anti-spam Simple Anti-spam protection for contact forms

[EyeDentify]

Hello Everyone.

This is not Strictly just about Processwire, but its something i use with a Processwire website that i created.

It´s just a simple little Anti-spam protection system i use to make it more difficult for simple bots to mess around with a contact form on the said website. it seems to be working pretty well.

The system is very simple, let me explain.

Step 1

In the template file for the contact form have this code:

 

<?PHP    
    /* create a random integer.*/
    $sendFormInteger = mt_rand(1000,9999);
    
    /* save the integer to session var using PW API or just go PHP vanilla */
    $session->set('antispam_code', $sendFormInteger);
?>

As you can see we just create a 4 digit integer and save it to a session var using Processwire $session API.
https://processwire.com/api/variables/session/

Step two

 

Also in your form have for example a label that display the code we created above, so the poster has to manually fill it out in a form field.

 

For example like this:

<label for="antispam_code">Anti spam code: <strong><?PHP echo($session->get('antispam_code')); ?></strong></label>
<input type="text" name="antispam_code" value="" class="" placeholder="Fill in antispam code here" />

We simply echo out the code we saved in the session var into the label so the user can read it and then fill it out into our form field below the label.
 

Step Three

 

In the file or template that receives the form data put in a simple check like bellow:

<?PHP
/* sanitize our data and make sure its a integer */
$antispam_code = $sanitizer->int($input->post->antispam_code);

/* check if the code we saved in the session var is equal to the one filled in the form and sent to us */

if($session->get('antispam_code') == $antispam_code) {
    
    /* if antispam code correct then delete it and go on */
    $session->remove('antispam_code');

} else {
    
    /* if code is NOT correct then do something else */
    
}
?>

More info on $sanitizer API:

https://processwire.com/api/variables/sanitizer/

Just thought i share this technique with you all.

I have no doubt that you could easily come up with something more advanced then a 4 digit integer that i use.

My anti-spam system is set up so that it creates a new code everytime the form template is loaded.
So it should be hard to guess unless they make the bot read the HTML and find the code in the label and make the bot fill out the correct form field before sending it.

 

Happy coding.

[pwired]

Thanks for this example. Using thumbnail pictures instead of numbers also works good against bots.

[EyeDentify]

Thanks for this example. Using thumbnail pictures instead of numbers also works good against bots.

Thanks for the tip @pwired.

Had not thought about that before but it makes sens.

[adrianmak]

My way is using two techniques. Honeypot and form filling time duration