View Full Version : Enter the code as it is shown in the box below

08-22-2004, 09:31 AM
I was wondering if this could be done with ASP


At the bottom has a image that has a code that you have to enter to continue like a confirmation :confused:

08-22-2004, 06:26 PM
If you sit down and create an image with ASP, thne it is possible since that is all that it is doing on the back end.

Easier way to do it is have a series of images predone and set them on page load, you server side code and determine what the code based on the omage displayed.

The first method is more secure then the second, but the second one can be just as bad if you have a lot of pics to use.

My 2 cents

08-23-2004, 04:14 AM
Thats Cool! its the first one I am more interested in! I was wondering if that had a perticular name (script name) that I could google???? :o

08-23-2004, 02:10 PM
Image Verification, I know of .NET and PHP ones but not ASP...

08-24-2004, 01:07 AM
Read next post.

08-24-2004, 02:48 AM
Ok, I got bored after my dinner so I made this really quick.

Here's what I did for pre-created images, very simple, but it works.
I first started by making 3 coded images, and labeled them imagecode1.jpg, etc. I didn't do the best job on them, but they are done well enough for this example. It's good to use both letters and numbers, and you could mix case to be sneaky. Random lines or shapes placed to throw off bots are good.
I then saved the images with a jpg compression at 25%. This will also help make it unreadable by bots, and keep the image size down.


After that, I wrote up this code to show the image, and ask for the code in a form.

<%Option Explicit
Dim strCode
strCode = Request.Form("code")
If strCode <> "" Then
Dim blnCheck
Select Case strCode
Case "T4E5S6T"
blnCheck = True
Case "F2E7S39"
blnCheck = True
Case "H1L7V0Z"
blnCheck = True
Case Else
blnCheck = False
End Select
End If
If blnCheck = True Then
Response.Write "WHHHHHHHHhhhhhheeeeeeeeeeeeeeeeeeeeeeeeeee..."
Dim strImage, strError
If blnCheck = False And blnCheck <> "" Then
strError = "The code you entered is incorrect."
End If
strImage = "imagecode" & Int(Rnd * 3) + 1 & ".jpg"
<form method="post" action="page.asp">
<table cellpadding="5" cellspacing="5" border="1">
<td colspan="2" align="center"><font color="FF0000"><%=strError%></font></td>
<td align="left">Enter the code from the image below.</td>
<td align="right"><input type="text" size="10" maxlength="10" name="code"></td>
<td colspan="2" align="center"><img src="<%=strImage%>" height="50" width="200"></td>
<td colspan="2" align="right"><input type="submit" value=" Submit "></td>
<%End If%>

After I finished this, I wondered about making the code in the images follow an algorithm so that you don't need so many different cases, just a few or maybe one. The problem with that is if the bot knows about this and try a random code related to the algorithm. I think I am going past the point here. ;)
The codes could be placed inside a database or a text file though, so all you need is code to read what image you picked, and where you can find it in the database.
My code works to just put in 1 of 3 codes, not nessacarily caring about if the code works for the image at all. This can be writen in somehow, but you'll need to keep track of what image you used.

I will make up and post the code for having ASP create images for this script using ASPJpeg, if I can manipulate the text.. I don't think there are any free ASP image creaters on the internet. (that I know of)
I will also add some ideas I have to make it very secure, and very well done.

So, enjoy!

08-24-2004, 03:25 AM
Looks like ASPJpeg cost $$$ after a 30 day eval.

If you control the server, you could install ImageMagick, which happens to be installable as a COM+ object and is free. :thumbsup: Here's a link to the ImageMagickObject (http://www.imagemagick.net/www/ImageMagickObject.html).

Roy Sinclair
08-24-2004, 05:19 PM
If you're doing this as new code you should be doing it using .NET which happens to also have all the tools you need to create such images on the fly without forcing you to go to a third party.

Frankly, ASP code should be on the wane. Used primarily to fix existing code, new development should be done as .NET since that's the current generation tool and it really does provide a lot of advantages over ASP.

08-24-2004, 08:42 PM
Of course, there are exceptions to the above. :(

In my case, .NET is not allowed by US Air Force server security policy. I asked when it was going to be installed a year ago...and was laughed at. It's been a year so I should probably bug the server admin again. Oh how I would love to use that data grid dealie and the xml parsing of .NET

<sigh> I can only dream... :rolleyes:

Roy Sinclair
08-24-2004, 09:36 PM
Of course, there are exceptions to the above. :(

In my case, .NET is not allowed by US Air Force server security policy. I asked when it was going to be installed a year ago...and was laughed at. It's been a year so I should probably bug the server admin again. Oh how I would love to use that data grid dealie and the xml parsing of .NET

<sigh> I can only dream... :rolleyes:

Understood, our own company told us that .NET was not an acceptable technology and MS server products are unacceptable for enterprise wide use and then turned around and demanded we all fill out a survey and the sharp ones among us couldn't help but note that the file extension on all those survey pages was ASPX. Sometimes you wonder...

08-24-2004, 09:44 PM
Move to the ARMY man! Working in .NET now on a base.


08-24-2004, 10:56 PM
This thread is now off course...oh well. :)

Roy: I tried a test .NET page a few months ago and it it didn't work, so I'm keeping an eye out for them installing it and not telling anyone. :cool:

I fly on the E-3 AWACS, and I don't think the Army has any of those. :D

Roy Sinclair
08-24-2004, 11:20 PM
I think Alien51's suggestion of making up a series of them in advance might be a possible answer. Just serve them using an ASP page to write them so the URL is always identical so they can't be hacked by matching the URL and using a server side store to know which code you sent the user and therefore which code they should return.

08-25-2004, 01:10 AM
WOW! As always you guys are the best :) I am still in the very basic learning stages of .net and well hopefully when I have enough dough I will pick up a book on it :) for now I am stuck useing ASP and seems to work very well for everything I am doing except that and a few other things

P.S. Can you mix ASP and ASPX or .net code?

oh and any good tutorial resources on .net would be great
and I already know of google :) lol and when I have time I will do a google search on it as well but as I said above you guys are the pros and will have the good ones already bookmarked!

08-25-2004, 03:58 AM
If you're going to pre-make the graphics...why not make all the characters available for your password (I'd elimnate characters that can be confused for each other like 1 and l). Then randomly generate your xx digit code. Once you have the code, save a copy of each character's pic as some other random filename and then display those randomly named pics next to each other.

The random pic renaming and displaying is to prevent html code scraping.

Pseudo code (for example only..not sure it's accurate..my VBScripting is rusty)

Function SekritCode(tmp) '<--length of code needed
For x = 1 to tmp
randomly generate a code character
save the character's pic into a temp directory with an randomly generated name
ResponseWrite ("<img src=""/tempDirLocation/RandomPicName.gif""">)
End Function

ResponseWrite ("<p>Your sekrit code is: " & SekritCode(6) & "</p>")

You'd need to add code to clean the temp holding directory every once in a while.

Something like that.

08-25-2004, 04:54 AM
I made this code when I was thinking about creating an image in ASP.
This is the function I made to create random numbers and letters.
It's simple to understand.

<%Option Explicit
Function RandomAlphaNumeric(blnAlpha, blnNumeric, intCharacters)
Dim I, intRandom

If blnAlpha = False And blnNumeric = False Then
intCharacters = 0
End If

For I = 1 To intCharacters
intRandom = Int(Rnd * 36)
If intRandom <= 9 And blnNumeric = True Then
RandomAlphaNumeric = RandomAlphaNumeric & intRandom
ElseIf intRandom >= 10 And blnAlpha = True Then
RandomAlphaNumeric = RandomAlphaNumeric & Chr(intRandom + 87)
I = I - 1
End If
End Function

Response.Write RandomAlphaNumeric(True, True, 7)

Can anyone simplify this, more?
You can also add stuff like removing characters that look the same.

08-25-2004, 04:13 PM
LOL! Still off-topic here, but not worthwhile to make a new post. Anyways, here's my email from yesterday:

My sent email:

I asked about a year ago when .NET was going to be authorized to install/use on the webserver and you guys basically said, "Not anytime soon" so I went ahead and taught myself the "old fashioned ASP".

What's the latest-n-greatest on the USAF webserver security policy allowing .NET to be installed/used?

Their response today:

The framework is loaded on the web server, but none of us in the LAN Shop have enough .NET knowledge to test it to ensure it works properly. If you want to load some .aspx pages out there and give it a go, we have no problems with that.
Boo-yah! /me starts teaching himself ASP.NET today. :thumbsup: