Note, that Captcha decrease site usability for people with disabilities so you should use Captcha carefully.
- We show that image in the form
- We make a md5 or sha1 hash out of that string and send it as a hidden field of the form or we use sessions or cookies to store it.
- When user submits the form the text he entered is hashed and compared with the original hash. If they are equal then user entered correct captcha text.
- Simple image (a small blank banner or similar image with non aggressive background)
- A TTF font file - a bit "fantasy" font would be nice (but readable)
I've also placed in the same folder SHERWOOD.TTF a Baldurs Gate like font file. Next I've created a simple project and app, which returned "captcha" view under / root URL.
form.html template code: temp is a path + filename of the temporary captcha image. tempname is just the name, which is passed to the template and it is used to show the correct image. On success the view should delete the temporary image (if the user can't use the form again - for example login form)