I’ve worked on a plugin for WordPress, actually I have been rewriting the Contact Form Captcha plugin (also here on WP Extend). I’ve tackled out the javascript bit for generating the captcha and added a few features to the email itself.
You can download it from here.
The code generated in the captcha will only contain alphabetic capitals between A & Z, which is stronger, I’m not a security expert but 266 is a higher number than 106. Instead of the javascript validation, it only uses server side validation. The boxes will get a red border to indicate if there was something wrong in there. This indication can be easily expanded in the source, maybe I’ll add that later. The code comparison will happen in a session, so no client side hacking possible.
Next big thing I did was the email validation check with regular expressions, I’ll talk more about that later. This validation should be foolproof and even checks if the domain has MX records. Check out the function, it should be reusable in any project using PHP 4 or newer, please include credits. Code released under Creative Commons Attribution-Share Alike 2.0 Belgium License
function check_email($email) {
//Function written by Jeroen Op 't Eynde - XprsYrslf.be
//Creative Commons Attribution-Share Alike 2.0 Belgium License
//Pattern from: http://fightingforalostcause.net/misc/2006/compare-email-regex.php
$pattern = "/^[-a-z0-9~!$%^&*_=+}{\'?]+(\.[-a-z0-9~!$%^&*_=+}{\'?]+)*@([a-z0-9_][-a-z0-9_]*(\.[-a-z0-9_]+)*\.(aero|arpa|biz|com|coop|edu|gov|info|int|mil|museum|name|net|org|pro|travel|mobi|asia|cat|jobs|tel|[a-z][a-z])|([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}))(:[0-9]{1,5})?$/i";
if (function_exists('checkdnsrr')){
list($user,$domain) = split('@',$email);
if(preg_match($pattern,$email) && checkdnsrr($domain,"MX")) return $email; //Linux: PHP 4.3.0 & Windows: PHP 5.3.0
else return false;
} else {
if(preg_match($pattern,$email)) return $email; //PHP 4 or 5
else return false;
}
}
I thank Alexandre De Dommelin & Ian Dunn for the regex research.
As I said, I’ve added a few features to the email that makes it more usable for different website’s. List of features:
- Date of Submission
- Server’s Name (or Website’s Name)
- IP address of person using the form
- URL of page containing the form
Like in the original plugin by Eazeenet, you can add <!–contact form–> anywhere you want to put it. But now it puts it exactly where you put the tag and not only below the text of that page.
That’s it. You can see an example of the contact form here. You are free to test it with any hate mail you want. Any bugs and/or features can be reported as a reply to this post or via the contact form, of course.
