## Project description

A view to generate a captcha image and/or wav file, and to verify user input against it.

A cookie is used to transfer state from one request to the next. The state is used, together with a server-side secret, to create a random string of characters, which in turn is displayed as a captcha image, or transformed to an audio file. Verification happens case-insensitively.

Note that the captcha ‘word’ is only usable for 5-10 minutes, after which the view will not accept it any more. Moreover, a different word will be generated for a given session key every 5 minutes.

This makes these captchas replayable for up to 10 minutes if a determined user keeps sending the same session id. Because of the server-secret though, captchas are not transferrable between sites.

### Installing

This package requires Plone 2.5 or later, and plone.keyring 1.1 or later.

#### Installing without buildout

Install this package in either your system path packages or in the lib/python directory of your Zope instance. You can do this using either easy_install or via the setup.py script. You’ll also need to install plone.keyring in the same fashion.

After installing the package it needs to be registered in your Zope instance. This can be done by putting a collective.captcha-configure.zcml file in the etc/package-includes directory with this content:

<include package="collective.captcha" />

or, alternatively, you can add that line to the configure.zcml in a package or Product that is already registered.

#### Installing with buildout

If you are using buildout to manage your instance installing collective.captcha is even simpler. You can install collective.captcha by adding it to the eggs line for your instance:

[instance]
zcml = collective.captcha

The last line tells buildout to generate a zcml snippet that tells Zope to configure collective.captcha.

If another package depends on the collective.captcha egg or includes its zcml directly you do not need to specify anything in the buildout configuration: buildout will detect this automatically.

After updating the configuration you need to run the ‘’bin/buildout’’, which will take care of updating your system, including installing the plone.keyring dependency.

#### Registering plone.keyring KeyManager

On any Plone version prior to 3.1, you’ll need to make sure that the plone.keyring KeyManager utility has been registered. In the Zope ZMI, use the portal_setup tool to run the plone.keyring KeyManager registration profile.

### 1.7 (2012-02-27)

• Disuse ‘zope.testing.doctest’ in favor of stdlib’s ‘doctest’. [tseaver]

• Suppress ‘sha’ deprecation under Python 2.6+ [tseaver]

• Suppress ‘Globals.package_home’ deprecation under Zope 2.12+. [tseaver]

• Add verify to the list of allowed attributes on the Captcha view, allowing restricted code to verify submitted captchas. [mj]

• Better session id generation & redundant sha1 removal. [serhat]

• Increase captcha image specling from 0.3 to 1.5 [serhat]

### 1.4 (2008-05-02)

• Switched to using plone.keyring to provide the secret.

### 1.3 (2008-02-22)

• SkimpyGimpy now does have an egg, thanks to Reed O’Brien! Updated installation instructions and setup.py.

• Update test to reflect reduced character set used.

### 1.2 (2007-12-13)

• Reduced the characters used to generate the captcha to uppercase letters and numbers only; user testing showed that even humans had trouble solving the captchas.

### 1.1 (2007-11-21)

• Delete the captcha cookie from the response if one is present to prevent premature expiration. This would happen when creating a new captcha after verification (because verification failed or the form would have to be redisplayed for other reasons). Thanks to David Glick for pointing this out.

### 1.0 (2007-11-19)

• Initial release

## Project details

Uploaded source