Easy, light, self-hostable CAPTCHA service. Works on modern browsers (and IE9+). Uses a selection of icons from Font-Awesome. Text-only accessibility mode and support for keyboard-only operation.
Thanks to textcaptcha.com for supplying the data for the text CAPTCHA.
In your form, put an empty div with the class “captcheck_container”.
captcheck.min.js) into your page.
<!DOCTYPE html> <html> <head> <title>Captcheck Sample Form</title> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script src="captcheck.js"></script> </head> <body> <form action="submit.php"> <input type="text" name="form_field" placeholder="Some random form field" /> <div class="captcheck_container"> </div> <button type="submit">Submit Form</button> </form> </body> </html>
When the form is submitted, your server will receive two extra form fields:
In your form handling code, send a request to
Pass the variables
answer_id with the values sent with the form,
and also pass the variable
action with the value
You will receive a JSON response with (among other things)
"result": true or
"result": false. If result is false, the user failed the test, and another
msg is available with an explanation.
###Content-Security-Policy and Nonces
data-stylenonce="nonce_here" to the
If you have multiple CAPTCHAs on one page, only one of them needs the nonce
JS = captcheck.js, API = api.php, FORM = parent form, SITE = form processing code, -> = some action taken on the right by the left JS -> API: Request session ID, question, and answers (with scrambled random codes) API -> JS: Sends info, saves session ID, correct answer, and scrambled answer codes in DB JS -> API: Requests answer images by sending scrambled value and session ID JS -> FORM: Adds hidden field with value=session ID, displays question and images (or text box) [USER SUBMITS FORM] SITE -> API: Sends session ID and answer API -> SITE: Responds with true/false to indicate if the answer is valid, marks session as expired to prevent CAPTCHA reuse