Fully hidden captcha for Laravel without reCaptcha
Fully hidden spam protection solution for Laravel without reCaptcha. Based on several strategies to block the vast majority of spam bots without interfering with the user experience.
HiddenCaptcha will use three checking rules to block spam robots :
- an encrypted token containing the user's IP, current session id, current user agent and a random string
- a randomly named required field (will use the random string in the token)
- a time limit (10 minutes by default)
The token is retrieved via an ajax call signed with sha256.
composer require sebastienheyd/hidden-captcha
Publish public assets :
php artisan vendor:publish --tag=laravel-assets
Extra steps for Laravel < 5.5 :
- Add
SebastienHeyd\HiddenCaptcha\HiddenCaptchaServiceProvider::class,
at the end of theprovider
array inconfig/app.php
- Add
"HiddenCaptcha" => SebastienHeyd\HiddenCaptcha\Facades\HiddenCaptcha::class,
at the end of thealiases
array inconfig/app.php
In your forms, in the blade view :
@hiddencaptcha
To check your form, add the following validation rule:
'captcha' => 'hiddencaptcha'
By default, the time limits for submitting a form are 0 second minimum to 1200 seconds maximum (10 minutes). Beyond that, hiddencaptcha will not validate the form.
These limits can be changed by declaring them in the validation rule, for example:
$rules = ['captcha' => 'hiddencaptcha:5,2400'];
You can also publish the configuration file to edit the default time limits :
php artisan vendor:publish --tag=captcha-config
Hidden-captcha comes with a JS who must be publish. Since you typically will need to overwrite the assets
every time the package is updated, you may use the --force
flag :
php artisan vendor:publish --tag=laravel-assets --force
To auto update assets each time package is updated, you can add this command to post-update-cmd
into the
file composer.json
at the root of your project.
{
"scripts": {
"post-update-cmd": [
"@php artisan vendor:publish --tag=laravel-assets --force --ansi"
]
}
}