Simple honeypot for an HTML form using PHP

honeypot-example.php

<?php

//check if form was sent
if($_POST){

	$to = 'some@email.com';
	$subject = 'Testing HoneyPot';
	$header = "From: $name <$name>";

	$name = $_POST['name'];
	$email = $_POST['email'];
	$message = $_POST['message'];

	//honey pot field
	$honeypot = $_POST['firstname'];

	//check if the honeypot field is filled out. If not, send a mail.
	if( ! empty( $honeypot ) ){
		return; //you may add code here to echo an error etc.
	}else{
		mail( $to, $subject, $message, $header );
	}
}

?>

<html>
	<head>
		<title>HoneyPot for HTML Form Example</title>
		<style>
		.hide-robot{
			display:none;
		}
		</style>
	</head>

	<body>

		<form method="post" action="#my-form" id="my-form">
			<!-- Create fields for the honeypot -->
			<input name="firstname" type="text" id="firstname" class="hide-robot">
			<!-- honeypot fields end -->
			
			<input name="name" type="text" id="name" placeholder="Name" required><br>
			<input name="email" type="email" id="email" placeholder="Email" required><br>
			<textarea name="message" id="message" placeholder="Enter your message here" required></textarea><br>
			<input type="submit">
		</form>

	</body>
</html>

such a cool code

Brilliant concept, thanks.

Didn't see these, thanks for the feedback! Appreciate it!

forgive my ignorance, but how would i apply this to my phpbb board? thank you very much in advance!

I'm rahter ignorent to this: do I copy & paste in code for my form? Do I have to fill in url or some?
Thanks for support! :-) hethanna

This did not work for me:
if( $honeypot > 1 )
but this did:
if ( !empty($honeypot) )

Good. Thanks for all.

This did not work for me:
if( $honeypot > 1 )
but this did:
if ( !empty($honeypot) )

This worked for me! Ty

Thanx for the code!

<!-- Create fields for the honeypot -->
<input name="firstname" type="text" id="firstname" class="hide-robot">
<! -- honeypot fields end -->

My only question is: does this work with browsers autofill and/or password managers?
I doubt it since the field name firstname is chosen so common.
Would it not be better to use another name like "email2" or something?

Thanx for the code!

<!-- Create fields for the honeypot -->
<input name="firstname" type="text" id="firstname" class="hide-robot">
<! -- honeypot fields end -->

My only question is: does this work with browsers autofill and/or password managers?
I doubt it since the field name firstname is chosen so common.
Would it not be better to use another name like "email2" or something?

Just stumbled upon autocomplete="off"... maybe this is the solution!

You can use autocomplete="off" to prevent this from auto completing, will update it.

Pretty nice. It Works like a charme. Easy to use and very effective

Maybe your should add this on your html input field too:
tabindex="-1"

It prevents that someone tab the input honeypot field.

Thank you! autocomplete="off" does not work for me with chrome. I just set autocomplete="random_value". Now it works :)

Many bots are now onto the "display: none" style or any style with the words "hidden" or "hide" in the name. Instead, use the following style to hide your input field:
.myblank {
opacity: 0;
position: absolute;
top: 0;
left: 0;
height: 0;
width: 0;
z-index: -1;
}

Hi ! The php part didn't get reconigze in my code

Brilliant.

Small performance improvement, probably indifferent in this case but in it might help if you have huge code.

Checking the return case early

Example:

if($_POST){
	//check if the honeypot field is filled out. If not, send a mail.
	$honeypot = $_POST['firstname'];
	if(!empty( $honeypot )) return;

        //proceed to send mail
	$to = 'some@email.com';
	$subject = 'Testing HoneyPot';
	$header = "From: $name <$name>";

	$name = $_POST['name'];
	$email = $_POST['email'];
	$message = $_POST['message'];

        mail( $to, $subject, $message, $header );
}

Now, I am trying to get the whole idea of this. How does the firstname input work as the honeypot field?

@Fortuneod

Well, the firstname input is invisible thanks to the css, so an actual user won't be able see or fill it. Only way to fill it would be some sort of script so a spam script fills it as it sees it as an input. Therefore, it's a clever way to distinguish a person and a bot to prevent spam.

@unobatbayar

Thanks for the response. I get it clearly now

@wvlnsr, you'd add it to the same page as your form. It checks if there's been POST parameters and runs it through a check. If the firstname dummy field is filled it won't send the email to your address 👍

Thanks for the response. I

That worked like a charm.
I used only few lines in my ready made web post form - honeypot field and check
And few lines in html part.
Now will look how many will overcome.
But these spambots are crazy - as soon as I put website online, I got one spam per 2 min. Disaster.

Thanks to you for code!

Hello all,
I am also struggling with spam and looking for a way to get this problem under control.

I have a question about the code, is this exactly as specified above inserted on the same page as text or is this inserted under Contact form 7 (additional settings).

do I need to customize the code other than the placeholder texts?

Sorry for my simple questions.
Thanks in advance :)

These are good tips. Can anyone suggest if its a good idea to use a form backend service to stop form spam?