Stwoo Stwoo slideshow slideshow slideshow slideshow slideshow slideshow

You are not logged in.

swCaptcha - PyCaptcha

Spam is main problem on internet nowdays, best we can do is to try to stop machines to do things we want humans to do.
I was about to implement contact form, but, I really don't want to deal with every spam bot...
So, i decided to make my own captcha, since i have own box and i run python web framework...
It's quite simple idea, to make md5 hash of random secret_key+word and proceed that hash to function that actually sends e-mail...or do something similar ;)
Function that will post message to me will use same secret_key and string user provided to make new hash, if match is ok, we have human.
Problem is PIL, seems to me that if PIL is working on more complicated images, it takes few seconds, that's what slowing down my already slow net connection, but it worths, it's own method and everything is done on my server.

preview of swCaptcha
(preview of my captcha)

Image generated by PIL is just in memory, so, there's no need to clean it up later on.

Font I used in PyCaptcha is provided by GemFonts

files:

letter=["A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", "a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "q", "x", "y", "z", "1", "2", "3", "4", "5", "6", "7", "8", "9", "0"] #list of symbols we want to be on image


mykey="sjhsjhsDS" #my super secret md5 addition key :D

import random as r #a random module
import StringIO #this is required so we will avoid writting real file
import hashlib as h #to make hash
import base64 as b #to convert image to base64
from PIL import Image, ImageFont, ImageDraw #and PIL thingy's

word="" #word is empty
sizeofword=r.randint(3, 7) #let's use random to make size of word, in this case it's longer than 3 and less than 7 chars
for i in range(sizeofword): #loop
lttr=r.randint(0, len(letter)-1) #letter id (from 0 to size of letter list -1)
word=word+letter[lttr] #word is old word + new char

image = Image.new("RGBA", (250,35), (255,255,255, 0)) #make new image...
background = Image.open("captchabg.png") #load background for it
image.paste(background, (0, 0)) #paste background to 0, 0. no need to change it's size as i've made background 250x35
Text_font = ImageFont.truetype("my_Font.ttf", 25) #load font with size 25
dText = ImageDraw.Draw(image) #let's draw on image we created
wwidth, wheight = usr_Text.getsize(word) #get width and height of image with our word on it
ww=(250-wwidth)/2 #ww is 250-width of word image/2
wh=(35-wheight)/2 #wh is 35-height of word image/2. this two params will be used to center word into our image
dText = dText.text((ww,wh), word,(0,255,0), font=Text_font) #draw text at ww, wh offset with word string and color 0x00ff00

out=StringIO.StringIO() #this is very important as it make all procedure little bit faster StringIO.StringIO() is "block" on which we will write our image
image.save(out, format="PNG") #let's write image on that block in "PNG" format
tohash = h.md5(mykey+word).hexdigest() #get hash of our super secret key and word
tobase=b.encodestring(out.getvalue()) #get base64 encoded data of our image and that's it, all we need is to create our submit form
swCaptcha.txt download - rename it to .py


import time, os, hashlib, urllib #time, os, hashlib and urllib-not needed now

mykey="sjhsjhsDS" #my super secret md5 addition key :D


cfgdir="/home/khttpdmsgs/"+REQUEST_HANDLER.host+"/"+time.strftime("%m%y")+"/" #place where i want to store messages from users

def save(message): #not quite needed as this, but lazy to change :D
open(cfgdir+time.strftime("%H.%M.%S-%d.%m.%Y")+str(_email)+".txt", "wb").write(str(message)) #write message...


hash = str(THIS.args[0]) #get our first parameter from form

try: eax=hashlib.md5(mykey+str(_answer)).hexdigest() #sometimes i get some error about _answer, so, i added try - this is because of karrigell i think, so, eax is actually a hash of what user typed to us and our key hashed with md5
except: eax= "" #except eax is empty
if hash != eax: raise HTTP_REDIRECTION,"http://"+REQUEST_HANDLER.host+"/contact.pih" #if hashes are not same, navigate contact.pih again
if str(_name) != "":pass #if name field is not empty
else: raise HTTP_REDIRECTION,"http://"+REQUEST_HANDLER.host+"/contact.pih" #or navigate to contact page again
if str(_email) != "":pass #if email is empty - here i will have to add checkout for @ and .
else: raise HTTP_REDIRECTION,"http://"+REQUEST_HANDLER.host+"/contact.pih" #or navigate to contact page again
if str(_message) != "":pass #see id message is empty
elif len(_message) <= 700:pass #or if message is longer than 700 chars
else: raise HTTP_REDIRECTION,"http://"+REQUEST_HANDLER.host+"/contact.pih" #or navigate to contact page again

if os.path.exists("/home/khttpdmsgs/")==0:os.mkdir("/home/khttpdmsgs/") #checkout if dir khttpdmesgs exists

if os.path.exists(cfgdir) == 0: #if our cfgdir not exists
try:os.mkdir(cfgdir) #try to make cfgdir
except:os.makedirs(cfgdir) #if fail make dirs in cfgdir

messagez=str(time.strftime("%H.%M.%S-%d.%m.%Y")+"\n"+str(REQUEST_HANDLER.client_address[0])+"\n"+str(_email)+"\n"+str(_name)+"\n"+str(_message[:700])+"\n") #make our message....:D
save(messagez) #save it
print "Your message sent" #print that message is sent
time.sleep(5) #wait for 5 seconds
raise HTTP_REDIRECTION,"http://"+REQUEST_HANDLER.host+"/home.htm" #navigate to home page
#and that's it
postmsg.txt download - rename it to .py

Though in this example, there's one security hole that can be exploited and abused to at least submit as many messages and save them onto hard disk. But if we add extra security here, there will be no problems at all.

regards,
wook




under construction
FreeBSD Apache Python dot TK Free DNS

under construction
In case you have problems with loading site try alternative version:
mobile version (under construction) | desktop version
Intel on Linux
17:31:51 up 1 day, 18:14, 1 user, load average: 0.05, 0.08, 0.08
News:
Title: test-will -reedit
just test thingy...
let's see how it will look in preview :D
Title: The Very First!
Hello WORLD!!! from my very first python-ba...
I've managed to set up web server with https://www...
Title: Project: Turbulences
The Turbulences
This is project that I am working on for last few ...
Gallery:
bolt_03_4eirini.jpg
Copyright © wook, Stwoowerks 2012.
Sitemap | Top | AVG Report

Valid XHTML + RDFaValid CSS!