Skip to content

Fully hidden captcha for Laravel without reCaptcha

License

Notifications You must be signed in to change notification settings

sebastienheyd/hidden-captcha

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

74 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Fully hidden captcha for Laravel without reCaptcha

Packagist Build Status StyleCI Scrutinizer Code Quality Laravel Nb downloads MIT License

Fully hidden spam protection solution for Laravel without reCaptcha. Based on several strategies to block the vast majority of spam bots without interfering with the user experience.

How does it work?

HiddenCaptcha will use three checking rules to block spam robots :

  • an encrypted token containing the user's IP, current session id, current user agent and a random string
  • a randomly named required field (will use the random string in the token)
  • a time limit (10 minutes by default)

The token is retrieved via an ajax call signed with sha256.

Installation

composer require sebastienheyd/hidden-captcha

Publish public assets :

php artisan vendor:publish --tag=laravel-assets

Extra steps for Laravel < 5.5 :

  • Add SebastienHeyd\HiddenCaptcha\HiddenCaptchaServiceProvider::class, at the end of the provider array in config/app.php
  • Add "HiddenCaptcha" => SebastienHeyd\HiddenCaptcha\Facades\HiddenCaptcha::class, at the end of the aliases array in config/app.php

Usage

In your forms, in the blade view :

@hiddencaptcha

To check your form, add the following validation rule:

'captcha' => 'hiddencaptcha'

Options

Changing time limits

By default, the time limits for submitting a form are 0 second minimum to 1200 seconds maximum (10 minutes). Beyond that, hiddencaptcha will not validate the form.

These limits can be changed by declaring them in the validation rule, for example:

$rules = ['captcha' => 'hiddencaptcha:5,2400'];

You can also publish the configuration file to edit the default time limits :

php artisan vendor:publish --tag=captcha-config

Package update (Laravel < 8.6.9)

Hidden-captcha comes with a JS who must be publish. Since you typically will need to overwrite the assets every time the package is updated, you may use the --force flag :

php artisan vendor:publish --tag=laravel-assets --force

To auto update assets each time package is updated, you can add this command to post-update-cmd into the file composer.json at the root of your project.

{
    "scripts": {
        "post-update-cmd": [
            "@php artisan vendor:publish --tag=laravel-assets --force --ansi"
        ]
    }
}