Developed with love by KnpLabs Hire us for your project!
40

IsometriksSpamBundle

by isometriks

Symfony3 Form Spam Protection

Symfony SpamBundle

Please feel free to send pull requests. I would like to incorporate a bunch of
spam methods into this project.

Installation

Install via Composer:

$ composer require isometriks/spam-bundle

Use ~0.3.0 for Symfony 2.3-2.7, or ~1.0 for 3+

Add to AppKernel.php (done automatically for Symfony Flex):

class AppKernel extends Kernel
{
    public function registerBundles()
    {
        $bundles = [
            // ...
            new Isometriks\Bundle\SpamBundle\IsometriksSpamBundle(),
            // ...
        ];

        return $bundles;
    }
}

Currently we have:

Timed Spam Prevention

Requires forms to be sent after a certain amount of time. Most bots won't wait
to submit your forms, so requiring an amount of time between render and submit
can help deter these bots.

A side affect of this spam prevention is that you won't be able to refresh
a page to resubmit data UNLESS the view is rendered again $form->createView()
This is because the event listener removes the start time of the form and
when it can't find it, will cause the form to be invalid. You could set your
min time to 0 to just make use of this feature

Also note that this spam protection will also apply this limit to forms that
are not filled in correctly and need to be resubmitted. A high minimum time
could affect those users who only need to fix one field quickly

Configuration:

# Copying this config is not necessary. These are defaults, only copy 
# what you'd like to change. 
isometriks_spam:
    timed:
        min: 7
        max: 3600
        global: false
        message: You're doing that too quickly.

Usage:

// Only timed_spam = true is required to enable, the rest are to override settings
$this->createForm(MyType:class, null, [
    'timed_spam' => true,
    'timed_spam_min' => 3,
    'timed_spam_max' => 40,
    'timed_spam_message' => 'Please wait 3 seconds before submitting',
]);

Or

public function configureOptions(OptionsResolver $resolver)
{
    $resolver->setDefaults([
        'timed_spam' => true,
        // ...
    ]);
}

Honeypot Spam Prevention

A honeypot is a way to trick bots into filling out a field that should not
be filled out. It is hidden and can be named something usual so that any
bots / crawlers will think it is a real field.

If the field is filled out, then the form is invalid. You can optionally
choose to use a class name to hide the form element as well in case the
bot tries to check the style attribute.

# Copying this config is not necessary. These are defaults, only copy 
# what you'd like to change. 
isometriks_spam:
    honeypot:
        field: email_address
        use_class: false
        hide_class: hidden
        global: false
        message: Form fields are invalid

Usage:

// Only honeypot = true is required to enable, the rest are to override settings
$this->createForm(MyType::class, null, [
    'honeypot' => true,
    'honeypot_field' => 'email_address',
    'honeypot_use_class' => false,
    'honeypot_hide_class' => 'hidden',
    'honeypot_message' => 'Form field are invalid',
]);

Or

public function configureOptions(OptionsResolver $resolver)
{
    $resolver->setDefaults([
        'honeypot' => true,
        // ...
    ]);
}

Twig Form Error message rendering

Form errors come from the form itself, so if you want to display the errors
you'll need to make sure this is in your template.

{% if form.vars.errors is not empty %}
    {{ form_errors(form) }}
{% endif %}
isometriks_spam:
timed:
enabled: true
min: 7
max: 3600
global: false
message: You are doing that too quickly
honeypot:
enabled: true
field: email_address
use_class: false
hide_class: hidden
global: false
message: Form fields are invalid
  • Make symfony translator optional (#15)
    By isometriks, 4 months ago
  • Update readme
    By isometriks, 5 months ago
  • Update readme and composer
    By isometriks, 5 months ago
  • Fix deprecations
    By isometriks, 7 months ago
  • Fix configuration builder deprecation
    By isometriks, 7 months ago
  • Update to use getExtendedTypes and also return class names instead of old form names
    By isometriks, 7 months ago
  • Update README.md
    By web-flow, 2 years ago
  • Symfony 3 compatibility
    By isometriks, 2 years ago
  • Merge pull request #3 from aeyoll/fix-form-title
    By isometriks, 3 years ago
  • Added a title to the honeypot form field
    By aeyoll, 3 years ago
  • Upgrade to psr-4
    By isometriks, 4 years ago
  • CS Fixer
    By isometriks, 4 years ago
  • Add back the setDefaultOptions since it should still be fine in 2.3+
    By isometriks, 4 years ago
  • Update for Symfony 2.7+
    By isometriks, 4 years ago
  • Update README.md
    By isometriks, 6 years ago
  • Added notice about re-submitting forms
    By isometriks, 6 years ago
  • Check for PRE_SUBMIT constant, if not, use PRE_BIND
    By isometriks, 6 years ago
  • Merge branch 'master' of github.com:isometriks/IsometriksSpamBundle.git
    By isometriks, 6 years ago
  • Remove session key, not form name. Prevents double submitting
    By isometriks, 6 years ago
  • Removed some old references to getData, using session now so no longer needed.
    By isometriks, 6 years ago
  • Add installation instructions
    By isometriks, 6 years ago
  • Trailing whitespace removed
    By isometriks, 6 years ago
  • Fixed the session key to use namespacing
    By isometriks, 6 years ago
  • Update README.md
    By isometriks, 6 years ago
  • Update README.md
    By isometriks, 6 years ago
  • Merge branch 'add-honeypot'
    By isometriks, 6 years ago
  • Add honeypot spam prevention
    By isometriks, 6 years ago
  • Fixed psr-0 problem
    By isometriks, 6 years ago
  • Added composer.json
    By isometriks, 6 years ago
  • Once a form has been checked for its valid time window, remove the time from the form in case the form isn't re-rendered. It would only reset the form time if you re-rendered the form with errors etc.
    By isometriks, 6 years ago