Implement antispam mesures.

f6f96d18 · Christophe Siraut · 403247d2 · f6f96d18 · f6f96d18
Commit f6f96d18 authored Jan 25, 2014 by Christophe Siraut
--- a/meetingpoll/templates/meetingpoll/poll_detail.html
+++ b/meetingpoll/templates/meetingpoll/poll_detail.html
@@ -58,7 +58,8 @@
        <form action="." method="post"> {% csrf_token %}
        <td class='names' title=" Fill in your name ">
            <div class="blue">{% trans "Your name:" %}</div>
-            {{ form.as_p }}       
+            {{ form.as_p }}
+            <input type="text" name="trap" style="display:none;"/>
        </td>

      {% for forms in vforms %}

--- a/meetingpoll/views.py
+++ b/meetingpoll/views.py
@@ -104,10 +104,17 @@ def vote(request, poll_id):
    has_voted, is_updated = False, False

    if request.method == 'POST':
+
        form = BulletinForm(request.POST, initial={'poll': poll.id})
        vforms = [[VoteForm(request.POST, prefix=choice, instance=choice) ] for choice in Choice.objects.filter(poll=poll.id)]

        if form.is_valid():
+
+            if request.POST.get('trap', False):
+                return render(request,
+                    'meetingpoll/poll_detail.html',
+                    {'object': poll, 'form': form, 'vforms':vforms, 'has_voted': has_voted})
+
            if request.user.is_authenticated():
                voter = str(request.user)
            else:
@@ -115,6 +122,22 @@ def vote(request, poll_id):
                if request.session.get('name'):
                    voter = request.session.get('name')

+            for forms in vforms:
+                for vorm in forms:
+                    if vorm.is_valid():
+                        comment = vorm.cleaned_data['comment']
+                        if 'http' in comment or 'href' in comment:
+                            messages.error(request, _('Sorry no link is allowed in comments.'))
+                            return render(request,
+                                'meetingpoll/poll_detail.html',
+                                {'object': poll, 'form': form, 'vforms':vforms, 'has_voted': has_voted})
+
+            if len(Bulletin.objects.filter(poll=poll.id)) > 100:
+                messages.error(request, _('Sorry this poll reached the maximum of participants'))
+                return render(request,
+                    'meetingpoll/poll_detail.html',
+                    {'object': poll, 'form': form, 'vforms':vforms, 'has_voted': has_voted})
+
            if voter != 'your name':
                if not Bulletin.objects.filter(poll=poll.id, voter=voter):
                    bulletin = Bulletin(poll=poll, voter=voter)
@@ -133,7 +156,9 @@ def vote(request, poll_id):
                            if not Vote.objects.filter(choice=choice, bulletin=bulletin):
                                new = Vote(choice=choice, bulletin=bulletin, comment=vorm.cleaned_data['comment'])
                                if vorm.cleaned_data['voice']:
-                                    new.voice = vorm.cleaned_data['voice']
+                                    new.voice = True
+                                else:
+                                    new.voice = False
                                new.save()
                                if new.voice:
                                    choice.votecount += 1