OK, the idea here is that spambots will fill out all fields in the form. So we hide one of the fields with CSS (so users don't see it) and if it's filled out, we don't allow the submission to complete. This isn't my idea but I don't remember exactly where I found it.
Created
April 28, 2014 06:28
-
-
Save janikvonrotz/11363197 to your computer and use it in GitHub Desktop.
Preventing form spam with honeytrap
#PHP
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php //post the form fields from below | |
$name = $_POST['name']; | |
$machine = $_POST['machine']; | |
if ($machine != "") | |
{ | |
exit(); //if a spambot filled out the "machine" | |
//field, we don't proceed | |
} | |
else | |
{ | |
//validate the name and do stuff with it | |
} | |
?> | |
<!DOCTYPE html> | |
<html> | |
<head> | |
<title>Test Form</title> | |
<style> | |
/* hide the "machine" field */ | |
.machine { display: none; } | |
</style> | |
</head> | |
<body> | |
<form method="post" action=""> | |
<input name="name" /> | |
<!-- below field is hidden with css --> | |
<input name="machine" class="machine" /> | |
<!-- edit - show a warning (also hidden) to users with CSS disabled --> | |
<label for="machine" class="machine">If you are a human, don't fill out this field!</label> | |
<input type="submit" /> | |
</form> | |
</body> | |
</html> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Looks good, but I have one question. If the visitor is using a form-filling app, such as LastPass or Roboform, what's the likelihood that it will fill the honeytrap field?