I did actually fix it, in regards to what I truly believed was the issue, and essentially still do ... You managed to send an email within 3 seconds from the website loads? This is what bots do, and is therefore considered spam. Can you honestly go to a contact page (either load a page directly, or click from the menu), and then manage to fill your email address and a meaningful text message and send within 3 seconds? It could be technically possible if you already have the email+name stored there, but I still don't believe anyone can mouse-focus the text message field, input some meaningful text for communication, and then click the "send" button all within 3 seconds ...
So yes you might achieve that response if you try and enter some junk into the text area. If your human client achieved that while sending a meaningful message? I really don't think this is even remotely possible ... Therefore, I'm pretty sure it is not the same issue that your customer is seeing ...
Yes I did resolve the issue which I was pretty sure was causing issues earlier. It no longer populates "honeypot" hidden inputs on various focus-events. They are pre-populated now (in Javascript), without requiring any user events. Then there is the PHP, which correctly checks all:
if(empty($_POST['honey1'])
&& $_POST['honey2'] == 'alpaca'
&& (!$email || filter_var($email, FILTER_VALIDATE_EMAIL))
&& !empty($_POST['page'])
) {
Based on recent changes and based on the above, there are only two technical reasons it could possibly fail:
- Page is not loading completely, and/or javascript is therefore not triggering properly.
- Users browser/device is populating or de-populating hidden form fields used for bot-detection.
Of the two above, I can't really imagine it's #1. Why? Then how can we fix it ... Perhaps #2, but then what kinda device/browser/extension does this? I'm pretty sure you will never be able to detect it from any device/browser you test with yourself, because it's incredibly obscure and something not done properly from whoever made it (whatever "it" is) work like that.
When form fields are hidden, no extension or browser should be editing them. I know that some browsers may pre-populate visible form input fields, if they have known attribute names like "name" etc, but in addition to being hidden, these honeypot fields are named "honey1" and "honey2".
For the fix, yes of course you could narrow down the conditions to the following:
if(/*empty($_POST['honey1'])
&& $_POST['honey2'] == 'alpaca'
&& */(!$email || filter_var($email, FILTER_VALIDATE_EMAIL))
/*&& !empty($_POST['page'])*/
) {
Again, hard to diagnose when you don't know what's happening on the clients device. I doubt you or anyone close to you (where you can test directly on the device) will ever be able to reproduce it (apart from the 3-second requirement, which should be logical).
So if she always got "thnx" before (assumingly?), then testing with the above should work? Hopefully you can get her to test. And if it works, then her device (and extremely few others) are clearly editing hidden form fields ... This doesn't seem right to me, as it's common to use hidden form fields, and clearly the extreme majority of devices will never do such a thing.