0

i have created a simple web app which contains recaptcha authentication. however, i feel that it is too difficult for my userbase. i'd like a simple and decently secure solution that i can use with GAE-py without much effort, which uses something like a slider/drag-drop approach.

something like Qaptcha.

Any recommendations?

Rishav Sharan
  • 2,763
  • 8
  • 39
  • 55
  • If you like Qaptcha, why don't you use Qaptcha? – Adam Crossland Apr 11 '12 at 13:46
  • its php based and i have no idea how to integrate it with GAE. i am new to the whole coding stuff. – Rishav Sharan Apr 11 '12 at 15:27
  • Really? You think your users are too stupid to fill in a captcha? What do they think of that? – Nick Johnson Apr 12 '12 at 00:11
  • Also note, qaptcha is easily defeated - see this answer: http://stackoverflow.com/questions/5564342/jquery-qaptcha-do-you-think-that-this-captcha-system-is-easily-hackable – Nick Johnson Apr 12 '12 at 00:13
  • Hi Nick. Many of my users are old people who have trouble seeing things. decrypting recaptcha (which often requires me to cycle and refresh several times to read it correctly) is not an option. I am willing to take a hit in security, but as i am not using it in a blog, i don't think i will be in much problem. – Rishav Sharan Apr 13 '12 at 05:54

2 Answers2

1

Although Qaptcha is based on PHP, but what it's actually do is just send an AJAX request to server after user slided to unlock.

So you can specify your own request url like this.

$('#QapTcha').QapTcha({
    ...
    PHPfile: '/your/server-side/qaptcha-handler'
});

And then just response the json result with {"error":false} and it should be work fine.

Benz Bumroungruksa
  • 198
  • 1
  • 9
  • Can you please elaborate more? The only php part from qaptcha docs is; if(isset($_POST['iQapTcha']) && empty($_POST['iQapTcha']) && isset($_SESSION['iQaptcha']) && $_SESSION['iQaptcha']) { // mail can be sent } else { // mail can not be sent } How do i write the same in python? Rest of the stuff is basically jquery. – Rishav Sharan Apr 11 '12 at 16:40
  • the formatting's borked. -_- See the php implementation here. http://www.myjqueryplugins.com/QapTcha How can i do the same in GAE-py? – Rishav Sharan Apr 11 '12 at 16:44
  • The default Qaptcha's action in PHP is going to set `$_SESSION['iQaptcha'] = true`. You can take a look at `Qaptcha.jquery.php` file. This PHP file is called by default if you not specify `PHPfile` attribute. So first you will specify `PHPfile` to your server handler, and then in your handler you can set session of Qaptcha to true. When the form is submitted, you can check that the session['iQaptcha'] is true or not. If yes, then proceed the request. – Benz Bumroungruksa Apr 11 '12 at 17:00
  • Sorry. I got sidetracked with the physical aspect of the project. I really haven;t been able to devote as much time to this issue as I would have liked. I have selected your answer for now. Thanks for all the help. – Rishav Sharan May 04 '12 at 07:37
0

Qaptcha seens to use cookies. To manipulate cookies on appengine, use this pseudo code: if response.cookies['iQaptcha'] is None:

Christopher Ramírez
  • 1,710
  • 10
  • 13