Mecha CMS

Add extra functionality to the core engine.


Author: Taufik Nurrohman · 112 Views


Form protection using captcha.

Download Latest Version



<form method="post">
  <p><?php echo Captcha::math('foo'); ?></p>
  <p><?php echo Form::text('captcha'); ?></p>
  <p><?php echo Form::submit(null, null, 'Submit'); ?></p>


Captcha::check($input, $id, $fail = false);
if (Captcha::check(Request::post('captcha'), 'foo') !== false) {
    // Passed the test!


Math Captcha 

Form protection using math question.

    $id = null,
    $min = 1,
    $max = 10,
    $text = [],
    $format = '%{a}% %{?}% %{b}%'


<span class="captcha captcha-math" id="captcha:foo">2 &#x002B; 5</span>
$idThe captcha ID.
$minRange minimum of the randomly generated number.
$maxRange maximum of the randomly generated number.
$textList of text used to alter the output number.
$format%{a}% for the first random number; %{b}% for the second random number; %{?}% for the math operator.

Example of using the $text parameter:

echo Captcha::math('foo', 1, 5, [
    1 => 'one',
    2 => 'two',
    3 => 'three',
    4 => 'four',
    5 => 'five',
    '+' => 'plus',
    '-' => 'minus'

Result will be like:

<span class="captcha captcha-math" id="captcha:foo">one plus five</span>

Text Captcha 

Form protection using text image question.

    $id = null,
    $background = false,
    $color = '000',
    $size = 16,
    $width = 6,
    $height = 2,
    $text = 7,
    $font = '0'


<img src="" alt="foo" class="captcha captcha-text" id="captcha:foo" width="96" height="32">
$idThe captcha ID.
$backgroundText background color using HEX color code without the hash prefix or false for transparent background.
$colorText color using HEX color code without the hash prefix.
$sizeFont size in px.
$widthImage width in em relative to $size.
$heightImage height in em relative to $size.
$textText length.
$fontTrue type font file name without the file extension, stored in lot\extend\captcha\lot\asset\ttf.

Note: I have removed some of the glyphs in the font to make it only contains [a-zA-Z0-9] to reduce the file size.

Toggle Captcha 

Form protection using a hash value that is not included by default.

    $id = null,
    $text = null


<input name="captcha" value="58e87c6947e7f" type="checkbox" class="captcha captcha-toggle" id="captcha:foo">
<label for="captcha:foo">I am not a robot.</label>
$idThe captcha ID.
$textThe toggle label. If not defined, it will depends on the $language->captcha_toggle value.

Note: This is the only captcha type that has a form input included in the output. If you ever need the token hash only, try Token Captcha.

Token Captcha 

A type of captcha that will only return a token hash.

    $id = null,
    $hash = null,
    $html = true


<span class="captcha captcha-token" id="captcha:foo" contenteditable>1c6948fae7c880eb2dfa4f1b8ecb0e5ebc748d93</span>
$idThe captcha ID.
$hashSet random value here, as the token hash, or use the default hash generated by Guardian::hash().
$htmlSet to false to output only the token hash.

Example of using the $hash parameter:

echo Captcha::token('foo', uniqid());
echo Captcha::token('foo', array_rand([0, 1, 2, 3, 4, 5]));
echo Captcha::token('foo', function($hash) {
    return $hash . time();

The output token will becomes the answer. Do whatever you want with this. Here are some examples:

As copy and paste captcha:

<form method="post">
  <p>Copy the token below and paste it to the text area provided.</p>
  <p><?php echo Captcha::token('foo'); ?></p>
  <p><?php echo Form::textarea('captcha'); ?></p>
  <p><?php echo Form::submit(null, null, 'Submit'); ?></p>

As toggle captcha:

<?php echo Form::checkbox('captcha', Captcha::token('foo', null, false), false, 'I am not a robot.'); ?>




  • I am KnoAcc

    That was really quick of you. This feature absolutely lovable. Again, many thank’s 🙏

    —And I’m trying the captcha, is it case sensitive (?)

    • Taufik Nurrohman

      Yes it is. Why is it so quick? Because I only reapplying the features that already exists in Mecha v1.x.x with little adjustment.

  • Alexander Liebrecht

    I would like to have a captcha query at the login/logout form in Mecha v2 to protect me for spam bots. Which code and in which file I must then paste it. Math-Captcha should be enough.

    Thanks in advance.

    • Taufik Nurrohman

      That’s possible, but you don’t have to, because the panel extension allows you to change the URL path from panel to another path as you like. Open lot\extend\panel\lot\state\config.php then update the path value regularly. As long as you don’t put the login link in the public page, you are safe.

  • Alexander Liebrecht

    Hello everybody,

    Thanks for the tips to the implementation and I could realize that now. Everything worked out and so my Mecha v2 installation would be the safest. I know that the spambots directly search for login forms. Also against BruteForce attacks should always be undertaken, if the own Mecha side is already very well-known in the future.