It appears as though you are trying to include HTML code in your image.

First, you set the header of the document to an image:

Header("Content-Type: image/png");

And then you send HTML to the browser:

echo "<html><head>...

You should make verify.php a separate file to draw the image and call it from account_settings.php, keeping HTML and image data in separate files.

Will the following do?

<?
/* initialize a session. */
session_start();
/*header*/
Header("Content-Type: image/png");

/*We'll set this variable later.*/
$new_string;

/*register the session variable. */
session_register('new_string');
include ('mysql.php');
echo "
<link type=\"text/css\" rel=\"stylesheet\" href=\"css.css\">
<body>
<form name=\"form1\" action=\"\" method=\"POST\">
<fieldset>
<legend>Information</legend>
<label class=\"left\">E-mail Address :<br>
<font size=\"-2\"> This is the address you provided during registration </font></label>
<label class=\"right\">
<input type=\"text\" name=\"email\">
</label>
<label class=\"left\">Enter the code as you see in the box :<br>
<font size=\"-2\"> Case Sensitive </font></label>
<label class=\"right\">
<input type=\"text\" name=\"image\"> <img src=\"verify.png\">
</label>
";
/* set up image, the first number is the width and the second is the height*/
$im = ImageCreate(200, 40);

/*creates two variables to store color*/
$white = ImageColorAllocate($im, 255, 255, 255);
$black = ImageColorAllocate($im, 0, 0, 0);

/*random string generator.*/
/*The seed for the random number*/
srand((double)microtime()*1000000);

/*Runs the string through the md5 function*/
$string = md5(rand(0,9999));

/*creates the new string. */
$new_string = substr($string, 17, 5);

/*fill image with black*/
ImageFill($im, 0, 0, $black);

/*writes string */
ImageString($im, 4, 96, 19, $new_string, $white);

/* output to browser*/
ImagePNG($im, "verify.png");
ImageDestroy($im);
?>

You're still putting html into your 'image'.

When you send the image/png content type to the browser, that's just what the browser expects. If you then, on the same page, try to output some html you get this error because html isn't an image. To fix it, you need to completely seperate your image stuff from the html stuff... meaning two seperate files.

Looks like you're trying to do a captcha. The way I do mine is to store the md5 hash in a session so the original code can't be read by bots or anything, and compare the hash from the image to the hash of the entered value by the user.

Seperate the html page and php image creation stuff completely. Move the image creation stuff to a file called verify.php, and then use it in the image tag just as though it was an image... ie <img src="verify.php">.
Your regular html form page should have a standard header type.. no image stuff.

So, in your image file, you would create your image and store the md5 hash of your code in a session variable. Now that hash is in the session. The output according to the browser is png, because that's what you specify in your header. It doesn't care what the extension of the file is... it still thinks it's a png file.

Since you have the md5 hash of the currently displayed code in your session, you can then compare what the user enters in the box to the session variable and viola! Verification.

Bottom line is that you can't have anything but image information in the output of the file when you send an image type as a header. Hope that all made sense.