weblogin/laravel-honeypot

Laravel form spam protection with honeypot technique

Maintainers

Details

github.com/WebLogin/laravel-honeypot

Homepage

Source

Issues

Installs: 21

Dependents: 0

Suggesters: 0

Security: 0

Stars: 3

Watchers: 2

Forks: 0

Open Issues: 0

v1.0.0 2022-11-07 10:29 UTC

Requires

Requires (Dev)

MIT e97400fa7308e531645c06241a14b694f9f88c52

  • WebLogin <contact.woop@weblogin.fr>

validationlaravelHoneypotform requestlaravel-honeypotweblogin

This package is auto-updated.

Last update: 2024-04-17 00:58:07 UTC

README

Laravel Honeypot helps prevent bots from filling forms and creating spam. It uses a 2 inputs protections technique by adding one input that should be empty after form submission (obviously bots will fill it) and one input with the encrypted timestamp of the loading page, that help tracking the delay during loading page and form submission (because bots submit forms quickly). Both inputs are hidden from the users and have randomized names.

Collision logo

Installation

You can install the package via composer (the package will automatically register itself) :

composer require weblogin/laravel-honeypot

Optionally, you can publish the config and lang files of the package :

php artisan vendor:publish --provider="WebLogin\LaravelHoneypot\ServiceProvider"

Usage

You need to add the Blade component or Blade directive in your form. The only parameter is the name of your fake input (it's a basename the package will add a random suffix). Obviously don't name it honeypot.

Blade component :

<form method="POST">
    <x-honeypot name="field-name"/>
    ...
</form>

Blade directive :

<form method="POST">
    @honeypot('field-name')
    ...
</form>

Then uses the Honeypot rule like any other Validation rules for this same input name, like so :

use WebLogin\LaravelHoneypot\Rules\Honeypot;
...

$request->validate([
    'title'      => ['required', 'max:120'],
    'content'    => ['required', 'max:600'],
    'field-name' => [new Honeypot],
]);

Configuration

You can change the default configuration by publishing the package config (see installation section). It will create a honeypot.php file in your config folder.

  • enabled to enable or not the whole honeypot protection
  • min_seconds to select the minimum number of seconds to wait before submitting the form

Translation

You can translate validation messages by publishing the package lang (see installation section) or you can translate it directly in your lang/your-locale/validation.php file by adding the needed keys :

'honeypot' => [
    'pot'  => "Message when the field that should be empty is filled",
    'time' => "Message when the form is submitted too quickly",
],

Credits

Inspired by the package https://github.com/msurguy/Honeypot.

License

The MIT License (MIT). Please see License File for more information.