Security

[TonyMast]

I don't remember what it's called, but I want to create a text input to
ensure it's a human typing in the information.
The one says type in the above letter and numbers. These letters and numbers
are an image and slightly off centered and slanted.

Thanks

 

[Trevor L.]

I don't remember what it's called, but I want to create a text input
to ensure it's a human typing in the information.
The one says type in the above letter and numbers. These letters and
numbers are an image and slightly off centered and slanted.

Thanks

There have been some recent posts on this topic.

I was also interested but didn't find anything useful - sure there were references to some sites that used it, but how to implement
??

Actually to answer my own question, I think the sites in question linked to various random images and obviously some file which
contained the translation into characters, so each time a different set of characters is used and a different response is required.

Perhaps we should both keep watching

 

[Trevor L.]

There have been some recent posts on this topic.

I was also interested but didn't find anything useful - sure there
were references to some sites that used it, but how to implement ??

Actually to answer my own question, I think the sites in question
linked to various random images and obviously some file which
contained the translation into characters, so each time a different
set of characters is used and a different response is required.
Perhaps we should both keep watching

Well, Tony

I did a bit of searching and this method is called captchas http://captchas.net/

To use this technology, your web pages have to be generated dynamically by any programming language like PHP, JSP, Python, ASP,
Perl. To encode the password the Message Digest Algorithm MD5 is required. It is part of most of the named languages or can easily
be installed.

So for an ordinary page it may not work (unless one can simulate this using JavaScript)

 

[Andrew Murray]

I think the general term is "captcha" - which is the thing you see on many
sign-up forms where you enter the characters to verify it is a person not a
machine entering the code.

There's one here on this site.
http://www.webwizguide.com/asp/sample_scripts/web_wiz_CAPTCHA.asp

 

[Rob Giordano \(Crash\)]

I've found that it works without all the fancy dynamic stuff...I use just a
distorted number image and FP's form field validation...and haven't gotten
any goofy email from the form in over a year. Of course it's not a busy
site..but I used to get junk mail from it regularly so I guess it works.


| Trevor L. wrote:
| > TonyMast wrote:
| >> I don't remember what it's called, but I want to create a text input
| >> to ensure it's a human typing in the information.
| >> The one says type in the above letter and numbers. These letters and
| >> numbers are an image and slightly off centered and slanted.
| >>
| >> Thanks
| >
| > There have been some recent posts on this topic.
| >
| > I was also interested but didn't find anything useful - sure there
| > were references to some sites that used it, but how to implement ??
| >
| > Actually to answer my own question, I think the sites in question
| > linked to various random images and obviously some file which
| > contained the translation into characters, so each time a different
| > set of characters is used and a different response is required.
| > Perhaps we should both keep watching
|
| Well, Tony
|
| I did a bit of searching and this method is called captchas
http://captchas.net/
|
| To use this technology, your web pages have to be generated dynamically by
any programming language like PHP, JSP, Python, ASP,
| Perl. To encode the password the Message Digest Algorithm MD5 is required.
It is part of most of the named languages or can easily
| be installed.
|
| So for an ordinary page it may not work (unless one can simulate this
using JavaScript)
|
| --
| Cheers,
| Trevor L.
| Website: http://tandcl.homemail.com.au
|
|

 

[Trevor L.]

I've found that it works without all the fancy dynamic stuff...I use
just a distorted number image and FP's form field validation...and
haven't gotten any goofy email from the form in over a year. Of
course it's not a busy site..but I used to get junk mail from it
regularly so I guess it works.

Sounds good
1. How do you create the distorted image - can odinary image editors do this, e.g. MS Picture It!
2. How often do you have to put a new one in place?

 

[Rob Giordano \(Crash\)]

Yah, I just used an image editor and distorted the digits... 1951 and made a
form field requiring 1951 as input (a note for users to enter 1951 next to
the field) . Change the image? ... I'm lazy...I haven't in almost 2 years
and haven't gotten any robot junk.

Not very sophistikated but it seems to werk fer moi.


| Rob Giordano (Crash) wrote:
| > I've found that it works without all the fancy dynamic stuff...I use
| > just a distorted number image and FP's form field validation...and
| > haven't gotten any goofy email from the form in over a year. Of
| > course it's not a busy site..but I used to get junk mail from it
| > regularly so I guess it works.
|
| Sounds good
| 1. How do you create the distorted image - can odinary image editors do
this, e.g. MS Picture It!
| 2. How often do you have to put a new one in place?
| --
| Cheers,
| Trevor L.
| Website: http://tandcl.homemail.com.au
|
|

 

[TonyMast]

Very simple, sounds great I'll try it.
I think I will create a DB of image locations and random display them.
Thanks allot

 

[Trevor L.]

Yah, I just used an image editor and distorted the digits... 1951 and
made a form field requiring 1951 as input (a note for users to enter
1951 next to the field) . Change the image? ... I'm lazy...I haven't
in almost 2 years and haven't gotten any robot junk.

Not very sophistikated but it seems to werk fer moi.

Rob,
I thought about doing this but on looking at the captcha.net site, I realised that I could use their code.

This is my cut-down version of the code.
I have removed most of the styles, but commented out (or set <input type="hidden" ...> ) for HTML code not used

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>captcha</title>
<style type="text/css">
body{ font-family: sans-serif; }
</style>
<script src="scripts/md5.js" type="text/javascript"> </script>
<script src="scripts/update.js" type="text/javascript"> </script>
</head>
<body onload="update ()">
<form action="">
<table>
<tbody>
<tr>
<td><!-- Username: --></td>
<td><input type="hidden" id="captcha_client" value="demo" size="40"/>
</td>
</tr>
<tr>
<td><!-- Secret Key: --></td>
<td><input type="hidden" id="captcha_key" value="secret" size="40"/></td>
</tr>
<tr>
<td><!-- Random String: --></td>
<td>
<input type="hidden" id="captcha_random" value="RandomZufall" size="40"/>
</td>
</tr>
<tr>
<td colspan="2" style="text-align: center; vertical-align: middle; height: 40px">
<!-- <input type="button" value="Compute" onclick="update()"/> -->
</td>
</tr>
<tr>
<td>CAPTCHA Password:</td>
<td><input type="text" id="captcha_password" size="10"/></td>
</tr>
<tr>
<td><!-- CAPTCHA Image Link: --></td>
<td><input type="hidden" id="captcha_pic_link" size="80"/></td>
</tr>
<tr>
<td>CAPTCHA Image:</td>
<td>
<img src="http://image.captchas.net?client=demo&amp;random=RandomZufall" alt="CAPTCHA Picture" id="captcha_pic"/>
</td>
</tr>
<tr>
<td><!-- CAPTCHA Audio Link (beta): --></td>
<td><input type="hidden" id="captcha_audio_link" size="80"/></td>
</tr>
<tr>
<td><!-- CAPTCHA Audio (beta): --></td>
<td>
<a href="http://audio.captchas.net?client=demo&amp;random=RandomZufall" id="captcha_audio">
<!-- Phonetic Spelling of the CAPTCHA (beta) --></a>
</td>
</tr>
</tbody>
</table>
</form>

</body>
</html>

I extracted the files "md5.js" and "update.js" from http://captchas.net

This accesses the captcha.net site via
<img src="http://image.captchas.net?client=demo&amp;random=RandomZufall" alt="CAPTCHA Picture" id="captcha_pic"/>
where client remains as "demo" and random is altered via the code in the fuction update().
It doesn't seem to matter what value captcha_key takes.

For some reason, the audio link is also needed even if not used. Otherwise the password is blank. (I can't figure out why !)

My version returns the password and the image. To get a different pair of these alter the value in
<input type="hidden" id="captcha_random" value="RandomZufall" size="40"/>
e.g. value="RandomZufall123eT" returns cqxtlt

Of course, the password result would be used to check what the visitor types.

BTW, I googled for "Rob Giordano" to see if I could find the site where you use this method, but to no avail.

 

[Rob Giordano \(Crash\)]

I toldja I was lazy!...thats way too much typing for me.

The site is at: balletandfriends.org on the Contact Us link.

(The Navigation is goofy on this site, been meaning to re-do it for months.
:-( )



| Rob Giordano (Crash) wrote:
| > Yah, I just used an image editor and distorted the digits... 1951 and
| > made a form field requiring 1951 as input (a note for users to enter
| > 1951 next to the field) . Change the image? ... I'm lazy...I haven't
| > in almost 2 years and haven't gotten any robot junk.
| >
| > Not very sophistikated but it seems to werk fer moi.
|
| Rob,
| I thought about doing this but on looking at the captcha.net site, I
realised that I could use their code.
|
| This is my cut-down version of the code.
| I have removed most of the styles, but commented out (or set <input
type="hidden" ...> ) for HTML code not used
|
| <?xml version="1.0" encoding="utf-8"?>
| <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
| "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
| <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
| <head>
| <title>captcha</title>
| <style type="text/css">
| body{ font-family: sans-serif; }
| </style>
| <script src="scripts/md5.js" type="text/javascript"> </script>
| <script src="scripts/update.js" type="text/javascript"> </script>
| </head>
| <body onload="update ()">
| <form action="">
| <table>
| <tbody>
| <tr>
| <td><!-- Username: --></td>
| <td><input type="hidden" id="captcha_client" value="demo" size="40"/>
| </td>
| </tr>
| <tr>
| <td><!-- Secret Key: --></td>
| <td><input type="hidden" id="captcha_key" value="secret" size="40"/></td>
| </tr>
| <tr>
| <td><!-- Random String: --></td>
| <td>
| <input type="hidden" id="captcha_random" value="RandomZufall"
size="40"/>
| </td>
| </tr>
| <tr>
| <td colspan="2" style="text-align: center; vertical-align: middle;
height: 40px">
| <!-- <input type="button" value="Compute" onclick="update()"/> -->
| </td>
| </tr>
| <tr>
| <td>CAPTCHA Password:</td>
| <td><input type="text" id="captcha_password" size="10"/></td>
| </tr>
| <tr>
| <td><!-- CAPTCHA Image Link: --></td>
| <td><input type="hidden" id="captcha_pic_link" size="80"/></td>
| </tr>
| <tr>
| <td>CAPTCHA Image:</td>
| <td>
| <img
src="http://image.captchas.net?client=demo&amp;random=RandomZufall"
alt="CAPTCHA Picture" id="captcha_pic"/>
| </td>
| </tr>
| <tr>
| <td><!-- CAPTCHA Audio Link (beta): --></td>
| <td><input type="hidden" id="captcha_audio_link" size="80"/></td>
| </tr>
| <tr>
| <td><!-- CAPTCHA Audio (beta): --></td>
| <td>
| <a href="http://audio.captchas.net?client=demo&amp;random=RandomZufall"
id="captcha_audio">
| <!-- Phonetic Spelling of the CAPTCHA (beta) --></a>
| </td>
| </tr>
| </tbody>
| </table>
| </form>
|
| </body>
| </html>
|
| I extracted the files "md5.js" and "update.js" from http://captchas.net
|
| This accesses the captcha.net site via
| <img src="http://image.captchas.net?client=demo&amp;random=RandomZufall"
alt="CAPTCHA Picture" id="captcha_pic"/>
| where client remains as "demo" and random is altered via the code in the
fuction update().
| It doesn't seem to matter what value captcha_key takes.
|
| For some reason, the audio link is also needed even if not used. Otherwise
the password is blank. (I can't figure out why !)
|
| My version returns the password and the image. To get a different pair of
these alter the value in
| <input type="hidden" id="captcha_random" value="RandomZufall" size="40"/>
| e.g. value="RandomZufall123eT" returns cqxtlt
|
| Of course, the password result would be used to check what the visitor
types.
|
| BTW, I googled for "Rob Giordano" to see if I could find the site where
you use this method, but to no avail.
| --
| Cheers,
| Trevor L.
| Website: http://tandcl.homemail.com.au
|
|

 

[Trevor L.]

I toldja I was lazy!...thats way too much typing for me.

Yeah, well a cut and paste would work. It is tested code.
But an old colleague of mine used to say "If it works, use it"

The site is at: balletandfriends.org on the Contact Us link.

Thanks, I'll take a look, and if it works ........ )

(The Navigation is goofy on this site, been meaning to re-do it for
months. :-( )

Well, you don't have the luxury I do of being retired and just making a site for the satisfaction of getting it right (or as right
as I can).
Subject, of course, to my keeping the wife happy by doing any jobs around the house or going out with her when she wants me to.

I now have a new site with FP extensions and database facilities, so I'll be delving a bit deeper now.

 

[Rob Giordano \(Crash\)]

| Rob Giordano (Crash) wrote:
| > I toldja I was lazy!...thats way too much typing for me.
|
| Yeah, well a cut and paste would work. It is tested code.
| But an old colleague of mine used to say "If it works, use it"
|
| > The site is at: balletandfriends.org on the Contact Us link.
|
| Thanks, I'll take a look, and if it works ........ )
|
| > (The Navigation is goofy on this site, been meaning to re-do it for
| > months. :-( )
|
| Well, you don't have the luxury I do of being retired and just making a
site for the satisfaction of getting it right (or as right
| as I can).
| Subject, of course, to my keeping the wife happy by doing any jobs around
the house or going out with her when she wants me to.
|

I was almost retired.

| I now have a new site with FP extensions and database facilities, so I'll
be delving a bit deeper now.

Oh, cool. Have you messed with EWD yet?




| --
| Cheers,
| Trevor L.
| Website: http://tandcl.homemail.com.au
|
|