[Python-checkins] r54564 - in tracker/instances/python-dev: extensions/timestamp.py html/user.register.html
erik.forsberg
python-checkins at python.org
Sat Mar 24 22:18:28 CET 2007
Author: erik.forsberg
Date: Sat Mar 24 22:18:28 2007
New Revision: 54564
Added:
tracker/instances/python-dev/extensions/timestamp.py
Modified:
tracker/instances/python-dev/html/user.register.html
Log:
Limit the registration form - make sure there's a reasonable delay
between form generation and form submission. If not, there's a good
chance that the submitter is not human, but rather a spambot.
See http://psf.upfronthosting.co.za/roundup/meta/issue105.
Added: tracker/instances/python-dev/extensions/timestamp.py
==============================================================================
--- (empty file)
+++ tracker/instances/python-dev/extensions/timestamp.py Sat Mar 24 22:18:28 2007
@@ -0,0 +1,28 @@
+import time, struct, base64
+from roundup.cgi.actions import RegisterAction
+from roundup.cgi.exceptions import *
+
+def timestamp():
+ return base64.encodestring(struct.pack("i", time.time())).strip()
+
+def unpack_timestamp(s):
+ return struct.unpack("i",base64.decodestring(s))[0]
+
+class Timestamped:
+ def check(self):
+ try:
+ created = unpack_timestamp(self.form['opaque'].value)
+ except KeyError:
+ raise FormError, "somebody tampered with the form"
+ if time.time() - created < 4:
+ raise FormError, "responding to the form too quickly"
+ return True
+
+class TimestampedRegister(Timestamped, RegisterAction):
+ def permission(self):
+ self.check()
+ RegisterAction.permission(self)
+
+def init(instance):
+ instance.registerUtil('timestamp', timestamp)
+ instance.registerAction('register', TimestampedRegister)
Modified: tracker/instances/python-dev/html/user.register.html
==============================================================================
--- tracker/instances/python-dev/html/user.register.html (original)
+++ tracker/instances/python-dev/html/user.register.html Sat Mar 24 22:18:28 2007
@@ -18,6 +18,7 @@
enctype="multipart/form-data"
tal:attributes="action context/designator">
+<input type="hidden" name="opaque" tal:attributes="value python: utils.timestamp()" />
<table class="form">
<tr>
<th i18n:translate="">Name</th>
More information about the Python-checkins
mailing list