====== Captcha ======
Revised by: [[https://frank-web.dedyn.io|Fraenkiman]]

Originally developed by NoWhereMan, Piero VDFN, Stanley, italian translation by Giacomo Margarito

===== Description =====
Simple but effective captcha plugin. It brings more security, accessibility and bot defense.

{{:res:plugins:frank:captcha1_2_1.png?361|}}

==== License ====
The font Schoolbell-pMMy.ttf can be used privately and commercially under the Apache 2.0 license. (License information in the archive)

==== Download ====
{{ :res:plugins:frank:captcha1_2_2.zip |}} | Requires FlatPress 1.4 Notturno or higher

==== Optionally - Voice output for better accessibility ====
  * [[https://en.wikipedia.org/wiki/ESpeak|eSpeak or eSpeak-NG]] must be installed on the server and located in the system path (calling ''which espeak-ng'' or ''which espeak'' may return a valid path).
  * Optionally, the ''lame'' codec for .mp3 output can also be installed on the web server for better compatibility with visitors' end devices.
  * PHP functions ''exec'' and ''passthru'' (as well as ''shell_exec'', ''system'', ''proc_open'') must not be disabled.
  * No restrictive ''open_basedir'' setting may prevent the execution of eSpeak.

==== Demo ====
[[https://frank-web.dedyn.io|https://frank-web.dedyn.io]]




==== Install eSpeak or eSpeak-NG ====
a) Install classic eSpeak:
<code bash>
sudo apt update
sudo apt install espeak
</code>

b) Or install the newer eSpeak-NG:
<code bash>
sudo apt update
sudo apt install espeak-ng
</code>

Check installation with:
<code bash>
which espeak
which espeak-ng
</code>

==== Optional: Install LAME for MP3 output ====
<code bash>
sudo apt install lame
</code>

Verify:
<code bash>
which lame
</code>

==== Check PHP Configuration ====
Make sure the following functions are NOT disabled in ''php.ini'':
<code ini>
disable_functions =
</code>

These must NOT appear in disable_functions:
  * ''exec''
  * ''shell_exec''
  * ''passthru''
  * ''system''
  * ''proc_open''
If they are listed, remove them and restart the web server.

==== Check open_basedir Restrictions ====
If ''open_basedir'' is set in ''php.ini'' or virtual host config, ensure it includes the directories for ''espeak'' and ''lame'':
<code ini>
open_basedir = /var/www:/usr/bin:/usr/local/bin:/tmp
</code>

You can check active values with:
<code php>
<?php
echo ini_get("open_basedir");
?>
</code>
=== Changelog: ===
== 2025-06-06 (V1.2.2) by Fraenkiman ==
  * Fixed: no playback of the audio captcha on iOS
  * Changed: The FlatPress session cookie is only set to samesite None for the duration of the delivery of the image captcha.
== 2025-06-01 (V1.2.1) by Fraenkiman ==
  * Fixed: Correct solution in the Brave browser with incognito window outputs incorrect input.
  * In addition to the image captcha, an audio captcha is now also offered if the server supports eSpeak.
  * More robust security/rate limiting mechanisms.
== 2025-06-01 (V1.2.0) by Fraenkiman ==
  * More resistant to bots/OCR because the image now uses real 24-bit color with alpha channel.
  * Overall, the CAPTCHA is more difficult to crack using automated text recognition.
  * New invisible field (“honeypot”) blocks more bots.
  * Hidden timestamp field ensures that a captcha is only valid for a limited time.
  * If the bot takes less than 6 seconds to enter, this leads to an error.
== 2024-10-29 (V1.1.1) by Fraenkiman ==
  * Fixed: Refreshing the captcha image was not possible when using the Firefox browser
== 2024-09-01 (V1.1.0) by Fraenkiman ==
  * Revised captcha image
  * Refresh link added
  * New font Schoolbell-pMMy.ttf, which can be used personally, but also commercially
  * Added check for required PHP extensions
  * Error message in server log with active Accessible Antispam Plugin fixed
== 2020-12-28 (V1.0.1) ==
  * Little bugfix update by Arvid Zimmermann
== 2021-01-16 (V1.0.1) ==
  * Updated language files by Giacomo Margarito

**Support**

Please ask for help on the [[https://forum.flatpress.org/viewtopic.php?t=787|FlatPress Forum]]