Last active
August 17, 2018 16:12
-
-
Save thewhistler1/798da4349d73827b2833a4d8b01895e0 to your computer and use it in GitHub Desktop.
Class to catch spam emails
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/** | |
* SPAM PROTECTION LIBRARY | |
* | |
* This library is meant to protect from spammy form submissions. | |
* It is currently set up for codeigniter but can easily be | |
* converted to use with any type of system. | |
* | |
* @author Toby Taylor | |
* | |
* PREREQUSITES: | |
* 1. Form must have an spp_state field for honeypot protection. | |
* 2. Form must have a token field and a $_SESSION['token'] must be set. | |
* 3. Form must have an ivff field with value set to 0. | |
* add a bit of script to the page | |
* $(document).on('focus','#full-name',function(){ | |
* $("#ivff").val(1); | |
* }); | |
* $data['token'] = $_SESSION['token'] = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM)); | |
* #3 is optional, usually I just add the words to an array | |
* 4. Database must have a table called disallowed containing a list of | |
* words that are not allowed. Here is the table definition. | |
CREATE TABLE `disallowed` ( | |
`id` int(11) unsigned NOT NULL AUTO_INCREMENT, | |
`word` varchar(50) COLLATE utf8_unicode_ci DEFAULT NULL, | |
`timestamp` timestamp NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, | |
PRIMARY KEY (`id`), | |
UNIQUE KEY `word` (`word`) | |
) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; | |
* 5. Add a folder logs to the /wp-content/themes/custom/ folder | |
* Then just load the library and call the valid_submission() function like this: | |
$this->load->library("spam"); | |
if (!$this->spam->valid_submission()) { | |
redirect('contact/thanks'); | |
die(); | |
} | |
* | |
*/ | |
// ------------------------------------------------------------------------ | |
if ( !function_exists( 'get_bloginfo' ) ) | |
require( '../../../wp-blog-header.php' ); | |
class Spam | |
{ | |
/** | |
* File to send log messages to | |
* | |
* @var string | |
*/ | |
private $log_file; | |
/** | |
* Whether to log messages or not | |
* | |
* @var bool | |
*/ | |
private $enable_logging = TRUE; | |
/** | |
* Specific set of dissallowed words | |
* | |
* @var array | |
*/ | |
private $disallowed_words = array('bentyl','Cialis','clomid','erotic','indocin','Laminine','levaquin','levitra','metformin','Methenolone','porn','porno','sex','sextoys','Sildenafil','Singapore','Supplements','Testosterone','trazodone','Vendita','viagra','wh0cd7387979','xxx','zestoretic','занимается'); | |
private $validated = true; | |
// -------------------------------------------------------------------- | |
public function __construct() | |
{ | |
// $this->CI =& get_instance(); | |
$this->log_file = get_template_directory().'/logs/contact-us-log-'.date("Y-m-d").'.php'; | |
} | |
/** | |
* This is the only function you call from controller | |
*/ | |
public function valid_submission() | |
{ | |
// sessions are not working so I cant use token | |
$this->token(); // Comment this out to bypass token protection. | |
$this->honeypot(); // Comment this out to bypass honeypot protection. | |
$this->keywords(); // Comment this out to bypass keyword protection. | |
$this->was_clicked(); // NEW - testing it out | |
// IF ALL IS GOOD RETURN TRUE | |
return $this->validated; | |
} | |
/** | |
* Token protection | |
* | |
* Be sure to add a token field to the form. | |
* | |
*/ | |
private function token() | |
{ | |
if ($_SESSION['token'] !== $_POST['token']) { | |
$this->write_to_log('CSRF token mismatch: '.$_POST['token']." - IP Address: ".$_SERVER['REMOTE_ADDR']); | |
$this->validated = false; | |
return false; | |
} | |
} | |
/** | |
* Honeypot protection | |
* | |
* Be sure to add an spp_state field to the form. | |
*/ | |
private function honeypot() | |
{ | |
if (trim($_POST['spp_state']) != '') { | |
$this->write_to_log('Contact us email was blocked with honeypot: '.$_POST['spp_state']." - IP Address: ".$_SERVER['REMOTE_ADDR']); | |
$this->validated = false; | |
return false; | |
} | |
} | |
/** | |
* Keyword protection | |
* | |
* Be sure to create a disallowed table to the database. | |
*/ | |
private function keywords() | |
{ | |
foreach($this->disallowed_words as $t) | |
{ | |
if (strpos($_POST['comments'],$t) !== false) { | |
$this->write_to_log('Contact us email was blocked with disallowed word: '.$t." - IP Address: ".$_SERVER['REMOTE_ADDR']); | |
$this->validated = false; | |
return false; | |
} | |
} | |
} | |
/** | |
* Logging to file if logging is enabled | |
*/ | |
private function write_to_log($txt) | |
{ | |
if ($this->enable_logging == TRUE) { | |
if (!file_exists($this->log_file)) { | |
error_log("<?php exit('No direct script access allowed'); ?>\r\n", 3, $this->log_file); | |
} | |
$log = date("m/d/y H:i:s")." - ".$txt."\r\n"; | |
error_log($log, 3, $this->log_file); | |
} | |
} | |
function was_clicked() | |
{ | |
if ($_POST['ivff'] != 1) { | |
$this->write_to_log('Form was blocked with was clicked check: - IP Address: '.$_SERVER['REMOTE_ADDR']); | |
$this->validated = false; | |
return false; | |
} | |
} | |
} // end of class |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment