Snaptcha

‚Äč

Requirements

Snaptcha requires ExpressionEngine version 2.6.0 or above, or 3.0.0 or above.

For ExpressionEngine 2, you must download and use the legacy version of the add-on from the main add-on page on devot-ee.

Installation

Download and unzip Snaptcha, then follow the simple steps below:

  1. Upload the snaptcha folder to your add-on directory
  2. Enable the Snaptcha add-on
  3. Open the Snaptcha add-on settings and enter your license number
  4. Disable CAPTCHA if it is enabled in your channel's preferences

That's all you need to do for Snaptcha to work on your forms. There are some more advanced configuration options that you can read about below.

Updating

Download and unzip the latest version of Snaptcha, then follow the steps below:

  1. Overwrite the snaptcha folder in your add-on directory
  2. Open the Snaptcha add-on settings and modify any newly available features

Security Levels

Snaptcha offers three levels of security:

  • High - requires javascript (blocking most spam bots) and only allows a form to be submitted once (preventing multiple unwanted form submissions)
  • Medium - requires javascript (blocking most spam bots) and allows multiple form submissions
  • Low - does not require javascript (relies on spam bots filling in all input fields)

We recommend using the high security level where possible and modifying the error message to suit your chosen security level and users. Please note that if using the high security level you should not use template caching on templates that will use Snaptcha.

Comparison with Honeypot

The Honeypot captcha method is similar to Snaptcha's low security level. It simply adds a hidden input field to the form and "hopes" that spam bots will enter a value into it, thereby giving them away as bots. Snaptcha's medium and high security levels are far more secure than Honeypot, requiring javascript and the latter only allowing single form submissions. This means that the vast majority of spam bots will be blocked.

Settings

Security Level
Select from the security levels described above
Field Name Prefix
The prefix for the hidden snaptcha field (should be a unique value, a random suffix will be used)
Member Registration Validation 
Whether to enable validation of member registration forms (see below for details)
Rejected Form Submission Logging
Whether to enable logging of rejected form submissions (see below for details)
Error Message
The message to display if the user is believed to be a spam bot

Template Tags

You can use the following template tag to manually create a Snaptcha field (not required for supported add-ons):

{exp:snaptcha:field}
Creates a Snaptcha field with the security level in the extension settings
{exp:snaptcha:field security_level="1"}
Creates a Snaptcha field with the security level specified (1=low, 2=medium, 3=high)

Using Snaptcha

Snaptcha will automatically add a hidden field to your forms and will validate it on submission. If it determines that a spam bot is attempting to submit the form then it will prevent the form from being submitted and will output the error message.

The following forms are supported:

  • Comment form
  • Safecracker form
  • Channel form (since EE 2.7)
  • Forum submission form
  • Freeform form
  • Zoo Visitor registration form
  • ProForm form
  • DevDemon Forms
  • Member registration form [1]
  • User Module registration form [2]
  • FreeMember registration form [2]
  • Threaded Comments form
  • Google Custom Search form
  • Email Form add-on
  • Solspace Rating form
  • IntoEEtive Stand-Alone Member Register form [2]
  • Email Module [3]

[1] If you set Member Registration Validation to "Enabled" and you are using EE's native Member Profile Templates then you must manually append the html code provided to the registration form as the member module does not have a hook that would allow Snaptcha to do this automatically. This method will only work with the medium and low security levels. By default this is found by going to Design > Themes > Member Profile Templates > Default > Registration Form.

[2] If you set Member Registration Validation to "Enabled" and you are using regular templates to generate your registration form then you must manually append a template tag to the form. Add the template tag {exp:snaptcha:field} to the bottom of the registration form when using the User Module, FreeMember or IntoEEtive's Stand-Alone Member Register.

[3] The native Email Module does not have the necessary extension hooks for Snaptcha to support it, however Snaptcha 1.7.1 introduced the methods for making it work. To add support for the Email Module forms you will need to manually add the following blocks of code to mod.email.php in the module's folder:

private function _setup_form($tagdata, $recipients,...)
{

/* -------------------------------------
/*  Add this code block to the very beginning of the _setup_form method
/*  'email_module_form_end' hook
*/
	if (ee()->extensions->active_hook('email_module_form_end') === TRUE)
	{
		$tagdata = ee()->extensions->call('email_module_form_end', $tagdata);
		if (ee()->extensions->end_script === TRUE) return;
	}
/*
/* -------------------------------------*/;
/* -------------------------------------
/*  Add this code block before loading the email library in the send_email method
/*  'email_module_send_email_start' hook
*/
	if (ee()->extensions->active_hook('email_module_send_email_start') === TRUE)
	{
		ee()->extensions->call('email_module_send_email_start');
		if (ee()->extensions->end_script === TRUE) return;
	}
/*
/* -------------------------------------*/

// Send email
ee()->load->library('email');


If you have a situation where you are using the Snaptcha field multiple times in the same template then you should give each tag a unique identifier.

{exp:snaptcha:field id="1"}

{exp:snaptcha:field id="2"}

{exp:snaptcha:field id="3"}

AJAX Forms

If your forms use AJAX to submit data then you must ensure that the Snaptcha field and its corresponding value is submitted as well.

Logging

If you set Rejected Form Submission Logging to "Enabled" then any rejected submissions will be logged to the log.txt file in the Snaptcha folder. The file must be writable so ensure that the permissions are set to at least 666.

Testing Snaptcha

If you want to test or see how Snaptcha works on your site then navigate to one of your forms, open your browser's inspector or use Firebug and delete the input field that Snaptcha inserted. It will usually be towards the bottom of your form's markup and will have an id that begins with the prefix in your extension settings ("snap" by default). After deleting the input field, submit the form and the error message from your extension settings should appear. 

Developers

You can integrate Snaptcha validation into your code and add-ons easily. Use the template tag above or the following code to create a Snaptcha field:

require_once PATH_THIRD.'snaptcha/ext.snaptcha'.EXT;
$Snaptcha = new Snaptcha_ext();
$field = $Snaptcha->snaptcha_field();

You can optionally set the security level to be used:

$security_level = 1;   // 1=low, 2=medium, 3=high
$field = $Snaptcha->snaptcha_field($security_level);

Then use the following code to validate a form submission:

require_once PATH_THIRD.'snaptcha/ext.snaptcha'.EXT;
$Snaptcha = new Snaptcha_ext();
$validated = $Snaptcha->snaptcha_validate();   // returns a boolean (true or false)

If you explicitly set the security level in the Snaptcha field then you should set it to the same value in the validate function:

$security_level = 1;	// 1=low, 2=medium, 3=high
$validated = $Snaptcha->snaptcha_validate($security_level);