Home Plugins Contact Us Demo Sign In Sign Up Free

KeyCAPTCHA common API

CAPTCHA displaying

To display KeyCAPTCHA you should add a hidden field with unique ID to your form (<input type="hidden" id="capcode">) and insert the following javascript code between <form> and </form> tags:

Where:
Parameter Description
PRIVATE_KEY Private Key from your KeyCAPTCHA profile
USER_ID User ID from your KeyCAPTCHA profile
VISITOR_IP IP of a visitor, who gets the page with KeyCAPTCHA
SESION_ID unique random string (e.g. uniqid() or md5(random)), with length less than 40 chars
SUBMIT_BUTTON_ID ID of the submit button. If you are using several buttons you should list their IDs separated by commas. If the submit button has no ID you should place 'sbutton-#-r' value. In this case CAPTCHA solution verification will proceed on each button press event.
SERVER_SIGN md5(SESSION_ID+VISITOR_IP+PRIVATE_KEY)
SERVER_SIGN2 md5(SESSION_ID+PRIVATE_KEY)


If document.s_s_c_debugmode=1, then the form will be submitted to your web server even if CAPTCHA solution is wrong. We recommend to set this flag 'On' for server side CAPTCHA checking tests.
If document.s_s_c_without_submit_search=1, then KeyCAPTCHA will not search submit buttons. In this case KeyCAPTCHA will handle only buttons whose IDs listed in s_s_c_submit_button_id.
If document.s_s_c_popupmode=1, then visitors will see CAPTCHA in a popup div after pressing the submit button.

CAPTCHA checking

KeyCAPTCHA provides two modes of checking answer: if outgoing requests from your web server are allowed and if not.

KeyCAPTCHA's answer is transmitted through the hidden field of the protected form (s_s_c_captcha_field_id) and looks like A|B|C|D... string.


If outgoing requests are allowed, then for checking CAPTCHA solution you have to:

  1. Make shure that the CAPTCHA answer is received from KeyCAPTCHA server
        A == md5('accept'+B+PRIVATE_KEY+C)
  2. Check correctness of the CAPTCHA answer. To do this you should generate GET request to a 'C'-address and check a result. If the result is equal to 1 then the CAPTCHA solution is correct. You should ensure that such request is generated only once, cause the second test will return negatory result.


If outgoing requests are prohibited, then prior to displaying KeyCAPTCHA you have to:

  1. Create permanent address (e.g. http://yourServer.com/gettime) for recieving current server time in "yyyy/mm/dd HH:MM:SS" format.
  2. In KeyCAPTCHA's account uncheck flag 'Allow outgoing requests' and set 'Time script URL' to your time URL.

To check the CAPTCHA solution you have to:

  1. Make shure that the answer is received from KeyCAPTCHA server
        A == md5('accept'+B+PRIVATE_KEY+C)
  2. Check difference between current server time and 'C' value. If difference is less than 15 seconds and 'D' is equal to 1 then CAPTCHA solution is right.