Index: guestbook.module
===================================================================
--- guestbook.module	(revision 287)
+++ guestbook.module	(revision 312)
@@ -446,21 +446,76 @@
   $form['display'] = array(
     '#type' => 'value', '#value' => $display,
   );
+  
+  // add a hidden random field to stop spam bots from submitting forms (anonymous users or logged in)
+  if (isset($_SESSION['guestbook_module']['anti_spam_random'])) {
+  	// use the random number from the session if it exists.
+  	$anti_spam_random = $_SESSION['guestbook_module']['anti_spam_random'];
+  } else {
+  	// create a new random number
+    $anti_spam_random = rand();
+  }
+  $form['anti_spam_random'] = array(
+    '#type' => 'hidden',
+    '#attributes'=>array('style'=>"display:none"),
+  );
+  
+  // generate javascript to insert number into field
+  ob_start();
+  ?>
+  
+<script type="text/javascript">
+$(document).ready(function() {
+	$('#edit-anti-spam-random').attr('value','<?php echo $anti_spam_random; ?>');
+});
+</script>
+
+  <?php
+  $form['anti_spam_random_script'] = array(
+    '#value' => ob_get_clean()
+  );
+  
+  // save the anti spam random number in a session variable
+  $_SESSION['guestbook_module'] = array( 'anti_spam_random' => $anti_spam_random );
+  
   return $form;
 }
 
 function guestbook_form_entry_form_submit($form, &$form_state) {
   global $user;
 
+  
   $uid = $form_state['values']['uid'];
   $message = $form_state['values']['message'];
-
+  
+  // check the anti-spam session variable
+  if ($form_state['values']['anti_spam_random'] != $_SESSION['guestbook_module']['anti_spam_random']) {
+  	// if the random number in the form doesn't match the session variable, then ignore this request
+  	watchdog( 'guestbook', 'Stopped guestbook entry with incorrect random number: %form / %session',
+  	  array( '%form' => $form_state['values']['anti_spam_random'], '%session' => $_SESSION['guestbook_module']['anti_spam_random']));
+  	return;
+  } else {
+  	// remove the random number from the session to save session space, and ensure that subsequent requests
+  	// will have a different random number in the form.
+  	unset( $_SESSION['guestbook_module']['anti_spam_random'] );
+  }
+  
+  $referer = $_SERVER['HTTP_REFERER'];
+  $servername = $_SERVER['SERVER_NAME'];
+  $me = 'http://'. $servername . url('guestbook/sign');
+  print "referer: $referer\nme: $me\n";
+  if ($referer != $me) {
+    watchdog( 'guestbook', "checking referer \n referer: %ref\n me: %me \n", array( '%ref' => $referer, '%me' => $me));
+  	return;
+  }
+  
   // Make sure this isn't a dupe
   $result = db_query("SELECT message FROM {guestbook} WHERE recipient = %d ORDER BY id DESC LIMIT 1", $uid);
   $entry = db_fetch_array($result);
   if ($entry['message'] == $message) {
     return;
   }
+  
   // no empty entries
   if ($message == '') {
     return;