Captcha library
Download Now!
Size :  20Kb
Level :  stable
Version :  1.0.0
Date :  16-Jul-2007


This library offers a visual captcha generation system for REBOL web applications. Its goal is to protect web forms from spam produced by automated bots, using a test that is supposed to be only solvable by a human being.

Remember two important facts before deciding to use a captcha protection :

  • Any captcha can be defeated using relay attacks.
  • Adding this captcha using the level 1 mode will probably protect your form against 99% of automated spams (and keep your users with visual deficiencies, happy).
The methods used by this captcha library, are not the most advanced ones, because implementing state-of-the-art methods takes a lot of time and energy, giving in return only a debatable gain or no gain at all (due to relay attacks). Anyway, feel free to play and improve this library, I'll be happy to see the results.


  • DRAW based : doesn't require View engine, just DRAW (can run with /Command on UNIX without Xlibs installed).
  • Lightning Fast : captcha generation takes just a few milliseconds.
  • Easy integration : takes 2 function calls to obtain a captcha image.
  • Configurable : 5 levels of strength, use any font, character range changed easily.
  • Compact : 4Kb (for the captcha generator), each fonts file is less than 40Kb uncompressed!
  • Open-source : BSD license.


  • Generates images only in PNG 32bits format.
  • Output image size cannot (yet) be changed.
  • Font size cannot (yet) be changed.


Download the latest version and save it in a directory. To install it, just uncompress the ZIP archive on your local disk.

The archive contains :

%captcha.r The captcha runtime library.
%captcha-test.r A View application to test and demo the captcha library.
%sfd2caf.r A font file conversion utility.
%Fonts/ Folder of free font files in CAF format.

API Documentation

captcha/set-fonts-path %path/

Defines the path for retrieving the CAF font files used by the captcha generator. It's mandatory to define this path before using the generate function because there's no default path provided. If path is not set, an error will be raised when trying to create the captcha.


Produces and returns the captcha image! value in PNG format. The output image! value has a fixed size of 300x120 pixels. The /source refinement returns the source form of the captcha in DRAW dialect, instead of the image! value.

captcha/answer? input reference

Tests if the provided input and reference string arguments matches. It's not case-sensitive, order of letters doesn't matter and all whitespaces are ignored. This function provides a default matching method, there's no obligation to use it. The original text corresponding to the latest generated image is stored in captcha/text. So, it would be a good idea to store it in your application context, if this library is shared among several applications or is used in a multi-users context. Once stored, it can be compared later with input text from the user.

captcha/level: value

Sets the captcha level of difficulty. The passed value have to be an integer! value between 1 and 5. The following table gives you details for each level :

Level 1
  • Simple text rendering using one of the available captcha fonts.
  • Level 2
  • Some random perturbation lines added.
  • Level 3
  • Letter position is random, while preserving the order.
  • Letters can overlap on each other.
  • Letters and perturbation lines are randomly transparent.
  • Level 4
  • Multicolored background added.
  • Level 5
  • Letters are slightly rotated in 3D (no flipping). Order is preserved most of the time
  • captcha/allowed: bitset

    Defines the list of ASCII characters allowed in the captcha. The default list includes : "0-9 A-Z a-z @" except these ones: "iIl1LoO0" (for obvious ambiguity reasons).

    Typical Usage

    The following example is extracted from CureCode, our open source bugtracker, so, it's in RSP format :

    captcha.rsp :

    captcha/level: 2
    response/buffer: captcha/generate
    response/set-header 'Content-type "image/png"

    session/content/captcha-text: captcha/text

    Then just use an IMG tag to include it in a HTML page :
    <img src="captcha.rsp">

    The random generated text string is stored in the user session, so that it can be tested, later, against user input.

    The CAF font format

    CAF stands for "CAptcha Font". It's a specific font format invented for this library, but it could be used by other applications. The goals of this file format are :
    • Provide a vectorial description of individual glyphs in DRAW dialect.
    • Allow fast runtime access to each glyph definition (without having to load all the definitions in memory).
    • Be simple.
    .caf file format :
    HEADER section: fixed size of 892 bytes (223 printable chars * 4)

    offset1 (int32)
    offset2 (int32)
    offset3 (int32)

    GLYPHS section:

    len1 (int32)
    glyph1-data (len1 bytes)
    len2 (int32)
    glyph2-data (len2 bytes)
    len3 (int32)
    glyph3-data (len3 bytes)

    The header is a table of offsets in font file for each glyph definition. A glyph definition is composed by a 4-bytes integer value that gives the length of the glyph data. It's immediatly followed by the data itself. So a typical glyph access routine will open/seek for the glyph offset, then /seek again for the glyph definition (the header could be cached in memory). The captcha/get-glyph internal function can be reused to extract glyphs from the CAF files.

    To generate new CAF files, you need first to obtain or produce SFD font files, and then use the provided sfd2caf converter. SFD format is a font format in text mode produced by the open source tool : FontForge (UNIX-only tool, debian/ubuntu package name: fontforge).

    So, you can use free SFD fonts under BSD license, or generate your own SFD fonts, using FontForge. It supports a wide range of font formats including TrueType and Adobe's formats (you could virtually add hundreds of different fonts to the captcha library!).

    To convert any font to the SFD format, just load them in FontForge, then use the "File/Save as" menu option, and select the SFD format. Once done, just run the sfd2caf converter to obtain the CAF format.

    The CAF format only handles the ASCII range while the SFD can provide the full Unicode range. So, while developing CAF support, a few helper applications were built. See the next section.

    Playing with Glyphs

    If you are interested in glyph simple rendering in REBOL using the DRAW dialect, here is a package of tools to convert SFD font files and visualize glyphs :

    Download : (3Kb).

    %convert-glyphs.r will convert SFD font files in plain DRAW dialect form (.r files not CAF files) and %show-glyphs will allow you to visualize all the glyphs and navigate through the full Unicode range.

    Download one of the free SFD fonts to start to play with it.

    About Captchas


    The captcha library is bundled with 2 font files that include glyph definitions from the CaslonRoman and Caliban fonts distributed under BSD license. Original files provided by George Williams, can be found here.


    • v.1.0.0 - 16/07/2007
      - First public release.