using PIL for anti-automation in ASP

Doug R dougrams at comcast.net
Wed Oct 22 14:14:22 EDT 2003 

I'm trying to create an anti-automation feature to prevent scripts
from running reports on our website by requiring users to enter a code
from an image (like Yahoo e-mail sign-up, or Network Solutions WHOIS
search).

I'm using Python as the scripting language in the ASP page, and using
PIL to generate the image. The code is stored into a session variable,
which is used to check the user's entry. It works fine the first time
around, but the problem I'm running into is that the page doesn't
refresh properly if the user returns to it. It just returns a blank
page.

Any help would be greatly appreciated. See code below:

<%@ LANGUAGE=Python%>
<html>
<head>
<title>Python ASP Page</title>
<%

import random
import PIL
import Image, ImageDraw, ImageFont

def password(n):
     
     """Returns a pseudo-random number of length n."""
     
     # initialize empty string
     s = ""
     
     # generate random number, convert to string and append to s
     for x in range(n):	
         i = random.randint(1,9)
         s = s + str(i)
     
     return s

def passwordImg(p):

	"""Generates an image with text p."""

	# open existing image
	img = Image.open('C:\\Inetpub\\wwwroot\\BegASPFiles\\images\\temppassword.gif')

	# create new image
	imgsize = (150,20) 	# image size
	blue = (102,102,255) # image color
	white = (255,255,255) # font color
	newimg = Image.new("RGB",imgsize,blue)

	# set font
	arial = ImageFont.load('C:\\PythonScripts\\PILtest\\fonts\\Arial
Bold_14_100.pil')

	# create ImageDraw object to write text
	draw = ImageDraw.Draw(newimg)
	draw.text((40,-1),p, fill=white,font=arial)

	# paste new image with password over old image
	img.paste(newimg)

	# save image and return true if successful
	# Note: img.save returns None
	imgPath = 'C:\\Inetpub\\wwwroot\\BegASPFiles\\images\\password.gif'
	if img.save(imgPath):
		return 0
	else:
		return 1
	

%>
</head>
<body>


<%

p = password(7)
Session.SetValue("key",p)
Response.Write("<p>")
//***********************
// check to see session variable has been written - remove for
production
//***********************
Response.Write(Session("key"))
Response.Write("</p>")

Response.Write("<p>test password:</p>")

if(passwordImg(p)):
	Response.Write("<p><img src='images/password.gif' width='150'
height='20' alt='password'></p>")
else:
	Response.Write("<p>Password image could not be generated.</p>")

Response.Write("<form action='pythonhandler.asp' method='POST'>")
Response.Write("<input type='text' name='pwd' size='10'><br>")
Response.Write("<input type='submit' value='Submit'>")
Response.Write("</form>")
	
%>
</p>
</body>
</html>

More information about the Python-list mailing list