Simple honeypot (fixes #134) (#135)

inc/helpers/namespace.php

@@ -9,6 +9,7 @@ namespace Aldine\Helpers;
 
 use function \Pressbooks\Metadata\book_information_to_schema;
 use function \Pressbooks\Metadata\is_bisac;
+use function \Pressbooks\Utility\str_starts_with;
 use Pressbooks\Book;
 
 /**
@@ -259,6 +260,12 @@ function handle_contact_form_submission() {
 		return false; // Security check failed.
 	}
 	if ( isset( $_POST['submitted'] ) ) {
+		// Check the fake anti-spam honeypot field.
+		foreach ( $_POST as $pkey => $pval ) {
+			if ( str_starts_with( $pkey, 'firstname' ) && ! empty( $pval ) ) {
+				return false; // Honeypot failed.
+			}
+		}
 		$contact_email = get_option( 'pb_network_contact_email', get_option( 'admin_email' ) );
 		$output = [];
 		$name = ( isset( $_POST['visitor_name'] ) ) ? $_POST['visitor_name'] : '';
@@ -315,7 +322,7 @@ function handle_contact_form_submission() {
 		}
 		return $output;
 	}
-	return;
+	return false;
 }
 
 /**

partials/contact-form.php

@@ -11,6 +11,7 @@
 $pb_network_contact_form_title = get_option( 'pb_network_contact_form_title' );
 $contact_form_title = ( ! empty( $pb_network_contact_form_title ) ) ? $pb_network_contact_form_title : __( 'Contact Us', 'pressbooks-aldine' );
 $contact_form_response = \Aldine\Helpers\handle_contact_form_submission();
+$honeypot = 'firstname' . rand();
 
 ?>
 
@@ -22,6 +23,12 @@ $contact_form_response = \Aldine\Helpers\handle_contact_form_submission();
 		<?php endif; ?>
 		<?php wp_nonce_field( 'pb_root_contact_form', 'pb_root_contact_form_nonce' ); ?>
 		<input type="hidden" name="submitted" value="1">
+		<p class="form__row" style="display:none;">
+			<input type="text" name="<?php echo $honeypot; ?>" id="<?php echo $honeypot; ?>"/>
+			<label for="<?php echo $honeypot; ?>">
+				<?php _e( 'Keep this field blank (required)', 'pressbooks-aldine' ); ?>
+			</label>
+		</p>
 		<p class="form__row">
 			<input id="contact-name" 
 			<?php