FlatPress Wiki


.:: 🏠 FlatPress Home :: 💬 Support forum :: 🐘 Mastodon ::.

User Tools

Site Tools

Trace: Captcha
res:plugins:fpcaptcha

Table of Contents

Captcha

Revised by: Fraenkiman

Originally developed by NoWhereMan, Piero VDFN, Stanley, italian translation by Giacomo Margarito

Description

Simple but effective captcha plugin. It brings more security, accessibility and bot defense.

License

The font Schoolbell-pMMy.ttf can be used privately and commercially under the Apache 2.0 license. (License information in the archive)

Download

captcha1_2_2.zip | Requires FlatPress 1.4 Notturno or higher

Optionally - Voice output for better accessibility

  • eSpeak or eSpeak-NG must be installed on the server and located in the system path (calling which espeak-ng or which espeak may return a valid path).
  • Optionally, the lame codec for .mp3 output can also be installed on the web server for better compatibility with visitors' end devices.
  • PHP functions exec and passthru (as well as shell_exec, system, proc_open) must not be disabled.
  • No restrictive open_basedir setting may prevent the execution of eSpeak.

Demo

https://frank-web.dedyn.io

Install eSpeak or eSpeak-NG

a) Install classic eSpeak: 

sudo apt update
sudo apt install espeak

b) Or install the newer eSpeak-NG: 

sudo apt update
sudo apt install espeak-ng

Check installation with: 

which espeak
which espeak-ng

Optional: Install LAME for MP3 output

sudo apt install lame

Verify: 

which lame

Check PHP Configuration

Make sure the following functions are NOT disabled in php.ini: 

disable_functions =

These must NOT appear in disable_functions:

  • exec
  • shell_exec
  • passthru
  • system
  • proc_open

If they are listed, remove them and restart the web server.

Check open_basedir Restrictions

If open_basedir is set in php.ini or virtual host config, ensure it includes the directories for espeak and lame: 

open_basedir = /var/www:/usr/bin:/usr/local/bin:/tmp

You can check active values with: 

<?php
echo ini_get("open_basedir");
?>

Changelog:

2025-06-06 (V1.2.2) by Fraenkiman
  • Fixed: no playback of the audio captcha on iOS
  • Changed: The FlatPress session cookie is only set to samesite None for the duration of the delivery of the image captcha.
2025-06-01 (V1.2.1) by Fraenkiman
  • Fixed: Correct solution in the Brave browser with incognito window outputs incorrect input.
  • In addition to the image captcha, an audio captcha is now also offered if the server supports eSpeak.
  • More robust security/rate limiting mechanisms.
2025-06-01 (V1.2.0) by Fraenkiman
  • More resistant to bots/OCR because the image now uses real 24-bit color with alpha channel.
  • Overall, the CAPTCHA is more difficult to crack using automated text recognition.
  • New invisible field (“honeypot”) blocks more bots.
  • Hidden timestamp field ensures that a captcha is only valid for a limited time.
  • If the bot takes less than 6 seconds to enter, this leads to an error.
2024-10-29 (V1.1.1) by Fraenkiman
  • Fixed: Refreshing the captcha image was not possible when using the Firefox browser
2024-09-01 (V1.1.0) by Fraenkiman
  • Revised captcha image
  • Refresh link added
  • New font Schoolbell-pMMy.ttf, which can be used personally, but also commercially
  • Added check for required PHP extensions
  • Error message in server log with active Accessible Antispam Plugin fixed
2020-12-28 (V1.0.1)
  • Little bugfix update by Arvid Zimmermann
2021-01-16 (V1.0.1)
  • Updated language files by Giacomo Margarito

Support

Please ask for help on the FlatPress Forum

res/plugins/fpcaptcha.txt · Last modified: by fraenkiman
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki