0

I'm trying to use this gem to create a honeypot field, but I'm not sure how to implement it. How does the form know which field to make the honeypot and where do I specify the label? Here is the code I've used for the field, however when I run the app the form appears to be visible:

= form_for(:invitation, :url => request_invite_path, :html => {:id => 'login_form', :honeypot => true}) do |form|
      = form.text_field :email, :size => nil
      = form.text_field :honeypot #This field was created to store the honeypot input
      %button{:type => "submit"} Request Invite

This honeypot is being used on a registration form which only asks for email address and then there is the extra honeypot field which is hidden. I currently have an invitation service, so when people input their email, an invitation is created and I can accept or reject it. What I want to do is get rid of the invitation feature, but I figure I can use this invitation feature in conjunction with the honeypot field to stop bots from registering.

Is there a way for me to skip the models and still use the honeypot field to either accept or reject the invitation? I don't actually need to store the honeypot data, but I need to use it to decide whether or not the invitation should be accepted.

So it should work like this:

  1. User gets to landing page
  2. User sees registration form consisting of
    1. email address input box
    2. honeypot field which is hidden
  3. If a bot registers it will fill in the honeypot, so when the invitation is being created I can automatically accept the ones that don't fill out the honeypot and the ones that do will be rejected.

One more thing, how do I test the honeypot field to see if its working? I want to fill it out and see if my code is doing what its supposed to.

GiH
  • 14,006
  • 13
  • 43
  • 56
  • Related: [Better Honeypot Implementation (Form Anti-Spam)](http://stackoverflow.com/questions/36227376/better-honeypot-implementation-form-anti-spam/36227377) – Nicholas Summers Mar 31 '16 at 20:19

3 Answers3

1

I'm sorry you didn't understand my previous answer, I'll rephrase it

So from what I get, you have a landing page form in which the user has to enter an email, and there's a honeypot to filter bots.

  1. if you're using that gem, you'll see that you don't need to add yourself the honeypot field to the form. (i don't exactly see the purpose of using a gem for this but anyway..)

  2. when you do add a text field to the form and want it to be invisible, you need to make it invisible yourself (that's how text fields work)

  3. if you're using a honeypot for filtering bots, when a bot submits the form to the controller, and has filled out both the email and the honeypot you just add a before_filter :check_honeypot, and in that function check if the honeypot field is either empty or not, and if it's not, well you have a bot, right? so reject it automatically

Andrei S
  • 6,486
  • 5
  • 37
  • 54
  • Much better thanks :), but still, sorry I'm a noob and I'm confused as to how to implement that gem. I'm not able to roll my own just yet, plus its my first gem. The gem says to implement the honeypot all I need to do is the code ":honeypot =>true" like above, so shouldn't that then hide the field (or form depending on how it works)? Or if you have a suggestion on how to roll my own that would work too. If I don't need the honeypot text field, I'm not storing honeypot info, so what am I passing to the controller to do the check? – GiH Feb 29 '12 at 16:42
  • also, how do i test the field? If its working, its hidden haha – GiH Feb 29 '12 at 17:06
  • well, regarding that field, either if you're using that gem or adding the hidden field yourself, just inspect the page in the browser while the server is running, with a tool like firebug for example. to add some text inside the field just pull out the `display: none` from it and start typing – Andrei S Feb 29 '12 at 20:04
  • If my answer solved your problem you could consider marking the question as solved – Andrei S Mar 02 '12 at 09:06
  • i tried to edit your question in order to give you credit for helping me find the right answer, but stackoverflow rejected my changes so I can't accept your answer, if you want the credit just copy paste my answer into another answer and ill accept it, but for now i've put an answer myself and accepted it – GiH Mar 05 '12 at 01:35
0

Refer this one for both client and server side honeypot tutorial Secure Forms and comments from bots using Honeypot

Sriram G
  • 369
  • 3
  • 14
0

So from what I get, you have a landing page form in which the user has to enter an email, and there's a honeypot to filter bots.

  1. If you're using that gem, you'll see that you don't need to add yourself the honeypot field to the form. When you implement it with :honeypot => true in the html options, it automatically creates a hidden text field with the appropriate label for accessibility.

  2. If you're using a honeypot for filtering bots, when a bot submits the form to the controller, and has filled out both the email and the honeypot, you just add a before_filter :protect_from_spam. If you want to do anything special in that function you can override its defaults within the controller as well.

  3. You can test it by inspecting the element in the browser (with Firebug on Firefox for example) simply by changing the css display: of the honeypot from none to inline. This way you can fill in that field and see what happens when you do without actually changing the code.

GiH
  • 14,006
  • 13
  • 43
  • 56