PHP form - with validation honeypot

mewebs picture mewebs · Jul 29, 2013 · Viewed 12.5k times · Source

I have the below for that works well, but is open for spam bots. I want to put in a honeypot, not a captcha. The code below works with the validation for the name, email, message, but I can not get it to work with the honeypot.

Can anyone look at the "honeypot" code and tell me how to fix it?

I would like for the form to give an $success2 = "No Spamming allowed" that acts like the form was submitted, but does not actually submit the form.

Thanks

The Form:

<form id="contactform" action="send2.php" method="post"><div id="success"></div><div id="error"></div>
<label for="name">Name:</label><input type="text" id="name" name="name"/>
<label for="email">Email:</label><input type="text" id="email" name="email"/>
<label for="message">Message:</label><textarea id="message" name="message" rows="12" cols="20"></textarea>
<label id="robot">Are you a robot?</label><input type="text" name="robot" id="robot"> 
<input type="submit" value="Send your message" id="send" />
</form>

The PHP: can be found here: http://goviewmy.com/contact/showcode/

Sorry, but i cannot get the PHP code to post in this question, so I attached a link to it.

Thanks

Answer

robz228 picture robz228 · Jul 29, 2013

Honeypots work best if they have a field name that sounds legit, they should also be hidden using javascript to change the css after the page loads. (Most) bots don't have javascript enabled so they cannot process that this field should not be filled out.

I use something like this:

<div class='req'>
    <label for='website'>Leave blank</label>
    <input type='text' name='website'>
</div>

Hide it with jquery:

$(document).ready(function(){
    $(".req").hide();
});

reject it server side if the field is filled out with something like this

if($_POST['website'] != ''){
    echo "It appears you are a bot!";
}
else{
//process the rest of the form
}