I’m sure you know what a CAPTCHA is,
and even if these can now be solved relatively easily by machine learning
, it’s a good way to secure your web forms (e.g. registration/login).
First you need to create a hCaptcha account. You will obtain a sitekey and secret key, which you can store in your CakePHP App Config:
Next you need to include the js lib of hCaptcha in your Layout Template:
In the form you want to secure you include the CAPTCHA and add the sitekey:
By solving the CAPTCHA and submitting the form, the corresponding controller receives the POST parameter h-captcha-response in the form of a token. This token must send to the hCaptcha API endpoint (https://hcaptcha.com/siteverify) via a POST request to verify the result. For this we use the HTTP Client of CakePHP:
If you want to use hCaptcha API in multiple Controllers, you can put the Controllercode in a Component.