Framework SpamImage Class

Anti Form-Spam Code-Image generator class.

Why that?

This is to prevent people from writing programs to spam a database with fake automatic form submits.

How does it work?

it adds an image to your form that shows a random code, let's say "A G 8 C Z". the user then needs to type that code into a text field. the way the images are generated it is very hard for an OCR (scanner) or other sort of program to read out the code automatically.

How does it work, technically?

  1. a random code is generated and printed to an image, along with a noisy background. that image is shown on the web page.
  2. a hidden field is added. the value of the hidden field is an md5 of the generated code, together with a secret key phraze only the webmaster knows. the user can see that md5 "passphraze" but cannot do anything with it.
  3. when the user submits the form, a new md5 is generated using the user- typed code, along with the secret key phraze, and that is compared to the also submitted original md5. if it matches the user input was ok. no session or cookie is needed.


  • lots of settings, check the API.
  • specify what chars to use: a-z, A-Z, 0-9 (no special chars)
  • ignore case (upper/lower) to make it easier for the user.
  • ignore vowels by default so that no 'strange' words are generated by accident.
  • ignore confusing chars like l, 1, I
  • define the number of characters to use, default is 3-5.
  • define image width/height, colors, font size, image format (png/jpg).

Live example:

The user-code of this form with spam-prevention image is:

require_once($_SERVER['DOCUMENT_ROOT'] . '/../global.conf.php');

$Bs_SpamImage =& new Bs_SpamImage();
$Bs_SpamImage->keyPhrazeMd5      "Only I Know About This!";
$Bs_SpamImage->imageWidthRange   100;
$Bs_SpamImage->imageHeightRange  20;
$Bs_SpamImage->useNumbers        TRUE;
$status $Bs_SpamImage->storeImage();
if (!

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

    <title>Bs_SpamImage.class.php Example 1</title>


<h1>Bs_SpamImage.class.php Example 1</h1>

This is an example of the 
<a href="http://www.blueshoes.org/en/framework/gfx/spamimage/">class core/gfx/spamimage/Bs_SpamImage</a> 
from <a href="http://www.blueshoes.org/">BlueShoes</a>.

if (!empty($_REQUEST['spamCodeOriginal'])) {
"<b>You have submitted the form. Let's see...<br>";
$isOk $Bs_SpamImage->validate($_REQUEST['spamCodeOriginal'], $_REQUEST['spamCodeCompare']);
    if (
$isOk) {
"<font color='green'>OK!</font>";
    } else {
"<font color='red'>Failed!</font>";

<form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post">
    <fieldset style="width:500px;"><legend>My Form</legend>
        <table border="0" cellspacing="0" cellpadding="3">
                <td valign="top">Your name:</td>
                <td valign="top"><input type="text" name="yourName" value=""></td>
            <!img src="asdf" border="0" align="baseline" alt="">
                <td valign="top">Spam Prevention:</td>
                <td valign="top">
                    This is to prevent people from writing programs to spam our database with fake automatic form submits. 
                    Please type in the letters you see:<br>
echo $Bs_SpamImage->getImageTag('border="1" align="texttop"''spamCodeOriginal');
                    <input type="text" name="spamCodeCompare" value="" style="height:22px;">
                <td valign="top">&nbsp;</td>
                <td valign="top"><input type="submit" name="send" value="Submit"></td>



You can download this with the BlueShoes PHP Application Framework from the download page. This class will be included in downloads generated after 2004-04-12.

Let us know

Have you done something interesting with BlueShoes or one of its components?