# Form Captcha with 4 Digits
The notebook code provides two basic funktions for 1. creating an image from a string (using PIL) and 2. creating a hash value based on that string plus a secret string. The created image will be shown on an input form to verify that a user is a human and not a bot. Hash value and creation time will added as hidden fields to the form. The hash value can be used to verify the input string. The creation time can be used to set a time limit for the input.

## Functions

In [25]:
from PIL import Image, ImageDraw, ImageFont
import hashlib
import random
from datetime import datetime, timedelta
import json
import base64
from io import BytesIO

# GLOBAL CONSTANTS
secret_key='uiwe#sdfj$%sdfj'
life_time=600
font_path = "/usr/share/fonts/truetype/freefont/DejaVuSansMono-Bold.ttf"

# HELPER FUNCTIONS
# [1] Create an image object from a given text of 4 digits
def create_image(text):
	# create an image with the given text
	image = Image.new("RGB", (100, 38), (0, 0, 0))
	# create a drawing object
	draw = ImageDraw.Draw(image)
	# set the font of the text
	font = ImageFont.truetype(font_path, 36)
	# draw the text on the image
	draw.text((5, -3), text, font=font, fill=(255, 255, 255))
	# draw.line((0,8, 100,30), fill=(0,0,0), width=3)
	# draw.line((0,30, 80,0), fill=(255,255,255), width=3)
	# create a BytesIO object
	buffered = BytesIO()
	# save image to the BytesIO object
	image.save(buffered, format="PNG")
	# get the value of the BytesIO object
	image_bytes = buffered.getvalue()
	image_str = base64.b64encode(image_bytes).decode("utf-8")
	# return data_uri
	return f"data:image/png;base64,{image_str}"


# [2] Create hash of a given string
def encrypt_password(pw, algorithm='sha256', hex=False):
	algorithm = algorithm.lower()
	algorithm = algorithm=='sha-1' and 'sha1' or algorithm
	enc = None
	if algorithm in list(hashlib.algorithms_available):
		h = hashlib.new(algorithm)
		h.update(pw.encode())
		if hex:
			enc = h.hexdigest()
		else:
			enc = h.digest()
	return enc

# #############################
# MAIN FUNCTIONS
# ##############################
# [A] Create Captcha with global constants:
#	@secret_key
#	@life_time
def captcha_create(secret_key='uiwe#sdfj$%sdfj', life_time=600):
	# generate a random string
	captcha_str = str(random.randint(1000, 9999))
	# create a public key from the secret key and the captcha string
	public_key = encrypt_password(secret_key + captcha_str, 'sha256', True)
	# create captcha image as data-uri
	captcha_data_uri = create_image(captcha_str)
	# create a timestamp
	timestamp_create = datetime.timestamp(datetime.now()) * 1000

	# create a dictionary to store the captcha data
	captcha_dict = {
		'public_key': public_key,					# Used to validate the captcha
		#'_captcha_str': captcha_str, 				# Private: to be entered by the user
		'timestamp_create': int(timestamp_create),	# Used to validate the lifetime
		'life_time': life_time, 					# Needed to refresh the captcha after this time
		'captcha_data_uri': captcha_data_uri 		# Used to display the captcha image
	}
	return captcha_dict

# [B] Validate Captcha:
#	@public_key: the public key of the captcha
#	@secret_key: the secret key of the captcha
#	@captcha_str: the captcha string entered by the user
#	@timestamp_create: the timestamp when the captcha was created
#	@life_time: the life time of the captcha
def captcha_validate(public_key, secret_key, captcha_str, timestamp_create, life_time):
	dt_create = datetime.utcfromtimestamp(float(timestamp_create) / 1e3)
	dt_receive = datetime.utcfromtimestamp((datetime.timestamp(datetime.now()) * 1000) / 1e3)
	is_intime = (dt_receive - dt_create).total_seconds() < life_time
	is_valid = public_key == encrypt_password(secret_key + str(captcha_str), 'sha256', True)
	return is_intime and is_valid


## Create Captcha Image and Check Parameters

In [26]:
# Create a captcha
captcha_data = captcha_create(secret_key, life_time)
# Create a JSON object from the captcha_dict
captcha_data_json = json.dumps(captcha_data, indent=4)
# Send the captcha_data_json to the client
print(captcha_data_json)

{
    "public_key": "7c793993844a92ca7514cd7d489311756543915175c53a79740bdc586e478162",
    "timestamp_create": 1711416119825,
    "life_time": 600,
    "captcha_data_uri": "

# Validate Captcha Check Parameters

In [178]:
# Get the json data from the client request

req_data_json = """{
	"public_key": "c49c364387c9e98d6789ecb6ce115e95152b4c15",
	"captcha_str": "4991",
	"timestamp_create": 1711377081016
}"""

req_data = json.loads(req_data_json)

# Validate the captcha
captcha_is_valid = captcha_validate(req_data.get('public_key'), secret_key, req_data.get('captcha_str'), req_data.get('timestamp_create'), life_time)
print ('Captcha is valid:', captcha_is_valid)

Captcha is valid: False


In [185]:
# ##############################
# ZOPE-API-CALL captcha(create|validate)
# ##############################
def captcha_func(self, do):
	try:
		request = self.REQUEST
	except:
		request = {}
	if do == 'create':
		# Create a captcha
		captcha_data = captcha_create(secret_key, life_time)
		# Create a JSON object from the captcha_dict
		captcha_data_json = json.dumps(captcha_data, indent=4)
		# Send the captcha_data_json to the client
		return captcha_data_json
	elif do == 'validate':
		req_data = {}
		# Get the relevant captcha data from the client request
		for k in ['public_key','captcha_str','timestamp_create']:
			req_data[k] = request.get(k,0)
		# Validate the captcha data
		captcha_is_valid = captcha_validate(req_data.get('public_key'), secret_key, req_data.get('captcha_str'), req_data.get('timestamp_create'), life_time)
		return captcha_is_valid and json.dumps({'captcha_is_valid':True}) or json.dumps({'captcha_is_valid':False})


In [190]:
print(captcha_func(self={}, do='validate'))

{"captcha_is_valid": false}
