Class to catch spam emails
<?php
/**
* SPAM PROTECTION LIBRARY
*
* This library is meant to protect from spammy form submissions.
* It is currently set up for codeigniter but can easily be
* converted to use with any type of system.
*
* @author Toby Taylor
*
* PREREQUSITES:
* 1. Form must have an spp_state field for honeypot protection.
* 2. Form must have a token field and a $_SESSION['token'] must be set.
* 3. Form must have an ivff field with value set to 0.
* add a bit of script to the page
* $(document).on('focus','#full-name',function(){
* $("#ivff").val(1);
* });
* $data['token'] = $_SESSION['token'] = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));
* #3 is optional, usually I just add the words to an array
* 4. Database must have a table called disallowed containing a list of
* words that are not allowed. Here is the table definition.
CREATE TABLE `disallowed` (
`id` int(11) unsigned NOT NULL AUTO_INCREMENT,
`word` varchar(50) COLLATE utf8_unicode_ci DEFAULT NULL,
`timestamp` timestamp NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
PRIMARY KEY (`id`),
UNIQUE KEY `word` (`word`)
) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
* 5. Add a folder logs to the /wp-content/themes/custom/ folder
* Then just load the library and call the valid_submission() function like this:
$this->load->library("spam");
if (!$this->spam->valid_submission()) {
redirect('contact/thanks');
die();
}
*
*/
// ------------------------------------------------------------------------
if ( !function_exists( 'get_bloginfo' ) )
require( '../../../wp-blog-header.php' );
class Spam
{
/**
* File to send log messages to
*
* @var string
*/
private $log_file;
/**
* Whether to log messages or not
*
* @var bool
*/
private $enable_logging = TRUE;
/**
* Specific set of dissallowed words
*
* @var array
*/
private $disallowed_words = array('bentyl','Cialis','clomid','erotic','indocin','Laminine','levaquin','levitra','metformin','Methenolone','porn','porno','sex','sextoys','Sildenafil','Singapore','Supplements','Testosterone','trazodone','Vendita','viagra','wh0cd7387979','xxx','zestoretic','занимается');
private $validated = true;
// --------------------------------------------------------------------
public function __construct()
{
// $this->CI =& get_instance();
$this->log_file = get_template_directory().'/logs/contact-us-log-'.date("Y-m-d").'.php';
}
/**
* This is the only function you call from controller
*/
public function valid_submission()
{
// sessions are not working so I cant use token
$this->token(); // Comment this out to bypass token protection.
$this->honeypot(); // Comment this out to bypass honeypot protection.
$this->keywords(); // Comment this out to bypass keyword protection.
$this->was_clicked(); // NEW - testing it out
// IF ALL IS GOOD RETURN TRUE
return $this->validated;
}
/**
* Token protection
*
* Be sure to add a token field to the form.
*
*/
private function token()
{
if ($_SESSION['token'] !== $_POST['token']) {
$this->write_to_log('CSRF token mismatch: '.$_POST['token']." - IP Address: ".$_SERVER['REMOTE_ADDR']);
$this->validated = false;
return false;
}
}
/**
* Honeypot protection
*
* Be sure to add an spp_state field to the form.
*/
private function honeypot()
{
if (trim($_POST['spp_state']) != '') {
$this->write_to_log('Contact us email was blocked with honeypot: '.$_POST['spp_state']." - IP Address: ".$_SERVER['REMOTE_ADDR']);
$this->validated = false;
return false;
}
}
/**
* Keyword protection
*
* Be sure to create a disallowed table to the database.
*/
private function keywords()
{
foreach($this->disallowed_words as $t)
{
if (strpos($_POST['comments'],$t) !== false) {
$this->write_to_log('Contact us email was blocked with disallowed word: '.$t." - IP Address: ".$_SERVER['REMOTE_ADDR']);
$this->validated = false;
return false;
}
}
}
/**
* Logging to file if logging is enabled
*/
private function write_to_log($txt)
{
if ($this->enable_logging == TRUE) {
if (!file_exists($this->log_file)) {
error_log("<?php exit('No direct script access allowed'); ?>\r\n", 3, $this->log_file);
}
$log = date("m/d/y H:i:s")." - ".$txt."\r\n";
error_log($log, 3, $this->log_file);
}
}
function was_clicked()
{
if ($_POST['ivff'] != 1) {
$this->write_to_log('Form was blocked with was clicked check: - IP Address: '.$_SERVER['REMOTE_ADDR']);
$this->validated = false;
return false;
}
}
} // end of class