Form protection from spam without captcha in Bitrix and not only

Order site

By contacting me you will receive a reliable and knowledgeable contractor who will quickly and efficiently implement any task for you and your business.

The last notes

schema.org for the site

Bitrix: exchange with 1C

Working with authorization \ user registration in Bitrix

Working with Flexbox

Errors when updating Bitrix

Working with the product, the catalog.element component and trade offers in Bitrix

Bitrix does not send mail or gets into spam

View all

All English-language materials have been translated fully automatically using the Google service

Sooner or later, on all sites, it becomes necessary to protect feedback or registration / authorization forms from spambots. Captcha cannot cope with protection, and it is not user-friendly either. But there are ways to protect yourself through hidden fields in forms. This method is quite effective against most bots, since it requires manual analysis of the form and the waste of the spammer's personal time, which is spent on very few and in rare cases.

First of all, we will copy the entire component into our namespace (to make changes to the base class), rename the .default template with the name we need, and make all changes in it.

Ie copy, for example, the folder /bitrix/components/bitrix/system.auth.registration to /local/components/tichiy/system.auth.registration and work in it

Then add a regular input with a random meaningful name to the template form code

 <div class = 'newTR'> <input type = "text" name = "EMAIL" maxlength = "50" placeholder = "Enter your email" value = "" /> </div>

In css we write styles that hide this field from well-intentioned users

.newTR {display:none }

If not, then add the file result_modifier.php and add

to the very end

  $ arResult ['EMAIL'] = isset ($ _ POST ['EMAIL'])? htmlspecialcharsbx ($ _ POST ['EMAIL']): '';

In the file /local/php_interface/handlers/user_register.php add a bot detector handler. It will fire on the OnBeforeUserRegister event of the main module. If our fake field is filled, then we throw out the bitrix exception and add an error message.

  namespace Tichiy;

class UserRegister {
    / **
     * Called before attempting to register a new user with the CUser :: Register method.
     * Check for a bot.
     * @param & $ arFields Array of new user registration fields
     * @return bool
     * /
    public static function OnBeforeUserRegister (& $ arFields) {
        global $ APPLICATION;
 
        if (isset ($ _ REQUEST ['EMAIL'])
            && strlen (trim ($ _ REQUEST ['EMAIL']))> 0) {
 
           // for completeness, write all the fields filled in by the bot to the system log
            \ CEventLog :: Add (array (
                "SEVERITY" => "SECURITY",
                "AUDIT_TYPE_ID" => "USER_REGISTER_FAIL",
                "MODULE_ID" => "main",
                "ITEM_ID" => "UNKNOWN",
                "DESCRIPTION" => sprintf ("Attempt to register by bot. Error code [FK1]. \ N% s",
                    var_export ($ _ REQUEST, true)),
            ));
 
            $ APPLICATION-> ThrowException ('Registration failed. Error code [FK1].');
            return false;
        }
        return true;
 
    }
 
}

In /local/php_interface/init.php , add our handler autoloading and attach the handler:

  / **
 * Treatment for registration without captcha
 * /
\ Bitrix \ Main \ EventManager :: getInstance () -> AddEventHandler ('main', 'OnBeforeUserRegister', array ('Tichiy \ UserRegister', 'OnBeforeUserRegister'));
 
CModule :: AddAutoloadClasses ('', array ('Tichiy \ UserRegister' => '/bitrix/php_interface/handlers/user_register.php',));

Material adaptation: