Honey pot in my web form doesn't seem to stop bot submissions

Question

I have a form on my web page. I often get empty submission from what I assume are web bots. In order to stop this, I followed the advice of the accepted answer on this post and made a "honey trap" in order to stop automated submissions.

I'm not sure if I did something wrong, but I still get empty submissions about once a day.

Have I done something wrong, or is there another reason that this method will now work?

My HTML:

<form action="post.php" method="post">
      <label for="email"></label>
      <input type="email" placeholder="Enter your email address..."
         name="email" required>
      <input type="checkbox" name="contact_me_by_fax_only" value="1" style="display:none !important" tabindex="-1" autocomplete="off">
      <button type="submit" class="signupbtn">Sign Up</button>
</form>

My PHP:

<?PHP
$honeypot = FALSE;
$email = $_POST["email"];
if (!empty($_REQUEST['contact_me_by_fax_only']) && (bool) $_REQUEST['contact_me_by_fax_only'] == TRUE) {
    $honeypot = TRUE;
    log_spambot($_REQUEST);
    # treat as spambot
} else {
  mail("my@email.com", "Message from $email", "message here");
  header('Location: thanks.html');
}
?>

Answer 1

It is better practice to use isset() with checkboxes, rather than !empty(). Your checkbox has a value of 1 so it is considered as not being empty.

The way checkboxes work is that if it is checked, then it is "set".

This is more of a logic issue.

If you want to prevent a bot from automatically executing your code, check to see if the checkbox was "not" set/clicked and handle it from there.

Logic:

• If the checkbox is checked, a human did that action, then proceed.

• Check for empty fields that would require someone to type it in.

• If everything checks out, proceed with mailing.

• If the checkbox was not checked, halt the script from going any further and possibly show a message about it and log it.

You could make the checkbox "required" also, but using a server-side method to handle it all.