Link to home
Start Free TrialLog in
Avatar of hankknight
hankknightFlag for Canada

asked on

CSS to remove input value in form

In the answer to this question:

https://www.experts-exchange.com/questions/23259201/simplest-captia-possible.html

Roonaan suggested that a simple alternative to captcha is to have an input with a style of display:none and give it both a name and a value then process the form only if that field is empty.

I have tried his suggestion without success.  The value seems to be passed even when the input style is set to display: none

Am I missing something?
<?php
 
if (!empty($_POST['valid']))
echo $_POST['valid'];
 
?>
 
<form action="formTest.php" method="post">
 <input type="text" name="valid" value="Remove This If You Are a Person" style="display: none" />
 <input type="submit" name="submit" value="Submit" />
</form>

Open in new window

Avatar of supertone44
supertone44
What is the name/value pair that keeps getting passed? Is it valid=Remove This If You Are a Person?

If so then try this:


<input type="text" name="valid" value="<?php echo $_POST['valid'];?>" style="display:none;" />

Open in new window

ASKER CERTIFIED SOLUTION
Avatar of ncoo
ncoo
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Ray Paseur
Ray Paseur
Flag of United States of America image
Hank, you can use a form token to accomplish what you want.  Code below.  It's an easy drop-in.

Best regards, ~Ray
// ALWAYS START A SESSION AT THE TOP OF EVERY PAGE
session_start();
 
 
// HERE ARE THE TOKEN FUNCTIONS
/* ************************************************************************* */
function make_form_token() 
{ // MAKE YOUR OWN VERSIONS OF X AND Y - CONSIDER USING MICROTIME, ETC
	$string = "X" . time() . $_SERVER["SCRIPT_FILENAME"] . "Y";
	$token  = md5($string);
	$_SESSION["_form_token"] = $token;
return $token;
}
 
function check_form_token($token=null) 
{ // EVALUATE THE IDENTITY OF THE TOKEN
	if (empty($token)) { $token = $_POST["_form_token"]; }
	if ($token == $_SESSION["_form_token"]) {
		$_SESSION["_form_token"] = md5($_SESSION["_form_token"]); // MUNG THE TOKEN
return true; 
}
return false;
}
 
function form_token_error() 
{ // IF YOU LIKE YOUR CLIENTS, YOU CAN MAKE THIS FRIENDLY
	die("Server Error F");
}
/* ************************************************************************** */
 
 
// HERE IS THE LINE of HTML IN THE FORM SCRIPT
<input type="hidden" name="_form_token" value="<?=make_form_token();?>" />
 
 
// CHECK FORM TOKEN IN THE ACTION SCRIPT
	if (!check_form_token()) { form_token_error(); }

Open in new window

Avatar of Ray Paseur
Ray Paseur
Flag of United States of America image
@hankknight: Normally, it is a good idea to test the answers before you accept them.  One test you might want to consider on this topic is the test of what happens if a client's browser does not obey the CSS you have employed.  For example, let's say a client has poor eyesight and uses an audio accessibility aid or a  screen reader.  You've tried to be "tricky" but instead you've just bought yourself a thorny accessibility issue.  Depending on who your clients are, that could make for bad publicity.  Just a word to the wise.  Best regards to all, ~Ray
Avatar of ncoo
ncoo
You raise a good point with accessibility but if you add a label to the input field and hide that as well using CSS. The label could read: leave this field empty. Screen readers would read this to the user and the user would know to leave the field empty.
Avatar of Ray Paseur
Ray Paseur
Flag of United States of America image
@ncoo: That's an excellent idea!  Thanks, ~Ray