Skip to content
Browse files

Implementa medidas anti-spam

Toma las ideas de http://jeffcroft.com/blog/2012/jan/31/shut-down-comment-spam/
para tratar de validar si un comentario es originado por un usuario.

El algoritmo es
 - Establecer en los comentarios un input escondido
 - Cuando el usuario escribe, esperar 5 segundos para poner una llave definida en keys.py
 - Solo postear el comentario si la llave es igual a la esperada
  • Loading branch information...
1 parent 0991121 commit 6167c8a0618540f2a356087b922bf0b26600e7d5 @jeduan jeduan committed Feb 8, 2012
Showing with 38 additions and 4 deletions.
  1. +2 −0 README.markdown
  2. +4 −1 handlers/CommentReplyHandler.py
  3. +4 −3 handlers/PostHandler.py
  4. +14 −0 templates/comment.html
  5. +14 −0 templates/post.html
View
2 README.markdown
@@ -14,6 +14,8 @@ cookie_key = 'UNASTRINGALEATORIAMUYLARGAUNASTRINGALEATORIAMUYLARGAUNASTRINGALEAT
salt_key = 'UNASTRINGALEATORIAMUYLARGA'
+comment_key = 'UNASTRINGNOTANLARGAPEROSIALEATORIA'
+
Si quisieras usar el bot de twitter tambien necesitarias agregar las siguientes llaves de la misma manera:
consumer_key = ""
View
5 handlers/CommentReplyHandler.py 100644 → 100755
@@ -44,6 +44,8 @@
class Handler(webapp.RequestHandler):
def get(self,comment_id):
session = get_current_session()
+ if hasattr(keys, 'comment_key'):
+ comment_key = keys.comment_key
if session.has_key('user'):
user = session['user']
try:
@@ -58,7 +60,8 @@ def post(self,comment_id):
if session.has_key('user'):
message = helper.sanitizeHtml(self.request.get('message'))
user = session['user']
- if len(message) > 0:
+ key = self.request.get('comment_key')
+ if len(message) > 0 and key == keys.comment_key:
try:
parentComment = db.get(comment_id)
comment = Comment(message=message,user=user,post=parentComment.post, father=parentComment)
View
7 handlers/PostHandler.py 100644 → 100755
@@ -55,8 +55,8 @@ def get(self,post_id):
if hasattr(keys,'base_url') and hasattr(keys,'killmetrics_prod') and (helper.base_url(self) == keys.base_url or helper.base_url(self) == keys.base_url_custom_url):
killmetrics_key = keys.killmetrics_prod
#### Killmetrics test
-
-
+ if hasattr(keys, 'comment_key'):
+ comment_key = keys.comment_key
try:
post = Post.all().filter('nice_url =', helper.parse_post_id( post_id ) ).get()
@@ -87,7 +87,8 @@ def post(self, post_id):
if session.has_key('user'):
message = helper.sanitizeHtml(self.request.get('message'))
user = session['user']
- if len(message) > 0:
+ key = self.request.get('comment_key')
+ if len(message) > 0 and key == keys.comment_key:
try:
post = Post.all().filter('nice_url =', helper.parse_post_id( post_id ) ).get()
if post == None: #If for some reason the post doesn't have a nice url, we try the id. This is also the case of all old stories
View
14 templates/comment.html
@@ -21,9 +21,23 @@
<form method="POST" class="validable">
<fieldset>
<textarea name="message" class="requerido"></textarea>
+ <input type="hidden" name="comment_key" value="">
<br/><input type="Submit" value="Responder"/>
</fieldset>
</form>
</div>
+<script type="text/javascript">
+;(function($){
+ $('textarea[name=message]').keypress(function(){
+ var $hidden = $(this).siblings('input[name=comment_key]');
+
+ if ($hidden.val() === '') {
+ setTimeout(function() {
+ $hidden.val('{{comment_key}}');
+ }, 5000);
+ }
+ });
+}(jQuery));
+</script>
{% endblock %}
View
14 templates/post.html
@@ -12,9 +12,11 @@
<form method="POST" class="validable">
<fieldset>
<textarea name="message" class="requerido"></textarea>
+ <input type="hidden" name="comment_key" value="">
<br/><input type="submit" value="Agregar comentario"/>
</fieldset>
</form>
+
{% else %}
<a href="/login">Registrate</a> para responder a este mensaje, toma 10 segundos<hr/>
{% endif %}
@@ -24,5 +26,17 @@
{% endif %}
{% endfor %}
</div>
+<script type="text/javascript">
+;(function($){
+ $('textarea[name=message]').keypress(function(){
+ var $hidden = $(this).siblings('input[name=comment_key]');
+ if ($hidden.val() === '') {
+ setTimeout(function() {
+ $hidden.val('{{comment_key}}');
+ }, 5000);
+ }
+ });
+}(jQuery));
+</script>
{% endblock %}

0 comments on commit 6167c8a

Please sign in to comment.
Something went wrong with that request. Please try again.