fix

rowers/views/paymentviews.py

@@ -5,6 +5,7 @@ from django.utils.http import urlsafe_base64_encode, urlsafe_base64_decode
 from django.contrib.auth.backends import ModelBackend
 from rowers.views.statements import *
 from django.core.mail import EmailMessage
+from django_ratelimit.decorators import ratelimit
 
 from rowers import credits
 
@@ -888,6 +889,7 @@ def useractivate(request, uidb64, token):  # pragma: no cover
 
 
 # User registration
+@ratelimit(key='ip', rate='5/h', method='POST')
 def rower_register_view(request):
 
     nextpage = request.GET.get('next', '/rowers/list-workouts/')
@@ -896,7 +898,7 @@ def rower_register_view(request):
 
     if request.method == 'POST':
         # Check if honeypot was triggered (optional logging)
-        honeypot_value = request.POST.get('url', '')
+        honeypot_value = request.POST.get('hp_field', '')
         if honeypot_value:
             # bot user, do not register
             messages.error(request, "Registration failed. Please try again.")
@@ -985,13 +987,15 @@ def rower_register_view(request):
             return render(request,
                           "registration_form.html",
                           {'form': form,
-                           'next': nextpage, })
+                           'next': nextpage,
+                           'timestamp': timezone.now().timestamp(),})
     else:
         form = RegistrationFormSex()
         return render(request,
                       "registration_form.html",
                       {'form': form,
-                       'next': nextpage, })
+                       'next': nextpage,
+                       'timestamp': timezone.now().timestamp(),})
 
 # User registration