widelands-dev team mailing list archive
-
widelands-dev team
-
Mailing list archive
-
Message #11345
[Merge] lp:~widelands-dev/widelands-website/anti_spambot into lp:widelands-website
kaputtnik has proposed merging lp:~widelands-dev/widelands-website/anti_spambot into lp:widelands-website.
Requested reviews:
Widelands Developers (widelands-dev)
Related bugs:
Bug #1614403 in Widelands Website: "Ideas to prevent spammers, make their work harder"
https://bugs.launchpad.net/widelands-website/+bug/1614403
For more details, see:
https://code.launchpad.net/~widelands-dev/widelands-website/anti_spambot/+merge/332911
Logout a user if he has written MAX_HIDDEN_POSTS and set his property 'is_active' to false, so he can't log in anymore. The user get prompted with a forbidden page then.
This assumes a human would not write the same thing much often when he get prompted with the 'Posts have to be mederated' info, but bots do.
The initial idea was a two step approach, by first logging out only after x hidden posts and additionally set him inactive after x+y hidden posts. But i think this is unrewarding because the url to add a new topic/post asks for login.
--
Your team Widelands Developers is requested to review the proposed merge of lp:~widelands-dev/widelands-website/anti_spambot into lp:widelands-website.
=== modified file 'local_settings.py.sample'
--- local_settings.py.sample 2017-10-17 20:07:08 +0000
+++ local_settings.py.sample 2017-10-27 13:07:22 +0000
@@ -51,6 +51,7 @@
ANTI_SPAM_BODY = ['spam']
ANTI_SPAM_TOPIC = ['spam']
ANTI_SPAM_PHONE_NR = re.compile('\d{8,16}')
+MAX_HIDDEN_POSTS = 5
# Uncomment 'LOGGING = {...}' for debugging purposes when you have set DEBUG=False.
# Use then in the code:
=== modified file 'pybb/views.py'
--- pybb/views.py 2017-08-21 19:13:19 +0000
+++ pybb/views.py 2017-10-27 13:07:22 +0000
@@ -11,6 +11,7 @@
from django.db import connection
from django.utils import translation
from django.shortcuts import render
+from django.contrib.auth import logout
from pybb.util import render_to, paged, build_form, quote_text, ajax, urlize
from pybb.models import Category, Forum, Topic, Post, PrivateMessage, Attachment,\
@@ -161,7 +162,16 @@
post.topic.subscribers.add(request.user)
if post.hidden:
- # Redirect to an info page to inform the user
+ hidden_posts_count = Post.objects.filter( user=request.user, hidden=True).count()
+
+ if hidden_posts_count >= settings.MAX_HIDDEN_POSTS :
+ user = get_object_or_404(User, username=request.user)
+ # Set the user inactive so he can't login
+ user.is_active = False
+ user.save()
+ # Log the user out
+ logout(request)
+ return HttpResponse(status=403)
return HttpResponseRedirect('pybb_moderate_info')
return HttpResponseRedirect(post.get_absolute_url())
Follow ups