├── tests
    ├── .gitkeep
    ├── bootstrap.php
    ├── HoneypotTest.php
    └── HoneypotValidatorTest.php
├── .gitignore
├── src
    ├── lang
    │   ├── tr
    │   │   └── validation.php
    │   ├── en
    │   │   └── validation.php
    │   ├── es
    │   │   └── validation.php
    │   ├── de
    │   │   └── validation.php
    │   ├── nl
    │   │   └── validation.php
    │   ├── pt-br
    │   │   └── validation.php
    │   └── fr
    │   │   └── validation.php
    └── Msurguy
    │   └── Honeypot
    │       ├── HoneypotFacade.php
    │       ├── HoneypotServiceProvider.php
    │       └── Honeypot.php
├── .travis.yml
├── phpunit.xml
├── LICENSE
├── composer.json
└── README.md


/tests/.gitkeep:
--------------------------------------------------------------------------------
1 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | /vendor
2 | composer.phar
3 | composer.lock
4 | .DS_Store
5 | .idea
6 | 


--------------------------------------------------------------------------------
/src/lang/tr/validation.php:
--------------------------------------------------------------------------------
1 | <?php
2 | 
3 | return array(
4 |     'honeypot'  => 'Spam algınlandı',
5 |     'honeytime' => 'Lütfen daha sonra tekrar deneyin',
6 | );
7 | 


--------------------------------------------------------------------------------
/src/lang/en/validation.php:
--------------------------------------------------------------------------------
1 | <?php
2 | 
3 | return array(
4 |     'honeypot'  => 'Spam has been detected',
5 |     'honeytime' => 'Please wait until submitting the form again',
6 | );


--------------------------------------------------------------------------------
/src/lang/es/validation.php:
--------------------------------------------------------------------------------
1 | <?php
2 | 
3 | return array(
4 |     'honeypot'  => 'Se ha detectado Spam',
5 |     'honeytime' => 'Por favor espera antes de enviar el formulario de nuevo',
6 | );
7 | 


--------------------------------------------------------------------------------
/src/lang/de/validation.php:
--------------------------------------------------------------------------------
1 | <?php
2 | return array(
3 |     'honeypot'  => 'Es wurde ein Spam-Versuch erkannt',
4 |     'honeytime' => 'Bitte warten Sie mit dem erneuten Absenden des Formulars',
5 | );
6 | 


--------------------------------------------------------------------------------
/src/lang/nl/validation.php:
--------------------------------------------------------------------------------
1 | <?php
2 | 
3 | return array(
4 |     'honeypot'  => 'Er is spam gedetecteerd',
5 |     'honeytime' => 'Gelieve te wachten voordat je het formulier opnieuw kan indienen',
6 | );
7 | 


--------------------------------------------------------------------------------
/src/lang/pt-br/validation.php:
--------------------------------------------------------------------------------
1 | <?php
2 | 
3 | return array(
4 |     'honeypot'  => 'Foi detectado envio de Spam',
5 |     'honeytime' => 'Por favor, aguarde um pouco antes de enviar o formulário novamente',
6 | );
7 | 


--------------------------------------------------------------------------------
/src/lang/fr/validation.php:
--------------------------------------------------------------------------------
1 | <?php
2 | 
3 | return array(
4 |     'honeypot'  => 'Tentative de spam detectée',
5 |     'honeytime' => 'Veuillez patienter quelques instants avant de soumettre le formulaire à nouveau',
6 | );
7 | 


--------------------------------------------------------------------------------
/.travis.yml:
--------------------------------------------------------------------------------
 1 | language: php
 2 | 
 3 | php:
 4 |   - 5.3
 5 |   - 5.4
 6 |   - 5.5
 7 |   - 5.6
 8 |   - hhvm
 9 | 
10 | before_script:
11 |   - composer self-update
12 |   - composer install --prefer-source --no-interaction --dev
13 | 
14 | script: phpunit
15 | 


--------------------------------------------------------------------------------
/tests/bootstrap.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace {
 4 |     require_once __DIR__ . '/../vendor/autoload.php';
 5 | }
 6 | 
 7 | namespace Msurguy\Honeypot {
 8 | 
 9 |     /**
10 |      * Stub the time() function for tests.
11 |      *
12 |      * @return int
13 |      */
14 |     function time()
15 |     {
16 |         return 1000;
17 |     }
18 | 
19 | }
20 | 


--------------------------------------------------------------------------------
/src/Msurguy/Honeypot/HoneypotFacade.php:
--------------------------------------------------------------------------------
 1 | <?php namespace Msurguy\Honeypot;
 2 |  
 3 | use Illuminate\Support\Facades\Facade;
 4 |  
 5 | class HoneypotFacade extends Facade {
 6 |  
 7 |     /**
 8 |      * Get the registered name of the component.
 9 |      *
10 |      * @return string
11 |      */
12 |     protected static function getFacadeAccessor() { return 'honeypot'; }
13 |  
14 | }


--------------------------------------------------------------------------------
/phpunit.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <phpunit backupGlobals="false"
 3 |          backupStaticAttributes="false"
 4 |          bootstrap="tests/bootstrap.php"
 5 |          colors="true"
 6 |          convertErrorsToExceptions="true"
 7 |          convertNoticesToExceptions="true"
 8 |          convertWarningsToExceptions="true"
 9 |          processIsolation="false"
10 |          stopOnFailure="false"
11 |          syntaxCheck="false"
12 | >
13 |     <testsuites>
14 |         <testsuite name="Package Test Suite">
15 |             <directory suffix=".php">./tests/</directory>
16 |         </testsuite>
17 |     </testsuites>
18 | </phpunit>
19 | 


--------------------------------------------------------------------------------
/tests/HoneypotTest.php:
--------------------------------------------------------------------------------
 1 | <?php namespace Msurguy\Tests;
 2 | 
 3 | use Mockery;
 4 | 
 5 | class HoneypotTest extends \PHPUnit_Framework_TestCase {
 6 | 
 7 |     private $honeypot;
 8 | 
 9 |     public function setUp()
10 |     {
11 |         $this->honeypot = Mockery::mock('Msurguy\Honeypot\Honeypot[getEncryptedTime]');
12 |         $this->honeypot->shouldReceive('getEncryptedTime')->once()->andReturn('ENCRYPTED_TIME');
13 |     }
14 | 
15 |     public function tearDown()
16 |     {
17 |         Mockery::close();
18 |     }
19 | 
20 |     public function test_get_honeypot_form_html()
21 |     {
22 |         $actualHtml = $this->honeypot->generate('honey_name', 'honey_time');
23 |         $expectedHtml = '' .
24 |             '<div class="honey_name_wrap" style="display:none;"><input name="honey_name" type="text" value="" id="honey_name"/><input name="honey_time" type="text" value="ENCRYPTED_TIME"/></div>';
25 | 
26 |         $this->assertEquals($actualHtml, $expectedHtml);
27 |     }
28 | 
29 | }


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | The MIT License (MIT)
 2 | 
 3 | Copyright (c) 2014 Maksim Surguy
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.


--------------------------------------------------------------------------------
/composer.json:
--------------------------------------------------------------------------------
 1 | {
 2 |     "name": "msurguy/honeypot",
 3 |     "description": "Honeypot spam prevention",
 4 |     "license": "MIT",
 5 |     "keywords": [
 6 |         "laravel",
 7 |         "spam",
 8 |         "forms",
 9 |         "honeypot"
10 |     ],
11 |     "authors": [
12 |         {
13 |             "name": "Maksim Surguy",
14 |             "email": "m.surguy@gmail.com"
15 |         }
16 |     ],
17 |     "require": {
18 |         "php": ">=5.3.0",
19 |         "illuminate/support": "4.*|5.*|6.*|7.*|8.*|9.*|^10.0|^11.0|^12.0",
20 |         "illuminate/config": "4.*|5.*|6.*|7.*|8.*|9.*|^10.0|^11.0|^12.0",
21 |         "illuminate/translation": "4.*|5.*|6.*|7.*|8.*|9.*|^10.0|^11.0|^12.0"
22 |     },
23 |     "require-dev": {
24 |         "phpunit/phpunit": "4.0.*|^9.5.10|^10.5",
25 |         "mockery/mockery": "0.9.*|^1.4.4"
26 |     },
27 |     "autoload": {
28 |         "psr-0": {
29 |             "Msurguy\\Honeypot\\": "src/"
30 |         }
31 |     },
32 |     "minimum-stability": "dev",
33 |     "extra": {
34 |         "laravel": {
35 |             "providers": [
36 |                 "Msurguy\\Honeypot\\HoneypotServiceProvider"
37 |             ],
38 |             "aliases": {
39 |                 "Honeypot": "Msurguy\\Honeypot\\HoneypotFacade"
40 |             }
41 |         }
42 |     }
43 | }
44 | 


--------------------------------------------------------------------------------
/tests/HoneypotValidatorTest.php:
--------------------------------------------------------------------------------
 1 | <?php namespace Msurguy\Tests;
 2 | 
 3 | use Mockery;
 4 | 
 5 | class HoneypotValidatorTest extends \PHPUnit_Framework_TestCase {
 6 | 
 7 |     private $validator;
 8 | 
 9 |     public function setUp()
10 |     {
11 |         $this->validator = Mockery::mock('Msurguy\Honeypot\Honeypot[decryptTime]');
12 |     }
13 | 
14 |     /** @test */
15 |     public function it_passes_validation_when_value_is_empty()
16 |     {
17 |         $this->assertTrue(
18 |             $this->validator->validateHoneypot(null, '', null),
19 |             'Validate should pass when value is empty.'
20 |         );
21 |     }
22 | 
23 |     /** @test */
24 |     public function it_fails_validation_when_value_is_not_empty()
25 |     {
26 |         $this->assertFalse(
27 |             $this->validator->validateHoneypot(null, 'foo', null),
28 |             'Validate should fail when value is not empty.'
29 |         );
30 |     }
31 | 
32 |     /** @test */
33 |     public function it_passes_validation_when_values_are_before_current_time()
34 |     {
35 |         $this->assertTrue(
36 |             $this->validateHoneyTime(100),
37 |             'Validate should pass when values are before current time.'
38 |         );
39 |     }
40 | 
41 |     /** @test */
42 |     public function it_fails_validation_when_values_are_after_current_time()
43 |     {
44 |         $this->assertFalse(
45 |             $this->validateHoneyTime(1000),
46 |             'Validate should fail when values are after current time.'
47 |         );
48 |     }
49 | 
50 |     /** @test */
51 |     public function it_fails_validation_when_value_is_not_numeric()
52 |     {
53 |         $this->assertFalse(
54 |             $this->validateHoneyTime('bar'),
55 |             'Validate should fail when decrypted value is not numeric.'
56 |         );
57 |     }
58 | 
59 |     private function validateHoneyTime($time)
60 |     {
61 |         $this->validator
62 |             ->shouldReceive('decryptTime')
63 |             ->with('foo')->once()
64 |             ->andReturn($time);
65 | 
66 |         return $this->validator->validateHoneytime(null, 'foo', array(100), null);
67 |     }
68 | 
69 | }
70 | 


--------------------------------------------------------------------------------
/src/Msurguy/Honeypot/HoneypotServiceProvider.php:
--------------------------------------------------------------------------------
 1 | <?php namespace Msurguy\Honeypot;
 2 | 
 3 | use Illuminate\Foundation\Application;
 4 | use Illuminate\Support\ServiceProvider;
 5 | use Illuminate\Support\Str;
 6 | 
 7 | class HoneypotServiceProvider extends ServiceProvider
 8 | {
 9 | 
10 |     /**
11 |     * Indicates if loading of the provider is deferred.
12 |     *
13 |     * @var bool
14 |     */
15 |     protected $defer = false;
16 | 
17 |     /**
18 |     * Register the service provider.
19 |     *
20 |     * @return void
21 |     */
22 |     public function register()
23 |     {
24 |         $this->app->singleton('honeypot', function ($app) {
25 |             return new Honeypot;
26 |         });
27 |     }
28 | 
29 |     /**
30 |     * Bootstrap the application events.
31 |     *
32 |     * @return void
33 |     */
34 |     public function boot()
35 |     {
36 |         if ($this->isLaravelMinimumVersion(5)) {
37 |             $this->loadTranslationsFrom(__DIR__ . '/../../lang', 'honeypot');
38 |         } else {
39 |             $this->package('msurguy/honeypot');
40 |         }
41 | 
42 |         $this->app->booted(function ($app) {
43 | 
44 |             // Get validator and translator
45 |             $validator = $app['validator'];
46 |             $translator = $app['translator'];
47 | 
48 |             // Add honeypot and honeytime custom validation rules
49 |             $validator->extend('honeypot', 'honeypot@validateHoneypot', $translator->get('honeypot::validation.honeypot'));
50 |             $validator->extend('honeytime', 'honeypot@validateHoneytime', $translator->get('honeypot::validation.honeytime'));
51 |         });
52 |     }
53 | 
54 |     /**
55 |     * Get the services provided by the provider.
56 |     *
57 |     * @return array
58 |     */
59 |     public function provides()
60 |     {
61 |         return array('honeypot');
62 |     }
63 | 
64 |     /**
65 |      * Determine if Laravel version is at least the given version.
66 |      *
67 |      * @param  string|array  $minimumVersion
68 |      * @return boolean
69 |      */
70 |     protected function isLaravelMinimumVersion($minimumVersion)
71 |     {
72 |         return (float)Application::VERSION >= $minimumVersion;
73 |     }
74 | }
75 | 


--------------------------------------------------------------------------------
/src/Msurguy/Honeypot/Honeypot.php:
--------------------------------------------------------------------------------
  1 | <?php namespace Msurguy\Honeypot;
  2 | 
  3 | use Crypt;
  4 | 
  5 | class Honeypot {
  6 | 
  7 |     protected $disabled = false;
  8 | 
  9 |     /**
 10 |      * Enable the Honeypot validation
 11 |      */
 12 |     public function enable()
 13 |     {
 14 |         $this->disabled = false;
 15 |     }
 16 | 
 17 |     /**
 18 |      * Disable the Honeypot validation
 19 |      */
 20 |     public function disable()
 21 |     {
 22 |         $this->disabled = true;
 23 |     }
 24 | 
 25 |     /**
 26 |      * Generate a new honeypot and return the form HTML
 27 |      * @param  string $honey_name
 28 |      * @param  string $honey_time
 29 |      * @return string
 30 |      */
 31 |     public function generate($honey_name, $honey_time)
 32 |     {
 33 |         // Encrypt the current time
 34 |         $honey_time_encrypted = $this->getEncryptedTime();
 35 | 
 36 |         $html = '<div class="' . $honey_name . '_wrap" style="display:none;"><input name="' . $honey_name . '" type="text" value="" id="' . $honey_name . '"/><input name="' . $honey_time . '" type="text" value="' . $honey_time_encrypted . '"/></div>';
 37 | 
 38 |         return $html;
 39 |     }
 40 | 
 41 |     /**
 42 |     * Validate honeypot is empty
 43 |     *
 44 |     * @param  string $attribute
 45 |     * @param  mixed $value
 46 |     * @param  array $parameters
 47 |     * @return boolean
 48 |     */
 49 |     public function validateHoneypot($attribute, $value, $parameters)
 50 |     {
 51 |         if ($this->disabled) {
 52 |             return true;
 53 |         }
 54 | 
 55 |         return $value == '';
 56 |     }
 57 | 
 58 |     /**
 59 |      * Validate honey time was within the time limit
 60 |      *
 61 |      * @param  string $attribute
 62 |      * @param  mixed $value
 63 |      * @param  array $parameters
 64 |      * @return boolean
 65 |      */
 66 |     public function validateHoneytime($attribute, $value, $parameters)
 67 |     {
 68 |         if ($this->disabled) {
 69 |             return true;
 70 |         }
 71 |         
 72 |         // Get the decrypted time
 73 |         $value = $this->decryptTime($value);
 74 | 
 75 |         // The current time should be greater than the time the form was built + the speed option
 76 |         return ( is_numeric($value) && time() > ($value + $parameters[0]) );
 77 |     }
 78 | 
 79 |     /**
 80 |      * Get encrypted time
 81 |      * @return string
 82 |      */
 83 |     public function getEncryptedTime()
 84 |     {
 85 |         return Crypt::encrypt(time());
 86 |     }
 87 | 
 88 |     /**
 89 |      * Decrypt the given time
 90 |      *
 91 |      * @param  mixed $time
 92 |      * @return string|null
 93 |      */
 94 |     public function decryptTime($time)
 95 |     {
 96 |         // Laravel will throw an uncaught exception if the value is empty
 97 |         // We will try and catch it to make it easier on users.
 98 |     	try {
 99 |             return Crypt::decrypt($time);
100 |     	}
101 |     	catch (\Exception $exception)
102 |         {
103 |             return null;
104 |         }
105 |     }
106 | 
107 | }
108 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | Honeypot spam prevention for Laravel applications
 2 | =========
 3 | 
 4 | ## How does it work? 
 5 | 
 6 | "Honeypot" method of spam prevention is a simple and effective way to defer some of the spam bots that come to your site. This technique is based on creating an input field that should be left empty by the real users of the application but will most likely be filled out by spam bots. 
 7 | 
 8 | This package creates a hidden DIV with two fields in it, honeypot field (like "my_name") and a honeytime field - an encrypted timestamp that marks the moment when the page was served to the user. When the form containing these inputs invisible to the user is submitted to your application, a custom validator that comes with the package checks that the honeypot field is empty and also checks the time it took for the user to fill out the form. If the form was filled out too quickly (i.e. less than 5 seconds) or if there was a value put in the honeypot field, this submission is most likely from a spam bot.
 9 | 
10 | ## Installation:
11 | 
12 | In your terminal type : `composer require msurguy/honeypot`. Or open up composer.json and add the following line under "require":
13 | 
14 |     {
15 |         "require": {
16 |             "msurguy/honeypot": "^1.0"
17 |         }
18 |     }
19 | 
20 | Next, add this line to 'providers' section of the app config file in `app/config/app.php`:
21 | 
22 |     'Msurguy\Honeypot\HoneypotServiceProvider',
23 | 
24 | Add the honeypot facade:
25 | 
26 |     'Honeypot' => 'Msurguy\Honeypot\HoneypotFacade'
27 | 
28 | At this point the package is installed and you can use it as follows.
29 | 
30 | ## Usage :
31 | 
32 | Add the honeypot catcher to your form by inserting `Honeypot::generate(..)` like this: 
33 | 
34 | Laravel 5 & above:
35 | 
36 |     {!! Form::open('contact') !!}
37 |         ...
38 |         {!! Honeypot::generate('my_name', 'my_time') !!}
39 |         ...
40 |     {!! Form::close() !!}
41 |     
42 | Other Laravel versions:
43 | 
44 |     {{ Form::open('contact') }}
45 |         ...
46 |         {{ Honeypot::generate('my_name', 'my_time') }}
47 |         ...
48 |     {{ Form::close() }}
49 | 
50 | The `generate` method will output the following HTML markup (`my_time` field will contain an encrypted timestamp):
51 |     
52 |     <div id="my_name_wrap" style="display:none;">
53 |         <input name="my_name" type="text" value="" id="my_name">
54 |         <input name="my_time" type="text" value="eyJpdiI6IkxoeWhKc3prN2puZllEajRwZ3lrc0I5bU42bUFWbzF1NEVVOEhxbG9WcFE9IiwidmFsdWUiOiJxNEtBT0NpYW5lUjJvWXp6VE45a1U0V3dNbk9Jd2RUNW42NFpiQWtTRllRPSIsIm1hYyI6IjAyMWQ0NWI1NTVkYTBjZTAxMTdhZmJmNTY0ZDI4Nzg4NzU3ODU4MjM1Y2MxNTVkYjAwNmFhNzBmNTdlNmJmMjkifQ==">
55 |     </div>
56 | 
57 | After adding the honeypot fields in the markup with the specified macro add the validation for the honeypot and honeytime fields of the form: 
58 | 
59 |     $rules = array(
60 |         'email'     => "required|email",
61 |         ...
62 |         'my_name'   => 'honeypot',
63 |         'my_time'   => 'required|honeytime:5'
64 |     );
65 | 
66 |     $validator = Validator::make(Input::get(), $rules);
67 | 
68 | Please note that "honeytime" takes a parameter specifying number of seconds it should take for the user to fill out the form. If it takes less time than that the form is considered a spam submission.
69 | 
70 | That's it! Enjoy getting less spam in your inbox. If you need stronger spam protection, consider using [Akismet](https://github.com/kenmoini/akismet) or [reCaptcha](https://github.com/dontspamagain/recaptcha)   
71 | 
72 | ## Testing
73 | 
74 | If you want to test the submission of a form using this package, you might want to disable Honeypot so that the validation passes. To do so, simply call the `disable()` method in your test:
75 | 
76 |     Honeypot::disable();
77 | 
78 |     $this->visit('contact')
79 |         ->type('User', 'name')
80 |         ->type('user@email.com', 'email')
81 |         ->type('Hello World', 'message')
82 |         ->press('submit')
83 |         ->see('Your message has been sent!');
84 | 
85 | ## Credits
86 | 
87 | Based on work originally created by Ian Landsman: <https://github.com/ianlandsman/Honeypot>
88 | 
89 | ## License
90 | 
91 | This work is MIT-licensed by Maksim Surguy.
92 | 


--------------------------------------------------------------------------------