Kinky Solutions : Code Viewer by Ben Nadel

Preventing Spam Bot Form Submissions With ColdFusion (Revisited)
<!--- Kill extra output. --->
<cfsilent>
 
	<!--- Param form comments. --->
	<cfparam
		name="FORM.comments"
		type="string"
		default=""
		/>
 
	<!---
		Param the form ID. This is the value that we
		will use to check proper form submission (to
		protect against SPAM form submissions).
	--->
	<cfparam
		name="FORM.form_id"
		type="string"
		default=""
		/>
 
	<!--- Param the form submission. --->
	<cftry>
		<cfparam
			name="FORM.submitted"
			type="numeric"
			default="0"
			/>
 
		<cfcatch>
			<cfset FORM.submitted = 0 />
		</cfcatch>
	</cftry>
 
 
	<!--- Check to see if the form has been submitted. --->
	<cfif FORM.submitted>
 
		<!---
			Check to see if the FORM is valid by checking to
			see if the ks_stats.cfm file spawned a file with
			the given ID.
		--->
		<cfif FileExists(
			ExpandPath( "./spam/#FORM.form_id#.txt" )
			)>
 
			<!---
				The file exists. This confirms that the FORM
				page was actually loaded and spawned a second
				IMG request that then spawned this text file.
				This is probably NOT a spam bot.
			--->
			<cflocation
				url="confirm.cfm"
				addtoken="false"
				/>
 
		</cfif>
 
	</cfif>
 
 
	<!---
		If we have made it this far, then we are going
		to be showing the FORM again. Select a new form
		ID for this display.
	--->
	<cfset FORM.form_id = CreateUUID() />
 
	<!---
		Now that we have our form ID, let's encrypt it
		so that we don't have duplicate values in the body
		(that might be detectible pattern by a BOT).
	--->
	<cfset FORM.encrypted_form_id = Encrypt(
		FORM.form_id,
		"that-is-tasty!",
		"CFMX_COMPAT",
		"HEX"
		) />
 
</cfsilent>
 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
	<title>ColdFusion Anti Form Spam Idea</title>
</head>
<body>
 
	<cfoutput>
 
		<form action="#CGI.script_name#" method="post">
 
			<!--- This will flag form submission. --->
			<input
				type="hidden"
				name="submitted"
				value="1"
				/>
 
			<!--- This is the form ID. --->
			<input
				type="hidden"
				name="form_id"
				value="#FORM.form_id#"
				/>
 
 
			<label for="comments">
				Comments:
			</label>
 
			<textarea
				id="comments"
				name="comments"
				cols="50"
				rows="10"
				>#FORM.comments#</textarea>
 
 
			<input type="submit" value="Submit Comments" />
 
		</form>
 
 
		<!---
			This is the image that we will use to make sure
			the HTML of the current form page actually renders.
			I am calling it "ks_stats" just to make it less
			obvious to prying eyes.
		--->
		<img
			src="ks_stats.cfm?id=#FORM.encrypted_form_id#"
			height="1"
			width="1"
			style="display: none ;"
			/>
 
	</cfoutput>
 
</body>
</html>
For Cut-and-Paste