FormSpamProtection
==================
Tired of forms in your web application getting spammed? Captcha works but is a
pain. This plugin ensures a real person is submitting the form without
requiring anything from the user except that they have Javascript turned on.
This plugin uses the Hivelogic Enkoder, normally used to protect spambots from
harvesting e-mail addresses, to enkode a hidden field on the form. That field
is required when the user submits the form or they get an error.
To install:
./script/plugin install -x http://form-spam-protection.googlecode.com/svn/form_spam_protection/
To use: In your controller, just add:
protect_forms_from_spam
You can also specify :only or :except just like a before filter:
protect_forms_from_spam :only => :index
In fact, it is just a before filter. To protect only the form in one action
and the handling (but not the form) in another, do this:
before_filter :protect_form_from_spam, :only => :new
before_filter :protect_form_handler_from_spam, :only => :create
...though this is seldom necessary.
Bugs:
Please submit bugs through the tracker at http://code.google.com/p/form-spam-protection/issues/list
TODO:
* Add <noscript> tags to the form to display the "you must have Javascript on" message
* Make messages and resubmit limit configurable