Honeypot (better than CAPTCHA)

Created: Oct 20, 2014
Author: Kivi Shapiro
Title: Senior Interaction Designer
Company: Qualicom Innovations
Site: http://www.qualicom.com
Tags: form handling

Description

This code implements honeypots (http://haacked.com/archive/2007/09/11/honeypot-captcha.aspx/), a user-friendly alternative to CAPTCHA for preventing spam. Easy and accessible for users and highly effective. Easy to implement in Dotcms too:

Add a field to your structure with an enticing name like "URL".
Make it required.
Give it a regex that can only be satisfied with one particular value, e.g. "blue". For added userfriendliness you can make it case-insensitive e.g. "[Bb][Ll][Uu][Ee]".
In the label, ask users a question that they will answer with the value given, e.g. "Sorry, just checking that you're a person. What colour is the sky?"

You can also use JavaScript to fill in the field and hide it, so the user doesn't see or have to do anything at all. Caveat: this is susceptible to spambots that can run JavaScript.

The code below includes two snippets that you would incorporate in your form: some HTML (which gets hidden via JavaScript) and some code. The "URL" field is hidden only via JavaScript so that a human viewing your page with JavaScript turned off can still pass validation.

Link: https://groups.google.com/d/msg/dotcms/CZxG-edpb0s/r71eDPOu1DwJ

Code

<!-- include this part in your form -->
<p class="text">
  <label for="url">We have to ask a very simple question to make sure you're human.  What colour is the sky?</label>
  <input type="text" name="url" id="url" maxlength="225" value="Please remove this text" autocomplete="off">
</p>
<!-- end -->

<!-- include this part at the bottom of your page --> 
<script>
  $(function() {
    "use strict";

    $('#url').parent().hide();
    $('input').focus(function(){
      $('#url').val('bluE'); // Use unusual capitalization so we can identify which users had this field filled in for them by JavaScript
    });
  }); // jQuery
</script>
<!-- end -->