Stopping spam registrations - but PHP adapter depends on forbidden service!

suas

We invite people to sign up to an evening course through a web form. When they fill out the form and click 'Register', the info is sent to our CRM system (Salesforce).

We have a problem with spam registrations, most likely bots.

The most popular solution is to send the registrations via Akismet ( http://sfdc.arrowpointe.com/2007/05/24/fight-web-to-lead-spam-w-akismet/ )- but that isn't a runner for us. The reason being that the PHP adapter needs fopen to be ON and for security reasons our hosting company (and many others) locked this at OFF last year.

So, my questions:

(1)
The generous designer of this solution has provided it FOC, so it's unfair to ask him to do any work on it. Would it be possible to tweak the code so that it calls a different PHP adapter instead of the one that uses fopen?

Here's what it says on the link above:

The script leverages the Akismet PHP5 Class to handle the core communication with Akismet. I found this class from the Akismet Development page.

This script will only work on PHP5 and requires the cURL module to be enabled. cURL is enabled by default in most PHP installations. The PHP5 requirement is a limitation of the Akismet PHP5 Class. If you are on another platform (PHP4, Ruby, Java, etc.), I don’t see any reason why you couldn’t use these scripts and integrate a different Akismet toolkit into it. Additional toolkits are available from the Akismet Developer Page.

Could anyone here help with this, please?

(2)

Failing that - how would I go about implementing a captcha?

Is there a bit of html that I can drop into the page so that the form will only be submitted if a captcha is passed? I think I know how to do that - but haven't had any experience of it.

At the moment, I'm trying to follow the instructions from http://www.captchacreator.com/v-howtoinstall.html and I'll see how I get on.
The question I'd like to ask - Is this link the best way to do it, or could someone recommend another, please?

I'd prefer to solve it with Akismet (soln 1) though, as there are advantages to that solution. One big one is that a CRM unique identifier is hidden from spammers (and if they get it, they can submit automated registrations).

seamus

According to that front screen, Akismet uses cURL to make calls to a url.

cURL uses sockets, not fopen, so you shouldn't have a problem using this package on your site (assuming that cURL is available).

suas

I noticed the same thing, and was a bit unsure... but I found this comment deep in the page.

Scott Hemmeter Said,
March 24, 2008 @ 8:26 am

@Jzilla:

register_globals can be off. It’s off by default in PHP5, I believe.

I did a bit of digging into the code and the Akismet PHP5 class I am using uses PHP’s remote file functions, which requires allow_url_fopen to be ON in your PHP setup. I think there was a recent issue with this setting and many web hosts (including mine) turned this off by default to protect their customers. However, with my web host, I can edit the PHP.ini file and turn it back on. Check to see if allow_url_fopen is ON. If not, see if you can turn it on via your php.ini. I don’t think it’s a major issue to turn on (do your own research), but web hosts were turning it off by default to protect the masses.

I've already asked my hosts about this and there's no way that they will turn fopen back on.

“allow_url_fopen is disabled on all our servers as a security precaution. If you wish to load an external file, please use the curl functions”

So, I'm just a bit stuck, right out on the edge of what I know.

AARRRGH

Why not just add a bit of code which asks a random simple question, e.g. "There is a big yellow ball in the sky which provides heat for earth, what is it called?".

Simple and more user friendly. Some of the captchas are nearly impossible to read.