Package Data | |
---|---|
Maintainer Username: | sebastienheyd |
Maintainer Contact: | contact@sheyd.fr (Sebastien HEYD) |
Package Create Date: | 2016-02-03 |
Package Last Update: | 2023-06-12 |
Home Page: | |
Language: | PHP |
License: | MIT |
Last Refreshed: | 2024-12-15 03:01:57 |
Package Statistics | |
---|---|
Total Downloads: | 2,465 |
Monthly Downloads: | 165 |
Daily Downloads: | 0 |
Total Stars: | 3 |
Total Watchers: | 4 |
Total Forks: | 0 |
Total Open Issues: | 0 |
Spam protection solution for Laravel 5.x. Based on several strategies to block the vast majority of spam bots, without interfering with the user experience.
HiddenCaptcha will use four checking rules to block spam robots :
No, this solution can be countered by retrieving data from fields by parsing the HTML. After retrieving the data and the session token, it's possible to use Curl to post the form with the data generated by HiddenCaptcha.
However, the session id, ip and user agent must be the same and the form must be posted within a specified time frame.
If you receive data, it's certainly because it's a human or a script made specifically to counter this solution. Certainly someone is angry with you! :)
composer require sebastienheyd/hidden-captcha
Extra steps for Laravel < 5.5 :
SebastienHeyd\HiddenCaptcha\HiddenCaptchaServiceProvider::class,
at the end of the provider
array in
config/app.php
"HiddenCaptcha" => SebastienHeyd\HiddenCaptcha\Facades\HiddenCaptcha::class,
at the end of the aliases
array
in config/app.php
@hiddencaptcha
'captcha' => 'hiddencaptcha'
By default, the time limits for submitting a form are 0 second minimum to 1200 seconds maximum (10 minutes). Beyond that, hiddencaptcha will not validate the form.
These limits can be changed by declaring them in the validation rule, for example:
$rules = ['captcha' => 'hiddencaptcha:5,2400'];
It's possible to change the name of the field that must be empty. If it does not conflict with an existing field in your form, it is recommended that you enter a "tempting" name for the bots. Indeed, bots will be more likely to fill in a field called "name" than "_username" (default).
@hiddencaptcha('name')