Hi,
How I want to have a script to generate and check aturing number. A turing number is a number the user has to read and copy in order to be able to validate a form. This avoids automated submissions. Just like when you register for yahoo mail etc it asks for this number to prevent automated registrations. Any help is appreciated.
Thanks
Or java.security.SecureRandom.
You'll need to convert the number to an image, which is a bit messey in HTML (I assume we're talking about an HTML form) since the image needs to be delivered as a separate transaction. Use BufferedImage, open a graphics context on it, write your number then use ImageIO to covert it to PNG format or whatever.
You'll need a servlet to deliver the image. It should take some kind of id from a query parameter, probably a key for a code stored in session.
Generate a key string (e.g with a sequence) and store the random value in session using that key. The key is then placed in a hidden field in the form and also given as a query string parameter to the image generator. Then, when the form comes back, you can compare the number entered into the form with the random number access using the key, also returned with the form.
Just so happens 3 days ago, I took a few hours to research and write a few methods that generate a "turing" sequence of characters and numbers or custom and write an image, I call them viverification (vivo = life , verify = proof) images. Very simple, I have different methods for different needs in my client application code. Here are the methods:
/**
* Returns a random character chosen from the input charset. If the charset is an empty string returns a char
* from the set:
*
*"1AaBb2CcDdEe3FfGgHh4IiJjKk5LlMmNn6OoPp7QqRr8SsTt9UuVvWw0XxYyZz"
*
* Implicit use of the java.util.Random() provides the pseudo random selection algorithm. Iteration of provided set
* means that efficiency decreases with char set length, so use of very long charsets will incur a performance penalty.
* If you desire simply to have a random roman letter provided , the getRandomRomanLetter(boolean) allows returning upper case
* or mixed case chars.
*
*@param String charset -- The set of characters to use as random selection items. If you provide "eaAVB456" the output will be randomized
* about those 8 characters returning. "e" or "B" or "4" ...in a random fashion.
*
*@returns char -- A randomly selected char from the string provided as charset.
*
*
*/
public static char getRandomCharFromString(String charset) {
if(charset.trim().equals("")) charset = "1AaBb2CcDdEe3FfGgHh4IiJjKk5LlMmNn6OoPp7QqRr8SsTt9UuVvWw0XxYyZz";
java.util.Random ur = new java.util.Random();
java.text.StringCharacterIterator sci = new StringCharacterIterator("");
sci.setText(charset);
sci.setIndex(ur.nextInt(charset.length()));
return sci.current();
}
/**
* Returns a random character chosen from a character set as defined by the boolean mixed case.
*
* Implicit use of the java.util.Random() provides the pseudorandom selection algorithm. Iteration of provided set
* means that efficiency decreases with char set length, so use of very long charsets will incur a performance penalty.
* If you desire simply to have a random letter from an arbitrary string of characters, the getRandomCharFromString(String)
*a char from a user provided set.
*
* @param boolean mixed case -- If false, returns only chars from the set [A...Z] if true returns char from set. [aAbB...zZ]
*
*@returns char -- A randomly selected char from the string provided as charset.
*
*/
public static char getRandomRomanLetter(boolean mixedcase) {
String set = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
if(mixedcase) set = "AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz";
return Utilities.getRandomCharFromString(set);
}
/**
* Generates a 7 character Viverification Image used to confirm that only in vivo agents are filling out forms presented with the image.
* The generated characters have forced capital roman letters at start and ends with 5 numerals in the center like:
*
* S35872F or R87356H
*
* In conjunction with a confirmation field, the characters generated in the image can be matched against the returned string
* value of those characters returned by this method to ensure a human agent filled out the form. An obfuscation diagonal line is
* drawn across the embedded sequence to obfuscate the image from OCR discovery techniques. This prevents bots from
* being programmed to fill out forms or create accounts on systems built using the framework.
*
* @param String path -- The fully qualified file path on the system to write the generated jpeg image file along with the file name.
* @param int width -- The width of the generated image. Must be long enough to accommodate the 7 characters as rendered on the generating platform to avoid truncation.
* @param int height -- The height of the generated image.
*
* @returns String -- If the Image generation succeeded, the string of the randomly generated character embedded in the generated image, empty string otherwise.
*/
public static String createViverificationImageAtPath(String path,int width, int height) throws IOException {
String out = "";
java.awt.image.BufferedImage bi = new java.awt.image.BufferedImage(width,height,BufferedImage.TYPE_INT_RGB);
String viver = (int)((float)Math.random() * 100000) + "";
viver = Utilities.getRandomRomanLetter(false) + viver + Utilities.getRandomRomanLetter(false);
Graphics2D g2d = bi.createGraphics();
// g2d.setBackground(new Color(200,200,200));
g2d.drawString(viver,3,height - 5);
g2d.drawLine(0,height,width,0);
ImageIO.write(bi,"jpeg",new File(path));
return viver;
}
/**
* Generates a n character Viverification Image used to confirm that only in vivo agents are filling out forms presented with the image.
* Where n is the length of the input message string.
* In conjunction with a confirmation field, the characters generated in the image are matched against the returned string
* value of those characters returned by this method to ensure a human agent filled out the form. This prevents bots from
* being programmed to fill out forms or create accounts on systems built using the framework. Provides a boolean to enable
* or disable character obfuscation using a line drawn diagonally across the image text. This prevents OCR automated tools
* from being used to divine the characters. Accepts a custom desired string rather
* than generating a random string as is done in createViverificationImageAtPath().
*
* @param String path -- The fully qualified file path on the system to write the generated jpeg image file along with the file name.
* @param String messg -- The desired message string to insert into the image, input image width must be long enough to accomodate the text or it will be truncated.
* @param int width -- The width of the generated image.messg character string must be less than this width otherwise it will be truncated.
* @param int height -- The height of the generated image.
*
* @returns String -- If the Image generation succeeded, the string of the randomly generated character embedded in the generated image, empty string otherwise.
*/
public static String createViverificationImageAtPathWithString(String path,String messg,int width, int height,boolean obfuse) throws IOException {
String out = "";
java.awt.image.BufferedImage bi = new java.awt.image.BufferedImage(width,height,BufferedImage.TYPE_INT_RGB);
String viver = messg;
Graphics2D g2d = bi.createGraphics();
g2d.drawString(viver,3,height - 5);
if(obfuse) g2d.drawLine(0,height,width,0);
ImageIO.write(bi,"jpeg",new File(path));
return viver;
}
You'll just need to import the requisite java packages used and you are good to go. If you want to make more complex images you can investigate the image API's further to get a more fancy (though it really is pointless to do so) minimally visually obfuscated images are all you need to thwart even the best subversive OCR (optical character recognition) algorithms that might be used by nefarious agents to spoof viverification.
Use:
Ideally you'd call the method as part of generating a page for an authentication or form in a dynamic fashion. (jsp /servlet) The returned string will allow the method to verify the sequence generated against the value returned by the vivo agent viewing the form. As part of validation you would write simple code to check if the string returned during the image generation doesn't match the form field for agent entry. If so you can deny the action, otherwise you can authorize it.
Enjoy!
Regards,
David
