‘font’ => $baseUrl . ‘/img/arial.ttf’,
‘imgDir’ => $baseUrl . ‘/img/’,
‘imgUrl’ => ‘http://project.com/captcha/’,

with this:

‘font’ => “./img/arial.ttf”,
‘imgdir’ => “./img”,
‘imgurl’ => “./img”

Don’t want to use $baseUrl .
Thanks this tutorial !

Warning: imageftbbox() [function.imageftbbox]: Invalid font filename in C:\wamp\www\Zend_Framework\zf_captcha\library\Zend\Captcha\Image.php on line 489

Warning: imagefttext() [function.imagefttext]: Invalid font filename in C:\wamp\www\Zend_Framework\zf_captcha\library\Zend\Captcha\Image.php on line 492

Warning: imagepng() [function.imagepng]: Unable to open ‘/Zend_Framework/zf_captcha/public/img/ffa6e2ec474d49875ff2b131806c704c.png’ for writing: No such file or directory in C:\wamp\www\Zend_Framework\zf_captcha\library\Zend\Captcha\Image.php on line 563

Those errors are occurring because you haven’t downloaded a .ttf font file for the Captcha generator to use, and you haven’t made a directory for the images to be created and visible to the public. When I wrote in “/path/to/your/fontFile.ttf” I literally meant the path to YOUR font file – not mine. That’s some code you need to write in yourself.

So go download a .ttf file somewhere, and place it in a directory on your server, then point to that file in the code. Then, create a folder underneath your site’s root directory and chmod it to 775 so it’s writeable by the server + others can view it.

Hope this makes sense… pretty standard stuff you’re gonna have to learn how to do if you haven’t yet.

Warning: imagefttext() [function.imagefttext]: Invalid font filename in C:\wamp\www\tribarter\library\Zend\Captcha\Image.php on line 486

Warning: imagepng() [function.imagepng]: Unable to open ‘images/captcha/604ac905d0fff65dbb081c97b9ece8b7.png’ for writing: No such file or directory in C:\wamp\www\tribarter\library\Zend\Captcha\Image.php on line 557

I’ll try to write an article on developing under an MVC environment soon.

Basically, it’s largely a custodial thing. But if you stay with an app for log enough, MVC becomes more valuable as your site starts to requires consistent change. And of course, change is a consistent thing for the web.

It’s also great if you need others to edit your code later on; it decreases the learning curve required to get comfortable with someone else’s code.

I’ll try and shoot you an email when I get around to writing this article. Thanks for the comment and request!

In line 5 of my example function validateCaptcha, we instantiate the PHP session created by the captcha on your server earlier, in the previous generateCaptcha function. To access the correct PHP session, we need the $captcha array sent through the POST – but you took it away.

Since we can’t access the session, we can’t get the correct word, and the variable representing this – $captchaWord – ultimately ends up with a null value.

The value for $captchaInput also becomes null. Yep – it’s because it was held in the removed $captcha array.

So then, in the last step of the function, it checks if $captchaInput and $captchaWord are equal – and they are. They’ve both become null.

I’m rewriting that step with a quick fix for this. If the session isn’t found, the function returns false. This should lock down the Captcha. Test it out and let me know!

I have everything working fine however I’m wondering how secure this way is?

For example if someone edited the $_POST variable before it hits the website and removes 1 of the inputs (for example – name=”captcha[id]“)

Then when it hits the server it triggers (Undefined index: input ) and the captcha validates even if the codes dont match due to the error .

Hope that makes sense.