';
$html .= '';
$html .= '';
// Zeitstempel-Feld
$html .= '';
return $html;
}
/**
* Überprüft, ob die Submission ein Bot ist
*/
function honeypot_is_bot($honeypot_field, $time_field, $min_time, $max_time) {
$reasons = array();
// 1. Honeypot-Feld-Check
if (!empty($_POST[$honeypot_field])) {
$reasons[] = 'Honeypot field filled';
}
// 2. Zeitbasierte Überprüfung
if (isset($_POST[$time_field])) {
$submission_time = time() - (int)$_POST[$time_field];
if ($submission_time < $min_time) {
$reasons[] = 'Submission too fast (' . $submission_time . 's)';
}
if ($submission_time > $max_time) {
$reasons[] = 'Submission too slow (' . $submission_time . 's)';
}
} else {
$reasons[] = 'Missing timestamp';
}
// 3. User-Agent-Check
if (empty($_SERVER['HTTP_USER_AGENT'])) {
$reasons[] = 'Missing User-Agent';
}
// 4. Referer-Check (optional)
if (empty($_SERVER['HTTP_REFERER']) && isset($_POST['submit'])) {
$reasons[] = 'Missing Referer';
}
// 5. Verdächtige User-Agents
$suspicious_agents = array('bot', 'crawler', 'spider', 'scraper', 'curl', 'wget');
$user_agent = strtolower($_SERVER['HTTP_USER_AGENT'] ?? '');
foreach ($suspicious_agents as $agent) {
if (strpos($user_agent, $agent) !== false) {
$reasons[] = 'Suspicious User-Agent: ' . $agent;
break;
}
}
if (!empty($reasons)) {
honeypot_log_bot($reasons);
return true;
}
return false;
}
/**
* Protokolliert Bot-Versuche
*/
function honeypot_log_bot($reasons) {
global $LOG_FILE;
$log_entry = array(
'timestamp' => date('Y-m-d H:i:s'),
'ip' => $_SERVER['REMOTE_ADDR'] ?? 'unknown',
'user_agent' => $_SERVER['HTTP_USER_AGENT'] ?? 'unknown',
'reasons' => $reasons,
'post_data' => $_POST
);
$log_line = json_encode($log_entry) . "\n";
file_put_contents($LOG_FILE, $log_line, FILE_APPEND | LOCK_EX);
}
/**
* Blockiert Bot-Anfragen
*/
function honeypot_block_bot() {
http_response_code(403);
die('Access Denied');
}
/**
* Erweiterte Bot-Erkennung basierend auf Verhalten
*/
function honeypot_advanced_detection() {
$score = 0;
// JavaScript-Check
if (!isset($_POST['js_enabled']) || $_POST['js_enabled'] !== '1') {
$score += 2;
}
// Formular-Interaktion-Check
if (!isset($_POST['form_interactions']) || (int)$_POST['form_interactions'] < 1) {
$score += 1;
}
// Maus-Bewegung-Check
if (!isset($_POST['mouse_moved']) || $_POST['mouse_moved'] !== '1') {
$score += 1;
}
// Rate Limiting Check
$ip = $_SERVER['REMOTE_ADDR'] ?? '';
$rate_limit_file = 'rate_limit_' . md5($ip) . '.txt';
if (file_exists($rate_limit_file)) {
$last_submission = (int)file_get_contents($rate_limit_file);
if (time() - $last_submission < 10) { // 10 Sekunden zwischen Submissions
$score += 3;
}
}
file_put_contents($rate_limit_file, time());
return $score >= 3; // Threshold für Bot-Erkennung
}
/**
* Validiert alle Honeypot-Checks
*/
function honeypot_validate($honeypot_field, $time_field, $min_time, $max_time) {
return honeypot_is_bot($honeypot_field, $time_field, $min_time, $max_time) ||
honeypot_advanced_detection();
}
/**
* Bereinigt Eingabedaten
*/
function honeypot_sanitize_input($data) {
return htmlspecialchars(strip_tags(trim($data)));
}
/**
* Validiert E-Mail-Adresse
*/
function honeypot_validate_email($email) {
return filter_var($email, FILTER_VALIDATE_EMAIL) !== false;
}
/**
* Verarbeitet das Formular
*/
function process_form() {
if (!honeypot_validate_email($_POST['email'])) {
return "Ungültige E-Mail-Adresse.";
}
$name = honeypot_sanitize_input($_POST['name']);
$email = honeypot_sanitize_input($_POST['email']);
$message = honeypot_sanitize_input($_POST['message']);
// Hier würden Sie normalerweise die Daten speichern oder eine E-Mail senden
// Beispiel: E-Mail senden, Datenbank-Eintrag, etc.
return "Vielen Dank, $name! Ihre Nachricht wurde erfolgreich versendet.";
}
// Hauptlogik
$form_message = '';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (honeypot_validate($HONEYPOT_FIELD, $TIME_FIELD, $MIN_SUBMISSION_TIME, $MAX_SUBMISSION_TIME)) {
honeypot_block_bot();
} else {
$form_message = process_form();
}
}
?>
Honeypot-geschütztes Formular (Prozedural)
Kontaktformular