This article is mostly based on my post on my business website Zipline Interactive, PHP Captcha Image Verification. For a demo refer to this link or contact me.
This CAPTCHA is a PHP script that protects websites against spam bots by dynamically generating a random string of text that humans can read but current computer programs cannot. For example, humans can read the randomized text as the one shown below, but automatic spam systems ca not read the random image text.
This CAPTCHA uses PHP, Sessions and PHP’s GD Library with PNG support.
The term CAPTCHA (for Completely Automated Turing Test To Tell Computers and Humans Apart) was coined in 2000 by Luis von Ahn, Manuel Blum, Nicholas Hopper and John Langford of Carnegie Mellon University.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 | < ?php // Captcha Image Verification by Sheldon Lendrum of Zipline Interactive // http://www.gozipline.com // http://www.gozipline.com/52,phpcaptchaimageverification // info@gozipline.com // 07/08/2008 // captch.php // DECLARE SESSION @session_start(); // LENGTH OF CAPTCHA STRING $length=5; // FONT SIZE 1 (SMALLEST) - 5 (LARGEST) $font = 5; // POSSIBLE CHARACTERS IN CAPTCHA STRING $possible = "23456789bcdfghjkmnpqrstvwxyz"; // PATH TO PNG BACKGROUND IMAGE $captcha = imagecreatefrompng("./captcha.png"); $i = 0; $g = 60; $hash = ""; // CYCLE THROUGH LETTERS TO MAKE STRING while ($i < $length) { // GET RANDOM COLOURS, 0-255 // IN THIS EXAMPLE I HAVE SELECTED DARK COLOURS ONLY SO THE // S ARE READABLE ON THE LIGHT BACKGROUND $c1 = rand(0, 155); $c2 = rand(0, 155); $c3 = rand(0, 155); $colour = imagecolorallocate($captcha, $c1, $c2, $c3); // CHOOSE RANDOM CHARACTER $string = substr($possible, mt_rand(0, strlen($possible)-1), 1); // BUILD STRING TO SEND TO PROCESSING $hash .= $string; // WRITE STRING TO IMAGE imagestring($captcha, $font, $g, 20, $string, $colour); $i++; $g = ($g + 20); // CLEAR LETTERS TO STOP DUPLICATES unset($string); } // SET ENCRYPTED CAPTCHA STRING TO A SESSION STRING $_SESSION['spammer'] = md5($hash); // OUTPUT CAPTCHA IMAGE header("Content-type: image/png"); imagepng($captcha); ?> |
To show your new Captcha Image in your form, simply call the ‘captcha.php’ file in your image tag as follow:
1 | <img src="captcha.php" alt="Captch Image Verification" /> |
When you process your form, you need to compare the $_POST captcha data with your Session string:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 | < ?php // Captcha Image Verification by Sheldon Lendrum Zipline Interactive // http://www.gozipline.com // http://www.gozipline.com/52,phpcaptchaimageverification // info@gozipline.com // 07/08/2008 // process.php // DECLARE SESSION @session_start(); // $_POST['spammer'] IS THE NAME OF THE IMAGE VERIFICATION FIELD IN THE FORM. // MAKE SURE BOTH THE FORM SPAMMER FIELD AND THE SESSION STRING ARE NOT EMPTY if(empty($_POST['spammer']) or empty($_SESSION['spammer'])){ // THE POST STRING OR THE SESSION STRING WAS EMPTY die("<p class=\"error\">The Captcha Image Verification was empty! "); }else{ // BOTH POST STRING AND SESSION STRING HAVE A VALUE. // MD5 POST STRING $postSpammer = md5($_POST['SPAMMER']); $sessionSpammer = $_SESSION['SPAMMER']; // COMPARE STRINGS if($postSpammer !== $sessionSpammer){ // THE POST STRING FROM THE FORM DID NOT MATCH THE SESSION STRING // RESET THE SESSION $_SESSION['spammer'] = NULL; die("<p class=\"error\">The Captcha Image Verification did not match. This is Case Sensitive!</p> "); }else{ // BOTH STRINGS MATCHED // RESET THE SESSION $_SESSION['spammer'] = NULL; // CAPTCHA IMAGE VERIFICATION PASSED, CONTINUE PROCESSING THE FORM... // ... } } ?> |
Here is a PNG background image you can use.
