« File uploading with PHPPut watermark on images using PHP »

Captcha image verification Posted in PHP Tutorials | 232 Comments
A good way to avoid automatic form submissions when creating a web form is to add some kind of verification. One of the best ways is to use an image verification, called also captcha. What it does is to dynamically create an image with a random string displayed on it. Then visitor is asked to type that string in a text field and once the form is submitted it checks if the string on the image matches the one inputted by the user. Because there is no easy way to read a text from an image (image recognition) this is a good way to protect your web forms from spammers.
For doing this CAPTCHA I would suggest using a session variable where you store the string generated and displayed on that dynamically generated image.

<?php 
session_start();
$text = rand(10000,99999);
$_SESSION["vercode"] = $text;
$height = 25;
$width = 65;

$image_p = imagecreate($width, $height);
$black = imagecolorallocate($image_p, 0, 0, 0);
$white = imagecolorallocate($image_p, 255, 255, 255);
$font_size = 14;

imagestring($image_p, $font_size, 5, 5, $text, $white);
imagejpeg($image_p, null, 80);
?>


Save this code in a file called captcha.php. What this script does is to generate a random number from 10000 to 99999 and then assign it to $_SESSION['vercode']. Then it generates a 25x65 pixels image with black background and white text using size 14. So if you upload that captcha.php file on your web site and open http://www.site.com/captcha.php you will see an image displaying random integer. You will receive a new random integer every time you refresh that page.

Next we need to create our web form.

<form action="submit.php" method="post"> 
Comment: <textarea name="coment"></textarea><br>
Enter Code <img src="captcha.php"><input type="text" name="vercode" /><br>
<input type="submit" name="Submit" value="Submit" />
</form>


Above code will create a form with a single textarea box, randomly generated image using the captcha.php script and a text field where you will have to enter the verification code.

All we have to do now is to make the submit.php script which will check if the verification code you enter matches the one that has been randomly generated.

<?php 
session_start();
if ($_POST["vercode"] != $_SESSION["vercode"] OR $_SESSION["vercode"]=='') {
echo '<strong>Incorrect verification code.</strong><br>';
} else {
// add form data processing code here
echo '<strong>Verification successful.</strong><br>';
};
?>

Do you know PHP / HTML / CSS / JS well?

Write tutorial on a topic you are good in and become a trusted PHP jabber! Share your experience with millions of other webmasters visiting our website. Contact us for more information how to become a contributor.

232 Replies to "Captcha image verification"

Shive Prakash Dhaker December 6, 2008 at 7:40 am | Reply

0

Thanks a lot.It's so simple and nice Script.
developer December 1, 2008 at 12:35 pm | Reply

0

Incorrect verification code.this message coming always my page while populating..what is this how to resolve this?
------------
Veselin: most probably your server does not support SESSION variables. Also make sure your browser supports cookies.
Newer November 19, 2008 at 1:34 pm | Reply

0

Hi , what about if i open this script in twwo browsers , and first i try ti enter code in first then in second ? I suppose that script will reset image and it write error as code do not conside ,while second browser everything will be ok , is such captcha good ?
Man0r November 16, 2008 at 4:15 pm | Reply

0

Thank you!! Its work PERFECT :))))

<3
Man0r :)
awais November 15, 2008 at 10:47 am | Reply

0

Hello Awais here.
i used this code in my login page but the doesn't appear on the login page.what should i do now?
--------------
Veselin: most probably you did not put the code on the right place
Manor November 14, 2008 at 8:52 pm | Reply

0

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/man0r/domains/israel-fm.co.il/public_html/tests/mailto.php:2)
Any ideas on how to fix it?
-----------
Veselin: please make sure you put session_start() at the very top of your file
vaibhav November 13, 2008 at 8:53 am | Reply

0

This is one of the best code u have write for the captcha image validation..
Thank fot that
do u have code for captcha image with numbers and alphabates.
------------
Veselin: you should replace
$text = rand(10000,99999);
with
$text = strtoupper(substr(str_shuffle('0123456789abcdefghjkmnpqrstuvwxyz'), 0, 4));
Gabe September 13, 2008 at 6:36 am | Reply

0

I can't get this code to bounce an invalid number. It will tell me that the number is wrong, but the form will still submit.
----------
Veselin: the code that processes the form data should be within the IF statement where echo '<strong>Incorrect verification code.</strong><br>'; is.
Rich August 22, 2008 at 8:07 pm | Reply

0

All is well but the actual form submission. Here is what I have for submit.php. I suspect it is wrong. What to do?

<?
session_start();
if ($_POST["vercode"] != $_SESSION["vercode"] OR $_SESSION["vercode"]=='') {
echo '<strong>Incorrect verification code.</strong><br>';
} else {
// add form data processing code here
'<form ACTION="http://www.my_domain_name.com/cgi-bin/formmail.pl" METHOD="POST">'
;
};
?>

----------
Veselin: you need to put PHP code which takes the form data and process it (save it to file or database, email, etc..)
Ghapios August 21, 2008 at 5:23 pm | Reply

0

Good script, I integrated this into my site in an contact form, but it doesn't block who insert the wrong image code!
I'm wondering if this string should have more code:

if ($_POST["vercode"] != $_SESSION["vercode"] OR $_SESSION["vercode"]=='')  {
echo '<strong>Incorrect verification code.</strong><br>


This also say that the image code is wrong but don't block the post.
------------
Veselin: try to print these two variables _POST["vercode"] and $_SESSION["vercode"] and see what values they have when you submit the form.


Please be polite and helpful and do not spam or offend others. We promise you will be treated the same way.

Log in your free account or if you still haven't joined you can create your free account now.

Posting tip:
if you use code in your comments please put it in these tags [php], [sql], [css], [js]
PHP code example: [php] echo date("Y-m-d"); [/php]

Thank you,
~ PHPJabbers team ~