Skip to content
/ honeypot Public

A simple spam protection for Laravel

License

MIT license
2 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

avrahamappel/honeypot

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
composer.json
composer.json
 
 

Repository files navigation

Honeypot: Spam Prevention

A simple spam prevention package for Laravel.

Installation:

Composer

Run this command inside your terminal to add the package into your project.

composer require appel/honeypot

Publish Config File and Translations

Publish the package config file and translations to your application. Run this command inside your terminal.

php artisan vendor:publish --provider="Appel\Honeypot\Providers\HoneypotServiceProvider"

Or, you may want to publish the file individually.

php artisan vendor:publish --provider="Appel\Honeypot\Providers\HoneypotServiceProvider" --tag="config"
php artisan vendor:publish --provider="Appel\Honeypot\Providers\HoneypotServiceProvider" --tag="lang"

Usage

Facade

Add the honeypot hidden input into your form by inserting Honeypot::make(...) like this:

<form action="..." method="...">
    {!! Honeypot::make('honeypot_name', 'honeypot_time') !!}
</form>

Helper Function

<form action="..." method="...">
    {!! honeypot('honeypot_name', 'honeypot_time') !!}
</form>

Blade Directive

<form action="..." method="...">
    @honeypot('honeypot_name', 'honeypot_time')
</form>

Note: If you are using the Blade directive, you may need to run php artisan view:clear for it to work.

The make() method will output the following HTML input. (The honeypot_time field will generate an encrypted timestamp.

<div id="honeypot_name_wrap" style="display: none;">
    <input type="text" name="honeypot_name" id="honeypot_name" value="" autocomplete="off">
    <input type="text" name="honeypot_time" id="honeypot_time" value="encrypted timestamp" autocomplete="off">
</div>

After adding the honeypot fields, add the validation rules in your controller for the honeypot and honeytime fields.

$this->validate($request, [
    ...
    'honeypot_name' => 'honeypot',
    'honeypot_time' => 'required|honeytime:5'
]);

Please note that in the honeytime rule, you need to specify the number of seconds it should take for the user to fill out the form. If it takes less time than that, the form will be rejected.

Settings

The honeypots are hidden on the page by using display: hidden. You can alternatively have them moved off the page by publishing the config file and changing this setting:

return [
    ...
    /**
     * Hide the fields by setting the display property of the outer div to none,
     * or by moving it off-screen. Accepted values: 'hide', 'off-screen'
     */
    'hide_mode'     => 'off-screen'
];

Credits

This project is based on an earlier project by Ian Landsman. The following people contributed to this project: Maksim Surguy, Arjhay Delos Santos

This project is sponsored by Bomshteyn Consulting.

About

A simple spam protection for Laravel

Topics

laravel honeypot spam-prevention

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

4 watching

Forks

2 forks
Report repository

Releases 4

v1.2.1: Merge pull request #2 from bomshteyn/master Latest
Feb 3, 2021
+ 3 releases

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages