RPeraltaJr
3/8/2017 - 5:16 PM

Prevent XSS Attacks and Spamming. Creating a honeypot field.

Prevent XSS Attacks and Spamming.
Creating a honeypot field.

A honeypot is a field added to the form that the users can't see due to CSS or JavaScript (which hides the field). Honeypots are awesome because they don't inconvenience users like a captcha and they are a valid tool for thwarting spam bots.

<input type="text" name="a_password" tabindex="-1" autocomplete="off">
<?php 

// ....

// * honeypot (anti-spam)
if( isset($_POST['a_password']) && trim($_POST['a_password']) !== "" ):
    $response->error = true;
    $response->messages[] = "Robot verification failed, please try again.";
endif;
input[name='a_password'] {
  display: none;
}