making security even easier

CAPTCHA image protection without cookies and sessions

-- Reposting my 8 years old PHP script, as this is now working on all modern browsers --

- I admit that the code is not ideal -



Usually "captcha" scripts store actual text/numbers shown on protection images in a session cookie
and check user entered code by comparing it with session stored string.

My script does not use any session/cookies. Image is generated within one script and checked against
md5 hash of a random code.


// create a 100*30 image

$im = imagecreate(100, 31);  

// random colored background and text
$bg = imagecolorallocate($im, rand(0,255) , rand(0,255), rand(0,255));
$textcolor = imagecolorallocate($im, 0, 0, rand(0,255));

// write the random 4 digits number at a random locaton (x= 0-20, y=0-20),
imagestring($im, rand(1,8), rand(0,20), rand(0,20), $random , $textcolor);

// write the image to a temporary file , in this case it is 777 chmoded tmp folder in same directory
// could be a generic /tmp folder

ImageGIF($im, $filenametemp);
$ImageData = file_get_contents($filenametemp);
$ImageDataEnc = base64_encode($ImageData);
unlink($filenametemp); // delete the file


Enter number shown on image <input name="checkcode" type="text" id="checkcode" size="5">
<img src="data:image/gif;base64,<?=$ImageDataEnc?>" >
<input name="codemd5" type="hidden" id="codemd5" value="<?=md5($random)?>">

To check if a code has been entered use code like this:

if (md5(trim($_REQUEST[checkcode]))!=$_REQUEST[codemd5]  ) {

die (" wrong image protection code ");

} else {

if (file_exists("/tmp/".md5(trim($_REQUEST[checkcode])) ) {

//proceed further here



} else {


die (" code already entered ");





A demo is available here


<< Go back to the previous page

G+ profile

follow me : github, habrahabr , linkedin
Feel free to contact me directly :
emin --at huseynov --dot com

Other projects

Google authenticator for Citrix StoreFront
Google authenticator for Citrix Web Interface 5.4
MOTP App with QR based enrolment

Two-factor authentication for Citrix Web Interface 5.x – Pure ASP/C# Implementation

Captcha for Citrix Web Interface 5.x

MOTP Passtore

2FA with Face recognition


Not security related


News aggregator