This is the form example:
title: 'Contact Form'
form:
name: contact
action: /form/contact
template: form-messages
refresh_prevention: true
classes: denuo
fields:
name:
type: honeypot
UthcCKLVLEkr:
type: text
label: Name
placeholder: 'Fist and Last name'
autocomplete: name
validate:
required: true
message: 'Enter your name'
UthcCKZXaFMl:
type: text
label: E-mail
placeholder: your@email.com
validate:
type: email
required: true
message: 'Enter your email'
buttons:
submit:
type: submit
classes: 'btn btn-danger'
value: 'Submit'
process:
azrlogicapp:
formname: WebContact
**hash: UthcCK**
formtype: Contact
**map: '{"name":"LVLEkr","email":"ZXaFMl"}'**
display: thankyou
There is a random ID (consisting of 2 parts) for the form elements (not describing their usage) + a standard one with ID “name” (bots are usually looking for the common IDs). custom plugin (azrlogicapp) does the processing and there are two parts in the plugin config (marked bold above):
- hash: contains the first part of the input ID (same for all inputs in the form)
- map: the second part of the ID.
plugin later translates this into the “meaningful” ID and does the processing. Plugin evaluates if the “name” ID is empty or not - if it is not empty = bot. The idea behind this is not to have real ID/input names available in the form.
not bulletproof but will avoid 99% bots. As I said using this solution 3+yrs with almost zero spam. And I don’t need to bother users with the captcha,…
[@hughbris edited 2022-11-29 to format YAML since this is pretty important]