Spam protection module for SilverStripe CMS
PHP
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
.tx Add transifex config May 26, 2015
_config FIX Typo in userforms form field class name Aug 28, 2017
code FIX Ensure getIcon returns exposed resource URL for icon Nov 2, 2017
images BUGFIX: Fixed replaced deprecated FieldSet() with FieldList() Jul 6, 2012
lang ENHANCEMENT Check and make updates for SS4 compatability Dec 19, 2017
tests FIX Ensure getIcon returns exposed resource URL for icon Nov 2, 2017
.editorconfig Added standard editor config Nov 19, 2015
.gitattributes Update usage examples in readme, minor fixes in travis configuration … Aug 28, 2017
.gitignore Ignore .DS_Store Feb 10, 2014
.scrutinizer.yml Added standard Scrutinizer config Nov 21, 2015
.travis.yml ENHANCEMENT Check and make updates for SS4 compatability Dec 19, 2017
.upgrade.yml Add upgrader mapping file Aug 28, 2017
README.md Removed still unsupported Invisible reCaptcha from README Apr 5, 2018
_config.php SilverStripe 4 and Namespacing Aug 28, 2017
changelog.md Update changelog for 2.0.4 release May 18, 2016
code-of-conduct.md Added standard code of conduct Nov 21, 2015
codecov.yml Update Travis configuration to be standalone, add codecov.io, update … Aug 28, 2017
composer.json FIX Vendorise module, update CI to include userforms Nov 2, 2017
license.md Update Travis configuration to be standalone, add codecov.io, update … Aug 28, 2017
phpcs.xml.dist ENHANCEMENT Check and make updates for SS4 compatability Dec 19, 2017
phpunit.xml.dist FIX convert CI bootstrap references to new their new locations in vendor Oct 4, 2017

README.md

SpamProtection Module

Build Status Scrutinizer Code Quality Code Coverage

Maintainer Contact

  • Saophalkun Ponlu <phalkunz (at) silverstripe (dot) com>

  • Will Rossiter <will (at) fullscreen (dot) io>

Requirements

SilverStripe 4.0+

Note: For SilverStripe 3.x, please use the 2.x release line.

Install

To install run composer require silverstripe/spamprotection.

Documentation

This module provides a generic, consistent API for adding spam protection to your SilverStripe Forms. This does not provide any spam protection out of the box. For that, you must also download one of the spam protection implementations. Currently available options are:

As a developer you can also provide your own protector by creating a class which implements the \SilverStripe\SpamProtection\SpamProtector interface. More on that below.

Configuring

After installing this module and a protector of your choice (i.e mollom) you'll need to rebuild your database through dev/build and set the default protector via SilverStripe's config system. This will update any Form instances that have spam protection hooks with that protector.

mysite/_config/spamprotection.yml

---
name: mycustomspamprotection
---
SilverStripe\SpamProtection\Extension\FormSpamProtectionExtension:
  default_spam_protector: MollomSpamProtector

To add spam protection to your form instance call enableSpamProtection.

// your existing form code
$form = new Form(/* .. */);
$form->enableSpamProtection();

The logic to perform the actual spam validation is controlled by each of the individual SpamProtector implementations since they each require a different implementation client side or server side.

Options

enableSpamProtection takes a hash of optional configuration values.

$form->enableSpamProtection(array(
    'protector' => MathSpamProtector::class,
    'name' => 'Captcha'
));

Options to configure are:

  • protector: a class name string or class instance which implements \SilverStripe\SpamProtection\SpamProtector. Defaults to your SilverStripe\SpamProtection\Extension\FormSpamProtectionExtension.default_spam_protector value.

  • name: the form field name argument for the Captcha. Defaults to Captcha.

  • title: title of the Captcha form field. Defaults to ''

  • insertBefore: name of existing field to insert the spam protection field prior to

  • mapping: an array mapping of the Form fields to the standardised list of field names. The list of standardised fields to pass to the spam protector are:

title
body
contextUrl
contextTitle
authorName
authorMail
authorUrl
authorIp
authorId

Defining your own SpamProtector

Any class that implements \SilverStripe\SpamProtection\SpamProtector and the getFormField() method can be set as the spam protector. The getFormField() method returns the FormField to be inserted into the Form. The FormField returned should be in charge of the validation process.

<?php

use CaptchaField;
use SilverStripe\SpamProtection\SpamProtector;

class CustomSpamProtector implements SpamProtector
{
    public function getFormField($name = null, $title = null, $value = null)
    {
        // CaptchaField is an imagined class which has some functionality.
        // See silverstripe-mollom module for an example.
        return new CaptchaField($name, $title, $value);
	}
}

Using Spam Protection with User Forms

This module provides an EditableSpamProtectionField wrapper which you can add to your UserForm instances. After installing this module and running /dev/build to rebuild the database, your Form Builder interface will have an option for Spam Protection Field. The type of spam protection used will be based on your currently selected SpamProtector instance.

Releasing code with Spam Protection support

Spam protection is useful to provide but in some cases we do not want to require the developer to use spam protection. In that case, modules can provide the following pattern:

use SilverStripe\Forms\Form;
use SilverStripe\SpamProtection\Extension\FormSpamProtectionExtension;

$form = new Form(/* .. */);

if ($form->hasExtension(FormSpamProtectionExtension::class)) {
    $form->enableSpamProtection();
}