[Python-checkins] r54564 - in tracker/instances/python-dev: extensions/timestamp.py html/user.register.html

erik.forsberg python-checkins at python.org
Sat Mar 24 22:18:28 CET 2007 

Author: erik.forsberg
Date: Sat Mar 24 22:18:28 2007
New Revision: 54564

Added:
   tracker/instances/python-dev/extensions/timestamp.py
Modified:
   tracker/instances/python-dev/html/user.register.html
Log:

Limit the registration form - make sure there's a reasonable delay
between form generation and form submission. If not, there's a good
chance that the submitter is not human, but rather a spambot.

See http://psf.upfronthosting.co.za/roundup/meta/issue105.


Added: tracker/instances/python-dev/extensions/timestamp.py
==============================================================================
--- (empty file)
+++ tracker/instances/python-dev/extensions/timestamp.py	Sat Mar 24 22:18:28 2007
@@ -0,0 +1,28 @@
+import time, struct, base64
+from roundup.cgi.actions import RegisterAction
+from roundup.cgi.exceptions import *
+
+def timestamp():
+    return base64.encodestring(struct.pack("i", time.time())).strip()
+
+def unpack_timestamp(s):
+    return struct.unpack("i",base64.decodestring(s))[0]
+
+class Timestamped:
+    def check(self):
+        try:
+            created = unpack_timestamp(self.form['opaque'].value)
+        except KeyError:
+            raise FormError, "somebody tampered with the form"
+        if time.time() - created < 4:
+            raise FormError, "responding to the form too quickly"
+        return True
+
+class TimestampedRegister(Timestamped, RegisterAction):
+    def permission(self):
+        self.check()
+        RegisterAction.permission(self)
+
+def init(instance):
+    instance.registerUtil('timestamp', timestamp)
+    instance.registerAction('register', TimestampedRegister)

Modified: tracker/instances/python-dev/html/user.register.html
==============================================================================
--- tracker/instances/python-dev/html/user.register.html	(original)
+++ tracker/instances/python-dev/html/user.register.html	Sat Mar 24 22:18:28 2007
@@ -18,6 +18,7 @@
       enctype="multipart/form-data"
       tal:attributes="action context/designator">
 
+<input type="hidden" name="opaque" tal:attributes="value python: utils.timestamp()" />
 <table class="form">
  <tr>
   <th i18n:translate="">Name</th>

More information about the Python-checkins mailing list