What it is

A PHP captcha script, requiring users to enter in a code from an image to verify that they are human and not a spam bot.

Features/What sets it apart


Enter the code from the above image:

How it works

easycaptcha.php displays the image, and sets a cookie. The cookie is an MD5 hash containing:

Because a secret code is used the captcha cookie tokens cannot be forged, which means that only easycaptcha.php can generate a valid captcha cookie.

The user submitted captcha code, user's IP address, the time, and the secret code are used by the validation code to create a new MD5 hash. If the new MD5 hash is the same as the one given then the hash is valid, and the captcha was entered correctly by the same user that saw the image.

The time is then checked to make sure that the captcha is less than 5 minutes old, to stop the same cookie from being used over and over.

To put it in simplified pseudo-code:



1. Replace "OASDOIJQWOIJDASDOI" in captcha/easycaptcha.php, and the code snippets below, with a different secret code.
2. Copy the EasyCaptcha directory into the directory which contains the code you want to protect.
3. Copy the two code snippets below into the appropriate places. One snippet shows the captcha image, the other snippet validates the captcha hash.

Print captcha image code: Insert this code into the registration/comment form, where you want the user to view the image and enter the captcha code in.

Validate captcha token code: Insert this code whenever you want to make sure the user can go no further if they haven't entered the captcha.


View the source of the sample used in this page.

Download EasyCaptcha

Install guides for phpBB 2 and phpBB 3 (Update 14/3/09)

See this guide for info on installing into phpBB2/3 specifically, or if you want to install to a different piece of software and want to see what's typical.

Using EasyCaptcha for e-mail validation

If you're using EasyCaptcha for user registration you'll need to validate e-mails with as little fuss as possible, and this can also be done very simply and elegantly using EasyCaptcha.


Thanks to the Edward Eliot for PhpCaptcha (BSD licensed): PhpCaptcha contains the image generation code, EasyCaptcha acts as a wrapper around it, using standard PhpCaptcha options to make a good captcha and providing file/database-free captcha-code validation.