PHPackages peopleinside/fla-powcaptcha - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. peopleinside/fla-powcaptcha ActiveFlarum-extension[Security](/categories/security) peopleinside/fla-powcaptcha =========================== Local Proof-of-Work CAPTCHA for Flarum – protect login, registration and password reset without any external service 2.3(3w ago)179↑241.8%1Apache-2.0TypeScriptPHP >=8.1 Since May 14Pushed 2w agoCompare [ Source](https://github.com/PeopleInside/fla-powcaptcha)[ Packagist](https://packagist.org/packages/peopleinside/fla-powcaptcha)[ Docs](https://github.com/PeopleInside/fla-powcaptcha)[ RSS](/packages/peopleinside-fla-powcaptcha/feed)WikiDiscussions main Synced 1w ago READMEChangelog (10)Dependencies (1)Versions (18)Used By (0) PoW CAPTCHA for Flarum ====================== [](#pow-captcha-for-flarum) [![Packagist](https://camo.githubusercontent.com/dc4d937db8a3062552ef2cf228996528dd768002364751fa9ddf07a58f0de0ef/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f70656f706c65696e736964652f666c612d706f77636170746368612e737667)](https://packagist.org/packages/peopleinside/fla-powcaptcha)[![License](https://camo.githubusercontent.com/ea56271f3694ba43f4352d3812d61253859749e05962fe68f2bad117eff42dd0/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f50656f706c65496e736964652f666c612d706f77636170746368612e737667)](LICENSE) A **local Proof-of-Work CAPTCHA** extension for [Flarum](https://flarum.org/) that protects login, registration and password-reset forms without relying on any external service (no Cloudflare, no Google reCAPTCHA, no cookies). How it works ------------ [](#how-it-works) 1. When an auth modal opens, the browser silently fetches a one-time **challenge** from the Flarum API. 2. The browser solves a SHA-256 hash puzzle (finds a nonce *N* such that `SHA-256(challenge:N)` starts with *D* hex zeros, where *D* is the configured difficulty). 3. The solution token `challenge:nonce` is appended to the form submission. 4. The server verifies the solution and rejects the request if the check fails. Bots must solve the same puzzle for every request; legitimate users complete it invisibly in the background (< 100 ms at the default difficulty). Features -------- [](#features) - 🔒 **No external services** – fully self-hosted - ⚡ **Invisible to users** – solved automatically while they fill the form - ⚙️ **Configurable difficulty** – 5 levels (< 1 ms → ~10 s) - 🌓 **Dark / light mode** – widget adapts to Flarum's current theme - 🌍 **Italian & English** – auto-detected; add more locales in `locale/` - 🔁 **Replay-proof** – each challenge is single-use (stored in Flarum's cache) - ✅ **Flarum 1.x and 2.x** compatible Requirements ------------ [](#requirements) DependencyVersionPHP≥ 8.1Flarum^1.0 or ^2.0Screenshot ---------- [](#screenshot) [![Screenshot 2026-05-14 205357](https://private-user-images.githubusercontent.com/5006150/592689401-1576655b-0d83-46a8-b35b-0cecee923faf.png?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3ODAzODY3NzAsIm5iZiI6MTc4MDM4NjQ3MCwicGF0aCI6Ii81MDA2MTUwLzU5MjY4OTQwMS0xNTc2NjU1Yi0wZDgzLTQ2YTgtYjM1Yi0wY2VjZWU5MjNmYWYucG5nP1gtQW16LUFsZ29yaXRobT1BV1M0LUhNQUMtU0hBMjU2JlgtQW16LUNyZWRlbnRpYWw9QUtJQVZDT0RZTFNBNTNQUUs0WkElMkYyMDI2MDYwMiUyRnVzLWVhc3QtMSUyRnMzJTJGYXdzNF9yZXF1ZXN0JlgtQW16LURhdGU9MjAyNjA2MDJUMDc0NzUwWiZYLUFtei1FeHBpcmVzPTMwMCZYLUFtei1TaWduYXR1cmU9ODk2Njc2ZjdlNGIwOTk0YWM4Y2ZkOGU5NjEzNTAwOTkwYjc1OTM2ZGM4ZjQzZjhkYmM2YzBiZmIxMDIxMzZmMSZYLUFtei1TaWduZWRIZWFkZXJzPWhvc3QmcmVzcG9uc2UtY29udGVudC10eXBlPWltYWdlJTJGcG5nIn0.n2yJ52kyLbwNmDvOT1YyTzcLitXnLJDGty4c9A87ypE)](https://private-user-images.githubusercontent.com/5006150/592689401-1576655b-0d83-46a8-b35b-0cecee923faf.png?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3ODAzODY3NzAsIm5iZiI6MTc4MDM4NjQ3MCwicGF0aCI6Ii81MDA2MTUwLzU5MjY4OTQwMS0xNTc2NjU1Yi0wZDgzLTQ2YTgtYjM1Yi0wY2VjZWU5MjNmYWYucG5nP1gtQW16LUFsZ29yaXRobT1BV1M0LUhNQUMtU0hBMjU2JlgtQW16LUNyZWRlbnRpYWw9QUtJQVZDT0RZTFNBNTNQUUs0WkElMkYyMDI2MDYwMiUyRnVzLWVhc3QtMSUyRnMzJTJGYXdzNF9yZXF1ZXN0JlgtQW16LURhdGU9MjAyNjA2MDJUMDc0NzUwWiZYLUFtei1FeHBpcmVzPTMwMCZYLUFtei1TaWduYXR1cmU9ODk2Njc2ZjdlNGIwOTk0YWM4Y2ZkOGU5NjEzNTAwOTkwYjc1OTM2ZGM4ZjQzZjhkYmM2YzBiZmIxMDIxMzZmMSZYLUFtei1TaWduZWRIZWFkZXJzPWhvc3QmcmVzcG9uc2UtY29udGVudC10eXBlPWltYWdlJTJGcG5nIn0.n2yJ52kyLbwNmDvOT1YyTzcLitXnLJDGty4c9A87ypE)[![1778785001-133386-screenshot-2026-05-14-205627](https://private-user-images.githubusercontent.com/5006150/593001465-ad1bd396-e5de-4acf-9b7b-4c5ea817c89d.png?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3ODAzODY3NzAsIm5iZiI6MTc4MDM4NjQ3MCwicGF0aCI6Ii81MDA2MTUwLzU5MzAwMTQ2NS1hZDFiZDM5Ni1lNWRlLTRhY2YtOWI3Yi00YzVlYTgxN2M4OWQucG5nP1gtQW16LUFsZ29yaXRobT1BV1M0LUhNQUMtU0hBMjU2JlgtQW16LUNyZWRlbnRpYWw9QUtJQVZDT0RZTFNBNTNQUUs0WkElMkYyMDI2MDYwMiUyRnVzLWVhc3QtMSUyRnMzJTJGYXdzNF9yZXF1ZXN0JlgtQW16LURhdGU9MjAyNjA2MDJUMDc0NzUwWiZYLUFtei1FeHBpcmVzPTMwMCZYLUFtei1TaWduYXR1cmU9NTM0ZTQwMGQ0ODc5OWE0YzQ1MTUwZTY5Zjc5NTU4MTYxYTMyZTBjOTEzNmIyMDhmM2YxY2E2MjFkZjZiZGMyYiZYLUFtei1TaWduZWRIZWFkZXJzPWhvc3QmcmVzcG9uc2UtY29udGVudC10eXBlPWltYWdlJTJGcG5nIn0.uqRfaqD6-OohOxbptOJYnzsvEP1Vh9XP7pUToBJoydk)](https://private-user-images.githubusercontent.com/5006150/593001465-ad1bd396-e5de-4acf-9b7b-4c5ea817c89d.png?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3ODAzODY3NzAsIm5iZiI6MTc4MDM4NjQ3MCwicGF0aCI6Ii81MDA2MTUwLzU5MzAwMTQ2NS1hZDFiZDM5Ni1lNWRlLTRhY2YtOWI3Yi00YzVlYTgxN2M4OWQucG5nP1gtQW16LUFsZ29yaXRobT1BV1M0LUhNQUMtU0hBMjU2JlgtQW16LUNyZWRlbnRpYWw9QUtJQVZDT0RZTFNBNTNQUUs0WkElMkYyMDI2MDYwMiUyRnVzLWVhc3QtMSUyRnMzJTJGYXdzNF9yZXF1ZXN0JlgtQW16LURhdGU9MjAyNjA2MDJUMDc0NzUwWiZYLUFtei1FeHBpcmVzPTMwMCZYLUFtei1TaWduYXR1cmU9NTM0ZTQwMGQ0ODc5OWE0YzQ1MTUwZTY5Zjc5NTU4MTYxYTMyZTBjOTEzNmIyMDhmM2YxY2E2MjFkZjZiZGMyYiZYLUFtei1TaWduZWRIZWFkZXJzPWhvc3QmcmVzcG9uc2UtY29udGVudC10eXBlPWltYWdlJTJGcG5nIn0.uqRfaqD6-OohOxbptOJYnzsvEP1Vh9XP7pUToBJoydk)Disclaimer ---------- [](#disclaimer) This software is provided **"AS IS"**, without any warranty. While it has been tested and reasonable efforts are made to ensure security and reliability, no guarantees are provided. As an open project, anyone may contribute or report issues, but this does not imply endorsement or liability from the maintainers. **You use this software entirely at your own risk.** The authors and contributors are not liable for any damages, data loss, or unexpected behavior resulting from its use, modification, or distribution. Always review and test the code independently before deploying it in critical or production environments. Installation ------------ [](#installation) ``` composer require peopleinside/fla-powcaptcha ``` Update ------ [](#update) ``` composer update peopleinside/fla-powcaptcha ``` How to remove ------------- [](#how-to-remove) ``` composer remove peopleinside/fla-powcaptcha ``` Then enable the extension in the Flarum admin panel. Configuration ------------- [](#configuration) Go to **Admin → Extensions → PoW CAPTCHA** and choose: SettingDefaultDescriptionEnable on Login✓Protect the login formEnable on Registration✓Protect the sign-up formEnable on Password Reset✓Protect the forgot-password formDifficulty3 – Standard (~100 ms)SHA-256 leading-zero count (1–5)Development (for contributors only) ----------------------------------- [](#development-for-contributors-only) The extension is distributed with pre-compiled frontend assets (`js/dist/*`), so **no JS build step is required** to install or use it. Security Notes -------------- [](#security-notes) - Each challenge is valid for **5 minutes** and is **single-use** (deleted after successful verification). - The challenge is a 128-bit cryptographically random value; it cannot be guessed or forged. - The server independently re-computes the SHA-256 hash to verify the solution. License ------- [](#license) [Apache-2.0](LICENSE) ### Health Score 45 — FairBetter than 91% of packages Maintenance96 Actively maintained with recent releases Popularity16 Limited adoption so far Community9 Small or concentrated contributor base Maturity51 Maturing project, gaining track record Bus Factor1 Top contributor holds 55.4% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~0 days Total 15 Last Release 20d ago Major Versions 1.9 → 2.02026-05-15 ### Community Maintainers ![](https://www.gravatar.com/avatar/c1a29d20f5350e197074d6570b19839d242c2fb2e2b78b2ad7024019dde7ffeb?d=identicon)[peopleinside](/maintainers/peopleinside) --- Top Contributors [![Copilot](https://avatars.githubusercontent.com/in/1143301?v=4)](https://github.com/Copilot "Copilot (31 commits)")[![PeopleInside](https://avatars.githubusercontent.com/u/5006150?v=4)](https://github.com/PeopleInside "PeopleInside (25 commits)") --- Tags securitycaptchaflarumbot-protectionproof-of-workpow ### Embed Badge ![Health badge](/badges/peopleinside-fla-powcaptcha/health.svg) ``` [![Health](https://phpackages.com/badges/peopleinside-fla-powcaptcha/health.svg)](https://phpackages.com/packages/peopleinside-fla-powcaptcha) ``` ### Alternatives [gregwar/captcha-bundle Captcha bundle 3694.8M33](/packages/gregwar-captcha-bundle)[flarum-lang/russian Russian language pack for Flarum. 12127.5k](/packages/flarum-lang-russian)[s1syphos/php-simple-captcha Simple captcha generator 2639.5k8](/packages/s1syphos-php-simple-captcha) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)