\HoneypotForm
Honeypot form, auto-generates a honeypot field with random name and ensures it's correctly empty on submission.
This check is provided via a separate function so that it doesn't
interrupt the validation system, which is designed to show a message
to the user; exactly what we don't want in this case.
Synopsis
class HoneypotForm
extends Form
{
- // members
- public static integer $minimum_formfill_seconds = 10;
- public static boolean $use_timestamps = false;
- protected string $honeypot = '';
- protected static boolean $force_token = false;
- protected static string $css_class = '';
- // methods
- protected string getToken()
- public void getHoneypotFieldName()
- protected void setToken()
- protected string getTimeFieldName()
- public void __construct()
- public boolean validateHoneypot()
- public static void render_css()
- public static void set_force_token()
Hierarchy
Extends
- Form
Members
protected
- $css_class
—
string
Randomized value used as a css classname to keep the honeypot element hidden from users. - $force_token
—
boolean
Use this to prevent generation of a random field name each time. - $honeypot
—
string
The hash used as a token for this form.
public
- $minimum_formfill_seconds
—
integer
The minimum amount of time (seconds) to fill in the form. - $use_timestamps
—
boolean
If this is false, then timestamp fields won't be added or checked
Methods
protected
- getTimeFieldName() — Generate the name of the timestamp field
- getToken() — Fetch this token from the session
- setToken() — Set the token (more correctly generate).
public
- __construct() — Create a new Honeypot form, that is a form with a honeypot field; if the honeypot field is filled in, the form submission will silently fail.
- getHoneypotFieldName()
- render_css() — Render the CSS for the honeypot field so that the field is hidden, without using a predictable classname or an inline 'display:none'.
- set_force_token()
- validateHoneypot() — Check whether the honeypot field was (thus incorrectly) filled in.