
$f_new2 = $f+$guest_page_03;
echo "| <a href=\"http://".$_GET['IDblog'].".easy4blog.com/commentaires" . str_replace(" ","-",OterAccents($row['titre'])) . "-$d_new2-$f_new2-" . $row['msg_ID'] . ".html\">[ Commentaires Suivants » ]</a>\n";
}
?></td></tr> <tr> <td><br> <table width="70%" border="0" align="center" cellpadding="0" cellspacing="0">
<tr> <td>
<div align="center">
</td></tr> </table><br> </td></tr> </table></td></tr>
</table>
<td width="0%" valign="top" nowrap background="<?php echo $enzo; ?>"></td>
<td width="12%" valign="top" background="template/<?php echo $style; ?>/menu_droite.gif">
<div id="droite">
<img src="template/<?php echo $style; ?>/menu_droite.gif" alt="Sommaire droite" width="200" height="17" border="0" />
<?php include'include/droite.php'; ?>
</div> </td>
</tr>
</table>
</td>
</tr>
<tr background="template/<?php echo $style; ?>/fond_footer.gif">
<tr background="<?php echo $url_site; ?>/template/<?php echo $style; ?>/fond_footer.gif">
<td height="27" colspan="3" background="<?php echo $url_site; ?>/template/<?php echo $style; ?>/fond_footer.gif">
<div align="center"><?php include'include/footer.php'; ?></div>
</td>
</tr>
</table>
</body>
</html> ?>
LA GLOBULE
le 02/06/2009 à 20:20
LA GLOBULE
Ca fait peut être un peu beaucoup de code PHP la...

Il fonctionne comment cet anti spam ? C'est un captcha ? C'est un truc qui apprend tout seul à reconnaitre des mots interdits ou des ip ?

Peux tu nous isoler la portion de code de l'anti spam ?
Darkendorf
le 03/06/2009 à 09:17
Darkendorf
hum...

ton code semble ok (c'est difficile à dire avec la quantité...), apparemment tu fais bien la vérification de la validité du captcha... tu devrai forcer l'affichage des erreurs pour être sûr...

tu fais bien l'inclusion du script Cryptographp ?
<?php 
$cryptinstall="./crypt/cryptographp.fct.php";
include $cryptinstall;
?>


Tu as testé avec les cookies désactivés ? si ce n'est déjà le cas ^^

Sinon le captcha est trop simple, des scripts existent pour les plus répandu et les cassent assez facilement (surtout dans le cas de cookies...), il faudrait le rendre plus compliqué, dans un cadre plus ou moins épais et coloré, plus de chiffres/lettres, ou en utiliser un autre !!
Répondre

Ecrire un message

Votre message vient d'être créé avec succès.
LoadingChargement en cours