Spam Filter in Contact Form

Question

With an HTML contact form such as

HTML contact form

<h1>Contact Form</h1>
<p>Please fill in the following details and click on SEND.</p>
<form action="mail_contact.php" method="POST">
    <p>Name<br> <input type="text" name="name"></p>
    <p>Email Address<br> <input type="email" name="email"></p>
    <p>Message<br><textarea name="message" rows="6" cols="50"></textarea><br>
    <input type="submit" value="Send"><input type="reset" value="Clear"></p>
</form>

I am trying to stop spam messages getting through by checking for certain words being used in the message.

I have a.txt file which has words I want to filter for such as

File: spamwords.txt

CAN-SPAM
SEO
keywords
Keywords

In the PHP coding I have

mail_contact.php

<?php
        // Create Variables
        $name = $_POST['name'];
        $email = $_POST['email'];
        $message = $_POST['message'];

        // Function to deal with errors
        function died($error) {
            echo 'We are very sorry, but there were error(s) found with the form you submitted.';
            echo 'These errors appear below.<br><br>';
            echo $error.'<br>';
            echo 'Please press <b>back</b> and fix these errors.';
            die();
        }

        // Validate email address
        $error_message = "";
        if(!filter_var($email, FILTER_VALIDATE_EMAIL)) {
            $error_message .= 'The email address you entered does not appear to be valid.<br>';
        }
        if(strlen($error_message) > 0) {
            died($error_message);
        }

        // Prevent spammers from using contact form
            //Create an array containing the words in the message
            $MessageArray = explode(" ", $message);
            //Get SPAM words from file and store them in an array
            $SpamWords = file_get_contents('/spamwords.txt');
            $SpamArray = explode("\r\n", $SpamWords);
            //Cycle through all the words in the message
            foreach($MessageArray as $word){
                //Check the word for SPAM words, if it is don't send the email
                if(in_array($word, $SpamArray)){
                    echo '<h1>Spam Guard</h1>';
                    echo '<p>Here in European Community, the <a href="http://www.legislation.gov.uk/uksi/2003/2426/pdfs/uksi_20032426_en.pdf">Privacy and Electronic Communications Regulations 2003</a> cover the sending of email marketing. This legislation says that organisations must only send marketing emails to anyone if they have agreed to receive them, except where there is a clearly defined customer relationship.</p>';
                    echo '<p>It appears that you are attempting to send an unsolicited message (e.g. a marketing message).</p>';
                    echo '<p>We as an organisation do not send unsolicited messages and we request that you do the same for us.</p>';
                    echo '<p>If you are not attempting to send an unsolicited message, there may be an error in the system so please accept our apologies.</p>';
                    die();
                }
            }
            //If we've made it to this point, our message doesn't contain any obvious SPAM words

        // Formulate Email
        $formcontent='Message: \n $message \n \n From: $name $email';
        $recipient = << my email address >>;
        $subject = 'Contact Form Message';
        $mailheader = 'From: $name <$email> \r\n';
        mail($recipient, $subject, $formcontent, $mailheader) or die('Error!');
        echo 'Thank you for contacting us.  We will be in touch with you very soon via your email address<br>' . $email;
        ?>

When I test this out with a message containing the word SEO for example SEO test message it should display the Spam Guard message to the visitor - hence the echo commands - and then not send the email to me, but it displays the thank you message and sends me the email.

Can anyone see where I have gone wrong as it has stumped me

[Additional Note] I have been using a CAPTCHA mechanism but some still get through

Answer 1

Your explode function needs double quotes around its delimiter:

$SpamArray = explode("\r\n", $SpamWords);

With single quotes, explode will attempt to split on the \\r\\n literal.

Or you could use file() instead of filter_get_contents() which will return the file as an array, with each line per key. trim() each line that's returned and you have your resulting array:

$SpamArray = array_map("trim", file('/spamwords.txt'));

Answer 2

You can generate random variable name and random value for hidden input and save in session. After form submitting you can check they in $_REQUEST var. Also you can use interval between form rendering and submitting. Don't try to check spam words just protect from bots and don't use simple captcha.

Answer 3

Eureka!!!

I had to take the forward slash out of $SpamWords = file_get_contents('/spamwords.txt');

mail_contact.php [Edited]

<?php
        // Create Variables
        $name = $_POST['name'];
        $email = $_POST['email'];
        $message = $_POST['message'];

        // Function to deal with errors
        function died($error) {
            echo 'We are very sorry, but there were error(s) found with the form you submitted.';
            echo 'These errors appear below.<br><br>';
            echo $error.'<br>';
            echo 'Please press <b>back</b> and fix these errors.';
            die();
        }

        // Validate email address
        $error_message = "";
        if(!filter_var($email, FILTER_VALIDATE_EMAIL)) {
            $error_message .= 'The email address you entered does not appear to be valid.<br>';
        }
        if(strlen($error_message) > 0) {
            died($error_message);
        }

        // Prevent spammers from using contact form
            //Create an array containing the words in the message
            $MessageArray = explode(" ", $message);
            //Get SPAM words from file and store them in an array
            $SpamWords = file_get_contents('spamwords.txt');
            $SpamArray = explode("\r\n", $SpamWords);
            //Cycle through all the words in the message
            foreach($MessageArray as $word){
                //Check the word for SPAM words, if it is don't send the email
                if(in_array($word, $SpamArray)){
                    echo '<h1>Spam Guard</h1>';
                    echo '<p>Here in European Community, the <a href="http://www.legislation.gov.uk/uksi/2003/2426/pdfs/uksi_20032426_en.pdf">Privacy and Electronic Communications Regulations 2003</a> cover the sending of email marketing. This legislation says that organisations must only send marketing emails to anyone if they have agreed to receive them, except where there is a clearly defined customer relationship.</p>';
                    echo '<p>It appears that you are attempting to send an unsolicited message (e.g. a marketing message).</p>';
                    echo '<p>We as an organisation do not send unsolicited messages and we request that you do the same for us.</p>';
                    echo '<p>If you are not attempting to send an unsolicited message, there may be an error in the system so please accept our apologies.</p>';
                    die();
                }
            }
            //If we've made it to this point, our message doesn't contain any obvious SPAM words

        // Formulate Email
        $formcontent='Message: \n $message \n \n From: $name $email';
        $recipient = << my email address >>;
        $subject = 'Contact Form Message';
        $mailheader = 'From: $name <$email> \r\n';
        mail($recipient, $subject, $formcontent, $mailheader) or die('Error!');
        echo 'Thank you for contacting us.  We will be in touch with you very soon via your email address<br>' . $email;
        ?>

Answer 4

Check this out, it will be useful

Spam Word Blocker PHP