If you are having trouble getting the CAPTCHA image to display, are getting blank pages, or the code is always incorrect, make sure to download the Securimage Test Script, upload it to your website, and open the URL in your web browser.

The test script checks for configuration errors in PHP than can cause Securimage not to work, as well as makes sure your server meets the requirements for using Securimage.






All Questions

  • I get an error that says “Call to undefined function imagecreate()” in securimage.php.

    • AnswerIf this error appears it means PHP does not have GD support which is required for creating images with PHP. Unfortunately, if you get this error Securimage will not work.

      GD has been included with PHP since version 4.3 but some older PHP installations do not support it. You will need to contact your webhost to request GD support, or recompile PHP with GD support if you are running Securimage on your own server.

      See the Installing/Configuring GD page on php.net for more information.

  • Even if I type the correct code, Securimage always says it is wrong.

    • AnswerIf you have not already done so, please download the Securimage Test Script and follow the directions listed at the top of this FAQ page. Otherwise follow the steps below.

      1. In your form processor, the first line of the script must be

      <?php session_start(); ?>

      If any HTML or whitespace is output before starting the PHP session, then the validation will not work.

      2. Cookies must be enabled in the client's browser or the validation will always fail!
      To allow users with cookies disabled you must use the new SQLite database option in Securimage.

      3. Check to make sure the HTML input tag's name attribute for the captcha code input is the same name that is being checked in your validation code. If your form uses <input type="text" name="captcha_code" /> then the form processor must reference $_POST['captcha_code'] when calling $Securimage->check().

      4. If the variable names are the same this may be due to a problem with the PHP session that is used to keep track of the user and what their code is. It is possible that the session was not started or more likely that the session name being used in securimage_show.php differs from the session name used in the script that does the code validation. It is common for other software platforms (forums, content management systems, form processors etc.) to use a session name other than the PHP default. If this is the case, you must determine what session name is used by the software and use the same session name in securimage_show.php and securimage_play.php.

      A non-default session name can be passed to Securimage so it can share a session with another software platform with the following code: $img->session_name = 'your_session_name';

      Note: Securimage will NEVER destroy a session so it is safe to use with systems that persist user data with sessions; it only changes its own session variables.

  • I get an error that says "Call to undefined function imagecreatetruecolor()" in securimage.php.

    • AnswerThis problem may indicate that your version of PHP does not have GD support as indicated in the previous FAQ question but it is possible that Securimage will still work. Depending on your PHP and GD versions this function may not be defined.

      To have Securimage use the regular imagecreate() function a background image must not be used and transparent text needs to be turned off. Under these two conditions the imagecreate() function will be used.

      Note: This function will not work with GIF images. It is recommended to use the PNG format for your images.

  • I get an error that says "Call to undefined function imagettftext()" in securimage.php.

    • AnswerYour version of PHP does not have FreeType support built in. FreeType must be installed in order to use TTF fonts.

      You can still use Securimage but you will need to use GD fonts instead of TTF fonts. It is advised to use TTF fonts if possible as certain features of Securimage will not work when using GD fonts (i.e. multiple letter colors, image distortion, transparent text, angled text). GD fonts are also system dependent and can be difficult to find.

  • The image appears but there is no text on the image.

    • Answer
      There is a known bug in PHP 5.3.2 that can cause this problem intermittently. If you are using PHP 5.3.2, you may need to upgrade to a newer version.

      If the code does not appear on the image it usually means one of two things. Either the path to the TTF file is incorrect or there is a problem displaying transparent text in the PHP and GD version you are using.

      First see if the text will appear by setting use_transparent_text to false (ex. $img->use_transparent_text = false;).

      If the text still does not appear, you will need to make sure the path to the TTF font file is correct and that the font file is accessible. It is recommended to use an absolute path to the TTF file. This varies between configurations and web hosts but some examples are (/home/yoursite/public_html, /var/site/html for Unix/Linux or C:\inetpub\wwwroot on Windows). If you are unsure of the path, check with your host or try the following code: $img->ttf_file = $_SERVER['DOCUMENT_ROOT'] . '/securimage/font.ttf'; The font name and Securimage folder will depend on where it was uploaded and what font is uploaded.

  • The image does not show up on my HTML page.

    • AnswerMake sure that the URL specified in the HTML img tag points to the proper location of securimage_show.php. To be sure you can use the full address (i.e. http://yoursite.com/securimage/securimage_show.php).

      To verify that another problem doesn't exist, try viewing the image directly in your browser by going to securimage_show.php in your browser.

  • No image appears and nothing shows up when I go to securimage_show.php

    • AnswerA fatal PHP error may have occurred that is preventing the image from displaying and the PHP configuration is not set to show error messages. To enable error display add the following code just after <?php in your securimage_show.php script: ini_set('display_errors', 'on'); error_reporting(E_ALL);

      After saving the file with those changes go to securimage_show.php in your browser to see if any errors are displayed that can help in determining why the image is not showing.

  • I get an error saying "Warning: include(securimage.php) [function.include]: failed to open stream: No such file or directory in ..."

    • AnswerThis means that the path to securimage passed to the include statement was not found. You will need to change the include "securimage.php"; line to point to the correct location. The paths vary between servers and configurations but this is the absolute path to securimage.php. In 99.9% of scenarios using include "/securimage/securimage.php"; is incorrect.

      If you are unsure of your path, contact your host or try changing the include to include $_SERVER['DOCUMENT_ROOT'] . '/securimage/securimage.php';.

  • I get an error on my pages that says "Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at page.php:###) in securimage.php on line ###."

    • AnswerSecurimage depends on PHP sessions to store the CAPTCHA code in between requests to the server. Because most sessions use cookies, a header must be sent to the user's browser and headers MUST be sent before any portion of the page content is displayed.

      Securimage will attempt to attach itself to an existing session but will attempt to create a new one if one does not exist. Because of this, your code must have a session established or securimage.php must be included before any HTML is sent. The easiest way to solve this is to start a session at the very beginning of the first page that is named in the error message (page.php as shown above). To do this use <?php session_start(); ?> on line 1 of the page.

      If you are integrating securimage.php into an existing software platform you should make sure starting a session yourself will not interfere with its operation.

  • I get an error saying "Parse error: parse error, unexpected T_CONST, expecting T_OLD_FUNCTION or T_FUNCTION or T_VAR or ‘}’"

    • AnswerThis error means that your website is using an outdated version of PHP. Securimage requires PHP 5.2 or greater and will not run on PHP 4. If you are getting this error message, consider upgrading PHP or asking that your web host do so.




49 comments “FAQ”

PROBLEM USING WITH jquery verify
Need ajax support.
captcha image destroied when check captcha code .
need something like
$securimage->ajaxchk // not destroy or recreate it
also able to set captcha timeout.

To all people who has similiar problem with session in Jooomla! (my version is 3.x) – THERE IS EASY SOLUTION! I have tried to change session_name many times to same name as Joomla!’s session name, but it isn’t solve problem. To repair it, just add above code to securimage_show.php at the top of page (before create Securimage object): 
define( ‘_JEXEC’, 1 );
define( ‘JPATH_BASE’, realpath(dirname(__FILE__).’/../..’ ));

require_once ( JPATH_BASE . ‘/includes/defines.php’ );
require_once ( JPATH_BASE . ‘/includes/framework.php’ );
$mainframe = JFactory::getApplication(‘site’);

It will create Joomla! session before create new captcha code and add it value to session variables. 

Hope it helps!

I get an error on my pages that says “Warning: session_start() [function.session-start]: Cannot send session cache limiter – headers already sent (output started at page.php:###) in securimage.php on line ###.”

After this message, I have created another file and copied all codes to this and problem solved.
I though the cause cash of server.


I’ve installed the script. The captcha displays correctly. Running securimage_test.php reports that everything other than PostgreSQL support is in place and that the script should run okay.

However when I attempt to submit a completed form I get an “internal server error”.

The server error log tells me only that:

[Fri Nov 14 20:44:53 2014] [error] [client XXX.XXX.XXX.XX] File does not exist: /home/xxxxxxxxx/public_html/500.shtml, referer: http://www.shiftfocus.com.au/contact.html

So all it’s telling me is that there isn’t a 500 server error page to display, not what the issue is with the script.

I was a little uncertain as to what permissions to assign to the various securimage components… might that be the issue here?

Same issue
Captcha always shows wrong
I checked everythng including session names which are same….
Please help

Hi, if you have a URL with the problem, email me using the contact form and I can take a look. Thanks!

Hi – I have captcha configured with sicurimage and formtoemail.php –
BUT the first time I enter the captcha code, I get the error page saying I entered the wrong captcha. When I go back to the page and refresh the captcha image, and enter the new code the form is submitted successfully.
So why does it work on reload, but not with the originally loaded page? Thanks for any help!

I’ve seen this kind of thing happen in cases with some jQuery UI tools installed where the securimage_show.php script gets called twice but displays the image from the first view which becomes invalid after the second call. Try using your browser’s debugging tools or a packet capture utility like Wireshark to see if securimage_show.php is getting called twice when you load the page.

I have sound problems:
On the phpcaptcha.org/demo page: 
example 1) with Chrome. OS X 10.7.5: text to speech not audible
example 2) with Chrome. OS X 10.7.5: text to speech audible
example 1) with Safari OS X 10.7.5: text to speech audible
example 2) with Safari. OS X 10.7.5: text to speech audible
Captcha below with Chrome: text to speech not audible 
On my side http://www.philipskoor.nl/contact-2 audio worked fine for years, but after a wordpress update, text to speech did not work anymore.
Any suggestion how to solve all this ?

I just wanted to leave a thank you note in your website. Because this is one of the best captcha script I have ever come across. Btw, I was testing your script in my wamp installation and it was not working. After some debugging, I found that the image path was wrong:

This is probably due to how windows creates path information. So I added a new line after line: 1170 in your securimage.php to fix the path error:

$securimage_path = str_replace(“\\”, “/”, $securimage_path); //for windows


I’m testing this captcha on my site, and it is working properly in IE and Chrome. But I get no cpatcha image in Firefox. Can you please advise?

if i use jquery-mobile.js ,it will not get any value….

What code did you use to try to get the value?

hello ,

i am using secure image captcha code , my page name is exmple.php can i get the value of captcha in textfield using jquery or session , 
because if captcha code is wrong i dont want to reset my form value , 

is there is any other way to do this pls help

It is possible to get the value with jquery but the validation must be server side or a bot can pass the validation. Either use AJAX to submit the form, or use proper form handling techniques to submit the form to itself and re-populate the fields in case of error.

When I type the code wrong, it still says I’m right. What am I doing wrong? Image is working, choosing different image is working, no errors, no warnings, just not validating when it’s wrong.


Typically this means you are calling $securimage->check() from the wrong place in your code. Either too late or it is in a block of code that isn’t being reached.

Hello, is it possible to have a transparent image as background on the captcha ? Thanks for your reply. Eric.

Hi, The recaptcha image is displayed properly in my website. But the validation of recaptcha and user entered recaptcha code gets fail. I tried to retrieve generated recaptcha value from $_SESSION[‘ ‘] but its returning an empty string. Can anyone please help me.

Hi, I have used the phpcaptcha code and followed the steps as mentioned above. But the captcha image isn’t displayed. Instead its displaying alternative text which is mentioned. Used the test script(securimage_test.php) also. But its displaying the error “imageftbbox function: No The imageftbbox() function is not included with your gd build. This function is required”. Can anyone help?

In order to use Securimage, PHP must be compiled with FreeType support (–with-freetype-dir) so TTF fonts can be used. You will need to enable that in order to use it.

Thanks for your comments. Got the recaptcha image successfully. But now facing issue in recaptcha validation. Validation of generated recaptcha value and user entered is getting fail. I tried to retrieve generated recaptcha value from $_SESSION[‘ ‘] but its returning an empty string. If we start the session using session_start() am getting error as ” Setting up of database session failed.

Please notify server administrator.” Can anyone please help me.

The audio image is not displayed in IE browser

Flash 9 or greater is required in order to show the audio image, but it will work even in IE6 with the right flash version. Are you using Securimage 3.2 or an earlier version?

This is a great script and I had no issues implementing. What would it take to get the error codes to show on the same page?

Hello. I am getting the error that my secureimage is always wrong, even when it’s entered correctly… I checked the faqs, and thought I followed the steps listed, but it’s still not working… Not a php whiz here (designer), can someone tell me what I am missing please? The page I am trying to make work is http://www.stonecreekcustomhomes.com/contact-stone-creek-custom-homes-v2.html

Any help would be greatly appreciated. Peace,

I should’ve read all of the answers to previous posts first – moved the code further down the script, now it works… Thanks for this easy to use solution – it is appreciated!


I get this error on securimage_show.php :

Parse error: parse error, unexpected T_CONST, expecting T_OLD_FUNCTION or T_FUNCTION or T_VAR or ‘}’ in /home/comfort/web/securimage/securimage.php on line 129

Any help you can give would be great.

This error means your server is running PHP4 and Securimage 3+ requires PHP5.2 or greater in order to run. You can use Securimage 2 instead, or consider updating PHP on your server.

Good morning, I need help.
I have mounted the library and it works correctly.
But sometimes, it shows me the image, but does not show the text in the image.
I have reviewed the routes of the TTF file and are OK.
As already said, the error is not always produced.
Anyone can help me.
Thank you

This is caused by a bug in imagettfbbox in PHP 5.3.2 on some systems. Upgrading to a newer version of PHP and GD should resolve this problem.

my web error:

Call to undefined function imagettfbbox() in /home/gravity/public_html/captcha/securimage.php on line 867

please help me

This most likely means you have an older version of PHP or PHP & GD are not compiled with FreeType (TTF) support. Make sure you have at least PHP 4.3, and preferably PHP 5.2 or above, and that GD and FreeType are included. You can create a script with in it to view your configuration.

Image does not display, on looking at http://www.nickothyme.co.uk/securimage/securimage_show.php I am getting the message starting

Warning: session_start() [function.session-start]: open(C:\inetpub\conf\temp\sess_29k9lj9nab1uge70gqk6cg45t7, O_RDWR) failed: Permission denied (13) in E:\Inetpub\win1658\website\securimage\securimage.php on line 523


This means that sessions are not configured correctly in your server’s php.ini file. The actual cause is that your user does not have permission to write to C:\inetpub\conf\temp\ where sessions are stored.
That folder should either be writable by everyone or changed to something your user can write to.
One thing you could do is to modify securimage.php and add ini_set('session.save_path', 'C:/some_folder'); where C:/some_folder is a location you have permission to write to. It could be a folder in your directory that is not accessible from the web.

I try to make Securimage to work, but it seems to refuse to work with my existing session, which is however very classic and not so special. The only difference is I have to give the session a particular name. Why is there a problem between Securimage and a named session ?

If you have changed the default name of the PHP session from PHPSESSID to something else, you will need to inform securimage of the change by editing securimage.php and setting the $session_name value to match the name you chose for your session. Then securimage should work within your custom session.

Hello! First of all i have to say it is a very nice captcha! However I didnt understand what exactly i have to do in order to implement the captcha to a component that I created for joomla cms.

Thanks in Advance..

I set up securimage once for Joomla, and had to modify securimage_show.php a bit to get it to use the Joomla session because Joomla generates a random session name for each user. Unfortunately I don’t have the modifications anymore but if you need help feel free to contact me with the contact form and show me what you have. Here is a a Joomla extension that uses securimage so you may be able to figure something out from that too.

Hi! The $_SESSION[‘securimage_code_value’] is always empty. The PHP session_name() always return a session_name(). Any idea?

If this is always blank, it may be that you are using a different session name than the default PHP session, or there is a problem with the session save path in php.ini. Try adding error_reporting(E_ALL); ini_set('display_errors', 1); in securimage_show.php just after the <?php tag and open securimage_show.php directly in your browser and see if any errors are output.

The following link might help you http://reydacoco.blogspot.com/2010/08/fixing-fatal-error-call-to-undefined.html

Hi Drew

I am testing this out but the validation always fails. I am using a custom session handler with a database but none of the possibilities that you mention in the FAQ seem to apply. Any ideas ?


Were you able to confirm that the securimage session data was making it to the database? Was your session save handler set in php.ini or in one of your scripts? If it was set in a script, you will need to modify securimage_show.php so it knows to use the correct session handler. Contact me from the contact form if you are still having issues.


This is what I get when I run securimage_show.php directly:

The image “http://www.florida-dreaming.com/securimage/securimage_show.php” cannot be displayed, because it contains errors.

Can you help?


Hi, I looked on your site and saw this when I try to load the image:

HTTP/1.1 500 Server Error
Date: Mon, 26 Sep 2011 17:26:34 GMT
Server: Microsoft-IIS/6.0
Pool: 77
X-Powered-By: ASP.NET
Content-Length: 460

PHP Warning: imagettfbbox() [function.imagettfbbox]: Could not find/open font in \\boswinfs03\home\users\web\b814\nf.creativemathandc\florida-dreaming.com\securimage\securimage.php on line 867
PHP Warning: imagettftext() [function.imagettftext]: Could not find/open font in \\boswinfs03\home\users\web\b814\nf.creativemathandc\florida-dreaming.com\securimage\securimage.php on line 878

Hello there:
I am having not issues at all, and very happy btw with it. It works in FF4 and 5 and  IE8 and 9. However, it seems not work in Chrome.
Is that normal? Am I missing something?
Thanks in advance

PS… It does´nt eitheir on this one so…my friend Copy/Paste

I’m trying to use securimage with a FormToEmail php script. Where in this script should I place the securimage code? I’m not sure where the validation ends in this script. I don’t think I have it in the right place because I’m getting random results with it eg says code is incorrect when it’s right and vice-versa – testing in Firefox 3.6.6.

Finding the right place to put the code in pre-made form-to-email scripts can be difficult sometimes due to the way they are built.
Generally, the best place to put it might be right before the actual email is sent. For best results, you will only want to attempt to validate the captcha code if there were no other errors with the form.
The reason for this is because if they typed the code correctly and you validate it, the code will no longer be valid and if there were other errors on the form then the validation was for nothing.
Hope that helps

Leave a Reply


Reload Image