sebastienheyd/hidden-captcha

Fully hidden captcha for Laravel without reCaptcha

Maintainers

Details

github.com/sebastienheyd/hidden-captcha

Source

Issues

Installs: 1 938

Dependents: 0

Suggesters: 0

Security: 0

Stars: 3

Watchers: 4

Forks: 0

Open Issues: 0

7.4.2 2023-06-12 09:30 UTC

Requires

Requires (Dev)

MIT 4ab85a52d981cc783d72e1c689568dbcd02b1a79

  • Sebastien HEYD <contact.woop@sheyd.fr>

captchalaravelinvisiblehidden

This package is auto-updated.

Last update: 2024-04-12 11:17:27 UTC

README

Packagist Build Status StyleCI Scrutinizer Code Quality Laravel Nb downloads MIT License

Fully hidden spam protection solution for Laravel without reCaptcha. Based on several strategies to block the vast majority of spam bots without interfering with the user experience.

How does it work?

HiddenCaptcha will use three checking rules to block spam robots :

  • an encrypted token containing the user's IP, current session id, current user agent and a random string
  • a randomly named required field (will use the random string in the token)
  • a time limit (10 minutes by default)

The token is retrieved via an ajax call signed with sha256.

Installation

composer require sebastienheyd/hidden-captcha

Publish public assets :

php artisan vendor:publish --tag=laravel-assets

Extra steps for Laravel < 5.5 :

  • Add SebastienHeyd\HiddenCaptcha\HiddenCaptchaServiceProvider::class, at the end of the provider array in config/app.php
  • Add "HiddenCaptcha" => SebastienHeyd\HiddenCaptcha\Facades\HiddenCaptcha::class, at the end of the aliases array in config/app.php

Usage

In your forms, in the blade view :

@hiddencaptcha

To check your form, add the following validation rule:

'captcha' => 'hiddencaptcha'

Options

Changing time limits

By default, the time limits for submitting a form are 0 second minimum to 1200 seconds maximum (10 minutes). Beyond that, hiddencaptcha will not validate the form.

These limits can be changed by declaring them in the validation rule, for example:

$rules = ['captcha' => 'hiddencaptcha:5,2400'];

You can also publish the configuration file to edit the default time limits :

php artisan vendor:publish --tag=captcha-config

Package update (Laravel < 8.6.9)

Hidden-captcha comes with a JS who must be publish. Since you typically will need to overwrite the assets every time the package is updated, you may use the --force flag :

php artisan vendor:publish --tag=laravel-assets --force

To auto update assets each time package is updated, you can add this command to post-update-cmd into the file composer.json at the root of your project.

{
    "scripts": {
        "post-update-cmd": [
            "@php artisan vendor:publish --tag=laravel-assets --force --ansi"
        ]
    }
}