The following example implements the standard use of a CAPTCHA: Submitted form data is only evaluated when a CAPTCHA has been solved correctly.
Creating a CAPTCHA
The following code creates a CAPTCHA, provides the relevant information for the package, anhd retrieves the CAPTCHA as a PNG image.
<?php
require_once 'Text/CAPTCHA.php';
// Set CAPTCHA options (font must exist!)
$imageOptions = array(
'font_size' => 24,
'font_path' => './',
'font_file' => 'COUR.TTF',
'text_color' => '#DDFF99',
'lines_color' => '#CCEEDD',
'background_color' => '#555555'
);
// Set CAPTCHA options
$options = array(
'width' => 200,
'height' => 80,
'output' => 'png',
'imageOptions' => $imageOptions
);
// Generate a new Text_CAPTCHA object, Image driver
$c = Text_CAPTCHA::factory('Image');
$retval = $c->init($options);
if (PEAR::isError($retval)) {
printf('Error initializing CAPTCHA: %s!',
$retval->getMessage());
exit;
}
// Get CAPTCHA secret passphrase
$_SESSION['phrase'] = $c->getPhrase();
// Get CAPTCHA image (as PNG)
$png = $c->getCAPTCHAAsPNG();
if (PEAR::isError($png)) {
echo 'Error generating CAPTCHA!';
echo $png->getMessage();
exit;
}
file_put_contents(md5(session_id()) . '.png', $png);
?>
Securing a form with a CAPTCHA
The following code implements the functionality to check whether a CAPTCHA was solved correctly or not. for this, the CAPTCHA's phrase is stored in a session variable to retain this information between requests. It is important to unset the session after solving the CAPTCHA to avoid the reuse of the session ID.
<?php
session_start();
$ok = false;
$msg = 'Please enter the text in the image in the field below!';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (isset($_POST['phrase']) && is_string($_POST['phrase']) && isset($_SESSION['phrase']) &&
strlen($_POST['phrase']) > 0 && strlen($_SESSION['phrase']) > 0 &&
$_POST['phrase'] == $_SESSION['phrase']) {
$msg = 'OK!';
$ok = true;
unset($_SESSION['phrase']);
} else {
$msg = 'Please try again!';
}
unlink(md5(session_id()) . '.png');
}
print "<p>$msg</p>";
if (!$ok) {
// create the CAPTCHA as seen above
// and send it to the client
}
?>
See the file CAPTCHA_test.php
in the package distribution for a full, working
example (GD and TTF support required).