I have used this site to find answers in the past and have decided to create an account, so I can share and help others. This post is not a question, but rather to share the code I have been using for a couple of company websites I created. We were receiving a lot of spam emails from our contact forms, so I implemented a "Honey Pot", reCAPTCHA and other ways to eliminate the incoming spam. Below is my HTML code and PHP code for anyone who is struggling with this. So far I have not received any spam email since implementing this. All this code was created by information I found on this site, and other sites on the internet.
HTML CODE: (The honeypot input "website" is hidden in CSS)
<form id="form" action="php/submit-en.php" method="post">
<div class="row">
<div class="col-md-4">
<div class="form-group">
<label>Name</label>
<input class="form-control form-control-name" name="the-name" id="pccn" autocomplete="off" onpaste="return false" onCopy="return false" onCut="return false" onDrag="return false" onDrop="return false" placeholder="Required" type="text" maxlength="31" required>
<script>
$(function() {
$("#pccn").keyup(function() {
console.log(this.value);
this.value = this.value.replace(/(https?:\/\/)?([\da-z\.-]+)\.([a-z\.]{2,6})([\/\w \.-]*)*\/?/mg, 'Links Not Accepted!');
})
});
</script>
</div>
</div>
<div class="col-md-4">
<div class="form-group">
<label>Email</label>
<input class="form-control form-control-email" name="the-email" id="pcemail" autocomplete="off" onpaste="return false" onCopy="return false" onCut="return false" onDrag="return false" onDrop="return false" placeholder="Required" type="email" maxlength="32" required>
</div>
</div>
<div class="col-md-4">
<div class="form-group">
<label>Subject</label>
<input class="form-control form-control-subject" name="the-subject" id="pcsubject" autocomplete="off" onpaste="return false" onCopy="return false" onCut="return false" onDrag="return false" onDrop="return false" placeholder="Optional" maxlength="20" type="text">
<script>
$(function() {
$("#pcsubject").keyup(function() {
console.log(this.value);
this.value = this.value.replace(/(https?:\/\/)?([\da-z\.-]+)\.([a-z\.]{2,6})([\/\w \.-]*)*\/?/mg, 'Links Not Accepted!');
})
});
</script>
<label class="website">
<input class="blind" name="website" type="text" id="website" placeholder="Website Link:" tabindex="-1" autocomplete="off" onpaste="return false" onCopy="return false" onCut="return false" onDrag="return false" onDrop="return false"/>
</label>
</div>
</div>
</div>
<div class="form-group">
<label>Message</label>
<textarea class="form-control form-control-message" name="the-info" id="pcinfo" autocomplete="off" onpaste="return false" onCopy="return false" onCut="return false" onDrag="return false" onDrop="return false" placeholder="Required" rows="10" maxlength="2048" required></textarea>
<script>
$(function() {
$("#pcinfo").keyup(function() {
console.log(this.value);
this.value = this.value.replace(/(https?:\/\/)?([\da-z\.-]+)\.([a-z\.]{2,6})([\/\w \.-]*)*\/?/mg, 'Links Not Accepted!');
})
});
</script>
<div class="text-right">
<br>
<div class="g-recaptcha" data-sitekey="YOUR SITE KEY"></div>
<button class="btn-primary" data-callback='onSubmit' data-action='submit'>Send Message</button>
</div>
</div>
</form>
I added code to the HTML to reject any web links in the form, and copy/paste. These are not high use websites, so I am not too concerned with people having to manually input on the forms.
PHP CODE: (submit-en.php)
<?php
if ( $_SERVER['REQUEST_METHOD']=='GET' && realpath(__FILE__) == realpath( $_SERVER['SCRIPT_FILENAME'] ) ) {
header( 'HTTP/1.0 404 Page not found', TRUE, 404 );
die( header('location: /no-spam.html') );
}
if(!isset($_GET)){
header('Location: /no-spam.html');
}
if(isset($_POST['g-recaptcha-response'])){
$captcha=$_POST['g-recaptcha-response'];
}
if(!$captcha){
echo 'Please check the the captcha form.';
exit;
}
$secretKey = "YOUR SECRET KEY";
$ip = $_SERVER['REMOTE_ADDR'];
// post request to server
$url = 'https://www.google.com/recaptcha/api/siteverify?secret=' . urlencode($secretKey) . '&response=' . urlencode($captcha);
$response = file_get_contents($url);
$responseKeys = json_decode($response,true);
// should return JSON with success as true
if($responseKeys["success"]) {
echo 'Thanks for posting your message';
} else {
header('Location: /no-spam.html');
}
// if the url field is empty, but the message field isn't
if(isset($_POST['website']) && $_POST['website'] == '' && $_POST['the-info'] != ''){
// CONTACT INFO
$name = $_REQUEST['the-name'];
$subject = $_REQUEST['the-subject'];
$email = $_REQUEST['the-email'] ;
$message = $_REQUEST['the-info'];
$ip = $_SERVER['REMOTE_ADDR'];
// ASSEMBLE HEADERS
$ouremail = "[email protected]";
$subject1 = "Website Contact Form Submission";
$subject2 = "Website Submission Received";
$headers = "From: $ouremail\r\n";
$headers .= "Reply-To: '[email protected]'\r\n";
$headers .= "MIME-Version: 1.0" . "\r\n";
$headers .= 'Content-type:text/html;charset=utf-8' . "\r\n";
// E-MAIL MESSAGE TO YOU
$message = "
<html>
<head>
<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\" />
<title>Contact Form Submission</title>
</head>
<body>
<h3 style='color: #0D773C;'>Website Submission:</h3>
<p>
<strong>Name:</strong> $name <br>
<strong>Subject:</strong> $subject <br>
<strong>Email:</strong> $email <br>
<strong>IP Address:</strong> $ip <br>
</p>
<p>
<strong>Message:</strong></p>
<p style='font-style:italic';>$message
</p>
</body>
</html>
";
// SEND MAIL
mail($ouremail,$subject1,$message,$headers);
// E-MAIL MESSAGE TO CUSTOMER
$message2 = "
<html>
<head>
<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\" />
<title>Contact Form Submission Received</title>
</head>
<body>
<h3 style='color: #0D773C;'>Thank you for contacting us!</h3>
<p style='font-style:italic';>Thank you for contacting Your Company Inc.<br>
We have received your message, and will get back to you as soon as possible.<br>
If your message is of an urgent nature, please call us during normal business hours.</p>
<p style='font-style:italic';>
Sincerely,<br><br>
Your Company Inc.<br>
Tel: 123-456-7890</p>
<p>www.yourwebsite.com</p>
</body>
</html>
";
// SEND MAIL
mail($email,$subject2,$message2,$headers);
header('Location: /thankyou.html');
exit('Redirecting you to /thankyou.html');
}
The first part of the PHP stops access to the submit-en.php file when access directly via web browser. The second part redirects to a No Spam page if it receives a GET request. The rest verifies if the captcha has been checked then verifies the response. Then it checks the if the honey pot was filled out. If so it will not send the email but redirect to the thankyou page so the spammer thinks the email went through. The remainder sends a nicely formatted email to you and a reply to the customer.
