By default, the plugin provides an unobtrusive passive captcha as "bot trap" aka "honeypot". It does not need a DB table.
The dummyField config sets an input field (by default email_homepage control) as hidden field, and will fail if filled out.
This can only happen by a bot, which usually fills out all fields it finds.
If you want to only use this "passive captcha", then use the Captcha.PassiveCaptcha behavior instead.
$this->MyTable->addBehavior('Captcha.PassiveCaptcha');They can also be combined, though.
Now load the helper, e.g in your AppView:
$this->loadHelper('Captcha.Captcha');Add a passive captcha control in your form:
echo $this->Captcha->passive();That's it, now it should not validate the form if the honeypot was triggered.
E.g. for a contact form, first add this in your controller's initialize():
$this->loadComponent('Captcha.Captcha');Then inside your action, use addValidation() to inject the plugin's validation rules into the form validator:
use Tools\Form\ContactForm; // or any other form
$contactForm = new ContactForm();
if ($this->request->is('post')) {
$this->Captcha->addValidation($contactForm->getValidator(), 'Passive');
if ($contactForm->execute($this->request->getData())) {
// Send email and redirect
}
// Display validation errors
}Also here, don't forget to add the helper call.
You can configure it globally using Configure class - and app.php:
'Captcha' => [
'dummyField' => ...,
'log' => ...,
],
Use 'log' => true if you want to log all honeypot events to type info.