ThEwHiStLeR
3/25/2018 - 10:01 PM

Class to catch spam emails

Class to catch spam emails

<?php 
/**
 * SPAM PROTECTION LIBRARY
 *
 * This library is meant to protect from spammy form submissions.
 * It is currently set up for codeigniter but can easily be 
 * converted to use with any type of system.
 *
 *  @author		Toby Taylor
 * 
 * PREREQUSITES:
 * 1. Form must have an spp_state field for honeypot protection.
 * 2. Form must have a token field and a $_SESSION['token'] must be set.
 * 3. Form must have an ivff field with value set to 0.
 * 		add a bit of script to the page 
 * 		$(document).on('focus','#full-name',function(){
 *			$("#ivff").val(1);
 *		});
 * 		$data['token'] = $_SESSION['token'] = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));
 * #3 is optional, usually I just add the words to an array
 * 4. Database must have a table called disallowed containing a list of 
 * 		words that are not allowed. Here is the table definition.
		CREATE TABLE `disallowed` (
			`id` int(11) unsigned NOT NULL AUTO_INCREMENT,
			`word` varchar(50) COLLATE utf8_unicode_ci DEFAULT NULL,
			`timestamp` timestamp NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
			PRIMARY KEY (`id`),
			UNIQUE KEY `word` (`word`)
		) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
 * 5. Add a folder logs to the /wp-content/themes/custom/ folder
 * Then just load the library and call the valid_submission() function like this:
		$this->load->library("spam");
		if (!$this->spam->valid_submission()) {
			redirect('contact/thanks');
			die();
		}
 *
 */

// ------------------------------------------------------------------------

if ( !function_exists( 'get_bloginfo' ) )
    require( '../../../wp-blog-header.php' ); 

class Spam 
{	

	/**
	 * File to send log messages to
	 *
	 * @var string
	 */
	private $log_file;

	/**
	 * Whether to log messages or not
	 *
	 * @var bool
	 */
	private $enable_logging = TRUE;  

	/**
	 * Specific set of dissallowed words 
	 *
	 * @var array
	 */
	private $disallowed_words = array('bentyl','Cialis','clomid','erotic','indocin','Laminine','levaquin','levitra','metformin','Methenolone','porn','porno','sex','sextoys','Sildenafil','Singapore','Supplements','Testosterone','trazodone','Vendita','viagra','wh0cd7387979','xxx','zestoretic','занимается');  


	private $validated = true;

	// --------------------------------------------------------------------

	public function __construct()
	{
		// $this->CI =& get_instance();
		$this->log_file = get_template_directory().'/logs/contact-us-log-'.date("Y-m-d").'.php';
	}

	/**
	 * This is the only function you call from controller
	 */
	public function valid_submission()
	{
		// sessions are not working so I cant use token
		$this->token(); 	// Comment this out to bypass token protection.
		$this->honeypot();  // Comment this out to bypass honeypot protection.
		$this->keywords();	// Comment this out to bypass keyword protection.
		$this->was_clicked(); // NEW - testing it out

		// IF ALL IS GOOD RETURN TRUE
		return $this->validated;
	}

	/**
	 * Token protection
	 * 
	 * Be sure to add a token field to the form.
	 * 
	 */
	private function token()
	{
		if ($_SESSION['token'] !== $_POST['token']) {
			$this->write_to_log('CSRF token mismatch: '.$_POST['token']." - IP Address: ".$_SERVER['REMOTE_ADDR']);
			$this->validated = false;
	        return false;
		}
	}

	/**
	 * Honeypot protection
	 *
	 * Be sure to add an spp_state field to the form.
	 */
	private function honeypot()
	{
		if (trim($_POST['spp_state']) != '') {
			$this->write_to_log('Contact us email was blocked with honeypot: '.$_POST['spp_state']." - IP Address: ".$_SERVER['REMOTE_ADDR']);
			$this->validated = false;
	        return false;
		}
	}

	/**
	 * Keyword protection
	 *
	 * Be sure to create a disallowed table to the database.
	 */
	private function keywords()
	{

		foreach($this->disallowed_words as $t)
		{
		    if (strpos($_POST['comments'],$t) !== false) {
		    	$this->write_to_log('Contact us email was blocked with disallowed word: '.$t." - IP Address: ".$_SERVER['REMOTE_ADDR']);
		    	$this->validated = false;
		        return false;
		    }
		}
	}


	/**
	 * Logging to file if logging is enabled
	 */
	private function write_to_log($txt)
	{
		if ($this->enable_logging == TRUE) {
			if (!file_exists($this->log_file)) {
				error_log("<?php exit('No direct script access allowed'); ?>\r\n", 3, $this->log_file);
			}
			$log = date("m/d/y H:i:s")." - ".$txt."\r\n";
			error_log($log, 3, $this->log_file);
		}
	}



	function was_clicked()
	{
		if ($_POST['ivff'] != 1) {
			$this->write_to_log('Form was blocked with was clicked check:  - IP Address: '.$_SERVER['REMOTE_ADDR']);
			$this->validated = false;
	        return false;
		}
	}

} // end of class