KeyCAPTCHA common API
CAPTCHA displaying
To display KeyCAPTCHA you should add a hidden field with unique ID to your form (<input type="hidden" id="capcode">) and insert the following javascript code between <form> and </form> tags:Where:
| Parameter | Description |
| PRIVATE_KEY | Private Key from your KeyCAPTCHA profile |
| USER_ID | User ID from your KeyCAPTCHA profile |
| VISITOR_IP | IP of a visitor, who gets the page with KeyCAPTCHA |
| SESION_ID | unique random string (e.g. uniqid() or md5(random)), with length less than 40 chars |
| SUBMIT_BUTTON_ID | ID of the submit button. If you are using several buttons you should list their IDs separated by commas. If the submit button has no ID you should place 'sbutton-#-r' value. In this case CAPTCHA solution verification will proceed on each button press event. |
| SERVER_SIGN | md5(SESSION_ID+VISITOR_IP+PRIVATE_KEY) |
| SERVER_SIGN2 | md5(SESSION_ID+PRIVATE_KEY) |
If document.s_s_c_debugmode=1, then the form will be submitted to your web server even if CAPTCHA solution is wrong. We recommend to set this flag 'On' for server side CAPTCHA checking tests.
If document.s_s_c_without_submit_search=1, then KeyCAPTCHA will not search submit buttons. In this case KeyCAPTCHA will handle only buttons whose IDs listed in s_s_c_submit_button_id.
If document.s_s_c_popupmode=1, then visitors will see CAPTCHA in a popup div after pressing the submit button.
CAPTCHA checking
KeyCAPTCHA provides two modes of checking answer: if outgoing requests from your web server are allowed and if not.
KeyCAPTCHA's answer is transmitted through the hidden field of the protected form (s_s_c_captcha_field_id) and looks like A|B|C|D... string.
If outgoing requests are allowed, then for checking CAPTCHA solution you have to:
- Make shure that the CAPTCHA answer is received from KeyCAPTCHA server
A == md5('accept'+B+PRIVATE_KEY+C) - Check correctness of the CAPTCHA answer. To do this you should generate GET request to a 'C'-address and check a result. If the result is equal to 1 then the CAPTCHA solution is correct. You should ensure that such request is generated only once, cause the second test will return negatory result.
If outgoing requests are prohibited, then prior to displaying KeyCAPTCHA you have to:
- Create permanent address (e.g. http://yourServer.com/gettime) for recieving current server time in "yyyy/mm/dd HH:MM:SS" format.
- In KeyCAPTCHA's account uncheck flag 'Allow outgoing requests' and set 'Time script URL' to your time URL.
To check the CAPTCHA solution you have to:
- Make shure that the answer is received from KeyCAPTCHA server
A == md5('accept'+B+PRIVATE_KEY+C) - Check difference between current server time and 'C' value. If difference is less than 15 seconds and 'D' is equal to 1 then CAPTCHA solution is right.