'', 'question' => '']; } $a = random_int(2, 12); $b = random_int(2, 12); $token = bin2hex(random_bytes(12)); $_SESSION['captcha'][$token] = [ 'answer' => (string) ($a + $b), 'expires' => time() + 900, ]; return [ 'token' => $token, 'question' => 'What is ' . $a . ' + ' . $b . '?', ]; } public static function verify(string $token, string $answer): bool { if (session_status() !== PHP_SESSION_ACTIVE || $token === '') { return false; } $challenge = $_SESSION['captcha'][$token] ?? null; unset($_SESSION['captcha'][$token]); if (!is_array($challenge) || (int) ($challenge['expires'] ?? 0) < time()) { return false; } return trim($answer) === (string) ($challenge['answer'] ?? ''); } }