go top

Captcha image verification

A good way to avoid automatic form submissions when creating a web form is to add some kind of verification. One of the best ways is to use an image verification, called also captcha. What it does is to dynamically create an image with a random string displayed on it. Then visitor is asked to type that string in a text field and once the form is submitted it checks if the string on the image matches the one inputted by the user. Because there is no easy way to read a text from an image (image recognition) this is a good way to protect your web forms from spammers.
For doing this CAPTCHA I would suggest using a session variable where you store the string generated and displayed on that dynamically generated image.

<?php 
session_start();
$text = rand(10000,99999);
$_SESSION["vercode"] = $text;
$height = 25;
$width = 65;

$image_p = imagecreate($width, $height);
$black = imagecolorallocate($image_p, 0, 0, 0);
$white = imagecolorallocate($image_p, 255, 255, 255);
$font_size = 14;

imagestring($image_p, $font_size, 5, 5, $text, $white);
imagejpeg($image_p, null, 80);
?>


Save this code in a file called captcha.php. What this script does is to generate a random number from 10000 to 99999 and then assign it to $_SESSION['vercode']. Then it generates a 25x65 pixels image with black background and white text using size 14. So if you upload that captcha.php file on your web site and open http://www.site.com/captcha.php you will see an image displaying random integer. You will receive a new random integer every time you refresh that page.

Next we need to create our web form.

<form action="submit.php" method="post"> 
Comment: <textarea name="coment"></textarea><br>
Enter Code <img src="captcha.php"><input type="text" name="vercode" /><br>
<input type="submit" name="Submit" value="Submit" />
</form>


Above code will create a form with a single textarea box, randomly generated image using the captcha.php script and a text field where you will have to enter the verification code.

All we have to do now is to make the submit.php script which will check if the verification code you enter matches the one that has been randomly generated.

<?php 
session_start();
if ($_POST["vercode"] != $_SESSION["vercode"] OR $_SESSION["vercode"]=='') {
echo '<strong>Incorrect verification code.</strong><br>';
} else {
// add form data processing code here
echo '<strong>Verification successful.</strong><br>';
};
?>
  • Free Scripts

    Add great new functionalities to your website with our Free Scripts collection.

    Free scripts
  • PHP Scripts

    Check our extensive collection of top-notch PHP Scripts that will enhance your website!

    Commercial PHP scripts

238 Comments to "Captcha image verification"

  • Mat&#299;ss

    Mat&#299;ss

    November 8, 2007 at 13:07 pm

    I have installed this code on my page , and everything is just ok, but i cannot see any image? nor in form i put it, nor when i open captcha.php file..

    any ideas why? if there`s no GD library, it show an error? Cannot see any info about GD lib in phpinfo(); :/

    but code looks great. thx

  • Doug

    Doug

    November 2, 2007 at 23:39 pm

    great code, noticed question about switching numbers to letters, what would an array look like to do this and how would you call them at random?
    ---------------------
    Veselin: it should be something like this

    $template = "abcdefghijklmnopqrstuvwxyz";
    $rndstring = "";
    for ($a = 0; $a <= 5; $a++) {
        $b = rand(0, strlen($template) - 1);
        $rndstring .= $template[$b];
    }

  • IAN

    IAN

    October 26, 2007 at 10:00 am

    I USE FORMMAIL.CGI TO PROCESS MY FORM (ACCOMMODATION, MORE FIELDS). HOW CAN I INCLUDE YOUR VERIFICATION IN FORM. THANKS
    --------------
    Veselin: you need to use PHP script to send the emails

  • Ron

    Ron

    October 26, 2007 at 04:56 am

    If I enter a wrong validation number it still allows the form to be sent. What Have I done wrong?
    ------------------
    Veselin: hard to guess what could be wrong, but maybe your server does not support SESSIONs or you just made a mistake applying the code on your form :)

  • jay

    jay

    October 19, 2007 at 23:11 pm

    still doesn't execute the SQL

  • jay

    jay

    October 19, 2007 at 16:11 pm

    i have the captcha image verification working, and i have a redirect once it gets to the submit.php. however, i have a SQL insert statement in between the verification and the redirect, but it's not executing the insert statement. any ideas?
    -----------------
    Veselin: remove the redirect and see if it will execute the SQL

  • John

    John

    October 5, 2007 at 05:20 am

    Nice script, learnt a lot from this example. Thank you for sharing your good work.

  • HS

    HS

    September 24, 2007 at 14:08 pm

    Steven, the image will appear correctly also in Firefox when you include it in the html image tag. I had the same issue with Opera.

  • John

    John

    September 21, 2007 at 22:33 pm

    Very nice script, Planning to use it soon. Thank you.

  • Stephen Whitehead

    Stephen Whitehead

    September 14, 2007 at 01:19 am

    I've uploaded the captcha.php file to my server but when viewing in the firefox browser the image isn't displayed, just a series of random symbols, letters and numbers - the image displays fine in IE though. the version of firefox is v2.0.06. Any suggestions on what the issue is?

Add your comment

Captcha