silverstripe-spamprotection/README.md

# SpamProtection Module

[![CI](https://github.com/silverstripe/silverstripe-spamprotection/actions/workflows/ci.yml/badge.svg)](https://github.com/silverstripe/silverstripe-spamprotection/actions/workflows/ci.yml)
[![Silverstripe supported module](https://img.shields.io/badge/silverstripe-supported-0071C4.svg)](https://www.silverstripe.org/software/addons/silverstripe-commercially-supported-module-list/)

## Maintainer Contact

 * Saophalkun Ponlu
   <phalkunz (at) silverstripe (dot) com>

 * Will Rossiter
   <will (at) fullscreen (dot) io>

## Requirements

Silverstripe 4.0+

**Note:** For Silverstripe 3.x, please use the [2.x release line](https://github.com/silverstripe/silverstripe-spamprotection/tree/2.0).

## Install

To install run `composer require silverstripe/spamprotection`.

## Documentation

This module provides a generic, consistent API for adding spam protection to
your Silverstripe Forms. This does not provide any spam protection out of the
box. For that, you must also download one of the spam protection
implementations. Currently available options are:

* reCAPTCHA v2 (two implementations: [one](https://github.com/chillu/silverstripe-recaptcha), [two](https://github.com/UndefinedOffset/silverstripe-nocaptcha))
* [MathSpamProtection](https://github.com/silverstripe/silverstripe-mathspamprotection)
* [Akismet](https://github.com/silverstripe/silverstripe-akismet)
* [Mollom](https://github.com/silverstripe-archive/silverstripe-mollom)

As a developer you can also provide your own protector by creating a class which
implements the `\SilverStripe\SpamProtection\SpamProtector` interface. More on that below.

## Configuring

After installing this module and a protector of your choice (i.e mollom) you'll
need to rebuild your database through `dev/build` and set the default protector
via SilverStripe's config system. This will update any Form instances that have
spam protection hooks with that protector.

*mysite/_config/spamprotection.yml*

```yaml
---
name: mycustomspamprotection
---
SilverStripe\SpamProtection\Extension\FormSpamProtectionExtension:
  default_spam_protector: MollomSpamProtector
```

To add spam protection to your form instance call `enableSpamProtection`.

```php
// your existing form code
$form = new Form(/* .. */);
$form->enableSpamProtection();
```

The logic to perform the actual spam validation is controlled by each of the
individual `SpamProtector` implementations since they each require a different
implementation client side or server side.

### Options

`enableSpamProtection` takes a hash of optional configuration values.

```php
$form->enableSpamProtection(array(
    'protector' => MathSpamProtector::class,
    'name' => 'Captcha'
));
```

Options to configure are:

* `protector`: a class name string or class instance which implements
`\SilverStripe\SpamProtection\SpamProtector`. Defaults to your
`SilverStripe\SpamProtection\Extension\FormSpamProtectionExtension.default_spam_protector` value.

* `name`: the form field name argument for the Captcha. Defaults to `Captcha`.
* `title`: title of the Captcha form field. Defaults to `''`
* `insertBefore`: name of existing field to insert the spam protection field prior to
* `mapping`: an array mapping of the Form fields to the standardised list of
field names. The list of standardised fields to pass to the spam protector are:

```
title
body
contextUrl
contextTitle
authorName
authorMail
authorUrl
authorIp
authorId
```

## Defining your own `SpamProtector`

Any class that implements `\SilverStripe\SpamProtection\SpamProtector` and the `getFormField()` method can
be set as the spam protector. The `getFormField()` method returns the
`FormField` to be inserted into the `Form`. The `FormField` returned should be
in charge of the validation process.

```php
<?php

use CaptchaField;
use SilverStripe\SpamProtection\SpamProtector;

class CustomSpamProtector implements SpamProtector
{
    public function getFormField($name = null, $title = null, $value = null)
    {
        // CaptchaField is an imagined class which has some functionality.
        // See silverstripe-mollom module for an example.
        return new CaptchaField($name, $title, $value);
	}
}
```

## Using Spam Protection with User Forms

This module provides an `EditableSpamProtectionField` wrapper which you can add
to your UserForm instances. After installing this module and running `/dev/build`
to rebuild the database, your Form Builder interface will have an option for
`Spam Protection Field`. The type of spam protection used will be based on your
currently selected SpamProtector instance.

## Releasing code with Spam Protection support

Spam protection is useful to provide but in some cases we do not want to require
the developer to use spam protection. In that case, modules can provide the
following pattern:

```php
use SilverStripe\Forms\Form;
use SilverStripe\SpamProtection\Extension\FormSpamProtectionExtension;

$form = new Form(/* .. */);

if ($form->hasExtension(FormSpamProtectionExtension::class)) {
    $form->enableSpamProtection();
}
```
MINOR: Updated documentation and converted readme to markdown 2010-06-10 04:31:06 +02:00			`# SpamProtection Module`

MNT Use GitHub Actions CI 2022-07-05 09:07:16 +02:00			`[![CI](https://github.com/silverstripe/silverstripe-spamprotection/actions/workflows/ci.yml/badge.svg)](https://github.com/silverstripe/silverstripe-spamprotection/actions/workflows/ci.yml)`
MNT Standardise modules 2022-08-01 00:46:51 +02:00			`[![Silverstripe supported module](https://img.shields.io/badge/silverstripe-supported-0071C4.svg)](https://www.silverstripe.org/software/addons/silverstripe-commercially-supported-module-list/)`
Add travis 2014-02-10 08:55:38 +01:00
MINOR: Updated documentation and converted readme to markdown 2010-06-10 04:31:06 +02:00			`## Maintainer Contact`
MINOR: update documentation 2010-06-29 07:49:00 +02:00
MINOR: Updated documentation and converted readme to markdown 2010-06-10 04:31:06 +02:00			`* Saophalkun Ponlu`
			`<phalkunz (at) silverstripe (dot) com>`

			`* Will Rossiter`
Update Readme.md 2012-09-07 11:25:15 +02:00			`<will (at) fullscreen (dot) io>`
MINOR: Updated documentation and converted readme to markdown 2010-06-10 04:31:06 +02:00
			`## Requirements`

MNT Standardise modules 2022-08-01 00:46:51 +02:00			`Silverstripe 4.0+`
ENHANCEMENT Check and make updates for SS4 compatability 2017-12-19 03:36:59 +01:00
MNT Standardise modules 2022-08-01 00:46:51 +02:00			`Note: For Silverstripe 3.x, please use the [2.x release line](https://github.com/silverstripe/silverstripe-spamprotection/tree/2.0).`
ENHANCEMENT Check and make updates for SS4 compatability 2017-12-19 03:36:59 +01:00
			`## Install`

			To install run `composer require silverstripe/spamprotection`.
MINOR: Updated documentation and converted readme to markdown 2010-06-10 04:31:06 +02:00
			`## Documentation`

Update Travis configuration to be standalone, add codecov.io, update license year 2017-08-28 00:27:53 +02:00			`This module provides a generic, consistent API for adding spam protection to`
MNT Standardise modules 2022-08-01 00:46:51 +02:00			`your Silverstripe Forms. This does not provide any spam protection out of the`
DOCS Add namespaces to class references in readme, fix typos 2017-09-04 23:40:17 +02:00			`box. For that, you must also download one of the spam protection`
API: Use config / extension APIs Overhaul of spam protection to use an extension on Form rather than the SpamProtectorManager. More fluent interface and easier to replace the built in spam protection api with an alternative. 2014-02-10 08:53:59 +01:00			`implementations. Currently available options are:`
MINOR: Updated documentation and converted readme to markdown 2010-06-10 04:31:06 +02:00
Removed still unsupported Invisible reCaptcha from README UndefinedOffset's plugin actually supports reCAPTCHA v2 (a.k.a. NoCaptcha), same as chillu's, so I merged them into one line. 2018-04-05 08:09:30 +02:00			`* reCAPTCHA v2 (two implementations: [one](https://github.com/chillu/silverstripe-recaptcha), [two](https://github.com/UndefinedOffset/silverstripe-nocaptcha))`
API: Use config / extension APIs Overhaul of spam protection to use an extension on Form rather than the SpamProtectorManager. More fluent interface and easier to replace the built in spam protection api with an alternative. 2014-02-10 08:53:59 +01:00			`* [MathSpamProtection](https://github.com/silverstripe/silverstripe-mathspamprotection)`
DOCS Add namespaces to class references in readme, fix typos 2017-09-04 23:40:17 +02:00			`* [Akismet](https://github.com/silverstripe/silverstripe-akismet)`
			`* [Mollom](https://github.com/silverstripe-archive/silverstripe-mollom)`
MINOR: Updated documentation and converted readme to markdown 2010-06-10 04:31:06 +02:00
API: Use config / extension APIs Overhaul of spam protection to use an extension on Form rather than the SpamProtectorManager. More fluent interface and easier to replace the built in spam protection api with an alternative. 2014-02-10 08:53:59 +01:00			`As a developer you can also provide your own protector by creating a class which`
DOCS Add namespaces to class references in readme, fix typos 2017-09-04 23:40:17 +02:00			implements the `\SilverStripe\SpamProtection\SpamProtector` interface. More on that below.
MINOR: Updated documentation and converted readme to markdown 2010-06-10 04:31:06 +02:00
API: Use config / extension APIs Overhaul of spam protection to use an extension on Form rather than the SpamProtectorManager. More fluent interface and easier to replace the built in spam protection api with an alternative. 2014-02-10 08:53:59 +01:00			`## Configuring`
MINOR: Updated documentation and converted readme to markdown 2010-06-10 04:31:06 +02:00
Update Travis configuration to be standalone, add codecov.io, update license year 2017-08-28 00:27:53 +02:00			`After installing this module and a protector of your choice (i.e mollom) you'll`
			need to rebuild your database through `dev/build` and set the default protector
API: Use config / extension APIs Overhaul of spam protection to use an extension on Form rather than the SpamProtectorManager. More fluent interface and easier to replace the built in spam protection api with an alternative. 2014-02-10 08:53:59 +01:00			`via SilverStripe's config system. This will update any Form instances that have`
			`spam protection hooks with that protector.`

			`mysite/_config/spamprotection.yml`

Update usage examples in readme, minor fixes in travis configuration and gitattributes 2017-08-28 00:57:30 +02:00			```yaml
			`---`
ENHANCEMENT Check and make updates for SS4 compatability 2017-12-19 03:36:59 +01:00			`name: mycustomspamprotection`
Update usage examples in readme, minor fixes in travis configuration and gitattributes 2017-08-28 00:57:30 +02:00			`---`
			`SilverStripe\SpamProtection\Extension\FormSpamProtectionExtension:`
			`default_spam_protector: MollomSpamProtector`
			```
API: Use config / extension APIs Overhaul of spam protection to use an extension on Form rather than the SpamProtectorManager. More fluent interface and easier to replace the built in spam protection api with an alternative. 2014-02-10 08:53:59 +01:00
			To add spam protection to your form instance call `enableSpamProtection`.
Update Travis configuration to be standalone, add codecov.io, update license year 2017-08-28 00:27:53 +02:00
Update usage examples in readme, minor fixes in travis configuration and gitattributes 2017-08-28 00:57:30 +02:00			```php
			`// your existing form code`
			`$form = new Form(/* .. */);`
			`$form->enableSpamProtection();`
			```
API: Use config / extension APIs Overhaul of spam protection to use an extension on Form rather than the SpamProtectorManager. More fluent interface and easier to replace the built in spam protection api with an alternative. 2014-02-10 08:53:59 +01:00
Update Travis configuration to be standalone, add codecov.io, update license year 2017-08-28 00:27:53 +02:00			`The logic to perform the actual spam validation is controlled by each of the`
DOCS Add namespaces to class references in readme, fix typos 2017-09-04 23:40:17 +02:00			individual `SpamProtector` implementations since they each require a different
API: Use config / extension APIs Overhaul of spam protection to use an extension on Form rather than the SpamProtectorManager. More fluent interface and easier to replace the built in spam protection api with an alternative. 2014-02-10 08:53:59 +01:00			`implementation client side or server side.`

			`### Options`

Update Travis configuration to be standalone, add codecov.io, update license year 2017-08-28 00:27:53 +02:00			`enableSpamProtection` takes a hash of optional configuration values.
API: Use config / extension APIs Overhaul of spam protection to use an extension on Form rather than the SpamProtectorManager. More fluent interface and easier to replace the built in spam protection api with an alternative. 2014-02-10 08:53:59 +01:00
Update usage examples in readme, minor fixes in travis configuration and gitattributes 2017-08-28 00:57:30 +02:00			```php
			`$form->enableSpamProtection(array(`
			`'protector' => MathSpamProtector::class,`
			`'name' => 'Captcha'`
			`));`
			```
API: Use config / extension APIs Overhaul of spam protection to use an extension on Form rather than the SpamProtectorManager. More fluent interface and easier to replace the built in spam protection api with an alternative. 2014-02-10 08:53:59 +01:00
			`Options to configure are:`

DOCS Add namespaces to class references in readme, fix typos 2017-09-04 23:40:17 +02:00			* `protector`: a class name string or class instance which implements
			`\SilverStripe\SpamProtection\SpamProtector`. Defaults to your
			`SilverStripe\SpamProtection\Extension\FormSpamProtectionExtension.default_spam_protector` value.
API: Use config / extension APIs Overhaul of spam protection to use an extension on Form rather than the SpamProtectorManager. More fluent interface and easier to replace the built in spam protection api with an alternative. 2014-02-10 08:53:59 +01:00
DOCS Add namespaces to class references in readme, fix typos 2017-09-04 23:40:17 +02:00			* `name`: the form field name argument for the Captcha. Defaults to `Captcha`.
			* `title`: title of the Captcha form field. Defaults to `''`
			* `insertBefore`: name of existing field to insert the spam protection field prior to
			* `mapping`: an array mapping of the Form fields to the standardised list of
			`field names. The list of standardised fields to pass to the spam protector are:`
API: Use config / extension APIs Overhaul of spam protection to use an extension on Form rather than the SpamProtectorManager. More fluent interface and easier to replace the built in spam protection api with an alternative. 2014-02-10 08:53:59 +01:00
Update usage examples in readme, minor fixes in travis configuration and gitattributes 2017-08-28 00:57:30 +02:00			```
			`title`
			`body`
			`contextUrl`
			`contextTitle`
			`authorName`
			`authorMail`
			`authorUrl`
			`authorIp`
			`authorId`
			```
API: Use config / extension APIs Overhaul of spam protection to use an extension on Form rather than the SpamProtectorManager. More fluent interface and easier to replace the built in spam protection api with an alternative. 2014-02-10 08:53:59 +01:00
			## Defining your own `SpamProtector`

DOCS Add namespaces to class references in readme, fix typos 2017-09-04 23:40:17 +02:00			Any class that implements `\SilverStripe\SpamProtection\SpamProtector` and the `getFormField()` method can
Update Travis configuration to be standalone, add codecov.io, update license year 2017-08-28 00:27:53 +02:00			be set as the spam protector. The `getFormField()` method returns the
API: Use config / extension APIs Overhaul of spam protection to use an extension on Form rather than the SpamProtectorManager. More fluent interface and easier to replace the built in spam protection api with an alternative. 2014-02-10 08:53:59 +01:00			`FormField` to be inserted into the `Form`. The `FormField` returned should be
			`in charge of the validation process.`

FIX Missing syntax opening in readme, and tweaks for pre-emptive userforms compatibility 2017-08-28 03:44:53 +02:00			```php
Update usage examples in readme, minor fixes in travis configuration and gitattributes 2017-08-28 00:57:30 +02:00			`<?php`
API: Use config / extension APIs Overhaul of spam protection to use an extension on Form rather than the SpamProtectorManager. More fluent interface and easier to replace the built in spam protection api with an alternative. 2014-02-10 08:53:59 +01:00
Update usage examples in readme, minor fixes in travis configuration and gitattributes 2017-08-28 00:57:30 +02:00			`use CaptchaField;`
			`use SilverStripe\SpamProtection\SpamProtector;`
API: Use config / extension APIs Overhaul of spam protection to use an extension on Form rather than the SpamProtectorManager. More fluent interface and easier to replace the built in spam protection api with an alternative. 2014-02-10 08:53:59 +01:00
Update usage examples in readme, minor fixes in travis configuration and gitattributes 2017-08-28 00:57:30 +02:00			`class CustomSpamProtector implements SpamProtector`
			`{`
			`public function getFormField($name = null, $title = null, $value = null)`
			`{`
			`// CaptchaField is an imagined class which has some functionality.`
			`// See silverstripe-mollom module for an example.`
			`return new CaptchaField($name, $title, $value);`
API: Use config / extension APIs Overhaul of spam protection to use an extension on Form rather than the SpamProtectorManager. More fluent interface and easier to replace the built in spam protection api with an alternative. 2014-02-10 08:53:59 +01:00			`}`
Update usage examples in readme, minor fixes in travis configuration and gitattributes 2017-08-28 00:57:30 +02:00			`}`
			```
API: Use config / extension APIs Overhaul of spam protection to use an extension on Form rather than the SpamProtectorManager. More fluent interface and easier to replace the built in spam protection api with an alternative. 2014-02-10 08:53:59 +01:00
			`## Using Spam Protection with User Forms`

Update usage examples in readme, minor fixes in travis configuration and gitattributes 2017-08-28 00:57:30 +02:00			This module provides an `EditableSpamProtectionField` wrapper which you can add
			to your UserForm instances. After installing this module and running `/dev/build`
Update Travis configuration to be standalone, add codecov.io, update license year 2017-08-28 00:27:53 +02:00			`to rebuild the database, your Form Builder interface will have an option for`
			`Spam Protection Field`. The type of spam protection used will be based on your
API: Use config / extension APIs Overhaul of spam protection to use an extension on Form rather than the SpamProtectorManager. More fluent interface and easier to replace the built in spam protection api with an alternative. 2014-02-10 08:53:59 +01:00			`currently selected SpamProtector instance.`

			`## Releasing code with Spam Protection support`

Update Travis configuration to be standalone, add codecov.io, update license year 2017-08-28 00:27:53 +02:00			`Spam protection is useful to provide but in some cases we do not want to require`
			`the developer to use spam protection. In that case, modules can provide the`
DOCS Add namespaces to class references in readme, fix typos 2017-09-04 23:40:17 +02:00			`following pattern:`
API: Use config / extension APIs Overhaul of spam protection to use an extension on Form rather than the SpamProtectorManager. More fluent interface and easier to replace the built in spam protection api with an alternative. 2014-02-10 08:53:59 +01:00
Update usage examples in readme, minor fixes in travis configuration and gitattributes 2017-08-28 00:57:30 +02:00			```php
			`use SilverStripe\Forms\Form;`
			`use SilverStripe\SpamProtection\Extension\FormSpamProtectionExtension;`
API: Use config / extension APIs Overhaul of spam protection to use an extension on Form rather than the SpamProtectorManager. More fluent interface and easier to replace the built in spam protection api with an alternative. 2014-02-10 08:53:59 +01:00
Update usage examples in readme, minor fixes in travis configuration and gitattributes 2017-08-28 00:57:30 +02:00			`$form = new Form(/* .. */);`

			`if ($form->hasExtension(FormSpamProtectionExtension::class)) {`
			`$form->enableSpamProtection();`
			`}`
			```