kieranbarnes

I couldn’t find a very good CAPTCHA generation script in PHP, all the ones I looked at were ugly, over complicated or just rubbish! So I decided to write my own.

They may not be the most secure but at least they look decent!
I will progress this code over time to make the images and code more robush and secure. For now, it is just my ramblings scribbled down.

This article assumes a certain PHP 5 enviroment. The server I wrote this on has PHP 5 compiled with the following options

'./configure' '--with-apxs2=/usr/local/apache2/bin/apxs' '--with-mysql' '--with-ldap' '--with-zlib' '--with-gd' '--with-freetype-dir' '--with-png' '--with-jpeg-dir'

Also see my prevous post on Yellow Text if you run into FreeType/TTF problems.

Fist off download the following

• Base Image as a PSD or the individual PNGs
  
  
• 28 Days Later font from (DaFont)
• You will also need Text_Password from PEAR. It saves reinventing certain wheels.

Here’s the code;

Save this as captcha_image.php

<?
session_start();
require_once "Text/Password.php";
// load the base image
$base_image = imagecreatefrompng("badge4.png");
// if there's an error, stop processing the page:
if(!$base_image) {
// there should be some better error handling in here
// perhaps an image showing an error
exit();
}
// generate a random string for the text
$text = Text_Password::create(8, 'unpronounceable', 'alphanumeric');
$_SESSION['captcha_image'] = $text;
// set the TTF font
$font = ‘28 Days Later.ttf’;
// define the text colours
$shadow_colour = imagecolorallocate($base_image, 255, 255, 255);
$text_color = imagecolorallocate($base_image, 0, 0, 0);
// Add a shadow to the text
imagettftext($base_image, 24, 2, 30, 42, $shadow_colour, $font, $text);
// Add the text
imagettftext($base_image, 24, 2, 28, 40, $text_color, $font, $text);
// output the image
Header(’Content-type: image/png’);
imagepng($base_image);
// tidy up
imagedestroy($base_image);
?>

This creates the actual image as a PNG, which we call with captcha.php. The following code is in no way secure, it shouldn’t be used in a production enviroment until it has been customised into your own code. This file is just an example of how the logic works.


<?
session_start();
if ($_SERVER['REQUEST_METHOD'] == ‘GET’) {
// generate a dummy form
echo ‘<form method=”POST” name=”form1″>’;
echo ‘<img src=”captcha_image.php” /><br />’;
echo ‘<input type=”text” name=”captcha_image” />’;
echo ‘<input type=”submit” name=”submit” value=”submit” />’;
echo ‘</form>’;
}
elseif ($_SERVER['REQUEST_METHOD'] == ‘POST’) {
// we match on strtolower’ed strings as it will be much easier for the end user to complete
echo strtolower($_SESSION['captcha_image']) .’<br />’ . strtolower($_POST['captcha_image']) .’<br />’;
// this is the actual code to match the image to the user inputted string
// you should really add some user input clean up functions aswell, see my other posts
if (strtolower($_SESSION['captcha_image']) != strtolower($_POST['captcha_image'])) {
echo “CAPTCHA doesn’t match.”;
}
else {
echo ‘CAPTCHA matches’;
}
}
?>

Here’s some I made earlier.

Good luck!

Bookmark it del.icio.us | Reddit | Slashdot | Digg | Facebook | Technorati | Google | StumbleUpon | Window Live | Tailrank | Furl | Propeller | Yahoo

This entry was posted on Wednesday, July 18th, 2007 at 16:36 and is filed under PHP. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Was this post useful to you? Let me know, buy me a beer!
Alternatively, if you're feeling impecunious, you may like to subscribe to my RSS feed, or see other articles in the PHP category.