-1

I need to implement a very basic honeypot hidden checkbox server side validation. This is my HTML form:

<form method="POST" action="handle-form.php">
    <input type="checkbox" id="validate_box" name="validate_box" style="display:none !important" tabindex="-1" autocomplete="off">
</form>

When I try to print out the $_POST['validate_box'] in my handle-form.php, it always returns 'on'. Same goes for isset($_POST['validate_box']), always returns true. It doesn't matter if the checkbox is checked or not.

I've also tried adding a custom default value to the checkbox and compare it in PHP, but same result.

What is the issue here?

Kristián Filo
  • 827
  • 2
  • 8
  • 25

1 Answers1

-2

This should be a pretty simple fix:

Set the input field to visibility:hidden and/or position:absolute instead. Fields will not be sent to the server with display:none, but will be with visibility:hidden. By also toggling "position" to "absolute" you should get the same visual effect.

Answer borrowed from: https://stackoverflow.com/a/8318442/15594929

Hope I could help. Have a great day/night (:

LaserKaspar
  • 43
  • 4
  • 1
    Also, putting `style="visibility: hidden"` right in the form element kind of screams "I am a honeypot field". Put that in the stylesheet. – Sammitch Jul 14 '21 at 22:53
  • Unfortunately this doesn't work at all. I've tried inline styling as well as external stylesheet, but the `$_POST['validate_box']` is **always** "on". – Kristián Filo Jul 15 '21 at 18:36