SPAM FILTER

SPAM FILTER

4

Arun Kr.
07-Feb-26

BEST SPAM FILTER (3-Layer Protection)

We’ll add:

✔️ 1. Honeypot Field (Bot Trap)

✔️ 2. Time Check (Too-fast Submit = Bot)

✔️ 3. Keyword Filter (Spam Words)

 

STEP 1: Add Hidden Honeypot Field (In Form)

Add this inside your <form> (anywhere):

 

<!-- Honeypot field (hide with CSS) -->
<input type="text" name="website" style="display:none;">

 

STEP 2: Add Timestamp (In Form)

Add this inside the form too:

 
<input type="hidden" name="form_time" value="<?= time(); ?>">

This tracks how fast the form was submitted.

 

STEP 3: Update Your PHP Submit Code

Replace your handler with this spam-protected version:

 

<?php

if (isset($_POST['send'])) 
{
    unset($_POST['send']);

    /* ---------- SPAM CHECKS ---------- */

    // 1. Honeypot
    if (!empty($_POST['website'])) 
    {
        die("Spam detected.");
    }

    // 2. Time check (min 5 seconds)
    if (!empty($_POST['form_time'])) 
    {
        if (time() - $_POST['form_time'] < 5) 
        {
            die("Too fast. Possible bot.");
        }
    }

    // 3. Keyword filter
    $spamWords = [
        'viagra','casino','loan','bitcoin',
        'crypto','forex','porn','sex',
        'free money','work from home','seo service'
    ];

    $content = strtolower(
        ($_POST['name'] ?? '') .
        ($_POST['message'] ?? '') .
        ($_POST['email'] ?? '')
    );

    foreach ($spamWords as $word) 
    {
        if (strpos($content, $word) !== false) 
        {
            die("Spam content detected.");
        }
    }

    /* ---------- VALIDATION ---------- */

    $validator = new Validator($_POST);

    $fields = ['name','contact','email','message'];

    $validator->sanitize($fields);

    $validator
        ->rule("name", "required")
        ->rule("name", "min", 3)

        ->rule("contact", "required")
        ->rule("contact", "numeric")
        ->rule("contact", "max", 15)

        ->rule("email", "required")
        ->rule("email", "email")

        ->rule("message", "required")
        ->rule("message", "min", 5)
        ->rule("message", "max", 500);

    /* ---------- PROCESS ---------- */

    if (!$validator->validate()) 
    {
        $msg_danger = implode("<br>", array_map(
            fn($errs) => implode("<br>", $errs),
            $validator->errors()
        ));
    } 
    else 
    {
        $data = $validator->getSanitizedDataArray();

        $id = $Uni->insert("contact_messages", $data);

        if (empty($Uni->getLastError())) 
        {
            $body = $Uni->buildEmailBody($data, "Contact Message");

            $subject = "New Contact Message #" . $id;

            if ($Uni->sendMail(TO_EMAIL, $subject, $body)) 
            {
                $msg_sussess = "Thank you. Your message was sent.";
                $_POST = [];
            } 
            else 
            {
                $msg_danger = "Email sending failed.";
            }
        } 
        else 
        {
            $msg_danger = "DB Error: " . $Uni->getLastError();
        }
    }
}

 

 

WHAT THIS BLOCKS

Method Stops
Honeypot Basic bots
Time check Auto scripts
Keyword scan SEO spam
Validator Garbage input

✔ Works without annoying users
✔ No Google captcha
✔ Lightweight
✔ Fast

0
file upload logic Compressed version
Buy Me a Coffee
@Since 2024 Arun'Log Powered by Arun Git