Home » PHP » Simple PHP Anti-Spam Captcha Script

by 16 comments

Anti-Spam PHP Captcha ExampleOne of the best, if not the best, ways to prevent automated web robot tools and spammers from taking advantage of your forms and scripts is by using a captcha image. Here is a simple example that I hacked up earlier today to use on my Advanced Request and Response HTTP Header Viewer among other tools.

View a working example on my Advanced Request and Response HTTP Header Viewer tool.

PHP Anti-Spam Captcha Example

Save this on your site as capya.php and include in your php script with require_once 'capya.php', then run with askapache_captcha(); which outputs XHTML of the captcha image.

define('CAPYAINC','/web/user/'); // the directory where the fonts and bg image are stored
define('CAPYAURI','');  // the web uri where the captcha image will be located
define('CAPYADIR','/web/user/');  the directory where the captcha image will be stored

function askapache_captcha($type=1,$numletters=4,$fontsize=22){
    $capya_string=capya_string($numletters);        // the letters and numbers displayed on captcha
    $capya_bgfile=CAPYAINC.'n.png';              // the background image for the captcha
    $capya_filename='askapache-'.rand(1111,999999).'.jpg';    // the filename of finished captcha
    $capya_file=CAPYADIR.$capya_filename;          // the full path to finished captcha
    $capya_uri=CAPYAURI.$capya_filename;          // the public web address to finished captcha

    // create image from background image

    // store the md5 of the captcha string
    $_SESSION['askapache_captcha'] = md5($capya_string);

  // add chars to captcha image
  for($i=0; $i<$numletters; $i++){
    $L[]=substr($capya_string,$i,1);    // each char from string into individual variable
    $A[]=rand(-20, 20);      // random angle for each char
    $F[]=CAPYAINC.rand(1, 10).".ttf";  // random font for each char
    $C[]=rand(0, 5);      // random color for each char
    $T[]=imagecolorallocate($image,$rgb[$C[$i]][0],$rgb[$C[$i]][1],$rgb[$C[$i]][2]);  // allocate colors for chars
    imagettftext($image, $fontsize, $A[$i], $g, $fontsize+15, $T[$i], $F[$i], $L[$i]);  // write chars to image

  // save jpeg image to public web folder
  imagejpeg($image, $capya_file);

  // output the image url
    echo '<p><label for="capya" class="S"><input id="capya" name="capya" type="text" value="" size="5" class="S" style="width:150px" maxlength="5" /></label></p>';
  } else echo '';

    // destroy image

    // delete all captcha images at 12 and 3 oclock if more than 100 are found
    else if(($dt==3)||($dt=='3'))capya_cleanup();

function capya_cleanup(){
    foreach ($files as $filename) {
      //echo "$filename size " . filesize($filename) . "n";

function capya_string($len){
    for($i=1; $i<=$len; $i++) {
        $ord=rand(48, 90);
        if((($ord >= 48) && ($ord <= 57)) || (($ord >= 65) && ($ord<= 90))) $str.=chr($ord);
        else $str.=capya_string(1);
    return $str;

Verify Captcha

To verify a user-submitted (via POST or GET) value for the captcha image, do this.

echo 'verified, continue processing script';
echo 'incorrect, stop processing script';

Get the Anti-Spam Captcha Code

  1. askapache-captcha.php
  2. Download the TrueType Font files and captcha background image


Comments Welcome

AskApache is an FSF Contributing Member (with ThankGNU)

Information is freedom. Freedom is non-negotiable. So please feel free to modify, copy, republish, sell, or use anything on this site in any way at any time ;)

My Online Tools
Popular Articles

Hacking and Hackers

The use of "hacker" to mean "security breaker" is a confusion on the part of the mass media. We hackers refuse to recognize that meaning, and continue using the word to mean someone who loves to program, someone who enjoys playful cleverness, or the combination of the two.
-- Richard M. Stallman


It's very simple - you read the protocol and write the code. -Bill Joy

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution 3.0 License, just credit with a link.
This site is not supported or endorsed by The Apache Software Foundation (ASF). All software and documentation produced by The ASF is licensed. "Apache" is a trademark of The ASF. NCSA HTTPd.
UNIX ® is a registered Trademark of The Open Group. POSIX ® is a registered Trademark of The IEEE.

+Askapache | |

Site Map | Contact Webmaster | License and Disclaimer | Terms of Service | @Htaccess

↑ TOPMain