Honeypot

A simple way to try to keep bots from posting forms is to add a honeypot to your form.

The trick is to name the field to something that a bot is very likely to auto populate with a value.
Add a validation rule that the field should be empty using regex
Add autocomplete() to prevent validation errors from browsers autocomplete when the user tries to save the form.
Make it type('hidden')
Add the class('nosy') to prevent it from taking up space (the .nosy class exists in the theme.css)

Input::make('Street') //name the field to something that a bot has a high likelihood to auto populate
    ->rootAttr([ 'class' => 'hidden' ], false) //hides the fields root wrapper
    ->type('hidden')
    ->autocomplete('srteet') //deliberately misspelled autocomplete to avoid browser autofilling value in the honeypot
    ->custom() //make the field custom, to ignore it when saving the model
    ->class('nosy') //this class exists in the theme.css, makes the field hidden
    ->default('') //the honeypot should be empty
    ->rules('nullable|regex:/^$/i') //the form will not be saved if the field has a value

The `.nosy` class exists in the `theme.css` file:

/* honeypot field class */
.nosy {
    position: absolute;
    opacity: 0;
}

PreviousFileUpload NextImageCropper

Last updated 4 years ago

Was this helpful?

hashtagThe .nosy class exists in the theme.css file:

The `.nosy` class exists in the `theme.css` file: