Extension

Developer
Supported

Snaptcha

ExpressionEngine 2, ExpressionEngine 3, ExpressionEngine 4, ExpressionEngine 5, ExpressionEngine 6

Back to this add-on's main page
View Other Add-ons From PutYourLightsOn

     

You must be logged in to post.

Snaptcha on Demand rather than Automatic?

Support (Resolved)

mindnutrition
mindnutrition

Hiya,

When enabled, Snaptcha is automatically applied to all forms on the front-end, but this is a problem because most of the forms we are using do not require any spam protection, and going through an updating the many forms we use with on the front-end (many of which are submitted via ajax) would be a seemingly time-consuming process.

Is there any way for Snaptcha to not add itself to forms by default, but only when the code is added to a certain form instead?

Thanks!

PutYourLightsOn
# 1
Developer
PutYourLightsOn

This is intentional, as it allows spam protection to be enabled universally in one go. If validation could be disabled simply by excluding the code from the form then it would be trivial for spammers to get around it, making it rather ineffective.

mindnutrition
# 2
mindnutrition

I understand that this is intentional, but the default Captcha functions the way described - once it is enabled, then captcha is manually added to forms that need captcha protection, rather than automatically.

We can also add Snaptcha to forms manually, which I don’t understand the point of it is it automatically added to all forms. Wouldn’t spammers be able to remove the code in these instances, where a third-party module doesn’t have native Snaptcha support, and it is manually implemented?

Is there anyway to override the automatic addition of the code, so it can be manually coded into the forms that need it? If not, can we pay for support to implement this? Failing that, I am not sure that it is feasible to integrate it into all of our ajax forms without a lot of trial and error, because we have a whole front-end that relies on dozens of forms that don’t need this security.

Edit:
Another thought, could a feature be added where the module can be disabled for logged in users, like the original catpcha allows? That would also solve the problem.

PutYourLightsOn
# 3
Developer
PutYourLightsOn

We can also add Snaptcha to forms manually, which I don’t understand the point of it is it automatically added to all forms.

The idea behind automatically adding the Snaptcha field to forms is that it requires minimal setup in 95% of cases. Just install the add-on and all your forms are automatically protected. There are some forms which the Snaptcha field is not added to, either because the hooks are missing or the add-on is not supported, which is why it is possible to add the field manually as well.

Wouldn’t spammers be able to remove the code in these instances, where a third-party module doesn’t have native Snaptcha support, and it is manually implemented?

No, Snaptcha validates all forms once the add-on is enabled, regardless of whether the field is submitted or not.

Is there anyway to override the automatic addition of the code, so it can be manually coded into the forms that need it? If not, can we pay for support to implement this? Failing that, I am not sure that it is feasible to integrate it into all of our ajax forms without a lot of trial and error, because we have a whole front-end that relies on dozens of forms that don’t need this security.

There is not. I’m not sure why you would want some front-end forms to be unprotected, but Snaptcha doesn’t allow picking and choosing which forms to protect and which not.

mindnutrition
# 4
mindnutrition

It’s not that the front-end forms don’t need to be protected, but there is no need for a captcha if these forms are only accessible to logged in users. It can certainly be there, but it breaks functionality of the forms. Snaptcha works fantastically in every other aspect, so I thought there might be a solution.

No problem, thanks for taking the time to respond.

PutYourLightsOn
# 5
Developer
PutYourLightsOn

For AJAX forms, you must ensure that the Snaptcha field and its corresponding value is submitted and then everything should continue to work as expected.