Chris Umbel

Using reCAPTCHA With Django

django I sure was naive. When I launched a certain django-based site that accepted user comments (wonder which one that is?) a while back I thought I could block the comment spam myself without CAPTCHA. After a few months of traffic I started getting hammered with it and tried blocking IPs, keywords and patterns. All to no avail.

The trouble-spot was a strait-forward, regular old HTML form that accepted the comment input. I needed it to appeal to wide browser requirements of the site. My AJAX-jQuery-to-django-piston-service comment submissions rarely were the source of spam entry but I needed my regular forms locked down as well.

reCAPTHCA logo

I toyed with the idea of rolling my own CAPTCHA but I honestly have bigger fish to fry. Turns out that integrating reCAPTCHA with django was a sinch and solved my comment spam problems.

Here's how to do it.

Step #1: Get a reCAPTCHA Account

reCAPTCHA is a service and all the heavy lifting is done on reCAPTCHA's servers. Because of that you must sign up for an account to use the service here.

By default a key works on a single domain, but you can also create your key as "Global" allowing them to work on multiple site.

Step #2: Install recaptcha-client

In order for django (or any other python code) to use the reCAPTCHA service you must install the recaptcha-client library. This is most easily accomplished with setuptools:

easy_install recaptcha-client

Alternatively you can install it directly from source by downloading it from: http://pypi.python.org/pypi/recaptcha-client

Step #3: Add reCAPTCHA to a Template

Now it's time for some actual web development. I'll start out by putting the familiar reCAPTCHA interface in a django template. Notice that I have it as part of a form named edit_form. There are also a couple locations where you have to insert your public key which you get when you sign up for a reCAPTCHA account.

<form  action="#" method="POST">
  <table>
    {{ edit_form }}
    <tr>
        <th>Are you human?</th>
        <td>
            <span class="validation_error">{{ captcha_response }}</span>
        
            <script type="text/javascript"
            src="http://api.recaptcha.net/challenge?k=[[ YOUR PUBLIC KEY ]]">
            </script>
            
            <noscript>
            <iframe src="http://api.recaptcha.net/noscript?k=[[ YOUR PUBLIC KEY ]]"
            height="300" width="500" frameborder="0"></iframe><br>
            <textarea name="recaptcha_challenge_field" rows="3" cols="40">
            </textarea>
            <input type="hidden" name="recaptcha_response_field" 
            value="manual_challenge">
            </noscript>
        <td>
    </tr>
    <tr>
        <th></th>
        <td><input type="submit" value="Save"/></td>
    </tr>
  </table>
</form>

Step #4: Handle reCAPTCHA Upon Form Submission

Now I'll set up a view to handle the template and form submission. This would all live in your application's views.py.

# load the recaptcha  module
from recaptcha.client import captcha

# create the form to be submitted
class EditForm(forms.Form):
    data_field = forms.CharField()

def myview(request):	
    if request.method == 'POST':
        edit_form = EditForm(request.POST)
        # talk to the reCAPTCHA service
        response = captcha.submit(
            request.POST.get('recaptcha_challenge_field'),
            request.POST.get('recaptcha_response_field'),
            '[[ MY PRIVATE KEY ]]',
            request.META['REMOTE_ADDR'],)
        
        # see if the user correctly entered CAPTCHA information
        # and handle it accordingly.
        if response.is_valid:
            captcha_response = "YOU ARE HUMAN: %(data)s" % {'data' :
		edit_form.data['data_field']}
        else:
            captcha_response = 'YOU MUST BE A ROBOT'
        
        return render_to_response('mytemplate.html', {
                'edit_form': edit_form,
                'captcha_response': captcha_response})
    else:
        edit_form = EditForm()
        return render_to_response('mytemplate.html', {'edit_form': edit_form})

Which would look like:

If a user enters the CAPTCHA text correctly they get a message indicating that they are human. This is where you would put logic to do something like save a comment. If a user fails to enter the CAPTCHA text correctly they get a nasty error message telling them that they must be a robot. In that code path you'd want to assume the user either entered the text wrong and will retry or that there is no real user at all.

Conclusion

It's unfortunate that we have to deal with spam bots and other abuses of our hard work. Luckily services like reCAPTCHA make it relatively easy to defend against. And the benefits extend beyond just protecting our own web content. Every time a user uses reCAPTCHA they're actually helping to digitize books on the other end.

Sat Nov 21 2009 15:11:00 GMT+0000 (UTC)

Comments

A Little More of Google's Go

Well, I've been spending a little more time fiddling with Google's new Go programming language of late and again figured I'd share some more playing-around-code.

HTTP Operations and XML Processing

One of my favorite examples I tend to use in higher level languages is the retrieval of twitter statuses with only out-of-the-box libraries. I was surprised how simple this task ended up to be with Go which is more of a systems language. The HTTP get was a one-liner and the resultant XML can be unmarshaled right into native structs.

package main

import (
       "http";
       "fmt";
       "xml";
)

/* these structs will house the unmarshalled response.
   they should be hierarchically shaped like the XML
   but can omit irrelevant data. */
type Status struct {
     Text string
}

type User struct {
     XMLName xml.Name;
     Status Status;
}

func main()  {
     /* perform an HTTP request for the twitter status */
     response, _, _ := http.Get("http://twitter.com/users/chrisumbel.xml");

     /* initialize the structure of the XML response */
     var user = User{xml.Name{"", "user"}, Status{""}};
     /* unmarshal the XML into our structures */
     xml.Unmarshal(response.Body, &user);

     fmt.Printf("status: %s", user.Status.Text);
}

Object Orientation

Go's approach to object orientation is interesting. Essentially you just tack methods onto structs as is illustrated below.

package main

import "fmt"

/* basic data structure upon with we'll define methods */
type employee struct {
     salary float;
}

/* a method which will add a specified percent to an
   employees salary */
func (this *employee) giveRaise(pct float) {
     this.salary += this.salary * pct;
}

func main() {
     /* create an employee instance */
     var e = new(employee);
     e.salary = 100000;
     /* call our method */
     e.giveRaise(0.04);

     fmt.Printf("Employee now makes %f", e.salary);
}

Go doesn't have inheritance per se but does support contracts by way of interfaces. The following code illustrates how two different kinds of things (stock positions and automobiles) share a common operation (obtaining its value).

package main

import "fmt";

type stockPosition struct {
     ticker string;
     sharePrice float;
     count float;
}

/* method to determine the value of a stock position */
func (this stockPosition) getValue() float {
     return this.sharePrice * this.count;
}

type car struct {
     make string;
     model string;
     price float;
}

/* method to determine the value of a car */
func (this car) getValue() float {
     return this.price;
}

/* contract that defines different things that have value */
type valuable interface {
     getValue() float;
}

/* anything that satisfies the "valuable" interface is accepted */
func showValue(asset valuable) {
     fmt.Printf("Value of the asset is %f\n", asset.getValue());
}

func main() {
     var o valuable = stockPosition{ "GOOG", 577.20, 4 };
     showValue(o);
     o = car{ "BMW", "M3", 66500 };
     showValue(o);
}

Tue Nov 17 2009 20:00:00 GMT+0000 (UTC)

Comments

First Impressions of Go, Google's New Systems Language

It's funny. These days I hear Google's name mentioned in reference to subjects I never would have imagined three or four years back. Cell phones... Web browsers... Operating Systems... And a systems programming language???

Yes, a systems programming language... By the name of "Go", actually. It boasts garbage collection, enhanced safety and slick concurrency. The idea is that it should perform only slightly slower than C but feel more like python; simple, safe, garbage-collected and plumbing-light.

Considering it was just released to the public a few days ago and I've only been fiddling with it for a few hours now I certainly can claim no authority on the subject. I would, however, like to share some of the little hello-world-style hacks I whipped out while getting myself acquainted with Go.

Hello World

Here's a basic Hello World app.

package main

/* load the "fmt" package. */
import "fmt"

func main() {
    /* write formatted text to console */
     fmt.Println("hello world");
}

Output:

hello world

Hello World 2

Now wrapped in a function. Notice the type follows the identifier in the argument declaration, the opposite of most languages.

package main

import "fmt"

func WriteStuff(message string) {
     fmt.Println(message);
}

func main() {
     WriteStuff("hello world");
}

Concurrency

Concurrency is accomplished by a concept called "goroutines". The implementation is quite elegant. All you have to do is precede your function call with the "go" keyword. Quite nice!

package main

import (
       "fmt";
       "time";
)

func doStuff(message string) {
     for i := 0; i < 10; i++ {
       fmt.Println(message);
       time.Sleep(100);
     }
}

func main() {
     /* the "go" spawns the concurrent goroutine */
     go doStuff("goroutine");

     /* the lack of go runs on the caller */
     doStuff("main");
}

Resulting in output similar to:

goroutine
goroutine
main
main
goroutine
goroutine
main
main
goroutine
goroutine
main
main
goroutine
goroutine
main
main
goroutine
goroutine
main
main

Concurrency 2

Here's basically the same thing, but lambda-like.

package main

import (
       "fmt";
       "time";
)

func main() {
     /* the "go" spawns another thread, lambda style this time */
     go func() {
             for i := 0; i < 10; i++ {
                   fmt.Println("goroutine");
                   time.Sleep(100);
             }
     }(); /* parens indicate we're calling a func */

     for i := 0; i < 10; i++ {
           fmt.Println("main");
           time.Sleep(100);
     }
}

Channels

Communication between threads is accomplished via channels a la Erlang or Stackless Python. More concurrent goodness!

package main

import (
       "fmt";
       "time";
)

func doStuff(id int, c chan string) {
     var s string;

     for i := 0; i < 3; i++ {
        /* receive from the channel */ 
         s = <-c;

         fmt.Printf("%d: %s\n", id, s);
     }
}

func main() {
    /* create a channel with string messages */
     c := make(chan string);

    /* spawn two goroutines that will receive messages */
     go doStuff(1, c);
     go doStuff(2, c);

    /* send messages to the goroutines via our channel */
     c <- "message 1";
     c <- "message 2";
     c <- "message 3";
     c <- "message 4";
     c <- "message 5";
     c <- "message 6";

     time.Sleep(1000);
}

Resulting in output similar to:

1: message 1
1: message 3
2: message 2
1: message 4
2: message 5
2: message 6

Maps

Handy key-value storage is available through maps.

/* create and initialize a map that contains floats
   and is keyed on strings. */
stocks := map[string] float  {
    "JAVA" : 8.67,
    "MSFT" : 29.62,
    "GOOG" : 572.05
};

fmt.Printf("Google is %f\n", stocks["GOOG"]);

/* add a pair to a map */
stocks["ORCL"] = 22.31;

fmt.Printf("Oracle is %f\n", stocks["ORCL"]);

Conclusion

Well, that's the first few hours of hacking around. Obviously this just scratches the surface. I'm looking forward to seeing what people actually produce with Go.

It's interesting, though. We've been so wrapped up in abstracting everything away into runtimes that we may have ignored the possibility of making native/systems languages more productive. Perhaps if it catches on Go will change that.

With its ease of use, memory safety, and simplified concurrency I certainly think it has a shot of improving our lower-level lives.

Sat Nov 14 2009 23:11:00 GMT+0000 (UTC)

Comments

Scripting Your .Net Applications with IronPython

At several points in my .Net development career I've had the need to make an application I wrote scriptable. Sometimes it was to provide easy product extension to customers or lower level information workers. Sometimes it was to ease maintenance of very fine grained logic that has the capacity to change frequently or unpredictably. But every time I found it to be one of the more interesting facets of the project at hand.

Early in .Net's history this was made easy by using Visual Studio for Applications (VSA) which allowed you to host arbitrary C# or VB.Net code within the executing AppDomain. Unfortunately VSA was plagued with resource leak problems and was therefore impractical in most enterprise situations. VSA was eventually deprecated.

One of the many alternatives is to perform dynamic, on-the-fly code compilation. While certainly quite manageable it was a bit more complex and much akin to cutting down a sapling with a chainsaw.

Another option that came along later is Visual Studio Tools for Applications which brought the Visual Studio IDE to the scripter.

My favorite avenue, however, is to host a Dynamic Language Runtime (DLR) and use a language like IronPython. Not only is it disgustingly simple to implement from a plumbing point of view but Python itself seems like a natural fit due to it's simplicity. IronRuby's another wonderful choice but I'll stick to IronPython for the scope of this post.

Examples

The demonstration I'm about to show you was done using Visual Studio 2008 and IronPython 2.6 RC2. All you have to do is reference:

  • IronPython.dll
  • Microsoft.Scripting.dll
  • Microsoft.Scripting.Core.dll
and your project is ready to go. You may also want to reference IronPython.Modules.dll to get access to python's standard library.

All of the following examples require the following imports:

using System;
using IronPython.Hosting;
using Microsoft.Scripting.Hosting;

This is very basic. It simply executes a Python print statement.

static void Main(string[] args)
{
    /* bring up an IronPython runtime */
    ScriptEngine engine = Python.CreateEngine();
    ScriptScope scope = engine.CreateScope();
    
    /* create a source tree from code */
    ScriptSource source =
        engine.CreateScriptSourceFromString("print 'hello from python'");
        
    /* run the script in the IronPython runtime */
    source.Execute(scope);
}

which produces:

hello from python

Scripting isn't very useful if the script can't affect the AppDomain around it. Here's an example that modifies an integer from the calling program.

static void Main(string[] args)
{
    ScriptEngine engine = Python.CreateEngine();
    ScriptScope scope = engine.CreateScope();
    
    /* create a Python variable "i" with the value 1 */
    scope.SetVariable("i", 1);
    
    /* this script will simply add 1 to it */
    ScriptSource source = engine.CreateScriptSourceFromString("i += 1");
    source.Execute(scope);
    
    /* pull the value back out of IronPython and display it */
    Console.WriteLine(scope.GetVariable<int>("i").ToString());
}

producing

2

Naturally scripts would frequently operate on domain objects in the real world:

public class Employee
{ 
    public double Salary { get; set; }
    public bool Good { get; set; }
}

The following code conditionally modifies an Employee object.

static void Main(string[] args)
{
    Employee employee = new Employee() { Salary = 50000, Good = true };

    ScriptEngine engine = Python.CreateEngine();
    ScriptScope scope = engine.CreateScope();
    scope.SetVariable("employee", employee);

    /* a more complex script this time */
    ScriptSource source = engine.CreateScriptSourceFromString(
@"
def evaluate(e):
    if e.Good:
        e.Salary *= 1.05

evaluate(employee)
");

    source.Execute(scope);
    Console.WriteLine(scope.GetVariable<Employee>("employee").Salary);
}

You can also call functions in a python script:

ScriptSource source = engine.CreateScriptSourceFromString(  
@"  
def fun():
        print 'hello from example function'
");  

engine.Operations.Invoke(scope.GetVariable("fun"));

Conclusion

As you can see there really isn't much plumbing involved in hosting an IronPython runtime. In my opinion it combines both ease and power producing nearly perfect extension.

Tue Nov 03 2009 22:11:00 GMT+0000 (UTC)

Comments
< 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 >
Follow Chris
RSS Feed
Twitter
Facebook
CodePlex
github
LinkedIn
Google