A spam protector and form field using Google's reCAPTCHA v2 or optionally a foundation v3 implementation
Adds a "spam protection" field to SilverStripe userforms using Google's
reCAPTCHA service.
composer require undefinedoffset/silverstripe-nocaptcha
After installing the module via composer or manual install you must set the spam
protector to NocaptchaProtector, this needs to be set in your site's config file
normally this is mysite/_config/config.yml.
SilverStripe\SpamProtection\Extension\FormSpamProtectionExtension:
default_spam_protector: UndefinedOffset\NoCaptcha\Forms\NocaptchaProtector
Finally, add the "spam protection" field to your form by calling
enableSpamProtection()
on the form object.
$form->enableSpamProtection();
There are multiple configuration options for the field, you must set the
site_key and the secret_key which you can get from the reCAPTCHA
page. These configuration options must be
added to your site's yaml config typically this is mysite/_config/config.yml.
UndefinedOffset\NoCaptcha\Forms\NocaptchaField:
site_key: "YOUR_SITE_KEY" #Your site key (required)
secret_key: "YOUR_SECRET_KEY" #Your secret key (required)
recaptcha_version: 2 # 2 or 3
minimum_score: 0.2 # minimum spam score to achieve. Any less is blocked
verify_ssl: true #Allows you to disable php-curl's SSL peer verification by setting this to false (optional, defaults to true)
default_theme: "light" #Default theme color (optional, light or dark, defaults to light)
default_type: "image" #Default captcha type (optional, image or audio, defaults to image)
default_size: "normal" #Default size (optional, normal, compact or invisible, defaults to normal)
default_badge: "bottomright" #Default badge position (bottomright, bottomleft or inline, defaults to bottomright)
proxy_server: "" #Your proxy server address (optional)
proxy_port: "" #Your proxy server address port (optional)
proxy_auth: "" #Your proxy server authentication information (optional)
# The following options can also be specified through Environment variables with Injector config
SilverStripe\Core\Injector\Injector:
UndefinedOffset\NoCaptcha\Forms\NocaptchaField:
properties:
SiteKey: '`SS_NOCAPTCHA_SITE_KEY`'
SecretKey: '`SS_NOCAPTCHA_SECRET_KEY`'
ProxyServer: '`SS_OUTBOUND_PROXY`'
ProxyPort: '`SS_OUTBOUND_PROXY_PORT`'
ProxyAuth: '`SS_OUTBOUND_PROXY_AUTH`'
If you want to add a field label or help text to the Captcha field you can do so
like this:
$form->enableSpamProtection()
->fields()->fieldByName('Captcha')
->setTitle("Spam protection")
->setDescription("Please tick the box to prove you're a human and help us stop spam.");
When your using the
silverstripe/comments
module you must add the following (per their documentation) to your _config.php
in order to use nocaptcha/spamprotection on comment forms.
CommentingController::add_extension('CommentSpamProtection');
If you wish to manually retrieve the Site Verify response in you form action use
the getVerifyResponse()
method
function doSubmit($data, $form) {
$captchaResponse = $form->Fields()->fieldByName('Captcha')->getVerifyResponse();
// $captchaResponse = array (size=5) [
// 'success' => boolean true
// 'challenge_ts' => string '2020-09-08T20:48:34Z' (length=20)
// 'hostname' => string 'localhost' (length=9)
// 'score' => float 0.9
// 'action' => string 'submit' (length=6)
// ];
}
ReCAPTCHA v3 is different to v2, users won't be presented with a "Are you a
robot?" checkbox, instead user actions are returned a spam score 0.0 to 1.0 when
they submit the form. Out of the box, this module will block any submission with
a spam score of <= 0.4 but this can be tailored either site-wide using the
Config API
UndefinedOffset\NoCaptcha\Forms\NocaptchaField:
minimum_score: 0.2
Or on a per form basis:
$captchaField = $form->Fields()->fieldByName('Captcha')-
$captchaField->setMinimumScore(0.2);
For more information about version 3, including how to implement custom actions
see https://developers.google.com/recaptcha/docs/v3
When you're reporting an issue please ensure you specify what version of
SilverStripe you are using i.e. 3.1.3, 3.2beta, master etc. Also be sure to
include any JavaScript or PHP errors you receive, for PHP errors please ensure
you include the full stack trace. Also please include how you produced the
issue. You may also be asked to provide some of the classes to aid in
re-producing the issue. Stick with the issue, remember that you seen the issue
not the maintainer of the module so it may take allot of questions to arrive at
a fix or answer.
Module rating system helping users find modules that are well supported. For more on how the rating system works visit Module standards
Score not correct? Let us know there is a problem