The emergence of captcha after several incorrect logins

Fri, 25 Sep 2009 02:05:23 -0700 

Hi all,

I use this code to show a recaptcha after several incorrect logins.

The essence of the work is this:
It creates the session to count the number of invalid logins and after
3 times wrong authentication emergence recaptcha. But you can simply
delete the session and thus bypass a recaptcha.
How to make display captcha could not get around?

Thanks.

Code:
html_captcha = captcha.displayhtml(settings.RECAPTCHA_PUB_KEY)
def auth(request):
    if request.method == 'POST':
        if 'captcha_on' in request.session:
            check_captcha = captcha.submit(request.POST
['recaptcha_challenge_field'],
                                           request.POST
['recaptcha_response_field'],
 
settings.RECAPTCHA_PRIVATE_KEY, request.META['REMOTE_ADDR'])
            if check_captcha.is_valid is False:
                form = AuthForm()
                return render_to_response('registration/login.html',
{'form' : form, 'error_captcha' : 1, 'html_captcha' : html_captcha})
        form = AuthForm(request.POST)
        if form.is_valid():
            username = form.cleaned_data['username']
            password = form.cleaned_data['password']
            user = authenticate(username=username, password=password)
            if user is not None:
                if user.is_active:
                    login(request, user)
                    # Redirect to a success page.
                    return HttpResponseRedirect('/')
                else:
                    # Return a 'disabled account' error message
                    return render_to_response('registration/
login.html', {'form' : form, 'html_captcha' : html_captcha,
'error_login': 1})
            else:
                # Return an 'invalid login' error message.
                if 'bad_login' in request.session:
                    count_bad_login = request.session.get('bad_login')
                    if count_bad_login == 3:
                        request.session['captcha_on'] = True
                        return render_to_response('registration/
login.html', {'form' : form, 'html_captcha' : html_captcha,
'error_login': 1})
                    request.session['bad_login'] = count_bad_login + 1
                    print count_bad_login
                    return render_to_response('registration/
login.html', {'form' : form, 'error_login': 1})
                request.session['bad_login'] = True
                return render_to_response('registration/login.html',
{'form' : form, 'error_login': 1})
        return render_to_response('registration/login.html', {'form' :
form, 'error_login': 1})
    else:
        form = AuthForm()
    return render_to_response('registration/login.html', {'form':
form})

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to