« File uploading with PHPPut watermark on images using PHP »

Captcha image verification Posted in PHP Tutorials | 238 Comments
A good way to avoid automatic form submissions when creating a web form is to add some kind of verification. One of the best ways is to use an image verification, called also captcha. What it does is to dynamically create an image with a random string displayed on it. Then visitor is asked to type that string in a text field and once the form is submitted it checks if the string on the image matches the one inputted by the user. Because there is no easy way to read a text from an image (image recognition) this is a good way to protect your web forms from spammers.
For doing this CAPTCHA I would suggest using a session variable where you store the string generated and displayed on that dynamically generated image.

$text = rand(10000,99999);
$_SESSION["vercode"] = $text;
$height = 25;
$width = 65;

$image_p = imagecreate($width, $height);
$black = imagecolorallocate($image_p, 0, 0, 0);
$white = imagecolorallocate($image_p, 255, 255, 255);
$font_size = 14;

imagestring($image_p, $font_size, 5, 5, $text, $white);
imagejpeg($image_p, null, 80);

Save this code in a file called captcha.php. What this script does is to generate a random number from 10000 to 99999 and then assign it to $_SESSION['vercode']. Then it generates a 25x65 pixels image with black background and white text using size 14. So if you upload that captcha.php file on your web site and open http://www.site.com/captcha.php you will see an image displaying random integer. You will receive a new random integer every time you refresh that page.

Next we need to create our web form.

<form action="submit.php" method="post"> 
Comment: <textarea name="coment"></textarea><br>
Enter Code <img src="captcha.php"><input type="text" name="vercode" /><br>
<input type="submit" name="Submit" value="Submit" />

Above code will create a form with a single textarea box, randomly generated image using the captcha.php script and a text field where you will have to enter the verification code.

All we have to do now is to make the submit.php script which will check if the verification code you enter matches the one that has been randomly generated.

if ($_POST["vercode"] != $_SESSION["vercode"] OR $_SESSION["vercode"]=='') {
echo '<strong>Incorrect verification code.</strong><br>';
} else {
// add form data processing code here
echo '<strong>Verification successful.</strong><br>';

Do you know PHP / HTML / CSS / JS well?

Write tutorial on a topic you are good in and become a trusted PHP jabber! Share your experience with millions of other webmasters visiting our website. Contact us for more information how to become a contributor.

238 Replies to "Captcha image verification"

tomasz December 25, 2007 at 10:36 pm | Reply



can you help me, code works, but when i refresh the posted form it doesnt say that the code is wrong, it continues, you can refresh as much as you want ...

Is there any way to fix it, when you post it, the code changes, and when you want to refresh the page, you have to reenter the code

lian December 24, 2007 at 7:57 am | Reply


i will explain myself better....
i have put that code in my website. it works well, but i would like it to act like your form in which the submit does not open a new window if the verification code is mistyped. and just add a line says type again, and it should change a picture as well...
what have i done wrong ?
thank you.
Martellito December 19, 2007 at 11:25 pm | Reply


Thanks! It took a bit of fiddling around but it works now. The reason I printed the session variable on the screen was to make sure that the image\'s number matched the session variable in memory. In the web page, of course I won\'t print it, as it defeats the purpose of it. Thanks again, you\'ve been extremely helpful!

Rodrigo Martell December 19, 2007 at 9:58 am | Reply


Great script! I have a tiny problem, howver, making it work. I created a test php file and called it testimage.php, the code is:
<br /><?<br />
error_reporting(E_ALL ^ E_NOTICE);
<input name="create_image" type="text" value=""><br />
<img src="captcha.php">
echo("THis is the code: ".$_SESSION['vercode']);

I notice that upon initial loading of testimage.php, the session variable isn't set so nothing is displayed in the echo statement in line 3 of captcha.php. If you refresh the page, a code is displayed in the echo statement, but it doesn't match the one on the image. I realized that the session variable is set and sent after the echo statement is executed in captcha.php line 3 so when testimage.php reads it in it's always lagged (displays the previous code before refresh). Can you please give me a pointer on how to fix this? I'm kind of pulling my hair out.</p>
Great script! I have a tiny problem, howver, making it work. I created a test php file and called it testimage.php, the code is:

Veselin: what you can do is to set the session variable in your testimage.php and then the captcha.php to use that variable. But I do not see a reason why you want to print the value of session variable on your web page
Theo December 14, 2007 at 5:19 pm | Reply


Great script guys! Simple and effective! Is there any way though, to change the image background to something more complex? -just to give a harder time to OCR\'s... or you think it\'s not necessary?
Veselin: you can just use a font with more difficult to read characters
shaid December 11, 2007 at 8:50 am | Reply


thanks for the script
but i m facing problem with some unrecognized text likeand then the form...
can u please tell me why this is happening...
Thanks you
Jeremy November 28, 2007 at 1:51 am | Reply


I have added the script to my page, but when I enter the generated number and press submit, I get an \\\"incorrect verification code error\\\" I\\\'ve tried several times thinking I may have mistyped, but this is not the case. Any help would be much appreciated.
Matīss November 8, 2007 at 1:07 pm | Reply


I have installed this code on my page , and everything is just ok, but i cannot see any image? nor in form i put it, nor when i open captcha.php file..

any ideas why? if there`s no GD library, it show an error? Cannot see any info about GD lib in phpinfo(); :/

but code looks great. thx
Doug November 2, 2007 at 11:39 pm | Reply


great code, noticed question about switching numbers to letters, what would an array look like to do this and how would you call them at random?
Veselin: it should be something like this

$template = "abcdefghijklmnopqrstuvwxyz";
$rndstring = "";
for ($a = 0; $a <= 5; $a++) {
    $b = rand(0, strlen($template) - 1);
    $rndstring .= $template[$b];
IAN October 26, 2007 at 10:00 am | Reply


Veselin: you need to use PHP script to send the emails

Please be polite and helpful and do not spam or offend others. We promise you will be treated the same way.

Log in your free account or if you still haven't joined you can create your free account now.

Posting tip:
if you use code in your comments please put it in these tags [php], [sql], [css], [js]
PHP code example: [php] echo date("Y-m-d"); [/php]

Thank you,
~ PHPJabbers team ~