hostkurd/flocms-captcha

Image captcha package for FloCMS guest form verification.

Maintainers

Package info

github.com/hostkurd/flocms-captcha

pkg:composer/hostkurd/flocms-captcha

Statistics

Installs: 10

Dependents: 1

Suggesters: 0

Stars: 0

Open Issues: 0

Security

Advisories: 0

Aikido package health analysis

v1.0.0 2026-03-19 13:53 UTC

Requires

  • php: >=8.1
  • ext-gd: *

MIT 6e923b730e4fbf74a7bbad72d4628565e3c76b94

  • HostKurd

securityformcaptchaverificationflocms

This package is auto-updated.

Last update: 2026-03-19 13:56:46 UTC

README

A lightweight, framework-friendly image captcha package for FloCMS.
Designed for secure guest form verification with minimal dependencies.

โœจ Features

  • Simple image-based captcha (GD powered)
  • Fully customizable (size, fonts, characters, noise, etc.)
  • Session-based verification
  • Framework-agnostic (works outside FloCMS too)
  • PSR-4 autoloaded
  • Extensible renderer system (future support for other drivers)

๐Ÿ“ฆ Installation

Install via Composer:

composer require hostkurd/flocms-captcha

Requirements

  • PHP >= 8.1
  • GD extension enabled (ext-gd)

๐Ÿš€ Quick Start

1. Create captcha instance

use FloCMS\Captcha\CaptchaManager;

$captcha = new CaptchaManager();

2. Output captcha image

Create a simple endpoint:

// public/captcha.php

require dirname(__DIR__) . '/vendor/autoload.php';

use FloCMS\Captcha\CaptchaManager;

$captcha = new CaptchaManager();
$captcha->output();

3. Display in form

<img src="/captcha.php" alt="Captcha">
<input type="text" name="captcha" required>

4. Verify input

use FloCMS\Captcha\CaptchaManager;

$captcha = new CaptchaManager();

if (!$captcha->verify($_POST['captcha'] ?? null)) {
    die('Invalid captcha');
}

5. Clear after success

$captcha->clear();

โš™๏ธ Configuration

You can override default settings by passing a config array:

$captcha = new CaptchaManager([
    'length' => 5,
    'width' => 200,
    'height' => 60,
]);

Default Configuration

return [
    'length' => 6,
    'width' => 180,
    'height' => 50,
    'font_size' => 24,
    'angle_min' => -15,
    'angle_max' => 15,
    'noise_lines' => 8,
    'session_key' => 'flocms_captcha',
    'characters' => 'ABCDEFGHJKLMNPQRSTUVWXYZ23456789',
    'case_sensitive' => false,
    'fonts' => [
        __DIR__ . '/../public/fonts/Acme.ttf',
        __DIR__ . '/../public/fonts/PlayfairDisplay.ttf',
        __DIR__ . '/../public/fonts/Ubuntu.ttf',
    ],
];

๐Ÿง  How It Works

  1. A random captcha string is generated
  2. The string is stored in session
  3. An image is rendered using GD
  4. User submits input
  5. Input is compared securely using hash_equals

๐Ÿ” Security Notes

  • Uses random_int() for cryptographically secure randomness
  • Uses hash_equals() to prevent timing attacks
  • Case-insensitive comparison by default (configurable)
  • Always use CSRF protection alongside captcha

๐Ÿงฉ Architecture

FloCMS\Captcha\
โ”œโ”€โ”€ Captcha.php          // Logic (generate, store, verify)
โ”œโ”€โ”€ CaptchaManager.php   // Facade / main API
โ”œโ”€โ”€ Renderer\
โ”‚   โ”œโ”€โ”€ RendererInterface.php
โ”‚   โ””โ”€โ”€ GdRenderer.php   // Image rendering (GD)

๐Ÿ”„ Session Handling

By default, the package uses native PHP sessions:

$_SESSION['flocms_captcha']

Session is automatically started if not already active.

๐Ÿ“ Fonts

Fonts are included inside the package:

public/fonts/

You can replace or extend them:

$captcha = new CaptchaManager([
    'fonts' => [
        '/path/to/custom/font1.ttf',
        '/path/to/custom/font2.ttf',
    ]
]);

๐Ÿ”Œ Extending (Custom Renderer)

You can create your own renderer by implementing:

FloCMS\Captcha\Renderer\RendererInterface

Example:

use FloCMS\Captcha\Renderer\RendererInterface;

class CustomRenderer implements RendererInterface
{
    public function render(string $text): void
    {
        // your rendering logic
    }
}

Then inject it:

$captcha = new CaptchaManager([], new CustomRenderer());

๐Ÿงช Example

Run the included example:

php -S localhost:8000 -t examples

Then open:

http://localhost:8000/basic.php

๐Ÿ—๏ธ Integration with FloCMS

Recommended usage:

  • Keep captcha as a separate package
  • Use alongside:
    • flocms-core (Session, CSRF, Validation)
  • Expose via route or public/captcha.php

โŒ What NOT to Do

Avoid placing captcha inside:

public/themes/default/

Captcha is application logic, not a theme asset.

๐Ÿ›ฃ๏ธ Roadmap

  • Session adapter (FloCMS Session integration)
  • Multiple captcha drivers (SVG, math captcha, etc.)
  • API-based captcha (future support)
  • Rate limiting / anti-bruteforce
  • Audio captcha support

๐Ÿค Contributing

Contributions are welcome.

  • Fork the repository
  • Create a feature branch
  • Submit a pull request

๐Ÿ“„ License

MIT License

๐Ÿ‘ค Author

HostKurd

๐Ÿ’ก Final Note

This package is intentionally lightweight and modular.
Use it as a drop-in captcha solution or extend it to fit your framework needs.