32 lines
1.3 KiB
Text
32 lines
1.3 KiB
Text
|
FormSpamProtection
|
||
|
==================
|
||
|
|
||
|
Tired of forms in your web application getting spammed? Captcha works but is a
|
||
|
pain. This plugin ensures a real person is submitting the form without
|
||
|
requiring anything from the user except that they have Javascript turned on.
|
||
|
|
||
|
This plugin uses the Hivelogic Enkoder, normally used to protect spambots from
|
||
|
harvesting e-mail addresses, to enkode a hidden field on the form. That field
|
||
|
is required when the user submits the form or they get an error.
|
||
|
|
||
|
To install:
|
||
|
./script/plugin install -x http://form-spam-protection.googlecode.com/svn/form_spam_protection/
|
||
|
|
||
|
To use: In your controller, just add:
|
||
|
protect_forms_from_spam
|
||
|
|
||
|
You can also specify :only or :except just like a before filter:
|
||
|
protect_forms_from_spam :only => :index
|
||
|
|
||
|
In fact, it is just a before filter. To protect only the form in one action
|
||
|
and the handling (but not the form) in another, do this:
|
||
|
before_filter :protect_form_from_spam, :only => :new
|
||
|
before_filter :protect_form_handler_from_spam, :only => :create
|
||
|
...though this is seldom necessary.
|
||
|
|
||
|
Bugs:
|
||
|
Please submit bugs through the tracker at http://code.google.com/p/form-spam-protection/issues/list
|
||
|
|
||
|
TODO:
|
||
|
* Add <noscript> tags to the form to display the "you must have Javascript on" message
|
||
|
* Make messages and resubmit limit configurable
|