using collective.captcha from a CMFFormController validator
Martijn Pieters
mj at zopatista.com
Tue Nov 20 07:46:15 UTC 2007
On Nov 20, 2007 12:07 AM, David Glick <davidglick at onenw.org> wrote:
> Hey Martijn, I've been trying out the collective.captcha tool, which I
> noticed via the collective-checkins list, and it is pretty slick!
> However, I have a couple questions about using it from a
> CMFFormController validator.
>
> #1) I have the following in my validator:
>
> from collective.captcha.browser.captcha import Captcha
> captcha_view = Captcha(context, req)
> if not captcha_view.verify(captcha):
> state.setError('captcha', qpcMF(u'You must correctly enter the
> word.'), 'captcha')
>
> In order to have the privilege to call this view, I added the following
> in my product's __init__.py:
>
> from AccessControl import allow_module, allow_class
> allow_module('collective.captcha.browser.captcha')
> from collective.captcha.browser.captcha import Captcha
> allow_class(Captcha)
>
> Is this the preferred way to use a browser view from restricted python,
> or is there a better way?
You could traverse to it, with context.restrictedTraverse('@@captcha') perhaps?
> #2) I noticed that the captcha cookie is getting deleted whenever
> verify() is called, even if the verification failed. This seems like a
> bug, because it makes it hard to redisplay a new captcha if the
> verification fails.
This is intentional! You don't want to give spambots multiple tries at
solving the captcha. Just look at any captcha online, failure to read
it will give you another, different captcha. This actually helps
people to deal with the occasional unreadable captcha.
--
Martijn Pieters
More information about the Product-Developers
mailing list