The last feature that we want to have in our application is spam protection. We want users to be able to post content on our site, but we want to prevent abuse by spammers. Spamming, as you probably know, refers to malicious Internet users posting inappropriate or irrelevant content to a site. Often, spammers use scripts created specifically to target sites that allow user-submitted content, such as our web app. While we can't stop spammers easily from submitting spam content to our site manually, we can make sure that they are not able to use scripts to generate a lot of spam with just a click of the mouse. Usually, if spammers can't use their scripts on websites, they move on to easier targets.

The important concept that I want you to learn from this feature isn't how to implement spam protection. That's something you need to decide based on the requirements of your own project. What I'll be showing here is how to use open source Django applications created by other developers to add features to your own Django projects. This is an important concept that you should be familiar with. Most of the time, if you're looking for ways to solve an issue while developing your web app, a search of the Internet turns up a number of open source applications that were developed by other programmers to solve the same issue. You get applications solving all sizes of issues—from the smallest providing features such as a new type of form field (for example, a calendar form field that uses a JavaScript calendar) to large applications providing complete Django-based forums that you can integrate with your Django website easily and provide users with an easy-to-use and good-looking forum.

We'll be using the ReCaptcha service from Google to provide us with a mechanism to stop spammers. You can learn more about the service at https://www.google.com/recaptcha. You will also need to register for an account here and create an API key. It will ask for a label, which I set to Discuss Django Blueprints, and a domain, which I set to 127.0.0.1. The owners field should have your e-mail address there. Once you submit this form, you'll be presented with a screen that shows you your public and private keys. Keep this page open as we'll use these values in a bit.

Next, we need to find a Django application that allows us to use the ReCaptcha service. A Google search led me to https://github.com/praekelt/django-recaptcha. It seems like a well-maintained and simple solution to our problem. In order to use it, we first have to install it in our virtual environment. On your command line, make sure that you have the virtual environment active. Then, install this package using the following pip command:

> pip install django-recaptcha

This will install the package. Next, add captcha to the list of INSTALLED_APPS in your discuss/settings.py file. Also, add the RECAPTCHA_PUBLIC_KEY and RECAPTCHA_PRIVATE_KEY variables to the settings file. Set their values to the appropriate keys that you were given on the Google ReCaptcha API keys page that I asked you to keep open before. Site Key is the public key and Secret Key is the private key. Finally, in your settings.py file, set the following variable:

NOCAPTCHA = True

The setup is ready. We're ready to use ReCaptcha in our forms. For demonstration, I'll only add it to the comment form that you can see on the submission detail page. Open up links/forms.py and add this import to the top:

from captcha.fields import ReCaptchaField

Then, add this field to CommentModelForm:

captcha = ReCaptchaField()

That's it! You have successfully added Google ReCaptcha to your website! Let's try it out. Open up the details page for any submission and now, right below the body field that we had previously for the comment, you'll see the Google ReCaptcha box as well:

Now, if you submit the form without selecting the I am not a robot checkbox, you'll be taken to the comment form page with an error message saying that the captcha field is required. You won't be able to submit your comment until you select this box.

There are two takeaways from adding the ReCaptcha to our site. Firstly, notice how easy it was for us to add a relatively complicated feature using the open source code contributed by another programmer. Secondly, notice how—because of the modularity that Django provides and the separation between the template and code—all we had to do to include the ReCaptcha widget was add it to the form. We didn't even need to change the view code or template. It all worked.