2017 © Pedro Peláez
 

library php-form-protect

phpFormProtect allows you to protect a form from spammers without using a captcha.

image

mccarthy/php-form-protect

phpFormProtect allows you to protect a form from spammers without using a captcha.

  • Thursday, July 10, 2014
  • by mccarthy
  • Repository
  • 8 Watchers
  • 25 Stars
  • 2 Installations
  • PHP
  • 0 Dependents
  • 0 Suggesters
  • 5 Forks
  • 2 Open issues
  • 2 Versions
  • 100 % Grown

The README.md

phpFormProtect

phpFormProtect protects forms from spammers in a way that doesn't annoy users. It is an alternative to a CAPTCHA, and could also be used to prevent comment spam. It works by running each submission through a number of tests, and then scoring the submission. Any one of the tests by itself has flaws, but working together they provide a high quality indicator of the spamminess of a given form submission. The last two tests by default cause failure based on the points assigned. This is easily configurable., (*1)

This project is a port of CFFormProtect. We found that when switching from ColdFusion to PHP, there wasn't anything similar. Many thanks to the folks at CFFormProtect, especially for fp.js, which is a copy of cffp.js., (*2)

The tests are as follows: - Hidden Form Field - If hidden form field is filled in, this is an indicator of spam - Time Form Submission - If form is filled out too fast or too slow, this is an indicator of spam - Too many URLs - If the comment field has too many URLs (Number is configurable) this is an indicator of spam - Mouse Movement - If the user does not use their mouse, this is an indicator of spam - Used Keyboard - If the user does not use their keybaord, this is an indicator of spam - Validate Referer - If the HTTP referer does not match the form URL, we shouldn't accept the submission. - Validate Email - If the email address provided in the form is not valid from a syntax perspective, we shouldn't accept the submission., (*3)

Contributors

Dan McCarthy (mcc@rthy.net), (*4)

Version

0.2, (*5)

Installation Via Composer

Require the package within your composer.json:, (*6)

"require": {
    "mccarthy/phpFormProtect": "master"
}

Update Composer:, (*7)

$ composer update

Manual Installation

  • Copy the phpfp folder into the same folder that contains the form and form processing page on your web host

Instructions for Use

  • Put this line of code between the form tags of the form you want to protect:
<?php include 'phpfp/phpfp.php'; ?>
  • On the form processing page, do something like the following:
$fp = new FormProtect;
$fpResult = $fp->testSubmission($_POST);

if($fpResult[pass]) {
    //echo "Passed, looks like a valid submission.  Process as normal, send email, etc.";
}
else {
    //echo "Failed.  Looks like spam.  Log, block IP, email, etc.";
}

Sample Code

  • The files "contact.php" and "contact-process.php" contain sample code showing how to use phpFormProtect.
  • You can either use the sample code files, or add similar logic to your form processing page.

Todo

  • [ ] Include IP, Reverse IP Lookup, Referring URL, and Browser in Email
  • [ ] Handle empty form post better
  • [ ] Eliminate or fix spam words test
  • [ ] Add logging
  • [ ] Add config file
  • [ ] Move JS into <head>
  • [ ] Integrate akismet
  • [ ] Integrate project honeypot
  • [ ] Integrate https://code.google.com/p/phpspamdetection/
  • [ ] Integrate spamhaus dbl - (Assisting article)
  • [ ] Integrate http://www.linksleeve.org/
  • [ ] Add ideas from http://www.webmasterworld.com/php/4406126.htm

Research & Inspiration

  • http://stackoverflow.com/questions/1577918/blocking-comment-spam-without-using-captcha
  • http://nedbatchelder.com/text/stopbots.html
  • http://www.sitepoint.com/stop-comment-spam/
  • http://www.sitepoint.com/comment-spam-compiled-and-interpreted/
  • http://www.sitepoint.com/spam-fighters-toolkit/
  • http://sblam.com/en.html

License

This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/., (*8)

The Versions

10/07 2014

dev-master

9999999-dev

phpFormProtect allows you to protect a form from spammers without using a captcha.

  Sources   Download

MPL-2.0

25/06 2014

dev-dev

dev-dev

phpFormProtect allows you to protect a form from spammers without using a captcha.

  Sources   Download

MPL-2.0