# HG changeset patch # User neko259 # Date 2013-09-25 21:00:36 # Node ID ac659daeefffa47498b274bc9d5fe4cc7870d85f # Parent 60c21dbf5db808028c4a0f119c7d6acb1c27b77f Added autoban by the hidden field (to ban spammers and prevent them from trying to post anything). diff --git a/boards/forms.py b/boards/forms.py --- a/boards/forms.py +++ b/boards/forms.py @@ -59,6 +59,7 @@ class PostForm(NeboardForm): 'class': 'form-email'})) session = None + need_to_ban = False def clean_title(self): title = self.cleaned_data['title'] @@ -93,6 +94,7 @@ class PostForm(NeboardForm): raise forms.ValidationError('Humans have sessions') if cleaned_data['email']: + self.need_to_ban = True raise forms.ValidationError('A human cannot enter a hidden field') if not self.errors: @@ -249,4 +251,4 @@ class LoginForm(NeboardForm): cleaned_data = super(LoginForm, self).clean() - return cleaned_data \ No newline at end of file + return cleaned_data diff --git a/boards/views.py b/boards/views.py --- a/boards/views.py +++ b/boards/views.py @@ -37,6 +37,9 @@ def index(request, page=0): if form.is_valid(): return _new_post(request, form) + if form.need_to_ban: + # Ban user because he is suspected to be a bot + _ban_current_user(request) else: form = threadFormClass(error_class=PlainErrorList, **kwargs) @@ -102,7 +105,10 @@ def _new_post(request, form, thread_id=b def tag(request, tag_name, page=0): - """Get all tag threads (posts without a parent).""" + """ + Get all tag threads. Threads are split in pages, so some page is + requested. Default page is 0. + """ tag = get_object_or_404(Tag, name=tag_name) threads = [] @@ -115,6 +121,9 @@ def tag(request, tag_name, page=0): error_class=PlainErrorList) if form.is_valid(): return _new_post(request, form) + if form.need_to_ban: + # Ban user because he is suspected to be a bot + _ban_current_user(request) else: form = forms.ThreadForm(initial={'tags': tag_name}, error_class=PlainErrorList) @@ -147,6 +156,9 @@ def thread(request, post_id): if form.is_valid(): return _new_post(request, form, post_id) + if form.need_to_ban: + # Ban user because he is suspected to be a bot + _ban_current_user(request) else: form = postFormClass(error_class=PlainErrorList, **kwargs) @@ -345,7 +357,7 @@ def api_get_post(request, post_id): def get_post(request, post_id): - """ Get the html of a post. Used for popups. """ + """Get the html of a post. Used for popups.""" post = get_object_or_404(Post, id=post_id) @@ -380,6 +392,7 @@ def _init_default_context(request): context['theme'] = theme context['theme_css'] = 'css/' + theme + '/base_page.css' + # This shows the moderator panel moderate = user.get_setting(SETTING_MODERATE) if moderate == 'True': context['moderator'] = user.is_moderator() @@ -390,7 +403,10 @@ def _init_default_context(request): def _get_user(request): - """Get current user from the session""" + """ + Get current user from the session. If the user does not exist, create + a new one. + """ session = request.session if not 'user_id' in session: @@ -412,8 +428,21 @@ def _get_user(request): def _redirect_to_next(request): + """ + If a 'next' parameter was specified, redirect to the next page. This is + used when the user is required to return to some page after the current + view has finished its work. + """ + if 'next' in request.GET: next_page = request.GET['next'] return HttpResponseRedirect(next_page) else: return redirect(index) + + +def _ban_current_user(request): + """Add current user to the IP ban list""" + + ip = utils.get_client_ip(request) + Ban.objects.get_or_create(ip=ip)