Example

The following example implements the standard use of a CAPTCHA: Submitted form data is only evaluated when a CAPTCHA has been solved correctly.

Creating a CAPTCHA

The following code creates a CAPTCHA, provides the relevant information for the package, anhd retrieves the CAPTCHA as a PNG image.

<?php
require_once 'Text/CAPTCHA.php';

// Set CAPTCHA options (font must exist!)
$imageOptions = array(
    
'font_size'        => 24,
    
'font_path'        => './',
    
'font_file'        => 'COUR.TTF',
    
'text_color'       => '#DDFF99',
    
'lines_color'      => '#CCEEDD',
    
'background_color' => '#555555'
);

// Set CAPTCHA options
$options = array(
    
'width' => 200,
    
'height' => 80,
    
'output' => 'png',
    
'imageOptions' => $imageOptions
);
           
// Generate a new Text_CAPTCHA object, Image driver
$c Text_CAPTCHA::factory('Image');
$retval $c->init($options);
if (
PEAR::isError($retval)) {
    
printf('Error initializing CAPTCHA: %s!',
        
$retval->getMessage());
    exit;
}

// Get CAPTCHA secret passphrase
$_SESSION['phrase'] = $c->getPhrase();

// Get CAPTCHA image (as PNG)
$png $c->getCAPTCHAAsPNG();
if (
PEAR::isError($png)) {
    echo 
'Error generating CAPTCHA!';
    echo 
$png->getMessage();
    exit;
}
file_put_contents(md5(session_id()) . '.png'$png);
?>

Securing a form with a CAPTCHA

The following code implements the functionality to check whether a CAPTCHA was solved correctly or not. for this, the CAPTCHA's phrase is stored in a session variable to retain this information between requests. It is important to unset the session after solving the CAPTCHA to avoid the reuse of the session ID.

<?php
session_start
();
$ok false;
$msg 'Please enter the text in the image in the field below!';
if (
$_SERVER['REQUEST_METHOD'] == 'POST') {
    if (isset(
$_POST['phrase']) && is_string($_POST['phrase']) && isset($_SESSION['phrase']) &&
        
strlen($_POST['phrase']) > && strlen($_SESSION['phrase']) > &&
        
$_POST['phrase'] == $_SESSION['phrase']) {
        
$msg 'OK!';
        
$ok true;
        unset(
$_SESSION['phrase']);
    } else {
        
$msg 'Please try again!';
    }
    
unlink(md5(session_id()) . '.png');
}
print 
"<p>$msg</p>";

if (!
$ok) {
    
// create the CAPTCHA as seen above
    // and send it to the client
}
?>

See the file CAPTCHA_test.php in the package distribution for a full, working example (GD and TTF support required).