appel / honeypot
A simple spam protection for Laravel.
Requires
- php: >=7.2
- illuminate/config: ^5|^6|^7|^8
- illuminate/support: ^5|^6|^7|^8
- illuminate/translation: ^5|^6|^7|^8
Requires (Dev)
- mockery/mockery: ^0.9.9|^1.3.1
- phpunit/phpunit: ^6.3|^8.5.8|^9.3.3
README
A simple spam prevention package for Laravel.
Installation:
Composer
Run this command inside your terminal to add the package into your project.
composer require appel/honeypot
Publish Config File and Translations
Publish the package config file and translations to your application. Run this command inside your terminal.
php artisan vendor:publish --provider="Appel\Honeypot\Providers\HoneypotServiceProvider"
Or, you may want to publish the file individually.
php artisan vendor:publish --provider="Appel\Honeypot\Providers\HoneypotServiceProvider" --tag="config"
php artisan vendor:publish --provider="Appel\Honeypot\Providers\HoneypotServiceProvider" --tag="lang"
Usage
Facade
Add the honeypot hidden input into your form by inserting Honeypot::make(...)
like this:
<form action="..." method="..."> {!! Honeypot::make('honeypot_name', 'honeypot_time') !!} </form>
Helper Function
<form action="..." method="..."> {!! honeypot('honeypot_name', 'honeypot_time') !!} </form>
Blade Directive
<form action="..." method="..."> @honeypot('honeypot_name', 'honeypot_time') </form>
Note: If you are using the Blade directive, you may need to run php artisan view:clear
for it to work.
The make()
method will output the following HTML input. (The honeypot_time
field will generate an encrypted timestamp.
<div id="honeypot_name_wrap" style="display: none;"> <input type="text" name="honeypot_name" id="honeypot_name" value="" autocomplete="off"> <input type="text" name="honeypot_time" id="honeypot_time" value="encrypted timestamp" autocomplete="off"> </div>
After adding the honeypot fields, add the validation rules in your controller for the honeypot and honeytime fields.
$this->validate($request, [ ... 'honeypot_name' => 'honeypot', 'honeypot_time' => 'required|honeytime:5' ]);
Please note that in the honeytime rule, you need to specify the number of seconds it should take for the user to fill out the form. If it takes less time than that, the form will be rejected.
Settings
The honeypots are hidden on the page by using display: hidden
. You can alternatively have them moved off the page by
publishing the config file and changing this setting:
return [ ... /** * Hide the fields by setting the display property of the outer div to none, * or by moving it off-screen. Accepted values: 'hide', 'off-screen' */ 'hide_mode' => 'off-screen' ];
Credits
This project is based on an earlier project by Ian Landsman. The following people contributed to this project: Maksim Surguy, Arjhay Delos Santos
This project is sponsored by Bomshteyn Consulting.