sebastienheyd/hidden-captcha

Fully hidden captcha for Laravel without reCaptcha

7.2.4 2021-03-23 10:08 UTC

README

Packagist Build Status StyleCI Scrutinizer Code Quality Laravel Nb downloads MIT License

Fully hidden spam protection solution for Laravel without reCaptcha. Based on several strategies to block the vast majority of spam bots without interfering with the user experience.

How does it work?

HiddenCaptcha will use three checking rules to block spam robots :

  • an encrypted token containing the user's IP, current session id, current user agent and a random string
  • a randomly named required field (will use the random string in the token)
  • a time limit (10 minutes by default)

The token is retrieved via an ajax call signed with sha256.

Installation

composer require sebastienheyd/hidden-captcha

Publish public assets :

php artisan vendor:publish --provider="SebastienHeyd\HiddenCaptcha\HiddenCaptchaServiceProvider" --tag=public

Extra steps for Laravel < 5.5 :

  • Add SebastienHeyd\HiddenCaptcha\HiddenCaptchaServiceProvider::class, at the end of the provider array in config/app.php
  • Add "HiddenCaptcha" => SebastienHeyd\HiddenCaptcha\Facades\HiddenCaptcha::class, at the end of the aliases array in config/app.php

Usage

In your forms, in the blade view :

@hiddencaptcha

To check your form, add the following validation rule:

'captcha' => 'hiddencaptcha'

Options

Changing time limits

By default, the time limits for submitting a form are 0 second minimum to 1200 seconds maximum (10 minutes). Beyond that, hiddencaptcha will not validate the form.

These limits can be changed by declaring them in the validation rule, for example:

$rules = ['captcha' => 'hiddencaptcha:5,2400'];

Package update

Hidden-captcha comes with a JS who must be publish. Since you typically will need to overwrite the assets every time the package is updated, you may use the --force flag :

php artisan vendor:publish --provider="SebastienHeyd\HiddenCaptcha\HiddenCaptchaServiceProvider" --tag=public --force

To auto update assets each time package is updated, you can add this command to post-autoload-dump into the file composer.json at the root of your project.

{
    "scripts": {
        "post-autoload-dump": [
            "@php artisan vendor:publish --provider=\"SebastienHeyd\\HiddenCaptcha\\HiddenCaptchaServiceProvider\" --tag=public --force -q",
        ]
    }
}