go top

Captcha image verification

A good way to avoid automatic form submissions when creating a web form is to add some kind of verification. One of the best ways is to use an image verification, called also captcha. What it does is to dynamically create an image with a random string displayed on it. Then visitor is asked to type that string in a text field and once the form is submitted it checks if the string on the image matches the one inputted by the user. Because there is no easy way to read a text from an image (image recognition) this is a good way to protect your web forms from spammers.
For doing this CAPTCHA I would suggest using a session variable where you store the string generated and displayed on that dynamically generated image.

<?php 
session_start();
$text = rand(10000,99999);
$_SESSION["vercode"] = $text;
$height = 25;
$width = 65;

$image_p = imagecreate($width, $height);
$black = imagecolorallocate($image_p, 0, 0, 0);
$white = imagecolorallocate($image_p, 255, 255, 255);
$font_size = 14;

imagestring($image_p, $font_size, 5, 5, $text, $white);
imagejpeg($image_p, null, 80);
?>


Save this code in a file called captcha.php. What this script does is to generate a random number from 10000 to 99999 and then assign it to $_SESSION['vercode']. Then it generates a 25x65 pixels image with black background and white text using size 14. So if you upload that captcha.php file on your web site and open http://www.site.com/captcha.php you will see an image displaying random integer. You will receive a new random integer every time you refresh that page.

Next we need to create our web form.

<form action="submit.php" method="post"> 
Comment: <textarea name="coment"></textarea><br>
Enter Code <img src="captcha.php"><input type="text" name="vercode" /><br>
<input type="submit" name="Submit" value="Submit" />
</form>


Above code will create a form with a single textarea box, randomly generated image using the captcha.php script and a text field where you will have to enter the verification code.

All we have to do now is to make the submit.php script which will check if the verification code you enter matches the one that has been randomly generated.

<?php 
session_start();
if ($_POST["vercode"] != $_SESSION["vercode"] OR $_SESSION["vercode"]=='') {
echo '<strong>Incorrect verification code.</strong><br>';
} else {
// add form data processing code here
echo '<strong>Verification successful.</strong><br>';
};
?>
  • Free Scripts

    Add great new functionalities to your website with our Free Scripts collection.

    Free scripts
  • PHP Scripts

    Check our extensive collection of top-notch PHP Scripts that will enhance your website!

    Commercial PHP scripts

244 Comments to "Captcha image verification"

  • Chafucosoft

    Chafucosoft

    February 22, 2008 at 13:52 pm

    great just what i was looking for !!! :D

  • igor

    igor

    February 20, 2008 at 00:34 am


    otherwise it still works, but it gives me that message...

  • igor

    igor

    February 20, 2008 at 00:33 am

    this is the error message that i'm getting for this line:

    session_start();

    Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /web/sites/grinder/cornetta.com/captest/feedout.php:2) in /web/sites/grinder/cornetta.com/captest/feedout.php on line 3

  • Severo

    Severo

    February 4, 2008 at 07:49 am

    Try to make it larger and easier to read, and shorter.

  • li

    li

    January 15, 2008 at 11:31 am

    hey,
    i think that code is really simple and very good,
    i have implemented it on my site and it works.
    the only thing i would like to do to reach perfection
    is to be able to get the "incorrect security code" on the same page
    of the form. like in your page .
    it just add a red line above the text box.

    please tell us how to do it.

  • satheesh

    satheesh

    January 7, 2008 at 18:09 pm

    great coding... its working in form .
    thanks a lot

  • Javier

    Javier

    December 28, 2007 at 21:00 pm

    have problem with:

    if ($HTTP_POST_VARS["vercode"] != $_SESSION["vercode"] OR $_SESSION["vercode"]=='')  {
    echo '<strong>Codigo Incorrecto de Verificación.</strong><br>';
    echo $HTTP_POST_VARS["vercode"];
    echo $_SESSION["vercode"];

    do captcha.php but verificacion in the same form, when echoing the vars the seccond 1 was empty

    How can I pull that var to the main registro.php

  • isak

    isak

    December 27, 2007 at 20:39 pm

    I added the captcha to an existing form. Verification works fine. If the verification is successful, I am redirecting the form to myMail.php program as follows:

    <?
    session_start();
    if ($_POST["vercode"] != $_SESSION["vercode"] OR $_SESSION["vercode"]=='') {
       echo '<strong>Incorrect verification code.</strong>';
    } else {
       header("Location: http://www.whatever.net/cgi-bin/myMail.php");
    };
    ?>

    I keep getting an error message that a required field on the form has not been completed. But it has been completed. If I remove the link to submit.php and link directly to myMail.php verification of the required field works.
    Help?
    ----------------------
    Veselin: using header redirect to your mail script you do not pass the variables submitted to your form. And myMail.php does not receive the data from the form and this is way tells you that a field is required. What I would suggest is that you copy the code from myMail.php script in your submit.php file so it is the one that processes form data.
    ----------------------
    Isak: Many thanks. I think that did it. Now on to tweaking.

  • tomasz

    tomasz

    December 25, 2007 at 23:33 pm

    hmm.. it works on my other page, when refreshing i have to reenter the code,

    but on the other one it works without reentering... can you help me on this?

  • tomasz

    tomasz

    December 25, 2007 at 22:36 pm

    Hi,

    can you help me, code works, but when i refresh the posted form it doesnt say that the code is wrong, it continues, you can refresh as much as you want ...

    Is there any way to fix it, when you post it, the code changes, and when you want to refresh the page, you have to reenter the code

    Thanks

Add your comment

Captcha