Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Preventing form spam with honeytrap #PHP

OK, the idea here is that spambots will fill out all fields in the form. So we hide one of the fields with CSS (so users don't see it) and if it's filled out, we don't allow the submission to complete. This isn't my idea but I don't remember exactly where I found it.

<?php //post the form fields from below
$name = $_POST['name'];
$machine = $_POST['machine'];
if ($machine != "")
{
exit(); //if a spambot filled out the "machine"
//field, we don't proceed
}
else
{
//validate the name and do stuff with it
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Test Form</title>
<style>
/* hide the "machine" field */
.machine { display: none; }
</style>
</head>
<body>
<form method="post" action="">
<input name="name" />
<!-- below field is hidden with css -->
<input name="machine" class="machine" />
<!-- edit - show a warning (also hidden) to users with CSS disabled -->
<label for="machine" class="machine">If you are a human, don't fill out this field!</label>
<input type="submit" />
</form>
</body>
</html>
@repiano

This comment has been minimized.

Copy link

@repiano repiano commented May 15, 2014

Looks good, but I have one question. If the visitor is using a form-filling app, such as LastPass or Roboform, what's the likelihood that it will fill the honeytrap field?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment