Skip to content

christefano/KanboardALTCHA

Repository files navigation

ALTCHA for Kanboard

Integrates ALTCHA proof-of-work antispam into the Kanboard login form.

Requirements

  • Kanboard >= 1.2.0
  • PHP >= 8.1

Installation

  1. Copy this directory into Kanboard's plugins/ directory and name it KanboardALTCHA.
  2. Add your ALTCHA credentials to Kanboard's config.php (see below).
  3. The plugin activates automatically on next page load — no Kanboard settings toggle is required.

Configuration

Add the following to your Kanboard config.php:

define('ALTCHA_SECRET', 'your_altcha_secret_key_here');
define('ALTCHA_PUBLIC_KEY', 'your_altcha_public_key_here');

Obtain both keys from altcha.org after creating an account.

Keep ALTCHA_SECRET out of version control. The public key is safe to expose.

Security features

  • Proof-of-work challenge: ALTCHA requires the browser to solve a computational puzzle before the login form can be submitted, which blocks automated credential-stuffing without user friction.
  • IP-based rate limiting: failed attempts are tracked per client IP, not per session. In other words, attackers cannot reset the counter by clearing cookies.
  • Fail-closed verification: network errors or malformed API responses are treated as failed challenges, not bypasses.
  • Session fixation protection: session_regenerate_id(true) is called on every successful login.
  • No user data sent to ALTCHA: only the challenge token is verified. In other words, usernames and passwords never leave your server.

About

Integrates ALTCHA proof-of-work antispam into the Kanboard login form.

Topics

Resources

License

Stars

2 stars

Watchers

1 watching

Forks

Packages

 
 
 

Contributors

Languages