Posted
There are several ways of protecting web forms from spam; one of these is the HoneyPot input - that's a form input that isn't visible to a human user but will probably be seen and completed by a spam bot. So if there is a value in the input the form is probably spam. This FAQ tells you how to set up a HoneyPot input.
If you are using CFv5 there is a different form of HoneyPot check built in. You can still use the method shown if you prefer - it is especially useful if your form is cached as it does not rely on a saved key.
- Add an input to your form; we'll use a text input here but you could also use a drop-down select box with a 'Show Empty' value set. You need to add a label, name and ID to the element so that it that looks 'normal'; we'll call ours 'confirm'.
-
Drag a Load CSS action into the On Load event of the form and add a CSS snippet to hide the input. We want to hide the whole input div to make the input invisible so the CSS will be like this:
div#confirm_container_div { display: none; } - Drag a Custom Code action into the On Submit event and put it up at or near the top of the event. Add this code to it.
-
<?php if ( $form->data['confirm'] != '' ) { $mainframe->redirect('http://www.ic3.gov/default.aspx'); } ?>This checks the confirm box and if there is a value set redirects the user away from the site. (This is set to go to the Internet Crime Complaint Center but any appropriate URL is OK.)
Note: this will offer protection against spambots that read the page HTML; it will not protect agaist human spammers who will not see the hidden input.