cgi image

Discussions related to Visual Prolog
drspro2
VIP Member
Posts: 78
Joined: 28 Apr 2006 12:03

cgi image

Unread post by drspro2 » 7 Jun 2012 14:01

-- is there a way to write an image-binary directly to the cgi-stream?

in stdIO is see stdIO::writeBytes(pointer,size)


but i do not know how to put the image binary in memory and then to get the begin-pointer
of it , and size


Thnkyou

User avatar
Thomas Linder Puls
VIP Member
Posts: 1622
Joined: 28 Feb 2000 0:01

Unread post by Thomas Linder Puls » 7 Jun 2012 20:06

It is not clear what you are trying to achieve. But I doubt that writing the bytes of an image to a stream will in itself achieve much.
Regards Thomas Linder Puls
PDC

drspro2
VIP Member
Posts: 78
Joined: 28 Apr 2006 12:03

Unread post by drspro2 » 9 Jun 2012 9:10

I am using it in a web-page where i display an image wich contains
sort of scrambled letters. Visitors have to type over these
letters . it is used so that hackers cannot fire automated page requests.

at the moment i display the image through its filename in html
and the webserver puts the image to the browser.

but the problem in this case is;

the hacker can discover a regularity because through the filename
of the image he would know wich letters should be submitted.

one possible workaround is to copy the image to a temporary file,
but the problem with that is that it costs disk space and disk activity,
and also i would have to make a clean-up routine.

more beautifull it would be to write the image directly to the browser,
also the browser would then never cache the image.

thnkyou

rene

Paul Cerkez
VIP Member
Posts: 202
Joined: 6 Mar 2000 0:01

Unread post by Paul Cerkez » 9 Jun 2012 15:13

sounds like you are crating a CAPCHA routine.

why not adapt one of the free ones you can download on line?

see http://www.captcha.net/

P.
AI Rules!
P.

drspro2
VIP Member
Posts: 78
Joined: 28 Apr 2006 12:03

Unread post by drspro2 » 12 Jun 2012 7:13

I will try that , thankyou Paul

Steve Lympany
VIP Member
Posts: 119
Joined: 31 Mar 2001 23:01

Unread post by Steve Lympany » 12 Jun 2012 10:50

Hi,
1) I saw this yesterday

http://lifeworks.org.uk/contact

(look at the bottom - equivalent to a captcha)

Not a bad idea, but not sure how easily cracked it is.

2) An alternative which I used is to show a swf file, rather than a jpg, and make it move. I developed it using SWISHMAX. But of course it can't be generated on each page visit.

http://www.sekpa.org/captcha.swf

cheers
Steve

drspro2
VIP Member
Posts: 78
Joined: 28 Apr 2006 12:03

Unread post by drspro2 » 13 Jun 2012 5:43

I explored the captcha that Paul mentioned,



- its very difficult to build in Prolog cgi because the form action has to be a php page,

- and the picture engine runs on their site




the idea of Steve to do a question in the form like

what does 12 + 1,


is possible in a way,

it is very nice light,

but can in the end always be cracked,

and the image solution almost can not be cracked

Paul Cerkez
VIP Member
Posts: 202
Joined: 6 Mar 2000 0:01

Unread post by Paul Cerkez » 13 Jun 2012 11:52

Rene,
why not create a bitmap, add text characters inside a text box, on the server side (in a session variable) hold the chars you put into the image. and display the image. (save file name could be the sessionID, that way it is always unique. delete the file after a successful entry).

Create bitmap with random ASCII characters
store characters to a session variable
save image as BMP file, flie name is sessionID
Generate CGI page using sessionID as the 'capcha' file name
on successful entry, delete BMP file.


creating the bitmap with the text is easy.

this is an adaptation of the code I built my images from for my neural network research.

Code: Select all

class facts - text_to_encode     raw_Input_text:string:="".  % stores 'captcha' text     picWin : pictureCanvas := erroneous.     controlRCT : rct := rct(0,0,256,256). % change to make sure the rct is inside your image size     Clauses     drawGraphic(INint):-  % INint is sessionID or some other unique, one time use identifier         IN = toString(INint),         controlRCT = rct(_X1,_Y1,X2,Y2),         picWin := pictureCanvas::new(256,256), % set to whatever size you want % sets black on white         Fore = color_black,         Back = color_white,   % sets the inverse white on black %        Fore = color_white, %        Back = color_black,   % sets random colors for front and back %        randomColor(Fore, Back),   % Sets greys for front and back %        randomGrey(Fore, Back),           picWin : setForeColor(Fore),         picWin : setbackColor(Back),         picWin : setBrush(brush(pat_Solid, Back)),         picWin : drawFloodFill(pnt(1,1), Back),           RAW = raw_Input_text,  % fact variable that stores capcha string           XT =convert(integer, math::random(220)),  % change to make sure the start point is inside your image rct         YT = convert(integer, math::random(220)),  % change to make sure the start point is inside your image rct         picWin : drawTextInRect(rct(XT,YT,X2,Y2),RAW, [dtext_Left ,dtext_Wordbreak]),         PIC = picWin : getPicture(),         FileName = string::concat( IN, ".BMP"),         vpi::pictSave(PIC, FileName).
hope this helps
AI Rules!
P.

drspro2
VIP Member
Posts: 78
Joined: 28 Apr 2006 12:03

Unread post by drspro2 » 19 Jun 2012 8:04

Thnkyou Paul,


I sort of did that, only that i implemented it in Php.

in Cgi i now call an Iframe with that Php page.


the advantage is that in this way there is no image written to disk because
php writes it to stream directly, i write the letters to disk
and read it out with prolog.
( if anyone wants i can post the Php source code )

you say session -id , is there a session-Id in prolog Cgi , i didnt know,

or is it present in the environment variables ?

tx

R

Paul Cerkez
VIP Member
Posts: 202
Joined: 6 Mar 2000 0:01

Unread post by Paul Cerkez » 19 Jun 2012 11:39

Rene,
When a user connects to a web site, each connection usually has a "variable" of some kind associated with it. (in ASP.Net it is referred to as a session ID). it is a unique identifier that is generated when a user connects the to server. At the server, the developer can create a whole set of serializable variables that can be stored between page calls for that individual user for that session. In ASP.net these are 'session variables' and are all linked under the session id.

PhP uses something (see http://www.w3schools.com/php/php_sessions.asp) similar otherwise 100% of user information would have to be transmitted every screen call/refresh.

P.
AI Rules!
P.

drspro2
VIP Member
Posts: 78
Joined: 28 Apr 2006 12:03

Unread post by drspro2 » 24 Jun 2012 7:38

Paul,



I thought that Php creates this session facility through a file on the webserver
probably named to the Ip-adres of the user ( that is what i do too )

i cant find any other id-variable in the Cgi-environment variabeles.
Therefore the cookie variable is very handy because the programmer can store
his own data.

also its possible through a new feature called local-storage in Html5.


the problem if you store a picture under the name of [session-id].bmp
if u change the picture, the browser might have cached the previous image, in this case
one is never sure of what the browser does

greetings


Tx

User avatar
Jan de Lint
VIP Member
Posts: 107
Joined: 6 Mar 2000 0:01

Re:

Unread post by Jan de Lint » 30 Jun 2012 19:31

drspro2 wrote:Paul,
I thought that Php creates this session facility through a file on the webserver
probably named to the Ip-adres of the user ( that is what i do too )
Rene te php sessions - and most likely the asp ones as well - use complex session identifiers that are created using hash functions at the start of a session.
These session identifiers only have a meaning during the session life time and they have to be passed around from script to script during the session, otherwise all session information will be lost.
Sessions can hold almost any information which during the session is indeed stored in a disk file on the server. Serialisation and deserialisation is done by php. There is also housekeeping to remove the diskfiles some time after sessions have ceased to exist.
All in all sessions are supported by quite a number of php functions and it will not be easy to build a similar set from scratch.
]an

drspro2
VIP Member
Posts: 78
Joined: 28 Apr 2006 12:03

Unread post by drspro2 » 5 Jul 2012 7:52

hi Jan,


thankyou for the info,

yes , I think i red something similar,

until every citizen is assigned his own ip, there is no unique session identifier,

Php does creates this adhoc, i think by using a cookie in some cases

Post Reply