using PIL for anti-automation in ASP

D

Doug R

I'm trying to create an anti-automation feature to prevent scripts
from running reports on our website by requiring users to enter a code
from an image (like Yahoo e-mail sign-up, or Network Solutions WHOIS
search).

I'm using Python as the scripting language in the ASP page, and using
PIL to generate the image. The code is stored into a session variable,
which is used to check the user's entry. It works fine the first time
around, but the problem I'm running into is that the page doesn't
refresh properly if the user returns to it. It just returns a blank
page.

Any help would be greatly appreciated. See code below:

<%@ LANGUAGE=Python%>
<html>
<head>
<title>Python ASP Page</title>
<%

import random
import PIL
import Image, ImageDraw, ImageFont

def password(n):

"""Returns a pseudo-random number of length n."""

# initialize empty string
s = ""

# generate random number, convert to string and append to s
for x in range(n):
i = random.randint(1,9)
s = s + str(i)

return s

def passwordImg(p):

"""Generates an image with text p."""

# open existing image
img = Image.open('C:\\Inetpub\\wwwroot\\BegASPFiles\\images\\temppassword.gif')

# create new image
imgsize = (150,20) # image size
blue = (102,102,255) # image color
white = (255,255,255) # font color
newimg = Image.new("RGB",imgsize,blue)

# set font
arial = ImageFont.load('C:\\PythonScripts\\PILtest\\fonts\\Arial
Bold_14_100.pil')

# create ImageDraw object to write text
draw = ImageDraw.Draw(newimg)
draw.text((40,-1),p, fill=white,font=arial)

# paste new image with password over old image
img.paste(newimg)

# save image and return true if successful
# Note: img.save returns None
imgPath = 'C:\\Inetpub\\wwwroot\\BegASPFiles\\images\\password.gif'
if img.save(imgPath):
return 0
else:
return 1


%>
</head>
<body>


<%

p = password(7)
Session.SetValue("key",p)
Response.Write("<p>")
//***********************
// check to see session variable has been written - remove for
production
//***********************
Response.Write(Session("key"))
Response.Write("</p>")

Response.Write("<p>test password:</p>")

if(passwordImg(p)):
Response.Write("<p><img src='images/password.gif' width='150'
height='20' alt='password'></p>")
else:
Response.Write("<p>Password image could not be generated.</p>")

Response.Write("<form action='pythonhandler.asp' method='POST'>")
Response.Write("<input type='text' name='pwd' size='10'><br>")
Response.Write("<input type='submit' value='Submit'>")
Response.Write("</form>")

%>
</p>
</body>
</html>
 
J

Jay Dorsey

Doug said:
I'm trying to create an anti-automation feature to prevent scripts
from running reports on our website by requiring users to enter a code
from an image (like Yahoo e-mail sign-up, or Network Solutions WHOIS
search).

I'm using Python as the scripting language in the ASP page, and using
PIL to generate the image. The code is stored into a session variable,
which is used to check the user's entry. It works fine the first time
around, but the problem I'm running into is that the page doesn't
refresh properly if the user returns to it. It just returns a blank
page.
Click to expand...

Maybe the users browser is caching the image/page? Try a unique image
name each time, or appending a date/time stamp to the image name
(image.gif?blah=12345). First, if you're using IE, you could also
disable page/image caching in the browser (you can do this in Mozilla
too I think, and other browsers).

Jay
 
J

John J. Lee

I'm trying to create an anti-automation feature to prevent scripts
from running reports on our website by requiring users to enter a code
from an image (like Yahoo e-mail sign-up, or Network Solutions WHOIS
search).
Click to expand...
[...]

It's called a captcha.

http://www.captcha.net/


You might like to note that the site above lists several programs that
can crack the kind of captcha you're talking about with around 80-90%
accuracy. So, if you've got determined attackers, you might prefer
one of the other schemes they suggest.


John
 
J

Jegenye 2001 Bt

I see trouble here. What if two users tread on each other's password.gif ?
Use a unique filename (see module "tempfile" ) that should solve your
caching problem as well.

Best,
Miklós

--
PRISZNYÁK Miklós
---
Jegenye 2001 Bt. ( mailto:[email protected] )
Egyedi szoftverkészítés, tanácsadás
Custom software development, consulting
http://jegenye2001.parkhosting.com



Doug R said:
I'm trying to create an anti-automation feature to prevent scripts
from running reports on our website by requiring users to enter a code
from an image (like Yahoo e-mail sign-up, or Network Solutions WHOIS
search).
Click to expand...
[code deleted]
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Need help from someone that have PIL installed 7
PIL question. having exactly same font on multiple platforms 1
using session var in sql ASP C# 0
Transparency with PIL and paste ? 0
ChatBot 4
Using ASP to loop thru XML file and generate HTML 4
Dynamic image creation for the web... 5
New to ASP need help 1

Members online

No members online now.
Total: 29 (members: 0, guests: 29)
Robots: 510

Forum statistics

Threads
473,769
Messages
2,569,579
Members
45,053
Latest member
BrodieSola

Latest Threads

Top