HavaLite CMS

A new liteweight Content Management System (CMS)


TimeSpam - a spam detecting solution without captcha image based on Php and JQuery

I did this idea and im realy not sure if it works 100% against Spam bots. I just wanted to give it a try and see the reaction, if visitors have better ideas by detecting whether data are sent from a bot or human.

How it works:

Subscriber must have Javascript enabled on there browser, cause the form is desabled and can only activated by clicking the button "Activate Form".

Subscriber need at least 10 seconds (can be set more or lesser) to fill the form and send data.

  1. By activating the form a JQuery GET request will be sent to timespam.php which starts a session and save the current time in a variable called "timespam":
    $_SESSION['timespam'] = time();
  2. Now when the data is resieved, php will check if the session variable "timespam" exists and subtract the current time while recieving the data from it. If the result lesser than $minTime (set here to 10 seconds) that means the subscriber is either a Bot or a Copy-Past-Visitor. At the end the timespam variable is reseted by calling the unset() function to prevent checking recieved data by refreshing the site:
        $minTime = 10;
        $restOfTime = time() - $_SESSION['timespam'];
        if($restOfTime < $minTime) echo '<p id="fail">:=S Only Robots can fill my form in '.$restOfTime.' seconds</p>';
        else echo '<p id="success">Thank you human, you needed '.$restOfTime.' seconds to fill my form :)</p>';

The JQuery part

First we need JQuery either from our server or from google:

<script language="javascript" src="jquery-1.7.2.min.js"></script>

Now all form input and submit are set to disabled in case Javascript is disabled. Also JQuery will take care of it and set at start to disabled:

$(document).ready( function(){
    $('#name, #email, #comment, #submitBut').attr("disabled", true).css({ backgroundColor: '#B1CEED' });

To activate and enable form: The "Activation" button will call a JS function, which removes disabled attributs from the form and also sends an Ajax Get request to timespam.php to save the current time in $_SESSION["timespam"]

function activateForm(){
    $('#name, #email, #comment, #submitBut').removeAttr('disabled').css({ backgroundColor: '#FFF' });
    $('#activate a').css({ 'background-image' : 'url(tick.png)', color:'green' });
    $.get('timespam.php', function(data){});

Thats it.

Whether to check if the whole form is filled according to the roles or not is not the main goal of this subject. You can surly add some JS and Php code to check inputs the way you need.

You can try a DEMO here. Just activate the form and submit within 10 seconds after that try again: activate form and submit after 10 seconds and see results.

Download: timespam.zip

comments powered by Disqus


    Leave a Reply

    Contact Info

    Phone: +49 941 26175

    Address: Ayman Teryaki,
    Prüfeninger Str. 48,
    93047 Regensburg, Germany

    Want more info - go to our contact page or visit Google+


    Stay up to date. Subscribe via RSS, Facebook, Twitter or Email

    Recent Comments