Quickstart Guide
Securimage requires no configuration after downloading. All you need to do is display the captcha image somewhere in your form, and validate the code submitted from within your form processor. Customising the image is also very easy. This guide explains the process of adding Securimage to an existing form.
First, download Securimage and upload the files to your web server if you have not done so already. In this example, we assume that the Securimage files have been uploaded to a folder named “securimage” in the root of your web directory (i.e. www.yoursite.com/securimage/).
Next, we will insert the captcha image into your form along with a text field for the user to type the code in.
At the desired position in your form, add the following code to display the CAPTCHA image:
<img id="captcha" src="/securimage/securimage_show.php" alt="CAPTCHA Image" />
Next, add the following HTML code to create a text input box:
<input type="text" name="captcha_code" size="10" maxlength="6" />
<a href="#" onclick="document.getElementById('captcha').src = '/securimage/securimage_show.php?' + Math.random(); return false">[ Different Image ]</a>
Note: You can change the maxlength and size properties to match your image settings.
The second line is optional but gives the user the ability to display a new image if they are having trouble reading the image that was displayed.
Once you get the image added to your form and are satisfied with the look, we will move onto editing the PHP code that validates the CAPTCHA code typed in by the user.
Open the PHP file that processes the form data after submission.
You can find this by looking at the action value inside your <form> tag.
Note: In order to use Securimage, your form processor must be written in PHP.
On the very first line of the form processor, add the following code:
<?php session_start(); ?>
The next few steps will vary depending on how form validation is handled in your code. If you have little or no php knowledge the next part can be difficult.
To check if the code is correct, we will make a call to the Securimage class. The following php code should be integrated into the script that processes your form and should be placed where error checking is done. It is recommended to place it after any error checking and only attempt to validate the captha code if no other form errors occured. It should also be within <?php ?> tags.
include_once $_SERVER['DOCUMENT_ROOT'] . '/securimage/securimage.php'; $securimage = new Securimage();
This includes the file that contains the Securimage source code and creates a new Securimage object that is responsible for creating, managing and validating captcha codes.
Next we will check to see if the code typed by the user was entered correctly.
if ($securimage->check($_POST['captcha_code']) == false) {
// the code was incorrect
// you should handle the error so that the form processor doesn't continue
// or you can use the following code if there is no validation or you do not know how
echo "The security code entered was incorrect.<br /><br />";
echo "Please go <a href='javascript:history.go(-1)'>back</a> and try again.";
exit;
}
The call to the check method checks the generated CAPTCHA code against the code entered by the user. If the code was incorrect, an error message is printed with a link to go back to the form and the script is terminated with exit().
Make sure you check the code BEFORE the form is emailed or entered into a database and only if there were no other form errors.
Following the directions above should get Securimage working with minimal effort. Learn how to customize the captcha images or check out the faq page if you are having problems getting your form to work.
Had captcha up and running in oscommerce in under 5 minutes. GREAT easy to use script
01.05.12 at 9:48 pm
I love this! It was so easy! Thank you for developing this! Flawless under XAMPP on Windows XP SP3. Didn’t have to change anything, just dropped the files in, used your sample code, and “voila!” Easily integrates with my form validation. Kudos!
01.03.12 at 3:22 pm
Just one question, though. I’m using several different z-indexes on my site, and the Flash will float above everything else (it should be behind the footer of my page.) I’ve tried changing the z-index on the object, but no change. Any suggestions?
01.15.12 at 12:32 pm
Drew, thanks for the heads-up on the wmode trick. Fixed it!!
http://slightlymore.co.uk/flash-and-the-z-index-problem-solved/
01.17.12 at 9:01 pm
I would like to validate my form with jQuery. How do I check the correctness of the code entered? how do I let him take the result of $ securimage-> check (‘text field security code’)? thanks
11.08.11 at 4:09 am
You can use jQuery to submit the form, the correct way to do it would be to return any error messages from your ajax call back to the browser. Just make sure you only process the form on the server if the code was correct. The code for the form processor would not be very much different than normal except you should return success/error messages in JSON or XML format so your jQuery code can decide if the form was submitted or not. Also, for best results, don’t try to call check() on the captcha code unless there are no other errors on the form and it is ready to be submitted.
11.11.11 at 4:33 pm
Hello, I was using securimage on 2.0.2 version, but it was hacked by bots quite fast so I tried to upgrade to v.3.0, however easy switch (just replacing files) didn’t work, no image showed, when i tried to see the image on exact path to securimage_show.php it wrote an error I have not seen before using securimage:
Warning: Cannot use a scalar value as an array in /home/e-boszkowo/ftp/securimage/securimage.php on line 1046
Warning: Cannot modify header information – headers already sent by (output started at /home/e-boszkowo/ftp/securimage/securimage.php:1046) in /home/e-boszkowo/ftp/securimage/securimage.php on line 889
and some more of the “cannot modify header” errors.
session is started exactly on first line of the page, have no idea where to look now. Any help? Thanks in advance.
11.05.11 at 6:48 am
This was because the structure of the session changed between the 2 version. Just clear the cookies from your browser for your site and the error should go away. I do want to release a new version that fixes that problem though. Sorry for the trouble.
11.11.11 at 4:34 pm
Thanks, this was incredibly helpful! I had this up and running in no time. Just had to change the session name variable. Very nice implementation!
10.06.11 at 3:43 am
Hello, I downloaded your script and followed all the instructions. It works when I go to the actual directory and use the example form, but not when I include the script on another page.
This is the error I get:
“Warning: include_once() [function.include-once]: open_basedir restriction in effect. File(/usr/local/apache/htdocs/securimage/securimage.php) is not within the allowed path(s): (/home/:/usr/lib/php:/tmp) in /home/******/public_html/signup/index.php on line 134
Warning: include_once(/usr/local/apache/htdocs/securimage/securimage.php) [function.include-once]: failed to open stream: Operation not permitted in /home/******/public_html/signup/index.php on line 134
Warning: include_once() [function.include]: Failed opening ‘/usr/local/apache/htdocs/securimage/securimage.php’ for inclusion (include_path=’.:/usr/lib/php:/usr/local/lib/php’) in /home/*******/public_html/signup/index.php on line 134
Fatal error: Class ‘Securimage’ not found in /home/*******/public_html/signup/index.php on line 135″
I changed the include code to a basic ‘/securimage/securimage.php’, and it works but the ‘Fatal error: Class ‘Securimage’ not found’ error is still there.
Any suggestions on what to do?
09.28.11 at 5:38 pm
If the securimage files are uploaded to /home/yourname/public_html/securimage then you should include ‘/home/yoursite/public_html/securimage/securimage.php’; It looks like you were trying to use a path other than that. Or ask your host to turn the open_basedir restriction off or modify it for your account.
09.29.11 at 4:11 pm
worked really well for me – much appreciated, thanks!
09.25.11 at 1:31 pm
What an absolute star! I’ve been pulling my hair out over how to implement a decent captcha method on my website and then I stumbled across this page – I got it working in less than 10 minutes!!!!! You sir are a life saver!!!! Thank you so very much
09.15.11 at 2:34 am
Helemaal Cool !!! Keep it Up !!!
09.13.11 at 11:47 am
Excellent solution and easily implemented!!! Bot spam is an unfortunate plague on the Internet these days, and it’s good to know that your code is available for developers. Thank You!!!
08.21.11 at 8:02 am
thanks for the code!! it works great.
i am running into one problem however.. if i want to use this when i already have a session started (a user logged into my site), it fails every time.
is there a way to make it work with a session that has already been established?
any help would be great.
thanks
08.09.11 at 4:44 pm
If you have already started a session, then securimage.php will detect that and use the existing session. Securimage_show.php always uses its own session since it runs independently, the only time this can cause a problem is if your session uses a session name other than the PHP default. If that is the case, edit securimage.php and change $session_name to match the name you are using.
09.26.11 at 10:09 am
u saved my day
the script worked just like that
Linoy Joseph
08.08.11 at 10:33 pm
Thanks for the great code. What a timesaver! I incorporated it into my cakePHP app in about 30 minutes. I had to hack at the code a bit to make it “cake compliant” but the changes were minimal. Now I have a nifty component I can use in any controller. I just drop the .swf file on my web root and any background images in my webroot/img folder and everything works automagically thanks to your hardwork! If you are interested in the component and view element that I created for cakePHP let me know and I’ll share my code with you. Thanks again!
07.12.11 at 4:08 pm
How do you use AJAX on this? Any simple code I can look at?
Thanks.
07.06.11 at 8:21 am
Use AJAX, or the form will be reset…. This is the 3rd time I submitted a comment… past ones got reset.
Thanks for the script.;
06.25.11 at 9:09 am
THANKS VERY MUCH!
EASY AND COOL! =)
06.14.11 at 7:42 pm
i usually am not great at that cut and paste of code but that was so easy and IT WORKED! Thanks so much!
06.14.11 at 12:45 pm
thank you thank you thank you, this worked right away, made my day, saved me several hours – thank you!
06.07.11 at 10:09 am
On my opera 11.01 build 1190 validation always fails. In other browsers(firefox, ie6, ie8) everything is good.
05.19.11 at 11:01 pm
ok so it’s working… finaly,
I was pulling my hair out trying to figure out what was wrong, but it seems ur code is missing the P3P site acknowledge code for IE’s session. (tip: build it for firefox, hack it for IE). So I’m writing this to u in firefox (it rules). If people have trouble with Internet Explorer, IE, IE6, IE7, IE8 / IE9, P3P is the way to go.
I have a question, how do I set the background of the captcha to transparant? Have a designer site and the block is quite ugly.
Kind regards,
Kevin
05.12.11 at 5:44 pm
This is one of the best easy to use tool i downloaded. Thank you very much. Great job.:)
05.11.11 at 5:25 am
Hi! I changed my form code and now the CAPTCHA works fine. It was my mistake. Thank you for this useful code.
05.11.11 at 2:43 am
Would like to say a big thanks for this script. It worked the first time without any hitches. Great job!
05.05.11 at 2:31 am
Thanks very much for this download. Fairly straightforward and works well.
04.27.11 at 8:20 am
This is totally awesome. Should the session started on the form handler be destroyed at some point? If so, where. Saw a security concern on Wikipedia (http://en.wikipedia.org/wiki/Captcha) that says a session ID of a known image can be used to crack a code. Very impressive, keep up the good work.
04.26.11 at 10:44 am
Aside from preventing a cookie from continuously being sent from the client’s browser, there is not really any need to destroy the session. Once a code has been validated as correct, it is deleted from the session so there is no way it can be re-used under any circumstance.
04.27.11 at 9:38 am
Awesome, thanks for that, worked first time, dead simple….
04.14.11 at 3:50 pm
Awesome, thanks very much for this!
04.14.11 at 2:46 pm
Thanks for the code for integrating captcha in forms.
04.13.11 at 6:48 am
Thank you VERY MUCH for providing this script. Works GREAT! and easy to install.
04.07.11 at 11:23 am
Hello everyone, I just wanted to share some good news. If you are using the older version of Securimage and it is not working with your IE 9, you can install the new Securimage 2.0.2 version and it will solve the problem (It did for me). Great program!
03.27.11 at 7:25 pm
hy
Today I was inundated with spam via my contact form. therefore, I have integrated your script. your script is really easy to install, thanks you’ve done the work. nice that you provide it.
excellent work!
03.26.11 at 11:01 am
There is a problem with the XFBML Facebook Button. In the Internet Explorer and only in this browser, the Facebook Button reloads the page and generates a new code in securimage. I searched the error for about 5 hours!
I hate Facebook and still like your captcha script!
03.26.11 at 6:03 am
Hi, this is a great script, i installed it on http://www.organicbaby.ro/blog.php and it works perfectly!
10x
03.23.11 at 11:31 pm
Just want to say thank, much love for the script you provided. I was getting hit with spam bots so i appreciate it. Very easy to upload. Thanks
Do have one question if you could assist, how can i make the input text area and my reset and submit buttons bigger?
03.23.11 at 8:04 pm
CSS would be the easiest way to do that. With the input box, if you increase the font size you can increase the input size, or like with a submit button, you can also specify the height and width manually:
<input type="text" name="captcha_code" style="font-size: 16px; height: 20px; width: 180px" />
<input type="submit" value="Send Form" style="height: 30px; width: 81px; padding: 4px 2px" />
03.24.11 at 8:41 am