alexsabur/antispam-bundle

This bundle provides some basic features to reduce spam in symfony forms.

Installs: 31

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 1

Forks: 0

Open Issues: 0

Type:symfony-bundle

3.0.0 2024-05-23 13:10 UTC

This package is auto-updated.

Last update: 2024-11-23 14:06:45 UTC


README

NucleosAntiSpamBundle

This bundle provides some basic features to reduce spam in Symfony. It is the successor of core23/antispam-bundle, but not related to isometriks/spam-bundle.

Features

  • Honeypot protection for forms: An additional "hidden" (i.e. made invisible with CSS) field will be added to your form. Whoever fills out this field, is considered to be a spam bot.

  • Time protection for forms: The time between displaying the form and submitting the form is measured. Anybody who submits the form quicker than a certain number of seconds, is considered to be a spam bot. The timestamp is stored in the session.

  • Email address obfuscation filter for Twig: To prevent spam harvest bots from detecting your email address, they are obfuscated by e.g. replacing @ with [AT]. The filter will find email addresses automatically, so you can apply it to your entire text.

Installation

Open a command console, enter your project directory and execute the following command to download the latest stable version of this bundle:

composer require alexsabur/antispam-bundle

Enable the Bundle

In older versions of Symfony, you need to enable it manually:

// config/bundles.php

return [
    // ...
    Nucleos\AntiSpamBundle\NucleosAntiSpamBundle::class => ['all' => true],
];

Usage

Form based protection

In a controller:

$this->createForm(CustomFormType:class, null, [
    // Time protection
    'antispam_time'     => true,
    'antispam_time_min' => 10, // seconds
    'antispam_time_max' => 60,

    // Honeypot protection
    'antispam_honeypot'       => true,
    'antispam_honeypot_class' => 'hide-me',
    'antispam_honeypot_field' => 'email-repeat',
])

In a form class:

class MyType extends AbstractType
{
    // ...

    public function configureOptions(OptionsResolver $resolver): void
    {
        $resolver->setDefaults([
            // ...
            'antispam_time'     => true,
            'antispam_time_min' => 10,
            // same as above
        ]);
    }
}

Twig email address obfuscation

The Twig filter antispam replaces @ by e.g. [AT].

{# Replace plain text #}
{{ text|antispam }}

{# Replace rich text mails #}
{{ htmlText|antispam(true) }}

If you want a JavaScript decoding for the encoded email addresses, you should use the AntiSpam.js library:

document.addEventListener('DOMContentLoaded', () => {
  new AntiSpam('.custom_class');
});

It is recommended to use webpack / webpack-encore to include the JavaScript library in your page. This file is located in the assets folder.

Configure the Bundle

Create a configuration file called nucleos_antispam.yaml:

# config/packages/nucleos_antispam.yaml

nucleos_antispam:
    # Twig mail filter
    twig:
        mail:
            css_class: 'custom_class'
            at_text:   [ '[AT]', '(AT)', '[ÄT]' ]
            dot_text:  [ '[DOT]', '(DOT)', '[.]' ]

    # Time protection
    time:
        min: 5
        max: 3600
        global: true # This will add antispam to all forms

    # Honeypot protection
    honeypot:
        field: 'email_address'
        class: 'hidden'
        global: false
        provider: 'nucleos_antispam.provider.session'

License

This bundle is under the MIT license.