-
-
Notifications
You must be signed in to change notification settings - Fork 25
Attempts & Timeouts
To further combat bots, an attempt limiting feature that restricts continuous attempts is built into IconCaptcha. This also allows for timeouts to be given once the attempts limit is reached. You can configure this feature in the validation.attempts configuration.
You have the option to specify the maximum number of attempts a visitor can make to solve a captcha (refer to validation.attempts.amount). When a visitor reaches this limit, a timeout will be given. Each attempt to solve a challenge is recorded for a specified duration (refer to validation.attempts.valid). After this period, attempts expire and are no longer counted against the visitor's attempts limit. You can fine-tune the number of attempts allowed and the duration of each attempt to adjust the strictness of this feature for visitors.
The default amount of attempts a visitor gets is set to 3.
When the visitor exceeds the attempts threshold, a new challenge won't be generated for them for the configured duration in seconds. Instead, a warning will be displayed. After the timeout period expires, the widget will automatically refresh, allowing the visitor to request a new challenge.
The default timeout for visitors is set to 60 seconds.
The attempts and timeouts are stored in the configured storage device. When using the provided session storage driver, the attempts are remembered only for the duration of the server session. However, when using any of the provided database drivers, the attempts are remembered across all sessions as these are stored based on IP address. In case of the database drivers, the attempts and timeouts are stored in the iconcaptcha_attempts table by default. The name of this table can be changed with the validation.attempts.storage.options.table option.
If you wish to create your own driver to handle attempts and timeouts, ensure that your custom class extend the Attempts class and implements all required functions.
The constructor of your custom class must accept the storage device, an array of options and the IP address of the visitor:
public function __construct(StorageInterface $storage, array $options, string $ipAddress)Important
When developing a custom driver for this feature, it's important to ensure that your driver correctly accepts and uses the appropriate storage device. If you are using the session storage driver, your constructor should accept SessionStorage instead of StorageInterface. When using a database driver, this should be PDOStorageInterface instead.
To enable your custom driver, update the validation.attempts.storage.driver configuration option to use your class.
'storage' => [
'driver' => \Path\To\YourAttemptsProcessor::class,
// ...
],IconCaptcha 4
- Getting Started
- Implementation
- Configuration
- Storage
- Session
- Challenge Generator
- Validation
- Hooks & Events
- Token
- Themes
- Localization
IconCaptcha 3 (outdated)