How To Use Captcha In Login Page In Php

How To Articles

As a web developer, I understand the importance of keeping user information secure. One of the measures I often take is implementing CAPTCHA in the login page of websites I create. CAPTCHA, which stands for “Completely Automated Public Turing test to tell Computers and Humans Apart,” is a widely used security feature that ensures the user accessing the login page is a human and not a bot.

In this article, I will guide you through the process of adding CAPTCHA to a login page using PHP. I will explain the steps involved in generating and verifying CAPTCHA codes, as well as provide some personal tips and insights to make your implementation more effective.

Step 1: Setting Up the Environment

Before we dive into the coding part, make sure you have PHP installed on your machine or web server. You can download the latest version of PHP from the official website and follow the installation instructions.

Once PHP is set up, create a new PHP file for your login page. Let’s name it “login.php” for this example. Remember to include a DOCTYPE declaration at the beginning of the file to ensure proper rendering in different browsers.

Step 2: Generating a CAPTCHA Code

To implement CAPTCHA in your login page, you need to generate a random code and store it in a session variable. This code will be used to compare user input later on. Here’s an example of how you can generate a CAPTCHA code:

$random_code = substr(md5(rand()), 0, 6);
$_SESSION['captcha_code'] = $random_code;

In the code above, we start a session to store the CAPTCHA code. We generate a random code using the md5 function and substr to extract the first 6 characters. Finally, we assign the generated code to the session variable ‘captcha_code’.

Step 3: Displaying the CAPTCHA Image

Now that we have the CAPTCHA code stored in the session, let’s display it as an image on our login page. We can use the GD library, which is a built-in PHP extension for image manipulation, to generate the CAPTCHA image. Here’s an example:

header("Content-type: image/png");
$captcha_image = imagecreate(120, 40);
$bg_color = imagecolorallocate($captcha_image, 255, 255, 255);
$text_color = imagecolorallocate($captcha_image, 0, 0, 0);
imagestring($captcha_image, 5, 30, 12, $_SESSION['captcha_code'], $text_color);

In the code above, we set the content type to “image/png” to inform the browser that we are sending an image. We create a blank image with dimensions 120×40 pixels and allocate colors for the background and text. Then, we use the imagestring function to write the CAPTCHA code on the image. Finally, we output the image using the imagepng function and destroy the image object.

Step 4: Verifying the CAPTCHA Code

Now that we have the CAPTCHA code generated and displayed, let’s implement the verification process. When the user submits the login form, we need to compare the entered CAPTCHA code with the one stored in the session. Here’s an example of how you can do that:

if(isset($_POST['captcha_input']) && !empty($_POST['captcha_input'])) {
    $user_input = $_POST['captcha_input'];
    if($user_input == $_SESSION['captcha_code']) {
        echo "CAPTCHA verification successful. Proceed with login.";
    } else {
        echo "CAPTCHA verification failed. Please try again.";

In the code above, we check if the form field ‘captcha_input’ is set and not empty. If it is, we compare the user input with the CAPTCHA code stored in the session. If they match, we display a success message and allow the user to proceed with the login. Otherwise, we display an error message and ask the user to try again.


Implementing CAPTCHA in the login page adds an extra layer of security to your website by ensuring that only human users can access sensitive information. By following the steps outlined in this article, you can easily integrate CAPTCHA functionality into your PHP login page.

Remember, CAPTCHA is just one of the many security measures you can implement in your login page. It’s always good to stay updated on the latest security techniques and best practices to keep your users’ data safe.

If you want to learn more about CAPTCHA or explore other security features, check out the CAPTCHA website where you can find more information and resources.