hankknight
asked on
CSS to remove input value in form
In the answer to this question:
https://www.experts-exchange.com/questions/23259201/simplest-captia-possible.html
Roonaan suggested that a simple alternative to captcha is to have an input with a style of display:none and give it both a name and a value then process the form only if that field is empty.
I have tried his suggestion without success. The value seems to be passed even when the input style is set to display: none
Am I missing something?
https://www.experts-exchange.com/questions/23259201/simplest-captia-possible.html
Roonaan suggested that a simple alternative to captcha is to have an input with a style of display:none and give it both a name and a value then process the form only if that field is empty.
I have tried his suggestion without success. The value seems to be passed even when the input style is set to display: none
Am I missing something?
<?php
if (!empty($_POST['valid']))
echo $_POST['valid'];
?>
<form action="formTest.php" method="post">
<input type="text" name="valid" value="Remove This If You Are a Person" style="display: none" />
<input type="submit" name="submit" value="Submit" />
</form>
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hank, you can use a form token to accomplish what you want. Code below. It's an easy drop-in.
Best regards, ~Ray
Best regards, ~Ray
// ALWAYS START A SESSION AT THE TOP OF EVERY PAGE
session_start();
// HERE ARE THE TOKEN FUNCTIONS
/* ************************************************************************* */
function make_form_token()
{ // MAKE YOUR OWN VERSIONS OF X AND Y - CONSIDER USING MICROTIME, ETC
$string = "X" . time() . $_SERVER["SCRIPT_FILENAME"] . "Y";
$token = md5($string);
$_SESSION["_form_token"] = $token;
return $token;
}
function check_form_token($token=null)
{ // EVALUATE THE IDENTITY OF THE TOKEN
if (empty($token)) { $token = $_POST["_form_token"]; }
if ($token == $_SESSION["_form_token"]) {
$_SESSION["_form_token"] = md5($_SESSION["_form_token"]); // MUNG THE TOKEN
return true;
}
return false;
}
function form_token_error()
{ // IF YOU LIKE YOUR CLIENTS, YOU CAN MAKE THIS FRIENDLY
die("Server Error F");
}
/* ************************************************************************** */
// HERE IS THE LINE of HTML IN THE FORM SCRIPT
<input type="hidden" name="_form_token" value="<?=make_form_token();?>" />
// CHECK FORM TOKEN IN THE ACTION SCRIPT
if (!check_form_token()) { form_token_error(); }
@hankknight: Normally, it is a good idea to test the answers before you accept them. One test you might want to consider on this topic is the test of what happens if a client's browser does not obey the CSS you have employed. For example, let's say a client has poor eyesight and uses an audio accessibility aid or a screen reader. You've tried to be "tricky" but instead you've just bought yourself a thorny accessibility issue. Depending on who your clients are, that could make for bad publicity. Just a word to the wise. Best regards to all, ~Ray
You raise a good point with accessibility but if you add a label to the input field and hide that as well using CSS. The label could read: leave this field empty. Screen readers would read this to the user and the user would know to leave the field empty.
@ncoo: That's an excellent idea! Thanks, ~Ray
If so then try this:
Open in new window