Welcome 👋

We have tried our best to make this as painless as possible to use. In the future, we plan on adding an account system with site keys. This will allow us to present stats to you, and give you some idea on how useful we are. If you have any suggestions on how we can improve this service, or would like to donate examples in other languages, shoot us a message.

Setup

Link our CSS file.

<link rel="stylesheet" href="https://clickpass.net/assets/captcha.css">

Include our script.

<script src="https://clickpass.net/v2/divine.js"></script>

Spawn the widget.

<div id="clickpass"><div class="clickpass-loader"></div></div>

Usage

Send a POST request with argument ticket, containing the users submitted ticket to our Validation API: https://clickpass.net/api/punch.php.

Server response example.

{"status":"success","message":"User is human.","ip_crc32":"38cf1154","ua_crc32":"1d782f0b"}

ip_crc32 is the user's IP address hashed with CRC32. ua_crc32 is the user's user agent hashed with CRC32.

Example

Client

<!DOCTYPE html>
<html>
  <head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>CAPTCHA Example</title>
    <link rel="stylesheet" href="https://clickpass.net/assets/captcha.css">
  </head>
  <body>
    <form action="example.php" method="post">

      <div id="clickpass"><div class="clickpass-loader"></div></div>

      <br>
      <button type="submit" class="button">Verify</button>
    </form>
    </div>
    </section>
    <script src="https://clickpass.net/v2/divine.js"></script>
  </body>
</html>

Server (PHP)

function validate_clickpass_ticket($ticket)
{
  $ch = curl_init();
  curl_setopt($ch, CURLOPT_URL, "https://clickpass.net/api/punch.php");
  curl_setopt($ch, CURLOPT_POST, true);
  curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query(["ticket" => $ticket ]));
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  $response = curl_exec($ch);
  curl_close($ch);

  return $response;
}

if(isset($_POST['clickpass-ticket']))
{
  $ip_hash = hash('crc32b', $_SERVER['HTTP_CF_CONNECTING_IP']);
  $ua_hash = hash('crc32b', $_SERVER['HTTP_USER_AGENT']);

  $response = validate_clickpass_ticket($_POST['clickpass-ticket']);
  $result = json_decode($response, true);

  if($result['status'] == "failed")
  {
    // expired, bot, or just did not do the CAPTCHA
  }
  else if($ip_hash != $result['ip_crc32'] || $ua_hash != $result['ua_crc32'])
  {
    // forged request, do not allow
  }
  else if($result['status'] == "success")
  {
    // completely fine
  }
  else
  {
    // our server might be having issues
  }
}

Please note that PHP does not come with curl installed by default.