PHP Captcha Code Example

In this article I'll try to explain how to create a captcha image and how to use it.

First you need to ensure PHP5's GD is installed. In ubuntu the command is:

sudo apt-get install php5-gd

or other systems yum install php5-gd (I wont include a WIN32 install, but google should provide something<?php # # File name: image.php # Author: Kingsley # Date: 06/06/2008 # Time: 5:57 AM # header("Content-Type: image/png"); session_start(); $width = 150; $height = 40; $stringlen = 5; $stringsize = intval($height/2); $randomsize = intval($stringsize * rand(90,110) * .01); $im = imagecreate($width, $height); $chunksize = $width / $stringlen; $xmax = intval($chunksize + $chunksize); $xmin = intval($chunksize); $ymax = intval($height); $ymin = intval($randomsize); $randx = rand($xmin, $xmax); $randy = rand($ymin, $ymax); $white = imagecolorallocate($im, 255, 255, 255); $black = imagecolorallocate($im, 0, 0, 0); srand((double)microtime()*1000000); $string = md5(rand(0,9999)); $new_string = substr($string, rand(0, 32 - $stringlen), $stringlen); $_SESSION['captcha'] = $new_string; imagefill($im, 0, 0, $black); for ($i = 0; $i < $width * $height / 10; $i++) { imagesetpixel($im, rand(0, $width), rand(0, $height), $white); } for($i = 0; $i <= 5; $i++) { if($i == 0) { $x = $i + 5 + rand(10,20); } elseif($i == 1){ $x = 25 + rand(10, 20); } elseif($i == 2){ $x = 45 + rand(10, 20); } elseif($i == 3){ $x = 75 + rand(10,20); } elseif($i == 4){ $x = 90 + rand(20,30); } elseif($i == 5){ $x = 130 + rand(20,30); } imagestring($im, $randomsize, $x, rand(3, 25), substr($new_string, $i, 1), $white); } imagejpeg($im); imagedestroy($im); ?>

First of all, we need to set the header, tell the browser we're showing a PNG image. (Even though we will display it with imagejpeg())

Start a session, and set the width and height, You can adjust the height and width if you wish.

$im is the image that we're creating and we'll be reffering to this alot throughout the script.

Gotta set the white and black colours. [Note: I didnt use other colours, because after talking with Carb0n when i first created the script, he noted that a 'bot' can easily convert it to black and white]

Then we create the session string called captcha and give it whatever is in $new_string. Fill the background with black (or you can replace it with $white)

Then we insert a whole range of random white pixels. (i tested this, any more and the letters are unreadable, but experiment, you might like it)

The next for loop inserts the letters at random points along the image itself.

the imagejpeg outputs the image to your browser. Now onto the usage!

<img src="includes/image.php" id="image" />
This code inserts the image into the HTML itself, and outputs to the browser (so long as thefile is located at includes/image.php)

Practical use?
HTML Form:

<form action="your_login_script.php" method="post" name="register"> <table cellpadding="4"> <tr> <td>Username: </td> <td><input type="text" name="Username" /></td> </tr> <tr> <td>Password: </td> <td><input type="password" name="Pass1" /></td> </tr> <tr> <td colspan="2" align="right"><a href="javascript:void();" onclick="reloadImage()"><img width="16" height="16" src="img/refresh.gif" alt="Refresh image" /></a> <img src="includes/image.php" id="image" /></td> </tr> <tr> <td>Please type what you see above: </td> <td><input type="text" name="Captcha" /></td> </tr> <tr> <td><input type="submit" name="Submit" value="Login" /></td> </tr> </table> </form>

Javascript: [Note, this is to change the value within the captcha image]

function reloadImage() { img = document.getElementById('image'); img.src = 'includes/image.php?' + Math.random(); }

Again, please check that includes/image.php IS the location of your image.

PHP: [your_login_page.php]

<?php session_start(); //Gotta start the session ;) //Get information from login $captcha = $_POST["Captcha"]; $password = $_POST["Pass1"]; $username = addslashes($_POST["Username"]); //More stuff if needed. if($_SESSION["captcha"] == $_POST["Captcha"]) { //allow the registration to continue } else { //The captcha was wrong! } ?>

Note, i did Omit what wasn't needed. Hopefully you can see what's going on. Please contact me at kingsley-muir@hotmail.com if you need any help with it :)

You must be logged in to add comments.

Comments

Author Info	Comment
Specific Posted about 1 year ago.	Very good tutorial on how to create and use a captcha, very detailed. I think it's good practice to tell the browser not to cache the captcha image. I do this by modifying the header: header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); header("Cache-Control: no-store, no-cache, must-revalidate"); header("Cache-Control: post-check=0, pre-check=0", false); header("Pragma: no-cache"); This little php snippet tells the browser that the content has expired by giving it a date from the past, and not to store in the browser's cache.
Jordan Posted about 1 year ago.	Thanks for the comment Specific. Nice comment to, not caching the image could go well.

Author Info

Comment

Specific
Posted about 1 year ago.
User Avatar

Very good tutorial on how to create and use a captcha, very detailed.

I think it's good practice to tell the browser not to cache the captcha image. I do this by modifying the header:
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); header("Cache-Control: no-store, no-cache, must-revalidate"); header("Cache-Control: post-check=0, pre-check=0", false); header("Pragma: no-cache");

This little php snippet tells the browser that the content has expired by giving it a date from the past, and not to store in the browser's cache.

Jordan
Posted about 1 year ago.
User Avatar

Thanks for the comment Specific.

Nice comment to, not caching the image could go well.