I have a simple cakephp form WITH validation that submits to a database. It doesn't require a logged in user.
No using the form normally via a browser and not filling in all required fields causes validation errors and the form is not submitted.
However, I seem to be getting spammed by someone/something. They are filling the generic named fields (name,email,message etc) but not the obscure ones and these records are going into the database so they're obviously bypassing the validation!
My question is HOW??? (and how can I stop them?)
I have the feeling I'm missing an obviously loop hole or something...
This is my add method:
function add() {
$this->pageTitle = 'Projects - Submit Project';
if (!empty($this->data)) {
$this->Project->create();
if ($this->Project->save($this->data)) {
$this->Session->setFlash(__('The Project has been saved', true));
$this->_sendStaffMail($this->Project->id);
$this->_sendClientMail($this->Project->id);
$this->redirect(array('controller' => 'pages', 'action'=>'thanks'));
} else {
$this->Session->setFlash(__('The Project could not be saved. Please, try again.', true));
}
}
}
And validation from Model:
var $validate = array(
'name' => array('notempty'),
'department' => array('notempty'),
'client' => array('notempty'),
'contact_name' => array('notempty'),
'email' => array('email'),
'phone' => array('notempty'),
'title' => array('notempty'),
'background' => array('notempty'),
'objectives' => array('notempty'),
'target_audience' => array('notempty'),
'message' => array('notempty'),
'logos' => array('notempty'),
'images' => array('notempty'),
'print_info' => array('notempty')
);
I should also mention I have tried playing with the Security component but it seems over kill when my project has tons of forms throughout it (altho they're behind Auth login)