Rudimentary Captcha to protect registration page
39 views
Skip to first unread message
DavidL
Mar 16, 2023, 3:24:43 PM3/16/23
to py4web
Here is my very rudimentary captcha to stop my registration page getting spammed by bots. Can probably be easily cracked by a good bot, but might just help for a low key site. Let me know any feedback
In common.py add a new field to auth_user as well as a validator.
from . import human
def human_test(val, error):
e = human.check(val)
return val, e
auth.extra_auth_user_fields = [Field('prove_you_are_human', length=10, validate=human_test)]
e in the above is should be False if the user passes the test, otherwise it should be the message you want them to see e.g. "please try again". val is the value entered in the prove_you_are_human field.
The simple logic of the problem the human must solve is in the module human.py (whose contents I won't divulge, you'll need to create your own). This module also has a function "question()" which generates the prompt for the user.
Change templates/auth.html so instructions are provided on the problem to solve below the registration form. The "if" statement, determines which auth pages the prompt will appear in.
<div class="auth-container">
[[=form]]
[[if "register" in locals()["request"].url or "profile" in locals()["request"].url:]]
[[from apps._default import human]]
<div class="box has-background-light">
<p class="label">Prove That You are Human: complete this task:</p>
<div class="box">
<center><p class="label has-text-info is-size-4 has-text-centered"><b>[[=human.question()]]</b></p></center>
</div>
</div>
[[pass]]
</div>
In common.py add a new field to auth_user as well as a validator.
from . import human
def human_test(val, error):
e = human.check(val)
return val, e
auth.extra_auth_user_fields = [Field('prove_you_are_human', length=10, validate=human_test)]
e in the above is should be False if the user passes the test, otherwise it should be the message you want them to see e.g. "please try again". val is the value entered in the prove_you_are_human field.
The simple logic of the problem the human must solve is in the module human.py (whose contents I won't divulge, you'll need to create your own). This module also has a function "question()" which generates the prompt for the user.
Change templates/auth.html so instructions are provided on the problem to solve below the registration form. The "if" statement, determines which auth pages the prompt will appear in.
<div class="auth-container">
[[=form]]
[[if "register" in locals()["request"].url or "profile" in locals()["request"].url:]]
[[from apps._default import human]]
<div class="box has-background-light">
<p class="label">Prove That You are Human: complete this task:</p>
<div class="box">
<center><p class="label has-text-info is-size-4 has-text-centered"><b>[[=human.question()]]</b></p></center>
</div>
</div>
[[pass]]
</div>
Luca de Alfaro
Mar 16, 2023, 4:04:31 PM3/16/23
to DavidL, py4web
This is very nice! How is each question associated with its answer? that is, how does human_test know what the question was?
Luca
--
You received this message because you are subscribed to the Google Groups "py4web" group.
To unsubscribe from this group and stop receiving emails from it, send an email to py4web+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/py4web/e3a7b5fa-18ef-446f-8350-79af9edd0462n%40googlegroups.com.
DavidL
Mar 16, 2023, 4:56:21 PM3/16/23
to py4web
It doesn't. I wanted to hide a code in a hidden field in the auth form so I couldn't get that to work in auth. Instead have to rely on other factors e.g. the time of day.
Reply all
Reply to author
Forward
0 new messages