Adding a Honeypot Field Plugin to the Captcha Options #19286
Conversation
|
Personally I dont see the need to add this to the core |
|
Google Captcha v1 and v2 are outdated and the new "invisible recaptcha" creates a always visible google flag. I think a honeypot solution is much more userfriendly and does not display large flags like this in the page corner: |
| * | ||
| * @return string The HTML to be embedded in the form. | ||
| * | ||
| * @since 2.5 |
| * | ||
| * @return True if the answer is correct, false otherwise | ||
| * | ||
| * @since 2.5 |
| <fieldset name="basic"> | ||
|
|
||
| <field | ||
| name="fieldname" |
There was a problem hiding this comment.
name, type, label description
| @@ -24,7 +24,7 @@ class PlgCaptchaHoneypot extends JPlugin | |||
| * | |||
| * @return string The HTML to be embedded in the form. | |||
| * | |||
| * @since 2.5 | |||
| * @since 3.9 | |||
There was a problem hiding this comment.
sorry you misunderstood me - this should not be a version number but the string _DEPLOY_VERSION_
There was a problem hiding this comment.
Thank you!
| description="PLG_CAPTCHA_HONEYPOT_FIELDNAME_DESC" | ||
| type="text" | ||
| default="repeatmail" | ||
| name="fieldname" |
There was a problem hiding this comment.
you missed the second comment about the ordering - it should be
name, type, label, description
| * | ||
| * @return True if the answer is correct, false otherwise | ||
| * | ||
| * @since _DEPLOY_VERSION_ |
There was a problem hiding this comment.
2 underscores __DEPLOY_VERSION__
| * | ||
| * @return string The HTML to be embedded in the form. | ||
| * | ||
| * @since _DEPLOY_VERSION_ |
There was a problem hiding this comment.
2 underscores __DEPLOY_VERSION__
| } | ||
|
|
||
| return true; | ||
|
|
| /** | ||
| * Verifies if the honeypot field is empty | ||
| * | ||
| * @param string $code Answer provided by user. |
| public function onDisplay() | ||
| { | ||
| $doc = JFactory::getDocument(); | ||
| /* $doc->addStyleDeclaration('body label[for="' . $this->params->get("fieldname") . '"], body label[for="jform_captcha"], body label[for="jform_captcha"] + span.optional, body #' . $this->params->get("fieldname") . ' {display: none; visibility: hidden; }');*/ |
| { | ||
| $doc = JFactory::getDocument(); | ||
| /* $doc->addStyleDeclaration('body label[for="' . $this->params->get("fieldname") . '"], body label[for="jform_captcha"], body label[for="jform_captcha"] + span.optional, body #' . $this->params->get("fieldname") . ' {display: none; visibility: hidden; }');*/ | ||
| return '<input id="' . $this->params->get("fieldname") . '" name="' . $this->params->get("fieldname") . '" size="40" type="text" autocomplete="false" autofill="off" />'; |
| return true; | ||
|
|
||
| } | ||
|
|
|
|
||
| class PlgCaptchaHoneypot extends JPlugin | ||
| { | ||
|
|
|
Why do you allow the field name to be changed? Remember that as the field is only hidden from sighted users so in order for this to work as intended the fieldname must be something that a user of assistive technology would not think they need to complete, |
| public function onDisplay() | ||
| { | ||
| $doc = JFactory::getDocument(); | ||
| /* $doc->addStyleDeclaration('body label[for="' . $this->params->get("fieldname") . '"], body label[for="jform_captcha"], body label[for="jform_captcha"] + span.optional, body #' . $this->params->get("fieldname") . ' {display: none; visibility: hidden; }');*/ |
There was a problem hiding this comment.
Remove body from the scope in the CSS
|
@C-Lodder the body scope was on purpose to enforce hiding the label without using an important. I mean when any 3rd Party Template would have a style for that. What do you think, should I really remove the scope? |
|
@brianteeman thought i would keep it flexible when allowing to change the fieldname so if someone woukd have a repeatmail field for real the conflict could be resolved. How to tell screenreaders that this field is not important i will investigate. |
As far as I am aware that is not possible |
|
I got some more feedback outside this PR and want to put it on hold for a few weeks until I have the time to implement all suggestions. Thanks for reviewing to everyone. |
|
I searched for different possibilities to make the Honeypot - really - accessible but i did not found a method. I think we need something in core that is Google-Independant - but i have no idea what. Closing this for now. |
Summary of Changes
Altough Honeypot is not really a "captcha" functionality I think it fits best in the captcha plugin group. This plugin creates a hidden field named "repeatmail". The field name can be changed by the user. If repeatmail is filled, the form can't be sent.
Testing Instructions
Enable the Honeypot in the Captcha Options in your main configuration.
Documentation Changes Required
Yes, as it's a new feature