Duminda Chamara

Wednesday, February 20, 2013

Create captcha image in php

How to create CAPTCHA image in PHP?

This article explains you how to create captcha image using PHP programming language

What is a captcha image?

CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart. Captcha image is small image (jpg, png, or gif) with a random tiny text that use to stop automated form submission. Generally there can be characters,numbers, or combination of characters and numbers on the captcha validation image. The text on the captcha image is difficult to read at once. You have to see it carefully, to identify characters represent on the image. There are hundreds of fonts use to make captcha verification images. Also there can be irregular lines on the image. All those things make it difficult to read the text on the image. Only a human being can read and understand the text on the captcha image. No other easy method to read the verification code. Usually there are 4 to 16 characters on a captcha image. When the number of characters increased, the text is divide in to two words. So the user have to clearly identify those words.

Demo: Create CAPTCHA validation image

Why we use captcha verification codes/images?

You may also experience with automated form submission. Automated form submission means submit a web form using a computer program. As an example you can use Curl to submit web forms automatically. This may cause waste server resources, exceed CPU usage and hosting provider may suspend your hosting account. Using robot programs can fill your database with garbage. This is very annoying. So computer engineers purpose the solution of captcha images. Before you submit the form you must prove that you are a real human. Captcha images are difficult to read using robot programs. Only humans can do.

The text on the captcha image is changing randomly. If you failed to enter correct code you may ask to enter a new captcha code. Likewise verification code changes every time that you submit the form. If you fail to enter the captcha code two or three times, some captcha programs ask you to enter complex verification codes.

How captcha image works?

This is simple. When you request the from from the web server, at the same time it generates a session variable that contain the captcha text. There is a script that use to generate a image including the captcha string. It makes the text difficult to read. This can be achieve using several steps.

Captcha Image Verification Process
  • Change the font style randomly (Usually captcha fonts are difficult to read at once).
  • Change the font size randomly.
  • Change captcha text randomly.
  • Add lines, dots to the image to make it difficult to read (distort the image).
  • Produce combination of simple/capital letters with numbers.
Using above methods you can generate more reliable captcha codes. After you fill the web form, additionally you have a challenge to enter the correct captcha code. If all OK you can submit the form. At the server side first task is match the generated captcha code with the entered captcha code. Before process the request, you need to pass the captcha verification test. Once you have entered the captcha code correctly, computer recognize you as a real human and execute the rest of the program. If you failed to pass the verification test, you may again ask to enter a new captcha code. So you need to enter correct captcha code to process your request.

Is it possible to break/crack captcha images?

We can't 100% guarantee that captcha codes can stop spams completely. But it can effectively stop spams. Today there are many computer character recognition programs are developed to read captcha images. Those programs can identify characters in to some extent. Also they have proven such programs can pass the captcha test. But automated computer programs can't recognize all kind of verification codes. So the challenge is creating creative complex captcha images that hard to break.

Advantages of using captcha verification images?

  1. Stop automated form submission.
  2. Stop several kinds of spams (E-mail, registration forms, forum/blog comments, etc.).
  3. Save server resources such as bandwidth, storage, memory and CPU usage.
  4. Help to read old books and digitize them. 
  5. Preventing dictionary attacks.
  6. prevent overloading web servers from spammers.
  7. Prevent automated attacks.

Usage of CAPTCHA images?

  • When creating e-mail accounts. (Gmial, Yahoo, MSN e-mail programs ask to proof you as human using captcha codes).
  • When logging to email accounts.
  • Blog, forum comment submission.
  • In any kind of online user registration forms.
  • When downloading files from file sharing sites.
  • Any kind of user login forms.
  • Online Polls.
  • Stop sending automated queries to search engines.
  • To stop any kind of spam.