Add Math Protection to contact_us.php

This morning I was contacted to see about adding a question to osCommerce just like I have on this blog – where I ask a math question…I was going to suggest using Google recaptcha service, but the client did not want that.

And so…

Adding a question such as “what is 3+5” cuts down on automated bots spamming the heck out of you. A good place to implement this in contact_us.php, and the code changes are very simple.

The basis of the change is to create two random numbers, and ask the person contacting you to insert the total into an input field. The field is then checked to see if the answer is correct. If it is correct, then the contact email is sent to the shop owner. If the answer is incorrect, a “fail” message appears.

Step 1. Add the language defines to the language file.

We need two new defines, one for the “question” and one for the response if the question is incorrect.

(and any other languages you operate in your shop)

Step 2. Add the logic to the contact file.

Here we need to create two numbers, add them up and ask the question to the user.

And that is all there is to it. Try it out in your store if you wish.


In line 21 of the pastebin I used base64_encode to create a hidden “answer” variable which creates something to check the users answer against. In line 6 I decode it, and then in line 8 I check one against the other. I use base64 to “hide” the value of $a + $b from prying eyes.

My use of base64_encode and base64_decode is no more than that…if you are unsure of what I am doing in the code, I suggest to ask question to help yourself to understand more fully, or not use the code. The base64 code might (assuming you use “site monitor”) ring alarm bells. I guarantee that if you use my “math protection” code as is, there is nothing harmful in it.


A useful way to cut down on the spam that is sent via contact forms. You could also add this to any other form in a similar way (eg, create_account.php, tell_a_friend.php and so on).

7 Replies to “Add Math Protection to contact_us.php”

  1. Hi Gary – I replaced “base64_decode” & “base64_encode” with “convert_uudecode” & “convert_uuencode” and received this error:

    “Warning: convert_uudecode() [function.convert-uudecode]: The given parameter is not a valid uuencoded string.”

    Any ideas?

    Cheers, Eddy

  2. Not sure Eddy. I’d say stick with base64 or just remove the base64 entirely and replace with nothing. It does not have to be in there, the only reason it is, is to stop the person commenting from looking at the source code to get the answer to the question…

Leave a Reply

Your email address will not be published. Required fields are marked *