erkenes/flow-honeypot-form-field

Spam protection using a honeypot field

This package's canonical repository appears to be gone and the package has been frozen as a result.

Maintainers

Details

github.com/erkenes/Erk.Flow.HoneypotFormField

Source

Issues

Installs: 174

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 1

Forks: 0

Open Issues: 0

Type:neos-package

1.0.0 2022-01-06 18:10 UTC

Requires

Suggests

MIT 576c63800859fc4029f242858d74b4edd783d5e8

flowFormsNeosspamprotectionHoneypotflow-framework

This package is auto-updated.

Last update: 2023-03-29 22:09:20 UTC

README

This package adds an HoneypotField element, which can be used within your forms. This element is rendered hidden and should never be filled out by a real form user.

A spam detection finisher checks if the form contains such honeypot fields. If any of that fields are filled out, additional field values are introduced which can be used in the following finishers to handle spam.

Installation

composer require erkenes/flow-honeypot-form-field

Usage

Using the flow form configuration

type: 'Neos.Form:Form'
identifier: 'my-form'
renderables:
  items:
    type: 'Neos.Form:Page'
    identifier: 'my-page'
    renderables:
      name:
        type: 'Neos.Form:SingleLineText'
        identifier: 'name'
      honeyPot:
        type: 'Erk.Flow.HoneypotFormField:HoneypotField'
        identifier: 'full_name'

finishers:
  spamDetection:
    identifier: 'Erk.Flow.HoneypotFormField:SpamDetectionFinisher'

The finisher adds the following new formFields to the formState:

FieldName Value
spamDetected bool true / false when the submitted form is detected as spam
spamMarker Contains [SPAM] if detected. Can be used in eMails
spamFilledOutHoneypotFields Contains the filled honeypot fields

Using with the NeosCMS

This package is primary if you are just using the Flow-Framework without the NeosCMS. If you are using the NeosCMS use the following package instead: DL.HoneypotFormField.
This repository is a modification where all the NeosCMS functionalities of the upon named package were dropped.

Mark sent mails as spam

These fields can then be used for example to mark mails as spam

finishers:
  spamDetection:
    identifier: 'Erk.Flow.HoneypotFormField:SpamDetectionFinisher'
  email:
    identifier: 'Neos.Form:Email'
    options:
      templatePathAndFilename: 'resource://[...].html'
      subject: '{formState.formValues.spamMarker} {subject}' # The marker was added here
      recipientAddress: 'recipient@mail.com'
      senderAddress: 'noreply@example.com'
      senderName: 'Example'
      replyToAddress: '{email}'
      format: 'html'

Settings

Cancel mail sending on spam detection

When the cancelSubsequentFinishersOnSpamDetection setting is set to true, subsequent finishers are not executed when the form was detected as spam.

finishers:
  confirmationMessage:
    identifier: 'Neos.Form:Confirmation'
    options:
      message: >
        Form successfully sent
  spamDetection:
    identifier: 'Erk.Flow.HoneypotFormField:SpamDetectionFinisher'
  email:
    identifier: 'Neos.Form:Email'
    options:
      templatePathAndFilename: 'resource://[...].html'
      subject: '[ Contact ] {subject}'
      recipientAddress: 'recipient@mail.com'
      senderAddress: 'noreply@example.com'
      senderName: 'Example'
      replyToAddress: '{email}'
      format: 'html'

Here the confirmation message is shown but mail sending is cancelled.

Log form content when detected as spam

In order to debug the spam detection and to see what kind of spam is coming in, you can enable the logging of the complete form content with the setting logSpamFormData to true.