There was a recent discussion on the main list about securing forms
from bots. One of the tricks used on the FreewayTalk site is to inject
the forms into the page using Ajax. Since a lot of bots go looking for
registration forms using basic Web crawler technology, and those bots
don’t usually evaluate JavaScript, this provides a neat barrier to
automated entry. It’s pretty simple to do in a basic way, and if you
want to also use the technique to have forms that submit without a
page refresh, that can be added later.
Install the Protaculous Action, if you haven’t already. <http://freewaypro.com/actions/downloads/
Make a form, and an associated handler for it. This form can be made
in Freeway, but you will need to “cut down” the resulting page using
the PHP Make Insert Page Action or similar, because you want to end up
with just the form itself, with no HTML HEAD BODY tag sandwich around
it. You will be inserting this form into another page in your site
using JavaScript. Be sure that your form submits either directly to
its handler, or to the page you will be inserting the form into –
don’t have it submit to itself.
Now, on the page where you want the form to appear, draw a simple HTML
box where the form should go. Set the name of this box to something
memorable, like formGoesHere.
Apply the Protaculous Action to the page, and then click on the top
Function Body button and enter the following (adjusted for YOUR naming):
new Ajax.Updater('formGoesHere',
'yourFormPage.html',
{'method':'get'}
);
Now preview the page in a browser. If all goes well, you should see
your form appear within the page as if it was part of it all along.
A crawler will never see this code, and your users will never know the
difference, unless they have disabled JavaScript.
Walter
dynamo mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options