Using Captcha IDs

A new feature in Securimage 3.5 is something called a Static Captchas which stores captcha codes in a database and validates them using a unique captcha ID that gets sent along with your form. This removes the need for client side cookies or relying on IP address based tracking as a backup to cookies.

Implementing static captchas requires some knowledge of PHP programming and is more complicated than using the default configurations, however, it is often the most reliable way to implement Securimage into 3rd party applications or store codes in a database without using cookies.

Implementing static captchas can be done in a few basic steps. The general idea is to have your application first generate a new static captcha which returns a unique captcha id. On your HTML page containing the captcha, you pass the newly generated captcha ID to a PHP script which outputs an image associated with the given captcha id. In addition, you embed the captcha id in a hidden form field which gets passed along to the validation script. The validation script then calls a function which validates an input against a captcha id.

Put simply:

  • Request new captcha ID
  • Show captcha image based on captcha ID
  • Add captcha ID to hidden form element
  • Form processor validates input against captcha ID in database
This example assumes that you have edited securimage.php and entered the appropriate database settings as described in Database Storage.


Getting a new Captcha ID

First, your script will generate a new captcha ID by calling Securimage::getCaptchaId(). Passing true as the first parameter forces a new code to be generated and returns a new ID. Optionally, additional configuration options can be passed as the second parameter.

Calling getCaptchaId() automatically sets the no_session and use_database options to true. You will need to specify whether to use Sqlite/MySQL/PostgreSQL and the database credentials in securimage.php or by passing the values to the constructor.

require_once 'securimage.php'; // change to actual path to securimage.php!
$captchaId = Securimage::getCaptchaId(true);

// Passing additional options to getCaptchaId()

$captchaId = Securimage::getCaptchaId(true,
array('code_length'     => 4,
'database_driver' => Securimage::SI_DRIVER_MYSQL));

Outputting the CAPTCHA

Once you have generated a captcha ID, display the image on your form by specifying the captcha ID to display.

On your HTML form, use this code to show the captcha code:

<form method="post" action="form.php">
<input type="hidden" id="captchaId" name="captchaId" value="<?php echo $captchaId ?>" />
<img id="siimage" src="captcha_display.php?captchaId=<?php echo $captchaId ?>" alt="captcha image" />
<input type="text" name="captcha_code" value="" />

The following example PHP code shows how to output an image for a captcha ID:

<?php // captcha_display.php

require_once 'securimage.php';

$captchaId = $_GET['captchaId'];

if (empty($captchaId)) {
die('no id');

// database settings must be configured in securimage.php or passed in $options

$options = array('captchaId' => $captchaId);
$captcha = new Securimage($options);


Validating the captcha by ID


require_once 'securimage.php';

$captcha_code = $_POST['captcha_code'];
$captchaId    = $_POST['captchaId'];
$options      = array();

// database settings must be configured in securimage.php or passed in $options

if (Securimage::checkByCaptchaId($captchaId, $captcha_code, $options) == true) {
// code here for successful validation
} else {
// input was invalid for supplied captcha id

More Information

For a standalone working example, see the file test.mysql.static.php in the Securimage GitHub repo.