Download the PHP package ligoo/zammad-laravel without Composer

Zammad Laravel

A Laravel package for integrating contact forms with the Zammad ticketing system.

Features

• Easy Integration: Drop-in contact form that creates tickets in Zammad
• Flexible CAPTCHA: Support for Google reCAPTCHA v3, Cloudflare Turnstile, or disabled
• 8-Layer Spam Protection: Rate limiting, honeypot, form timer, keyword detection, and more
• Multiple Frameworks: Blade, React, and Vue.js components included
• Customizable Views: Framework-agnostic styling with CSS variables
• Full Configuration: All options via config file with env variable support

Requirements

• PHP 8.1+
• Laravel 10.x, 11.x, or 12.x
• Zammad instance with API access

Installation

Configuration

Publish the configuration file:

Add the following to your .env file:

Getting a Zammad API Token

1. Log into Zammad as admin
2. Go to Admin → API → Personal Access Tokens
3. Create a new token with permissions:
   • ticket.agent (to create/update tickets)
   • admin (recommended for full API access)

Setting Up the API User

The user who owns the API token must have group access to create tickets:

1. Go to Admin → Manage → Users
2. Find the user who created the API token
3. Edit the user and go to Group permissions
4. Add your target group with full access
5. Save

Important: Token permissions alone are not enough. The user must also have explicit group access in their user profile.

Finding Your Group ID

1. Go to Admin → Manage → Groups
2. Click on the group you want to use
3. The ID is in the URL: /manage/groups/38 → ID is 38

Testing Your Configuration

After setup, verify everything works:

This command tests:

• API connectivity
• Token validity
• User permissions
• Group access
• Ticket creation

If any test fails, the output will explain what's wrong.

Usage

Blade (Default)

The package automatically registers routes at /contact. Visit /contact to see the form.

Include in your own layout:

Add the stylesheet to your layout's <head>:

Publish assets:

React

Publish the React component:

This copies ZammadContactForm.tsx to resources/js/vendor/zammad/react/.

Step 1: Disable the package's GET route (so you can use your own Inertia page):

Step 2: Create your Inertia route and controller:

Step 3: Ensure your layout has the CSRF meta tag (required for form submission):

Note: Inertia.js apps typically include this by default. Check your app.blade.php.

Use in your React component:

React Props

Vue.js

Publish the Vue component:

This copies ZammadContactForm.vue to resources/js/vendor/zammad/vue/.

Follow the same setup as React (disable GET route, create your Inertia route).

Use in your Vue component:

Vue Props

Vue Events

Route Configuration

Routes use generic names to keep your backend technology hidden:

• URL: /contact
• Route names: support.contact.form, support.contact.submit

Customize in your .env:

Inertia / SPA Setup

For Inertia, React, or Vue.js apps, disable only the GET route so you can define your own page while keeping the package's POST handler:

Then in your routes file:

Manual Route Registration

To fully control all routes, disable auto-routes:

Register manually:

Configuration Options

CAPTCHA Drivers

Spam Protection

The package includes 8 layers of spam protection:

1. Rate Limiting (Middleware) - 5 attempts per 60 seconds
2. Rate Limiting (Cache) - 2 minute cooldown after submission
3. CAPTCHA - Configurable provider
4. Honeypot Field - Hidden field that must remain empty
5. Form Timer - Minimum 3 seconds before submission
6. Spam Keywords - Blocks messages with blacklisted words
7. URL Count - Blocks messages with too many URLs
8. Confirmation Checkbox - User must confirm

Customizing Subject Options

Edit config/zammad.php:

CSS Customization

The CSS uses CSS variables for easy theming. Override in your own stylesheet:

Available variables:

Localization

The package includes translations for 13 languages:

The package automatically uses Laravel's current locale (app()->getLocale()).

Customizing Translations

Publish the translation files to customize:

This copies files to lang/vendor/zammad/. Edit the files in your preferred language.

Adding New Languages

Create a new file at lang/vendor/zammad/{locale}/zammad.php following the structure of the English file.

Publishing Assets

Facades

Zammad Facade

Captcha Facade

Troubleshooting

403 Forbidden when creating tickets

Symptom: php artisan zammad:test passes connectivity tests but fails on ticket creation with 403.

Cause: The API user doesn't have access to the configured group.

Fix:

1. Run php artisan zammad:test to see which groups the user has access to
2. Go to Admin → Manage → Users in Zammad
3. Edit the API user and add the target group with full access

422 Unprocessable Entity

Symptom: Ticket creation fails with 422 error.

Cause: Invalid data being sent (wrong group ID, invalid customer, etc.)

Fix:

1. Verify ZAMMAD_DEFAULT_GROUP is a valid group ID
2. Run php artisan zammad:test to see available groups

419 Page Expired (CSRF token mismatch)

Symptom: React/Vue form submission fails with 419 error.

Cause: Missing CSRF meta tag in your layout.

Fix: Add to your layout's <head>:

Translations showing as keys

Symptom: Form shows zammad::zammad.contact.title instead of actual text.

Cause: Translation files not loaded or published incorrectly.

Fix:

Testing

Disclaimer

This package is an independent, community-developed project. It is NOT affiliated with, endorsed by, or officially connected to Zammad GmbH, Laravel LLC, Google LLC, Cloudflare Inc., or any of their products.

No Warranty: The authors are not liable for any loss of messages, data, communications, security vulnerabilities, or any other issues that may occur through the use of this software. Users are responsible for:

• Verifying ticket creation and message delivery
• Conducting their own security audits
• Implementing appropriate backup and security measures

See LICENSE for full terms.

License

MIT License. See LICENSE for details.