Image CAPTCHA

I saw this code in the website PHP Tricks & Skills. Pretty interesting code where you can implement CAPTCHA during forum submission.

Check it out.

<?php

/*
Image Verification without the need of use of database
Requirements:
-------------
(1)
Package includes the following:
sec_image.php -> Displays security image
font.ttf -> Font to be used to display
background.png -> Background to be used

(2)
Your PHP Settings/Server must enable the use of freetypefonts
PHP Function: imagettfbbox
*/

/*
Security Code 
(If editing, insure the same Code in place in sec_image.php)
*/
$SECURITY_CODE = 'LKJSDHF*(&IY#L$KUHOYL';

/*
Word Length
*/
$WORD_LENGTH = 5;

/*
Two Needed Functions, encode_pass & hex2bin
*/

/*
encode_pass, I don't remember exactly where I have gotten this before
It was a long time, so please if you know the source, email me @
support@sonimager.com & I'll add it

Encode Data Function
*/
function encode_pass($data,$pwd){
    $pwd_length = strlen($pwd);
    for ($i = 0; $i < 255; $i++) {
        $key[$i] = ord(substr($pwd, ($i % $pwd_length)+1, 1));
        $counter[$i] = $i;
    }
    for ($i = 0; $i < 255; $i++) {
        $x = ($x + $counter[$i] + $key[$i]) % 256;
        $temp_swap = $counter[$i];
        $counter[$i] = $counter[$x];
        $counter[$x] = $temp_swap;
    }
    for ($i = 0; $i < strlen($data); $i++) {
        $a = ($a + 1) % 256;
        $j = ($j + $counter[$a]) % 256;
        $temp = $counter[$a];
        $counter[$a] = $counter[$j];
        $counter[$j] = $temp;
        $k = $counter[(($counter[$a] + $counter[$j]) % 256)];
        $Zcipher = ord(substr($data, $i, 1)) ^ $k;
        $Zcrypt .= chr($Zcipher);
    }
    return $Zcrypt;
}

/*
Hex2Binary Function
*/

function hex2bin($hexdata) {
    for ($i=0;$i<strlen($hexdata);$i+=2) {
        $bindata.=chr(hexdec(substr($hexdata,$i,2)));
    }  
    return $bindata;
} 

/*
Lets create a random word consisting of the following letters:
*/
$letters = array("a","A","b","B","c","C","d","D","e","E","f","F","g","G",
"h","H","i","I","j","J","k","K","l","L","m","M","n","N","o","O","p","P",
"q","Q","r","R","s","S","t","T","u","U","v","V","w","W","x","X","y","Y",
"z","Z","1","2","3","4","5","6","7","8","9");

/*
Create it
*/
$the_word = NULL;
for ($i=0; $i<$WORD_LENGTH; $i++) {
   $the_word .= $letters[rand(0, count($letters)-1)];
}

/*
Lets encode it
*/
$new_string = encode_pass($the_word,$SECURITY_CODE);

/*
Now lets convert the hidden word into binary
(This makes it more user friendlier and browser safe)
*/
$image_code = bin2hex($new_string);

/*
Now lets echo the image
*/
echo '<img src="sec_image.php?word='.$image_code.'">';

/*******************EXAMPLE USAGE*******************************/
/*
Example Form Usage:
Form Header:
*/

echo '<form name="security" id="security" method="post" action="'.$_SERVER['PHP_SELF'].'">';
/*
Form hidden code in hidden tag
(coded)
*/

echo '<input name="hid_code" type="hidden" id="hid_code" value="'.$image_code.'">';
/*
A chance for user to enter code
*/

echo '<input name="user_guess" type="text" id="user_guess"><input name="Submit" type="submit" value="Check">';
/*
Form end
*/

echo '</form>';

/*
Example PHP Form submition check
*/

/*
If checking a user guess
*/
if($_POST['user_guess'] != NULL){
    /*
    Convert $_GET[word] From hex to binary
    */
    $hidden_word = hex2bin($_POST['hid_code']);

    /*
    Now decode the binary string
    */
    $the_word = encode_pass($hidden_word,$SECURITY_CODE);
    
    //Does it match?
    if($_POST['user_guess'] != $the_word){
        echo 'Word entered does not match security code';
    } else {
        echo 'Good Job';
        //Do your thing here
    }
}
?>