Submitted by : flemmingbjerke at: 2007-11-07T23:09:05-08:00 (10 years ago)
Name :
Category : Severity : Status :
Optional subject :  
Optional comment :

I try to make a captcha on zwiki (used in Plone).

I have made most of the code (see below).

Problem: The only major problem I have, is to find the right place to place the captcha-test so that (if captcha is used) editing, commiting and creating are impossible unless the correct captcha-code is inserted. It is preferable that captcha is not used when a user is logged in. Therefore, it was naturally to try to place it in checkSufficientId of, but unfortunately this function is called 8 times every time an editing is posted, and only the first offers a REQUEST object with form values. Then, the question is where to put captche test.

The code, I have made is this:

def gencapcode(self):
    """ Return Generated Code """
    # The following code seems to work more correctly with modified alphabet and number of letters
    # Parts of this code taken from and from PloneCaptcha
    # It does three things: 1. Generate a random code. To this code is added a specific code in order to get the
    # entire code. The specific code is default 'secret', and the corresponding login is 'demo'. If you
    # register with, you will get another specific code and login. 2. The function returns an
    # url with the entire random code which can be used in page template to fetch a picture of the visible
    # code. 3. It generate the visible code and stores it in self so that it can be used for testing against
    # the visible code inserted by the user.
    import md5
    import random
    captcha_password = 'secret'
    captcha_login = 'demo'
    letters = "abcdefghijklmnopqrstuvwxyz"
    letters += letters.upper () + "0123456789"
    random_string = ''
    for i in range(50):
        random_string += random.choice(letters)
    codeurl = '' % (captcha_login,random_string)
    captcha_letters = 6
    captcha_alphabet = 'abcdefghijklmnopqrstuvwxyz'
    code = captcha_password + random_string
    if captcha_alphabet != 'abcdefghijklmnopqrstuvwxyz' or captcha_letters != 6:
        code += ':' + captcha_alphabet + ':' + str(captcha_letters)
    code_md5 =
    self.generated_code = ''
    for p in range(captcha_letters):
        n = ord(code_md5[p]) % len(captcha_alphabet)
        self.generated_code += captcha_alphabet[n]
    return codeurl

def gencode(self):
    # Returns the visible code.
    try: return self.generated_code
    except AttributeError: return 'ZZZ'

Within a plone template the described functions should be called in the following way:

<img tal:attributes="src python:here.gencapcode()" />
 Write these letters here: <input name="capcode" type="text">

Now the captcha-test is just a question of inserting something like:

capcode = REQUEST.form.get('capcode')
genviscode = self.gencode()
if genviscode == capcode:

(A dirty solution to the problem mentioned would be let it remember the last capcode.) Eventually, it seems natural to put config variable into

captcha_on = 0
captcha_password = 'secret'
captcha_login = 'demo'

where captcha_on should be used to switch captcha on and off. It should also be quite easy implement captcha in zwiki outside plone. Moreover, security declaration should be fixed.

... --flemmingbjerke, Wed, 07 Nov 2007 23:10:22 -0800 reply

Severity: critical => wishlist

Working captcha solution for ZWiki --magwas, Sun, 30 Mar 2008 13:20:36 -0700 reply


Do what you want with it.