daxslab / no-captcha
Requires (Dev)
This package is auto-updated.
Last update: 2024-12-16 19:38:51 UTC
README
No Captcha Form Spam Filter is a PHP utility library for dealing with spam bots using unobtrusive and user friendly techniques.
Applying this techniques will help to reduce the span in your sites in more than 90% and users will not be annoyed with intrusive Captchas or extra fields.
Installation
You can download it and place it on your third party libraries folder but we highly recommend that you install it through composer.
Either run
$ composer require daxslab/no-captcha
or add
"daxslab/no-captcha": "~1.0"
to the require
section of your composer.json
file.
The NoCaptchaAntiSpam Class
The NoCaptchaAntiSpam
Class can be used to declare Protection Rules,
Include security code in forms and check if the form submission does
not trigger any rule validation.
For creating an instance of the NoCaptchaAntiSpam
Class, the create()
static function can be used:
use daxslab\nocaptcha\NoCaptchaAntiSpam;
use daxslab\nocaptcha\rules\CssHiddenFieldRule;
// Declare no captcha anti spam object with CSS based hidden field check
$noCaptchaAntiSpam = NoCaptchaAntiSpam::create([
'rules' => [
CssHiddenFieldRule::create([
// form input field name
'name' => 'css_hidden_field',
])
],
]);
Including form elements
Using the NoCaptchaAntiSpam
created instance you can include the needed
elements inside a form with the renderRules()
function:
<form id="contactForm" method="post">
<div class="form-group">
<label for="contactName">Name</label>
<input class="form-control" name="contact_name" id="contactName" placeholder="Enter name">
</div>
<!-- Include rules form elements -->
<?= $noCaptchaAntiSpam->renderRules() ?>
<button type="submit" name="submit_button" class="btn btn-primary">Submit</button>
</form>
Verifying form submission
Using the checkSubmit()
function from the NoCaptchaAntiSpam
created
instance you can check if any of the declared Rules triggers when the
form is submitted:
if ($_POST){
if ($noCaptchaAntiSpam->checkSubmit()){
echo 'Form submitted correctly';
} else {
echo 'Bot detected';
}
}
Rules
Rule classes implements different security checks including:
CssHiddenFieldRule
: A honeypot field hidden using CSSJavascriptGeneratedHiddenFieldRule
: A honeypot field generated using JavaScriptJavascriptFilledInputRule
: A JavaScript filled hidden inputSessionTimeTrapRule
: A time trap using session stored variablesFormTimeTrapRule
: A time trap using a form fieldCookieCheckRule
: A cookie verification
A NoCaptchaAntiSpam
instance can contain one or multiple rules.
Random field names
Random field names can be applied for an extra security layer, they are stored in PHP sessions and rules field names will change making difficult to bots identify them. Random field names can be applied to single rules or multiple rules.
Documentation
For extended documentation and examples you can put the doc
folder
behind a PHP capable web server.