PostCaptcha – The simplest way to make it

A big problem today is spam.
The best way to combat spam is Captcha. Captcha makes the difference between a computer and a human being. Computers cannot read the text in a picture and this is why we’ll use a photo too.


Let’s start by creating the file captcha.php. This file will create a photo with a text written on it.

header('Content-type: image/jpeg'); // A jpeg image will be outputted
$width = 60; // Width of the picture
$height = 24; // Height of the picture
$my_image = imagecreatetruecolor($width, $height); // Create truecolor image
imagefill($my_image, 0, 0, 0xFFFFFF); // White background

Until now we managed to create an image that has a white background, 60 pixels wide and 24 pixels high.
Let’s add some distorsions:

for ($c = 0; $c < 40; $c++){
$x = rand(0,$width-1);
$y = rand(0,$height-1);
imagesetpixel($my_image, $x, $y, 0x000000);

We inserted 40 black pixels into the image. These pixels will have different coordonates every time a picture is loaded.

Let’s write the text on the picture:

$x = rand(1,10); // X coordonate of the upper left corner.
$y = rand(1,10); // Y coordonate of the upper left corner.
$rand_string = rand(10000,99999); // Obtain a number between 10000 and 99999
imagestring($my_image, 5, $x, $y, $rand_string, 0x000000); // Write the number obtained earlier on the picture

Let’s save the string written on the image in a cookie. We will read this cookie once a form is submitted to compare data.

setcookie("cookie-captcha", (md5($rand_string)), time()+3600, "/");
imagejpeg($my_image); // Create the jpeg picture
imagedestroy($my_image); // Delete the jpeg picture

In this example the cookie’s name is cookie-captcha, it’s content will be the md5 coded value of the random string obtained earlier (the number written in the image), it will be valid for an hour on all your domain.

The picture is deleted (imagedestroy) to save space on the server.

The complete captcha.php file will be:

header('Content-type: image/jpeg');
$width = 60;
$height = 24;
$my_image = imagecreatetruecolor($width, $height);
imagefill($my_image, 0, 0, 0xFFFFFF);
for ($c = 0; $c < 40; $c++){
$x = rand(0,$width-1);
$y = rand(0,$height-1);
imagesetpixel($my_image, $x, $y, 0x000000);
$x = rand(1,10);
$y = rand(1,10);
$rand_string = rand(10000,99999);
imagestring($my_image, 5, $x, $y, $rand_string, 0x000000);
setcookie("cookie-captcha", (md5($rand_string)), time()+3600, "/");

Now that the image is created and the value is saved in the cookie it’s time to validate the data users enter.
The picture created by the file captcha.php will be inserted in the html code like any other image:

Verification image

Let’s not forget about the input:

Define the variables:

$verification_number = $_REQUEST['verification_number'];
$correct_text = $_COOKIE['cookie-captcha']);

Don’t forget that the string from the image is md5 cripted into the cookie.
Now we compare the text entered by your visitor with the text set in the cookie:

if(md5($verification_number) != $_COOKIE['cookie-captcha']){
echo ‘The text entered does not match the text in the image’;
echo ‘The text entered matches the text in the image.’;

Of course that instead of the echo ‘The text entered matches the text in the image.’ you’ll insert a mysql_query or what you need your script to do.

You can also view a demo of this small script here.

That’s it ! Fully functional captcha in just 17 lines of code.

Stay Connected

Subscribe to RSS Feed

Subscribe to RSS Feed

Follow me on Twitter

Follow me on Twitter

Subscribe via e-mail

Subscribe via e-mail

Comments 4 Responses to “Captcha – The simplest way to make it”

  1. hmmm i’m gonna try this..

  2. Good tutorial, but should only be used to learn from in my opinion as it is easily cracked by a bot.

  3. Decent tutorial, but like Slinky said it could be pretty easily cracked. I’d recommend ReCaptcha. It’s very secure, and of course, free.

  4. Actually you can do something that bots won’t crack.
    You can append some strings to the key written in the cookie.


    setcookie(“cookie-captcha”, (md5($rand_string).’random_string_here’), time()+3600, “/”);

    if(md5($verification_number).’random_string_here’ != $_COOKIE[‘cookie-captcha’]) { … }