Ticket #4034 (closed enhancement: fixed)
Opened 5 years ago
Last modified 19 months ago
Numeric captcha '2*4 is?' to create new settings
| Reported by: | sergeych <sergeych@…> | Owned by: | jonas |
|---|---|---|---|
| Priority: | normal | Milestone: | plugin - spam-filter |
| Component: | general | Version: | 0.10 |
| Severity: | minor | Keywords: | |
| Cc: | sergeych@… | ||
| Release Notes: | |||
| API Changes: | |||
Description
Captcha asks question only if name and email are both empty, otherwise is skipped.
The patch for trunk/trac and trunk/templates. Error reporting should be improved - don't know what style to use to report wrong answer.
Attachments
Change History
Changed 5 years ago by sergeych <sergeych@…>
- Attachment numcaptcha1.patch added
comment:1 Changed 5 years ago by sergeych <sergeych@…>
- Owner changed from jonas to anonymous
- Severity changed from normal to minor
- Status changed from new to assigned
comment:2 Changed 5 years ago by athomas
Sergey, this can be entirely implemented as an IRequestFilter. I have a basic implementation that I'll attach for you to test.
Changed 5 years ago by athomas
- Attachment TracCaptcha-0.1.tar.gz added
Captcha plugin implemented with the IRequestFilter interface
comment:3 Changed 5 years ago by athomas
Give that a try. The user will be challenged with a Captcha the first time they POST a form. There is some dodgy hackery to achieve this, so it may not work in all cases. Seems to work with Wiki and ticket updates though.
The default captcha implementation is pretty much your one. An image captcha can be enabled by installing PIL and updating TracIni with:
[captcha] captcha = ImageCaptcha
There's also a http://captcha.net implementation, but I haven't received the authentication tokens yet and so haven't been able to test it.
Changed 5 years ago by sergeych <sergeych@…>
- Attachment numcaptcha2.patch added
Num captcha integrated in Settings
comment:4 Changed 5 years ago by sergeych <sergeych@…>
Well I suppose we use the simpler approach:
- if the user has not set hist nick or email, he or she (or it) may not post anything, so one need to set it up in one's settings. AFAIK it is already done?
- in the settnigs screen when person for the first time enters one's nick and/or password, ones is asked for captcha.
- as long as the user has name and or email fields not blank the captcha on settings change is inactive.
comment:5 Changed 5 years ago by sergeych <sergeych@…>
Well the numcaptcha2.patch should work as described
comment:6 Changed 5 years ago by sergeych <sergeych@…>
- Cc sergeych@… added
comment:7 Changed 5 years ago by athomas
I've uploaded the plugin to TracHacks.
Changed 5 years ago by athomas
- Attachment spam-filter-captcha-fallback.diff added
Captcha plugin integrated into SpamFilter
comment:8 Changed 5 years ago by cboos
- Milestone set to 2.0
#3391 and #4267 marked as duplicate.
Alec has started a branch for a captcha-enabled SpamFilter plugin here: source:/sandbox/spam-filter-captcha
comment:9 follow-up: ↓ 10 Changed 5 years ago by asdf <asdf>
- Resolution set to fixed
- Status changed from assigned to closed
comment:10 in reply to: ↑ 9 Changed 5 years ago by ecarter
- Resolution fixed deleted
- Status changed from closed to reopened
This is not a test system; please do not close tickets for no reason.
comment:11 Changed 4 years ago by eblot
- Owner changed from anonymous to jonas
- Status changed from reopened to new
(anonymous should not own a ticket)
comment:12 Changed 22 months ago by cboos
- Milestone changed from 2.0 to unscheduled
Milestone 2.0 deleted
comment:13 Changed 19 months ago by rblank
- Milestone changed from triaging to plugin - spam-filter
- Resolution set to fixed
- Status changed from new to closed
The plugin is now here: plugins/0.12/spam-filter-captcha. I guess we can close this ticket.
Found a potential problem. I'm passig captcha answer between requests in the request handler instance var. I'm afrais thi is not good so I'll move it to the req.session very soon. I'm sorry.
BTW askimet just rejected my comments again :)
I think that it's time to add optional password to protect the account?