Mark Royko + Associates

Mollom is a highly effective spam filtering service that can protect almost any web form from spam with a sophisticated image and audio captcha. It's quite useful, in large because it's a centralized service that constantly monitors and learns from spam attacks, making it responsive even when spam bots change their tactics. It also provides an interesting set of results so that you can monitor the spam attacks (and defenses) employed on your website.

While the service is generally found on Drupal-based web sites–one of the principals of Mollom is Drupal's founder Dries Buytaert– it can be used on almost any other system, including Wordpress, Joomla and several others. It can even be used with generic PHP forms.

But while activating Mollom on other CMS systems is generally just a matter of installing a module or plug-in, getting it to work on a in straight PHP form is a little (but not much) more complicated. Here's how to make it work with regular PHP/HTML forms.

1) First, download the Mollom PHP class from http://mollom.crsolutions.be/ . The class itself is just a single page of PHP. There is documentation there for some aspects of the class.
2) Sign up at http://mollom.com and enter your site information. The service is free for most sites with small-to-average spam filtering needs, although corporate rates are still relatively inexpensive. After registering, you'll receive a public and private key for use within your code.
3) Include the code in your form, and enter the keys you just received from Mollom. It will look something like this:

<?php
require('mollom.php');
// set keys
Mollom::setPublicKey('public_key_goes_here');
Mollom::setPrivateKey('private_key_goes_here');
$servers = Mollom::getServerList();
Mollom::setServerList($servers);
?>

HINT: Note the part here where the code is calling the Mollom servers. I've run into trouble with this class before where the form was unable to retrieve the server list provided by Mollom::getServerList(). I'm not certain what the cause of this is, but to fix this, I manually inserted an array of servers, replacing the call to list Mollom servers with the following:

$servers= Array('http://174.37.205.152','http://88.151.243.145','http://82.103.131.136','http://88.151.243.81');

Where did I get that list? By creating a new PHP script that returns the server list, like so:

<?php
/**
* This file returns the Mollom server list
**/
require('mollom.php');
Mollom::setPublicKey('public_key_goes_here');
Mollom::setPrivateKey('private_key_goes_here');
$servers = Mollom::getServerList();
echo 'Current Mollom Server List: <br>';
print_r($servers);
?>

(I don't know how often this list changes–if ever. You can probably just copy the IP addresses from the paragraph above, but at least now you know how to get the numbers when you need them.)

4) Set up the Captcha: Mollom offers a range of features, including the ability add image captchas, audio captchas, and even to evaluate form content for spam. In our example, we'll only be adding a straight image-captcha which will be evaluated when the form is submitted.

For this very simple image-captcha, all we'll need to do is have Mollom generate an image, add it to our form, then add a few extra fields to the form itself. One field will be for the captcha response; the other to pass the captcha id number back to Mollom. The code will look something like this:

<?php
require('mollom.php');
// set keys
Mollom::setPublicKey('public_key_goes_here');
Mollom::setPrivateKey('private_key_goes_here');
$servers = Mollom::getServerList();
//or, manually add the server list like so:
//$servers= Array('http://174.37.205.152','http://88.151.243.145','http: 82.103.131.136','http://88.151.243.81');
Mollom::setServerList($servers);
?>
<form action="form_processing_page.php" method="post">
<input type="text" name="misc_text_input">Enter Text<br>
<?php
$captcha = Mollom::getImageCaptcha();
echo $captcha['html'];
?>
<input type="text" size=15 value="captcha_value"><br>
Please enter the value of the security question above.
<input type="hidden" name="captcha_id" value="<?php echo $catcha['catcha_id'];?>">
<input type="button" value="submit">
</form>

Let's take a look at that: In the code above, we've called on Mollom to provide us with a captcha image, and added in a new text field where our visitors will enter the text and numbers they see the image.

Since Mollom needs both the value of the captcha that was entered by the user, and an id captcha, we'll add the id through a hidden value set on the form. It doesn't really matter what we call the value, as long as we can access the $_POST value when the form is submitted. Which takes us to the final step: The form processing page:

<?php
// Form Processing Page
require('mollom.php');
// set keys
Mollom::setPublicKey('public_key_goes_here');
Mollom::setPrivateKey('private_key_goes_here');
$servers = Mollom::getServerList();
//or, manually add the server list like so:
//$servers= Array('http://174.37.205.152','http://88.151.243.145','http: 82.103.131.136','http://88.151.243.81');
Mollom::setServerList($servers);
 
//lets get our values back:
$value_from_user=$_POST['captcha_value'];
$id_value=$_POST['captcha_id'];
 
/*
now that we have those, we'll call Mollom to process the response. If it passes, we'll proceed, if not, then bounce them out */
 
if(Mollom::checkCaptcha($id_value, $value_from_user)){
	  $passed=true;	
  echo 'That is the correct answer';
        //process the form
	}else{
	  $passed=false;
        //The answer was incorrect
  echo 'Sorry, we think you might be a spammer.';
	}
?>

As I mentioned, Mollom can do a lot more than just check the value of a captcha: It can evaluate form fields to determine whether the content looks spammy or not, and even be set to only display a captcha when it thinks the input is from a spammer. We'll discuss these aspects more in part II.