PHPackages mccarthy/php-form-protect - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Validation & Sanitization](/categories/validation) 4. / 5. mccarthy/php-form-protect ActiveLibrary[Validation & Sanitization](/categories/validation) mccarthy/php-form-protect ========================= phpFormProtect allows you to protect a form from spammers without using a captcha. 48448[2 issues](https://github.com/mccarthy/phpFormProtect/issues)PHP Since Apr 11Pushed 7y ago11 watchersCompare [ Source](https://github.com/mccarthy/phpFormProtect)[ Packagist](https://packagist.org/packages/mccarthy/php-form-protect)[ RSS](/packages/mccarthy-php-form-protect/feed)WikiDiscussions master Synced 5d ago READMEChangelogDependenciesVersions (1)Used By (0) phpFormProtect ============== [](#phpformprotect) phpFormProtect protects forms from spammers in a way that doesn't annoy users. It is an alternative to a CAPTCHA, and could also be used to prevent comment spam. It works by running each submission through a number of tests, and then scoring the submission. Any one of the tests by itself has flaws, but working together they provide a high quality indicator of the spamminess of a given form submission. The last two tests by default cause failure based on the points assigned. This is easily configurable. This project is a port of [CFFormProtect](http://cfformprotect.riaforge.org/). We found that when switching from ColdFusion to PHP, there wasn't anything similar. Many thanks to the folks at CFFormProtect, especially for fp.js, which is a copy of cffp.js. The tests are as follows: - **Hidden Form Field** - If hidden form field is filled in, this is an indicator of spam - **Time Form Submission** - If form is filled out too fast or too slow, this is an indicator of spam - **Too many URLs** - If the comment field has too many URLs (Number is configurable) this is an indicator of spam - **Mouse Movement** - If the user does not use their mouse, this is an indicator of spam - **Used Keyboard** - If the user does not use their keybaord, this is an indicator of spam - **Validate Referer** - If the HTTP referer does not match the form URL, we shouldn't accept the submission. - **Validate Email** - If the email address provided in the form is not valid from a syntax perspective, we shouldn't accept the submission. ### Contributors [](#contributors) Dan McCarthy () ### Version [](#version) 0.2 ### Installation Via Composer [](#installation-via-composer) Require the package within your `composer.json`: ``` "require": { "mccarthy/phpFormProtect": "master" } ``` Update Composer: ``` $ composer update ``` ### Manual Installation [](#manual-installation) - Copy the phpfp folder into the same folder that contains the form and form processing page on your web host ### Instructions for Use [](#instructions-for-use) - Put this line of code between the form tags of the form you want to protect: ``` ``` - On the form processing page, do something like the following: ``` $fp = new FormProtect; $fpResult = $fp->testSubmission($_POST); if($fpResult[pass]) { //echo "Passed, looks like a valid submission. Process as normal, send email, etc."; } else { //echo "Failed. Looks like spam. Log, block IP, email, etc."; } ``` \###Sample Code - The files "contact.php" and "contact-process.php" contain sample code showing how to use phpFormProtect. - You can either use the sample code files, or add similar logic to your form processing page. ### Todo [](#todo) - Include IP, Reverse IP Lookup, Referring URL, and Browser in Email - Handle empty form post better - Eliminate or fix spam words test - Add logging - Add config file - Move JS into `` - Integrate akismet - Integrate project honeypot - Integrate - Integrate [spamhaus dbl](http://www.spamhaus.org/dbl/) - ([Assisting article](http://www.lockergnome.com/net/2012/04/23/checking-a-domain-against-the-spamhaus-dbl-in-php/)) - Integrate - Add ideas from ### Research & Inspiration [](#research--inspiration) - - - - - - ### License [](#license) This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at . ### Health Score 24 — LowBetter than 32% of packages Maintenance19 Infrequent updates — may be unmaintained Popularity21 Limited adoption so far Community14 Small or concentrated contributor base Maturity37 Early-stage or recently created project Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Community Maintainers ![](https://www.gravatar.com/avatar/733dafe1929c08f210752bf904653a0e847e1504ec992eba5b114e9e8a97da8b?d=identicon)[mccarthy](/maintainers/mccarthy) --- Top Contributors [![mccarthy](https://avatars.githubusercontent.com/u/889650?v=4)](https://github.com/mccarthy "mccarthy (10 commits)") ### Embed Badge ![Health badge](/badges/mccarthy-php-form-protect/health.svg) ``` [![Health](https://phpackages.com/badges/mccarthy-php-form-protect/health.svg)](https://phpackages.com/packages/mccarthy-php-form-protect) ``` ### Alternatives [webmozart/assert Assertions to validate method input/output with nice error messages. 7.6k894.0M1.2k](/packages/webmozart-assert)[bensampo/laravel-enum Simple, extensible and powerful enumeration implementation for Laravel. 2.0k15.9M104](/packages/bensampo-laravel-enum)[swaggest/json-schema High definition PHP structures with JSON-schema based validation 48612.5M73](/packages/swaggest-json-schema)[stevebauman/purify An HTML Purifier / Sanitizer for Laravel 5325.6M19](/packages/stevebauman-purify)[ashallendesign/laravel-config-validator A package for validating your Laravel app's config. 217905.3k5](/packages/ashallendesign-laravel-config-validator)[crazybooot/base64-validation Laravel validators for base64 encoded files 1341.9M8](/packages/crazybooot-base64-validation) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)