Projects / Captcha PHP

Captcha PHP

The captcha.php library is very user-friendly and extremely easy to integrate into existing forms, because of its simple API. It nevertheless sports many configuration options, like multiple image modes and accessible alternative text riddles. It also has "AJAX" super cow powers and many sensible defaults to frustrate users less than other implementations. It prevents spambot access well, even with its relaxed defaults.


RSS Recent releases

  •  12 Apr 2011 05:04

    Release Notes: Better error detection and visible messages were implemented to notify of setup problems early on. Various bugs were fixed.

    •  20 May 2010 22:15

      Release Notes: Various fixes have been contributed that prevent E_NOTICE errors, provide text translations, and streamline BASE_URL handling. A new TrueType font was added. The AJAX form callback was fixed to prevent the first incorrect status change while entering a CAPTCHA.

      •  29 Jun 2007 15:49

      Release Notes: This version is almost completely rewritten, but retains the simple API. A new default drawing mode was added. It allows fuzzy solutions and gives feedback via "AJAX". The textual riddle was changed into a math question. It now manages temporary files to track CAPTCHA solving extensively, but retains support for optional time-tagged pass cookies. Logging and URL-triggered activation was added.

      •  17 Sep 2005 00:48

      Release Notes: Images are now stored in temporary files and data:-URLs are further used only for compliant browsers and when the class has been explicitly configured to do so.

      •  30 Mar 2005 07:59

      Release Notes: The double-redirection workaround was added for the outdated Microsoft Internet Explorer.

      RSS Recent comments

      03 May 2008 18:46 fatcatair

      failure to display
      So I've been trying to add this captcha to some code I'm

      using and I'm unable to get it to display the image in my

      form. I get the alt text and I can click to go to the image

      directly and it displays ok but I never get anything in the

      form page. I've read the README for clues but so far

      nothing. I've added error_log() debugging code to the code

      and when the request comes in for the image the only code

      that is exercised is the the test for the invoking of the script


      So out of ideas I put in the following hack as an else after

      the test in the aforementioned if.

      } else {

      if (isset($_SERVER['QUERY_STRING']) && strpos

      ($_SERVER['QUERY_STRING'], "__ec_i=ec.") === 0 ){

      $c = new easy_captcha();

      $expired = !$c->is_valid();

      if ($expired) {

      $type = "image/png";

      $bin = easy_captcha_utility::expired_png();

      } else {

      $type = "image/jpeg";

      $bin = $c->image->jpeg();


      header("Pragma: no-cache");

      header("Cache-Control: no-cache, no-store, must-

      revalidate, private");

      header("Expires: " . gmdate("r", time()));

      header("Content-Length: " . strlen($bin));

      header("Content-Type: $type");

      print $bin;



      and not surprisingly the image shows up in my form. So I

      don't understand how on the requests for the image from my

      form anything is supposed to happen since prior to this

      change as far as I can tell nothing but the API() code put out

      a header and the image. Second I don't see how any code

      would ever be activated by the REQUEST that asks for the

      image since the only "main line" code is that code that tests

      for the direct invoke. I'm clearly missing something here

      that must be obvious to the author. Any help would be

      appreciated. TIA.

      BTW I see the following error when I use "whirly" mode.

      PHP Notice: Undefined variable: y in .../captcha.php on line


      which is this line:

      if (($x > $this->height) && ($y > $this->height)) {

      and $y is undefined at this point.

      30 Jun 2007 15:47 milky

      Re: Eliminates waves border
      Thank you very much for sharing this fix! The next release will include it ;)

      [Totally forgot about this, because I've tested with the black/inverse version only.]

      30 Jun 2007 13:50 nahuelon Thumbs up

      Eliminates waves border
      I have modified the function distort() changing this inside the "for":

      #-- get source pixel, paint dest

      if ($single_pixel) {

      // single source dot: one-to-one duplicate (unsmooth, hard edges)

      if ( ((int)$dx+$x > 0) && ((int)$dy+$y > 0) && ((int)$dx+$x < $width) && ((int)$dy+$y < $height) ) {

      imagesetpixel($dest, $x, $y, @imagecolorat($i, (int)$dx+$x, (int)$dy+$y));

      } else {

      imagesetpixel($dest, $x, $y, $this->inverse ? $this->bg ^ 0xFFFFFF : $this->bg);




      This eliminates borders when I use the Wave function.

      Thanks for that excelent and free script.

      29 Jun 2007 15:03 milky

      Re: yes, this class is not secure.
      I very much doubt that linkspamming under fake names and abusive conjectures get you any customers.

      29 Jun 2007 14:54 milky

      Re: Security hole

      There has never been such a "security hole", because the _tcf= parameter (in version 0.9 only) has been filtered by:

      if (preg_match('/^\w+$/', $id) && file_exists(...

      Which also works more reliable than basename(), since it doesn't let special characters or even dots through.


      Even though this was a false alarm here, it's a very good practice to do at least such a surface security check in new scripts. So, no offence, and many thanks for voicing concerns and providing feedback here!


      Project Spotlight

      OAQL Server

      An Oriented Architecture Query Language Server.


      Project Spotlight

      Berkeley Yacc

      A high-quality yacc variant.