How to stop spam messages on contact form?

gareth94 · April 5, 2020, 12:56pm

Silverstripe Version: 3.6

I have a contact form on my website which uses reCAPTCHA version 2 to help prevent spam messages. However, quite a few get passed through! How could I stop these? Any help would be greatly appreciated!

Here is my ContactForm.php file:

````<?php

class ContactForm extends Form {

	public function __construct(Controller $controller, $name)
	{
		$emails = array(
			'e-mail address here'=>'General',
			'e-mail address here'=>'Sales',
            'e-mail address here'=>'Technical Support',
		);

		$fields = FieldList::create(
			TextField::create('Name')->setAttribute('placeholder', 'Name'),
			EmailField::create('Email')->setAttribute('placeholder', 'Email'),
			DropdownField::create('Destination', 'Enquiry', $emails)->setEmptyString("(Department)"),
			TextareaField::create('Message')
				->setAttribute('placeholder', 'Message')
				->setAttribute('rows', 9)
				->setAttribute('cols', 25),
            LiteralField::create('Captcha', '<div class="g-recaptcha" data-sitekey="MY KEY GOES HERE"></div>')
		);

		$actions = new FieldList(
			FormAction::create('Contact', 'Send')->setAttribute('disabled',true)
		);

		$validator = new RequiredFields('Name', 'Email', 'Message', 'Destination');
		//return Form::create($controller, $name, $fields, $actions, $validator);
		parent::__construct($controller, $name, $fields, $actions, $validator);
	}

	public function Contact($data)
	{
		$email = new Email();
		$email->setFrom($data['Email']);
		$email->setSubject("Website Enquiry");
		$email->setTo($data['Destination']);
		$messageBody = "<p><strong>Name:</strong> {$data['Name']}</p><p><strong>Message:</strong> {$data['Subject']}</p><p><strong>Message:</strong> {$data['Message']}</p>";
		$email->setBody($messageBody);
		$email->send();

		Controller::curr()->redirectBack();
	}

}

JonoM · April 6, 2020, 5:27pm

Hi @gareth94 , it looks like you have manually integrated reCaptcha but I can’t see how you’re validating it, so I assume there is more code you haven’t posted. Is it possible that you’re displaying a captcha but not actually verifying that the captcha was passed?

There are a few modules for implementing recaptcha for spam protection, here’s one you might want to check out:

gareth94 · April 7, 2020, 12:39pm

Hi @JonoM. Thanks for your help. I’ve actually just found some other relevant code (below) which might be of use?

This is the code ContactPage_Controller.php file:

<?php

class ContactPage_Controller extends Page_Controller {

    public static $allowed_actions = array(
        'ContactForm'
    );

    public function ContactForm(){
        return ContactForm::create($this, 'ContactForm');
    }
}

This is the contents of ContactPage.ss file:

<div class="service-menu-wrapper">
    <ul class="services-menu">
        <% control $ServiceMenu %>
            <li><a class="hvr-float-shadow internal-link $LinkingMode" href="$Link"><i class="fa $Icon"></i></a></li>
        <% end_control %>
    </ul>
</div>

<div class="typography container">
    <div class="content-container js-content">

        <article>
            <div class="custom-title">
                <span>Contact us</span>
            </div>

            <div class="panel">
                <div class="section left contact-form-wrapper">
                    $ContactForm
                </div>
                <div class="section right map">

                    <iframe src="https://www.google.com/maps/embed?pb=!1m14!1m8!1m3!1d92480.79610056261!2d-4.0153309783259425!3d52.475305088108385!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x0%3A0xc657c04368dfd9ad!2sAtebol!5e0!3m2!1sen!2suk!4v1526831824458"
                            width="100%" height="450" frameborder="0" style="border:0"
                            allowfullscreen></iframe>
                </div>
            </div>
        </article>
    </div>
</div>
<script>
    $("form").submit(function(event) {

        var recaptcha = $("#g-recaptcha-response").val();
        if (recaptcha === "") {
            event.preventDefault();
            alert("Please fill in ReCaptcha");
        }
    });
</script>

This is the content of ContactPage.php file:

<?php

class ContactPage extends Page
{

    private static $db = array();

    private static $has_one = array();

    private static $has_many = array();

    private static $summary_fields = array();

    public function getCMSFields()
    {
        $fields = parent::getCMSFields();

        return $fields;
    }
}

DorsetDigital · April 7, 2020, 1:53pm

As @JonoM mentioned, it looks like the captcha isn’t being properly validated, so it won’t be helping you at all. Adding in the proper spam protection module is the quickest way to make it work, and shouldn’t take too much work to change over. You just need to install the module, and add the relevant code to your form method (based on the instructions from the module)