williamt/Dapper
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Contact Form 7 Strenghting
All checks were successful
Generate Build Info / build-info (push) Successful in 2s
Details

Browse Source
This commit is contained in:
carpentryplus25
2026-03-10 22:55:24 -04:00
parent 8349374675
commit e9112e2fd8
1 changed files with 109 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

109
dapper.php
View File

@@ -1239,6 +1239,110 @@ if (class_exists('WPCF7')) {
</script> </script>
<?php <?php
} }
add_filter( 'wpcf7_form_elements', 'dapper_cf7_inject_human_checkbox', 20 );
function dapper_cf7_inject_human_checkbox( $form ) {
if ( get_option( 'dapper_enable_cf7_human_checkbox', 'on' ) !== 'on' ) {
return $form;
}
$checkbox_html = '
<div class="dapper-cf7-human-check" style="margin: 1.5em 0; padding: 1em; background: #f8f9fa; border: 1px solid #ccd0d4; border-radius: 4px; text-align: center;">
<label style="font-size: 1.1em; cursor: pointer; user-select: none;">
<input type="checkbox" name="dapper_cf7_human_confirm" id="dapper_cf7_human_confirm" value="1" required style="transform: scale(1.4); margin-right: 0.8em; vertical-align: middle;">
I am human / not a robot
</label>
<input type="hidden" name="dapper_cf7_human_token" id="dapper_cf7_human_token" value="">
<input type="hidden" name="dapper_cf7_human_time" value="' . time() . '">
<p style="margin: 0.6em 0 0; font-size: 0.9em; color: #555;">Quick check to help stop spam. Thanks!</p>
</div>';
// Insert just before the submit button / </form>
$form = preg_replace( '/(<button[^>]*type=["\']submit["\'][^>]*>.*?<\/button>)/is', $checkbox_html . '$1', $form );
// Fallback: if no <button type="submit"> found, put before </form>
if ( strpos( $form, $checkbox_html ) === false ) {
$form = str_replace( '</form>', $checkbox_html . '</form>', $form );
}
return $form;
}
// 2. Very small JS — runs on every page that has CF7 (cheap)
add_action( 'wp_footer', 'dapper_cf7_human_checkbox_js', 95 );
function dapper_cf7_human_checkbox_js() {
// Only output if at least one CF7 form exists on page
if ( ! did_action( 'wpcf7_enqueue_scripts' ) ) {
return;
}
?>
<script>
document.addEventListener('DOMContentLoaded', () => {
document.querySelectorAll('.wpcf7 form').forEach(form => {
const checkbox = form.querySelector('#dapper_cf7_human_confirm');
const tokenField = form.querySelector('#dapper_cf7_human_token');
if (!checkbox || !tokenField) return;
// Enable token only when checked
checkbox.addEventListener('change', () => {
tokenField.value = checkbox.checked
? 'cf7_human_' + Math.random().toString(36).substring(2,10) + '_' + Date.now()
: '';
});
// Optional: disable submit until checked (stronger UX)
const submitBtn = form.querySelector('input[type="submit"], button[type="submit"]');
if (submitBtn) {
submitBtn.disabled = true;
checkbox.addEventListener('change', () => {
submitBtn.disabled = !checkbox.checked;
});
}
});
});
</script>
<?php
}
// 3. Server-side validation — block if missing / invalid / too fast
add_action( 'wpcf7_before_send_mail', 'dapper_cf7_validate_human_checkbox', 11, 3 );
function dapper_cf7_validate_human_checkbox( $contact_form, &$abort, $submission ) {
if ( get_option( 'dapper_enable_cf7_human_checkbox', 'on' ) !== 'on' ) {
return;
}
$posted = $_POST;
// A. Checkbox must be checked
if ( empty( $posted['dapper_cf7_human_confirm'] ) ) {
$abort = true;
$submission->add_error( 'dapper_human', __( 'Please confirm you are human.', 'dapper' ) );
dapper_debug_log( "CF7 #{$contact_form->id()} blocked — human checkbox not checked" );
return;
}
// B. Token must exist and look valid
$token = trim( $posted['dapper_cf7_human_token'] ?? '' );
if ( empty( $token ) || strpos( $token, 'cf7_human_' ) !== 0 || strlen( $token ) < 18 ) {
$abort = true;
$submission->add_error( 'dapper_human', __( 'Verification failed. Please try again.', 'dapper' ) );
dapper_debug_log( "CF7 #{$contact_form->id()} blocked — invalid/missing human token" );
return;
}
// C. Not submitted in < 4 seconds (very strong signal of bot)
$time = (int) ( $posted['dapper_cf7_human_time'] ?? 0 );
if ( $time && ( time() - $time < 4 ) ) {
$abort = true;
$submission->add_error( 'dapper_human', __( 'Submission too fast — please try again.', 'dapper' ) );
dapper_debug_log( "CF7 #{$contact_form->id()} blocked — human check too fast" );
}
}
} }
@@ -1433,6 +1537,10 @@ function dapper_settings_page_content() {
<?php checked(get_option('dapper_enable_paypal_human_check', 'on'), 'on'); ?> <?php checked(get_option('dapper_enable_paypal_human_check', 'on'), 'on'); ?>
<?php echo $paypal_forced_off ? 'disabled' : ''; ?>> <?php echo $paypal_forced_off ? 'disabled' : ''; ?>>
<?php <?php
<h3>Contact Form 7 Protection</h3>
<label for="dapper_enable_cf7_human_checkbox">Enable "I'm human" checkbox on all CF7 forms</label>
<input type="checkbox" id="dapper_enable_cf7_human_checkbox" name="dapper_enable_cf7_human_checkbox"
<?php checked( get_option( 'dapper_enable_cf7_human_checkbox', 'on' ), 'on' ); ?>>
submit_button(); submit_button();
?> ?>
@@ -1673,6 +1781,7 @@ function dapper_register_settings() {
register_setting('dapper-backup-group', 'dapper_backup_plugins'); register_setting('dapper-backup-group', 'dapper_backup_plugins');
register_setting('dapper-backup-group', 'dapper_backup_include_media'); register_setting('dapper-backup-group', 'dapper_backup_include_media');
register_setting('dapper-settings-group', 'dapper_enable_paypal_human_check'); register_setting('dapper-settings-group', 'dapper_enable_paypal_human_check');
register_setting( 'dapper-settings-group', 'dapper_enable_cf7_human_checkbox' );
// Add other settings as needed // Add other settings as needed
} }