«

What I am trying to do is write a Perl script that process a certain
webpage that requires me to be logged in:

(http://www.starlance.us/MW4/)

They recently redid the site, so now it requires that you enter the
random 5 digit number shown on a png image. (Before there was no such
extra security and I was able to POST with LWP:UserAgent.)

Is there way at all around these things? I'm guessing that this would be
easier than with what MSN and Yahoo use, which is often a scrambled
mess. This site however uses uniform text (as if just typed into the
image with text tool and saved.) Is there anyway to do some sort of OCR
(char recognition) on the fly?

Thanks for any info on this.

"Lucas Van Hieng" <> writes:

> What I am trying to do is write a Perl script that process a certain
> webpage that requires me to be logged in:
>
> (http://www.starlance.us/MW4/)
>
> They recently redid the site, so now it requires that you enter the
> random 5 digit number shown on a png image.

> Is there way at all around these things?

There was a rather intersting talk on this at YAPC::Europe::2003

Dunno if you can find it online.

--
\\ ( )
. _\\__[oo
.__/ \\ /\@
. l___\\
# ll l\\
###LL LL\\

"Lucas Van Hieng" <> said:
>What I am trying to do is write a Perl script that process a certain
>webpage that requires me to be logged in:
>
>(http://www.starlance.us/MW4/)
>
>They recently redid the site, so now it requires that you enter the
>random 5 digit number shown on a png image. (Before there was no such
>extra security and I was able to POST with LWP:UserAgent.)
>
>Is there way at all around these things?

Have you considered the social approach -- that is, describe your use
and need to the site admins, and ask whether they can provide another
method for authentication?
--
Wolf a.k.a. Juha Laiho Espoo, Finland
(GC 3.0) GIT d- s+: a C++ ULSH++++$ P++@ L+++ E- W+$@ N++ !K w !O !M V
PS(+) PE Y+ PGP(+) t- 5 !X R !tv b+ !DI D G e+ h---- r+++ y++++
"...cancel my subscription to the resurrection!" (Jim Morrison)

"Juha Laiho" <> wrote in message
news:brniem$nm7$-int...
> "Lucas Van Hieng" <> said:
> >What I am trying to do is write a Perl script that process a certain
> >webpage that requires me to be logged in:
> >
> >(http://www.starlance.us/MW4/)
> >
> >They recently redid the site, so now it requires that you enter the
> >random 5 digit number shown on a png image. (Before there was no such
> >extra security and I was able to POST with LWP:UserAgent.)
> >
> >Is there way at all around these things?
>
> Have you considered the social approach -- that is, describe your use
> and need to the site admins, and ask whether they can provide another
> method for authentication?

Yes I have, and they were nice about it but said that their policy would
not permit it. My goal as I was doing previously was merely make a login
request and obtain the roster for the unit I'm involved with (though not
actually a part of this unit, I am their faitful webmaster/tech so
that it cna be displayed on their webpage as if it's on their server (it
was something they really liked, even more so sicne it made out site
sompletely unique next to the tripod/geocities pages most over units
use.)

Lucas Van Hieng wrote:

> "Juha Laiho" <> wrote in message
> news:brniem$nm7$-int...
>> "Lucas Van Hieng" <> said:
>> >What I am trying to do is write a Perl script that process a certain
>> >webpage that requires me to be logged in:
>> >
>> >(http://www.starlance.us/MW4/)
>> >
>> >They recently redid the site, so now it requires that you enter the
>> >random 5 digit number shown on a png image. (Before there was no such
>> >extra security and I was able to POST with LWP:UserAgent.)
>> >
>> >Is there way at all around these things?
>>
>> Have you considered the social approach -- that is, describe your use
>> and need to the site admins, and ask whether they can provide another
>> method for authentication?
>
> Yes I have, and they were nice about it but said that their policy would
> not permit it. My goal as I was doing previously was merely make a login
> request and obtain the roster for the unit I'm involved with (though not
> actually a part of this unit, I am their faitful webmaster/tech so
> that it cna be displayed on their webpage as if it's on their server (it
> was something they really liked, even more so sicne it made out site
> sompletely unique next to the tripod/geocities pages most over units
> use.)

I suppose the point is that if they're attempting to block scripts for
a reason, then anything your script can do, the scripts they're
attempting to block can do as well. Thus, if you find a way to OCR the
image, they'll simply change to an image type that you can't OCR.

That's not to say it's no fun trying... :->

Darin McBride wrote:
> Lucas Van Hieng wrote:
>
>> "Juha Laiho" <> wrote in message
>> news:brniem$nm7$-int...
>>> "Lucas Van Hieng" <> said:
>>>> What I am trying to do is write a Perl script that process a
>>>> certain webpage that requires me to be logged in:
>>>>
>>>> (http://www.starlance.us/MW4/)
>>>>
>>>> They recently redid the site, so now it requires that you enter the
>>>> random 5 digit number shown on a png image. (Before there was no
>>>> such extra security and I was able to POST with LWP:UserAgent.)
>>>>
>>>> Is there way at all around these things?
>>>
>>> Have you considered the social approach -- that is, describe your
>>> use and need to the site admins, and ask whether they can provide
>>> another method for authentication?
>>
>> Yes I have, and they were nice about it but said that their policy
>> would not permit it. My goal as I was doing previously was merely
>> make a login request and obtain the roster for the unit I'm involved
>> with (though not actually a part of this unit, I am their faitful
>> webmaster/tech so that it cna be displayed on their webpage as if
>> it's on their server (it was something they really liked, even more
>> so sicne it made out site sompletely unique next to the
>> tripod/geocities pages most over units use.)
>
> I suppose the point is that if they're attempting to block scripts for
> a reason, then anything your script can do, the scripts they're
> attempting to block can do as well. Thus, if you find a way to OCR
> the image, they'll simply change to an image type that you can't OCR.

Well keep in mind that the image format needs to be displayable by any
(visual) web browser, so that really limits the types (png, jpg, and gif
mainly.) My point is thers only so manay ways they go in that respect.

> That's not to say it's no fun trying... :->

True

--
Trent Curry

perl -e
'($s=qq/e29716770256864702379602c6275605/)=~s!([0-9a-f]{2})!pack("h2",$1
)!eg;print(reverse("$s")."\n");'

In article <oTGDb.323$>,
"Lucas Van Hieng" <> wrote:

> (http://www.starlance.us/MW4/)
>
> They recently redid the site, so now it requires that you enter the
> random 5 digit number shown on a png image. (Before there was no such
> extra security and I was able to POST with LWP:UserAgent.)
>
> Is there way at all around these things? I'm guessing that this would be
> easier than with what MSN and Yahoo use, which is often a scrambled
> mess. This site however uses uniform text (as if just typed into the
> image with text tool and saved.) Is there anyway to do some sort of OCR
> (char recognition) on the fly?

Funnily enough we're looking at implementing a similar system at work.
Aaanyway...

From looking at it it does appear that the image uses only 2 colours -
the foreground and the background. There seems to be a 1 pixel gap
between each digit. The code appears to use only the digits 0 to 9. The
font doesn't vary and seems to be a variable-width font. The image seems
to be the same as long as you have the same PHPSESSIONID cookie from
them.

Using this information one approach would be:

a) get the image
b) convert it into some format that you can manipulate from perl - GD
might be of use.
c) scan over all the columns to identify columns that contain all the
same colour - those may be the breaks between digits. Trim the leading
and trailing space too. Maybe trim the space above and below too.
d) extract each rectangular area that is probably a digit.
e) the characters vary in size - use the size of the area to identify
some (maybe all) of the digits.
f) or somehow compare the rectangle's contents to digits you've matched
by hand and then you know what the digit is.

I'm not suggesting that you should actually do any of this, because that
may violate their terms of service etc, but it's an interesting problem
to think about. I see from another article that asking the site's admin
didn't help you out - but at leat you tried that approach too.

P

--
pkent 77 at yahoo dot, er... what's the last bit, oh yes, com
Remove the tea to reply

pkent wrote:
> In article <oTGDb.323$>,
> "Lucas Van Hieng" <> wrote:
>
>> (http://www.starlance.us/MW4/)
>>
>> They recently redid the site, so now it requires that you enter the
>> random 5 digit number shown on a png image. (Before there was no such
>> extra security and I was able to POST with LWP:UserAgent.)
>>
>> Is there way at all around these things? I'm guessing that this
>> would be easier than with what MSN and Yahoo use, which is often a
>> scrambled mess. This site however uses uniform text (as if just
>> typed into the image with text tool and saved.) Is there anyway to
>> do some sort of OCR (char recognition) on the fly?
>
> Funnily enough we're looking at implementing a similar system at work.
> Aaanyway...
>
> From looking at it it does appear that the image uses only 2 colours -
> the foreground and the background. There seems to be a 1 pixel gap
> between each digit. The code appears to use only the digits 0 to 9.
> The font doesn't vary and seems to be a variable-width font. The
> image seems to be the same as long as you have the same PHPSESSIONID
> cookie from them.

Why not use that sessionid? If it changes each time perhaps there is a
corralation?

--
Trent Curry

perl -e
'($s=qq/e29716770256864702379602c6275605/)=~s!([0-9a-f]{2})!pack("h2",$1
)!eg;print(reverse("$s")."\n");'

Trent Curry wrote:

> Darin McBride wrote:
>> Lucas Van Hieng wrote:
>>
>> I suppose the point is that if they're attempting to block scripts for
>> a reason, then anything your script can do, the scripts they're
>> attempting to block can do as well. Thus, if you find a way to OCR
>> the image, they'll simply change to an image type that you can't OCR.
>
> Well keep in mind that the image format needs to be displayable by any
> (visual) web browser, so that really limits the types (png, jpg, and gif
> mainly.) My point is thers only so manay ways they go in that respect.

Not quite what I meant. I meant that they could change from using a
font that was easy to OCR (e.g., an image that looks typed), to a
"font" that, perhaps, colour-blind people may not be able to discern,
(I use "font" very loosely here), or perhaps to a wavy pattern that
vaguely looks like words. Depending on how good your OCR software is,
you may or may not be able to programmatically recognise the text.

>> That's not to say it's no fun trying... :->
>
> True