<?
	//Paul Tero 2 July 2007 - 16 October 2009
	//This script was adapted from a couple AntiHijack and AntiSpam scripts. It checks to see if the form
	//is being hijacked to send SPAM to other people (using cc) and if the script is sending SPAM
	//to the intended recipient (eg a contact us form). It is meant mainly for contact us pages but
	//can be used on any form. It checks several things:
	//1) that the form is posted
	//2) that the IP address of the visitor is not in known lists of SPAM senders
	//3) that no email headers like cc and bcc are in any of the posted elements
	//4) that no standard fields like name, email, etc contain links
	//5) that no standard fields like name, email, etc contain strings of random characters
	//6) that other fields do not contain addresses of known SPAM sites
	//7) that form input is not repeated too often (eg "cheap pills" in every form field)
	//By default it prints an error message and exits if SPAM is found (just to help legitimate
	//people who are rejected. But this can be turned off so it just returns true for SPAM or false.
	function SpamZapper ($forbid=true, $checklists=true) {
		global $_POST, $_SERVER;
		$errors = ""; //collects errors in the form
		//1) Check that the browser and method are correct
		if (!$_SERVER["HTTP_USER_AGENT"]) $errors .= ", no user agent"; //no user agent
		if ($_SERVER["REQUEST_METHOD"] != "POST") $errors .= ", not posted"; //form should be posted
		else if (!isset ($_POST) || !$_POST) $errors .= ", no posted data"; //check there is posted data
		//The referer check was removed on 29/11/2006 as some users were getting this error anyway!
		//2) Check their IP address against known lists (from http://weblog.sinteur.com/DNS-anti-spam.phps)
		if ($checklists) {
			$remoteip = $_SERVER['REMOTE_ADDR']; //remote IP address
			$lookup = implode ('.', array_reverse (explode ('.', $remoteip))) .  '.sbl-xbl.spamhaus.org.';
			if ($lookup != gethostbyname ($lookup)) $errors .= ", the IP address $remoteip has been blocked";
		}
		//The following must not be in any posted elements
		$bad = array ("from:","content-type:","mime-version:","content-transfer-encoding:","bcc:","cc:"); 
		//Only the following elements are allowed to have links. Name the field something different to allow no links at all
		$haslinks = 'description|comments|message|enquiry';
		//The following fields must not be random sets of characters - this is a regular expression against the key, added 15/10/2009
		$notrand = 'name|firstname|lastname|telephone|address\d?|city|county|postcode|country|email';
		$repeats = array(); //see if any of the form inputs are repeated
		//now loop through all the posted data
		foreach ($_POST as $key=>$val) {//for each item of input
			if (is_array ($val)) $val = join (" / ", $val); //for array inputs
			$val = trim (strtolower ($val)); //make it lower case
			if (strlen ($val) > 5) {if (!isset ($repeats[$val])) $repeats[$val] = 0; $repeats[$val]++;} //6) if input is repeated
			foreach ($bad as $s) if (strpos ($val, $s) !== false) $errors .= ", $key contains $s"; //3) contains bad stuff
			if (preg_match ("/<\s*>|\[url/i", $val)) $errors .= ", $key contains invalid characters"; //these often appear in SPAM
			$maxlinks = preg_match ('/' . $haslinks . '$/i', $key) ? 1 : 0; //how many links can these fields include
			if (preg_match_all ("/<a|http:/i", $val, $m) && count ($m[0]) > $maxlinks) $errors .= ", $key contains links"; //4) check links
			if (preg_match ('/' . $notrand . '$/i', $key) && preg_match ('/[bcdfghjklmnpqrstvwxz]{7,}/i', $val))
				$errors .= ", $key contains random characters"; //5) check for random characters
	 		//6) Check the domains against known lists (from http://weblog.sinteur.com/DNS-anti-spam.phps)
			if ($checklists && preg_match_all ("/(www.)([^\/\"<\s]*)/im", $val, $m)) { //it contains website addresses
				foreach ($m[2] as $domain) if (strlen ($domain) > 3) {
					$domain .= ".sc.surbl.org.";
					if (gethostbyname ($domain) != $domain) $errors .= ", $domain is a suspected SPAM URL";
	 			}
			}
		}
		//7) check for repeats
		foreach ($repeats as $string=>$num) if ($num>3) $errors .= ", '$string' is repeated $num times";
		//Now output a forbidden message
		if ($errors && $forbid) { //forbid them
			echo "<h1>Suspected SPAM</h1><p>Sorry, but your submission has been rejected because it looks ";
			echo "a little bit like SPAM. Please <a href=\"$_SERVER[HTTP_REFERER]\">return and try again</a>. ";
			echo "The following errors were reported: <i>" . substr ($errors, 2) . "</i>.";
			echo "</p>\n";
			exit;
		}
		//Return if this is suspected SPAM or not
		return $errors ? true : false;
	}
?>