Mirror of netsyms/captcheck@source.netsyms.com
Go to file
Nikki Locke a9b363c0b1 Added docker files 2022-02-16 12:19:18 +00:00
db_upgrade Add (much) better text questions. 2017-06-13 02:15:41 -06:00
docker-web Added docker files 2022-02-16 12:19:18 +00:00
images Initial commit 2017-06-09 03:33:56 -06:00
nbproject Initial commit 2017-06-09 03:33:56 -06:00
.env Added docker files 2022-02-16 12:19:18 +00:00
.gitignore Initial commit 2017-06-09 03:33:56 -06:00
.htaccess Rename captcheck.dist.js to captcheck.min.js, update docs 2019-05-25 13:13:24 -06:00
LICENSE Update copyright year 2021-11-22 18:45:01 -07:00
api.php Update to support PHP 8 2021-11-22 18:41:45 -07:00
captcheck.css Override website theme link borders 2017-11-27 16:22:49 -07:00
captcheck.js Fix bug where some containers end up with two CAPTCHAs inside 2019-05-25 13:09:36 -06:00
captcheck.min.js Minor text fix 2019-05-25 13:15:00 -06:00
composer.json Initial commit 2017-06-09 03:33:56 -06:00
composer.lock Update to support PHP 8 2021-11-22 18:41:45 -07:00
database.mwb Add (much) better text questions. 2017-06-13 02:15:41 -06:00
database.sql Add (much) better text questions. 2017-06-13 02:15:41 -06:00
docker-compose.yml Added docker files 2022-02-16 12:19:18 +00:00
index.html Rename captcheck.dist.js to captcheck.min.js, update docs 2019-05-25 13:13:24 -06:00
logo.png Add logo 2017-06-12 00:19:50 -06:00
readme.md Rename captcheck.dist.js to captcheck.min.js, update docs 2019-05-25 13:13:24 -06:00
required.php Update readme, add SQL code, remove unused function in required.php 2017-06-09 03:50:25 -06:00
scrapetexts.php Add (much) better text questions. 2017-06-13 02:15:41 -06:00
settings.template.php Automatically delete old sessions 2017-06-09 03:44:55 -06:00
test.html Rename captcheck.dist.js to captcheck.min.js, update docs 2019-05-25 13:13:24 -06:00
test.php Improve output of test.php 2018-07-25 17:24:08 -06:00

readme.md

Captcheck

Easy, light, self-hostable CAPTCHA service. Works on modern browsers (and IE9+). Uses a selection of icons from Font-Awesome. Text-only accessibility mode and support for keyboard-only operation.

Thanks to textcaptcha.com for supplying the data for the text CAPTCHA.

How to use

In your form, put an empty div with the class "captcheck_container". Add captcheck.js (or captcheck.min.js) into your page.

<!DOCTYPE html>
<html>
    <head>
        <title>Captcheck Sample Form</title>
        <meta charset="UTF-8">
        <meta name="viewport" content="width=device-width, initial-scale=1.0">
        <script src="captcheck.js"></script>
    </head>
    <body>
        <form action="submit.php">
            <input type="text" name="form_field" placeholder="Some random form field" />
            <div class="captcheck_container">
            </div>
            <button type="submit">Submit Form</button>
        </form>
    </body>
</html>

When the form is submitted, your server will receive two extra form fields: captcheck_session_code and captcheck_selected_answer. In your form handling code, send a request to http(s)://captcheck-url/api.php. Pass the variables session_id and answer_id with the values sent with the form, and also pass the variable action with the value verify. You will receive a JSON response with (among other things) "result": true or "result": false. If result is false, the user failed the test, and another variable msg is available with an explanation.

Example URL: http(s)://captcheck-url/api.php?action=verify&session_id=<captcheck_session_code>&answer_id=<captcheck_selected_answer>

Example responses: {"session":"some_session_id","result":true} {"session":"some_session_id","result":false,"msg":"Answer incorrect."}

###Content-Security-Policy and Nonces

Add data-stylenonce="nonce_here" to the .captcheck_container div. If you have multiple CAPTCHAs on one page, only one of them needs the nonce specified.

Installation

  1. Run composer install.
  2. Copy settings.template.php to settings.php and plug in your settings.
  3. Install the database.
  4. Customize captcheck.js with the correct api_url.
  5. Follow the How to Use section and the example setup in test.html and test.php.

Execution Flow

JS = captcheck.js, API = api.php, FORM = parent form,
SITE = form processing code, -> = some action taken on the right by the left

JS -> API:      Request session ID, question, and answers (with scrambled random codes)
API -> JS:      Sends info, saves session ID, correct answer, and scrambled answer codes in DB
JS -> API:      Requests answer images by sending scrambled value and session ID
JS -> FORM:     Adds hidden field with value=session ID, displays question and images (or text box)
[USER SUBMITS FORM]
SITE -> API:    Sends session ID and answer
API -> SITE:    Responds with true/false to indicate if the answer is valid, marks session as expired to prevent CAPTCHA reuse