Martijn Pieters wrote:
On Nov 20, 2007 12:07 AM, David Glick <[EMAIL PROTECTED]> wrote:
Hey Martijn, I've been trying out the collective.captcha tool, which I
noticed via the collective-checkins list, and it is pretty slick!
However, I have a couple questions about using it from a
CMFFormController validator.
#1) I have the following in my validator:
from collective.captcha.browser.captcha import Captcha
captcha_view = Captcha(context, req)
if not captcha_view.verify(captcha):
state.setError('captcha', qpcMF(u'You must correctly enter the
word.'), 'captcha')
In order to have the privilege to call this view, I added the following
in my product's __init__.py:
from AccessControl import allow_module, allow_class
allow_module('collective.captcha.browser.captcha')
from collective.captcha.browser.captcha import Captcha
allow_class(Captcha)
Is this the preferred way to use a browser view from restricted python,
or is there a better way?
You could traverse to it, with context.restrictedTraverse('@@captcha') perhaps?
I'll give that a try.
#2) I noticed that the captcha cookie is getting deleted whenever
verify() is called, even if the verification failed. This seems like a
bug, because it makes it hard to redisplay a new captcha if the
verification fails.
This is intentional! You don't want to give spambots multiple tries at
solving the captcha. Just look at any captcha online, failure to read
it will give you another, different captcha. This actually helps
people to deal with the occasional unreadable captcha
Yes, I understand that we want to offer a new, different captcha on
failure. This is how it is working with my patch. Before, it was
displaying NO image after a failure, because for some reason a new
cookie wasn't getting set (in latest Firefox). I suppose that may be
the real problem that we should look into.
Aha, I see it. Because verify() calls expireCookie, the cookie's
expiration date is in the past even after the new cookie gets set (b/c
setCookie just updates a dictionary of cookie parameters, one of which
is the expiration date). So if you explicitly put in a new expiration
date when you call setCookie in _generate_session(), that should fix
things as well.
--
--------------------------
David Glick
Project Associate
ONE/Northwest
New tools and strategies for engaging people in protecting the environment
http://www.onenw.org
[EMAIL PROTECTED]
(206) 286-1235 x32
Subscribe to ONEList, our email newsletter!
Practical advice for effective online engagement
http://www.onenw.org/full_signup
_______________________________________________
Product-Developers mailing list
[email protected]
http://lists.plone.org/mailman/listinfo/product-developers
