Protection from spam in webforms Vtiger module

Protection from spam in webforms Vtiger module

There is an interesting module in vtiger called Webforms. It can generate special html forms, which you can then easely insert into your site and receive leads directly to vtiger. Forms can be integrated with various modules - leads, contacts, counterparties, deals.

There is an interesting module in vtiger called Webforms. It can generate special html forms, which you can then easely insert into your site and receive leads directly to vtiger. Forms can be integrated with various modules - leads, contacts, counterparties, deals.

But this tool has one drawback - the possibility of spam hitting. Vtiger has developed an integration with ReCaptcha for this. But it does not always work out of the box and it does not suit everyone. If a client wants to leave a request on the site, then the presence of captcha may just scare him away.

I see several ways to protect the form from bots.

One option is to use a honeypot.

This is done as follows. You add a hidden field to the form, for example:

<input type="text" class="hot" value="">

And through the class "hot", you adjust the visibility of the field, hiding it from the page. I do not recommend using hidden, it is better to do it through styles.

Thus, an additional hidden field will appear on your screen, but which will be available to bots. Bots will think that this is some important field associated with the name and will insert values ​​into it.

Now it remains for us at the Vtiger level to check whether this field is filled or not. And if it is not empty, we will consider the request as spam. To do this, we need to edit the file:

modules/Webforms/capture.php

And after these lines:

$moduleLanguageStrings = Vtiger_Language_Handler::getModuleStringsFromFile($currentLanguage);

vglobal('app_strings', $moduleLanguageStrings['languageStrings']);

 

Insert your code for field checking:

//honey pot field

        $honeypot = $request['unname'];

$returnURL = false;

try {

            //check if the honeypot field is filled out. If not, send a mail.

            if( $honeypot != '' ){

                throw new Exception ('Sorry, but we blocked your request due to antispam policy');

                return; //you may add code here to echo an error etc.

            }

 

This way we can protect our form from software bots. And this is over 60% of spam. For more reliable protection, I recommend using a captcha.