Skip to content

Instantly share code, notes, and snippets.

@hans2103

hans2103/Form Fields > textbox

Last active June 5, 2023 09:52
Show Gist options
  • Save hans2103/ecc5b9b1b180f7cd6e1e5d973637456f to your computer and use it in GitHub Desktop.
Save hans2103/ecc5b9b1b180f7cd6e1e5d973637456f to your computer and use it in GitHub Desktop.
Download ZIP
Joomla RSForm Honeypot inspired by https://webaim.org/blog/spam_free_accessible_forms/
Raw
_joomla-rsform-honeypot
A small honeypot method to catch spam bots.
Inspired by blog post on https://webaim.org/blog/spam_free_accessible_forms/
Raw
Form Fields > textbox
Name: usefulname
Caption: usefulName
Raw
Form Properties > CSS
<style>
.rsform-block-usefulname{
display:none;
visibility:hidden;
}
</style>
Raw
Form Properties > Script called on form process
/**
* https://webaim.org/blog/spam_free_accessible_forms/
*/
$spam = false;
// Detect form elements for the most common header injections and other code
if (preg_match( "/bcc:|cc:|multipart|\[url|Content-Type:/i", implode($_POST['form'])))
{
$spam=true;
}
// Detect more than 3 outgoing links
if (preg_match_all("/<a|https?:/i", implode($_POST['form']), $out) > 3)
{
$spam=true;
}
// Detect content within a hidden form element
if( !empty($_POST['form']['usefulname']))
{
$spam = true;
}
// Ensure the form is posted from your server
//if((isset($_SERVER['HTTP_REFERER']) && stristr($_SERVER['HTTP_REFERER'],$_SERVER['HTTP_HOST']))) {
// $spam=true;
//}
// Sent spammer to somewhere else
if ($spam)
{
header('Location: https://www.example.com/');
die;
}
// END Honeypot
@iamrobert
Copy link

iamrobert commented Jul 13, 2020
edited
Loading

Thanks - and I believe it needs to add ['form'] or it doesn't process:

if( !empty($_POST['form']['usefulName']))
{
  $spam = true;
}

if (preg_match( "/bcc:|cc:|multipart|\[url|Content-Type:/i", implode($_POST['form']))) {
    $spam=true;
}

// Detect more than 3 outgoing links - added s for greedy
if (preg_match_all("/<a|https?:/i", implode($_POST['form']), $out) > 3) 
{
    $spam=true;
}

Reference:
https://www.rsjoomla.com/support/documentation/rsform-pro/getting-started/php-scripts.html

and put the php code in:
PHP Scripts > Script called on form process

@hans2103
Copy link
Author

@iamrobert fixes applied. Thank you

@kbrookes
Copy link

Thanks for this!

I've noticed my version of RSForm Pro makes its automatic classnames lowercase, so for me '.rsform-block-usefulName' needed to be '.rsform-block-usefulname'.

@hans2103
Copy link
Author

@kbrookes fixes applied. Thank you

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment