README

Allows any type of image-based captchas for your forms.

A CakePHP plugin to

• Easily integrate captchas in your CakePHP application.

This plugin requires CakePHP 5.1+. See version map for details.

What's in this plugin

• Simple match captchas that will already do the trick without annoying "I can't read those letters".
• Passive captcha option for basic protection without requiring user input ("honeypot trap").
• Extendable interface approach to easily hook in your own engine.

What are the gotchas

• Dead simple, no fancy JS or alike.
• Cross-tab safe (not session based as in overwriting each other per request).
• Completely stand-alone plugin, no third party stuff involved/needed.

Demo

See https://sandbox.dereuromark.de/sandbox/captchas

Setup

composer require dereuromark/cakephp-captcha

and

bin/cake plugin load Captcha

or manually add it to your plugins.php or Application::bootstrap() setup.

For active captchas you also need to import the SQL schema. The quickest way is using Migrations plugin:

bin/cake migrations migrate -p Captcha

For the match captcha, make sure you got the gd lib installed:

• sudo apt-get install php{version}-gd

Usage

See Docs.

Admin Backend

A self-contained admin backend ships with the plugin. It mounts at /admin/captcha/ by default and provides:

• Health dashboard with stat tiles and an hourly heatmap
• Per-IP investigation pages and currently rate-limited list
• One-click maintenance: cleanup, hard reset, per-IP reset, rate-limit cache wipe

Access is deny-by-default — register a Captcha.adminAccess closure to grant access. See docs/Admin.md for setup.