Created
October 5, 2023 04:26
-
-
Save irishgeoff20/647be1cb3bfd218d3815fd8d1c2e9919 to your computer and use it in GitHub Desktop.
html form honeypot
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
An HTML form honeypot is a technique used to combat form spam, especially automated bot submissions, by adding a hidden field to a web form that should not be filled out by legitimate users. Bots often fill out all fields in a form, including hidden ones, while human users typically don't interact with these hidden fields. When a hidden field is submitted with a value, it indicates that a bot has attempted to submit the form, allowing the server-side script to reject the submission. | |
Here's how to implement an HTML form honeypot: | |
1. **HTML Form:** | |
Start by creating your HTML form with the fields you want, including the honeypot field: | |
```html | |
<form action="process_form.php" method="post"> | |
<label for="name">Name:</label> | |
<input type="text" id="name" name="name" required> | |
<!-- Hidden honeypot field --> | |
<input type="text" name="honeypot" style="display: none;"> | |
<input type="submit" value="Submit"> | |
</form> | |
``` | |
In the above code, a hidden honeypot field is added to the form. Users won't see it because of the `style="display: none;"` attribute. | |
2. **Server-side Processing:** | |
In your server-side script (e.g., PHP, Python, or any other server-side language), you should check the value of the honeypot field. If it has a value, it's likely a bot submission, and you can reject the form submission. Here's a simple example using PHP: | |
```php | |
<?php | |
$name = $_POST['name']; | |
$honeypot = $_POST['honeypot']; | |
// Check if the honeypot field is not empty (indicating a bot submission) | |
if (!empty($honeypot)) { | |
// Handle the bot submission (e.g., log the attempt or display an error) | |
echo "Bot submission detected."; | |
} else { | |
// Process the form data as usual | |
// ... | |
echo "Form submitted successfully."; | |
} | |
?> | |
``` | |
If the honeypot field has a value, you can take appropriate action, such as logging the attempt, blocking the submission, or displaying an error message. | |
Adding a honeypot to your form is a relatively simple and effective way to reduce automated spam submissions, but it's not foolproof. Sophisticated bots may be designed to recognize and avoid honeypot fields. Therefore, it's often a good practice to combine honeypots with other anti-spam measures, such as CAPTCHA challenges or rate limiting. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
A good way to stop form spam is to use a form backend service like fabform.