Yii 1.1: captcha-extended

CaptchaExtended enhances original captcha delivered with framework by implementing logical phrases and visual elements.

Captcha Extended enhances original captcha implementation supplied with the framework by adding more visual masking techniques and implementing logical phrases that are harder to break by spammers.


  • supports modes: logical, words, mathverbal, math, default
  • supports extended characters latin1, latin2 (utf-8) including middle- east- European and cyrillic characters
  • implements masking elements: dots density, through lines, fillSections, font color varying
  • ignorant to whitespaces
  • supports case sensitivity / insensitivity even for non-latin1 characters for client side validation






This extension will run right out of the box on Yii 1.1.7+ However, with minor tweaks you can run it on any previous version (uses $classmap and enableClientValidation introduced in 1.1.7, you can replace class registration e.g. with importing whole directory, which however is less performance wise).

Installation and usage

1) Unzip CaptchaExtended.zip files into ../protected/extensions/captchaExtended/.

2) Register class paths to CaptchaExtendedAction and CaptchaExtendedValidator, e.g. in components/controller.php:

public function init(){
        // register class paths for extension captcha extended
        Yii::$classMap = array_merge( Yii::$classMap, array(
            'CaptchaExtendedAction' => Yii::getPathOfAlias('ext.captchaExtended').DIRECTORY_SEPARATOR.'CaptchaExtendedAction.php',
            'CaptchaExtendedValidator' => Yii::getPathOfAlias('ext.captchaExtended').DIRECTORY_SEPARATOR.'CaptchaExtendedValidator.php'

3) Define action in controller, e.g. SiteController:

public function actions(){
        return array(
                // if needed, modify settings

4) Define client validation in model::rules():

public function rules(){
        return array(
            array('verifyCode', 'CaptchaExtendedValidator', 'allowEmpty'=>!CCaptcha::checkRequirements()),

5) If needed, collect localized strings via CLI command "yiic message messages/config.php" and translate captcha related strings.

6) If needed, you can tune captcha modes and visibility options:

  • In "words" mode, you can place your own file [words.txt] or [words.yourlanguage.txt]
  • If needed, you can ..
    • set the dots density [0-100]
    • the number of through lines 0, 1, 2, ..
    • the number of fillSections 0, 1, 2, ..
    • font and background colors

7) Test & enjoy!


Version 1.0.2 Sept 19, 2013

  • bugfix: skip captcha counter incrementation if clientajax validation is turned on. Otherwise captcha code would be silently invalidated after entering as many form fields as the number of allowed captcha attempts.

Version 1.0.1 July 01, 2012

  • fixed client-side validation that generated incorrect validation hash.
  • Fixed issue with UTF-8 accented lowercase characters and filtering whitespaces.

Version 1.0.0 August 29, 2011

  • Initial release

Total 20 comments

#19580 report it
lubosdz at 2015/09/16 11:09am
math test

@moginn Believe it or not, it has never been cracked, because crawler would need firstly to understand your localized formula, and that's almost impossible. It is an intention to make the result easy to calculate for all users.

To my experience, if you make something just a slightly more difficult (e.g. 43 + 19), the number of failed login attempts will grow up exponencially. I measured this phenomen on my site and was forced to greatly simplify expected input by users. Luckilly, my concerns about decreased security (as a consequence of such a simplification) did not confirm.

#18810 report it
oligalma at 2015/01/13 01:51am
math test

The math test seems very easy to crack, as there are only 10 possible answers: 10, 20, 30, 40, 50, 60, 70, 80, 90, 100.

To increase the strength of the test I changed CaptchaExtendedAction.php:

protected function getCodeMath(){
        $n1 = mt_rand(1,100);
        $n2 = mt_rand(1,10);
        if(mt_rand(1,100) > 50){
            $code = $n1.'-'.$n2.'=';
            $r = $n1-$n2;
            $code = $n1.'+'.$n2.'=';
            $r = $n1+$n2;
#18753 report it
oligalma at 2014/12/27 09:10pm
good job

the extension works very well. thanks

#18030 report it
lubosdz at 2014/08/28 04:18am
RE: Audio support

@Max100 Interesting challenge. I will think about it .. I found some free online text-to-speech services, so if I have time I may check it and add support, if it works.

#18028 report it
Max100 at 2014/08/28 03:10am
Audio support

Hi, is there a way to add to this amazing extension audio support for disabled person ?

#8826 report it
lubosdz at 2012/07/01 12:28pm
RE: Intergration with Yii-user module

@edeis: I am not sure what settings did you use in your user-module. However, I discovered a bug, that when enabled client validation, under certain circumstances was generated incorrect validation hash. I have fixed it will work also for your user-module now.

Regards, Lubos

#6842 report it
freedom55 at 2012/02/09 12:34am
Intergration with Yii-user module

I've got Captcha extended working on my forms on my site. However, I can for the life of me get it to work with Yii-User module. The model won't validate!

Has anyone done this succesfully?

#6358 report it
lubosdz at 2012/01/02 04:47pm
Switched to BSD license

OK, switched to BSD license.

#6356 report it
Backslider at 2012/01/02 03:15pm
BSD License please

Yii is licensed BSD - extensions should be the same!

#6031 report it
jackiesun at 2011/12/06 11:40pm
it is good,but if BSD ,that is cool

it is good,but if BSD ,that is cool. good job. thank you

#5946 report it
jellysandwich at 2011/11/28 02:22am
Ajax validation

For those of you who like to use ajax validation in your forms, you can add this at the top of this function:


// ensure that code isn't consumed by "enableAjaxValidation"
// "enableclientValidation" can still work, so use that instead
if (Yii::app()->request->isAjaxRequest)
    return true;
#5382 report it
Roman Solomatin at 2011/10/08 01:26pm

Thank you, looks good.

#5116 report it
lubosdz at 2011/09/15 08:39am
How to call it from view / layout file

@Ivashkin: You call it just like normal CCaptcha widget from any view/layout file:

<?php $this->widget('CCaptcha'); ?>

This will look for controller action "captcha" which is defined in array of actions. See step 3 above.

Cheers Lubos

#5113 report it
Ivashkin at 2011/09/15 05:38am

how to call in the source, show in example sorry for my bad english

#4954 report it
rohit at 2011/09/01 12:31am

1> GPL --
Open source any application which contains code licensed under GPL. It is a must.
2> LGPL --
You must open source the modifications done on the original library under GPL licence. But, author may add a clause to loosen restrictions on inclusion of his code for other closed source applications.
3> BSD --
Modify, distribute, hack, make it closed source, use it for proprietary application until you give original author his credits for his work.

Correct me if i'm wrong or not clear :)

#4946 report it
lubosdz at 2011/08/31 06:14am
Changed license to LGPL

Hi, licence changed to LGPL. Cheers. Lubos

#4945 report it
Joblo at 2011/08/31 05:49am
GPL problem

I'm not an expert in opensource licensing, but I will never use GPL licensed software in my projects.

The problem is, that you (maybe??) can be enforced to 'opensource' all your (own) code if you integrate GPL code and deploy your project.

You can find a lot of discussions about the viral effect of GPL. I don't know if it's really like a virus, but I avoid to integrate GPL code.

If you change the license to LGPL or other, I would use your nice extension :-)

#4942 report it
lubosdz at 2011/08/31 03:59am
why GPL license v3


actually I am always confused about licensing. There so many variants, but I do not know detailed differences. But I saw, that BSD license (pre-set, also Yii is distributed under BSD) requires to retain authoring info. I do not want that. Do whatever you want, put your own authoring credentials, modify, copy, distribute, whatever. So I opted for GPL version 3 since I guessed this is more like free license and the version 3 should be most modern and really cool, since it has been updated already 3 times:-)))

But seriously, it would be good to make up summary about the differences betweeen all open source licenses...

If there is better option than GPL v3 I still can change it.


#4938 report it
NCS_One at 2011/08/30 08:52pm


It looks very good. Thank you very much.

But why GPL license?

#4935 report it
yiqing95 at 2011/08/30 07:32pm
great works!

looks cool; like your extension , it looks more beautiful then the CCapthcha. actually i 'v thought to write my own one , yours look pretty enough .

Leave a comment

Please to leave your comment.

Create extension