So couldn't you return a checkbox in send() function which must be clicked first to send? Not JS.
In your form you could do something like:
<input name="antibotcheckbox" type="checkbox" id="antibotcheckbox" value="aintnobot">
And in the index.php file you could do something like:
if ($_POST['antibotcheckbox'] == "aintnorobot") {
$ret = $fb->send($address, $reward);
} else {
$ret = array(
"success" => false,
"message" => "Checkbox failure.",
"html" => "You have to check the checkbox to prove you are not a bot."
);
}
A scammer could easily read that "anticheckbox" variable and send it by default. It would be better if you used sessions and create a variable name for the input variable. Then the code would always be different.
<input name="this_value_random_each_time" type="checkbox" id="antibotcheckbox" value="aintnobot">
I could check it out for you but I'm really busy atm...