Custom Form Integration with Maspik
If you’re building a Custom Form with PHP (non-standard form not based on Elementor, Contact Form 7, WPForms, etc.), you can still use MASPIK’s powerful spam protection engine by manually sending your form fields into MASPIK’s validation filter.
This gives you full control while maintaining advanced spam protection like:
• Blacklisted keywords
• Email and phone number validation
• Honeypot & JavaScript spam traps
• AI-based detection (if enabled)
How It Works
From Version 2.5.0, Maspik exposes a filter hook named:
maspik_validate_custom_form_fields
apply_filters('maspik_validate_custom_form_fields', false, $fields, $form_name);You call this filter before saving or sending the form data. The filter will return either false (not spam) or an array with spam details if the submission is considered spam.
Understanding the Filter
This filter accepts three parameters:
| Parameter | Type | Description |
|---|---|---|
| $spam_result | false (default) | Used internally to pass back the spam response. You can always pass false. |
| $fields | array | An array of fields from your form. Each field must include type, value, and field_name. |
| $form_name | string | A custom name or identifier for your form (e.g. “Job Application Form”). This helps MASPIK display the source in logs and spam reports. |
When this filter is applied, MASPIK will analyze the form fields, check for spam patterns, and return:
• false — if the submission is not spam
• array — if spam is detected (includes a message and diagnostic data)
This makes it easy to plug MASPIK into any custom form, without being tied to a specific plugin.
Example Integration Code
Here’s how to integrate MASPIK in your custom form handler:
$fields = [
['type' => 'text', 'value' => $_POST['first_name'] ?? '', 'field_name' => 'first_name'],
['type' => 'text', 'value' => $_POST['last_name'] ?? '', 'field_name' => 'last_name'],
['type' => 'email', 'value' => $_POST['email'] ?? '', 'field_name' => 'email'],
['type' => 'textarea', 'value' => $_POST['message'] ?? '', 'field_name' => 'message'],
['type' => 'tel', 'value' => $_POST['phone'] ?? '', 'field_name' => 'phone'],
// Optional hidden fields for honeypot and JS-based spam detection
['type' => 'hidden', 'value' => $_POST['Maspik-currentYear'] ?? '', 'field_name' => 'Maspik-currentYear'], // Should match current year
['type' => 'hidden', 'value' => $_POST['full-name-maspik-hp'] ?? '', 'field_name' => 'full-name-maspik-hp'], // Must be empty
['type' => 'hidden', 'value' => $_POST['maspik_spam_key'] ?? '', 'field_name' => 'maspik_spam_key'], // JS-generated key
];
// Run spam check via MASPIK
$is_spam = apply_filters('maspik_validate_custom_form_fields', false, $fields, 'My Custom Form');
if ($is_spam) {
// Block the submission and show user-friendly error
echo '<div class="error">' . esc_html($is_spam['message']) . '</div>';
// Optional: log or debug technical details
error_log('Spam reason: ' . $is_spam['reason']);
error_log('Field type: ' . $is_spam['field_type']);
error_log('Field name: ' . $is_spam['field_name']);
exit; // Or stop further form processing
}Hidden Anti-Spam Fields
If MASPIK’s honeypot, JS check, or advanced key validation features are enabled, make sure your custom form includes the following hidden fields:
| Field Name | Purpose | Example Value |
|---|---|---|
| Maspik-currentYear | Current year (e.g., 2025) | Use PHP or JS to add it |
| full-name-maspik-hp | Honeypot – must be empty | ” (empty) |
| maspik_spam_key | MASPIK’s internal spam key (via JS) | Populated by Maspik |
These help MASPIK detect bots that bypass traditional validation.
Handling the Spam Response
If spam is detected, the $is_spam variable will contain an array like this:
[
'spam' => true,
'message' => 'Your message looks like spam.',
'reason' => 'blacklisted_words',
'field_type' => 'textarea',
'field_name' => 'message'
]Use the ‘message’ field for displaying a friendly message to the user, and the other fields for logging or debugging.
Notes
• You must build the $fields array manually, as shown above. Do not just pass $_POST directly without checking.
• Always sanitize and validate user input before saving or using it.
• This integration works with any theme or plugin.
• For questions, contact MASPIK support.