Simple Math Captcha in PHP
There are different ways to restrict access to various services on a website for certain groups of visitors. This can apply to the registration form, open commenting without registration, and many other website functions. I talking about bots that can perform certain actions on your website.
I have a website that I originally made for personal use, and its main function is storing links to other websites for convenient access. After I realized that it was actually very useful, I added the ability for anyone to register on the site. The registration process there is extremely simple. A user enters an email address, and an account activation link is sent to that email, and after that the new user can use the website however he want. Everything is simple. But that isn't the main point here.
During the last month and half I started noticing dozens of new registrations every day. Every day dozens of people register accounts but never confirm their email addresses. As a result the database quickly fills up with empty accounts. If this is some kind of malicious activity, then I honestly do not understand the purpose of this “messing around.” It cannot really harm me. Besides, non-activated accounts can be deleted in the admin panel with a single button click. It all feels pretty pointless.
But at some point I got tired of constantly watching the endless growth of new project members. I noticed that the ID number in the users table had already passed 700. That was when I realized I had todo something about it.
The simplest solution is a captcha on the registration form.I do not like depending on third party services such as Google. So I decided to make something of my own.
To make a user action more intentional you need to force the person to use at least a little bit of brainpower. A math captcha is an ideal solution in this case :))
I tried to make a captcha script code as simple and functional as possible .If you look at the code, you will see that it is extremely simple. On my website I first used a script that worked with cookis, but later I realized that using sessions is much more reliable and practical.
<?php
session_start();
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$answer = filter_input(INPUT_POST, 'captcha', FILTER_VALIDATE_INT);
if (!isset($_SESSION['captcha']) || $answer !== $_SESSION['captcha']) {
unset($_SESSION['captcha']);
die('Wrong captcha');
}
unset($_SESSION['captcha']);
echo 'Captcha is correct';
exit;
}
$a = random_int(1, 30);
$b = random_int(1, 30);
$_SESSION['captcha'] = $a + $b;
?>
<form method="post">
<label>What is <?= $a ?> + <?= $b ?>?</label>
<input type="text" name="captcha" required>
<button type="submit">Submit</button>
</form>
The script creates a simple math captcha: two numbers are generated using random_int(), and the correct answer is stored in $_SESSION. The answer is stored in the session, so the user cannot see it in the browser. After the form is submitted, entered answer is compared with the saved value. After verification the "answer" is deleted, and the same captcha cannot be submitted again.
$a = random_int(1, 30);
$b = random_int(1, 30);
Here the variables $a and $b define the range of random numbers from 1 to 30. If anyone wants to use this script on their own website, you can adjust the range however you want.
I publishing this script mainly for myself, because I don't store it anywhere, and every few years I end up having to reinvent something from scratch again. So it is better to keep this code here. Maybe it will be useful for someone besides me.