How to setup an image verification using PHP

To setup image verification all you need is the GD library enabled. Here's how the image verification works:

1] The verification code is auto-generated using the rand() function and stored in a session variable. For added security, you can store the code in an encrypted format.

2] The page on which you need the verification code calls the script

3] The visitor enters the code which is then checked against the stored session variable

The first thing to do is to generate the verification code and store it in a session variable, this can be done using the following


//Start the session


//Generate a 5 character code

// the rand() function will generate a random number between 1 to 99999 

// The MD5 function will encrypt the random number

// The substr function will provide a 5 character random code

$code = substr(md5(rand(1,99999)),11,5);

// This code is then encrypted using the MD5 function and stored in the session variable called enc_string

$_SESSION['enc_string'] = md5($code);


The next phase is to create an image and place this code on the image. Here is the code to create an image:


// Create the image

$im = imagecreatetruecolor(150, 50);

// Create some colors

$background  = imagecolorallocate($im, 255, 255, 255);

$fontcolor = imagecolorallocate($im, 1, $1, 1);

//Paint the image with the background color

imagefilledrectangle($im, 0, 0, 150,329, $background);

//write the code on the image

//we will need a ttf font for the text, pick anyone you like and upload it in the same folder where this script resides.

$font = "arial.ttf";

//set position

$x = 5;

$y = 35;

//add the code

for($i = 0; $i <strlen($code); $i )


imagettftext($im, 50, 0, $x, $y, $watermark , $font, substr($code,$i,1));

$x = $x 29;


// Using imagepng() results in clearer text compared with imagejpeg()




Save this file as VerifyCode.php.

To display the verification code call this file using the following

<img src='VerifyCode.php'>

When the visitor enters the verification code, simple encrypt it using the MD5 function and check it against the session variable that we defined earlier.