PHPackages darkghosthunter/captchavel - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. darkghosthunter/captchavel Abandoned → [laragear/recaptcha](/?search=laragear%2Frecaptcha)ArchivedLibrary[Authentication & Authorization](/categories/authentication) darkghosthunter/captchavel ========================== Integrate reCAPTCHA into your Laravel application better than the Big G itself! v7.0.3(4y ago)9828.4k↓33.3%16MITPHPPHP ^8.0 Since Apr 3Pushed 4y ago1 watchersCompare [ Source](https://github.com/DarkGhostHunter/Captchavel)[ Packagist](https://packagist.org/packages/darkghosthunter/captchavel)[ Docs](https://github.com/darkghosthunter/captchavel)[ Fund](https://paypal.me/darkghosthunter)[ Fund](https://ko-fi.com/DarkGhostHunter)[ RSS](/packages/darkghosthunter-captchavel/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (10)Dependencies (8)Versions (24)Used By (0) Package superseded by [Laragear/ReCaptcha](https://github.com/Laragear/ReCaptcha) ================================================================================= [](#package-superseded-by-laragearrecaptcha) --- Captchavel ========== [](#captchavel) Integrate reCAPTCHA into your Laravel app better than the Big G itself! It uses your Laravel HTTP Client **async HTTP/2**, making your app **fast**. You only need a couple of lines to integrate. Requirements ------------ [](#requirements) - Laravel 8.x, or later - PHP 8.0 or later > If you need support for old versions, consider sponsoring or donating. Installation ------------ [](#installation) You can install the package via Composer: ``` composer require darkghosthunter/captchavel ``` Set up ------ [](#set-up) Add the reCAPTCHA keys for your site to the environment file of your project. You can add each of them for reCAPTCHA v2 **checkbox**, **invisible**, **Android**, and **score**. If you don't have one, generate it in your [reCAPTCHA Admin panel](https://www.google.com/recaptcha/admin/). ``` RECAPTCHA_CHECKBOX_SECRET=6t5geA1UAAAAAN... RECAPTCHA_CHECKBOX_KEY=6t5geA1UAAAAAN... RECAPTCHA_INVISIBLE_SECRET=6t5geA2UAAAAAN... RECAPTCHA_INVISIBLE_KEY=6t5geA2UAAAAAN... RECAPTCHA_ANDROID_SECRET=6t5geA3UAAAAAN... RECAPTCHA_ANDROID_KEY=6t5geA3UAAAAAN... RECAPTCHA_SCORE_SECRET=6t5geA4UAAAAAN... RECAPTCHA_SCORE_KEY=6t5geA4UAAAAAN... ``` This allows you to check different reCAPTCHA mechanisms using the same application, in different environments. > Captchavel already comes with v2 keys for local development. For v3, you will need to create your own set of credentials. Usage ----- [](#usage) Usage differs based on if you're using checkbox, invisible, or Android challenges, or the v3 score-driven challenge. ### Checkbox, invisible and Android challenges [](#checkbox-invisible-and-android-challenges) After you integrate reCAPTCHA into your frontend or Android app, set the Captchavel middleware in the `POST` routes where a form with reCAPTCHA is submitted. The middleware will catch the `g-recaptcha-response` input (you can change it later) and check if it's valid. To declare the middleware, use the `ReCaptcha` helper to ease your development pain: - `ReCaptcha::checkbox()` for explicitly rendered checkbox challenges. - `ReCaptcha::invisible()` for invisible challenges. - `ReCaptcha::android()` for Android app challenges. ``` use App\Http\Controllers\Auth\LoginController; use DarkGhostHunter\Captchavel\ReCaptcha; Route::post('login', [LoginController::class, 'login']) ->middleware(ReCaptcha::checkbox()); ``` > [Laravel 8.69 or below](https://github.com/laravel/framework/releases/tag/v8.70.0) need to cast the object as a string. #### Remembering challenges [](#remembering-challenges) To avoid a form asking for challenges over and over again, you can "remember" the challenge for a given set of minutes. This can be [enabled globally](#remember), but you may prefer to do it in a per-route basis. Simple use the `remember()` method to use the config defaults. It accepts the number of minutes to override the [global parameter](#remember). Alternatively, `rememberForever()` will remember the challenge forever. ``` use App\Http\Controllers\Auth\LoginController; use DarkGhostHunter\Captchavel\ReCaptcha; Route::post('login', [LoginController::class, 'login']) ->middleware(ReCaptcha::invisible()->remember()); Route::post('message', [ChatController::class, 'login']) ->middleware(ReCaptcha::checkbox()->rememberForever()); ``` You should use this in conjunction with the `@unlesschallenged` directive in your Blade templates to render a challenge when the user has not successfully done one before. ``` @unlesschallenged @endchallenged ``` > Good places to remember a challenge for some minutes are forms which are expected to fail, or when you have multiple forms the user may jump between. #### Changing the input name [](#changing-the-input-name) You can change the input name from `g-recaptcha-response`, which is the default, to anything using `input()`. ``` use App\Http\Controllers\Auth\LoginController; use DarkGhostHunter\Captchavel\ReCaptcha; Route::post('login', [LoginController::class, 'login']) ->middleware(ReCaptcha::checkbox()->input('recaptcha_input')); ``` ### Score-driven challenge [](#score-driven-challenge) The reCAPTCHA v3 middleware works differently from v2. This response is *always* a success, but the challenge scores between `0.0` and `1.0`. Human-like interaction will be higher, while robots will score lower. The default threshold is `0.5`, but this can be changed globally or per-route. To start using it, simply use the `ReCaptcha::score()` method to your route. ``` use App\Http\Controllers\CommentController; use DarkGhostHunter\Captchavel\ReCaptcha; Route::post('comment', [CommentController::class, 'create']) ->middleware(ReCaptcha::score()); ``` Once the challenge has been received in your controller, you will have access to two methods from the Request class or instance: `isHuman()` and `isRobot()`, which return `true` or `false`: ``` public function store(Request $request, Post $post) { $request->validate([ 'body' => 'required|string|max:255' ]); $comment = $post->comment()->make($request->only('body')); // Flag the comment as "moderated" if it was a written by robot. $comment->moderated = $request->isRobot(); $comment->save(); return view('post.comment.show', ['comment' => $comment]); } ``` You can also have access to the response from reCAPTCHA using the `response()` method of the `Captchavel` facade: ``` use DarkGhostHunter\Captchavel\Facades\Captchavel; $response = Captchavel::response(); if ($response->score > 0.2) { return 'Try again!'; } ``` #### Threshold, action and input name [](#threshold-action-and-input-name) The middleware accepts three additional parameters using the middleware helper. 1. `threshold()`: The value that must be **above or equal** to be considered human. 2. `action()`: The action name to optionally check against. 3. `input()`: The name of the reCAPTCHA input to verify. ``` use App\Http\Controllers\CommentController;use DarkGhostHunter\Captchavel\ReCaptcha; Route::post('comment', [CommentController::class, 'create']) ->middleware(ReCaptcha::score()->threshold(0.7)->action('post-comment')->input('my_score_input'); ``` > When checking the action name, ensure your frontend action matches with the expected in the middleware. #### Bypassing on authenticated users [](#bypassing-on-authenticated-users) Sometimes you may want to bypass reCAPTCHA checks when there is an authenticated user, or automatically receive it as a "human" on score-driven challenges, specially on recurrent actions or when the user already completes a challenge (like on logins). To exclude authenticated user you can use `forGuests()`, and specify the guards if necessary. ``` use App\Http\Controllers\CommentController; use App\Http\Controllers\MessageController; use DarkGhostHunter\Captchavel\ReCaptcha; use Illuminate\Support\Facades\Route // Don't challenge users authenticated on the default (web) guard. Route::post('message/send', [MessageController::class, 'send']) ->middleware(ReCaptcha::invisible()->forGuests()); // Don't challenge users authenticated on the "admin" and "moderator" guards. Route::post('comment/store', [CommentController::class, 'store']) ->middleware(ReCaptcha::score(0.7)->action('comment.store')->forGuests('admin', 'moderator')); ``` Then, in your blade files, you can easily skip the challenge with the `@guest` or `@auth` directives. ``` @auth Post comment @else Post comment @endauth ``` #### Faking reCAPTCHA scores [](#faking-recaptcha-scores) You can easily fake a reCAPTCHA response score in your local development by setting `CAPTCHAVEL_FAKE` to `true`. ``` CAPTCHAVEL_FAKE=true ``` This environment variable changes the reCAPTCHA Factory for a fake one, which will fake successful responses from reCAPTCHA, instead of resolving real challenges. From there, you can fake a robot response by filling the `is_robot` input in your form. ``` @env('local', 'testing') @endenv Post comment ``` Frontend integration -------------------- [](#frontend-integration) [Check the official reCAPTCHA documentation](https://developers.google.com/recaptcha/intro) to integrate the reCAPTCHA script in your frontend, or inside your Android application. You can use the `captchavel()` helper to output the site key depending on the challenge version you want to render: `checkbox`, `invisible`, `android` or `score` (v3). ``` Login ``` > You can also retrieve the key using `android` for Android apps. Advanced configuration ---------------------- [](#advanced-configuration) Captchavel is intended to work out-of-the-box, but you can publish the configuration file for fine-tuning the reCAPTCHA verification. ``` php artisan vendor:publish --provider="DarkGhostHunter\Captchavel\CaptchavelServiceProvider" --tag="config" ``` You will get a config file with this array: ```