Will reCAPTCHA work on localhost for debugging?
An Yantong
But when I integrated it into my application and run the development
server at localhost:8000, I always could NOT pass the test.
So my quesiton is:
Why could NOT i pass the test and always got the incorrect-recpatcha-
sol?
Could I debug it in my localhost?
reCAPTCHA Support
One thing that may be happening is that you may be using the 'back' button after an incorrect CAPTCHA. On the Internet Explorer browser, we've been seeing some issues with this. We have some ideas about how to fix it, and are working to test them.
-b
reCAPTCHA: stop spam, read books
http://recaptcha.net
twinsant
> captcha-incorrect-sol error code shows that).
Hmm? I notice that the that:
"For security, reCAPTCHA will only work on this domain and subdomains.
If you have more than one domain (or if you have a staging server),
you can create a new set of keys."
So my question is:
Did reCAPTCHA service extract domain name from http referer, and
enctrpt it with something else then check the challenge/solution
accoriding this.
If it does, then localhost will not work because I have change the domain.
>
> One thing that may be happening is that you may be using the 'back' button
> after an incorrect CAPTCHA. On the Internet Explorer browser, we've been
> seeing some issues with this. We have some ideas about how to fix it, and
> are working to test them.
I'm using firefox2 on Ubuntun 6.10.
reCAPTCHA Support
> reCAPTCHA does work on localhost (the fact that you can get the
> captcha-incorrect-sol error code shows that).
Hmm? I notice that the that:
"For security, reCAPTCHA will only work on this domain and subdomains.
If you have more than one domain (or if you have a staging server),
you can create a new set of keys."
So my question is:
Did reCAPTCHA service extract domain name from http referer, and
enctrpt it with something else then check the challenge/solution
accoriding this.
We look at the referrer header, and compare the domain with the domain registered in the admin portal. If the domain is not equal to or a subdomain of the registered domain, and it is not localhost, we deny the request. However, this should be fairly visiable, it should not say the solution was incorrect.
An Yantong
> registered in the admin portal. If the domain is not equal to or a subdomain
> of the registered domain, and it is not localhost, we deny the request.
> However, this should be fairly visiable, it should not say the solution was
> incorrect.
Ok. Paste my code for more information:
from django.template import Library
from django.conf import settings
from django.http import HttpResponseRedirect
import urllib, urllib2
register = Library()
@register.simple_tag
def recaptcha():
'''
To use this custom tag in your template file:
{% load captcha %}
<form ...>
{% recaptcha %}
</form>
'''
# You could set ENABLE_CAPTCHA = False in settings to not use the
captcha feature.
if settings.ENABLE_CAPTCHA:
html = '''
<script type="text/javascript"
src="http://api.recaptcha.net/challenge?k=%s">
</script>
<noscript>
<iframe src="http://api.recaptcha.net/noscript?k=%s"
height="300" width="500" frameborder="0"></iframe><br>
<textarea name="recaptcha_challenge_field" rows="3"
cols="40">
</textarea>
<input type="hidden" name="recaptcha_response_field"
value="manual_challenge">
</noscript>
''' % (settings.RECAPTCHA_PUBLIC_KEY,
settings.RECAPTCHA_PUBLIC_KEY)
else:
html = ''
return html
# Stolen from http://python.org/pypi/recaptcha-client
def challenge(private_key, remoteip,
recaptcha_challenge, recaptcha_response):
is_valid = False
error_code = ''
params = urllib.urlencode({
'privatekey':private_key,
'remoteip':remoteip,
'challenge':recaptcha_challenge,
'reponse':recaptcha_response,
})
r = urllib2.Request(
url = 'http://api-verify.recaptcha.net/verify',
data = params,
headers = {
'Content-type':'application/x-www-form-urlencoded',
'User-agent':'reCATPTCHA Python Client'
})
f = urllib2.urlopen(r)
s = f.read().splitlines()
f.close()
code = s[0]
if code == 'true':
is_valid = True
else:
is_vlaid = False
error_code = s[1]
return is_valid, error_code
def validate_captcha(jumper=None):
'''
To use this decorator in your views:
@validate_captcha()
def some_view(request ...)
...
or if you want to run the captcha according some condition, just
do the following:
def need_captcha(request):
return request.POST.has('something')
@validate_captcha(need_captcha)
def another_view(request ...):
...
'''
def _validate_captcha(view_func):
def _captcha(request, *args, **kwargs):
if jumper:
if not jumper(request):
return view_func(request, *args, **kwargs)
if request.method == "POST" and settings.ENABLE_CAPTCHA:
is_valid = False
error_code = ''
recaptcha_challenge=
request.POST.get('recaptcha_challenge_field', None)
recaptcha_response=
request.POST.get('recaptcha_response_field', None)
private_key = settings.RECAPTCHA_PRIVATE_KEY
remoteip = request.META.get('REMOTE_ADDR', '')
if (recaptcha_response and recaptcha_challenge
and len(recaptcha_response) and
len(recaptcha_challenge)):
is_valid, error_code = challenge(private_key,
remoteip, recaptcha_challenge,
recaptcha_response)
if is_valid:
return view_func(request, *args, **kwargs)
return HttpResponseRedirect('%s?is_valid=%s&error_code=
%s' % (request.get_full_path(),
is_valid, error_code))
else:
return view_func(request, *args, **kwargs)
return _captcha
return _validate_captcha
phil
servers and a bunch of live servers, and so I have to test this on the
live site. That's not a huge problem - global warming is probably more
of an issue when all's said and done. However it would be neat if I
could have two domains which share the same key set... not sure how
that would work out at your end, but if I could specify a test and
deployment server for each keyset, then I'd be away. That's still
secure (in that I control both servers), but it allows me to stage
through to live. No biggie.
reCAPTCHA Support
If your servers are all a subdomain of a common domain (eg, foo.blah.com and foo-test.blah.com), just sign up for a blah.com key and both will work.
twinsant
> Hello,
>
Hello, ben
Is there any mistake in my code?
reCAPTCHA Support
http://smileychris.tactful.co.nz/ramblings/recaptcha/
-b
phil
> foo-test.blah.com), just sign up for a blah.com key and both will work.
I appreciate that, thanks. It's not the way I'm staging stuff at the
moment, so I can't quite do it that way. No worries though - this is
sufficiently easy to integrate that it's not really an issue.
I had had some minor problems with automated spam.
I'd put a bunch of "silent" stuff in there to squeltch it. For example
if anyone circumvents my client-side anti-spam checks then I just
silently dump whatever they're sending, plus I work for an ISP so if I
get a static IP address I'm heading down their necks. But this looks
good, is easily understood by bad people as well as good, so I'm
trying it out here:
http://www.powdermountaincatskiing.com/contact.asp
http://www.powdermountaincatskiing.com/feedback.asp
http://www.powdermountaincatskiing.com/slideshow/ecard.asp?show=1%20march%20set%201%20guest&path=/guestshots/2006-2007%20season/march/01%20march%2007/1%20march%20set%201&buy=y&img=20070301pmc_paul_001.jpg
twinsant
Thanks for the link. I'll try it.
ontologyonline
ontologyonline
I'm having the same problem:
when I run it locally (localhost) it always gives me the incorrect
solution message,
and when I run it on my registered domain (ontologyonline.org it also
always gives me the incorrect solution,
problem is there I make use of jsp pages, and these use the url in the
format:
http://ontologyonline.org:9080/visualisation/c/namespaces/
it must have something to do with the port in the url?
reCAPTCHA Support
ontologyonline
I'm using the java library,
and when I print out the post parameters I see the solution, but
somehow I always get back the incorrect solution message.
Was the solution the only thing that is missing?
ontologyonline
one lame typo got me busy for two days,
apparently my parameter was 'reponse', not response
GRR :)