Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
A simple way to add honeypot captchas in your Rails forms.
Ruby HTML CSS JavaScript CoffeeScript
branch: master

README.markdown

Honeypot Captcha

The simplest way to add honeypot captchas in your Rails forms.

Honeypot captchas work off the premise that you can present different form fields to a spam bot than you do to a real user. Spam bots will typically try to fill all fields in a form and will not take into account CSS styles.

We add bogus fields to a form and then check to see if those fields are submitted with values. If they are, we assume that we encountered a spam bot.

Installation

In your Gemfile, simply add

gem 'honeypot-captcha'

Usage

I've tried to make it pretty simple to add a honeypot captcha, but I'm open to any suggestions you may have. By default, create and update actions are protected. For other actions, see below.

form_for

Simply specify that the form has a honeypot in the HTML options hash:

<%= form_for Comment.new, :html => { :honeypot => true } do |form| -%>
  ...
<% end -%>

form_tag with block

Simply specify that the form has a honeypot in the options hash:

<%= form_tag comments_path, :honeypot => true do -%>
  ...
<% end -%>

form_tag without block

Simply specify that the form has a honeypot in the options hash:

<%= form_tag comments_path, :honeypot => true -%>
  ...
</form>

Protection for actions other than create and update

If you are submitting a form to a non-RESTful action and require honeypot protection, simply add the before filter for that action in your controller. For example:

class NewsletterController < ApplicationController
  prepend_before_filter :protect_from_spam, :only => [:subscribe]
  ...
end

Customizing the honeypot fields

Override the honeypot_fields method within ApplicationController to add your own custom field names and values. For example:

def honeypot_fields
  {
    :my_custom_comment_body => 'Do not fill in this field, sucka!',
    :another_thingy => 'Really... do not fill out!'
  }
end

Override the honeypot_string method within ApplicationController to disguise the string that will be included in the honeypot name. For example:

def honeypot_string
  'im-not-a-honeypot-at-all'
end

Note on Patches/Pull Requests

  • Fork the project.
  • Make your feature addition or bug fix.
  • Add tests for it. This is important so I don't break it in a future version unintentionally.
  • Commit, do not mess with rakefile, version, or history. (if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)
  • Send me a pull request. Bonus points for topic branches.

Author

Created by Curtis Miller of Velocity Labs, a Ruby on Rails development company.

Contributors

Copyright

Copyright (c) 2010 Curtis Miller. See LICENSE for details.

Something went wrong with that request. Please try again.