Huk allin correo electrónico direccionqa huk punku kan chiqa willayta sayachinapaq, pusaqkunata paqarichiypaq, rantiyta, sapalla invitacionkunata internetpi ayllukunaman, wakkunaman ima.. Ama chayta hap'iychu imaraykuchus social medios tikrakun. Tecnología kaqpi evoluciones kaqnintakama, correo electrónico kunankamapas pruebasqa chaymanta chiqa ñan tinkinapaq kachkan. Imakunatapas sasallawan waqaychasaqku chaymanta mana zeromanta codificasaqkuchu imaraykuchus Python kunan kaq módulosniyuq kachkan codificación usqhaylla yanapasunaykipaq.  Ñuqaqa rantiqkuna mañawarqanku correo electrónico qillqakuy formulariokuna ruwayta rurunkuta riqsichinapaq, ichaqa mana mayqinpas chay rantiqkunamanta sapa killa qullqita quyta munarqankuchu huk 3 kaq partimanta mana estante serviciopaq, chayrayku qullqita waqaycharqani ruwasqa formulariokuna tinkiyta ruwaspa chayta wiñaypaq apaykachanankupaq. Yanapaykiman kaqllata ruwanaykipaq sichus qallariyniykipaq, clientepaq, qhatuypaq propósitos kaqpaq utaq aswan allin, spam pisiyachinapaq.  Kayqa pillapas Python kaqpi codificayta yachayta munaqpaq chaymanta aswan allin qallariqkunapaq mayqinkunachus mana harkasqa ruwanakunata qhawankumanchu kayhinata ruwaqpa yaykuynin filtrayta, correo electrónico direccionkunata chiqaqchay, chaymanta correo electrónico iskay akllanakuna. Kay yachachiypi, 1-3 ruwaykunata qhawarisunchik:  Ruwaqpa yaykuyninta filtray huk allin correo electrónico direccionpaq  Iskay kutita akllanapaq qillqakuy  Bot/spam hark'ay  Mana 3 kaq parti serviciokuna Auth0, Facebook utaq Google hina llamk'achiyta hapipakunaykuchu tiyan appniykiman chaymanta yanapakuyniykiman yaykuypaq mayqinkunachus mayk'aqllapas wichq'asunkiman utaq willayniyki qunakunkuman.  ¡App datuykikunata qampaq waqaychay!  Qallariypi, wakin experienciayuq kanayki tiyan   . Kayqa aswan kusikuy kanqa (ichapas) WordPress llamk'achiyta, aswan riqsisqa CMS kaqmanta. Wakin WordPress plugin kaqmanta qullqita qunayki kanman huk mana qullqiyuq Flask mast'ariy hina kikin atiyniyuq kananpaq. Ñawpaqta Wordpress (PHP) kaqpi ruwarqani chaymanta Python Flask web ruwanakunapaq aswan allin kani Wordpress web ruwanakuna ruwanapaq ancha atiq kaptinpas. Python kaqpi imaraykuchus Flask marcota huk MySQL willaypa tiyapuyninwan llamk'achisaqku  Kunan kaq Python módulos kaqwan llamk'asaqku mayqinkunachus ruwaqpa yaykuyninta pichayta, chiqaqchay tinkiyta ruwayta, chaymanta willaypa tiyapuyninwan willayta pisiyachinku.  Sapa codigo fragmento sut'inchasqa kanqa, wakin rimaykunata codigopi churanqa. Sichus mana ruwaqpa registronta ruwarqankichu utaq ukhu llamk'aykunata yachankichu, qampaq detallekunata willasqayki, chaymanta tukukuy codigo tukukuypi qhawayta atikunki (ama ñawpaqman saltaychu).  Kaypim kachkan punta kaq parrafopi nisqanchikman hina implementasunchik ruwaykunamanta:    qhawayta atikunman yaykusqa watiqata ruwaqmanta t'aqwispa huk sapa kuti rimaywan utaq huk Flask mast'ariywan. Mana permitisaqkuchu random texto utaq SQL inyección laya hacks kaqmanta. Huk allin correo electrónico direccionta    chaskiqman permisota qunanpaq mañan paykunaman correo electrónico kaqpi apachinaykipaq huk chiqaqchay tinkiyta paykunap yaykuyninkuman chaskispa. Kayqa aswanta huk runa correo electrónico direccionniykita mana llamk'achinanpaq llamk'achkan. Kayqa hark'antaq prueba ruwaqkunata mayqinkunachus qillqakullanku chaymanta yupayninkuta saqinku. Iskay kuti akllana ñanqa    huk pakasqa pampawan ruwakunman mayqinchus mana ruwaqman rikuchisqachu ichaqa sapa kuti auto-hunt'asqa bots kaqwan rastreo kaqwan mana allin qillqakuy formulariokuna kaqpaq, ichaqa mana huk "captcha" hinachu huk 3 kaq parti serviciomanta. Bot hark'ayqa  Codificayta qallarisun. Llamk'ana qillqana mayt'uta ruray:   mkdir signup cd signup  Python muyuriqniykita ruway   utaq   . Conda nisqatam aswan allinta munani, aswan yachayta munaspaqa, Python muyuriqkunamanta qillqasqayta ñawinchayta atinki. python3 -m venv signup conda create -n double-opt-contact python3  Kay dependenciakunata churay:    Hukninpi, kikin dependenciakuna huk   willañiqipi listasqayuq kayta atikunki chaymanta   purichiy pip flask flask-mail secure SQLAlchemy Flask-WTF Flask-SQLAlchemy mysql-connector-python bleach requirements.txt pip install -r requirements.txt    willañiqita ruway kay qatiq dependenciakuna churasqawan: app.py   from flask import Flask, render_template, request, url_for, redirect, flash from flask_mail import Mail, Message from datetime import datetime from flask_sqlalchemy import SQLAlchemy from sqlalchemy.sql import func from itsdangerous import URLSafeTimedSerializer, SignatureExpired import secrets import bleach  App objeto qallariy plantilla carpeta ñawpaqmanta churasqa maypi kasqanwan:   app = Flask(__name__, template_folder='templates')  Kikin sirwiq wakichiy willayta kay chirukunata llamk'achispa qillqay:   secret = secrets.token_urlsafe(32) app.secret_key = secret app.config['SECRET_KEY'] = secret # auto-generated secret key # SQLAlchemy configurations app.config['SQLALCHEMY_DATABASE_URI'] = 'mysql+mysqlconnector://admin:user@localhost/tablename' # Email configurations app.config['MAIL_SERVER'] = 'smtp.example.com' app.config['MAIL_PORT'] = 465 #check your port app.config['MAIL_USERNAME'] = 'your_email@example.com' app.config['MAIL_PASSWORD'] = 'your_password' app.config['MAIL_USE_TLS'] = True app.config['MAIL_USE_SSL'] = False db = SQLAlchemy(app) mail = Mail(app) sserialzer = URLSafeTimedSerializer(app.config['SECRET_KEY']) #set secret to the serliazer  Qhipaman, config info nisqayki   willañiqipi kanan tiyan. .env  Huk MySQL willaypa tiyapuyninta necesitasaqku ruwaqkunata waqaychaypaq mayqinchus makiwan utaq Python codigowan ruwasqa kanman. Yachay ruwaypa huknin hina, kay qatiq codigo kamachiy-chiruwan utaq Python's   ruwaywan yaykuchiyta atikunki. with app.app_context() db_create_all()  Chiqachasqa pampaqa huk token watiqapaq kachkan mayqinchus iskay akllana ruwayta saqin.   CREATE TABLE users ( id INT AUTO_INCREMENT PRIMARY KEY, email VARCHAR(120) NOT NULL UNIQUE, created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, validated BOOLEAN DEFAULT FALSE );  Qatiqnin t'aqa SQLAlchemy kaqpa ORM ruwayninta llamk'achin qampaq willaypa tiyapuyninta tapunapaq. Reparay,   mana hina kaqtinqa, pantayta tarinki.   tabla churanaykikunata rikuchin mayqinkunachus sapaq sutita, laya kayninta, sayayninta, llaventa, chaymanta ch'usaq chaninninta ima churan: clase sutiqa willay tantana tabla sutiykiwan tupanan tiyan, db.model   class User(db.Model): id = db.Column(db.Integer, primary_key=True) email = db.Column(db.String(120), unique=True, nullable=False) created_at = db.Column(db.DateTime, server_default=db.func.now()) validated = db.Column(db.Boolean, default=False)  Sichus manaraq makiwan MySQL willaypa tiyapuynin tablata ruwarqankiñachu, kay Flask codigowan chiqalla ruwayta atikunki   codigo bloquemanta: class User   # Create the database table with app.app_context(): db.create_all()  Kunan, qhipa-tukuy codigota yaykuchiyku mayqinchus 2 p'anqakuna/rutas (índice, qillqakuy), correo electrónico willayta, chaymanta takyachiy. Inscribikuy p'anqapiqa   ruwaykunam kachkan, chaykunam formulariota apachiyta saqin.   objeto huk Python mast'ariy kachkan chaymanta yaykusqata ruwaqmanta pichan seguridadta qhawanapaq chaymanta mana allin scriptkunata pisiyachinapaq. Chaymanta   huk kutilla token ruwan chiqaqchay t'inki correo electrónico kaqman. GET/POST bleach sserializer   @app.route('/') def index(): return '<h1>Index page</h1>' @app.route('/signup', methods=['GET', 'POST']) def signup(): if request.method == 'POST': email = bleach.clean(request.form.get('email')) # Insert user into the database new_user = User(email=email) try: db.session.add(new_user) db.session.commit() except Exception as e: print(f"Error occurred saving to db: {e}") # Send confirmation email token = sserialzer.dumps(email, salt='email-confirm') msg = Message('Confirm your Email', sender='your_email@example.com', recipients=[email]) link = url_for('confirm_email', token=token, _external=True) msg.body = f'Your link is {link}' try: mail.send(msg) except Exception as e: print(f"Error occurred sending message: {e}") flash("Error occurred sending message!") return render_template('signup.html') flash('A confirmation email has been sent to your email address.', 'success') return redirect(url_for('index')) return render_template('signup.html')  Manaraq HTML qillqakuy formulariota yapachkaspa, qhipa ruwayta hunt'asun iskay kuti akllana ruwayta chiqaqchaypaq ñanta yapaspa. Kay ñanqa ñawpaq ruwasqayku   variableta llamk'achin mayqinchus pacha-sensible, pakasqa tokenta paqarichimun. Qaway s    . chay docs nisqakunata detallespaq  Max-edadqa segundos manaraq t'inki tukukuchkaptin, chayrayku kayhinapi, ruwaq 20 minutoyuq correo electrónico direccionninta takyachinanpaq.   @app.route('/confirm_email/<token>') def confirm_email(token): try: email = sserialzer.loads(token, salt='email-confirm', max_age=1200) # Token expires after 1 hour except SignatureExpired: return '<h1>The token is expired!</h1>' # Update field in database user = User.query.filter_by(email=email).first_or_404() user.validated = True db.session.commit() return '<h1>Email address confirmed!</h1>'  Kunan, tukuyniqpi kaq hatun willakuypaq mayqinchus Pythonman nin qillqa mayt'uta ruwananpaq sichus willañiqi chiqalla ruwasqa kachkan (huk hawamanta apamusqa módulo kaqmanta):   if __name__ == '__main__': app.run()  Manaraq kay qhipa-tukuy codigo tukuchkaptiyku, ñawpaq-tukuy HTML kaqnintaraq necesitanchik user yaykuypaq. Kayta ruwasaqku Flaskpa Jinja plantilla incorporada nisqawan. Huk willañiqita ruway   sutiyuq mayqinchus sutiwan tupanan tiyan ñawpaq ruwasqayki ñanwan   kaqpi. Ñawpaqmanta, Jinja   willañiqita html willañiqikunapaq llamk'achin. Kay churayta tikrayta atikunki, ichaqa kay yachachiypaq,   directorio app kaqmanta llamk'achisaqku. templates/signup.html app.py /templates /templates   <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Email Sign Up</title> </head> <body> <h1>Sign Up</h1> <form action="{{ url_for('signup') }}" method="POST"> <input type="email" name="email" placeholder="Enter your email" required> <input type="submit" value="Sign Up"> </form> {% with messages = get_flashed_messages(with_categories=true) %} {% if messages %} <ul> {% for category, message in messages %} <li>{{ message }}</li> {% endfor %} </ul> {% endif %} {% endwith %} </body> </html>  Codigoykiqa kaymanta llamk'anan tiyan mayk'aq flask kamachiyta pantasqa allichay atichisqawan purichichkanki. Kayqa kamachiy chirupi ima pantasqatapas qhawayta atikunki chaymanta maskaqpa ventananta:   flask --app app.py --debug run  Navegadorniyki kamachiy-chirupi rikuchisqa kamachiyman (localhost) kichay chaymanta indis p'anqa ruwanan tiyan. Chiqaqchay tinkiyta chaskinaykipaq allin correo electrónico direccionta llamk'achispa formulariota apachiyta kallpachakuy. Huk kuti t'inkita chaskinki, kayhina rikch'akunan tiyan   , qatiyta atikunki chaymanta correo electrónico direccionta validasqata tarinki kaypi rikuchisqa validador ñanta llamk'achispa: http://localhost:5000/confirm_email/InRvbUByYXRldG91cmd1aWRlcy5jb20i.ZteEvQ.7o1_L0uM9Wl8uii7KhJdiWAH   @app.route('/confirm_email/<token>') def confirm_email(token): try: email = sserializer.loads(token, salt='email-confirm', max_age=1200) # Token expires after 1 hour except SignatureExpired: return '<h1>Oops, the token expired!</h1>' # Update field in database user = Users.query.filter_by(email=email).first_or_404() user.validated = True try: db.session.commit() except Exception as e: print(f"Error occurred saving to db: {e}") return '<h1>Email address confirmed!</h1>'  Kay ñanqa ñawpaq apachisqa token kaskaqta chaskikun chaymanta qhawan sichus tupaq willaypa tiyapuynin yaykuywan tupan icha manachu. Sichus ruwan,   pampata musuqchan   kaqman , chaymanta samayta atikunki yachaspa qillqakuy formularioyki mana saqisqachu. validated True  Kayqa huk importante paso llapa negociokuna allin ruwaqkuna sistemakuna registronkupi llamk'achinku chaymanta kunan qampas chayta kanki. Ichaqa suyay, ¿imataq kanman sichus bot ataques nisqakunata chaskiykuman correo electrónico al azar direccionkunata apachispa mana validaspa? Chaymantaqa qhilli willay tantanayuqmi kanki, mana imapaqpas valeq qillqakunawan hunt'asqa. ¡Chayta hark'asun!  Bot ataques hark'anapaq utaq aswan pisi ñawpaq kaqkunata pisiyachinapaq, kikiyki pacha hap'iq allichayta ruwayta atikunki, chaymanta huk IP limitador kaqwan mayqinchus huk yuyarina ukhupi willaypa tiyapuyninta Redis hina munan, utaq huk 3 kaq yanapakuyta llamk'achiy atikunki kayhina Google captcha utaq hCaptcha.  Yachachiyniykupi, yapasaqku  . Kay qillqasqa kachkaptinqa, googlepa captchanqa manam gratischu, hcaptchañataqmi. Kay llamk'ayta kitiykipaq kananpaq, paykunawan qillqakunayki tiyan API llaveta captcha kaqmanta jap'inaykipaq.   hcaptchapa plan gratis  Musuq mañakuykunata necesitayku chayrayku churay:   pip install flask-hcaptcha requests  Mañakuykuna necesitakun correo electrónico direccionta hcaptchaman apachinapaq chiqaqchaypaq. Llaveta hapiy, chaymanta hcaptcha javascript willañiqita HTML qillqakuy formularioykiwan tinkiy. Willayta HTML p'anqaykipa umanman yapay chaymanta sitioykipa llaventa formularioykiman:   <head> ... <script src="https://hcaptcha.com/1/api.js" async defer></script> </head> <body> ... <form action="{{ url_for('signup') }}" method="POST"> <input type="email" name="email" placeholder="Enter your email" required> <input type="submit" value="Sign Up"> <div class="h-captcha" data-sitekey="b62gbcc-5cg2-41b2-cd5a-de95dd1eg61h" data-size="compact"></div> </form>  Kay codigopi sitio llaveqa huk ejemplon; necesitanki kikiykita chay plan gratismanta. Kay sitio llave formularioyki validan chaymanta sitio watukuqta huk tukuypaq listawan spam bots hcaptcha kaqwan riqsisqa kaqwan qhawan.  Chaymanta,   willañiqiykita tikray hcaptcha pakasqa llaventa (mana sitio llavetachu) app.config kaqpi churanapaq, chaymanta hcaptchaman kutichiyta churay manaraq kikin willaypa tiyapuyninman waqaychaspa. app.py   app.config['HCAPTCHA_SECRET_KEY'] = 'your-secret-hcaptcha-key' ... @app.route("/signup", methods=['GET', 'POST']) def signup(): if request.method == 'POST': email = bleach.clean(request.form.get('email')) hcaptcha_response = request.form.get('h-captcha-response') # Verify hCaptcha response payload = { 'secret': app.config['HCAPTCHA_SECRET_KEY'], 'response': hcaptcha_response } try: response = requests.post('https://hcaptcha.com/siteverify', data=payload, timeout=10) result = response.json() except requests.exceptions.RequestException as e: print(f"Request failed: {e}") if not result.get('success'): flash('CAPTCHA validation failed, please try again.', 'danger') ... # Insert user into the database new_user = Users(email=email)  Huk kuti kay ruwasqa, hcaptcha icono rikuchikunki qillqakuy formularioykipi, chaymanta atichisqa kanan tiyan ima spam hark'anapaq. Kunanqa, musuq appniykipaq aswan kallpasapa formularioyuq kanki.  Sichus ima pantaywanpas tupanki utaq huk pantasqa qillqana codigopi kanki, hunt'asqa codigota qhawayta atikunki   mi github.com nisqa  Astawan munaspaqa comentay.

Winner of Noonies 2019 for the award Hacker of the Year.

2019 - Hacker of the Year

Read My Stories

¡Kay uyariyqa willakuypa qallariy siminpi ruwasqam kachkan!

Correo electrónico spam kaqmanta karunchakuy huk Seguro Formulariota Python kaqpi ruwaspa

About Author

IMAYNA RUWAYKUNA

HANG TAGS

KAY ARTÍCULO IMAYNA RUWAYPI RIQSICHISQAN

Related Stories

A Night of Terror

CERTAIN OTHER REASONS OR ARGUMENTS TO PROVE A PASSAGE BY THE NORTH-WEST

Quantum Cryptography For Beginners: From Basics To Blockchain

The Emperor Survives

A Night of Terror

CERTAIN OTHER REASONS OR ARGUMENTS TO PROVE A PASSAGE BY THE NORTH-WEST

Quantum Cryptography For Beginners: From Basics To Blockchain

The Emperor Survives

Light-Mode

Classic

Newspaper

Dark-Mode

Neon Noir

Minty

HN StartUps