Posted on April 26th, 2010 at 07:22 AM by Corey Ballou
Let’s face it… nobody enjoys spam. A basic PHP contact form is generally susceptible to a massive amount of spam mail. SPF30 is a PHP library which utilizes a number of recommended spambot deterrents in an attempt to reduce form submission spam. SPF30 does not utilize any form of captcha. In addition to spam prevention methods, SPF30 also handles two-way encryption of form data. In other words, your form content cannot be easily sniffed across the wire. This adds a layer of security to your contact forms.
Features
- The form submission contains a hashed value of a system defined secret key, the current date, and the user’s user agent.
- The form submission is invalidated in the event the submission timestamp exceeds a specific timeout period (default 1 hour).
- The form submission is invalidated in the event it was submitted in rapid succession (default 5 seconds).
- A hidden input honeypot is utilized in an attempt to trick bots into passing data with the field.
- A hidden hash field is validated against the submission time, user agent, and secret key.
- A hidden field is sent containing a the array of encrypted fields for decryption to their old field names.
- Decrypted form fields are written directly back to the POST array, abstracting the encryption from your backend handling.
- User specified form field names can undergo two-way DES encryption to obfuscate form field names.
- User submitted form field values can be encrypted on the frontend using a Javascript implementation of DES.
- The encryption method goes beyond simple DES encryption for the purposes of transporting UTF-8 characters in POST data.
