Quickstart Guide
Securimage requires no configuration after downloading. All you need to do is display the captcha image somewhere in your form, and validate the code submitted from within your form processor. Customising the image is also very easy. This guide explains the process of adding Securimage to an existing form.
First, download Securimage and upload the files to your web server if you have not done so already. In this example, we assume that the Securimage files have been uploaded to a folder named “securimage” in the root of your web directory (i.e. www.yoursite.com/securimage/).
Next, we will insert the captcha image into your form along with a text field for the user to type the code in.
At the desired position in your form, add the following code to display the CAPTCHA image:
<img id="captcha" src="/securimage/securimage_show.php" alt="CAPTCHA Image" />
Next, add the following HTML code to create a text input box:
<input type="text" name="captcha_code" size="10" maxlength="6" />
<a href="#" onclick="document.getElementById('captcha').src = '/securimage/securimage_show.php?' + Math.random(); return false">[ Different Image ]</a>
Note: You can change the maxlength and size properties to match your image settings.
The second line is optional but gives the user the ability to display a new image if they are having trouble reading the image that was displayed.
Once you get the image added to your form and are satisfied with the look, we will move onto editing the PHP code that validates the CAPTCHA code typed in by the user.
Open the PHP file that processes the form data after submission.
You can find this by looking at the action value inside your <form> tag.
Note: In order to use Securimage, your form processor must be written in PHP.
On the very first line of the form processor, add the following code:
<?php session_start(); ?>
The next few steps will vary depending on how form validation is handled in your code. If you have little or no php knowledge the next part can be difficult.
To check if the code is correct, we will make a call to the Securimage class. The following php code should be integrated into the script that processes your form and should be placed where error checking is done. It is recommended to place it after any error checking and only attempt to validate the captha code if no other form errors occured. It should also be within <?php ?> tags.
include_once $_SERVER['DOCUMENT_ROOT'] . '/securimage/securimage.php'; $securimage = new Securimage();
This includes the file that contains the Securimage source code and creates a new Securimage object that is responsible for creating, managing and validating captcha codes.
Next we will check to see if the code typed by the user was entered correctly.
if ($securimage->check($_POST['captcha_code']) == false) {
// the code was incorrect
// you should handle the error so that the form processor doesn't continue
// or you can use the following code if there is no validation or you do not know how
echo "The security code entered was incorrect.<br /><br />";
echo "Please go <a href='javascript:history.go(-1)'>back</a> and try again.";
exit;
}
The call to the check method checks the generated CAPTCHA code against the code entered by the user. If the code was incorrect, an error message is printed with a link to go back to the form and the script is terminated with exit().
Make sure you check the code BEFORE the form is emailed or entered into a database and only if there were no other form errors.
Following the directions above should get Securimage working with minimal effort. Learn how to customize the captcha images or check out the faq page if you are having problems getting your form to work.
Hi, Its awesome… thanks a lot. Can you tell me how to make it case sensitive? what happened is that, if the image shows “HG2fn3″ and if I put it as “hg2fn3″. then it is validating as correct. i want to make it case sensitive.
03.03.13 at 6:00 am
The simplest way to make the image case-sensitive is to edit securimage.php and set $case_sensitive = true.
Alternatively, you can modify securimage_show.php and your form processor and set the case_sensitive property from both of those places.
03.25.13 at 3:52 pm
This captcha is really good! Thanks. Got in up and running in minutes on my local server but it took me hours to track down why I couldn’t get it working on a hosted Apache server. I’ll post what the issue was in case others have the same problem. If the captcha isn’t validating check your $_SESSION array and make sure there’s some values stuff from securimage in it. You can use print_r($_SESSION) to take a look. I’m used to running my own servers where I set everything in /etc/php.ini or whatever which is why I didn’t suspect the actual problem here. If a database isn’t used also check cookies in the web browser. Firefox -> Page Info -> Security or whatever.
Description of problem: captcha images worked, refresh and audio swf worked as expected. But validation was not possible. First thing I had to do was set a writable session directory. I set the temp directory for sessions a step above public_html by adding an entry to a php.ini file in public_html. Session files were now being created but all were empty – size 0.
To cut a long story short I had to place a php.ini file in each directory on the server including the secureimage directory to get sessions to function properly. Here’s the relevant contents of the php.ini:
session.save_path = “/home/mysite/temp”
session.cookie_path = “/”
12.06.12 at 9:05 pm
Thank you! Works perfectly out of the box.
10.09.12 at 2:40 am
I have installed the script as indicated. However, when I submit a form on my site I get the following, regardless of the correct characters being submitted.
“Sorry, the code you have entered was invalid! Please try again.”
Any help is appreciated.
10.08.12 at 8:37 pm
First, try running the included example_form.php script included with Securimage. If that works, there is a problem with the form processor and/or validation code. In that case see this faq entry.
If it does not work, the server may not be properly configured. In that case, try the Securimage Test Script and see if it is able to reveal the issue.
If those don’t help, let me know as many details as you can and send the form processor code or provide a live URL and I can take a look.
10.09.12 at 9:43 am
great catcha, thank you, works like a charm
09.14.12 at 4:31 am
Aloha, I got the form to work but I am not getting any emails.
Thanks for your help
Carlos
05.22.12 at 1:17 pm
Hi, I see you are using the example_form.php file as your base. At the top, there is a comment about the
variable. If set to 1, no mail is sent, and only the captcha field is validated. If you set that to 0, the call to
should function, and it will also validate the name, email, and comment fields.
05.23.12 at 4:45 pm
Hello,
No problem with the bulk of it, but, although the HTML input field is plenty long enough, the cursor stops after 5 characters and will not allow a 6th one (and most of the images generated are 6 characters). Have you seen this happen before?
05.20.12 at 10:52 am
Sorry to say I haven’t seen that issue. But whatever it is, it is related to the browser and not PHP. Make sure the text input tag doesn’t have the
attribute set to 5 as that will cause that issue.
05.21.12 at 12:24 pm
I am new to PHP so just trying out your captcha code on a localhost site.
The captcha image does not show – I just get an image marker with the words ‘CAPTCHA Image’ using code . There is no problem showing another image from the site using code
05.15.12 at 8:23 am
Most likely PHP doesn’t have GD support which is required for creating images. You can download the Securimage Test Script and it will tell you if your system is capable of using Securimage.
05.15.12 at 8:41 am
Securimage_test.pnp confirms that I have not GD support. How do I obtain that in PHP 5.4.2 ?
05.15.12 at 11:54 am
See GD Installation on php.net. Basically, on Windows you have to enable
which comes with PHP, on Linux, you have to re-compile PHP using the
option. You will also have to have at least libpng installed on your system to generate PNG files.
05.15.12 at 12:16 pm
How do I install libpng ?
05.16.12 at 6:41 am
Hello I am facing problem with include_once $_SERVER['DOCUMENT_ROOT']
“Message: include_once(/var/www/http://205.186.144.160/chauka/securimage/securimage.php): failed to open stream: No such file or directory”
Please guide me thank you.
05.15.12 at 4:33 am
The path being included for Securimage is incorrect. You just need to fix the
path to match your actual path. In this case,
is incorrect and appears it cannot be used, or the path you have appended to it is incorrect. Your host may be able to help with the correct path.
05.15.12 at 8:43 am
Hi all,
I’m using the latest Securimage 3.2RC2. It works great and I want to congratulate and thank you for this captcha.
I had a question… I set the the expiration time of the captcha to 3 hours
{code}
$img->expiry_time = 10800;
{code}
But the captcha is always invalidated before this time.
Does anybody here have experienced this or managed to deal with it ?
Is it related to Securimage or to PHP configuration ?
Thanks for your help,
Alexboss 8)
04.27.12 at 6:03 am
Hi, thank you for the comment.
This is probably due to a PHP configuration. Since the codes are stored in a PHP session by default, your session data may be getting garbage collected long before the 3 hours is up. See the session.gc_maxlifetime PHP setting.
By default PHP will potentially delete all session data older than 24 minutes if it hasn’t been touched in that long. The client may still have the session cookie, but the server has deleted the data so the cookie is no longer valid. Editing this value in php.ini or by other methods is a solution, or set your expiry_time to match PHP’s session.gc_maxlifetime value.
04.27.12 at 7:08 am
Hi Drew,
Thanks for your reply… indeed the session.gc_maxlifetime was set to the default value (1440 seconds / 24 minutes).
I updated my code to make the session lifetime longer – in a .htaccess at the root of my folder :
{code}
php_value session.gc_maxlifetime 10800
{code}
And I also updated the files securimage_show.php / securimage_play.php by adding
{code}
// How long in seconds a captcha remains valid, after this time it will not be accepted
$img->expiry_time = 10800;
{code}
after
{code}
$img = new Securimage();
{code}
So far it works as expected !
Thanks a lot,
Alexboss 8)
05.02.12 at 6:18 am
I am using version 1.0.3.1
I know its old but it was customised for me by a coder to fit my site with variables and it may be a little difficult to change. (example: http://www.spain-holiday-sun.com/holidays/detail-20214-Apartment-Florida-Three-Bedroom-Holiday-Home-In-Javea-Near-To-The-Port.html
Any ideas what could be the problem?
Note: It works fine on IE but fails on FF and Opera
Thanks
04.26.12 at 12:17 am
Hi, great code. I have a small problem, when I open a page with the form on, fill out the form and add the captcha, submit, the error says “Enter correct Captcha” although the captcha was correct. However, when I refresh the captcha, and add the letters the form sends. What could be the problem. Thanks
04.24.12 at 1:35 am
Do you know what version you are using? From the look of it it may be an older version.
04.25.12 at 1:11 pm
Installed in 10 minutes, it was that simple, hope it will prevent me from spambots.
Great script, Thanks a lot.
04.20.12 at 2:20 am
I normally build my own Captcha’s. But it takes a little while. This script has made my life a lot easier. I tried a few, and this one took me less than 5 minutes to setup. I can set it up on a site, distribute it through all the forms, and be done in less than 20 minutes. Really saved a lot of time, and literally faster/easier to setup than any of the other ones I have tried online.
Thanks for this.
04.16.12 at 6:58 am
Hi all,
This is a simple code to implement Captcha, It worked for me.
CAN ANY ONE HELP ME in adding Audio to the Captcha.
i would consider it as great help.
Thanks
Kalai
04.13.12 at 6:39 am
Sure, if you send me a message directly using the email address in the headers of securimage.php or use the contact form on the site, send me some information and code you have tried and I can take a look.
04.25.12 at 1:12 pm
Hello,
captcha image does not load, this is the error:
Fatal error: Call to undefined function imageftbbox () in / ** / site / securimage / securimage.php on line 717
04.11.12 at 2:38 am
Hello,
It appears that PHP on the server you are using doesn’t meet all the requirements. No imageftbbox function means PHP is not compiled with FreeType (TTF) support. Try downloading the Securimage test script and running that on your server and seeing what the results are.
04.11.12 at 10:11 am
i’ve used captcha script in cakephp .captcha images are display,but captcha code is not validate.
04.10.12 at 1:25 am
Did you add the validation code in the correct place? Try the example_form.php script included with the securimage files and see if that validates successfully. If not, please post back and let me know so we can figure out what configuration on the server is preventing it from working. Also try the securimage test script: http://www.phpcaptcha.org/downloads/securimage_test.php
04.11.12 at 10:12 am
Great work not a php programmer but am somewhat smart.. so figured out where in the php everything should go.. although the first php line would be confusing to a novice since you include the closing tag.
For those novices:
ends the php script as in opening closing your html tags to open and to close.
Also I just included the rest of the scripts after the calls to ” if” which i figured were the form checking functions. Not all php forms created the same but maybe this could help others in a bind. ***** Anyways THANK YOU SO MUCH FOR THIS CAPTCHA SCRIPT**** it has been invaluable I was getting 10 to 20 bogus form submissions a day. God bless you for sharing!!!
04.06.12 at 6:50 am
Wow, this worked beautiful right out of the gate. Thank you for sharing your files and easy to follow instructions. They have been very helpful.
03.28.12 at 6:51 am
Thank you!!!
Worked within 2min.
May God bless you!!!
03.26.12 at 12:10 pm
Thanks very much for this well written and well documented project.
03.16.12 at 12:03 pm
Hey thanks! This code worked perfectly for me too… and I’m not even a programmer… I’m a photographer.
Had it up and running in no time.
03.15.12 at 2:20 pm
Very good library, very easy to integrate, also to customize.
And it’s easy also for users to understand the images.
In a single and simple word, perfect.
Regards,
Herman from Spain.
03.13.12 at 3:01 am
Love you mate, You made my day!
03.13.12 at 1:46 am
Hugely helpful code and easy to implement. Thanks! Would anyone be willing to share the code to have the error message appear on the same page/form, as happens on the following pages?
http://www.phpcaptcha.org/try-securimage/
http://www.organicbaby.ro/blog.php
I realize there will be some variables, but just looking at the code may help me figure out how to accomplish this. Thanks…
02.29.12 at 8:52 pm
Superb easy to integrate. Thanks!
02.21.12 at 11:01 am
Fantastic piece of software. Thank you very much for building this! Works like a charm and is super customizable.
02.10.12 at 10:46 am
Thank you very much. Was using reCaptcha all this time. Its really hard to read, so was looking for a different script. It is really easy to integrate
01.24.12 at 5:33 pm
Great script. Works perfectly right out of the box.
01.20.12 at 10:20 am
Had captcha up and running in oscommerce in under 5 minutes. GREAT easy to use script
01.05.12 at 9:48 pm
I love this! It was so easy! Thank you for developing this! Flawless under XAMPP on Windows XP SP3. Didn’t have to change anything, just dropped the files in, used your sample code, and “voila!” Easily integrates with my form validation. Kudos!
01.03.12 at 3:22 pm
Drew, thanks for the heads-up on the wmode trick. Fixed it!!
http://slightlymore.co.uk/flash-and-the-z-index-problem-solved/
01.17.12 at 9:01 pm
Thank you Drew for being SO VERY helpful and quickly responding to my emails!!!
Awesome captcha, I have tried Google’s recaptcha previously and had lots of issues with it.
Keep up the great work!
12.03.11 at 6:37 pm
I would like to validate my form with jQuery. How do I check the correctness of the code entered? how do I let him take the result of $ securimage-> check (‘text field security code’)? thanks
11.08.11 at 4:09 am
You can use jQuery to submit the form, the correct way to do it would be to return any error messages from your ajax call back to the browser. Just make sure you only process the form on the server if the code was correct. The code for the form processor would not be very much different than normal except you should return success/error messages in JSON or XML format so your jQuery code can decide if the form was submitted or not. Also, for best results, don’t try to call check() on the captcha code unless there are no other errors on the form and it is ready to be submitted.
11.11.11 at 4:33 pm
Hello, I was using securimage on 2.0.2 version, but it was hacked by bots quite fast so I tried to upgrade to v.3.0, however easy switch (just replacing files) didn’t work, no image showed, when i tried to see the image on exact path to securimage_show.php it wrote an error I have not seen before using securimage:
Warning: Cannot use a scalar value as an array in /home/e-boszkowo/ftp/securimage/securimage.php on line 1046
Warning: Cannot modify header information – headers already sent by (output started at /home/e-boszkowo/ftp/securimage/securimage.php:1046) in /home/e-boszkowo/ftp/securimage/securimage.php on line 889
and some more of the “cannot modify header” errors.
session is started exactly on first line of the page, have no idea where to look now. Any help? Thanks in advance.
11.05.11 at 6:48 am
This was because the structure of the session changed between the 2 version. Just clear the cookies from your browser for your site and the error should go away. I do want to release a new version that fixes that problem though. Sorry for the trouble.
11.11.11 at 4:34 pm
I was getting this same error. I am storing sessions in a MySQL DB instead of the file system, so I am using custom session handlers. I just included my main config file with my own session info at the top of securimage_show.php (and securimage_play.php if using audio) and it’s fixed.
Are you storing sessions the same way?
06.07.12 at 7:03 am
Worked 1st try and I know very little about PHP… I didn’t change one character, just copy-paste! Thanks a million
10.19.11 at 6:51 am
will secureimage work with javascript disabled?
10.18.11 at 3:54 am
It will, but the code to allow the user to refresh the image will not function.
04.06.12 at 8:26 pm
Thanks, this was incredibly helpful! I had this up and running in no time. Just had to change the session name variable. Very nice implementation!
10.06.11 at 3:43 am
Hello, I downloaded your script and followed all the instructions. It works when I go to the actual directory and use the example form, but not when I include the script on another page.
This is the error I get:
“Warning: include_once() [function.include-once]: open_basedir restriction in effect. File(/usr/local/apache/htdocs/securimage/securimage.php) is not within the allowed path(s): (/home/:/usr/lib/php:/tmp) in /home/******/public_html/signup/index.php on line 134
Warning: include_once(/usr/local/apache/htdocs/securimage/securimage.php) [function.include-once]: failed to open stream: Operation not permitted in /home/******/public_html/signup/index.php on line 134
Warning: include_once() [function.include]: Failed opening ‘/usr/local/apache/htdocs/securimage/securimage.php’ for inclusion (include_path=’.:/usr/lib/php:/usr/local/lib/php’) in /home/*******/public_html/signup/index.php on line 134
Fatal error: Class ‘Securimage’ not found in /home/*******/public_html/signup/index.php on line 135″
I changed the include code to a basic ‘/securimage/securimage.php’, and it works but the ‘Fatal error: Class ‘Securimage’ not found’ error is still there.
Any suggestions on what to do?
09.28.11 at 5:38 pm
If the securimage files are uploaded to /home/yourname/public_html/securimage then you should include ‘/home/yoursite/public_html/securimage/securimage.php’; It looks like you were trying to use a path other than that. Or ask your host to turn the open_basedir restriction off or modify it for your account.
09.29.11 at 4:11 pm
worked really well for me – much appreciated, thanks!
09.25.11 at 1:31 pm
What an absolute star! I’ve been pulling my hair out over how to implement a decent captcha method on my website and then I stumbled across this page – I got it working in less than 10 minutes!!!!! You sir are a life saver!!!! Thank you so very much
09.15.11 at 2:34 am
Helemaal Cool !!! Keep it Up !!!
09.13.11 at 11:47 am
Excellent solution and easily implemented!!! Bot spam is an unfortunate plague on the Internet these days, and it’s good to know that your code is available for developers. Thank You!!!
08.21.11 at 8:02 am
thanks for the code!! it works great.
i am running into one problem however.. if i want to use this when i already have a session started (a user logged into my site), it fails every time.
is there a way to make it work with a session that has already been established?
any help would be great.
thanks
08.09.11 at 4:44 pm
If you have already started a session, then securimage.php will detect that and use the existing session. Securimage_show.php always uses its own session since it runs independently, the only time this can cause a problem is if your session uses a session name other than the PHP default. If that is the case, edit securimage.php and change $session_name to match the name you are using.
09.26.11 at 10:09 am
u saved my day
the script worked just like that
Linoy Joseph
08.08.11 at 10:33 pm
Thanks for the great code. What a timesaver! I incorporated it into my cakePHP app in about 30 minutes. I had to hack at the code a bit to make it “cake compliant” but the changes were minimal. Now I have a nifty component I can use in any controller. I just drop the .swf file on my web root and any background images in my webroot/img folder and everything works automagically thanks to your hardwork! If you are interested in the component and view element that I created for cakePHP let me know and I’ll share my code with you. Thanks again!
07.12.11 at 4:08 pm
How do you use AJAX on this? Any simple code I can look at?
Thanks.
07.06.11 at 8:21 am
Use AJAX, or the form will be reset…. This is the 3rd time I submitted a comment… past ones got reset.
Thanks for the script.;
06.25.11 at 9:09 am
THANKS VERY MUCH!
EASY AND COOL! =)
06.14.11 at 7:42 pm
i usually am not great at that cut and paste of code but that was so easy and IT WORKED! Thanks so much!
06.14.11 at 12:45 pm
thank you thank you thank you, this worked right away, made my day, saved me several hours – thank you!
06.07.11 at 10:09 am
On my opera 11.01 build 1190 validation always fails. In other browsers(firefox, ie6, ie8) everything is good.
05.19.11 at 11:01 pm
ok so it’s working… finaly,
I was pulling my hair out trying to figure out what was wrong, but it seems ur code is missing the P3P site acknowledge code for IE’s session. (tip: build it for firefox, hack it for IE). So I’m writing this to u in firefox (it rules). If people have trouble with Internet Explorer, IE, IE6, IE7, IE8 / IE9, P3P is the way to go.
I have a question, how do I set the background of the captcha to transparant? Have a designer site and the block is quite ugly.
Kind regards,
Kevin
05.12.11 at 5:44 pm
This is one of the best easy to use tool i downloaded. Thank you very much. Great job.:)
05.11.11 at 5:25 am
Hi! I changed my form code and now the CAPTCHA works fine. It was my mistake. Thank you for this useful code.
05.11.11 at 2:43 am
Would like to say a big thanks for this script. It worked the first time without any hitches. Great job!
05.05.11 at 2:31 am
Thanks very much for this download. Fairly straightforward and works well.
04.27.11 at 8:20 am
This is totally awesome. Should the session started on the form handler be destroyed at some point? If so, where. Saw a security concern on Wikipedia (http://en.wikipedia.org/wiki/Captcha) that says a session ID of a known image can be used to crack a code. Very impressive, keep up the good work.
04.26.11 at 10:44 am
Aside from preventing a cookie from continuously being sent from the client’s browser, there is not really any need to destroy the session. Once a code has been validated as correct, it is deleted from the session so there is no way it can be re-used under any circumstance.
04.27.11 at 9:38 am
Awesome, thanks for that, worked first time, dead simple….
04.14.11 at 3:50 pm
Awesome, thanks very much for this!
04.14.11 at 2:46 pm
Thanks for the code for integrating captcha in forms.
04.13.11 at 6:48 am
Thank you VERY MUCH for providing this script. Works GREAT! and easy to install.
04.07.11 at 11:23 am
Hello everyone, I just wanted to share some good news. If you are using the older version of Securimage and it is not working with your IE 9, you can install the new Securimage 2.0.2 version and it will solve the problem (It did for me). Great program!
03.27.11 at 7:25 pm
hy
Today I was inundated with spam via my contact form. therefore, I have integrated your script. your script is really easy to install, thanks you’ve done the work. nice that you provide it.
excellent work!
03.26.11 at 11:01 am
There is a problem with the XFBML Facebook Button. In the Internet Explorer and only in this browser, the Facebook Button reloads the page and generates a new code in securimage. I searched the error for about 5 hours!
I hate Facebook and still like your captcha script!
03.26.11 at 6:03 am
Hi, this is a great script, i installed it on http://www.organicbaby.ro/blog.php and it works perfectly!
10x
03.23.11 at 11:31 pm
Just want to say thank, much love for the script you provided. I was getting hit with spam bots so i appreciate it. Very easy to upload. Thanks
Do have one question if you could assist, how can i make the input text area and my reset and submit buttons bigger?
03.23.11 at 8:04 pm
CSS would be the easiest way to do that. With the input box, if you increase the font size you can increase the input size, or like with a submit button, you can also specify the height and width manually:
<input type="text" name="captcha_code" style="font-size: 16px; height: 20px; width: 180px" />
<input type="submit" value="Send Form" style="height: 30px; width: 81px; padding: 4px 2px" />
03.24.11 at 8:41 am