Creating A Secure Contact Form.

Publicated on : 1182135939
I got alarming results from a few clients who say they are being spammed like crazy last year. Luckily I did not build their contact form. But they asked me to take a look at it. I did, and so I wrote a secure contact form which protects them against (most) automated spam out there without the use of a captcha. It uses a cookie, a word filter, and sessions. I wrote it in 15 minutes so do not expect a well documented script. For those who want to take a peek at it, here it is.

I try to approach it on two fronts, automatic and manual submission. The use of cookies and Javascript prevents a lot of todays automated robots who only look for the form tag. Be sure that in the end anything can be bypassed, this only slows it down considerate amounts because now a spammer needs to build a custom spam script with Javascript and cookie support. For most, too much trouble.

- It uses a PHP session echoed into a Javascript cookie; simply an automated captcha.
- After this triage, manual/automated spam detection is done with a word filter.
- Few minor checks upon the body & name length.
- Destroying sessions, else they can re-use the same session.
- Making sure that no script or HTML can be injected.