首页 / 问题 / 正文

如何启用reCAPTCHA

2 投票
2 回答
1479 浏览
提问于 2025-04-16 15:43

我尝试用这个标签来启用reCAPTCHA:

{{capture}}

我本来希望看到的是reCAPTCHA的框框,但结果却直接在页面上显示了这段代码,看起来像是个错误:

<script type="text/javascript" src="http://api.recaptcha.net/ challenge?k=6LckUsMSAAAAAGcZR3JZw6Dusn4wKBBfZxHXh8w5"></script> <noscript> <iframe src="http://api.recaptcha.net/noscript?k=6LckUsMSAAAAAGcZR3JZw6Dusn4wKBBfZxHXh8w5" height="300" width="500" frameborder="0"></iframe><br /> <textarea name="recaptcha_challenge_field" rows="3" cols="40"></ textarea> <input type='hidden' name='recaptcha_response_field' value='manual_challenge' /> </noscript>

有没有什么建议我该怎么做?这个错误的链接在这里,我使用的代码是直接调用reCAPTCHA的API,文件名是captcha.py,具体在这里:

import urllib2, urllib

API_SSL_SERVER="https://api-secure.recaptcha.net"
API_SERVER="http://api.recaptcha.net"
VERIFY_SERVER="api-verify.recaptcha.net"

class RecaptchaResponse(object):
    def __init__(self, is_valid, error_code=None):
        self.is_valid = is_valid
        self.error_code = error_code

def displayhtml (public_key,
                 use_ssl = False,
                 error = None):
    """Gets the HTML to display for reCAPTCHA

    public_key -- The public api key
    use_ssl -- Should the request be sent over ssl?
    error -- An error message to display (from
RecaptchaResponse.error_code)"""

    error_param = ''
    if error:
        error_param = '&error=%s' % error

    if use_ssl:
        server = API_SSL_SERVER
    else:
        server = API_SERVER

    return """<script type="text/javascript" src="%(ApiServer)s/
challenge?k=%(PublicKey)s%(ErrorParam)s"></script>

<noscript>
  <iframe src="%(ApiServer)s/noscript?k=%(PublicKey)s%(ErrorParam)s"
height="300" width="500" frameborder="0"></iframe><br />
  <textarea name="recaptcha_challenge_field" rows="3" cols="40"></
textarea>
  <input type='hidden' name='recaptcha_response_field'
value='manual_challenge' />
</noscript>
""" % {
        'ApiServer' : server,
        'PublicKey' : public_key,
        'ErrorParam' : error_param,
        }


def submit (recaptcha_challenge_field,
            recaptcha_response_field,
            private_key,
            remoteip):
    """
    Submits a reCAPTCHA request for verification. Returns
RecaptchaResponse
    for the request

    recaptcha_challenge_field -- The value of
recaptcha_challenge_field from the form
    recaptcha_response_field -- The value of recaptcha_response_field
from the form
    private_key -- your reCAPTCHA private key
    remoteip -- the user's ip address
    """

    if not (recaptcha_response_field and recaptcha_challenge_field and
            len (recaptcha_response_field) and len
(recaptcha_challenge_field)):
        return RecaptchaResponse (is_valid = False, error_code =
'incorrect-captcha-sol')


    def encode_if_necessary(s):
        if isinstance(s, unicode):
            return s.encode('utf-8')
        return s

    params = urllib.urlencode ({
            'privatekey': encode_if_necessary(private_key),
            'remoteip' :  encode_if_necessary(remoteip),
            'challenge':
encode_if_necessary(recaptcha_challenge_field),
            'response' :
encode_if_necessary(recaptcha_response_field),
            })

    request = urllib2.Request (
        url = "http://%s/verify" % VERIFY_SERVER,
        data = params,
        headers = {
            "Content-type": "application/x-www-form-urlencoded",
            "User-agent": "reCAPTCHA Python"
            }
        )

    httpresp = urllib2.urlopen (request)

    return_values = httpresp.read ().splitlines ();
    httpresp.close();

    return_code = return_values [0]

    if (return_code == "true"):
        return RecaptchaResponse (is_valid=True)
    else:
        return RecaptchaResponse (is_valid=False, error_code =
return_values [1])

到目前为止,我在HTTP的GET和POST处理程序中使用了它:

template_values.update(dict(capture=captcha.displayhtml(public_key = CAPTCHA_PUB_KEY, use_ssl = False, error = None)))

这是GET处理程序,而POST处理程序有:

def post(self, view): 
    challenge = self.request.get('recaptcha_challenge_field')
    response  = self.request.get('recaptcha_response_field')
    remoteip  = os.environ['REMOTE_ADDR']
    cResponse = captcha.submit(
             challenge,
             response,
             CAPTCHA_PRV_KEY,
             remoteip)

if cResponse.is_valid==True:
    isHuman=True
else:
    isHuman=False

我该怎么继续呢?

更新:为了继续,我还添加了逻辑,只允许变量isHuman=True的情况,并且我想重定向到表单页面,而不是打印错误信息:

def post(self, view): 
    challenge = self.request.get('recaptcha_challenge_field')
    response  = self.request.get('recaptcha_response_field')
    remoteip  = os.environ['REMOTE_ADDR']
    cResponse = captcha.submit(
                 challenge,
                 response,
                 CAPTCHA_PRV_KEY,
                 remoteip)

    if cResponse.is_valid==True:
        isHuman=True
    else:
        isHuman=False 
        self.response.out.write('captcha failed') #TO DO: redirect to form page
        return
错误处理 表单验证 http GET请求 api POST请求 recaptcha 用户验证

2 个回答

3

Django的模板系统默认会自动对HTML进行转义,这样可以防止像跨站脚本攻击这样的安全问题。这就是为什么你的HTML标签<tag>会变成&lt;tag &gt;的原因。

如果你想避免这种情况,可以使用safe过滤器,像这样:

{{capture|safe}}

回答于 2025-04-16 由 Python大师
分享 举报
5

你遇到了Django自动转义的问题。

试试这个:{{capture|safe}}

回答于 2025-04-16 由 Python大师
分享 举报

撰写回答