|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Since php is rejected out of the box, I can't provide a solution, but
I'd just comment that the touchy part is not so much generating the
image, but validating it without giving up client side validation, and
changing the image if the security code is wrong.
I found I could use a md5 hash to control that, generating the hash with
javascript on the client side, and sending a response code to an iframe,
which I could then evaluate during normal client side data validation.
It got a little tricky though, because our favorite browser from Redmond
is too stupid to realize that scripts.somesite.com is in the same domain
as somesite.com, so I had to explicitly set the domain on all the pages.
That same wonderful browser also can't be relied upon for standard DOM
behavior, so there's a hack for retrieving the data from the iframe too.
Also, for any browser, if the image is replaced, it needs to have a new
name, or the original image will just be used from cache. A rewrite rule
in conjunction with a timestamp based file name works well for that with
Apache. Submitting the form was also a little strange, but thinking of
the process as being event based solved the problems when thinking
procedurally didn't work: Click button to execute hash validation by
submitting the hash to refresh the iframe. When iframe load event
subscriber fires do the rest of the validation and post from javascript.
Since "onload" is not a valid event name for iframe, it's necessary to
create a "load" event listener, but that can be done in the page
"onload" event method where the original captcha image name can also be
generated and applied to the captcha img element.
It seems easy it first, but there's a fair amount of work involved to
figure it all out.
Pete Hall
pbhall@xxxxxxxxxxxxx
Guillermo Andrades, CPI Software wrote:
Nathan,-----BEGIN PGP SIGNATURE-----
there are several programs/libraries in php and perl for generating (in the
air, one to one) images with random content,
as you mention would be I could install one in my PC, run the library 9999
times, generating all these images and the table and so on, but sure iot
need too time and putting 9999 images in the ifs only for these purpouse is
not too elegant.
a lateral idea to this is generate an number (or number with one to two
letters, total 5 chars) and SHOW this content using FIVE images, and the I
only need maybe 99 images in total.
this the way much counters works.
then I will show the images in an DIV from ajax and so on.
I've an little perl app running in an linux box and this generates captcha
very easily (four numbers only, not too complex), maybe porting some
routines in perl to the IBM i would be easy?
the way David Gibbs uses (an web services really) is also a good idea,
nothing to do, but also you're depending on other company, customers don't
like future problems...
More ideas?
Thanks,
Guillermo
On Mon, Sep 1, 2008 at 5:05 PM, Nathan Andelin <nandelin@xxxxxxxxx> wrote:
I've never output a form that prompted the user to enter the characters
represented in a Captcha image. But if you had a table on your server that
cross-referenced the character representation with the image file name, the
validation logic would just be a regular string comparison against the
appropriate table row & column, and the type of thing you could easily do in
just about any server language.
I understand that the purpose of distorting the image is to prevent it from
being converted to a character string via standard optical character
recognition, which could be employed via bot. You want to make sure the
user is more intelligent (human) than a bot.
So my question would be, is there software available that can convert
simple character strings into distorted image representation, so you can
generate your own table of prompts?
Nathan.
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAki8Hi8ACgkQpcZsDl8OX6nNwgCgsbBNyXMyLGTXuqceH7P1NKXm
n/IAnRk0aYMR0NY48fdBLbSP3ZzGxRDH
=0Bsp
-----END PGP SIGNATURE-----
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.