Cloudflare Turnstile for Prestashop

Turnstile is Cloudflare's smart CAPTCHA alternative. The module allows Turnstile to protect your Prestashop forms: contact, login, register, reset password and custom form.

Last updated: 2023-09-13

github View github project
Cloudflare Turnstile for Prestashop

Version

1.1.3

prestashop

>= 1.7.6.0

PHP

>= 7.2.0

Contributors

3

Installation

Download the pixel_cloudflare_turnstile.zip file from the last release assets.

Admin

Go to the admin module catalog section and click Upload a module. Select the downloaded zip file.

Manually

Move the downloaded file in the Prestashop modules directory and unzip the archive. Go to the admin module catalog section and search for "Cloudflare Turnstile".

Configuration

  • Sitekey: the sitekey given for the site in your Cloudflare dashboard
  • Secret key: the secret key given for the site in your Cloudflare dashboard
  • Theme: the Turnstile theme (auto, light or dark)
  • Forms to validate: the forms where a Turnstile validation is required

For the registration form, the widget is automatically added with a hook. For "contact", "login" and "reset password" forms, you need to manually add the widget in the template files, usually before the validation button.

Never select a form to validate without the widget in the form template.

Widget

{widget name='pixel_cloudflare_turnstile'}

Override the default configured theme by adding a theme option (auto, light or dark):

{widget name='pixel_cloudflare_turnstile' theme='dark'}

Override the default action name by adding an action option:

{widget name='pixel_cloudflare_turnstile' action='my-form'}

Forms

  • Contact : themes/{themeName}/modules/contactform/views/templates/widget/contactform.tpl
  • Login : themes/{themeName}/templates/customer/_partials/login-form.tpl
  • Reset password : themes/{themeName}/templates/customer/password-email.tpl

Protect a custom or third-party form

Add the Cloudflare Turnstile widget in the Smarty form template:

{widget name='pixel_cloudflare_turnstile' action='custom-form'}

In a module, add a new hook to call Turnstile validation on form post:

public function install(): bool
{
    return parent::install() &&
        $this->registerHook('actionFrontControllerInitBefore');
}

public function hookActionFrontControllerInitBefore(array $params): void
{
    $controllerClass = get_class($params['controller']);

    if ($controllerClass === 'MyFormController' && Tools::isSubmit('myForm')) {
        Pixel_cloudflare_turnstile::turnstileValidation();
    }
}

If the validation fails, the customer is redirected to the previous page with an error message.

Testing

Use the following sitekeys and secret keys for testing purposes:

Sitekey

Always passes:

1x00000000000000000000AA

Always blocks:

2x00000000000000000000AB

Forces an interactive challenge:

3x00000000000000000000FF

Secret key

Always passes:

1x0000000000000000000000000000000AA

Always fails:

2x0000000000000000000000000000000AA

Yields a "token already spent" error:

3x0000000000000000000000000000000AA

Changelog

1.1.3

  • Fixed widget not showing on third party form

1.1.2

1.1.1

  • Fix renew password form turnstile error

1.1.0

  • Prestashop 8.0.0 compatibility

1.0.3

  • Custom or third party form validation

1.0.2

  • Action option added

1.0.1

  • Display full error messages instead of error codes

  • PHPDoc updated

1.0.0

  • First stable release

Contributors