'Spam Filter in Contact Form
With an HTML contact form such as
HTML contact form
<h1>Contact Form</h1>
<p>Please fill in the following details and click on SEND.</p>
<form action="mail_contact.php" method="POST">
<p>Name<br> <input type="text" name="name"></p>
<p>Email Address<br> <input type="email" name="email"></p>
<p>Message<br><textarea name="message" rows="6" cols="50"></textarea><br>
<input type="submit" value="Send"><input type="reset" value="Clear"></p>
</form>
I am trying to stop spam messages getting through by checking for certain words being used in the message.
I have a .txt file which has words I want to filter for such as
File: spamwords.txt
CAN-SPAM
SEO
keywords
Keywords
In the PHP coding I have
mail_contact.php
<?php
// Create Variables
$name = $_POST['name'];
$email = $_POST['email'];
$message = $_POST['message'];
// Function to deal with errors
function died($error) {
echo 'We are very sorry, but there were error(s) found with the form you submitted.';
echo 'These errors appear below.<br><br>';
echo $error.'<br>';
echo 'Please press <b>back</b> and fix these errors.';
die();
}
// Validate email address
$error_message = "";
if(!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$error_message .= 'The email address you entered does not appear to be valid.<br>';
}
if(strlen($error_message) > 0) {
died($error_message);
}
// Prevent spammers from using contact form
//Create an array containing the words in the message
$MessageArray = explode(" ", $message);
//Get SPAM words from file and store them in an array
$SpamWords = file_get_contents('/spamwords.txt');
$SpamArray = explode("\r\n", $SpamWords);
//Cycle through all the words in the message
foreach($MessageArray as $word){
//Check the word for SPAM words, if it is don't send the email
if(in_array($word, $SpamArray)){
echo '<h1>Spam Guard</h1>';
echo '<p>Here in European Community, the <a href="http://www.legislation.gov.uk/uksi/2003/2426/pdfs/uksi_20032426_en.pdf">Privacy and Electronic Communications Regulations 2003</a> cover the sending of email marketing. This legislation says that organisations must only send marketing emails to anyone if they have agreed to receive them, except where there is a clearly defined customer relationship.</p>';
echo '<p>It appears that you are attempting to send an unsolicited message (e.g. a marketing message).</p>';
echo '<p>We as an organisation do not send unsolicited messages and we request that you do the same for us.</p>';
echo '<p>If you are not attempting to send an unsolicited message, there may be an error in the system so please accept our apologies.</p>';
die();
}
}
//If we've made it to this point, our message doesn't contain any obvious SPAM words
// Formulate Email
$formcontent='Message: \n $message \n \n From: $name $email';
$recipient = << my email address >>;
$subject = 'Contact Form Message';
$mailheader = 'From: $name <$email> \r\n';
mail($recipient, $subject, $formcontent, $mailheader) or die('Error!');
echo 'Thank you for contacting us. We will be in touch with you very soon via your email address<br>' . $email;
?>
When I test this out with a message containing the word SEO for example SEO test message it should display the Spam Guard message to the visitor - hence the echo commands - and then not send the email to me, but it displays the thank you message and sends me the email.
Can anyone see where I have gone wrong as it has stumped me
[Additional Note] I have been using a CAPTCHA mechanism but some still get through
Solution 1:[1]
Eureka!!!
I had to take the forward slash out of $SpamWords = file_get_contents('/spamwords.txt');
mail_contact.php [Edited]
<?php
// Create Variables
$name = $_POST['name'];
$email = $_POST['email'];
$message = $_POST['message'];
// Function to deal with errors
function died($error) {
echo 'We are very sorry, but there were error(s) found with the form you submitted.';
echo 'These errors appear below.<br><br>';
echo $error.'<br>';
echo 'Please press <b>back</b> and fix these errors.';
die();
}
// Validate email address
$error_message = "";
if(!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$error_message .= 'The email address you entered does not appear to be valid.<br>';
}
if(strlen($error_message) > 0) {
died($error_message);
}
// Prevent spammers from using contact form
//Create an array containing the words in the message
$MessageArray = explode(" ", $message);
//Get SPAM words from file and store them in an array
$SpamWords = file_get_contents('spamwords.txt');
$SpamArray = explode("\r\n", $SpamWords);
//Cycle through all the words in the message
foreach($MessageArray as $word){
//Check the word for SPAM words, if it is don't send the email
if(in_array($word, $SpamArray)){
echo '<h1>Spam Guard</h1>';
echo '<p>Here in European Community, the <a href="http://www.legislation.gov.uk/uksi/2003/2426/pdfs/uksi_20032426_en.pdf">Privacy and Electronic Communications Regulations 2003</a> cover the sending of email marketing. This legislation says that organisations must only send marketing emails to anyone if they have agreed to receive them, except where there is a clearly defined customer relationship.</p>';
echo '<p>It appears that you are attempting to send an unsolicited message (e.g. a marketing message).</p>';
echo '<p>We as an organisation do not send unsolicited messages and we request that you do the same for us.</p>';
echo '<p>If you are not attempting to send an unsolicited message, there may be an error in the system so please accept our apologies.</p>';
die();
}
}
//If we've made it to this point, our message doesn't contain any obvious SPAM words
// Formulate Email
$formcontent='Message: \n $message \n \n From: $name $email';
$recipient = << my email address >>;
$subject = 'Contact Form Message';
$mailheader = 'From: $name <$email> \r\n';
mail($recipient, $subject, $formcontent, $mailheader) or die('Error!');
echo 'Thank you for contacting us. We will be in touch with you very soon via your email address<br>' . $email;
?>
Solution 2:[2]
Your explode function needs double quotes around its delimiter:
$SpamArray = explode("\r\n", $SpamWords);
With single quotes, explode will attempt to split on the \r\n literal.
Or you could use file() instead of filter_get_contents() which will return the file as an array, with each line per key. trim() each line that's returned and you have your resulting array:
$SpamArray = array_map("trim", file('/spamwords.txt'));
Solution 3:[3]
Check this out, it will be useful
Solution 4:[4]
You can generate random variable name and random value for hidden input and save in session. After form submitting you can check they in $_REQUEST var. Also you can use interval between form rendering and submitting. Don't try to check spam words just protect from bots and don't use simple captcha.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Chris Rogers |
| Solution 2 | |
| Solution 3 | Kwed |
| Solution 4 | KitCat |