Portland Things Development Journal

2010-01-26

Django + reCAPTCHA

Portland Things has a submission form for recommending a new blog for inclusion on the site. It wasn’t up for long before spammers started submitting garbage to it. Eventually I got sick of deleting the garbage and implemented a captcha, using reCAPTCHA — arguably the best captcha implementation around.

As the page it’s used on is a very simple form, I figured it’d serve as a good example of how to add reCAPTCHA to a Django form.

First off, sign up with reCAPTCHA and get your key. settings.py seems like an appropriate place for it, so add something along the lines of this:

RECAPTCHA_PUBLIC_KEY = '<your public key>'
RECAPTCHA_PRIVATE_KEY = '<your private key>'

Then install the Python client library:

easy_install recaptcha-client

or

pip install recaptcha-client

We then just need to add a little more conditional logic to our view function, checking not only whether the form was valid before saving it, but also now checking with reCAPTCHA to see if the captcha was correct.

My view code went from this:

 if request.method == 'POST':
     form = ProposedFeedForm(request.POST)
     if form.is_valid():
        form.save()
        return HttpResponseRedirect('/localblogs/submit/success/')
 else:
     form = ProposedFeedForm()

return render_to_response('addablog.html', { 'form': form })

to this:

from recaptcha.client import captcha

captcha_error = None

if request.method == 'POST':
    form = ProposedFeedForm(request.POST)
    if form.is_valid():
        captcha_response = captcha.submit(
            request.POST.get('recaptcha_challenge_field', ''),
            request.POST.get('recaptcha_response_field', ''),
            settings.RECAPTCHA_PRIVATE_KEY,
            request.META['REMOTE_ADDR'],
        )
        if captcha_response.is_valid:
            form.save()
            return HttpResponseRedirect('/localblogs/submit/success/')
        else:
            captcha_error = captcha_response.error_code
else:
    form = ProposedFeedForm()

return render_to_response('addablog.html', {    
    'form': form,
    'captcha_html': captcha.displayhtml(
        settings.RECAPTCHA_PUBLIC_KEY, error=captcha_error),
})

displayhtml() takes care of all the HTML for you. You just pass it into your template, and then show it to the user:

<p>{{ captcha_html|safe }}</p>

And that’s it!

Since implementing this, I’ve had zero spam.

Note on copyright: I believe the code in this post is trivial enough to be ineligible for copyright. In case that is not true, I hereby release it under the CC0 license.

2010-01-25

This is a graph from Google Webmaster Tools showing the site’s response time over the last few months. See the big drop about a week into January? That’s when I switched from semi-shared hosting on WebFaction to a virtual private server at Linode.

Of course, the comparison is not quite fair, as Linode’s cheapest plan is double the price of WebFaction’s, and the amount of hands-on work is far greater. But if you can deal with those aspects, a VPS is great. And Linode in particular is great at VPS hosting. They’re fast, and the way they run things is refreshingly transparent. There are no misleading prices that assume lump-sum pre-payments, and the prices scale completely linearly with respect to memory, bandwidth, etc. They also give you more resources for the dollar than anyone else I’ve seen.

To quote Schmichael:

It almost feels like linode.coop not linode.com. ;)

From a technical standpoint, having my own VPS is a bit of a relief. I run Ubuntu on it, just like my desktop, and can easily install any necessary libraries, which was a sore spot on WebFaction. For example, WebFaction’s libcurl was out of date, which prevented me from being able to use Tornado. I could have worked around it by compiling a recent version of libcurl within my own home directory, but that’s ugly. Now I can just aptitude install it and not worry about maintaining my own build system.

Running my own mail server again was a bit scary, but it turned out to be quite easy. All I really needed to do was create some aliases for Postfix to route email addresses to the right destinations, and install Ubuntu’s awesomely convenient dovecot-postfix package to enable POP and IMAP access.

→

Preface

Welcome to this blog. I’ll be writing about my programming work on Portland Things, an aggregator of blogs, photography, news, and other interesting RSS/Atom feed-based content that’s relevant to Portland, Oregon readers.

The site is a side project for me; partially as an attempt at creating a useful website for other people, and partially as an excuse to play around with Python, Django, Postgres, and other fun stuff. The latter has been a big success. The former… well, we’ll see.