## Name **Securimage** - A PHP class for creating captcha images and audio with many options. ## Version **3.6.8** ## Project Status See the [Project Status](https://github.com/dapphp/securimage/issues/99) issue on GitHub. ## Download Download and browse the code at https://github.com/dapphp/securimage. Beta code is available at https://github.com/dapphp/securimage/tree/nextgen. Other information is available at [phpcaptcha.org](https://www.phpcaptcha.org) ## Documentation Online documentation of the class, methods, and variables can be found at http://www.phpcaptcha.org/Securimage_Docs/ ## Requirements * PHP 5.4 or greater * GD 2.0 * FreeType (Required, for TTF fonts) * PDO (if using Sqlite, MySQL, or PostgreSQL) ## Synopsis **Within your HTML form**
**Within your PHP form processor** require_once 'securimage.php'; // Code Validation $image = new Securimage(); if ($image->check($_POST['captcha_code']) == true) { echo "Correct!"; } else { echo "Sorry, wrong code."; } ## Description What is **Securimage**? Securimage is a PHP class that is used to generate and validate CAPTCHA images. The classes uses an existing PHP session or creates its own if none is found to store the CAPTCHA code. In addition, a database can be used instead of session storage. Variables within the class are used to control the style and display of the image. The class uses TTF fonts and effects for strengthening the security of the image. It also creates audible codes which are played for visually impared users. ## UPGRADE NOTICE **3.6.3 and below:** Securimage 3.6.4 fixed a XSS vulnerability in example_form.ajax.php. It is recommended to upgrade to the latest version or delete example_form.ajax.php from the securimage directory on your website. **3.6.2 and above:** If you are upgrading to 3.6.2 or greater *AND* are using database storage, the table structure has changed in 3.6.2 adding an audio_data column for storing audio files in the database in order to support HTTP range requests. Delete your tables and have Securimage recreate them or see the function createDatabaseTables() in securimage.php for the new structure depending on which database backend you are using and alter the tables as needed. If using SQLite, just overwrite your existing securimage.sq3 file with the one from this release. *If you are not using database tables for storage, ignore this notice.* ## Copyright Script Copyright (c) 2018 Drew Phillips All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ## Licenses **WavFile.php** The WavFile.php class used in Securimage by Drew Phillips and Paul Voegler is used under the BSD License. See WavFile.php for details. Many thanks to Paul Voegler (http://www.voegler.eu/) for contributing to Securimage. Script --------------------------------------------------------------------------- **Flash code for Securimage** Flash code created by Age Bosma & Mario Romero (animario@hotmail.com) Many thanks for releasing this to the project! --------------------------------------------------------------------------- **HKCaptcha** Portions of Securimage contain code from Han-Kwang Nienhuys' PHP captcha Han-Kwang Nienhuys' PHP captcha Copyright June 2007 This copyright message and attribution must be preserved upon modification. Redistribution under other licenses is expressly allowed. Other licenses include GPL 2 or higher, BSD, and non-free licenses. The original, unrestricted version can be obtained from http://www.lagom.nl/linux/hkcaptcha/ --------------------------------------------------------------------------- **AHGBold.ttf** AHGBold.ttf (AlteHaasGroteskBold.ttf) font was created by Yann Le Coroller and is distributed as freeware. Alte Haas Grotesk is a typeface that look like an helvetica printed in an old Muller-Brockmann Book. These fonts are freeware and can be distributed as long as they are together with this text file. I would appreciate very much to see what you have done with it anyway. yann le coroller www.yannlecoroller.com yann@lecoroller.com --------------------------------------------------------------------------- **PopForge Flash Library** Portions of securimage_play.swf use the PopForge flash library for playing audio /** * Copyright(C) 2007 Andre Michelle and Joa Ebert * * PopForge is an ActionScript3 code sandbox developed by Andre Michelle * and Joa Ebert * http://sandbox.popforge.de * * PopforgeAS3Audio is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * PopforgeAS3Audio is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see