/ best free open source web resources /

Graphic Resources

A Draggable jQuery Captcha System with jQuery UI

Posted · Category: Forms, MIT License

QapTcha is a draggable jQuery captcha system with jQuery UI. QapTcha is an easy-to-use and intuitive captcha system. Users do not need to type letters or digits from a distorted image that appears on the screen. Instead, they simply need to drag an element of the form in order to unlock it.


Requirements: jQuery Framework
Demo: http://www.myjqueryplugins.com/QapTcha/demo
License: MIT License

  • In the description, the authors say there is a hidden field with a random password that gets emptied once the drop is executed by a human being. a script can set the value to ” too, or even better, the bots do not bother with the form, they will just do a POST to the action value of the form with the hidden field name set to empty string.

    I quite don’t get it how does this plugin protects me.

  • that’s probably the coolest captcha system ever… kinda frustrating I never even thought about coding something like that. great post!

  • I’m with jgabios – this isn’t a captcha system. Simply submitting the form without the captcha field will have the same effect as dragging the slider then submitting. The plugin author seems confused as to the purpose of a captcha.

    For folks looking at this, please do some homework before deploying this to your sites!

    From the author: “By using this method, i never received a spam, maybe because bots never visits my forms o_O” That about sums it up…

  • One final thought/caution: The entire purpose of a captcha is to tell the difference between humans and computers. If your captcha depends on javascript, it is axiomatically incapable of doing that – all a bot writer has to do is to change your javascript to jump to the end, unlocked state without whatever checks you put in place. This is trivial to do, as the javascript program is delivered to him/her for analysis. You can’t trust the javascript execution on an untrusted machine!

    This is why no captcha is done client-side. Use reCaptcha, and don’t mess with building your own – they’re very, very, very difficult to do right.

  • Hacked with this code. (evaluate in address bar) tested with firefox.

    javascript:function g() { document.getElementsByName(‘iQapTcha’)[0].value = ”; TxtStatus = $(‘#TxtStatus’); TxtStatus.css({color:’#307F1F’}).text(‘Hacked!’); Icons.css(‘background-position’, ‘-16px 0’); form.find(‘input[type=\’submit\’]’).removeAttr(‘disabled’); } g();

  • Or even easier:
    javascript:function g() { document.getElementsByName(“iQapTcha”)[0].value = “”; } g();

  • Nick

    The most idiotic “captcha” EVER!!! It is supposed to prevent bots from doing something not just disturb the user. What a bot will do is just submit your form. And if the “captcha” field is created by a javascript it will not even be on the page. Even if you put it, a quick fix to clear the field is way too easy to do.

    This article should be published in a hall of shame as to “how NOT to do captcha”

  • Khaled

    I think that this hole can be fixed easy by keeping the captcha image system and use the slide bar only as an input tool ,to enter the captcha numbers. In this case, only numbers are acceptable.

  • Maiki

    Hi all.

    The QapTcha v2.0 is now available on the homepage plugin.

    The secure is increase by a session variable set in Ajax in an external PHP file.


  • Mosselman

    I am with all the above posters except for the possitive ones.

    Also it is kind off sad for the site admin to post this without his own words of caution.

  • The Session workaround can be bypassed by using this javascript in the address bar:

    javascript:function g() { $.post(‘plugins/qaptcha/demo/php/Qaptcha.jquery.php’,{action : ‘qaptcha’}); document.getElementsByName(‘iQapTcha’)[0].value = ”; } g();

  • The overall result might be buggy and is probably far from being ready for a live environment, but still I think the idea is great and with a little tuning, this might very well become a practical and safe captcha.

  • Abba Bryant

    Yeah, it might someday be useful – when he stops depending on javascript and allows the entire thing to be done server side. Using JS for the interface is fine if the js simply makes it easier to enter the information required.

  • ziggy

    It makes no sense to drag a slider TOWARDS a lock icon to unlock something.

    A javascript hack to defeat this is not relevant at all unless this is wildly successful and bots incorporate that.

Supported By


Web Browsers Icon Set
Food Icon Set
Flat Icon Set

Flat Icon Set

100 icons