PHP logo

A Simple PHP CAPTCHA Script

This is one of the easiest CAPTCHA scripts you will ever use. While it doesn’t obscure the text, it will serve its purpose well for many people who need a low-level CAPTCHA solution. This script requires little-to-no setup. The only dependency is the PHP GD library.

Example CAPTCHA image:

Captcha example

It can be as simple as this to use, but it is also configurable:

$_SESSION['captcha'] = captcha();
echo '<img src="' . $_SESSION['captcha']['image_src'] . '" alt="CAPTCHA" />';


  • Use one or more PNG backgrounds
  • Use one or more TTF or OTF fonts
  • Set minimum/maximum code lengths (or optionally set the code itself)
  • Configure which characters to use
  • Set minimum/maximum font size
  • Adjustable angle, font color, and shadow
  • Includes the free font “Times New Yorker” (for demo purposes) and a sample background image (default.png)

Demo & Download

This project is actively maintained on GitHub.  Please submit all issues and contributions to the project page.  Licensed under both the MIT and the GNU GPL licenses.

Demo Page | Download the latest version from GitHub

About the author

Cory LaViska is a founder, web developer, and bootstrapper based in Orlando, Florida. His current focus is on Surreal CMS, an awesome SaaS content management service for web designers. Need to get in touch? You can connect with him on Twitter.


  1. Phil says:

    Thanks for this, it’s the easiest to understand one that I’ve found. Integrated perfectly.

  2. Phil says:

    I thought I had this sorted but I don’t understand how to check the captcha code entered before I create a new captcha session on page reload… Not quite getting this server side stuff. Thanks for any help you can offer.

  3. Cory LaViska says:

    Phil, follow the example in the demo and check the value of $_SESSION['captcha']['code'] when your form posts. Make sure you include session_start() on both pages.

  4. RockNRaj says:

    Back for more!

    I am working with this captcha script, and I would like to make a “Redraw Captcha” link. I’ve made a hash link with the following click event:

    onclick="document.getElementById('captcha').src = ''; return false" 

    It seems to be loading in the same captcha, or not doing anything. I suspect the former is probably the accurate description. I would like to know if there is a way to clear the current captcha’s code and create a new one in a manner similar to what I have described here, where there is not a whole new page load. And yes, I have most definitely checked and double-checked that the image tag has the matching ID of “captcha” as listed in the above JavaScript!

  5. Cory LaViska says:

    RockNRaj, you need to use an AJAX request to call the captcha() function again. Have it return the value of $_SESSION[‘captcha’][‘image_src’] and then use that value for the image’s src attribute.

  6. sipher says:

    What a great script. Simple to setup. Thanks for creating this. You can see a live demo on the site.

  7. al says:

    When the user hits back in their browser the Captcha image fails to load. Can I force it to load when the user goes back?

  8. Robert Dohrenburg says:

    Thanks for the script, I’ve implemented it in all my forms.

    I was using perl module authen::captcha with my hostmonster account but after they upgraded to centos6.x it stopped working. After desperately looking for a replacement I found your web site.

    I only added some input validation to make sure nothing bad happens and voila the perfect solution. THANKS!

  9. Nicolas says:

    When i submit the form i lost the session code value, it is empty. And it is strange because it only happens on the server, i mean, if i test it on my local server works ok.

    Any idea ?

  10. John says:

    when the wepage loads for the first time no captcha image shows up, just an image placeholder. If you hit refresh then the proper image shows up. I cannot find anything in the code that will fix this problem. Any thoughts?

  11. RoyC says:

    I really appreciate the script. It works just as advertised! However, I to (like RockNRaj) am interested in “refreshing” the CAPTCHA image in case the visitor cannot read it. A page refresh losses his information. I have tried several different code variations to regenerate the image, but always either get the same code and image or else nothing is returned. Can’t anyone provide sample code? Thanks in advance…

    • Cory LaViska says:

      It’s probably best to do it with an AJAX request. Ping your AJAX file and have it send back the URL of the updated CAPTCHA image. Append t=[timestamp] to it to prevent caching issues. Also make sure you’re using session_start() in your AJAX script so the new value is retained.

  12. Jesse Nicola says:

    There’s a minor issue going on here that’s so simple I bet you overlooked it:

    The sample code includes “captcha.php” which isn’t actually in your commited code, although “simple-php-captcha.php” is and is what should be included to function.

    A minor difference, but it results in some confusion. I know enough to figure the issue out quickly, but I’m sure this will leave some newer users stumped!

  13. Adrian Maleska says:

    Hi Cory, this script seems to be well designed and coded. But does it really work? The strange thing on the demo page is that the code displayed in the session array differs from the code that is seen in the captcha image – is this the usual behavior of the script?
    I second Phils request for a snippet how to check the values after submitting.

  14. Cory LaViska says:

    Adrian, the script works. You’re probably calling $_SESSION[‘captcha’] = captcha(); again, which would overwrite the previous value. You only want to call the captha() function when you’re ready to generate the image, not to check the code.

  15. JimC says:

    Thanks nice work! One problem is that it works perfectly on our dev. server (Win7 WAMP) but will not work on our live server – dedicated linux with cPanel. The path to the login/simple-php-captcha.php file that creates the image is different in the page source code than what we have it set to in the code. In code, it is as above. In the source code of the page, it is captcha.php. Any suggestions on where to start troubleshooting would be greatly appreciated. PS you should add a Buy me a beer button – we would be happy to.

  16. MikeH says:

    Love this little script and have it implemented within my current project I’m working on for myself as a learning aid. Sure would love a code example for adding a captcha redraw button. Not all that familiar with Ajax, and just starting out getting my head around PHP and JavaScript. Cheers!

  17. Ben says:

    I’ve seen a few questions to add a refresh to this or as google call this recapture. Can anyone assist with a line of code to add to the script to do this task? Not a big user of php so not sure how to implement this. Thanks

  18. Cory LaViska says:

    You have to realized that when you call the captcha() function, the session variable gets updated. If you’re posting to the same page that generates the captcha, the comparison must be done BEFORE captcha() is called again, otherwise it will be set to something different and the check will fail.

    As far as a refresh, it’s really quite simple. Send an AJAX request to a PHP script that calls the captcha() function, then pass back the new image URL and update the source.

    A rough example of the PHP script would look like this. Let’s call it refresh.php:

    $_SESSION['captcha'] = captcha();

    Then, using jQuery, do something like this when you want to trigger a refresh:

    $.get('refresh.php', function(url) {
        $('#your-captcha-image').attr('src', url);

    When you submit the form, the code will automatically be updated. Just remember to call session_start at the top of your scripts.

  19. Sachin says:

    Worked for me like magic. Although first it was not working, but the error was I was not starting the session on each page. Thanks again!

  20. Fasial says:

    How can I add two captchas on the same page? I have two forms on a page, but only one captcha is showing.