BotDetect CAPTCHA PHP Code Examples & Demos

BotDetect Captcha Features Demo

This demo allows you to easily experiment with various BotDetect parameters and their combinations, so you can see how powerful and customizable BotDetect Captcha is.

• Run the demo

Php Basic Captcha Code Example

This code example shows the most basic source code required to protect an PHP form with BotDetect Captcha and validate the user input.

It can be used as a starting point when you are first learning how to use BotDetect.

• Run the code example

Php Form Captcha Code Example

This code example shows how to add BotDetect Captcha protection to a typical PHP form.

Captcha validation is integrated with other form fields validation, and only submissions that meet all validation criteria are accepted.

If the Captcha is sucessfully solved but other field validation fails, the Captcha is hidden since the users have already proven they are human.

This kind of validation could be used on various types of public forms which accept messages, and are at risk of unwanted automated submissions.

For example, it could be used to ensure bots can't submit anything to a contact form, add guestbook entries, blog post comments or anonymous message board / forum replies.

• Run the code example

Php Login Form Captcha Code Example

This code example shows how to add BotDetect Captcha validation to simple PHP login forms.

To prevent bots from trying to guess the login info by brute force submission of a large number of common values, the visitor first has to prove they are human (by solving the Captcha), and only then is their username and password submission checked against the authentication data store.

Also, if they enter an invalid username + password combination three times, they have to solve the Captcha again. This prevents attempts in which the attacker would first solve the Captcha themselves, and then let a bot brute-force the authentication info.

• Run the code example

Php jQuery Validation Captcha Code Example

This code example shows how to integrate BotDetect PHP Captcha validation with jQuery Validation client-side form validation.

It uses the Captcha Form example as a starting point, and adds client-side jQuery Validation rules for all form fields.

Client-side validation is not secure by itself (it can be bypassed trivially), so the example also shows how the protected form action must always be secured by server-side Captcha validation first, and use client-side validation only to improve the user experience.

• Run the code example

Php jQuery Ajax Contact Form Captcha Code Example

This code example demonstrates the use of BotDetect Captcha in a scenario using jQuery and AJAX to validate individual form fields against a PHP server backend. The approach in this scenario is useful in situations where duplication of server-side validation routines on the client side is impractical.

To make the example brief and concrete, it is implemented as an AJAX contact form with Captcha protection.

The example shows proper steps to be taken when validating the Captcha in various ways this scenario provides: be it partial validation or complete form validation and submission using AJAX; or server side validation only when Javascript is disabled.

• Run the code example

PHP Captcha Options: Application Config Settings Code Example

This code example shows how to configure Captcha challenges by overriding Captcha library defaults in application configuration files.

BotDetect allows user-defined customization of many Captcha options through a special CaptchaConfig.php file, which should be placed in the same folder as the botdetect.php include used by your PHP forms.

Captcha settings from this configuration file will apply to all Captcha challenges shown on forms including that particular copy of botdetect.php, and will act as defaults with which all Captcha objects will be created. This makes configuration file settings the simplest and most convenient way of Captcha customization for most use cases.

The CaptchaConfig.php file used in this code example contains detailed descriptions and explanations of the many customizable Captcha options exposed by the BotDetect PHP Captcha configuration API.

• Run the code example

PHP Captcha Options: Client-Side Workflow Settings Code Example

This code example shows how to use custom BotDetect client-side events to execute user-defined JavaScript code at various stages of the Captcha challenge workflow.

Client-side Captcha object initialization, Captcha image reloading, Captcha sound playback, built-in Captcha Ajax validation, and Captcha help link clicks all have a number of related client-side "events" and hooks where user-defined client-side callbacks can be injected.

User code can be associated with Captcha workflow events using the BotDetect.RegisterCustomHandler() function, as shown in the example JavaScript code.

Loading the form will initialize the client-side Captcha object (created by the BotDetect.Init() JavaScript call included in Captcha markup), and result in the PostInit event.

Clicking the Captcha sound icon will reuslt in the PrePlaySound event before the audio elements are added to the page DOM. There is no PostPlaySound event since not all browsers allow user callbacks when browser sound playing finishes.

Clicking the Captcha reload icon will result in PreReloadImage and PostReloadImage events, executed before and after the Http request loading the new Captcha image from the server.

Clicking the Captcha image (i.e. the included Captcha help link) will result in the OnHelpLinkClick event.

Typing in a Captcha code and clicking the Validate button will first result in the PreAjaxValidate event, and later in either AjaxValidationFailed or AjaxValidationPassed depending on whether the server responds that the typed-in Captcha code was correct or not. In case of Ajax asynchronous request errors, AjaxValidationError will be called.

• Run the code example

PHP Captcha Options: Form Object Settings Code Example

This code example shows how to configure Captcha challenges by setting Captcha object properties in PHP form source.

Multiple PHP forms within the same PHP website can be protected by BotDetect Captcha challenges: e.g. you could include botdetect.php in both your Contact form and Registration form source.

To function properly, separate Captcha challenges placed on each form should have different names (CaptchaId values sent to the Captcha object constructor, "Captcha1" and "Captcha2" in this example), and can use completely different Captcha settings.

Even multiple Captcha instances placed on the same form won't interfere with each other's validation and functionality. And if a user opens the same page in multiple browser tabs, each tab will independently validate the shown Captcha code.

Shared Captcha settings should always be placed in the CaptchaConfig.php application configuration file, and only diverging settings set through Captcha object instance properties in form code, to avoid code duplication.

Settings that affect only Captcha container markup generation take effect immediately (changing $Captcha->Html output), but settings that affect Captcha challenge (image or sound) generation in separate Http requests need to be saved in PHP Session state when set through Captcha object instance properties in form source, consuming server resources and reverting to defaults when the PHP Session expires.

Please note that if configured values are dynamic (e.g. CaptchaRandomization helper or other function calls in form code), they will be re-calculated only when the form is reloaded (form code is executed). For example, Captcha ImageStyle randomized in PHP form source will not change on each Captcha Reload button click, but only on each form load.

• Run the code example

PHP Captcha Options: Request Dynamic Settings Code Example

This code example shows how to dynamically adjust Captcha configuration, potentially on each Http request made by the client.

Any PHP code setting Captcha properties in the CaptchaConfig.php file will be executed not only for each protected form GET or POST request (like Captcha configuration code placed in form source would be), but also for each each GET request loading a Captcha image or sound, or making an Ajax Captcha validation call.

If configured values are dynamic (e.g. CaptchaRandomization helper or other function calls in CaptchaConfig.php code), they will be re-calculated for each Captcha challenge generated. For example, Captcha ImageStyle randomized in CaptchaConfig.php code will change on each Captcha reload button click.

This means your code can reliably keep track of visitor interaction with the Captcha challenge and dynamically adjust its settings. Also, while CaptchaConfig.php settings apply to all Captcha instances by default, you can also selectively apply them based on CaptchaId.

To show an example of the possible dynamic Captcha configuration adjustments, this code example increases the difficulty of the Captcha test if the visitor associated with the current PHP Session fails a certain number of Captcha validation attempts, and also sets the Captcha locale to Chinese for requests from a certain IP range.

• Run the code example

WordPress Login Captcha

The BotDetect PHP Captcha WordPress plugin allows easy integration with WordPress Login forms. Adding Captcha protection to login attempts is an effective way to prevent automated username & password brute-forcing attacks which try to guess access info for existing user accounts.

• Read more about the guide online

WordPress User Registration Captcha

The BotDetect PHP Captcha WordPress plugin allows easy integration with the WordPress User Registration form. Adding Captcha protection to account registration attempts is an effective way to prevent bots from automatically registering a large number of trash accounts for spamming purposes.

• Read more about the guide online

WordPress Lost Password Captcha

The BotDetect PHP Captcha WordPress plugin allows easy integration with the WordPress Lost Password form. Requiring Captcha validation before allowing account passwords to be reset is an effective way to prevent bots from trying to obtain access to existing user accounts for spamming purposes.

• Read more about the guide online

WordPress Comments Captcha

The BotDetect PHP Captcha WordPress plugin allows easy integration with WordPress Comments to prevent automated comment spam. Requiring Captcha validation for anonymous comments is an effective way to prevent bots from submitting a large number of spam comments.

• Read more about the guide online

Contact Form 7 Captcha

The BotDetect PHP Captcha WordPress plugin allows easy integration with Contact Form 7 plugin to prevent automated contact form spam. Requiring Captcha validation for anonymous contact is an effective way to prevent bots from submitting a large number of form spam.

• Read more about the guide online

CakePhp Basic BotDetect Captcha Example

This code example illustrates the most basic form of BotDetect PHP Captcha protection in CakePHP MVC applications.

Alongside the Captcha image, the user is provided with an input field to retype the displayed characters. Depending on if the Captcha code entered matches the displayed one or not, a message stating the validation result is shown on the form.

The simple code showing the message in this example would of course be replaced with useful form processing code in a real world scenario.

• Read more about the code example online

CakePhp Form Model Validation BotDetect Captcha Example

This code example shows how to integrate BotDetect PHP Captcha validation and CakePHP data validation functionality. It uses Cake's FormHelper and Model validation, which provide a lot of out-the-box functionality when used together.

The example is based around a contact form which sends email if the user input is considered valid – a likely real world scenario for Captcha protection integration.

To keep the example brief, it doesn't use a database backend. Still, this type of Model integration is ideal for protecting database-driven forms that take advantage of the CakePHP Model infrastructure.

• Read more about the code example online

CakePhp Auth BotDetect Captcha Example

This example demonstrates how to integrate BotDetect PHP Captcha into login and register forms in a scenario where CakePHP Auth Component is used to authenticate users to your application.

• Read more about the code example online

CodeIgniter Basic BotDetect Captcha Example

This code example illustrates the most basic form of BotDetect PHP Captcha protection in CodeIgniter MVC applications.

Alongside the Captcha image, the user is provided with an input field to retype the displayed characters. Depending on if the Captcha code entered matches the displayed one or not, a message stating the validation result is shown on the form.

The simple code showing the message in this example would of course be replaced with useful form processing code in a real world scenario.

• Read more about the code example online

CodeIgniter Form Validation BotDetect Captcha Example

This code example shows how to integrate BotDetect PHP Captcha validation and CodeIgniter form validation functionality. It uses the CodeIgniter Form helper and the Form Validation library.

The brief example is based around a contact form which sends email if the user input is considered valid – a likely real world scenario for Captcha protection integration.

• Read more about the code example online

CodeIgniter Bit Auth BotDetect Captcha Example

CodeIgniter Bit Auth CAPTCHA Example demonstrates how to integrate BotDetect PHP Captcha into login, register and reset password forms in a scenario where Bit Auth library is used to authenticate users to your application.

• Read more about the code example online

CodeIgniter Ion Auth BotDetect Captcha Example

CodeIgniter Ion Auth CAPTCHA Example demonstrates how to integrate BotDetect PHP Captcha into login, register and reset password forms in a scenario where Ion Auth library is used to authenticate users to your application.

• Read more about the code example online

CodeIgniter Tank Auth BotDetect Captcha Example

CodeIgniter Tank Auth CAPTCHA Example demonstrates how to integrate BotDetect PHP Captcha into login, register and reset password forms in a scenario where Tank Auth library is used to authenticate users to your application.

• Read more about the code example online

Laravel Basic BotDetect Captcha Example

Laravel Basic BotDetect CAPTCHA Example illustrates the most basic form of BotDetect PHP Captcha protection in Laravel MVC applications.

Alongside the Captcha image, the user is provided with an input field to retype the displayed characters. Depending on if the Captcha code entered matches the displayed one or not, a message stating the validation result is shown on the form.

The simple code showing the message in this example would of course be replaced with useful form processing code in a real world scenario.

• Read more about the code example online

Laravel Form Validation BotDetect Captcha Example

Laravel Form Validation BotDetect CAPTCHA Example shows how to integrate BotDetect PHP Captcha validation and Laravel validation functionality. It uses Laravel's validation class

The brief example is based around a contact form which sends email if the user input is considered valid – a likely real world scenario for Captcha protection integration.

• Read more about the code example online

Laravel Auth BotDetect Captcha Example

Laravel Auth CAPTCHA Example demonstrates how to integrate BotDetect PHP Captcha into login, register and reset password forms in a scenario where Laravel Auth is used to authenticate users to your application.

• Read more about the code example online

Symfony Basic BotDetect Captcha Code Example

This example illustrates the most basic form of BotDetect PHP Captcha protection in Symfony MVC applications.

Alongside the Captcha image, the user is provided with an input field to retype the displayed characters. Depending on if the Captcha code entered matches the displayed one or not, a message stating the validation result is shown on the form.

The simple code showing the message in this example would of course be replaced with useful form processing code in a real world scenario.

• Read more about the code example online

Symfony Form Validation BotDetect Captcha Code Example

This example shows how to integrate CaptchaBundle in a form. It also uses the ValidCaptcha constraint to validate captcha code when a form is submitted.

The example is based around a contact form which sends email if the user input is considered valid – a likely real world scenario for Captcha protection integration.

• Read more about the code example online

Symfony FOSUserBundle Captcha Code Example

The FOSUserBundle adds support for a database-backed user system in Symfony. It provides a flexible framework for user management that aims to handle common tasks such as user registration and password retrieval. This code example shows you how to integrate CaptchaBundle into FOSUserBundle login and register forms.

• Read more about the code example online