Honeypot Codeigniter 4

Question

how is it possible to catch the honeypot-exception in Codeigniter 4?

I simulated the bot, so that the field of honeypot is filled. But CI4 is throwing the exception instantly. I would like to log that access into my db and want to redirect to a "jail" site where the program is setting a sleep function for that user.. so for every try he must wait longer for an answer.

Any suggestions?

Current Exception I get: CodeIgniter\Honeypot\Exceptions\HoneypotException #3 Honeypot.theClientIsABot

 * @return void
 */
 public function before(RequestInterface $request, $arguments = null)
 {
      $honeypot = Services::honeypot(new \Config\Honeypot());
      if ($honeypot->hasContent($request))
      {
          throw HoneypotException::isBot();
      }
  }

This information is shown.

The Honeypot is enabled in the system. The Config-File of Honeypot just let you configure the Input-Field itself. Not 'what should happen if honeypot isset'.

My .env file:

honeypot.hidden     = 'true'
honeypot.label      = 'What is 12 + 2?'
honeypot.name       = 'answer'
honeypot.template   = '<label>{label}</label><input type="text" id=" 
{name}" name="{name}" value=""/>'
honeypot.container  = '<div style="display:none">{template}</div>'

Information from Codeigniter 4: https://codeigniter.com/user_guide/libraries/honeypot.html#customizing-honeypot

Answer 1

I changed the system-folder and the honeypot before function where normaly the Exception is thrown. I catched the Exception there and I'm setting a redirect there. Its not the best solution because when there is an update for CI 4 it will be overwritten.

Answer 2

Concept of honeypot in CodeIgniter 4 I used this way.

Step #1: First, uncomment all lines of codes of honeypot from .env file

#--------------------------------------------------------------------
# HONEYPOT
#--------------------------------------------------------------------

# honeypot.hidden = 'true'
# honeypot.label = 'Fill This Field'
# honeypot.name = 'honeypot'
# honeypot.template = '<label>{label}</label><input type="text" name="{name}" value=""/>'
# honeypot.container = '<div style="display:none">{template}</div>'

Step #2: Next, I done some changes in Honeypot.php from /app/Config folder.

<?php

namespace Config;

use CodeIgniter\Config\BaseConfig;

class Honeypot extends BaseConfig
{
    /**
     * Makes Honeypot visible or not to human
     *
     * @var boolean
     */
    public $hidden = true;

    /**
     * Honeypot Label Content
     *
     * @var string
     */
    public $label = 'Fill This Field';

    /**
     * Honeypot Field Name
     *
     * @var string
     */
    public $name = 'honeypot';

    /**
     * Honeypot HTML Template
     *
     * @var string
     */
    public $template = '<label>{label}</label><input type="text" name="{name}" value=""/>';

    /**
     * Honeypot container
     *
     * @var string
     */
    public $container = '<div style="display:none">{template}</div>';
}

Step #3: Also enable Honeypot feature from filters.php file of /app/Config folder.

public $aliases = [
   'csrf' => CSRF::class,
    'toolbar' => DebugToolbar::class,
    'honeypot' => Honeypot::class,
];

public $globals = [
      'before' => [
          'honeypot',
         // 'csrf',
      ],
      'after' => [
         'toolbar',
         'honeypot',
      ],
];

After doing all these steps I hope you will find that form will be safe submitted from bots actions.