When adding a form to a public site, there's a risk that spam bots will try to submit it with fake values. Luckily, the majority of these bots are pretty dumb. You can thwart most of them by adding an invisible field to your form that should never contain a value when submitted. Such a field is called a honeypot. These spam bots will just fill all fields, including the honeypot.
When a submission comes in with a filled honeypot field, this package will discard that request. On top of that this package also checks how long it took to submit the form. This is done using a timestamp in another invisible field. If the form was submitted in a ridiculously short time, the anti spam will also be triggered.
Refs: spatie/laravel-honeypot
- Botble core 7.2.6 or higher.
Go to the Admin Panel and click on the Plugins tab. Click on the "Add new" button, find the Honeypot plugin and click on the "Install" button.
- Download the plugin from the Botble Marketplace.
- Extract the downloaded file and upload the extracted folder to the
platform/pluginsdirectory. - Go to Admin > Plugins and click on the Activate button.
FormFront::classwill automatically add the honeypot field to your form. You don't have to do anything. Your form must be extendedFormFront::class.- Go to the Admin -> Settings -> Honeypot -> Enable Honeypot and your front forms.
- Render the Honeypot field into your form by:
{!! apply_filters('form_extra_fields_render', null) !!}- Validate the Honeypot field in your controller by:
use Botble\Support\Http\Requests\Request;
...
public function store(Request $request)
{
do_action('form_extra_fields_validate', $request);
}- Go to the Admin -> Settings -> Honeypot -> Enable Honeypot.
Please see CHANGELOG for more information what has changed recently.
Please see CONTRIBUTING for details.
If you discover any security related issues, please email [email protected] instead of using the issue tracker.
The MIT License (MIT). Please see License File for more information.