Download the PHP package niirrty/niirrty.forms.security without Composer
On this page you can find all versions of the php package niirrty/niirrty.forms.security. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package niirrty.forms.security
Niirrty.Forms.Security
Some HTML->PHP form securing methods.
3 methods for 3 differnt checks
DynamicFormField
This class define all data of an dynamic form field with an random generated name.
A hidden form field must be defined as an part of the form that should be secured, with an random generated form field name. The required information about the dynamic form field name is transmitted by the session.
Usage-Example
FormTimer
This class allow you to define an time span of an valid web form request. It means you can define how long an really user should need minimally, to fill out the form. The maximum request time is not restricted by this class because its not important for doing the required job
Please do not think its an summary for filling all required form fields. That's a fallacy! An form can also been re-shown, for change some missed or wrong form field value or check an required checkbox. at least with all required interaction 1.5 - 2 seconds. Not more! But it does the required job because bots send really fast. They visit (scan) if they are "large" a lot of million pages in 24h. Time is money :-( so one second is an more realistic time span for bots. So we are served well, with 1.5 seconds min request time.
Here an short usage example for preferred method with storing the request microtime inside the session:
HoneyPot
This class allows you to easy secure you're web form by an honeypot.
A honeypot should do the same job like in real life. He is expected to lure something.
In this case the honeypot should attract the bots. They see this field with an popular name like 'text' and will fill it with the content of which he thinks that he would be the right.
The idea behind this field is: An bot can normally not distinguish between visible and invisible form fields if hidden by some CSS code. If so, the bot have no idea about the current visibility state and will fill it.
The filling with something will be the identifier, that no human has send the last request, because the required form field value is an empty string.
Why an textarea form element is used?
Modern web browser supports the "auto fill" feature. If the browser thinks he known what content is to prefer for an text input form field, maybe he does it also. That will generate a false-positive state "There must be an bot" Textarea fields normal will not be auto filled by browsers.
