597a0546ce
|
||
|---|---|---|
| db_upgrade | ||
| docker-web | ||
| images | ||
| nbproject | ||
| .env | ||
| .gitignore | ||
| .htaccess | ||
| LICENSE | ||
| api.php | ||
| captcheck.css | ||
| captcheck.js | ||
| captcheck.min.js | ||
| composer.json | ||
| composer.lock | ||
| database.mwb | ||
| database.sql | ||
| docker-compose.yml | ||
| index.html | ||
| logo.png | ||
| readme.md | ||
| required.php | ||
| scrapetexts.php | ||
| settings.template.php | ||
| test.html | ||
| test.php | ||
readme.md
Easy, light, self-hostable CAPTCHA service. Works on modern browsers (and IE9+). Uses a selection of icons from Font-Awesome. Text-only accessibility mode and support for keyboard-only operation.
Thanks to textcaptcha.com for supplying the data for the text CAPTCHA.
How to use
In your form, put an empty div with the class "captcheck_container".
Add captcheck.js (or captcheck.min.js) into your page.
<!DOCTYPE html>
<html>
<head>
<title>Captcheck Sample Form</title>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<script src="captcheck.js"></script>
</head>
<body>
<form action="submit.php">
<input type="text" name="form_field" placeholder="Some random form field" />
<div class="captcheck_container">
</div>
<button type="submit">Submit Form</button>
</form>
</body>
</html>
When the form is submitted, your server will receive two extra form fields:
captcheck_session_code and captcheck_selected_answer.
In your form handling code, send a request to http(s)://captcheck-url/api.php.
Pass the variables session_id and answer_id with the values sent with the form,
and also pass the variable action with the value verify.
You will receive a JSON response with (among other things) "result": true or
"result": false. If result is false, the user failed the test, and another
variable msg is available with an explanation.
Example URL:
http(s)://captcheck-url/api.php?action=verify&session_id=<captcheck_session_code>&answer_id=<captcheck_selected_answer>
Example responses:
{"session":"some_session_id","result":true}
{"session":"some_session_id","result":false,"msg":"Answer incorrect."}
Content-Security-Policy and Nonces
Add data-stylenonce="nonce_here" to the .captcheck_container div.
If you have multiple CAPTCHAs on one page, only one of them needs the nonce
specified.
Installation
- Run composer install.
- Copy settings.template.php to settings.php and plug in your settings.
- Install the database.
- Customize captcheck.js with the correct api_url.
- Follow the How to Use section and the example setup in test.html and test.php.
Execution Flow
JS = captcheck.js, API = api.php, FORM = parent form,
SITE = form processing code, -> = some action taken on the right by the left
JS -> API: Request session ID, question, and answers (with scrambled random codes)
API -> JS: Sends info, saves session ID, correct answer, and scrambled answer codes in DB
JS -> API: Requests answer images by sending scrambled value and session ID
JS -> FORM: Adds hidden field with value=session ID, displays question and images (or text box)
[USER SUBMITS FORM]
SITE -> API: Sends session ID and answer
API -> SITE: Responds with true/false to indicate if the answer is valid, marks session as expired to prevent CAPTCHA reuse