Download the PHP package yiirocks/recaptcha without Composer
On this page you can find all versions of the php package yiirocks/recaptcha. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Informations about the package recaptcha
Yii3 reCAPTCHA
Google reCAPTCHA v2 and v3 field + server-side validator for Yii3.
Requirements
- PHP 8.3+
- PSR-18 HTTP client
- PSR-17 request + stream factories
Installation
A PSR-18 client and PSR-17 factories are required. If your application already has them configured (e.g. via Guzzle, Symfony HTTP Client, or any other implementation), no further setup is needed.
If not, install any compatible library, for example:
Configuration
Set your site keys and secrets either via environment variables or directly in
your application's config/params.php:
Environment variables (recommended)
If the env vars are not set the values fall back to empty strings — override
them in your config/params.php as needed (the config-plugin merges them).
All parameters
| Parameter | Default | Description |
|---|---|---|
siteKeyV2 |
'' (or $_ENV) |
reCAPTCHA v2 site key |
secretV2 |
'' (or $_ENV) |
reCAPTCHA v2 secret |
siteKeyV3 |
'' (or $_ENV) |
reCAPTCHA v3 site key |
secretV3 |
'' (or $_ENV) |
reCAPTCHA v3 secret |
verifyUrl |
https://www.google.com/recaptcha/api/siteverify |
Google verification endpoint |
sendRemoteIp |
false |
Send the user's IP to Google for abuse analysis |
translation.category |
recaptcha |
Translation category used by message sources |
Tip: Once your site keys are set, fields will pull them from the registry automatically — no need to call
withSiteKey()in your view code.
DI Configuration
The config-plugin (config-plugin in composer.json) wires everything
automatically:
RecaptchaClientreceivesRecaptchaConfigplus PSR services from the containerRecaptchaV2RuleHandlerandRecaptchaV3RuleHandlerare wired with optional client, request provider, and translator- The translation category source is registered with the
translation.categorySourcetag - The bootstrap callback populates
RecaptchaRegistrywith the client, request provider, and translator. This means fields and handlers work out of the box — no explicitwithSiteKey()needed.
Usage
All fields are rendered with a form model via the ::field() static method —
the standard Yii3 form field pattern. Validation errors are shown automatically.
reCAPTCHA v2
Available options:
| Method | Default | Description |
|---|---|---|
withSiteKey(string) |
from config | Google reCAPTCHA v2 site key |
withId(string) |
'g-recaptcha-{uniqid}' |
Widget element ID |
withTheme(RecaptchaV2Theme) |
Light |
Light or Dark |
withType(RecaptchaV2Type) |
Image |
Image or Audio |
withSize(RecaptchaV2Size) |
Normal |
Normal, Compact, or Invisible |
withJsApiUrl(string) |
Google CDN | Custom JS API URL |
withCallback(string) |
— | JavaScript callback on success |
withExpiredCallback(string) |
— | JavaScript callback on expiry |
withErrorCallback(string) |
— | JavaScript callback on error |
reCAPTCHA v3
The reCAPTCHA token is fetched on form submit (not on page load), preventing unexpected challenge popups:
Available options:
| Method | Default | Description |
|---|---|---|
withSiteKey(string) |
from config | Google reCAPTCHA v3 site key |
withAction(string) |
'' |
Action name sent to Google (must match the rule's action if set) |
withFormId(string) |
— | Explicit form ID (auto-resolved via closest("form") if omitted) |
withBadge(RecaptchaV3Badge) |
BottomRight |
BottomRight, BottomLeft, or Hidden |
withJsApiUrl(string) |
Google CDN | Custom JS API URL |
withTranslator(?TranslatorInterface) |
from registry | Translator for the hidden badge legal notice |
withExecuteTimeout(?int) |
15000 (ms) |
Fallback form submission timeout (null = disabled) |
Inherited from InputField:
->name(string)— override the hidden input name (default: auto-derived from form model asFormName[attribute])->inputId(?string)— override the hidden input ID (default: auto-generated unique ID)
Container (inherited from BaseField):
->containerTag(string)— wrapper tag (default:div)->containerClass(string ...)— wrapper CSS class(es) (default:mb-3)->useContainer(bool)— enable/disable wrapper (default:true)->containerAttributes(array)— set all wrapper attributes->addContainerAttributes(array)— merge additional wrapper attributes
Hidden badge: When
Badge::Hiddenis selected, the legal notice text ("This site is protected by reCAPTCHA…") is displayed automatically and translated when a translator is available (either viawithTranslator()or throughRecaptchaRegistry).
Server-side validation
v2
v3
Important: If you set
->withAction('...')on the field, you must also setaction: '...'on the rule with the same value. Otherwise Google will return a different action and validation will fail with "The CAPTCHA action does not match." If neither is set, no action is sent and the check is skipped entirely.
| v3 rule parameter | Default | Description |
|---|---|---|
threshold |
0.5 |
Minimum score (0.0 – 1.0) |
action |
null |
Expected action name (skipped if null) |
message |
'The CAPTCHA verification failed.' |
Error message (translatable) |
scoreTooLowMessage |
'The CAPTCHA score is too low.' |
Error when score is below threshold |
actionMismatchMessage |
'The CAPTCHA action does not match.' |
Error when action doesn't match |
secret |
null |
Custom secret (uses config default if null) |
sendRemoteIp |
false |
Whether to include the user's IP in verification |
License
MIT. See LICENSE.md.
All versions of recaptcha with dependencies
psr/http-client Version ^1.0
psr/http-factory Version ^1.0
psr/http-message Version ^1.0 || ^2.0
yiisoft/form-model Version ^1.1
yiisoft/html Version ^3.13 || ^4.0
yiisoft/request-provider Version ^1.3
yiisoft/translator Version ^3.0
yiisoft/validator Version ^2.5
yiisoft/widget Version ^2.2