Quickstart Guide

Note: Securimage is a legacy self-hosted PHP CAPTCHA. It still works, but for new projects use hCaptcha or Cloudflare Turnstile instead.

Two steps: display the CAPTCHA image in your form, then validate the submitted code in your form processor.

Step 1: Download Securimage

Download the latest version from GitHub:

git clone https://github.com/dapphp/securimage.git

Or download a ZIP release and extract it. Upload the securimage/ folder to your web server. The examples below assume it lives at your site root: yoursite.com/securimage/.

Step 2: Add the CAPTCHA to Your Form

Add the CAPTCHA image and a text input to your form:

<!-- Display the CAPTCHA image -->
<img id="captcha" src="/securimage/securimage_show.php" alt="CAPTCHA Image" />

<!-- Text field for the user to enter the code -->
<input type="text" name="captcha_code" size="10" maxlength="6" />

<!-- Optional: "Different Image" refresh link -->
<a href="#" onclick="document.getElementById('captcha').src =
  '/securimage/securimage_show.php?' + Math.random(); return false">
  [ Different Image ]
</a>

The refresh link lets users request a new image if the current one is unreadable. Match maxlength to your $img->code_length setting.

Step 3: Validate in Your Form Processor

Open your form processor (the action target of your <form> tag). Call session_start() at the very top, before any output:

<?php
session_start(); // Must be first, before any output

Then check the CAPTCHA code:

<?php
session_start();

include_once $_SERVER['DOCUMENT_ROOT'] . '/securimage/securimage.php';

$securimage = new Securimage();

if ($securimage->check($_POST['captcha_code']) == false) {
    // Code was incorrect — stop processing and return an error
    echo 'The security code you entered was incorrect.';
    echo ' Please <a href="javascript:history.go(-1)">go back</a> and try again.';
    exit;
}

// Code was correct — continue processing the form
// ...send email, insert into DB, etc.

Important: Check the CAPTCHA after other form fields, and only when no other errors occurred. Otherwise the session code gets consumed on a failed submission and the user has to solve it again.

Step 4: Verify It Works

Load yoursite.com/securimage/securimage_show.php directly in your browser. You'll see a CAPTCHA image. If you get a blank page or error, enable error reporting temporarily:

<?php
error_reporting(E_ALL);
ini_set('display_errors', 'on');
// ... rest of securimage_show.php

Requirements

PHP 7.2 or higher (PHP 8.x fully supported)
GD extension with FreeType support (for TTF fonts)
Sessions enabled (default on most hosts)

Upload server_test.php from the Securimage package and run it to check dependencies.

Next Steps

Customizing Securimage — colors, fonts, image size, distortion, and character sets
FAQ — common problems and solutions from real users
CAPTCHA Alternatives in 2026 — comparing Securimage with reCAPTCHA v3, hCaptcha, and Cloudflare Turnstile