Description

Captcha

Originally developed by NoWhereMan, Piero VDFN, Stanley, italian translation by Giacomo Margarito

Description

Simple but effective captcha plugin. It brings more security, accessibility and bot defense.

License

The font Schoolbell-pMMy.ttf can be used privately and commercially under the Apache 2.0 license. (License information in the archive)

Download

captcha1_2_2.zip | Requires FlatPress 1.4 Notturno or higher

Optionally - Voice output for better accessibility

eSpeak or eSpeak-NG must be installed on the server and located in the system path (calling which espeak-ng or which espeak may return a valid path).
Optionally, the lame codec for .mp3 output can also be installed on the web server for better compatibility with visitors' end devices.
PHP functions exec and passthru (as well as shell_exec, system, proc_open) must not be disabled.
No restrictive open_basedir setting may prevent the execution of eSpeak.

Demo

https://frank-web.dedyn.io

Install eSpeak or eSpeak-NG

a) Install classic eSpeak:

sudo apt update
sudo apt install espeak

b) Or install the newer eSpeak-NG:

sudo apt update
sudo apt install espeak-ng

Check installation with:

which espeak
which espeak-ng

Optional: Install LAME for MP3 output

sudo apt install lame

Verify:

which lame

Check PHP Configuration

Make sure the following functions are NOT disabled in php.ini:

disable_functions =

These must NOT appear in disable_functions:

exec
shell_exec
passthru
system
proc_open

If they are listed, remove them and restart the web server.

Check open_basedir Restrictions

If open_basedir is set in php.ini or virtual host config, ensure it includes the directories for espeak and lame:

open_basedir = /var/www:/usr/bin:/usr/local/bin:/tmp

You can check active values with:

<?php
echo ini_get("open_basedir");
?>

Changelog:

2025-06-06 (V1.2.2) by Fraenkiman

Fixed: no playback of the audio captcha on iOS
Changed: The FlatPress session cookie is only set to samesite None for the duration of the delivery of the image captcha.

2025-06-01 (V1.2.1) by Fraenkiman

Fixed: Correct solution in the Brave browser with incognito window outputs incorrect input.
In addition to the image captcha, an audio captcha is now also offered if the server supports eSpeak.
More robust security/rate limiting mechanisms.

2025-06-01 (V1.2.0) by Fraenkiman

More resistant to bots/OCR because the image now uses real 24-bit color with alpha channel.
Overall, the CAPTCHA is more difficult to crack using automated text recognition.
New invisible field (“honeypot”) blocks more bots.
Hidden timestamp field ensures that a captcha is only valid for a limited time.
If the bot takes less than 6 seconds to enter, this leads to an error.

2024-10-29 (V1.1.1) by Fraenkiman

Fixed: Refreshing the captcha image was not possible when using the Firefox browser

2024-09-01 (V1.1.0) by Fraenkiman

Revised captcha image
Refresh link added
New font Schoolbell-pMMy.ttf, which can be used personally, but also commercially
Added check for required PHP extensions
Error message in server log with active Accessible Antispam Plugin fixed

2020-12-28 (V1.0.1)

Little bugfix update by Arvid Zimmermann

2021-01-16 (V1.0.1)

Updated language files by Giacomo Margarito

Support

Please ask for help on the FlatPress Forum

Table of Contents