Description of the form verification text image demo

There are three scripts used in this demo. "form.asp" is the HTML page for the form and it acts as a placeholder for the code image. "codeimage.asp" creates the image and streams it to the browser. "verify.asp" compares the value of the text on the image with the value entered in the form.


The working part of this script is at the start. It uses the VBScript random number generator to generate four characters, which are all upper case letters, and it stores them in a session variable as a string.

Randomize Session.Value("Code") = Chr(Int(Rnd * 26) + 65) & Chr(Int(Rnd * 26) + 65) & Chr(Int(Rnd * 26) + 65) & Chr(Int(Rnd * 26) + 65)

The image is created in another script, "codeimage.asp", which is called from an <img> tag.

<img src="codeimage.asp">


This code uses the csImageFile component to generate the image. It creates a white image and uses BrushStyle and FloodFill to create a grid background pattern. The code string is read from the session variable and drawn onto the image. Finally, the image is streamed as a GIF.

Response.Expires = 0
Response.Buffer = true

Set Image = Server.CreateObject("csImageFile.Manage")

'Draw the image
Image.NewImage 100, 50, "FFFFFF"
Image.BrushStyle = 4
Image.BrushColor = "000000"
Image.FloodFill 0, 0

'Draw the text
Image.TextFont = "Courier New"
Image.TextOpaque = false
Image.TextSize = 36
Image.TextBold = true
Image.Text 5, 5, Session("Code")

'Export as a GIF
Response.ContentType = "Image/gif"
Response.BinaryWrite Image.GIFData


This compares the value of the code that was entered by the user against the value stored in the session variable. There is a complication because the session variable could be empty if it has expired or if it is not supported by the client browser, so the case where the form variable is empty is also classed as a failure.

If (Request.Form("Code") <> Session("Code")) or (Request.Form("Code") = "") Then
  Response.Write "Not correct"
  'The session variable times out if the browser is left open and gets set to nil.
  'This must count as a failure even if the code matches.
  Response.Write "Correct"
End If

Return to the demo.