// Change 'email' to the name of the field where your user should // enter their own email address. if (empty($_POST) || !isset($_POST['email'])) { header("Location: /"); exit; } // Your form should have a honey pot field 'pooh' that is left blank by human users if (!isset($_POST['pooh']) || $_POST['pooh']!="") { sleep(rand(2, 5)); // delay spammers a bit header("HTTP/1.0 403 Forbidden"); exit; } $crlf = "\r\n"; // Insert into PHP scripts before mail() // Check $_GET if your contact form uses GET method. $badStrings = array("Content-Type:", "MIME-Version:", "content-type:", "mime-version:", "multipart/mixed", "content-transfer-encoding:", "to:", "Content-Transfer-Encoding:", "bcc:", "cc:", "href="); function all_ascii( $stringIn ){ $final = ''; $search = array("\r","\n"); $replace = array(" "," "); $hold = str_replace($search[0],$replace[0],$stringIn); $hold = str_replace($search[1],$replace[1],$hold); if(!function_exists('str_split')){ function str_split($string,$split_length=1){ $count = strlen($string); if($split_length < 1){ return false; } elseif($split_length > $count){ return array($string); } else { $num = (int)ceil($count/$split_length); $ret = array(); for($i=0;$i < $num;$i++){ $ret[] = substr($string,$i*$split_length,$split_length); } return $ret; } } } $holdarr = str_split($hold); foreach ($holdarr as $val) { if (ord($val) < 128) $final .= $val; } return $final; } // Loop through each POST'ed value and test if it contains // one of the $badStrings: foreach($_POST as $k => $v){ foreach($badStrings as $v2){ if(strpos(all_ascii($v), $v2) !== false){ sleep(rand(2, 5)); // delay spammers a bit header("HTTP/1.0 403 Forbidden"); exit; } } } // Continue onward to mail()