dl / honeypotformfield
Spam protection using a honeypot field for the Neos form builder
Installs: 66 862
Dependents: 0
Suggesters: 0
Security: 0
Stars: 8
Watchers: 2
Forks: 1
Open Issues: 3
Type:neos-package
Requires
- neos/neos: ^4.1 || ^5.0 || ^7.0 || ^8.0
Suggests
- neos/form-builder: Adds a builder for the Flow Form Framework to the Neos CMS backend.
- neos/form-fusionrenderer: A Flow Form Framework preset for Fusion based Form rendering.
README
This package adds an HoneypotField element, which can be used within your forms. This element is rendered hidden and should never be filled out by a real form user.
A spam detection finisher checks if the form contains such honeypot fields. If any of that fields are filled out, additional field values are introduced which can be used in the following finishers to handle spam.
Installation
composer require dl/honeypotformfield
Usage
Using the flow form configuration
type: 'Neos.Form:Form' identifier: 'my-form' renderables: items: type: 'Neos.Form:Page' identifier: 'my-page' renderables: name: type: 'Neos.Form:SingleLineText' identifier: 'name' honeyPot: type: 'DL.HoneypotFormField:HoneypotField' identifier: 'full_name' finishers: spamDetection: identifier: 'DL.HoneypotFormField:SpamDetectionFinisher'
Using the Neos Form Builder
Requires the suggested package neos/form-builder.
- Add honeypot form fields (at least one - as many as you like)
- Add the Spam detection finisher before the finishers, that should use the spam markers.
The finisher adds the following new formFields to the formState:
Mark sent mails as spam
These fields can then be used for example to mark mails as spam:
Settings
Cancel mail sending on spam detection
When the cancelSubsequentFinishersOnSpamDetection
setting is set to true
, subsequent finishers are not executed
when the form was detected as spam.
Here the confirmation message is shown but mail sending is cancelled.
Configuration:
DL: HoneypotFormField: cancelSubsequentFinishersOnSpamDetection: true
Log form content when detected as spam
In order to debug the spam detection and to see what kind of spam is coming in, you can enable the logging of the complete
form content with setting logSpamFormData
to true.
Configuration:
DL: HoneypotFormField: logSpamFormData: true