nucleos / antispam-bundle
This bundle provides some basic features to reduce spam in symfony forms.
Fund package maintenance!
core23
Opencollective
Ko-Fi
Other
Installs: 9 595
Dependents: 0
Suggesters: 0
Security: 0
Stars: 16
Watchers: 1
Forks: 6
Open Issues: 4
Type:symfony-bundle
Requires
- php: ^7.3 || ^8.0
- ext-pcre: *
- symfony/config: ^4.2 || ^5.0
- symfony/dependency-injection: ^4.2 || ^5.0
- symfony/event-dispatcher: ^4.2 || ^5.0
- symfony/expression-language: ^4.2 || ^5.0
- symfony/form: ^4.2 || ^5.0
- symfony/framework-bundle: ^4.2 || ^5.0
- symfony/http-foundation: ^4.2 || ^5.0
- symfony/http-kernel: ^4.2 || ^5.0
- symfony/options-resolver: ^4.2 || ^5.0
- symfony/translation-contracts: ^1.1 || ^2.0
- twig/twig: ^2.4 || ^3.0
Requires (Dev)
- bamarni/composer-bin-plugin: ^1.3
- ergebnis/composer-normalize: ^2.0.1
- symfony/browser-kit: ^4.4 || ^5.0
- symfony/translation: ^4.2 || ^5.0
- symfony/twig-bundle: ^4.2 || ^5.0
README
This bundle provides some basic features to reduce spam in Symfony. It is the successor of core23/antispam-bundle, but not related to isometriks/spam-bundle.
Features
-
Honeypot protection for forms: An additional "hidden" (i.e. made invisible with CSS) field will be added to your form. Whoever fills out this field, is considered to be a spam bot.
-
Time protection for forms: The time between displaying the form and submitting the form is measured. Anybody who submits the form quicker than a certain number of seconds, is considered to be a spam bot. The timestamp is stored in the session.
-
Email address obfuscation filter for Twig: To prevent spam harvest bots from detecting your email address, they are obfuscated by e.g. replacing
@with[AT]. The filter will find email addresses automatically, so you can apply it to your entire text.
Installation
Open a command console, enter your project directory and execute the following command to download the latest stable version of this bundle:
composer require nucleos/antispam-bundle
Enable the Bundle
Then, enable the bundle by adding it to the list of registered bundles in config/bundles.php file of your project:
// config/bundles.php return [ // ... Nucleos\AntiSpamBundle\NucleosAntiSpamBundle::class => ['all' => true], ];
Usage
Form based protection
Create a form on the fly:
$this->createForm(CustomFormType:class, null, array( // Time protection 'antispam_time' => true, 'antispam_time_min' => 10, 'antispam_time_max' => 60, // Honeypot protection 'antispam_honeypot' => true, 'antispam_honeypot_class' => 'hide-me', 'antispam_honeypot_field' => 'email-repeat', ))
Twig email address obfuscation
The Twig filter antispam replaces @ by e.g. [AT].
{# Replace plain text #} {{ text|antispam }} {# Replace rich text mails #} {{ htmlText|antispam(true) }}
If you want a JavaScript decoding for the encoded email addresses, you should use the AntiSpam.js library:
document.addEventListener('DOMContentLoaded', () => { new AntiSpam('.custom_class'); });
It is recommended to use webpack / webpack-encore
to include the JavaScript library in your page. This file is located in the assets folder.
Global protection
Add protection to all forms using the configuration:
# config/packages/nucleos_antispam.yaml nucleos_antispam: # Time protection time: global: true # Honeypot protection honeypot: global: true
Configure the Bundle
Create a configuration file called nucleos_antispam.yaml:
# config/packages/nucleos_antispam.yaml nucleos_antispam: # Twig mail filter twig: mail: css_class: 'custom_class' at_text: [ '[AT]', '(AT)', '[ÄT]' ] dot_text: [ '[DOT]', '(DOT)', '[.]' ] # Time protection time: min: 5 max: 3600 global: false # Honeypot protection honeypot: field: 'email_address' class: 'hidden' global: false provider: 'nucleos_antispam.provider.session'
License
This bundle is under the MIT license.