README

The ALTCHA PHP Library is a lightweight, zero-dependency library designed for creating and verifying ALTCHA challenges, specifically tailored for PHP applications.

Compatibility

This library is compatible with:

• PHP 7.2+
• All major platforms (Linux, Windows, macOS)

Example

• Demo server

Installation

To install the ALTCHA PHP Library, use the following command:

composer require mardraze/altcha-lib-php

Usage

Here’s a basic example of how to use the ALTCHA PHP Library:

<?php
require 'vendor/autoload.php';

use AltchaOrg\Altcha\ChallengeOptions;
use AltchaOrg\Altcha\Altcha;
use AltchaOrg\Altcha\Hasher\Algorithm;

$altcha = new Altcha('secret');

if($_SERVER['REQUEST_URI'] === '/altcha') {
    // Create a new challenge
    $options = new ChallengeOptions(
        Algorithm::SHA256,
        50000, // the maximum random number
        (new \DateTimeImmutable())->add(new \DateInterval('PT10S'))
    );

    $challenge = $altcha->createChallenge($options);

    header('Content-Type: application/json');
    echo json_encode($challenge);
    exit;

}elseif($_SERVER['REQUEST_URI'] === '/verify') {
    $ok = $altcha->verifySolution($_POST['altcha'], true);

    if ($ok) {
        echo "Solution verified!\n";
    } else {
        echo "Invalid solution.\n";
    }
    exit;
}else{
    ?>
    <html>
    <head>
        <title>Altcha</title>
    </head>
    <body>
        <h1>Altcha</h1>

        <form action="/verify" method="post">
            <altcha-widget challengeurl="/altcha"></altcha-widget>
            <button type="submit">Submit</button>
        </form>

        <script async defer src="https://cdn.jsdelivr.net/gh/altcha-org/altcha/dist/altcha.min.js" type="module"></script>
    </body>
    </html>
    <?php
}

API

Altcha::createChallenge(ChallengeOptions $options): Challenge

Creates a new challenge for ALTCHA.

Returns: Challenge

ChallengeOptions

$options = new ChallengeOptions(
    Algorithm::SHA256,
    BaseChallengeOptions::DEFAULT_MAX_NUMBER,
    (new \DateTimeImmutable())->add(new \DateInterval('PT10S')),
    ['query_param' => '123'],
    12
);

Altcha::verifySolution(array|string $payload, bool $checkExpires): bool

Verifies an ALTCHA solution.

Parameters:

• data array|string: The solution payload to verify.
• checkExpires bool: Whether to check if the challenge has expired.

Returns: bool

Altcha::verifyFieldsHash(array $formData, array $fields, string $fieldsHash, $algorithm): bool

Verifies the hash of form fields.

Parameters:

• formData array: The form data to hash.
• fields array: The fields to include in the hash.
• fieldsHash string: The expected hash value.
• algorithm string: Hashing algorithm (SHA-1, SHA-256, SHA-512).

Returns: bool

Altcha::verifyServerSignature(array|string $payload): ServerSignatureVerification

Verifies the server signature.

Parameters:

• data array|string: The payload to verify (string or ServerSignaturePayload array).

Returns: ServerSignatureVerification

Altcha::solveChallenge(string $challenge, string $salt, $algorithm, int $max, int $start = 0): array

Finds a solution to the given challenge.

Parameters:

• challenge string: The challenge hash.
• salt string: The challenge salt.
• algorithm string: Hashing algorithm (SHA-1, SHA-256, SHA-512).
• max int: Maximum number to iterate to.
• start int: Starting number.

Returns: null|Solution

Generate obfuscation payload

Generate an obfuscated payload for client-side clarification:

<?php

// With optional maxNumber (defaults to 10_000)
$obfuscator = new \AltchaOrg\Altcha\Obfuscator(); 

// Text to reveal after client-side PoW
$plaintext = 'mailto:hello@example.com';

// Optional shared key
$key = 'shared-secret';

// Optionally fix the counter; omit to use a random counter in [0, maxNumber]
$fixedCounter = null;

// Generate base64 obfuscated payload 
$payload = $obfuscator->obfuscateData($plaintext, $key, $fixedCounter);

echo $payload;
// P7bJsUgzxP416d1voeF/QnQOD5g7GItB/zdfkoBrKgZK4N4IYkDJqg==

Tests

vendor/bin/phpunit tests/AltchaTest.php

License

MIT