How to set up SPAM protection
Do a time based check
Sometimes CAPTCHA images aren't possible in your form. Either because the client doesn't want them or because the website must be accessbile or because they are simply ugly.
Formhandler has another way of checking for SPAM attempts. Interceptor\AntiSpamFormTime checks the time the user needs to fill out the form. If it takes only a few seconds, it is a SPAM bot.
All you have to do is to add a special hidden field to your form holding the timestamp the form is created and to add and configure the Interceptor.
<input type="hidden" name="###formValuesPrefix###[formtime]" value="###TIMESTAMP###" />
###formValuesPrefix### is replaced with the prefix set in TypoScript.
###TIMESTAMP### is replaced with the UNIX timestamp of the form creation time.
plugin.Tx_Formhandler.settings {
saveInterceptors {
10.class = Interceptor\AntiSpamFormTime
10.config {
# ID of a page to redirect SPAM bots to
redirectPage = 123
minTime.value = 3
minTime.unit = seconds
}
}
}
Enabling captcha for your form
1. Make sure that the extension "captcha" is installed
2. Add the input field and the required marker to your template:
###error_captchafield### ###CAPTCHA### <input type="text" name="formhandler[captchafield]" />
3. Add an error check for this field in TypoScript:
plugin.Tx_Formhandler.settings.validators.1 {
class = Validator\DefaultValidator
config {
fieldConf {
captchafield.errorCheck.1 = captcha
}
}
}
Enabling sr_freecap for your form
1. Make sure that the extension "sr_freecap" is installed
2. Add the required subpart to your template. You can change the name of the input field and any of the HTML code:
<!--###CAPTCHA_INSERT### this subpart is removed if CAPTCHA is not enabled! --> <div> <label for="freecapfield">###SR_FREECAP_NOTICE###</label> <div class="clear"></div> ###SR_FREECAP_CANT_READ### <div class="clear"></div> <input type="text" size="15" id="freecapfield" name="formhandler[freecapfield]" title="###SR_FREECAP_NOTICE###" value=""> ###SR_FREECAP_IMAGE### </div> <!--###CAPTCHA_INSERT###-->
3. Add an error check for this field in TypoScript:
plugin.Tx_Formhandler.settings.validators.1 {
class = Validator\DefaultValidator
config {
fieldConf {
freecapfield.errorCheck.1 = srFreecap
}
}
}
Enabling jm_recaptcha for your form
1. Make sure that the extension "jm_recaptcha" is installed
2. Create an account at recaptcha.net to receive a public and a private key for your domain.
3. Enter the keys received from recaptcha.net in TypoScript:
plugin.tx_jmrecaptcha {
public_key = xxx
private_key = xxx
captcha_type = recaptcha # or nocaptcha
}
#If you selected "nocaptcha", you have to add a JS file yourself:
page.headerData.123451123 = TEXT
page.headerData.123451123.value = <script src="https://www.google.com/recaptcha/api.js" async defer></script>
4. Add a marker to the template:
###error_recaptcha_response_field### ###RECAPTCHA###
5. Add an error check for this field in TypoScript:
plugin.Tx_Formhandler.settings.validators.1 {
class = Validator\DefaultValidator
config {
fieldConf {
recaptcha_response_field.errorCheck.1 = jmRecaptcha
}
}
}
Enabling mathGuard for your form
1. Make sure the extension "mathguard" is installed.
2. Add a marker to the template
###error_mathguard_answer### ###MATHGUARD###
2. Add an error check for this field in TypoScript:
plugin.Tx_Formhandler.settings.validators.1 {
class = Validator\DefaultValidator
config {
fieldConf {
mathguard_answer.errorCheck.1 = mathGuard
}
}
}
Honeypots, referer checks, ...
If you want to add honeypot fields, check the referer, check for enabled JavaScript or other possible stuff, check out extensions like spamshield. They will add the hidden fields automatically to your forms and do the checks. There is no need for Formhandler to get involved. :-)
If you want to use wt_spamshield for your Formhandler form, you can use the extension wt_spamshield_formhandler.