One of the most common ways to stop bots and spammers from generating spam in people’s websites is using some form of image verification. This can be done very easily with just PHP and Sessions. Using image verification acts as a human detector, to make sure the viewer of that page is not a bot of some kind. Bots can cause damage to your server by overloading it with spammed content and flooding your boards with unwanted links and text.
Let’s say we have a form that submits a few fields and possibly a file:
Field 1: <input type="text" name="field1" size="25" /><br/>
Field 2: <input type="text" name="field2" size="25" /><br/>
File: <input type="file" name="file" size="25" />
<input type="submit" name="submit" value="Submit" />
</form>
Now, this form will submit three variables: field1, field2, and the file.
This form does not have any image verification added in. So any bot could simply process this page over and over to flood the server with crap. 
So we are going to add a simple image verification to the form. To do this we make image.php:
// Image.php
$width = 73;
$height = 18;
$image = imagecreate($width,$height);
// All possible characters that the image will have.
$alphanum = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
// Create the random set of characters defined above.
$rand = strtoupper(substr(str_shuffle($alphanum),0,6));
// Set the session here. We will use the session "image_verification" to hold the string, and "md5_image_verification" to hold the hash.
$_SESSION["image_verification"] = $rand;
$_SESSION["md5_image_verification"] = md5($rand);
// Here we set the colors, and text size.
$bgColor = imagecolorallocate($image, 231,231,231);
$textColor = imagecolorallocate($image, 0,0,0);
$textSize = imagefontheight(1);
// Create the image with the session "image_verification."
imagestring ($image, 5, 8, 2, $_SESSION["image_verification"], $textColor);
// Set the page headers to image.
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
header("Content-type: image/jpeg");
imagejpeg($image);
imagedestroy($image);
return true;
?>
Now we must add the field to our form:
Notice I used the class “imgverification.” We must add this to our <head> tags of the page:
We must also make sure we include our session_start() on all pages we use session variables on. So on our form page, the image page, and submit page.
Now when the form is submitted to submit.php we check the submitted input for $_POST["verification"] to $_SESSION["md5_image_verification"].
// Submit.php
if(md5($_POST["verification"]) == $_SESSION["md5_image_verification"]){
// Continue with the form, mysql query, etc.
return true;
} else {
return false;
}
?>
$image = imagecreate($width,$height);
$alphanum = “ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789″;
$rand = strtoupper(substr(str_shuffle($alphanum),0,6));
$_SESSION['simp_image_verification'] = $rand;
$_SESSION['md5_simp_image_verification'] = md5($rand);
$bgColor = imagecolorallocate($image, 231,231,231);
$textColor = imagecolorallocate($image, 0,0,0);
$textSize = imagefontheight(1);
imagestring ($image, 5, 8, 2, $_SESSION['simp_image_verification'], $textColor);
header(“Expires: Mon, 26 Jul 1997 05:00:00 GMT”);
header(“Last-Modified: ” . gmdate(“D, d M Y H:i:s”) . ” GMT”);
header(“Cache-Control: no-store, no-cache, must-revalidate”);
header(“Cache-Control: post-check=0, pre-check=0″, false);
header(“Pragma: no-cache”);
header(‘Content-type: image/jpeg’);
imagejpeg($image);
imagedestroy($image);
return true;
}
Niko on November 21, 2009
Thank you very much for this tip!
I’m new to PHP programming, but I had to make some changes to the code to make it work, for example session_start() on each page and replace the ” ´ ” with the correct ” ‘ “.
Now it works fine!
Thanks again!
way to stop drinking on June 10, 2010
This is a nice blog, Going On.
mutual fund analysis tools on July 3, 2010
I admire the valuable info you offer inside your content articles. I’ll bookmark your weblog and have my kids check up right here frequently. I’m very sure they will learn lots of new stuff here than anybody else!
Healthcare Stores on July 9, 2010
You own a very interesting blog covering lots of topics I am interested as well.Just bookmarked your blog to continue reading in the next days… Please continue your marvellous work
travel guide on July 15, 2010
Nice to see you blogging about this good topic.
google adsense revenue on July 17, 2010
I found your site in Google few moments ago, and luckily, this is it I was looking for the last weeks, thanks
quick loan on July 17, 2010
hey there I just wanted to comment your blog and say that I really enjoyed reading your blog post here. It was very informative and I also digg the way you write! Keep it up and I’ll be back to read more soon mate
linki sponsorowane on July 26, 2010
Super text, I will add this blog to my favorites.
pbs kids games on July 31, 2010
This is very good article, I am very interested in its topic and read them was a pleasure.
Carter Hargrave on August 12, 2010
Hello, great article!! I got you bookmarked. Thanks and best wishes
Silva Dauer on August 12, 2010
good!it’s very useful!thx!