Whitelist Form for SPAM protection: Part I

Developing a highly secure SPAM protection shield in your site is not an easy, hands down job. Here is an Whitelist which can check if the details posted by a user in your forms are valid and authentic.

Why this Whitelist?

• This is for security purposes and prevents site hacking and intrusion.
• This is used instead of Captcha where the user sometimes feels difficult to enter the Captcha code.
• Hidden fields are given in the form along with the required details fields.
• If any extra request comes from the form (user), there is an error saying that the site is being hacked.
• This way a site can be protected from SPAM and hacking. The security key, session key etc used here also helps against site hacking.

Below is an example code on how to achieve this:

Example Code

if(isset($_REQUEST[‘btn_submit’])){
if(isset($_SESSION[‘secure_key’])) //check the session form key
{
if($_SESSION[‘secure_key’]==$_POST[‘form_key’]) //check the form key
{
$white_list = array(‘tbx_field1′,’tbx_field2′,’tbx_field3′,’tbx_field4’); // List of submitting form possible fields.
foreach($_POST as $key=>$item){
//Check if the values posted by the form is in par with the white list array, if not error msg to hacker
if(!in_array($key, $white_list)){
$error_log = “You are trying to hack the site”;
}
}
}else{
$error_log=”Invalid form key”;
}
}else{
$error_log=”Session has expired”;
}
}
}