16

I want to make a captcha validation.

I get the key from the recaptcha website and already succeed to put the public key to load the webpage with the challenge.

<script type="text/javascript"
   src="http://api.recaptcha.net/challenge?k=<your_public_key>">
</script>

<noscript>
   <iframe src="http://api.recaptcha.net/noscript?k=<your_public_key>"
       height="300" width="500" frameborder="0"></iframe><br>
   <textarea name="recaptcha_challenge_field" rows="3" cols="40">
   </textarea>
   <input type="hidden" name="recaptcha_response_field" 
       value="manual_challenge">
</noscript>

I download the reCaptcha Python plugin but I can not find any documentation on how to use it.

Does anyone have any idea on how to use this Python plugin? recaptcha-client-1.0.4.tar.gz (md5)

Hoang Pham
  • 6,899
  • 11
  • 57
  • 70

2 Answers2

25

It is quite straightforward. This is an example from a trivial trac plugin I'm using:

from recaptcha.client import captcha

if req.method == 'POST':
    response = captcha.submit(
        req.args['recaptcha_challenge_field'],
        req.args['recaptcha_response_field'],
        self.private_key,
        req.remote_addr,
        )
    if not response.is_valid:
        say_captcha_is_invalid()
    else:
        do_something_useful()
else:
    data['recaptcha_javascript'] = captcha.displayhtml(self.public_key)
    data['recaptcha_theme'] = self.theme
    return 'recaptchaticket.html', data, n
abbot
  • 27,408
  • 6
  • 54
  • 57
  • Hi abbot, I am new to Python, can you explain how to use the downloaded package in more details? – Hoang Pham Sep 17 '09 at 23:06
  • 2
    You should install it as a regular python package. I would recommend you reading some introductory course on python if you are new to all these things. You can try http://diveintopython.org/toc/index.html or http://docs.python.org/tutorial/index.html as a good starting point. – abbot Sep 18 '09 at 18:58
4

Sorry to say, but this module, while it works just fine, is almost entirely undocumented, and it's layout is a tad confusing for those of us who prefer using ">> help(modulename)" after installation. I'll give an example using cherrypy, and make some cgi-related comments afterwards.

captcha.py contains two functions and a class:

  • display_html: which returns the familiar "reCaptcha box"

  • submit: which submits the values entered by the user in the background

  • RecapchaResponse: which is a container class that contains the response from reCaptcha

You'll first need to import the complete path to capcha.py, then create a couple of functions that handle displaying and dealing with the response.

from recaptcha.client import captcha
class Main(object):

    @cherrypy.expose
    def display_recaptcha(self, *args, **kwargs):
        public = "public_key_string_you_got_from_recaptcha"
        captcha_html = captcha.displayhtml(
                           public,
                           use_ssl=False,
                           error="Something broke!")

        # You'll probably want to add error message handling here if you 
        # have been redirected from a failed attempt
        return """
        <form action="validate">
        %s
        <input type=submit value="Submit Captcha Text" \>
        </form>
        """%captcha_html

    # send the recaptcha fields for validation
    @cherrypy.expose
    def validate(self, *args, **kwargs):
        # these should be here, in the real world, you'd display a nice error
        # then redirect the user to something useful

        if not "recaptcha_challenge_field" in kwargs:
            return "no recaptcha_challenge_field"

        if not "recaptcha_response_field" in kwargs:
            return "no recaptcha_response_field"

        recaptcha_challenge_field  = kwargs["recaptcha_challenge_field"]
        recaptcha_response_field  = kwargs["recaptcha_response_field"]

        # response is just the RecaptchaResponse container class. You'll need 
        # to check is_valid and error_code
        response = captcha.submit(
            recaptcha_challenge_field,
            recaptcha_response_field,
            "private_key_string_you_got_from_recaptcha",
            cherrypy.request.headers["Remote-Addr"],)

        if response.is_valid:
            #redirect to where ever we want to go on success
            raise cherrypy.HTTPRedirect("success_page")

        if response.error_code:
            # this tacks on the error to the redirect, so you can let the
            # user knowwhy their submission failed (not handled above,
            # but you are smart :-) )
            raise cherrypy.HTTPRedirect(
                "display_recaptcha?error=%s"%response.error_code)

It'll be pretty much the same if using cgi, just use the REMOTE_ADDR environment variable where I used cherrypy's request.headers and use field storage to do your checks.

There is no magic, the module just follows the docs: https://developers.google.com/recaptcha/docs/display

Validation errors you might need to handle: https://developers.google.com/recaptcha/docs/verify

lysdexia
  • 1,786
  • 18
  • 29