- Features
- Demo
- Requirements
- Installation and usage
- Changelog
- Version 1.0.3 Feb 19, 2021
- Version 1.0.2 Sept 19, 2013
- Version 1.0.1 July 01, 2012
- Version 1.0.0 August 29, 2011
This documentation applies to Yii 1.X framework version. For Yii2 please use yii2-captcha-extended.
Captcha Extended enhances original captcha implementation supplied with the framework by adding more visual masking techniques and implementing logical phrases that are harder to break by spammers.
Features ¶
- supports modes: logical, words, mathverbal, math, default
- supports extended characters latin1, latin2 (utf-8) including middle- east- European and cyrillic characters
- implements masking elements: dots density, through lines, fillSections, font color varying
- ignorant to whitespaces
- supports case sensitivity / insensitivity even for non-latin1 characters for client side validation
Demo ¶
Requirements ¶
This extension will run right out of the box on Yii 1.1.7+ However, with minor tweaks you can run it on any previous version (uses $classmap and enableClientValidation introduced in 1.1.7, you can replace class registration e.g. with importing whole directory, which however is less performance wise).
Installation and usage ¶
1) Unzip CaptchaExtended.zip files into ../protected/extensions/captchaExtended/.
2) Register class paths to CaptchaExtendedAction and CaptchaExtendedValidator, e.g. in components/controller.php:
public function init(){
// register class paths for extension captcha extended
Yii::$classMap = array_merge( Yii::$classMap, array(
'CaptchaExtendedAction' => Yii::getPathOfAlias('ext.captchaExtended').DIRECTORY_SEPARATOR.'CaptchaExtendedAction.php',
'CaptchaExtendedValidator' => Yii::getPathOfAlias('ext.captchaExtended').DIRECTORY_SEPARATOR.'CaptchaExtendedValidator.php'
));
}
3) Define action in controller, e.g. SiteController:
public function actions(){
return array(
'captcha'=>array(
'class'=>'CaptchaExtendedAction',
// if needed, modify settings
'mode'=>CaptchaExtendedAction::MODE_MATH,
),
);
}
4) Define client validation in model::rules():
public function rules(){
return array(
array('verifyCode', 'CaptchaExtendedValidator', 'allowEmpty'=>!CCaptcha::checkRequirements()),
);
}
5) If needed, collect localized strings via CLI command "yiic message messages/config.php" and translate captcha related strings.
6) If needed, you can tune captcha modes and visibility options:
- In "words" mode, you can place your own file [words.txt] or [words.yourlanguage.txt]
- If needed, you can ..
- set the dots density [0-100]
- the number of through lines 0, 1, 2, ..
- the number of fillSections 0, 1, 2, ..
- font and background colors
7) Test & enjoy!
Changelog ¶
Version 1.0.3 Feb 19, 2021 ¶
- fixed compatability issues for PHP 7.4+ (e.g. imagecolorallocate accepts only valid range 0-255)
- fixed calculation of centered position for text inside image
- added support for parameter "regenerateOnValid", default TRUE
- optimized some default settings e.g. font size, number of lines or dots density
Version 1.0.2 Sept 19, 2013 ¶
- bugfix: skip captcha counter incrementation if clientajax validation is turned on. Otherwise captcha code would be silently invalidated after entering as many form fields as the number of allowed captcha attempts.
Version 1.0.1 July 01, 2012 ¶
- fixed client-side validation that generated incorrect validation hash.
- Fixed issue with UTF-8 accented lowercase characters and filtering whitespaces.
Version 1.0.0 August 29, 2011 ¶
- Initial release
great works!
looks cool; like your extension , it looks more beautiful then the CCapthcha. actually i 'v thought to write my own one , yours look pretty enough .
Thanks.
Hi,
It looks very good.
Thank you very much.
But why GPL license?
why GPL license v3
Hi,
actually I am always confused about licensing. There so many variants, but I do not know detailed differences. But I saw, that BSD license (pre-set, also Yii is distributed under BSD) requires to retain authoring info. I do not want that. Do whatever you want, put your own authoring credentials, modify, copy, distribute, whatever. So I opted for GPL version 3 since I guessed this is more like free license and the version 3 should be most modern and really cool, since it has been updated already 3 times:-)))
But seriously, it would be good to make up summary about the differences betweeen all open source licenses...
If there is better option than GPL v3 I still can change it.
Lubos
GPL problem
I'm not an expert in opensource licensing, but I will never use GPL licensed software in my projects.
The problem is, that you (maybe??) can be enforced to 'opensource' all your (own) code if you integrate GPL code and deploy your project.
You can find a lot of discussions about the viral effect of GPL.
I don't know if it's really like a virus, but I avoid to integrate GPL code.
If you change the license to LGPL or other, I would use your nice extension :-)
Changed license to LGPL
Hi, licence changed to LGPL. Cheers. Lubos
GPL vs LGPL vs BSD
1> GPL --
Open source any application which contains code licensed under GPL. It is a must.
2> LGPL --
You must open source the modifications done on the original library under GPL licence. But, author may add a clause to loosen restrictions on inclusion of his code for other closed source applications.
3> BSD --
Modify, distribute, hack, make it closed source, use it for proprietary application until you give original author his credits for his work.
Correct me if i'm wrong or not clear :)
Thanks
how to call in the source, show in example
sorry for my bad english
How to call it from view / layout file
@Ivashkin:
You call it just like normal CCaptcha widget from any view/layout file:
<?php $this->widget('CCaptcha'); ?>This will look for controller action "captcha" which is defined in array of actions. See step 3 above.
Cheers
Lubos
Interesting
Thank you, looks good.
Ajax validation
For those of you who like to use ajax validation in your forms, you can add this at the top of this function:
CaptchaExtendedAction.validate($input,$caseSensitive)
// ensure that code isn't consumed by "enableAjaxValidation" // "enableclientValidation" can still work, so use that instead if (Yii::app()->request->isAjaxRequest) { return true; }it is good,but if BSD ,that is cool
it is good,but if BSD ,that is cool.
good job.
thank you
BSD License please
Yii is licensed BSD - extensions should be the same!
Switched to BSD license
OK, switched to BSD license.
Intergration with Yii-user module
I've got Captcha extended working on my forms on my site. However, I can for the life of me get it to work with Yii-User module. The model won't validate!
Has anyone done this succesfully?
RE: Intergration with Yii-user module
@edeis: I am not sure what settings did you use in your user-module. However, I discovered a bug, that when enabled client validation, under certain circumstances was generated incorrect validation hash. I have fixed it will work also for your user-module now.
Regards, Lubos
Audio support
Hi, is there a way to add to this amazing extension audio support for disabled person ?
RE: Audio support
@Max100 Interesting challenge. I will think about it .. I found some free online text-to-speech services, so if I have time I may check it and add support, if it works.
good job
the extension works very well. thanks
math test
The math test seems very easy to crack, as there are only 10 possible answers: 10, 20, 30, 40, 50, 60, 70, 80, 90, 100.
To increase the strength of the test I changed CaptchaExtendedAction.php:
protected function getCodeMath(){ $n1 = mt_rand(1,100); $n2 = mt_rand(1,10); if(mt_rand(1,100) > 50){ $code = $n1.'-'.$n2.'='; $r = $n1-$n2; }else{ $code = $n1.'+'.$n2.'='; $r = $n1+$n2; } }math test
@moginn
Believe it or not, it has never been cracked, because crawler would need firstly to understand your localized formula, and that's almost impossible. It is an intention to make the result easy to calculate for all users.
To my experience, if you make something just a slightly more difficult (e.g. 43 + 19), the number of failed login attempts will grow up exponencially. I measured this phenomen on my site and was forced to greatly simplify expected input by users. Luckilly, my concerns about decreased security (as a consequence of such a simplification) did not confirm.
Are there any compatibility issues with Yii 1.1.20 and PHP 7.2 ? It seems not to validate the hash properly. As if different hash has been producted on the image and different validates over javascript.
@nikolas Hi, no, there are no compatability issues. I tested all captcha modes under PHP 7.2 with framework 1.1.20 and everything worked OK. Please specify what issue did you experience.
@lubosdz @Max100
Hi, made you some progress over this point? I've interest.
thank you for version 1.0.3
Thank you. I just using it to prevent brute force on my web, for register and login .
If you have any questions, please ask in the forum instead.
Signup or Login in order to comment.