Snaptcha

Invisible CAPTCHA to pre­vent spam form sub­missions.

Snaptcha is an invis­ible captcha and will be the last time you will ever have to think about pro­tect­ing your forms from spam bots.

First Place AwardDevot:ee Aca­demEE Awards Exten­sion of the Year

Snaptcha (Simple Non-obtrus­ive Auto­mated Pub­lic Tur­ing test to tell Com­puters and Humans Apart) is an invis­ible captcha and will be the last time you will ever have to think about pro­tect­ing your forms from spam bots.

Snaptcha will auto­mat­ic­ally add a hid­den field to your forms and will val­id­ate it on sub­mis­sion. If it determ­ines that a spam­bot is attempt­ing to sub­mit the form then it will pre­vent the form from being sub­mit­ted and will out­put an error mes­sage. You can con­trol the level of secur­ity as well as the error mes­sage text.

Reviews #

In-depth review:

Snaptcha was chosen as Editor’s Pick in Octo­ber 2013 by devot-ee.

Editor's Pick

Read more reviews on devot-ee.

Require­ments #

Snaptcha works with Expres­sion­En­gine ver­sion 2.10.0 or above, 3.1.0 or above, 4.0.0 and above and 5.0.0 and above.

For Expres­sion­En­gine 2 and 3, you must down­load and use the leg­acy ver­sion of the add-on from the main add-on page on devot-ee.

Install­a­tion #

Down­load and unzip Snaptcha, then fol­low the simple steps below:

  1. Upload the snaptcha folder to your add-on directory
  2. Enable the Snaptcha add-on
  3. Open the Snaptcha add-on set­tings and enter your license number
  4. Dis­able CAPTCHA if it is enabled in your channel’s preferences

That’s all you need to do for Snaptcha to work on your forms. There are some more advanced con­fig­ur­a­tion options that you can read about below.

Updat­ing #

Down­load and unzip the latest ver­sion of Snaptcha, then fol­low the steps below:

  1. Over­write the snaptcha folder in your add-on directory
  2. Open the Snaptcha add-on set­tings and modi­fy any newly avail­able features

Secur­ity Levels #

Snaptcha offers three levels of security:

  • High - requires javas­cript (block­ing most spam bots) and only allows a form to be sub­mit­ted once (pre­vent­ing mul­tiple unwanted form submissions)
  • Medi­um — requires javas­cript (block­ing most spam bots) and allows mul­tiple form submissions
  • Low — does not require javas­cript (relies on spam bots filling in all input fields)

We recom­mend using the high secur­ity level where pos­sible and modi­fy­ing the error mes­sage to suit your chosen secur­ity level and users. Please note that if using the high secur­ity level you should not use tem­plate cach­ing on tem­plates that will use Snaptcha.

Com­par­is­on with Hon­ey­pot #

The Hon­ey­pot captcha meth­od is sim­il­ar to Snaptcha’s low secur­ity level. It simply adds a hid­den input field to the form and hopes” that spam bots will enter a value into it, thereby giv­ing them away as bots. Snaptcha’s medi­um and high secur­ity levels are far more secure than Hon­ey­pot, requir­ing javas­cript and the lat­ter only allow­ing single form sub­mis­sions. This means that the vast major­ity of spam bots will be blocked.

Using Snaptcha #

Snaptcha will auto­mat­ic­ally add a hid­den field to your forms and will val­id­ate it on sub­mis­sion. If it determ­ines that a spam bot is attempt­ing to sub­mit the form then it will pre­vent the form from being sub­mit­ted and will out­put the error message.

The fol­low­ing forms are supported:

  • Com­ment form
  • Safecrack­er form
  • Chan­nel form (since EE 2.7)
  • For­um sub­mis­sion form
  • Free­form form
  • Zoo Vis­it­or regis­tra­tion form
  • Pro­Form form
  • Dev­De­mon Forms
  • Mem­ber regis­tra­tion form [1]
  • User Mod­ule regis­tra­tion form [2]
  • Free­Mem­ber regis­tra­tion form [2]
  • Threaded Com­ments form
  • Google Cus­tom Search form
  • Email Form add-on
  • Solspace Rat­ing form
  • Into­EEt­ive Stand-Alone Mem­ber Register form [2]
  • Email Mod­ule [3]

[1] If you set Mem­ber Regis­tra­tion Val­id­a­tion to Enabled” and you are using EE’s nat­ive Mem­ber Pro­file Tem­plates then you must manu­ally append the html code provided to the regis­tra­tion form as the mem­ber mod­ule does not have a hook that would allow Snaptcha to do this auto­mat­ic­ally. This meth­od will only work with the medium and low secur­ity levels. By default this is found by going to Design > Themes > Mem­ber Pro­file Tem­plates > Default > Regis­tra­tion Form.

[2] If you set Mem­ber Regis­tra­tion Val­id­a­tion to Enabled” and you are using reg­u­lar tem­plates to gen­er­ate your regis­tra­tion form then you must manu­ally append a tem­plate tag to the form. Add the tem­plate tag {exp:snaptcha:field} to the bot­tom of the regis­tra­tion form when using the User Mod­ule, Free­Mem­ber or IntoEEtive’s Stand-Alone Mem­ber Register.

[3] The nat­ive Email Mod­ule does not have the neces­sary exten­sion hooks for Snaptcha to sup­port it, how­ever Snaptcha 1.7.1 intro­duced the meth­ods for mak­ing it work. To add sup­port for the Email Mod­ule forms you will need to manu­ally add the fol­low­ing blocks of code to mod.email.php in the module’s folder:

private function _setup_form($tagdata, $recipients,...)
{

/* -------------------------------------
/*  Add this code block to the very beginning of the _setup_form method
/*  'email_module_form_end' hook
*/
    if (ee()->extensions->active_hook('email_module_form_end') === TRUE)
    {
        $tagdata = ee()->extensions->call('email_module_form_end', $tagdata);
        if (ee()->extensions->end_script === TRUE) return;
    }
/*
/* -------------------------------------*/;

/* -------------------------------------
/*  Add this code block before loading the email library in the send_email method
/*  'email_module_send_email_start' hook
*/
    if (ee()->extensions->active_hook('email_module_send_email_start') === TRUE)
    {
        ee()->extensions->call('email_module_send_email_start');
        if (ee()->extensions->end_script === TRUE) return;
    }
/*
/* -------------------------------------*/

// Send email
ee()->load->library('email');

If you have a situ­ation where you are using the Snaptcha field mul­tiple times in the same tem­plate then you should give each tag a unique identifier.

{exp:snaptcha:field id="1"}

{exp:snaptcha:field id="2"}

{exp:snaptcha:field id="3"}

Tem­plate Tags #

You can use the fol­low­ing tem­plate tag to manu­ally cre­ate a Snaptcha field (not required for sup­por­ted add-ons):

{exp:snaptcha:field}

Cre­ates a Snaptcha field with the secur­ity level in the exten­sion settings

{exp:snaptcha:field security_level="1"}

Cre­ates a Snaptcha field with the secur­ity level spe­cified (1=low, 2=medium, 3=high)

AJAX Forms #

If your forms use AJAX to sub­mit data then you must ensure that the Snaptcha field and its cor­res­pond­ing value is sub­mit­ted as well.

Set­tings #

Secur­ity Level
Select from the secur­ity levels described above

Field Name Prefix
The pre­fix for the hid­den snaptcha field (should be a unique value, a ran­dom suf­fix will be used)

Mem­ber Regis­tra­tion Validation
Wheth­er to enable val­id­a­tion of mem­ber regis­tra­tion forms (see below for details)

Rejec­ted Form Sub­mis­sion Logging
Wheth­er to enable log­ging of rejec­ted form sub­mis­sions (see below for details)

Error Mes­sage
The mes­sage to dis­play if the user is believed to be a spam bot

Log­ging #

If you set Rejec­ted Form Sub­mis­sion Log­ging to Enabled” then any rejec­ted sub­mis­sions will be logged to the log.txt file in the Snaptcha folder. The file must be writ­able so ensure that the per­mis­sions are set to at least 666.

Test­ing Snaptcha #

If you want to test or see how Snaptcha works on your site then nav­ig­ate to one of your forms, open your browser’s inspect­or or use Fire­bug and delete the input field that Snaptcha inser­ted. It will usu­ally be towards the bot­tom of your form’s markup and will have an id that begins with the pre­fix in your exten­sion set­tings (“snap” by default). After delet­ing the input field, sub­mit the form and the error mes­sage from your exten­sion set­tings should appear. 

Developers #

You can integ­rate Snaptcha val­id­a­tion into your code and add-ons eas­ily. Use the tem­plate tag above or the fol­low­ing code to cre­ate a Snaptcha field:

require_once PATH_THIRD.'snaptcha/ext.snaptcha'.EXT;
$Snaptcha = new Snaptcha_ext();
$field = $Snaptcha->snaptcha_field();

You can option­ally set the secur­ity level to be used:

$security_level = 1;   // 1=low, 2=medium, 3=high
$field = $Snaptcha->snaptcha_field($security_level);

Then use the fol­low­ing code to val­id­ate a form submission:

require_once PATH_THIRD.'snaptcha/ext.snaptcha'.EXT;
$Snaptcha = new Snaptcha_ext();
$validated = $Snaptcha->snaptcha_validate();   // returns a boolean (true or false)

If you expli­citly set the secur­ity level in the Snaptcha field then you should set it to the same value in the val­id­ate function:

$security_level = 1;    // 1=low, 2=medium, 3=high
$validated = $Snaptcha->snaptcha_validate($security_level);

FAQ #

Do I need to add any­thing to my forms to make Snaptcha work?
No, all you need to do is enable the Snaptcha exten­sion. The hid­den field will auto­mat­ic­ally be added to your form and the val­id­a­tion done when the form is sub­mit­ted. The excep­tions to this are mem­ber regis­tra­tion forms and the nat­ive email module.

How can I test to see if Snaptcha is working?
To see Snaptcha work­ing on your site, nav­ig­ate to one of your forms, open your browser’s inspect­or or use Fire­bug and delete the input field that Snaptcha inser­ted. It will usu­ally be towards the bot­tom of your form’s markup and will have an id that begins with the pre­fix in your exten­sion set­tings (“snap” by default). After delet­ing the input field, sub­mit the form and the error mes­sage from your exten­sion set­tings should appear.

Why does form sub­mis­sion fail with Dev­De­mon Forms?
When build­ing your form with Dev­De­mon Forms, ensure that you have enabled Snaptcha sup­port under Form Set­tings > Security.

Does Snaptcha work with mod­al windows?
Snaptcha works with the major­ity of mod­al win­dows how­ever you may run into issues with those that duplictae or modi­fy the mark-up. Snaptcha is known to work with the jQuery UI Dia­log and Fancy­Box. It does not work with Col­or­box.

Does Snaptcha work with Modernizr?
While Snaptcha does work with Mod­ern­izr, issues have been repor­ted when a web­site uses Mod­ern­izr com­bined with some front-end frame­works. Set­ting Snaptcha’s secur­ity level to low” should resolve this issue, how­ever please report this to us so we can invest­ig­ate further.

Changelog #

Ver­sion 2.2.1 #
  • Fixed update script that removed old Free­form hook
Ver­sion 2.2.0 #
  • Added com­pat­ib­il­ity with Free­form Next (1.7.3 and above)
Ver­sion 2.1.0 #
  • Added com­pat­ib­il­ity with FormGrab
Ver­sion 2.0.3 #
  • Fixed Javas­cript error in for­um script when user not logged in
Ver­sion 2.0.2 #
  • Made com­pat­ible with PHP 7.0.0
Ver­sion 2.0.1 #
  • Fixed bug in install­a­tion process
Ver­sion 2.0.0 #
  • Made com­pat­ible with Expres­sion­En­gine 3
End of fea­ture devel­op­ment for EE2 ver­sion #
Ver­sion 1.7.6 #
  • Added com­pat­ib­il­ity with Expresso Store when regis­ter­ing mem­bers after checkout
Ver­sion 1.7.5 #
  • Added extensions->last_call to main­tain val­ues returned by pre­vi­ously called exten­sion hooks
Ver­sion 1.7.4 #
  • Fixed stat­ic usage meth­od in plugin
Ver­sion 1.7.3 #
  • Fixed chan­nel form (safecrack­er) deprec­a­tion errors
Ver­sion 1.7.2 #
  • Made the embed code that is dis­played for the mem­ber regis­tra­tion form update dynam­ic­ally when secur­ity level is changed
Ver­sion 1.7.1 #
  • Added Email Mod­ule meth­ods for sup­port­ing future hooks
  • Improved how the input field is hidden
Ver­sion 1.7 #
  • Added sup­port for Solspace Rating
  • Added field name class to Snaptcha div
  • Improved log messages
  • Improved code efficiency
Ver­sion 1.6.8 #
  • Fixed bug with Email Form tem­plate variables
Ver­sion 1.6.7 #
  • Added sup­port for Email Form
Ver­sion 1.6.6 #
  • Fixed window.onload con­flict with javas­cript libraries
Ver­sion 1.6.5 #
  • Added sta­bil­ity measures
  • Fixed bug that caused a hori­zont­al scroll­bar to appear with RTL
Ver­sion 1.6.4 #
  • Fixed bug with Free­form validation
  • Added com­pat­ib­il­ity for mem­ber regis­tra­tion val­id­a­tion in EE ver­sions earli­er than 2.5.0
Ver­sion 1.6.3 #
  • Fixed bug when edit­ing forms in the CP with Free­form 4
Ver­sion 1.6.2 #
  • Fixed bug with set­tings not being retrieved
  • Added trim() to license num­ber validation
Ver­sion 1.6.1 #
  • Added sup­port for older ver­sions of EE 2.1.x
Ver­sion 1.6 #
  • Added sup­port for Pro­Form v1.31+
  • Fixed bug with Zoo Visitor
  • Updated mem­ber mod­ule hook
  • Added descript­ive mes­sages to logging
Ver­sion 1.5.2 #
  • Import­ant bugfixes
Ver­sion 1.5.1 #
  • Added sup­port for FreeMember
  • Gen­er­al bugfixes
Ver­sion 1.5 #
  • Added tem­plate tag for Snaptcha field
  • Added abil­ity for developers to integ­rate Snaptcha val­id­a­tion into code and add-ons
  • Increased secur­ity

Notes on upgrad­ing to ver­sion 1.5:
If you are using Snaptcha to val­id­ate your User Mod­ule, Zoo Vis­it­or and Free­Mem­ber mem­ber regis­tra­tion forms then you must replace the Snaptcha html code with the tem­plate tag {ext:snaptcha:field}. This will also allow for a high” secur­ity set­ting on these forms.

Ver­sion 1.4.1 #
  • Bug­fix with Safecrack­er submission
Ver­sion 1.4 #
  • Added sup­port for User Module
  • Added sup­port for Zoo Visitor
Ver­sion 1.3.1 #
  • Changed expiry time of table rows to 1 hour
  • Minor bug­fixes
Ver­sion 1.3 #
  • Added option­al log­ging of rejec­ted form sub­mis­sions [set file per­mis­sions of log.txt to 777]
Ver­sion 1.2.1 #
  • Fixed bug in new for­um top­ic form
Ver­sion 1.2 #
  • Added sup­port for For­um Sub­mis­sion forms
  • Fixed bug with low secur­ity level validation
Ver­sion 1.1 #
  • Added sup­port for Mem­ber Regis­tra­tion forms
  • Fixed bug in add-on config
Ver­sion 1.0 #
  • Ini­tial release