MENU
- HOME
- ALYSSIA
- CHANNEL STATS
- FORUMS
- VB.NET
- C#.NET
- .NET
- F.A.Q.
- SUPPORT
- INSTANT HELP
- GUESTBOOK
- EMAIL
- RSS FEED LIST

MSDN ARTICLES

Click Here for the latest web developers articles about your favorite technologies, from MSDN!

SEEN LATELY...

 
SUPPORT


GRAPHICAL VERIFICATION CODE GENERATION - OVERVIEW:
This article describes how to generate a graphical code using ASP.NET and VB.NET, for use in web site forms to prevent spammers and hackers from flooding using your web form.

AUTHOR: RockydotNet

LAST TECHNICAL REVIEW: 20-SEP-2004

ARTICLE:
Malicious users of your web site can wreak havoc by abusing your web forms. How much havoc they wreak usually depends on the functionality of your web form and upon the hackers evil goals. For example, some hackers like to programmatically register many names on your site, and will, if nothing is there to prevent them from doing so. Within minutes they can flood your unprotected registration database with either legitimate or illegitimate usernames. Perhaps their goal is to resell usernames, assuming usernames for your site are worth reselling. Or, their intent may be more evil, they may just do it because they can.

The code examples below show how to implement a system that prevents the abuse of your web forms by displaying a graphical verification code. The user must enter the random code that the system generates and displays graphically. Because it is displayed graphically, it makes it much more difficult for a hacker to simply read and enter programmatically. Instead, it is much more likely that a human must read the graphic and enter the verification code, thus, at least significantly slowing down the hacker.

All you need to do is incorporate this code into your registration page, contact page, or any other page that you like. I wrote this code in VB, but of course it should not be too hard to convert it to C# if you like. Note that within the generatecode.aspx vb code, the O, 0, 1, I, and L characters are omitted from consideration when generating the code. This is because these characters look too much alike and will cause typos by the user.



Step 1: Copy the generatecode.aspx file to your site, somewhere in the root is where I keep mine. For example purposes, let's say we are using this in your registration page.

Step 2: Within your registration page, or in the code-behind for your registration page, execute this code within the subroutine for your Register button click:

Sub btnRegister_Click( s As Object, e As EventArgs )

  If IsValid Then
    strNewVerificationCode = Session("NewVerificationCode")
    strVerificationCode = txtVerificationCode.Text
    strVerificationCode = strVerificationCode.ToUpper
    If strNewVerificationCode <> strVerificationCode Then
      lblVerificationCodeError.Text = "Verification code mismatch. Enter new verification code shown here."
    Else
.
.  (Do all the other typical registration stuff here)
.
    End If
  End If
End Sub
Step 3: Within your aspx page, use a TextBox control to allow the user to enter the verification code. If you change the number of characters in the generatecode.aspx page, you should change the MaxLength and Columns here as well.
<asp:TextBox ID="txtVerificationCode"
ToolTip="Enter the verification code displayed to the right of this box. You must enter the correct verification code. Note that the verification code will change whever the page is reloaded."
MaxLength="4"
Columns="4"
runat="server" />
<img src="generatecode.aspx" border="1" alt="Enter this code in the Verification Code field.">



Generatecode.aspx
<%@ Page Language="VB" Debug="False" %>
<%@ Import Namespace="System.Drawing" %>
<%@ Import Namespace="System.Drawing.Imaging" %>
<%@ Import Namespace="System.Drawing.Text" %>
< %

' Declare Vars
Dim objBMP As System.Drawing.Bitmap
Dim objGraphics As System.Drawing.Graphics
Dim objFont As System.Drawing.Font
Dim strNewVerificationCode As String
Dim strNewChar As String
Dim whatsNext, upper, lower, intCounter
Randomize

Do While intCounter < 4
whatsNext = Int((1 - 0 + 1) * Rnd + 0)
If whatsNext = 0 Then
'character
upper = 90
lower = 65
Else
upper = 57
lower = 48
End If

strNewChar = Chr(Int((upper - lower + 1) * Rnd + lower))
If strNewChar <> "O" And strNewChar <> "0" And strNewChar <> "1" And strNewChar <> "I" And strNewChar <> "L" Then
strNewVerificationCode = strNewVerificationCode & strNewChar
intCounter = intCounter + 1
End If
Loop

Session( "NewVerificationCode") = strNewVerificationCode

' Create new image - bitmap
objBMP = New Bitmap(72, 16)

' Create a graphics object to work with from the BMP
objGraphics = System.Drawing.Graphics.FromImage(objBMP)

' Fill the image with background color
objGraphics.Clear(Color.Blue)

' Set anti-aliasing for text to make it better looking
objGraphics.TextRenderingHint = TextRenderingHint.AntiAlias

' Configure font to use for text
objFont = New Font("Verdana", 10, FontStyle.Bold)

' Write out the text
objGraphics.DrawString(strNewVerificationCode, objFont, Brushes.White, 3, 0)

' Set the content type and return the image
Response.ContentType = "image/GIF"
objBMP.Save(Response.OutputStream, ImageFormat.Gif)

' Kill our objects
objFont.Dispose()
objGraphics.Dispose()
objBMP.Dispose()
%>

STILL NEED HELP?

If you are still having problems, come to the #asp.net channel on DALnet. Or, you can chat with RockydotNet now using InstantHelp.

 

Copyright © 2005 - Parametric Systems - All Rights Reserved.