PHP CAPTCHA, image validation

Use this script to protect your contact form, your whois query tool or just a form where some extra validation is needed. How does it work?
A session will be created inside a dynamic image file (requires GD library). The random value of this image appears inside the generated CAPTCHA image. The user has to enter this value into a form field. While processing the form, the entered value get checked against the session value. Without entering the correct string a form will not be processed. This mechanism is very useful to protect your form again (spam) bots.

Are you looking for the new “No CAPTCHA reCAPCHTA” from Google? Check our new reCAPTCHA tutorial for WordPress!

The PHP code snippet

Create a php file with that code an call it “random.php”


if (empty($_SESSION['rand_code'])) {
    $str = "";
    $length = 0;
    for ($i = 0; $i < 4; $i++) {
        // this numbers refer to numbers of the ascii table (small-caps)
        $str .= chr(rand(97, 122));
    $_SESSION['rand_code'] = $str;

$imgX = 60;
$imgY = 20;
$image = imagecreatetruecolor(60, 20);

$backgr_col = imagecolorallocate($image, 238,239,239);
$border_col = imagecolorallocate($image, 208,208,208);
$text_col = imagecolorallocate($image, 46,60,31);

imagefilledrectangle($image, 0, 0, 60, 20, $backgr_col);
imagerectangle($image, 0, 0, 59, 19, $border_col);

$font = "VeraSe.ttf"; // it's a Bitstream font check for more
$font_size = 10;
$angle = 0;
$box = imagettfbbox($font_size, $angle, $font, $_SESSION['rand_code']);
$x = (int)($imgX - $box[4]) / 2;
$y = (int)($imgY - $box[5]) / 2;
imagettftext($image, $font_size, $angle, $x, $y, $text_col, $font, $_SESSION['rand_code']);

header("Content-type: image/png");
imagedestroy ($image);

How-to use it?

Use this HTML code in your form:

<input type="text" name="validator" id="validator" size="4" />
<img src="random.php" alt="CAPTCHA image" align="top" />

This is the code to test the entered value:

if (!empty($_POST['validator']) && $_POST['validator'] == $_SESSION['rand_code']) {
    // process your form here
    // at least destroy the session

Use this PHP script or tutorial for education. Today there are much better ways to create CAPTCHA challenges for your web forms. Try also the reCAPTCHA API tutorial from the Web Development Blog.