Skip to main content

Stateless captcha generation and verification

Project description

Captchas without server state

A view to generate a captcha image and/or wav file, and to verify user input against it.

A cookie is used to transfer state from one request to the next. The state is used, together with a server-side secret, to create a random string of characters, which in turn is displayed as a captcha image, or transformed to an audio file. Verification happens case-insensitively.

Note that the captcha ‘word’ is only usable for 5-10 minutes, after which the view will not accept it any more. Moreover, a different word will be generated for a given session key every 5 minutes.

This makes these captchas replayable for up to 10 minutes if a determined user keeps sending the same session id. Because of the server-secret though, captchas are not transferrable between sites.

Installing

This package requires Plone 2.5 or later, and plone.keyring 1.1 or later.

Installing without buildout

Install this package in either your system path packages or in the lib/python directory of your Zope instance. You can do this using either easy_install or via the setup.py script. You’ll also need to install plone.keyring in the same fashion.

After installing the package it needs to be registered in your Zope instance. This can be done by putting a collective.captcha-configure.zcml file in the etc/package-includes directory with this content:

<include package="collective.captcha" />

or, alternatively, you can add that line to the configure.zcml in a package or Product that is already registered.

Installing with buildout

If you are using buildout to manage your instance installing collective.captcha is even simpler. You can install collective.captcha by adding it to the eggs line for your instance:

[instance]
eggs = collective.captcha
zcml = collective.captcha

The last line tells buildout to generate a zcml snippet that tells Zope to configure collective.captcha.

If another package depends on the collective.captcha egg or includes its zcml directly you do not need to specify anything in the buildout configuration: buildout will detect this automatically.

After updating the configuration you need to run the ‘’bin/buildout’’, which will take care of updating your system, including installing the plone.keyring dependency.

Registering plone.keyring KeyManager

On any Plone version prior to 3.1, you’ll need to make sure that the plone.keyring KeyManager utility has been registered. In the Zope ZMI, use the portal_setup tool to run the plone.keyring KeyManager registration profile.

Using the view

See the captcha.txt doctest in the collective.captcha.browser package, as well as captcha.txt in collective.captcha.form.

collective.captcha changes

1.7 (2012-02-27)

  • Disuse ‘zope.testing.doctest’ in favor of stdlib’s ‘doctest’. [tseaver]

  • Suppress ‘sha’ deprecation under Python 2.6+ [tseaver]

  • Suppress ‘Globals.package_home’ deprecation under Zope 2.12+. [tseaver]

  • Add verify to the list of allowed attributes on the Captcha view, allowing restricted code to verify submitted captchas. [mj]

  • Better session id generation & redundant sha1 removal. [serhat]

  • Increase captcha image specling from 0.3 to 1.5 [serhat]

1.6 (2011-05-29)

1.5 (2010-01-11)

1.4 (2008-05-02)

  • Switched to using plone.keyring to provide the secret.

1.3 (2008-02-22)

  • SkimpyGimpy now does have an egg, thanks to Reed O’Brien! Updated installation instructions and setup.py.

  • Update test to reflect reduced character set used.

1.2 (2007-12-13)

  • Add a captcha field and widget for zope.formlib.

  • Reduced the characters used to generate the captcha to uppercase letters and numbers only; user testing showed that even humans had trouble solving the captchas.

1.1 (2007-11-21)

  • Delete the captcha cookie from the response if one is present to prevent premature expiration. This would happen when creating a new captcha after verification (because verification failed or the form would have to be redisplayed for other reasons). Thanks to David Glick for pointing this out.

1.0 (2007-11-19)

  • Initial release

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

collective.captcha-1.7.zip (599.6 kB view hashes)

Uploaded Source

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page