go top

Captcha image verification

A good way to avoid automatic form submissions when creating a web form is to add some kind of verification. One of the best ways is to use an image verification, called also captcha. What it does is to dynamically create an image with a random string displayed on it. Then visitor is asked to type that string in a text field and once the form is submitted it checks if the string on the image matches the one inputted by the user. Because there is no easy way to read a text from an image (image recognition) this is a good way to protect your web forms from spammers.
For doing this CAPTCHA I would suggest using a session variable where you store the string generated and displayed on that dynamically generated image.

$text = rand(10000,99999);
$_SESSION["vercode"] = $text;
$height = 25;
$width = 65;

$image_p = imagecreate($width, $height);
$black = imagecolorallocate($image_p, 0, 0, 0);
$white = imagecolorallocate($image_p, 255, 255, 255);
$font_size = 14;

imagestring($image_p, $font_size, 5, 5, $text, $white);
imagejpeg($image_p, null, 80);

Save this code in a file called captcha.php. What this script does is to generate a random number from 10000 to 99999 and then assign it to $_SESSION['vercode']. Then it generates a 25x65 pixels image with black background and white text using size 14. So if you upload that captcha.php file on your web site and open http://www.site.com/captcha.php you will see an image displaying random integer. You will receive a new random integer every time you refresh that page.

Next we need to create our web form.

<form action="submit.php" method="post"> 
Comment: <textarea name="coment"></textarea><br>
Enter Code <img src="captcha.php"><input type="text" name="vercode" /><br>
<input type="submit" name="Submit" value="Submit" />

Above code will create a form with a single textarea box, randomly generated image using the captcha.php script and a text field where you will have to enter the verification code.

All we have to do now is to make the submit.php script which will check if the verification code you enter matches the one that has been randomly generated.

if ($_POST["vercode"] != $_SESSION["vercode"] OR $_SESSION["vercode"]=='') {
echo '<strong>Incorrect verification code.</strong><br>';
} else {
// add form data processing code here
echo '<strong>Verification successful.</strong><br>';

242 Comments to "Captcha image verification"

  • Gabe


    September 13, 2008 at 06:36 am

    I can't get this code to bounce an invalid number. It will tell me that the number is wrong, but the form will still submit.
    Veselin: the code that processes the form data should be within the IF statement where echo '<strong>Incorrect verification code.</strong><br>'; is.

  • Rich


    August 22, 2008 at 20:07 pm

    All is well but the actual form submission. Here is what I have for submit.php. I suspect it is wrong. What to do?

    if ($_POST["vercode"] != $_SESSION["vercode"] OR $_SESSION["vercode"]=='') {
    echo '<strong>Incorrect verification code.</strong><br>';
    } else {
    // add form data processing code here
    '<form ACTION="http://www.my_domain_name.com/cgi-bin/formmail.pl" METHOD="POST">'

    Veselin: you need to put PHP code which takes the form data and process it (save it to file or database, email, etc..)

  • Ghapios


    August 21, 2008 at 17:23 pm

    Good script, I integrated this into my site in an contact form, but it doesn't block who insert the wrong image code!
    I'm wondering if this string should have more code:

    if ($_POST["vercode"] != $_SESSION["vercode"] OR $_SESSION["vercode"]=='')  {
    echo '<strong>Incorrect verification code.</strong><br>

    This also say that the image code is wrong but don't block the post.
    Veselin: try to print these two variables _POST["vercode"] and $_SESSION["vercode"] and see what values they have when you submit the form.

  • Akshath


    July 25, 2008 at 06:26 am

    Works perfect !! Thank you very much.

  • pong


    July 14, 2008 at 18:57 pm

    Hiya, I'm also getting weird text each time I load the captcha script (the php file) by itself. I'm also wondering if the integer type $text is typecasted into a string when it is used as a parameter in imagestring();.

  • Daniel Bithell

    Daniel Bithell

    July 10, 2008 at 21:22 pm

    Fatal error: Call to undefined function imagecreate() in /home/******/public_html/captcha.php on line 9

    Any ideas on how to fix?
    Veselin: this means that PHP version on your server does not support the image functions used to create the image

  • Hanshi


    June 26, 2008 at 00:18 am

    When i test out the captcha.php file i get a page full of wierd weddings characters...but it does change everytime i refresh. Can someone help me out? thanks!
    Veselin: please send URL to your web page

  • shubhangi


    June 20, 2008 at 14:37 pm

    how to upload file on web site

  • Al Teal

    Al Teal

    June 19, 2008 at 16:07 pm

    Getting this error:

    Fatal error: Call to undefined function imagecreate() in /var/www/pmiapp/captcha.php on line 9
    Veselin: this means that your PHP version does not support the GD functions used to generate image

  • Florian


    June 18, 2008 at 16:01 pm

    i am using it for guestbook entries. It creates image, if not entering the number the message "Incorrect verification code" is shown, but adds entry anyway? Any ideas?
    Veselin: most probably the insert guestbook entry is not in the right place. It should be where you have this

    // add form data processing code here
    echo '<strong>Verification successful.</strong><br>';

Add your comment

    • Free Scripts

      Add great new functionalities to your website with our Free Scripts collection.

      Free scripts
    • PHP Scripts

      Check our extensive collection of top-notch PHP Scripts that will enhance your website!

      Commercial PHP scripts