phpman > perldoc > GD::SecurityImage(3pm)

NAME
    GD::SecurityImage - Security image (captcha) generator.

VERSION
    version 1.75

SYNOPSIS
       use GD::SecurityImage;

       # Create a normal image
       my $image = GD::SecurityImage->new(
                      width   => 80,
                      height  => 30,
                      lines   => 10,
                      gd_font => 'giant',
                   );
          $image->random( $your_random_str );
          $image->create( normal => 'rect' );
       my($image_data, $mime_type, $random_number) = $image->out;

    or

       # use external ttf font
       my $image = GD::SecurityImage->new(
                      width    => 100,
                      height   => 40,
                      lines    => 10,
                      font     => "/absolute/path/to/your.ttf",
                      scramble => 1,
                   );
          $image->random( $your_random_str );
          $image->create( ttf => 'default' );
          $image->particle;
       my($image_data, $mime_type, $random_number) = $image->out;

    or you can just say (most of the public methods can be chained)

       my($image, $type, $rnd) = GD::SecurityImage->new->random->create->particle->out;

    to create a security image with the default settings. But that may not be useful. If you
    "require" the module, you must import it:

       require GD::SecurityImage;
       GD::SecurityImage->import;

    The module also supports "Image::Magick", but the default interface uses the "GD" module. To
    enable "Image::Magick" support, you must call the module with the "use_magick" option:

       use GD::SecurityImage use_magick => 1;

    If you "require" the module, you must import it:

       require GD::SecurityImage;
       GD::SecurityImage->import(use_magick => 1);

    The module does not *export* anything actually. But "import" loads the necessary sub modules. If
    you don' t "import", the required modules will not be loaded and probably, you'll "die()".

DESCRIPTION
    The (so called) *"Security Images"* are so popular. Most internet software use these in their
    registration screens to block robot programs (which may register tons of fake member accounts).
    Security images are basicaly, graphical CAPTCHAs (Completely Automated Public Turing Test to
    Tell Computers and Humans Apart). This module gives you a basic interface to create such an
    image. The final output is the actual graphic data, the mime type of the graphic and the created
    random string. The module also has some *"styles"* that are used to create the background (or
    foreground) of the image.

    If you are an "Authen::Captcha" user, see GD::SecurityImage::AC for migration from
    "Authen::Captcha" to "GD::SecurityImage".

    This module is just an image generator. Not a *captcha handler*. The validation of the generated
    graphic is left to your programming taste. But there are some *captcha handlers* for several
    Perl FrameWorks. If you are an user of one of these frameworks, see "GD::SecurityImage
    Implementations" in "SEE ALSO" section for information.

NAME
    GD::SecurityImage - Security image (captcha) generator.

COLOR PARAMETERS
    This module can use both RGB and HEX values as the color parameters. HEX values are recommended,
    since they are widely used and recognised.

       $color  = '#80C0F0';     # HEX
       $color2 = [15, 100, 75]; # RGB
       $i->create($meth, $style, $color, $color2)

       $i->create(ttf => 'box', '#80C0F0', '#0F644B')

    RGB values must be passed as an array reference including the three *Red*, *Green* and *Blue*
    values.

    Color conversion is transparent to the user. You can use hex values under both "GD" and
    "Image::Magick". They' ll be automagically converted to RGB if you are under "GD".

METHODS
  new
    The constructor. "new()" method takes several arguments. These arguments are listed below.

    width
        The width of the image (in pixels).

    height
        The height of the image (in pixels).

    ptsize
        Numerical value. The point size of the ttf character. Only necessarry if you want to use a
        ttf font in the image.

    lines
        The number of lines that you' ll see in the background of the image. The alignment of lines
        can be vertical, horizontal or angled or all of them. If you increase this parameter' s
        value, the image will be more cryptic.

    font
        The absolute path to your TrueType (.ttf) font file. Be aware that relative font paths are
        not recognized due to problems in the "libgd" library.

        If you are sure that you've set this parameter to a correct value and you get warnings or
        you get an empty image, be sure that your path does not include spaces in it. It looks like
        libgd also have problems with this kind of paths (eg: '/Documents and Settings/user' under
        Windows).

        Set this parameter if you want to use ttf in your image.

    gd_font
        If you want to use the default interface, set this parameter. The recognized values are
        "Small", "Large", "MediumBold", "Tiny", "Giant". The names are case-insensitive; you can
        pass lower-cased parameters.

    bgcolor
        The background color of the image.

    send_ctobg
        If has a true value, the random security code will be displayed in the background and the
        lines will pass over it. (send_ctobg = send code to background)

    frame
        If has a true value, a frame will be added around the image. This option is enabled by
        default.

    scramble
        If set, the characters will be scrambled. If you enable this option, be sure to use a wider
        image, since the characters will be separated with three spaces.

    angle
        Sets the angle for scrambled/normal characters. Beware that, if you pass an "angle"
        parameter, the characters in your random string will have a fixed angle. If you do not set
        an "angle" parameter, the angle(s) will be random.

        When the scramble option is not enabled, this parameter still controls the angle of the
        text. But, since the text will be centered inside the image, using this parameter without
        scramble option will require a taller image. Clipping will occur with smaller height values.

        Unlike the GD interface, "angle" is in "degree"s and can take values between 0 and 360.

    thickness
        Sets the line drawing width. Can take numerical values. Default values are 1 for GD and 0.6
        for Image:Magick.

    rndmax
        The minimum length of the random string. Default value is 6.

    rnd_data
        Default character set used to create the random string is 0..9. But, if you want to use
        letters also, you can set this parameter. This parameter takes an array reference as the
        value.

        Not necessary and will not be used if you pass your own random string.

  random
    Creates the random security string or sets the random string to the value you have passed. If
    you pass your own random string, be aware that it must be at least six (defined in "rndmax")
    characters long.

  random_str
    Returns the random string. Must be called after "random()".

  create
    This method creates the actual image. It takes four arguments, but none are mandatory.

       $image->create($method, $style, $text_color, $line_color);

    $method can be "normal" or "ttf".

    $style can be one of the following:

    default
        The default style. Draws horizontal, vertical and angular lines.

    rect
        Draws horizontal and vertical lines

    box Draws two filled rectangles.

        The "lines" option passed to new, controls the size of the inner rectangle for this style.
        If you increase the "lines", you'll get a smaller internal rectangle. Using smaller values
        like 5 can be better.

    circle
        Draws circles.

    ellipse
        Draws ellipses.

    ec  This is the combination of ellipse and circle styles. Draws both ellipses and circles.

    blank
        Draws nothing. See "OTHER USES".

    You can use this code to get all available style names:

       my @styles = grep {s/^style_//} keys %GD::SecurityImage::Styles::;

    The last two arguments ($text_color and $line_color) are the colors used in the image (text and
    line color -- respectively):

       $image->create($method, $style, [0,0,0], [200,200,200]);
       $image->create($method, $style, '#000000', '#c8c8c8');

  particle
    Must be called after create.

    Adds random dots to the image. They'll cover all over the surface. Accepts two parameters; the
    density (number) of the particles and the maximum number of dots around the main dot.

       $image->particle($density, $maxdots);

    Default value of $density is dependent on your image' s width or height value. The greater value
    of width and height is taken and multiplied by twenty. So; if your width is 200 and height is
    70, $density is "200 * 20 = 4000" (unless you pass your own value). The default value of
    $density can be too much for smaller images.

    $maxdots defines the maximum number of dots near the default dot. Default value is 1. If you set
    it to 4, The selected pixel and 3 other pixels near it will be used and colored.

    The color of the particles are the same as the color of your text (defined in create).

  info_text
    This method must be called after create. If you call it early, you'll die. "info_text" adds an
    extra text to the generated image. You can also put a strip under the text. The purpose of this
    method is to display additional information on the image. Copyright information can be an
    example for that.

       $image->info_text(
          x      => 'right',
          y      => 'up',
          gd     => 1,
          strip  => 1,
          color  => '#000000',
          scolor => '#FFFFFF',
          text   => 'Generated by GD::SecurityImage',
       );

    Options:

    x   Controls the horizontal location of the information text. Can be either "left" or "right".

    y   Controls the vertical location of the information text. Can be either "up" or "down".

    strip
        If has a true value, a strip will be added to the background of the information text.

    gd  This option can only be used under "GD". Has no effect under Image::Magick. If has a true
        value, the standard GD font "Tiny" will be used for the information text.

        If this option is not present or has a false value, the TTF font parameter passed to "new"
        will be used instead.

    ptsize
        The ptsize value of the information text to be used with the TTF font. TTF font parameter
        can not be set with "info_text()". The value passed to "new()" will be used instead.

    color
        The color of the information text.

    scolor
        The color of the strip.

    text
        This parameter controls the displayed text. If you want to display long texts, be sure to
        adjust the image, or clipping will occur.

  out
    This method finally returns the created image, the mime type of the image and the random
    number(s) generated.

    The returned mime type is "png" or "gif" or "jpeg" for "GD" and "gif" for "Image::Magick" (if
    you do not "force" some other format).

    "out" method accepts arguments:

       @data = $image->out(%args);

    force
        You can set the output format with the "force" parameter:

           @data = $image->out(force => 'png');

        If "png" is supported by the interface (via "GD" or "Image::Magick"); you'll get a png
        image, if the interface does not support this format, "out()" method will use it's default
        configuration.

    compress
        And with the "compress" parameter, you can define the compression for "png" and quality for
        "jpeg":

           @data = $image->out(force => 'png' , compress => 1);
           @data = $image->out(force => 'jpeg', compress => 100);

        When you use "compress" with "png" format, the value of "compress" is ignored and it is only
        checked if it has a true value. With "png" the compression will always be 9 (maximum
        compression). eg:

           @data = $image->out(force => 'png' , compress => 1);
           @data = $image->out(force => 'png' , compress => 3);
           @data = $image->out(force => 'png' , compress => 5);
           @data = $image->out(force => 'png' , compress => 1500);

        All will default to 9. But this will disable compression:

           @data = $image->out(force => 'png' , compress => 0);

        But the behaviour changes if the format is "jpeg"; the value of "compress" will be used for
        "jpeg" quality; which is in the range 1..100.

        Compression and quality operations are disabled by default.

  raw
    Depending on your usage of the module; returns the raw "GD::Image" object:

       my $gd = $image->raw;
       print $gd->png;

    or the raw "Image::Magick" object:

       my $magick = $image->raw;
       $magick->Write("gif:-");

    Can be useful, if you want to modify the graphic yourself. If you want to get an *image type*
    see the "force" option in "out".

  gdbox_empty
    See "path bug" in "GD bug" for usage and other information on this method.

  add_strip
  cconvert
  gdf
  h2r
  is_hex
  r2h
  random_angle
UTILITY METHODS
  backends
    Returns a list of available GD::SecurityImage back-ends.

       my @be = GD::SecurityImage->backends;

    or

       my @be = $image->backends;

    If called in a void context, prints a verbose list of available GD::SecurityImage back-ends:

       Available back-ends in GD::SecurityImage v1.55 are:
               GD
               Magick

       Search directories:
                  /some/@INC/dir/containing/GDSI

    you can see the output with this command:

       perl -MGD::SecurityImage -e 'GD::SecurityImage->backends'

    or under windows:

       perl -MGD::SecurityImage -e "GD::SecurityImage->backends"

EXAMPLES
    See the tests in the distribution. Also see the demo program "eg/demo.pl" for an
    "Apache::Session" implementation of "GD::SecurityImage".

    Download the distribution from a CPAN mirror near you, if you don't have the files.

    Running the test suite will also create some sample images.

  OTHER USE CASES
    "GD::SecurityImage" drawing capabilities can also be used for *counter image* generation or
    displaying arbitrary messages:

       use CGI qw(header);
       use GD::SecurityImage 1.64; # we need the "blank" style

       my $font  = "StayPuft.ttf";
       my $rnd   = "10.257"; # counter data

       my $image = GD::SecurityImage->new(
          width  =>   140,
          height =>    75,
          ptsize =>    30,
          rndmax =>     1, # keeping this low helps to display short strings
          frame  =>     0, # disable borders
          font   => $font,
       );

       $image->random( $rnd );
       # use the blank style, so that nothing will be drawn
       # to distort the image.
       $image->create( ttf => 'blank', '#CC8A00' );
       $image->info_text(
          text   => 'You are visitor number',
          ptsize => 10,
          strip  =>  0,
          color  => '#0094CC',
       );
       $image->info_text(
          text   => '( c ) 2 0 0 7   m y s i t e',
          ptsize => 10,
          strip  =>  0,
          color  => '#d7d7d7',
          y      => 'down',
       );

       my($data, $mime, $random) = $image->out;

       binmode STDOUT;
       print header -type => "image/$mime";
       print $data;

ERROR HANDLING
    "die" is called in some methods if something fails. You may need to "eval" your code to catch
    exceptions.

TIPS
    If you look at the demo program (not just look at it, try to run it) you'll see that the random
    code changes after every request (successful or not). If you do not change the random code after
    a failed request and display the random code inside HTML (like *"Wrong! It must be <random>"*),
    then you are doing a logical mistake, since the user (or robot) can now copy & paste the random
    code into your validator without looking at the security image and will pass the test. Just
    don't do that. Random code must change after every validation.

    If you want to be a little more strict, you can also add a timeout key to the session (this
    feature currently does not exits in the demo) and expire the related random code after the
    timeout. Since robots can call the image generator directly (without requiring the HTML form),
    they can examine the image for a while without changing it. A timeout implemetation may prevent
    this.

BUGS
    See the "SUPPORT" section if you have a bug or request to report.

  GD bug
   path bug
    libgd and GD.pm don't like relative paths and paths that have spaces in them. If you pass a font
    path that is not an exact path or a path that have a space in it, you may get an empty image.

    To check if the module failed to find the ttf font (when using "GD"), a new method added:
    "gdbox_empty()". It must be called after "create()":

       $image->create;
       die "Error loading ttf font for GD: $@" if $image->gdbox_empty;

    "gdbox_empty()" always returns false, if you are using "Image::Magick".

COMMON ERRORS
  Wrong GD installation
    I got some error reports saying that GD::SecurityImage dies with this error:

       Can't locate object method "new" via package "GD::Image"
       (perhaps you forgot to load "GD::Image"?) at ...

    This is due to a *wrong* installation of the GD module. GD includes "XS" code and it needs to be
    compiled. You can't just copy/paste the *GD.pm* and expect it to work. It will not. If you are
    under Windows and don't have a C compiler, you have to add new repositories to install *GD*,
    since ActiveState' s own repositories don't include *GD*. Randy Kobes and J-L Morel have ppm
    repositories for both 5.6.x and 5.8.x and they both have *GD*:

       http://www.bribes.org/perl/ppmdir.html
       http://theoryx5.uwinnipeg.ca/

    *bribes.org* also has a *GD::SecurityImage* ppd, so you can just install *GD::SecurityImage*
    from that repository.

  libgd errors
    There are some issues related to wrong/incomplete compiling of libgd and old/new version
    conflicts.

   libgd without TTF support
    If your libgd is compiled without TTF support, you'll get an *empty* image. The lines will be
    drawn, but there will be no text. You can check it with "gdbox_empty" method.

   GIF - Old libgd or libgd without GIF support enabled
    If your GD has a "gif" method, but you get empty images with "gif()" method, you have to update
    your libgd or compile it with GIF enabled.

    You can test if "gif" is working from the command line:

       perl -MGD -e '$_=GD::Image->new;$_->colorAllocate(0,0,0);print$_->gif'

    or under windows:

       perl -MGD -e "$_=GD::Image->new;$_->colorAllocate(0,0,0);print$_->gif"

    Conclusions:

    *   If it dies, your GD is very old.

    *   If it prints nothing, your libgd was compiled without GIF enabled (upgrade or re-compile).

    *   If it prints out a junk that starts with 'GIF87a', everything is OK.

CAVEAT EMPTOR
    *   Using the default library "GD" is a better choice. Since it is faster and does not use that
        much memory, while "Image::Magick" is slower and uses more memory.

    *   The internal random code generator is used only for demonstration purposes for this module.
        It may not be *effective*. You must supply your own random code and use this module to
        display it.

SEE ALSO
  Other CAPTCHA Implementations & Perl Modules
    *   GD, Image::Magick

    *   ImagePwd, Authen::Captcha.

    *   "ImageCode" Perl Module (commercial): <http://www.progland.com/ImageCode.html>.

    *   The CAPTCHA project: <http://www.captcha.net/>.

    *   A definition of CAPTCHA (From Wikipedia, the free encyclopedia):
        <http://en.wikipedia.org/wiki/Captcha>.

    *   WebService::CaptchasDotNet: A Perl interface to *http://captchas.net* free captcha service.
        *captchas.net* also offers *audio* captchas.

  GD::SecurityImage Implementations
    *   GD::SecurityImage::AC: "Authen::Captcha" drop-in replacement module.

    *   Sledge::Plugin::Captcha

    *   Catalyst::Plugin::Captcha

    *   CGI::Application::Plugin::CAPTCHA

    *   Angerwhale::Controller::Captcha

AUTHOR
    Burak Gursoy <burak AT cpan.org>

COPYRIGHT AND LICENSE
    This software is copyright (c) 2004 by Burak Gursoy.

    This is free software; you can redistribute it and/or modify it under the same terms as the Perl
    5 programming language system itself.