PHPackages bbysaeth/typo3-altcha - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. bbysaeth/typo3-altcha ActiveTypo3-cms-extension bbysaeth/typo3-altcha ===================== TYPO3 form element for spam protection by utilizing the proof-of-work mechanism ALtcha. v0.6.3(2mo ago)915.6k—8%6[1 issues](https://github.com/bbysaeth/typo3-altcha/issues)1GPL-2.0-or-laterJavaScriptCI passing Since Jun 30Pushed 1mo ago2 watchersCompare [ Source](https://github.com/bbysaeth/typo3-altcha)[ Packagist](https://packagist.org/packages/bbysaeth/typo3-altcha)[ Docs](https://github.com/bbysaeth/typo3-altcha)[ RSS](/packages/bbysaeth-typo3-altcha/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (10)Dependencies (14)Versions (18)Used By (1) TYPO3 Extension `Altcha` ======================== [](#typo3-extension-altcha) This TYPO3 extension integrates Altcha, an innovative alternative to traditional captchas, into the Form Extension. Altcha employs a proof-of-work approach to safeguard forms against spam and abuse without requiring users to solve visual puzzles. Key Features: - Seamless integration with the TYPO3 Form Extension - Configurable difficulty levels for the proof-of-work mechanism - Automatic validation of Altcha responses - Enhanced protection against automated bots - User-friendly alternative to conventional captchas The extension empowers developers to easily incorporate Altcha into existing forms, thereby enhancing security without compromising user experience. Features -------- [](#features) - Altcha spam protection field for ext:form - Customizable expiration time of challenges - Scheduler task for removing obsolete (expired and solved) challenges Installation ------------ [](#installation) Install this TYPO3 extension using [Composer](https://getcomposer.org): ``` composer require bbysaeth/typo3-altcha ``` Choose one integration method and update the database schema via the install tool: - **Site Set (recommended, TYPO3 v13+)**: include `bbysaeth/typo3-altcha` in your site configuration. - **Static Template (classic)**: add `Altcha Form Element` in your TypoScript template record. This TYPO3 extension is licensed under the GNU General Public License Version 2 (GPLv2). Configuration ------------- [](#configuration) ### TypoScript Integration: Site Set or Static Template [](#typoscript-integration-site-set-or-static-template) This extension supports both TYPO3 integration approaches: - **Site Set** via `Configuration/Sets/typo3-altcha/` - **Classic static TypoScript template** via `Configuration/TypoScript/` Do not load both at the same time. Use one method per site. ### Extension Configuration [](#extension-configuration) `HMac Sercret Key (basic.hmac [string])` HMAC secret key for challenge generation. If not defined, TYPO3's encryption key will be used. ### TypoScript Configuration Settings [](#typoscript-configuration-settings) The following TypoScript settings are available: - `plugin.tx_altcha.minimumComplexity` *(integer)* – Minimum number for range of complexity - `plugin.tx_altcha.maximumComplexity` *(integer)* – Maximum number for range of complexity (must be larger than minimumComplexity) - `plugin.tx_altcha.expires` *(integer)* – Seconds after which the challenge expires - `plugin.tx_altcha.hideFooter` *(bool)* – Hide/Show Altcha footer link in field - `plugin.tx_altcha.hideAltchaLogo` *(bool)* – Hide/Show Altcha logo in field - `plugin.tx_altcha.auto` *(Choose: disabled, onload, onfocus)* – Enable/Disable auto verify onload or onfocus ### Form Caching and Challenge Generation [](#form-caching-and-challenge-generation) **Important:** This extension automatically uses an uncached endpoint (`/?type=1768669000`) for local challenge generation to prevent form caching issues. This solves the common problem where cached forms reuse the same challenge, causing validation failures on the first submit attempt. No additional configuration is required – the extension handles this automatically. ### Self-hosted Altcha Server [](#self-hosted-altcha-server) You can use a self-hosted Altcha server instead of local challenge generation. Configure the following TypoScript settings: - `plugin.tx_altcha.challengeUrl` *(string)* – Challenge endpoint URL - `plugin.tx_altcha.verifyUrl` *(string)* – Verification endpoint URL (required for server-side verification) - `plugin.tx_altcha.apiKey` *(string, optional)* – API key sent via headers (`Authorization: Bearer` and `X-Altcha-API-Key`) **Using the Proxy Endpoints (Recommended)** When both `challengeUrl` and `apiKey` are configured, the extension automatically uses built-in proxy endpoints that: - Forward requests to your self-hosted server - Attach the API key via HTTP headers (`Authorization: Bearer {apiKey}` and `X-Altcha-API-Key: {apiKey}`) - Keep the API key secure (not exposed in frontend HTML) **Direct URL Mode (Optional)** If you set only `challengeUrl` without `apiKey`, the widget will connect directly to your server. This is suitable for same-origin servers using session cookies or public endpoints. **Local Mode (Default)** If neither `challengeUrl` nor `verifyUrl` are set, the extension uses: - **Challenge generation**: Uncached endpoint (`/?type=1768669000`) that generates challenges via HMAC - **Verification**: Server-side validation in PHP via `AltchaValidator` (no `verifyurl` needed) - **Benefit**: Prevents form caching issues without requiring `USER_INT` configuration --- 🧩 Customizing Altcha Widget Texts --------------------------------- [](#-customizing-altcha-widget-texts) ### 🛠 1. Create Your Own Partial [](#-1-create-your-own-partial) Create a new file at the following location in your extension or site package: ``` EXT:my_extension/Resources/Private/Frontend/Partials/AltchaTranslations.html ``` Replace `my_extension` with the key of your sitepackage or custom extension. ### 🛠 2. Add YAML Configuration to Register Partial Path [](#-2-add-yaml-configuration-to-register-partial-path) To let TYPO3 know about your new partial path, extend the YAML configuration of the Form Framework. In your sitepackage, add the following file: **`Configuration/Form/Overrides/form_editor.yaml`** ``` TYPO3: CMS: Form: prototypes: standard: renderingOptions: partialRootPaths: 20: "EXT:my_extension/Resources/Private/Frontend/Partials/" ``` > Your YAML file must be included in TypoScript with a key **higher than the one used by this extension (e.g. > 125)** to ensure it overrides the default path. In your TypoScript setup: ``` plugin.tx_form.settings.yamlConfigurations { 125 = EXT:altcha/Configuration/Yaml/FormSetup.yaml 200 = EXT:my_extension/Configuration/Form/Overrides/form_editor.yaml } ``` This ensures that your own YAML is loaded **after** the one provided by Altcha. --- ### 🔤 Available Translation Keys [](#-available-translation-keys) You can define any of the following keys inside your `AltchaTranslations.html`: - `ariaLinkLabel` - `enterCode` - `enterCodeAria` - `error` - `expired` - `footer` - `getAudioChallenge` - `label` - `loading` - `reload` - `verify` - `verificationRequired` - `verified` - `verifying` - `waitAlert` --- ### ✅ Example with Static Texts [](#-example-with-static-texts) **`EXT:my_extension/Resources/Private/Frontend/Partials/AltchaTranslations.html`:** ``` ``` --- ### 🌐 Example with TYPO3 Localization [](#-example-with-typo3-localization) If you want to use TYPO3’s localization, add the relevant labels to your `locallang.xlf`. **Partial Example:** ``` ``` --- License ------- [](#license) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. ### Health Score 47 — FairBetter than 94% of packages Maintenance86 Actively maintained with recent releases Popularity36 Limited adoption so far Community19 Small or concentrated contributor base Maturity39 Early-stage or recently created project Bus Factor1 Top contributor holds 77.8% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~39 days Recently: every ~16 days Total 17 Last Release 63d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/32caa737b89e86881a58a6a43963c3cdcafa1911b248cadf412b74261b85a523?d=identicon)[bbysaeth](/maintainers/bbysaeth) --- Top Contributors [![bbysaeth](https://avatars.githubusercontent.com/u/158752370?v=4)](https://github.com/bbysaeth "bbysaeth (35 commits)")[![Danny-HPH](https://avatars.githubusercontent.com/u/78362634?v=4)](https://github.com/Danny-HPH "Danny-HPH (3 commits)")[![schliesser](https://avatars.githubusercontent.com/u/11655823?v=4)](https://github.com/schliesser "schliesser (3 commits)")[![offlineBlogger](https://avatars.githubusercontent.com/u/97961093?v=4)](https://github.com/offlineBlogger "offlineBlogger (2 commits)")[![lleicher-sg](https://avatars.githubusercontent.com/u/210725148?v=4)](https://github.com/lleicher-sg "lleicher-sg (1 commits)")[![woemar](https://avatars.githubusercontent.com/u/42969992?v=4)](https://github.com/woemar "woemar (1 commits)") --- Tags recaptchaspamcaptchaAbusebottypo3spam protectionproof-of-workALTCHA ### Code Quality Static AnalysisPHPStan Type Coverage Yes ### Embed Badge ![Health badge](/badges/bbysaeth-typo3-altcha/health.svg) ``` [![Health](https://phpackages.com/badges/bbysaeth-typo3-altcha/health.svg)](https://phpackages.com/packages/bbysaeth-typo3-altcha) ``` ### Alternatives [google/recaptcha Client library for reCAPTCHA, a free service that protects websites from spam and abuse. 3.6k89.1M222](/packages/google-recaptcha)[typo3/testing-framework The TYPO3 testing framework provides base classes for unit, functional and acceptance testing. 675.0M775](/packages/typo3-testing-framework)[pagemachine/typo3-formlog Form log for TYPO3 23225.3k6](/packages/pagemachine-typo3-formlog)[eliashaeussler/typo3-form-consent Extension for TYPO3 CMS that adds double opt-in functionality to EXT:form 1481.0k](/packages/eliashaeussler-typo3-form-consent) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)