A Simple PHP CAPTCHA Script

January 16, 2011

This is one of the easiest CAPTCHA scripts you will ever use. While it doesn’t obscure the text, it will serve its purpose well for many people who need a low-level CAPTCHA solution. This script requires little-to-no setup. The only dependency is the PHP GD library.

Example CAPTCHA image:

CAPTCHA Example Image

It can be as simple as this to use, but it is also configurable:

<?php
session_start();
include("captcha.php");
$_SESSION['captcha'] = captcha();
echo '<img src="' . $_SESSION['captcha']['image_src'] . '" alt="CAPTCHA" />';
?>

Features:

  • Use one or more PNG backgrounds
  • Use one or more TTF or OTF fonts
  • Set minimum/maximum code lengths (or optionally set the code itself)
  • Configure which characters to use
  • Set minimum/maximum font size
  • Adjustable angle, font color, and shadow
  • Includes the free font “Times New Yorker” (for demo purposes) and a sample background image (default.png)

Demo & Download

This project is actively maintained on GitHub.  Please submit all issues and contributions to the project page.  Licensed under both the MIT and the GNU GPL licenses.

Demo Page | Download the latest version from GitHub

By Cory LaViska

Cory LaViska

Cory has worked on the web for over a decade. Currently, he runs Surreal CMS and a handful of online tools for web developers. He’s also responsible for the blog you’re reading right now.

Discussion

This discussion is now closed. If you want to leave feedback, you’re welcome to do so on Twitter.

  1. Thanks for this, it’s the easiest to understand one that I’ve found. Integrated perfectly.

    March 11th, 2011Phil
  2. thank you. Integrated perfectly.

    March 11th, 2011tolgasen
  3. I thought I had this sorted but I don’t understand how to check the captcha code entered before I create a new captcha session on page reload… Not quite getting this server side stuff. Thanks for any help you can offer.

    March 25th, 2011Phil
  4. Phil, follow the example in the demo and check the value of $_SESSION['captcha']['code'] when your form posts. Make sure you include session_start() on both pages.

    March 26th, 2011Cory LaViska
  5. Back for more!

    I am working with this captcha script, and I would like to make a “Redraw Captcha” link. I’ve made a hash link with the following click event:

    onclick="document.getElementById('captcha').src = ''; return false" 
    

    It seems to be loading in the same captcha, or not doing anything. I suspect the former is probably the accurate description. I would like to know if there is a way to clear the current captcha’s code and create a new one in a manner similar to what I have described here, where there is not a whole new page load. And yes, I have most definitely checked and double-checked that the image tag has the matching ID of “captcha” as listed in the above JavaScript!

    March 28th, 2011RockNRaj
  6. RockNRaj, you need to use an AJAX request to call the captcha() function again. Have it return the value of $_SESSION['captcha']['image_src'] and then use that value for the image’s src attribute.

    March 28th, 2011Cory LaViska
  7. What a great script. Simple to setup. Thanks for creating this. You can see a live demo on the site.

    May 27th, 2011sipher
  8. Thanks for this Script! Good Job. :)

    June 5th, 2011Occasion
  9. When the user hits back in their browser the Captcha image fails to load. Can I force it to load when the user goes back?

    June 30th, 2011al
  10. Thank you! Works Marvelous. Greetings from Colombia.

    March 26th, 2012Nolberto Gaviria
  11. Thank you so much.

    April 6th, 2012Ersin Kurtdal
  12. Thanks for the script, I’ve implemented it in all my forms.

    I was using perl module authen::captcha with my hostmonster account but after they upgraded to centos6.x it stopped working. After desperately looking for a replacement I found your web site.

    I only added some input validation to make sure nothing bad happens and voila the perfect solution. THANKS!

    June 12th, 2012Robert Dohrenburg
  13. When i submit the form i lost the session code value, it is empty. And it is strange because it only happens on the server, i mean, if i test it on my local server works ok.

    Any idea ?

    June 27th, 2012Nicolas
  14. when the wepage loads for the first time no captcha image shows up, just an image placeholder. If you hit refresh then the proper image shows up. I cannot find anything in the code that will fix this problem. Any thoughts?

    July 2nd, 2012John
  15. Nice and simple script, very easy to integrate with my project! Thank you.

    August 4th, 2012prosfores
  16. I really appreciate the script. It works just as advertised! However, I to (like RockNRaj) am interested in “refreshing” the CAPTCHA image in case the visitor cannot read it. A page refresh losses his information. I have tried several different code variations to regenerate the image, but always either get the same code and image or else nothing is returned. Can’t anyone provide sample code? Thanks in advance…

    August 16th, 2012RoyC
  17. It’s probably best to do it with an AJAX request. Ping your AJAX file and have it send back the URL of the updated CAPTCHA image. Append t=[timestamp] to it to prevent caching issues. Also make sure you’re using session_start() in your AJAX script so the new value is retained.

    August 16th, 2012Cory LaViska
  18. There’s a minor issue going on here that’s so simple I bet you overlooked it:

    The sample code includes “captcha.php” which isn’t actually in your commited code, although “simple-php-captcha.php” is and is what should be included to function.

    A minor difference, but it results in some confusion. I know enough to figure the issue out quickly, but I’m sure this will leave some newer users stumped!

    August 30th, 2012Jesse Nicola
  19. Thanks. Easy to understand. Well integrated to my application.

    October 24th, 2012Mzukisi
  20. Hi Cory, this script seems to be well designed and coded. But does it really work? The strange thing on the demo page is that the code displayed in the session array differs from the code that is seen in the captcha image – is this the usual behavior of the script?
    I second Phils request for a snippet how to check the values after submitting.

    October 27th, 2012Adrian Maleska
  21. Yep, very nice script here – many thanks.

    November 1st, 2012atomiku
  22. Adrian, the script works. You’re probably calling $_SESSION['captcha'] = captcha(); again, which would overwrite the previous value. You only want to call the captha() function when you’re ready to generate the image, not to check the code.

    November 7th, 2012Cory LaViska
  23. Thanks nice work! One problem is that it works perfectly on our dev. server (Win7 WAMP) but will not work on our live server – dedicated linux with cPanel. The path to the login/simple-php-captcha.php file that creates the image is different in the page source code than what we have it set to in the code. In code, it is as above. In the source code of the page, it is captcha.php. Any suggestions on where to start troubleshooting would be greatly appreciated. PS you should add a Buy me a beer button – we would be happy to.

    December 20th, 2012JimC
  24. Love this little script and have it implemented within my current project I’m working on for myself as a learning aid. Sure would love a code example for adding a captcha redraw button. Not all that familiar with Ajax, and just starting out getting my head around PHP and JavaScript. Cheers!

    January 7th, 2013MikeH
  25. I’ve seen a few questions to add a refresh to this or as google call this recapture. Can anyone assist with a line of code to add to the script to do this task? Not a big user of php so not sure how to implement this. Thanks

    February 19th, 2013Ben
  26. You have to realized that when you call the captcha() function, the session variable gets updated. If you’re posting to the same page that generates the captcha, the comparison must be done BEFORE captcha() is called again, otherwise it will be set to something different and the check will fail.

    As far as a refresh, it’s really quite simple. Send an AJAX request to a PHP script that calls the captcha() function, then pass back the new image URL and update the source.

    A rough example of the PHP script would look like this. Let’s call it refresh.php:

    <?php
    session_start();
    $_SESSION['captcha'] = captcha();
    exit($_SESSION['captcha']['code']);
    ?>
    

    Then, using jQuery, do something like this when you want to trigger a refresh:

    $.get('refresh.php', function(url) {
        $('#your-captcha-image').attr('src', url);
    });
    

    When you submit the form, the code will automatically be updated. Just remember to call session_start at the top of your scripts.

    February 22nd, 2013Cory LaViska
  27. Worked for me like magic. Although first it was not working, but the error was I was not starting the session on each page. Thanks again!

    February 23rd, 2013Sachin
  28. Thanks a lot. Nice script.

    March 3rd, 2013Andrii Motrych
  29. Thanks for this great captcha. I made a fork for use with the CodeIgniter framework, if anybody needs it.

    July 16th, 2013Ephraim Blanshey
  30. How can I add two captchas on the same page? I have two forms on a page, but only one captcha is showing.

    August 19th, 2013Fasial
  31. Thank you. Integrated perfectly. I like it!

    October 16th, 2013Tori Vietnamese
  32. How do you set the image size?

    October 23rd, 2013Thuy Duong
  33. The image size is currently set to the dimensions of the background images you use.

    October 23rd, 2013Cory LaViska