nucleos/antispam-bundle

This bundle provides some basic features to reduce spam in symfony forms.

Maintainers

Details

github.com/nucleos/NucleosAntiSpamBundle

Homepage

Source

Issues

Fund package maintenance!
core23
Opencollective
Ko-Fi
Other

Installs: 49 023

Dependents: 0

Suggesters: 0

Security: 0

Stars: 44

Watchers: 2

Forks: 8

Open Issues: 12

Type:symfony-bundle

2.3.2 2021-12-20 15:27 UTC

Requires

Requires (Dev)

MIT 99e3410b14b0bc5b6c1bbd1907b2f3cc09f6bd53

  • Christian Gripp <mail.woop@core23.de>

symfonytwigformbundlespamantispamprotection

This package is auto-updated.

Last update: 2023-01-05 17:41:28 UTC

README

Latest Stable Version Latest Unstable Version License

Total Downloads Monthly Downloads Daily Downloads

Continuous Integration Code Coverage Type Coverage

This bundle provides some basic features to reduce spam in Symfony. It is the successor of core23/antispam-bundle, but not related to isometriks/spam-bundle.

Features

  • Honeypot protection for forms: An additional "hidden" (i.e. made invisible with CSS) field will be added to your form. Whoever fills out this field, is considered to be a spam bot.

  • Time protection for forms: The time between displaying the form and submitting the form is measured. Anybody who submits the form quicker than a certain number of seconds, is considered to be a spam bot. The timestamp is stored in the session.

  • Email address obfuscation filter for Twig: To prevent spam harvest bots from detecting your email address, they are obfuscated by e.g. replacing @ with [AT]. The filter will find email addresses automatically, so you can apply it to your entire text.

Installation

Open a command console, enter your project directory and execute the following command to download the latest stable version of this bundle:

composer require nucleos/antispam-bundle

Enable the Bundle

Then, enable the bundle by adding it to the list of registered bundles in config/bundles.php file of your project:

// config/bundles.php

return [
    // ...
    Nucleos\AntiSpamBundle\NucleosAntiSpamBundle::class => ['all' => true],
];

Usage

Form based protection

Create a form on the fly:

$this->createForm(CustomFormType:class, null, array(
    // Time protection
    'antispam_time'     => true,
    'antispam_time_min' => 10,
    'antispam_time_max' => 60,

    // Honeypot protection
    'antispam_honeypot'       => true,
    'antispam_honeypot_class' => 'hide-me',
    'antispam_honeypot_field' => 'email-repeat',
))

Twig email address obfuscation

The Twig filter antispam replaces @ by e.g. [AT].

{# Replace plain text #}
{{ text|antispam }}

{# Replace rich text mails #}
{{ htmlText|antispam(true) }}

If you want a JavaScript decoding for the encoded email addresses, you should use the AntiSpam.js library:

document.addEventListener('DOMContentLoaded', () => {
  new AntiSpam('.custom_class');
});

It is recommended to use webpack / webpack-encore to include the JavaScript library in your page. This file is located in the assets folder.

Global protection

Add protection to all forms using the configuration:

# config/packages/nucleos_antispam.yaml

nucleos_antispam:
    # Time protection
    time:
        global: true

    # Honeypot protection
    honeypot:
        global: true

Configure the Bundle

Create a configuration file called nucleos_antispam.yaml:

# config/packages/nucleos_antispam.yaml

nucleos_antispam:
    # Twig mail filter
    twig:
        mail:
            css_class: 'custom_class'
            at_text:   [ '[AT]', '(AT)', '[ÄT]' ]
            dot_text:  [ '[DOT]', '(DOT)', '[.]' ]

    # Time protection
    time:
        min: 5
        max: 3600
        global: false

    # Honeypot protection
    honeypot:
        field: 'email_address'
        class: 'hidden'
        global: false
        provider: 'nucleos_antispam.provider.session'

License

This bundle is under the MIT license.