Simple PHP Anti-Spam Captcha Script

One of the best, if not the best, ways to prevent automated web robot tools and spammers from taking advantage of your forms and scripts is by using a captcha image. Here is a simple example that I hacked up earlier today to use on my Advanced Request and Response HTTP Header Viewer among other tools.

View a working example on my Advanced Request and Response HTTP Header Viewer tool.

PHP Anti-Spam Captcha Example

Save this on your site as capya.php and include in your php script with require_once 'capya.php', then run with askapache_captcha(); which outputs XHTML of the captcha image.

<?php
session_start();
define('CAPYAINC','/home/user/askapache.com/includes/capya/'); // the directory where the fonts and bg image are stored
define('CAPYAURI','http://static.askapache.com/i/');  // the web uri where the captcha image will be located
define('CAPYADIR','/home/user/static.askapache.com/public_html/i/');  the directory where the captcha image will be stored
 
function askapache_captcha($type=1,$numletters=4,$fontsize=22){
    $capya_string=capya_string($numletters);        // the letters and numbers displayed on captcha
    $capya_bgfile=CAPYAINC.'n.png';              // the background image for the captcha
    $capya_filename='askapache-'.rand(1111,999999).'.jpg';    // the filename of finished captcha
    $capya_file=CAPYADIR.$capya_filename;          // the full path to finished captcha
    $capya_uri=CAPYAURI.$capya_filename;          // the public web address to finished captcha
    $rgb[0]=array(204,0,0);
    $rgb[1]=array(34,136,0);
    $rgb[2]=array(51,102,204);
    $rgb[3]=array(141,214,210);
    $rgb[4]=array(214,141,205);
    $rgb[5]=array(100,138,204);
 
    // create image from background image
    $image=imagecreatefrompng($capya_bgfile);
 
    // store the md5 of the captcha string
    $_SESSION['askapache_captcha'] = md5($capya_string);
 
  // add chars to captcha image
  $g=$fontsize;
  for($i=0; $i<$numletters; $i++){
    $L[]=substr($capya_string,$i,1);    // each char from string into individual variable
    $A[]=rand(-20, 20);      // random angle for each char
    $F[]=CAPYAINC.rand(1, 10).".ttf";  // random font for each char
    $C[]=rand(0, 5);      // random color for each char
    $T[]=imagecolorallocate($image,$rgb[$C[$i]][0],$rgb[$C[$i]][1],$rgb[$C[$i]][2]);  // allocate colors for chars
    imagettftext($image, $fontsize, $A[$i], $g, $fontsize+15, $T[$i], $F[$i], $L[$i]);  // write chars to image
    $g+=$fontsize+10;
  }
 
  // save jpeg image to public web folder
  imagejpeg($image, $capya_file);
 
  if($type===1){
  // output the image url
    echo '<p><label for="capya" class="S"><input id="capya" name="capya" type="text" value="" size="5" class="S" style="width:150px" maxlength="5" /></label></p>';
  } else echo '';
 
    // destroy image
    imagedestroy($image);
 
    // delete all captcha images at 12 and 3 oclock if more than 100 are found
    $dt=date('g');
    if(($dt==12)||($dt=='12'))capya_cleanup();
    else if(($dt==3)||($dt=='3'))capya_cleanup();
}
 
function capya_cleanup(){
$files=glob(CAPYADIR."apache*.jpg");
  if(sizeof($files)>100){
    foreach ($files as $filename) {
        unlink($filename);
      //echo "$filename size " . filesize($filename) . "\n";
    }
  }
}
 
function capya_string($len){
  $str='';
    for($i=1; $i<=$len; $i++) {
        $ord=rand(48, 90);
        if((($ord >= 48) && ($ord <= 57)) || (($ord >= 65) && ($ord<= 90))) $str.=chr($ord);
        else $str.=capya_string(1);
    }
    return $str;
}
?>

Verify Captcha

To verify a user-submitted (via POST or GET) value for the captcha image, do this.

<?php
if(md5($_REQUEST['capya'])===$_SESSION['askapache_captcha']){
echo 'verified, continue processing script';
}else{
echo 'incorrect, stop processing script';
}
?>

Get the Anti-Spam Captcha Code

1. askapache-captcha.php
2. Download the TrueType Font files and captcha background image

• Feed for this Entry
• Trackback
• htaccess file

Reader Comments

1. Giorgos ~September 26, 2010 @ 3:42 pm

   It outputs an "input" field instead of the captcha image! Does anyone know what's wrong?
2. tor ~September 26, 2010 @ 6:51 am

   Nice script :)
3. Colin Jensen ~May 7, 2010 @ 11:22 am

   Great read! but for those who don't have GdLibs installed, you can use ImageMagick.
4. Nook ~February 25, 2010 @ 2:43 am

   A very nice piece of code and a very helpful addition to feedback boxes, but I found one problem. You open the feedback site, and unless you hit CTRL+R, capya does not register the first input you put, just claims that the code was wrong. You have to return, refresh site with a new code and try again.
5. Marina ~June 25, 2009 @ 2:29 am

   Thanks a lot! This is the best capcha code I could find in the net! Good work!
6. JS ~March 26, 2009 @ 5:21 pm

   is there anyway you can outline the steps in layman's terms? especially this: Save this on your site as capya.php and include in your php script with require_once 'capya.php', then run with askapache_captcha(); which outputs XHTML of the captcha image. thanks!
7. Nicky ~March 24, 2009 @ 5:13 am

   quite difficult for me. (I'm newbie for php) but I will try to do it :)
8. wayne ~January 13, 2009 @ 12:08 pm

   Hi Love the captcha script. Im having a problem with it and maybe you can help me out im getting a timezone error with the date(); function Reporting:

   Strict Standards: date() [function.date]: It is not safe to rely on the system's timezone settings. Please use the date.timezone setting, the TZ environment variable or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'Europe/London' for '0.0/no DST' instead in C:\AppServ\www\IrishModels\capya\capya.php on line 50

   Can you please advise, Again Many Thanks.
9. Robin ~November 24, 2008 @ 8:33 am

   Perfect, thanks!
10. Matthew ~November 3, 2008 @ 6:51 pm

    Great piece of php anti-spam captcha code. Very elegant - thanks for sharing!
11. Kenneth ~September 9, 2008 @ 5:02 am

    sorry, my mistake. Just check the Directories defined if the path is correct. Anyway you can also check this one link> gscripts.net/free-php-scripts/Anti_Spam_Scripts/Image_Validator/details.html
12. Kenneth ~September 9, 2008 @ 3:40 am

    Hi Steve, Remove the semicolon in this line

    imagettftext($image, $fontsize, $A[$i], $g, $fontsize+15, $T[$i], $F[$i], $L[$i]);

13. David Spiral ~June 9, 2008 @ 2:51 pm

    Hi there, Was just cruising around to compare anti-spam form techniques and found your post. I like your solution - I imagine it's very tight! I decided to go with siding with the humans, however - I'm tired of squinting at twisted numbers and letters every time I want to submit a form, so I went with a simple 'pick the unique picture' system, and my web development clients say it's dramatically reduced the volume of spam, while gaining some pleasant comments from their customers on how easy it is to use! If anyone wants to know more, they can head over to my blog to read about my anti-spam human-checker php script Keep up the good work Spiral Out! David
14. Steve M. ~December 12, 2007 @ 9:21 am

    OK, I spoke too soon. I see on 31 Where the face's are called. It looks right though. I'll keep looking around. Thanks.
15. Steve M. ~December 12, 2007 @ 9:18 am

    Hey there, I appreciate the example and code you have going. I am having a hard time finding where the code actualy pulls in the .ttf files. I'm getting errors like: Warning: imagettftext() [function.imagettftext]: Could not find/open font in /home/designb/public_html/php/capya.php on line 34 I am sorry if this is a dumb question...but any help would be awesome!! Thanks.

Add Comment!