widelands-dev team mailing list archive

[kaputtnik <somal@xxxxxxxx>]

kaputtnik has proposed merging lp:~widelands-dev/widelands-website/anti_spambot into lp:widelands-website.

Requested reviews:
  Widelands Developers (widelands-dev)
Related bugs:
  Bug #1614403 in Widelands Website: "Ideas to prevent spammers, make their work harder"
  https://bugs.launchpad.net/widelands-website/+bug/1614403

For more details, see:
https://code.launchpad.net/~widelands-dev/widelands-website/anti_spambot/+merge/332911

Logout a user if he has written MAX_HIDDEN_POSTS and set his property 'is_active' to false, so he can't log in anymore. The user get prompted with a forbidden page then.

This assumes a human would not write the same thing much often when he get prompted with the 'Posts have to be mederated' info, but bots do.

The initial idea was a two step approach, by first logging out only after x hidden posts and additionally set him inactive after x+y hidden posts. But i think this is unrewarding because the url to add a new topic/post asks for login.


-- 
Your team Widelands Developers is requested to review the proposed merge of lp:~widelands-dev/widelands-website/anti_spambot into lp:widelands-website.

=== modified file 'local_settings.py.sample'
--- local_settings.py.sample	2017-10-17 20:07:08 +0000
+++ local_settings.py.sample	2017-10-27 13:07:22 +0000
@@ -51,6 +51,7 @@
 ANTI_SPAM_BODY = ['spam']
 ANTI_SPAM_TOPIC = ['spam']
 ANTI_SPAM_PHONE_NR = re.compile('\d{8,16}')
+MAX_HIDDEN_POSTS = 5
 
 # Uncomment 'LOGGING = {...}' for debugging purposes when you have set DEBUG=False.
 # Use then in the code:

=== modified file 'pybb/views.py'
--- pybb/views.py	2017-08-21 19:13:19 +0000
+++ pybb/views.py	2017-10-27 13:07:22 +0000
@@ -11,6 +11,7 @@
 from django.db import connection
 from django.utils import translation
 from django.shortcuts import render
+from django.contrib.auth import logout
 
 from pybb.util import render_to, paged, build_form, quote_text, ajax, urlize
 from pybb.models import Category, Forum, Topic, Post, PrivateMessage, Attachment,\
@@ -161,7 +162,16 @@
             post.topic.subscribers.add(request.user)
 
         if post.hidden:
-            # Redirect to an info page to inform the user
+            hidden_posts_count = Post.objects.filter( user=request.user, hidden=True).count()
+
+            if hidden_posts_count >= settings.MAX_HIDDEN_POSTS :
+                user = get_object_or_404(User, username=request.user)
+                # Set the user inactive so he can't login
+                user.is_active = False
+                user.save()
+                # Log the user out
+                logout(request)
+                return HttpResponse(status=403)
             return HttpResponseRedirect('pybb_moderate_info')
 
         return HttpResponseRedirect(post.get_absolute_url())