From 83b553daed32468fe7a6bc9ebcd16586da2d9435 Mon Sep 17 00:00:00 2001
From: Waldo Jaquith <waldo@jaquith.org>
Date: Thu, 28 May 2020 15:20:36 -0400
Subject: [PATCH] Block extra-US contact form submissions

Toward #371.
---
 htdocs/contact.php | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/htdocs/contact.php b/htdocs/contact.php
index 04b57ff1..84fa4982 100644
--- a/htdocs/contact.php
+++ b/htdocs/contact.php
@@ -84,6 +84,23 @@ function show_form($form_data)
 if (isset($_POST['form_data']))
 {
 
+    /*
+     * Block non-US IPs. (This is where most spam comes from.)
+     */
+    $url = 'http://ip-api.com/json/' . $_SERVER['REMOTE_ADDR'];
+    $json = get_content($url);
+    if ($json !== FALSE)
+    {
+        $ip_data = json_decode($json);
+        if ($ip_data !== FALSE)
+        {
+            if ($ip_data['countryCode'] != 'US')
+            {
+                die();
+            }
+        }
+    }
+
     # Give spammers the boot.
     if (!empty($form_data['zip']))
     {