A captcha (an acronym for " Completely Automated Public Turing test to tell Computers and Humans Apart") is a type of challenge-response test used in computing to determine whether or not the user is human. The term was coined in 2000 by Luis von Ahn , Manuel Blum , and Nicholas J. Hopper of Carnegie Mellon University , and John Langford of IBM . A common type of captcha requires that the user type the letters of a distorted and/or obscured word that appears on the screen.
Captchas are used to prevent bots from using various types of computing services. Applications include preventing bots from taking part in online polls, registering for free email accounts (which may then be used to send spam ), and, more recently, preventing bot-generated spam by requiring that the (unrecognized) sender successfully pass a captcha test before the email message is delivered.
By definition, captchas have the following characteristics:
- They are completely automated . This avoids the necessity for human maintenance or intervention in the test, with obvious benefits in cost and reliability.
- The algorithm used is made public . This is stipulated so as to require that breaking a captcha requires the solution of a hard problem in the field of artificial intelligence rather than just the discovery of the algorithm, which could be obtained through reverse engineering or other means.
There are several implementations of CAPTCHA - generating image classes in .NET, and rather than reinvent the wheel, I decided to use the class put out by "BrainJar" at codeproject.
What's unique here is my implementation - it's generic enough to use in a classic ASP page, or in an ASP.NET page, it does NOT require the use of Session State, and that's what makes it more useful.
The key here is that we use an aspx page to generate the image, and we simply make our image tag's src property point to this page. In my implementation, the "code" that the image class generates is simply added to the querystring. However - in order to defeat "bots" and even human hackers, there is an encryption algorithm used before the image is generated. The result is that the string of numbers displayed in the CAPTCHA image is completely different than the numbers that were on the querystring!
temp+= Math.round(Math.random() * 8 );
OK, almost anyone can figure out what I am doing in the above code. Why am I generating a string of random digits no larger than eight? Well, because my "poor man's encryption algorithm" simply adds 1 to each digit, and that's the number put out by the image class. Notice also that I insert the value in a hidden form field at the same time. This will be used to compare to what the user typed into their validation textbox. That is, of course, after we reapply the encryption algorithm. By the way - if adding "1" to each digit of a number isn't strong enough for you, please feel free to implement Triple DES or whatever suits your fancy! The idea here is the concept - which you are free to use as you see fit.
Now let's see what happens with a POAP (plain old ASP page):
if Request.Form("Submit")<> "" then
for i= 1 to Len(theCode)
y = CInt( mid(theCode, i,1) +1)
newText=newText & Cstr(y )
if Request.Form("CodeNumberTextBox") = newText then
MessageLabel = "Correct!"
<h2>CaptchaImage Form Test</h2>
<p> <img id="theImg" src=""><br>
<form id="Default" method="post" action="Default.asp">
<strong>Enter the code shown above:</strong><br>
<input id="CodeNumberTextBox" name="CodeNumberTextBox" >
<input type=submit id="Submit " name="Submit" Text="Submit">
<INPUT id="Hidden1" type="hidden" name="Hidden1" >
<p> <input type=text id=MessageLabel name=MessageLabel value="<%=MessageLabel%>">
Now in the JpegImage.aspx page that receives this request, the code looks like so:
private void Page_Load(object sender, System.EventArgs e)
// Create a CAPTCHA image using the querystring "code"
y = Int32.Parse(theText.Substring(i,1)) +1;
CaptchaImage ci = new CaptchaImage(newText, 200, 50, "Arial");
this.Response.ContentType = "image/jpeg";
// Write the image to the response stream in JPEG format.
And that completes the "generic Captcha image" implementation! If you would like to try it out, go here.
Download the Example solution