Hey Jones!

As I’ve been working more with open source CMS (Content Management System) solutions I’ve had to work with PHP more than usual. Recently a client of mine was having an issue with spam being sent through the contact form on his website. The previous developer had used client-side JavaScript to validate the form submission, but what most people don’t realize is that spam can be sent through your site without hitting the form. Any valid post request to your .php file will work. So I developed a means of blocking these messages from sending server-side.

The code simply checks to see what domain posted the request, and if it doesn’t match your site, the request is denied. Just place this at the top of your ?php code and replace ‘heyjones.com’ with your domain:

$url = $_SERVER['HTTP_REFERER'];
$uri = parse_url($url);
if($uri['host'] != 'heyjones.com'){
	header('location:' . $url);
	exit();
}