Easy, light, self-hostable CAPTCHA service. Works on modern browsers (and
IE9+). Uses a selection of icons from Font-Awesome. Text-only accessibility
mode and support for keyboard-only operation.
Thanks to textcaptcha.com for supplying the data for the text CAPTCHA.
How to use
In your form, put an empty div with the class "captcheck_container".
Add `captcheck.js` (or `captcheck.dist.js`) into your page.
Captcheck Sample Form
When the form is submitted, your server will receive two extra form fields:
`captcheck_session_code` and `captcheck_selected_answer`.
In your form handling code, send a request to `http(s)://captcheck-url/api.php`.
Pass the variables `session_id` and `answer_id` with the values sent with the form,
and also pass the variable `action` with the value `verify`.
You will receive a JSON response with (among other things) `"result": true` or
`"result": false`. If result is false, the user failed the test, and another
variable `msg` is available with an explanation.
###Content-Security-Policy and Nonces
Add `data-stylenonce="nonce_here"` to the `.captcheck_container` div.
If you have multiple CAPTCHAs on one page, only one of them needs the nonce
1. Run composer install.
2. Copy settings.template.php to settings.php and plug in your settings.
3. Install the database.
4. Customize captcheck.js with the correct api_url.
5. Follow the How to Use section and the example setup in test.html and test.php.
JS = captcheck.js, API = api.php, FORM = parent form,
SITE = form processing code, -> = some action taken on the right by the left
JS -> API: Request session ID, question, and answers (with scrambled random codes)
API -> JS: Sends info, saves session ID, correct answer, and scrambled answer codes in DB
JS -> API: Requests answer images by sending scrambled value and session ID
JS -> FORM: Adds hidden field with value=session ID, displays question and images (or text box)
[USER SUBMITS FORM]
SITE -> API: Sends session ID and answer
API -> SITE: Responds with true/false to indicate if the answer is valid, marks session as expired to prevent CAPTCHA reuse