I have a comment form on my website which is on every page (it's built into the template). I'm trying to use the hidden field method to combat spamming of the contact form.
I am trying to set up my form so that if a bot fills in the hidden field they will be sent to a dummy thanks page (form_thanks.html) and no email will be sent to me, and if the field is blank then the email will be generated and the user will go to the real thanks page.(thanks.html). The client does not want to use captchas or questions (e.g. 2+1 =  ) as we want to keep the comment form as clean and simple as possible.
This is my form code:
<form action="../scripts/FormToEmail.php" method="post" id="commentForm" name="commentForm" >
<label for="name">Your name:</label><input name="name" type="text" id="name" class="required" required=="required" />
<label for="email">E-Mail Address:</label><input name="email" type="text" id="email" class="required" required=="required"
<label for="phone">Phone Number (optional):</label> <input name="phone" type="text" class="digits" id="phone"/>
<label for="comments">Message:</label> <textarea name="comments" type="text" id="comments" class="required" cols="80" rows="4" required=="required"></textarea>
<!-- The following field is for robots only, invisible to humans: -->
<label class="lastname">Please do not fill</label><input type="text" name="<?= $default_1 ?>" />
<!-- TemplateBeginEditable name="PageID" -->
<input name="FromPage" type="hidden" id="FromPage" value="" />
<!-- TemplateEndEditable -->
<input type="submit" name="Submit" value="Submit" />
<input type="reset" name="Clear" id="Clear" value="Clear Form" />
The class 'lastname' is set to hidden. The form works but spam still gets through as all emails are sent regardless of whether the hidden field is filled or not.
I've been trying to add code to FormToEmail.php to tackle this but have been unsuccessful.
The additional code I have added is :
$decoy = array('d_name','d_password','d_pw','d_user','d_username','d_comment');
$default_1 = $decoy[array_rand($decoy)];
if ($decoy == $value)
else header("Location: http://www.mywebsite.com/forms/thanks.html");
I'm thinking that if the $decoy field has a value then it's probably filled with spam and they should be redirected to the dummy page at form_thanks.html and if its blank, it's most likely genuine and then they should be sent to thanks.html and an email submitted. I'm not sure how to redirect the spammer and end the submission, whilst allowing genuine comments to be submitted and then sent to the thanks page.
Any help is greatly appreciated!