The simplest way to add honeypot captchas in your Rails forms.
Honeypot captchas work off the premise that you can present different form fields to a spam bot than you do to a real user. Spam bots will typically try to fill all fields in a form and will not take into account CSS styles.
We add bogus fields to a form and then check to see if those fields are submitted with values. If they are, we assume that we encountered a spam bot.
In your Gemfile, simply add
gem 'honeypot-captcha'
I've tried to make it pretty simple to add a honeypot captcha, but I'm open to any suggestions you may have.
Simply specify that the form has a honeypot in the HTML options hash:
<% form_for Comment.new, :html => { :honeypot => true } do |form| -%>
...
<% end -%>
Simply specify that the form has a honeypot in the options hash:
<% form_tag comments_path, :honeypot => true do -%>
...
<% end -%>
Simply specify that the form has a honeypot in the options hash:
<%= form_tag comments_path, :honeypot => true -%>
...
</form>
If you have a certain form that is submitted to a non-resource-full controller, but you still want to protect this form, you should add a before-filter to the controller processing the form data:
class ProtectedController < ApplicationController
before_filter :protect_from_spam, :only => :save_data
...
end
(assuming the form gets processed by calling the save_data action on the ProtectedController)
- Fork the project.
- Make your feature addition or bug fix.
- Add tests for it. This is important so I don't break it in a future version unintentionally.
- Commit, do not mess with rakefile, version, or history. (if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)
- Send me a pull request. Bonus points for topic branches.
Written by Curtis Miller of Flatterline
Copyright (c) 2010 Curtis Miller. See LICENSE for details.