How to check for HTML content in contact forms? Spam proof without Captcha.

If you ever wanted to stop receiving spam about luis vuitton bags, you wondered how you can spam-proof your contact page without the addition of captchas.

The contact form HTML Code (make sure you include max length for all the fields:

<form name=”contactform” id=”contactform” method=”post” action=”send_form_email.php”>
<ul class=”row form”><li class=”col left”>
<input type=”text” id=”Name” name=”Name” class=”required” placeholder=”Name” maxlength=”100″>
<input type=”text” id=”Email” name=”Email” class=”required” placeholder=”Email” maxlength=”100″>
<input type=”text” id=”Subject” name=”Subject” class=”” placeholder=”Subject” maxlength=”50″></li>
<li class=”col right”><textarea id=”Message” name=”Message” placeholder=”Message”></textarea></li></ul>

</form>

The PHP code in send_form_email.php:

<?php
function spamcheck($field)
{
    //filter_var() sanitizes the e-mail 
    //address using FILTER_SANITIZE_EMAIL 
    $field = filter_var($field, FILTER_SANITIZE_EMAIL);
    
    //filter_var() validates the e-mail 
    //address using FILTER_VALIDATE_EMAIL 
    if (filter_var($field, FILTER_VALIDATE_EMAIL)) {
        return TRUE;
    } else {
        return FALSE;
    }
}

function linkcheck($message)
{
    //$message = 'Check this out <a href="http://www.something.com">Click here</a>. Click it';
    
    if (preg_match('/<a[s]+[^>]*?href[s]?=[s""']+(.*?)[""']+.*?>([^<]+|.*?)?</a>/', $message)) {
        // THERE IS A HYPERLINK IN THE MESSAGE
        // DO SOMETHING
        return TRUE;
    } else {
        return FALSE;
    }
}

function clean_string($string)
{
    $bad = array(
        "content-type",
        "bcc:",
        "to:",
        "cc:",
        "href"
    );
    return str_replace($bad, "", $string);
}


function died($error)
{
    
    // your error code can go here
    
    echo "We are very sorry, but there were error(s) found with the form you submitted. ";
    echo "These errors appear below.<br /><br />";
    echo $error . "<br /><br />";
    echo "Please go back and fix these errors.<br /><br />";
    die();
    
}


if (isset($_POST['Email'])) {
    
    //check if the email address is invalid 
    $mailcheck = spamcheck($_POST['Email']);
    if ($mailcheck == FALSE) {
        died("The Email Address you entered does not appear to be valid.");
    }
    //send email 
    $email_to      = "YOUR EMAIL";
    $email_subject = "Query Submitted ";
    
    // validation expected data exists
    
    if (!isset($_POST['Name']) || !isset($_POST['Subject']) || !isset($_POST['Email']) || !isset($_POST['Message'])) {
        
        died('We are sorry, but there appears to be a problem with the form you submitted. Please make sure all fields are filled in!');
    }
    
    $first_name = $_POST['Name']; // required
    $email      = $_POST['Email']; // required
    $subject    = $_POST['Subject']; // not required
    $comments   = $_POST['Message']; // required
    
    
    $error_message = "";
    $string_exp    = "/^[A-Za-z .'-]+$/";
    if (!preg_match($string_exp, $first_name)) {
        $error_message .= 'The Name you entered does not appear to be valid.<br />';
    }
    
    if ((strlen($comments) < 2) || (linkcheck($comments) == TRUE)) {
        $error_message .= 'The Message you entered do not appear to be valid.<br />';
    }
    if ((strlen($subject) < 2) || (linkcheck($subject) == TRUE)) {
        $error_message .= 'The Subject you entered do not appear to be valid.<br />';
    }
    
    if (strlen($error_message) > 0) {
        
        died($error_message);
        
    }
    
    $email_message = "Dear AdventExhibitions Administrator,nn A new query has been submitted on the website. Details below: nn";
    
    $email_subject .= $subject;
    $email_message .= "Name: " . clean_string($first_name) . "n";
    $email_message .= "Subject: " . clean_string($subject) . "n";
    $email_message .= "Email: " . clean_string($email) . "n";
    $email_message .= "Comments: " . clean_string($comments) . "n";
    
    
    // create email headers
    
    $headers = 'From: YOUR EMAIL' . "rn" . 'Reply-To: YOUR EMAIL' . "rn" . 'X-Mailer: PHP/' . phpversion();
    
    
    mail($email_to, $email_subject, $email_message, $headers);
    
?>
 
Thank you for contacting us. We will be in touch with you very soon.
 
 <?php
}
?>
Advertisements