PHPackages azzmin/cakephp-altcha - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. azzmin/cakephp-altcha ActiveCakephp-plugin[Security](/categories/security) azzmin/cakephp-altcha ===================== Altcha proof-of-work spam protection for CakePHP 5 v1.0.2(1mo ago)02Apache-2.0PHPPHP >=8.1 Since Apr 26Pushed 1mo agoCompare [ Source](https://github.com/azzmin/cakephp-altcha)[ Packagist](https://packagist.org/packages/azzmin/cakephp-altcha)[ RSS](/packages/azzmin-cakephp-altcha/feed)WikiDiscussions main Synced 1w ago READMEChangelog (3)Dependencies (2)Versions (4)Used By (0) cakephp-altcha ============== [](#cakephp-altcha) Altcha proof-of-work spam protection for CakePHP 5. Privacy-friendly, no external services, no tracking. Uses [Altcha](https://altcha.org/) to generate SHA-256 challenges that are solved client-side. No CAPTCHA images, no Google dependencies. Install ------- [](#install) ``` composer require azzmin/cakephp-altcha ``` Setup ----- [](#setup) **1. Load the plugin** in `src/Application.php`: ``` $this->addPlugin('Altcha'); ``` **2. In your controller** load the component and helper: ``` public function initialize(): void { parent::initialize(); $this->loadComponent('Altcha.Altcha'); $this->viewBuilder()->addHelper('Altcha.Altcha'); } ``` **3. Verify on POST** in your action, before processing the form: ``` if ($this->request->is('post')) { if (!$this->Altcha->verify($this->request)) { $this->Flash->error('Please complete the verification.'); return null; } // process form... } ``` **4. Render the widget** in your template, before the submit button: ``` ``` That's it. No database, no routes, no configuration required. Options ------- [](#options) Pass an array to `widget()` to customise: ``` ``` OptionTypeDescription`hidelogo``true`Hide the Altcha logo`hidelabel``true`Hide the "I'm not a robot" label`name``string`Hidden input name (default: `altcha`)`auto``string`Auto-solve mode: `onfocus`, `onload`, `onsubmit`If you change `name`, pass the same value to verify: ``` $this->Altcha->verify($this->request, 'my_field_name'); ``` Configuration ------------- [](#configuration) All optional. Defaults work out of the box using `Security.salt` from `app_local.php`. Add to `config/app_local.php` to override: ``` 'Altcha' => [ 'hmacKey' => 'your-custom-key', // defaults to Security.salt 'maxNumber' => 100000, // higher = harder for bots 'saltLength' => 12, 'jsUrl' => 'https://cdn.jsdelivr.net/npm/altcha@latest/dist/altcha.js', ], ``` How it works ------------ [](#how-it-works) 1. Server generates a SHA-256 challenge with a HMAC signature 2. Client solves the proof-of-work in the browser (finds the nonce) 3. Solution is submitted as a hidden form field 4. Server verifies the hash and HMAC signature No data sent to third parties. All computation happens in the browser. Requirements ------------ [](#requirements) - PHP 8.1+ - CakePHP 5.0+ License ------- [](#license) Apache-2.0 ### Health Score 37 — LowBetter than 81% of packages Maintenance91 Actively maintained with recent releases Popularity2 Limited adoption so far Community6 Small or concentrated contributor base Maturity44 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~0 days Total 3 Last Release 44d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/597475305af4e82cad7f0019044b6d7c6f28f96a0f8028add8c0e50c7f380cda?d=identicon)[azzmin](/maintainers/azzmin) --- Top Contributors [![azzmin](https://avatars.githubusercontent.com/u/69926001?v=4)](https://github.com/azzmin "azzmin (4 commits)") --- Tags cakephpspamcaptchaantispamALTCHAcakephp5 ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/azzmin-cakephp-altcha/health.svg) ``` [![Health](https://phpackages.com/badges/azzmin-cakephp-altcha/health.svg)](https://phpackages.com/packages/azzmin-cakephp-altcha) ``` ### Alternatives [gregwar/captcha Captcha generator 1.9k9.9M150](/packages/gregwar-captcha)[gregwar/captcha-bundle Captcha bundle 3694.8M33](/packages/gregwar-captcha-bundle)[fabianwennink/iconcaptcha IconCaptcha is a self-hosted, customizable, easy-to-implement and user-friendly captcha. 18251.3k1](/packages/fabianwennink-iconcaptcha)[dereuromark/cakephp-setup A CakePHP plugin containing lots of useful management tools 35184.7k2](/packages/dereuromark-cakephp-setup)[omines/antispam-bundle The Swiss Army Knife for protecting your Symfony forms from all kinds of spam 4867.7k](/packages/omines-antispam-bundle)[usarise/turnstile PHP library for Turnstile, is Cloudflare’s smart CAPTCHA alternative. It can be embedded into any website without sending traffic through Cloudflare and works without showing visitors a CAPTCHA. 24110.4k7](/packages/usarise-turnstile) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)