Projects / Captcha PHP

Captcha PHP

The captcha.php library is very user-friendly and extremely easy to integrate into existing forms, because of its simple API. It nevertheless sports many configuration options, like multiple image modes and accessible alternative text riddles. It also has "AJAX" super cow powers and many sensible defaults to frustrate users less than other implementations. It prevents spambot access well, even with its relaxed defaults.


Recent releases

  •  12 Apr 2011 02:48

    Release Notes: Better error detection and visible messages were implemented to notify of setup problems early on. Various bugs were fixed.

    •  20 May 2010 18:52

      Release Notes: Various fixes have been contributed that prevent E_NOTICE errors, provide text translations, and streamline BASE_URL handling. A new TrueType font was added. The AJAX form callback was fixed to prevent the first incorrect status change while entering a CAPTCHA.

      •  29 Jun 2007 22:49

        Release Notes: This version is almost completely rewritten, but retains the simple API. A new default drawing mode was added. It allows fuzzy solutions and gives feedback via "AJAX". The textual riddle was changed into a math question. It now manages temporary files to track CAPTCHA solving extensively, but retains support for optional time-tagged pass cookies. Logging and URL-triggered activation was added.

        •  17 Sep 2005 07:48

          Release Notes: Images are now stored in temporary files and data:-URLs are further used only for compliant browsers and when the class has been explicitly configured to do so.

          •  30 Mar 2005 15:59

            Release Notes: The double-redirection workaround was added for the outdated Microsoft Internet Explorer.

            Recent comments

            03 May 2008 18:46 fatcatair

            failure to display
            So I've been trying to add this captcha to some code I'm

            using and I'm unable to get it to display the image in my

            form. I get the alt text and I can click to go to the image

            directly and it displays ok but I never get anything in the

            form page. I've read the README for clues but so far

            nothing. I've added error_log() debugging code to the code

            and when the request comes in for the image the only code

            that is exercised is the the test for the invoking of the script


            So out of ideas I put in the following hack as an else after

            the test in the aforementioned if.

            } else {

            if (isset($_SERVER['QUERY_STRING']) && strpos

            ($_SERVER['QUERY_STRING'], "__ec_i=ec.") === 0 ){

            $c = new easy_captcha();

            $expired = !$c->is_valid();

            if ($expired) {

            $type = "image/png";

            $bin = easy_captcha_utility::expired_png();

            } else {

            $type = "image/jpeg";

            $bin = $c->image->jpeg();


            header("Pragma: no-cache");

            header("Cache-Control: no-cache, no-store, must-

            revalidate, private");

            header("Expires: " . gmdate("r", time()));

            header("Content-Length: " . strlen($bin));

            header("Content-Type: $type");

            print $bin;



            and not surprisingly the image shows up in my form. So I

            don't understand how on the requests for the image from my

            form anything is supposed to happen since prior to this

            change as far as I can tell nothing but the API() code put out

            a header and the image. Second I don't see how any code

            would ever be activated by the REQUEST that asks for the

            image since the only "main line" code is that code that tests

            for the direct invoke. I'm clearly missing something here

            that must be obvious to the author. Any help would be

            appreciated. TIA.

            BTW I see the following error when I use "whirly" mode.

            PHP Notice: Undefined variable: y in .../captcha.php on line


            which is this line:

            if (($x > $this->height) && ($y > $this->height)) {

            and $y is undefined at this point.

            30 Jun 2007 15:47 milky

            Re: Eliminates waves border
            Thank you very much for sharing this fix! The next release will include it ;)

            [Totally forgot about this, because I've tested with the black/inverse version only.]

            30 Jun 2007 13:50 nahuelon

            Eliminates waves border
            I have modified the function distort() changing this inside the "for":

            #-- get source pixel, paint dest

            if ($single_pixel) {

            // single source dot: one-to-one duplicate (unsmooth, hard edges)

            if ( ((int)$dx+$x > 0) && ((int)$dy+$y > 0) && ((int)$dx+$x < $width) && ((int)$dy+$y < $height) ) {

            imagesetpixel($dest, $x, $y, @imagecolorat($i, (int)$dx+$x, (int)$dy+$y));

            } else {

            imagesetpixel($dest, $x, $y, $this->inverse ? $this->bg ^ 0xFFFFFF : $this->bg);




            This eliminates borders when I use the Wave function.

            Thanks for that excelent and free script.

            29 Jun 2007 15:03 milky

            Re: yes, this class is not secure.
            I very much doubt that linkspamming under fake names and abusive conjectures get you any customers.

            29 Jun 2007 14:54 milky

            Re: Security hole

            There has never been such a "security hole", because the _tcf= parameter (in version 0.9 only) has been filtered by:

            if (preg_match('/^\w+$/', $id) && file_exists(...

            Which also works more reliable than basename(), since it doesn't let special characters or even dots through.


            Even though this was a false alarm here, it's a very good practice to do at least such a surface security check in new scripts. So, no offence, and many thanks for voicing concerns and providing feedback here!


            Project Spotlight


            A Fluent OpenStack client API for Java.


            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.