John Drago


ASP4x::Captcha::Imager - Imager-based CAPTCHA for your ASP4 web application.


In Your asp4-config.conf

    "system": {
      "settings": {
        "captcha_key":      "Some random string of any length",
        "captcha_font":     "@ServerRoot@/etc/LiberationSans-Regular.ttf",
        "captcha_width":    140,
        "captcha_height":   40,
        "captcha_bg_color": "FFFFFF",
        "captcha_length":   4

In a handler

Simply subclass ASP4x::Captcha::Imager as shown below:

  package dev::captcha;

  use strict;
  use warnings 'all';
  use base 'ASP4x::Captcha::Imager';
  use vars __PACKAGE__->VARS;

  1;# return true:

In your ASP Script:

Render the Captcha image:

  <style type="text/css">
    display:        block;
    width:          265px;
    text-align:     right;
    float:          left;
    padding-right:  5px;
  IMG {
    border: dotted 1px #AAA;
    <form action="/handlers/dev.validate" method="post">
        <label>Enter the code you see below:</label>
        <input type="text" name="security_code" />
        <img id="captcha" src="/handlers/dev.captcha?r=<%= rand() %>" alt="Security Code" />
        <a href="" onclick="document.getElementById('captcha').src = '/handlers/dev.captcha?r=' + Math.random(); return false">
          (Click for a new Image)
        <input type="submit" value="Submit" />

Validate the Captcha

  package dev::validate;

  use strict;
  use warnings 'all';
  use base 'ASP4::FormHandler';
  use vars __PACKAGE__->VARS;

  sub run
    my ($s, $context) = @_;
    my $secret = $Config->system->settings->captcha_key;
    my $code = lc($Form->{security_code});
    # It should exist in the session and have the correct value:
    if( exists($Session->{asp4captcha}->{$code}) )
      # Ding ding ding ding ding!
      # Bzzzzzzzzzzt: WRONG!
    }# end if()
  }# end run()

  1;# return true:


"CAPTCHA" is the little security image containing a hard-to-read code that you may have seen on some websites. They are common on sign-up forms and email forms. The idea is that a bot or script can't read the image and can't guess the code.

ASP4x::Captcha::Imager uses Imager to generate an image of a random string of numbers and letters.

What Does the Captcha Image Look Like?

You can see an example in the example/example.png file included with this distribution.

Recommendations and Considerations

  • Shorter Captchas are probably good enough.

    Unless you've got yourself the next Facebook, you could probably get away with 4 characters in your Captcha. Long captchas will just annoy humans.

  • Where to use Captcha

    Any form that might be attacked by a script including registration forms, email forms, etc. is a good candidate for a Captcha. Since it's so easy to use Captchas there really isn't any reason not to use them anywhere you think might benefit. If you keep the Captcha length short (see the first point in this list) then the humans won't be too bothered by them and may actually be pleased with your consideration of their privacy.

What About Fonts?

Because Linux systems tend to put fonts in several different places, I recommend copying the font file (*.ttf) into the etc/ folder of your website and referencing it (just like you see in the t/ folder of this distribution and in the SYNOPSIS example above.

Mono-space fonts are recommended over variable-width fonts. So, "Courier New" is recommended over Verdana.


ASP4, Imager


Imager, ASP4, Digest::MD5


John Drago <>


This software is Free software and may be used and redistributed under the same terms as any version of Perl itself.