kieranbarnes Independent PHP, WordPress & CubeCart Programmer

CAPTCHA Image Generation

I couldn't find a very good CAPTCHA generation script in PHP, all the ones I looked at were ugly, over complicated or just rubbish! So I decided to write my own.

They may not be the most secure but at least they look decent!
I will progress this code over time to make the images and code more robush and secure. For now, it is just my ramblings scribbled down.

This article assumes a certain PHP 5 enviroment. The server I wrote this on has PHP 5 compiled with the following options

'./configure' '--with-apxs2=/usr/local/apache2/bin/apxs' '--with-mysql' '--with-ldap' '--with-zlib' '--with-gd' '--with-freetype-dir' '--with-png' '--with-jpeg-dir'

Also see my prevous post on Yellow Text if you run into FreeType/TTF problems.

Fist off download the following

• Base Image as a PSD or the individual PNGs
  
  
• 28 Days Later font from (DaFont)
• You will also need Text_Password from PEAR. It saves reinventing certain wheels.

Here's the code;

Save this as captcha_image.php

<?
session_start();
require_once "Text/Password.php";
// load the base image
$base_image = imagecreatefrompng("badge4.png");
// if there's an error, stop processing the page:
if(!$base_image) {
// there should be some better error handling in here
// perhaps an image showing an error
exit();
}
// generate a random string for the text
$text = Text_Password::create(8, 'unpronounceable', 'alphanumeric');
$_SESSION['captcha_image'] = $text;
// set the TTF font
$font = '28 Days Later.ttf';
// define the text colours
$shadow_colour = imagecolorallocate($base_image, 255, 255, 255);
$text_color = imagecolorallocate($base_image, 0, 0, 0);
// Add a shadow to the text
imagettftext($base_image, 24, 2, 30, 42, $shadow_colour, $font, $text);
// Add the text
imagettftext($base_image, 24, 2, 28, 40, $text_color, $font, $text);
// output the image
Header('Content-type: image/png');
imagepng($base_image);
// tidy up
imagedestroy($base_image);
?>

This creates the actual image as a PNG, which we call with captcha.php. The following code is in no way secure, it shouldn't be used in a production enviroment until it has been customised into your own code. This file is just an example of how the logic works.


<?
session_start();
if ($_SERVER['REQUEST_METHOD'] == 'GET') {
// generate a dummy form
echo '<form method="POST" name="form1">';
echo '<img src="captcha_image.php" /><br />';
echo '<input type="text" name="captcha_image" />';
echo '<input type="submit" name="submit" value="submit" />';
echo '</form>';
}
elseif ($_SERVER['REQUEST_METHOD'] == 'POST') {
// we match on strtolower'ed strings as it will be much easier for the end user to complete
echo strtolower($_SESSION['captcha_image']) .'<br />' . strtolower($_POST['captcha_image']) .'<br />';
// this is the actual code to match the image to the user inputted string
// you should really add some user input clean up functions aswell, see my other posts
if (strtolower($_SESSION['captcha_image']) != strtolower($_POST['captcha_image'])) {
echo "CAPTCHA doesn't match.";
}
else {
echo 'CAPTCHA matches';
}
}
?>

Here's some I made earlier.

Good luck!

Related posts

1. KB_CAPTCHA – CAPTCHA Image Generation in PHP
   Introduction KB_Captcha is a simple PHP script to generate reasonably safe CAPTCHA image to secure...
2. CAPTCHA Image Generation Part 2
   A quick morning hack - I added some random lines to try and confuse the...
3. iCalendar Generation
   One of my clients requested that the CRM applicationI wrote should interact with Outlook Calender....
4. PEAR – Text_Spell_Audio Package
   I've just noticed a new(-ish) package on PEAR, called Text_Spell_Audio. It generates sound clips speaking...
5. Chicks dig blokes with groovy login screens
   Or how to customise your WordPress login page. There are three main features you may...