Yii Framework – reCAPTCHA with Active Form

CAPTCHA example
CAPTCHA example

CAPTCHAs on the Internet are as prevalent as they are annoying.  Unfortunately, these squiggly words are sometimes the best protection from automated attacks.  In our applications, we try to reduce use of CAPTCHAs, but when we do have to use them, we utilize the reCAPTCHA service from Google.  The nice thing about this service is that it is used to verify text from old publications, allowing for better scans of these publications and digitizing them for the common good.

Readers of our blog know that we love the Yii Framework, and luckily, an extension for this framework allows for very easy reCAPTCHA verification.  Here are the steps:

1. Download the reCAPTCHA extension for Yii.

2. Export the ZIP file contents into your protected/extensions folder.  After you do that, you will have a recaptcha folder in your extensions folder that contains the EReCaptcha.php and EReCaptchaValidator.php files.  There is also a subdirectory that contains the reCAPTCHA PHP library.

3. Visit Google’s reCAPTCHA site to receive your public and private key. At this point, you may want to get 2 keys – one for development purposes, and one for production purposes. We apply for a production key that can only be used on a specific domain, and a global key that can be used during development on any developer’s workstation. If this is the case, see our next post that will detail how to utilize different configuration files depending on the environment the script is currently running in.

4. Add your public and private key to your configuration file in the ‘params’ section:

'recaptcha' => array(
     'publicKey' => 'INSERT_YOUR_PUBLIC_KEY_HERE',
     'privateKey' => 'INSERT_YOUR_PRIVATE_KEY_HERE',

5. If you want to add the reCAPTCHA to an ActiveForm, add this to your view:

echo $form->labelEx($model, 'validation');
   array('model'=>$account, 'attribute'=>'validation',
         'theme'=>'red', 'language'=>'en_US',
echo $form->error($model, 'validation');

6. In your model, add a line to your ‘rules’. ‘resetPasswordWithCaptcha’ will be used below as the scenario, so keep track of what you name it!

    'privateKey'=> Yii::app()->params['recaptcha']['privateKey'],
    'on' => 'resetPasswordWithCaptcha'

7. In your controller, add a unique scenario to your model.  For example:

$model = new User;
$model->scenario = "resetPasswordWithCaptcha";

8. Now, validate and save if necessary.

if ($model->validate()) {
    // Put false in this save action so we don't validate again - or the CAPTCHA
    //  will be invalid!
    if ($model->save(false)) {

We hope this helps someone use the reCAPTCHA extension with the Yii Framework! Not only are you protecting your site from automated attacks, you are also helping digitize the written word!

Share this page:
  • Facebook
  • Twitter
  • Reddit
  • Google Bookmarks
  • email
  • Print
  • RSS
  • Digg
  • StumbleUpon
  • del.icio.us
  • Slashdot
  • Technorati
  • Tumblr

Steven Michaels

Steven Michaels specializes in PHP web applications utilizing MediaWiki, WordPress, Yii Framework and others. He is an open source contributor and leads development for both of Hollow Developers' internal projects, HollowGame and SpeechEase.

Facebook comments:

Leave a Reply