Quickstart Guide

Securimage requires minimal configuration after downloading. You need to do two things: display the CAPTCHA image inside your form, and validate the submitted code in your form processor. This guide walks through both steps.

Step 1: Download Securimage

Download the latest version from GitHub:

git clone https://github.com/dapphp/securimage.git

Or download a ZIP release and extract it. Upload the securimage/ folder to your web server. In this guide we assume it lives at the root of your site: yoursite.com/securimage/.

Step 2: Add the CAPTCHA to Your Form

Inside your HTML form, add the CAPTCHA image and a text input for the user to type the code:

<!-- Display the CAPTCHA image -->
<img id="captcha" src="/securimage/securimage_show.php" alt="CAPTCHA Image" />

<!-- Text field for the user to enter the code -->
<input type="text" name="captcha_code" size="10" maxlength="6" />

<!-- Optional: "Different Image" refresh link -->
<a href="#" onclick="document.getElementById('captcha').src =
  '/securimage/securimage_show.php?' + Math.random(); return false">
  [ Different Image ]
</a>

The refresh link is optional but recommended — it lets users request a new image if they can't read the current one. You can change maxlength to match your $img->code_length setting.

Step 3: Validate in Your Form Processor

Open the PHP file that processes your form (the action target of your <form> tag). Make sure session_start() is called at the very top of the file, before any output:

<?php
session_start(); // Must be first, before any output

Then, in your form validation logic, check the CAPTCHA code:

<?php
session_start();

include_once $_SERVER['DOCUMENT_ROOT'] . '/securimage/securimage.php';

$securimage = new Securimage();

if ($securimage->check($_POST['captcha_code']) == false) {
    // Code was incorrect — stop processing and return an error
    echo 'The security code you entered was incorrect.';
    echo ' Please <a href="javascript:history.go(-1)">go back</a> and try again.';
    exit;
}

// Code was correct — continue processing the form
// ...send email, insert into DB, etc.

Important: Always check the CAPTCHA after validating other form fields, and only if no other errors occurred. This prevents the session code from being consumed on a failed submission.

Step 4: Verify It Works

Load yoursite.com/securimage/securimage_show.php directly in a browser. You should see a CAPTCHA image. If you see a blank page or an error, enable error reporting temporarily:

<?php
error_reporting(E_ALL);
ini_set('display_errors', 'on');
// ... rest of securimage_show.php

Requirements

Not sure if your server meets the requirements? Upload the server_test.php file from the Securimage package and run it — it will check all dependencies and report any issues.

Next Steps