The following example implements the standard use of a CAPTCHA: Submitted form data is only evaluated when a CAPTCHA has been solved correctly.

Creating a CAPTCHA

The following code creates a CAPTCHA, provides the relevant information for the package, anhd retrieves the CAPTCHA as a PNG image.

require_once 'Text/CAPTCHA.php';

// Set CAPTCHA options (font must exist!)
$imageOptions = array(
'font_size'        => 24,
'font_path'        => './',
'font_file'        => 'COUR.TTF',
'text_color'       => '#DDFF99',
'lines_color'      => '#CCEEDD',
'background_color' => '#555555'

// Set CAPTCHA options
$options = array(
'width' => 200,
'height' => 80,
'output' => 'png',
'imageOptions' => $imageOptions
// Generate a new Text_CAPTCHA object, Image driver
$c Text_CAPTCHA::factory('Image');
$retval $c->init($options);
if (
PEAR::isError($retval)) {
printf('Error initializing CAPTCHA: %s!',

// Get CAPTCHA secret passphrase
$_SESSION['phrase'] = $c->getPhrase();

// Get CAPTCHA image (as PNG)
$png $c->getCAPTCHAAsPNG();
if (
PEAR::isError($png)) {
'Error generating CAPTCHA!';
file_put_contents(md5(session_id()) . '.png'$png);

Securing a form with a CAPTCHA

The following code implements the functionality to check whether a CAPTCHA was solved correctly or not. for this, the CAPTCHA's phrase is stored in a session variable to retain this information between requests. It is important to unset the session after solving the CAPTCHA to avoid the reuse of the session ID.

$ok false;
$msg 'Please enter the text in the image in the field below!';
if (
    if (isset(
$_POST['phrase']) && is_string($_POST['phrase']) && isset($_SESSION['phrase']) &&
strlen($_POST['phrase']) > && strlen($_SESSION['phrase']) > &&
$_POST['phrase'] == $_SESSION['phrase']) {
$msg 'OK!';
$ok true;
    } else {
$msg 'Please try again!';
unlink(md5(session_id()) . '.png');

if (!
$ok) {
// create the CAPTCHA as seen above
    // and send it to the client

See the file CAPTCHA_test.php in the package distribution for a full, working example (GD and TTF support required).

Introduction (Previous) Information about the CAPTCHA and inner workings (Next)
Last updated: Sat, 16 Feb 2019 — Download Documentation
Do you think that something on this page is wrong? Please file a bug report.
View this page in:
  • English

User Notes:

Note by: fusco
This example uses md5 encryption for unlink() image. Note that the captcha_test.php uses SHA1.

The previous comment suggests using /usr/share/fonts as the default font location. An easier solution maybe to upload the TTF to your web root.

For shared servers, this may be helpful to include PEAR extensions. To define another include directory:

ini_set('include_path', ini_get('include_path') . PATH_SEPARATOR . '/file/path/to/files/');

Setting the width and height parameters for the image tag is best for most browsers [img src='' width=200 height=80]
Note by: alan_k
On a standard Unix system, this would be a better initializer (as the font location is more likely to be correct)

$retval = $c->init(array(
'width' => 200,
'height' => 80,
'output' => 'png',
'imageOptions' => array(
'font_size' => 24,
'font_path' => '/usr/share/fonts/truetype/msttcorefonts/',
'font_file' => 'Arial.ttf',
'text_color' => '#DDFF99',
'lines_color' => '#CCEEDD',
'background_color' => '#555555'