Re: The emergence of captcha after several incorrect logins

[Sam Lai]

Not much you can do apart from track IP addresses and enable recaptcha
for it for a certain period of time. The client can manipulate
everything else they send to you.

Sure you'll end up annoying some innocent people, but because you're
only enabling it for a limited period of time, it shouldn't annoy that
many innocent people.

2009/9/25 chegivara <freebsdst...@gmail.com>:
>
> Hi all,
>
> I use this code to show a recaptcha after several incorrect logins.
>
> The essence of the work is this:
> It creates the session to count the number of invalid logins and after
> 3 times wrong authentication emergence recaptcha. But you can simply
> delete the session and thus bypass a recaptcha.
> How to make display captcha could not get around?
>
> Thanks.
>
> Code:
> html_captcha = captcha.displayhtml(settings.RECAPTCHA_PUB_KEY)
> def auth(request):
>    if request.method == 'POST':
>        if 'captcha_on' in request.session:
>            check_captcha = captcha.submit(request.POST
> ['recaptcha_challenge_field'],
>                                           request.POST
> ['recaptcha_response_field'],
>
> settings.RECAPTCHA_PRIVATE_KEY, request.META['REMOTE_ADDR'])
>            if check_captcha.is_valid is False:
>                form = AuthForm()
>                return render_to_response('registration/login.html',
> {'form' : form, 'error_captcha' : 1, 'html_captcha' : html_captcha})
>        form = AuthForm(request.POST)
>        if form.is_valid():
>            username = form.cleaned_data['username']
>            password = form.cleaned_data['password']
>            user = authenticate(username=username, password=password)
>            if user is not None:
>                if user.is_active:
>                    login(request, user)
>                    # Redirect to a success page.
>                    return HttpResponseRedirect('/')
>                else:
>                    # Return a 'disabled account' error message
>                    return render_to_response('registration/
> login.html', {'form' : form, 'html_captcha' : html_captcha,
> 'error_login': 1})
>            else:
>                # Return an 'invalid login' error message.
>                if 'bad_login' in request.session:
>                    count_bad_login = request.session.get('bad_login')
>                    if count_bad_login == 3:
>                        request.session['captcha_on'] = True
>                        return render_to_response('registration/
> login.html', {'form' : form, 'html_captcha' : html_captcha,
> 'error_login': 1})
>                    request.session['bad_login'] = count_bad_login + 1
>                    print count_bad_login
>                    return render_to_response('registration/
> login.html', {'form' : form, 'error_login': 1})
>                request.session['bad_login'] = True
>                return render_to_response('registration/login.html',
> {'form' : form, 'error_login': 1})
>        return render_to_response('registration/login.html', {'form' :
> form, 'error_login': 1})
>    else:
>        form = AuthForm()
>    return render_to_response('registration/login.html', {'form':
> form})
>
> >
>

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---