Captcha Adapters
Quantum exposes the same captcha() API for both built-in providers. Choose the adapter based on the provider you want to embed in your forms.
Choosing an adapter
- Use
recaptchawhen your project is configured for Google reCAPTCHA. - Use
hcaptchawhen your project is configured for hCaptcha.
$captcha = captcha('recaptcha');
If you omit the adapter name, Quantum resolves captcha.default.
Shared config contract
Each adapter expects a config block under config/captcha.php:
return [
'default' => 'recaptcha',
'recaptcha' => [
'type' => 'visible',
'secret_key' => '...',
'site_key' => '...',
],
'hcaptcha' => [
'type' => 'visible',
'secret_key' => '...',
'site_key' => '...',
],
];
Required keys per adapter:
secret_keysite_key
Optional key:
type-visibleorinvisible
reCAPTCHA adapter
Use recaptcha for Google's widget and verification endpoint.
Runtime behavior
- renders markup with the
g-recaptchaclass - loads
https://www.google.com/recaptcha/api.js - verifies responses through Google's
siteverifyendpoint - expects the request field name
g-recaptcha-response
hCaptcha adapter
Use hcaptcha for hCaptcha's widget and verification endpoint.
Runtime behavior
- renders markup with the
h-captchaclass - loads
https://hcaptcha.com/1/api.js?onload=onLoadCallback&recaptchacompat=off - verifies responses through hCaptcha's
siteverifyendpoint - expects the request field name
h-captcha-response
Shared adapter behavior
Both adapters share these rules:
- they support
visibleandinvisiblemodes only addToForm()returns HTML or inline script, it does not write directly to the responseverify()performs a GET request withsecret,response, andremoteipgetErrorMessage()returns the first stored error code, ornullwhen no error has been recorded
Caveats
- adapter construction assumes the configured keys exist; missing config values surface as runtime failures from PHP or later verification failures
- invisible mode wires the provider class onto
button[type=submit]inside the target form, so custom JavaScript-only submit flows need to account for that - the package does not normalize provider-specific error codes into friendlier messages