{formantispam:slice_id}

Description

Emits hidden anti-spam fields to drop inside an anonymous submission form. In its bare form it adds a hidden honeypot text input named answer (kept out of view by a CSS rule): a human leaves it blank, but a bot that fills every field sets it, and filler.php rejects any post whose answer is not empty. Pass a slice id to add stronger CSRF protection: AA issues a one-time per-session token, switches page caching off, and emits two more hidden inputs - slice_id and aa_token - plus a small script that fills slice_id only after the visitor moves the mouse, types, or touches the screen. filler.php then refuses any post whose aa_token is missing, already used, or older than the token lifetime; the slice must also have anonymous posting set to the token-protected level. Place the command inside the form tag, before the visible fields. Output is runtime-dependent (the token changes every render), so it is never cached.

Parameters

slice_id optional

An AA slice id (32-character hex). Optional. With no slice id the command emits only the honeypot field. Give the slice that the form submits to, and the command additionally issues a one-time CSRF token (the slice_id and aa_token hidden inputs plus the human-interaction script). The slice must have anonymous posting set to the token-protected level for filler.php to enforce the token.

Examples

virtual{formantispam}
Expected
">Actual
The bare form. Place it inside any anonymous <form> that posts to filler.php; it emits a hidden honeypot text input named answer. A spambot that blindly fills every field sets answer, and filler.php rejects the post.
virtual<form method="post" action="/filler.php"><input type="hidden" name="slice_id" value=""><input type="hidden" name="ok_url" value="/thank-you">{formantispam}<input name="aa[n1_SLICE][headline........][0]"><button>Send</button></form>
Expected
">Actual
The real-world pattern. {formantispam} sits inside an anonymous submission <form> that posts to filler.php, just before the visible fields. It contributes only the hidden honeypot (and, with a slice id, the token inputs); the surrounding form markup is your own. Replace SLICE with your slice id. Output below is the rendered form - this is illustrative, not asserted.
virtual{formantispam:9e1d2b9f88e3d6c3bf0eb967378610d6}
Expected
">Actual
Pass a slice id to add a per-session CSRF token. AA stores a one-time token server-side, switches page caching off, and emits two extra hidden inputs (slice_id and aa_token) plus a small script that fills slice_id only after the visitor moves the mouse or types. filler.php then rejects any post whose aa_token is missing, already used, or expired. The slice must also have anonymous posting set to the token-protected level. Token value shown is illustrative - it differs every render.
← All expressions