diff --git a/inc/config.php b/inc/config.php
index 56c9ee69..a3119a60 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -328,18 +328,29 @@
$config['captcha']['enabled'] = false;
//New thread captcha
- //Require solving a captcha to post a thread.
- //Default off.
- $config['new_thread_capt'] = false;
+ //Require solving a captcha to post a thread.
+ //Default off.
+ $config['new_thread_capt'] = false;
+
+ // Directly use the local securimage captcha (or another local file) instead of making cURL requests
+ // This probably increases speed and reduces potential misconfiguration issues.
+ $config['captcha']['local'] = true;
// Custom captcha get provider path (if not working get the absolute path aka your url.)
- $config['captcha']['provider_get'] = '../inc/captcha/entrypoint.php';
+ $config['captcha']['provider_get'] = '/securimage.php';
// Custom captcha check provider path
- $config['captcha']['provider_check'] = '../inc/captcha/entrypoint.php';
+ $config['captcha']['provider_check'] = '/securimage.php';
// Custom captcha extra field (eg. charset)
$config['captcha']['extra'] = 'abcdefghijklmnopqrstuvwxyz';
+ // Custom options for the local securimage captcha.
+ // See https://github.com/dapphp/securimage/blob/master/securimage.php#L236
+ $config['captcha']['securimage_options'] = array(
+ 'send_headers' => false,
+ 'no_exit' => true
+ );
+
// Ability to lock a board for normal users and still allow mods to post. Could also be useful for making an archive board
$config['board_locked'] = false;
diff --git a/post.php b/post.php
index b1374eac..7ede04ad 100644
--- a/post.php
+++ b/post.php
@@ -322,17 +322,24 @@ if (isset($_POST['delete'])) {
}
if ($config['report_captcha']) {
- $ch = curl_init($config['domain'].'/'.$config['captcha']['provider_check'] . "?" . http_build_query([
- 'mode' => 'check',
- 'text' => $_POST['captcha_text'],
- 'extra' => $config['captcha']['extra'],
- 'cookie' => $_POST['captcha_cookie']
- ]));
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
- $resp = curl_exec($ch);
-
- if ($resp !== '1') {
- error($config['error']['captcha']);
+ if ($config['captcha']['local']) {
+ require_once '.' . $config['captcha']['provider_check'];
+ if (!captcha_check($_POST['captcha_cookie'], $config['captcha']['extra'], $_POST['captcha_text'])) {
+ error($config['error']['captcha']);
+ }
+ } else {
+ $ch = curl_init($config['domain'].$config['captcha']['provider_check'] . "?" . http_build_query([
+ 'mode' => 'check',
+ 'text' => $_POST['captcha_text'],
+ 'extra' => $config['captcha']['extra'],
+ 'cookie' => $_POST['captcha_cookie']
+ ]));
+ curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+ $resp = curl_exec($ch);
+
+ if ($resp !== '1') {
+ error($config['error']['captcha']);
+ }
}
}
@@ -431,18 +438,25 @@ if (isset($_POST['delete'])) {
}
// Same, but now with our custom captcha provider
if (($config['captcha']['enabled']) || (($post['op']) && ($config['new_thread_capt'])) ) {
- $ch = curl_init($config['domain'].'/'.$config['captcha']['provider_check'] . "?" . http_build_query([
- 'mode' => 'check',
- 'text' => $_POST['captcha_text'],
- 'extra' => $config['captcha']['extra'],
- 'cookie' => $_POST['captcha_cookie']
- ]));
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
- $resp = curl_exec($ch);
-
- if ($resp !== '1') {
- error($config['error']['captcha'] .
- '');
+ if ($config['captcha']['local']) {
+ require_once '.' . $config['captcha']['provider_check'];
+ if (!captcha_check($_POST['captcha_cookie'], $config['captcha']['extra'], $_POST['captcha_text'])) {
+ error($config['error']['captcha']);
+ }
+ } else {
+ $ch = curl_init($config['domain'].$config['captcha']['provider_check'] . "?" . http_build_query([
+ 'mode' => 'check',
+ 'text' => $_POST['captcha_text'],
+ 'extra' => $config['captcha']['extra'],
+ 'cookie' => $_POST['captcha_cookie']
+ ]));
+ curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+ $resp = curl_exec($ch);
+
+ if ($resp !== '1') {
+ error($config['error']['captcha'] .
+ '');
+ }
}
}
diff --git a/securimage.php b/securimage.php
index 3e50e02d..679b4671 100644
--- a/securimage.php
+++ b/securimage.php
@@ -15,6 +15,22 @@ function cleanup() {
prepare("DELETE FROM `captchas` WHERE `created_at` < ?")->execute([time() - $expires_in]);
}
+function captcha_check($cookie, $extra, $text) {
+ cleanup();
+ $query = prepare("SELECT * FROM `captchas` WHERE `cookie` = ? AND `extra` = ?");
+ $query->execute([$cookie, $extra]);
+
+ $ary = $query->fetchAll();
+
+ if (!$ary) {
+ return false;
+ } else {
+ $query = prepare("DELETE FROM `captchas` WHERE `cookie` = ? AND `extra` = ?");
+ $query->execute([$cookie, $extra]);
+ }
+
+ return ($ary[0]['text'] === $text);
+}
$mode = @$_GET['mode'];
switch ($mode) {
@@ -26,7 +42,7 @@ switch ($mode) {
header("Content-type: application/json");
$extra = $_GET['extra'];
$cookie = rand_string(20, "abcdefghijklmnopqrstuvwxyz");
- $i = new Securimage(['send_headers' => false, 'no_exit' => true]);
+ $i = new Securimage($config['captcha']['securimage_options']);
$i->createCode();
ob_start();
$i->show();
@@ -46,27 +62,13 @@ switch ($mode) {
}
break;
case 'check':
- cleanup();
if (!isset ($_GET['mode']) || !isset ($_GET['cookie']) || !isset ($_GET['extra']) || !isset ($_GET['text'])) {
die();
}
-
- $query = prepare("SELECT * FROM `captchas` WHERE `cookie` = ? AND `extra` = ?");
- $query->execute([$_GET['cookie'], $_GET['extra']]);
-
- $ary = $query->fetchAll();
-
- if (!$ary) {
- echo "0";
+ if (captcha_check($_GET['cookie'], $_GET['extra'], $_GET['text'])){
+ echo "1";
} else {
- $query = prepare("DELETE FROM `captchas` WHERE `cookie` = ? AND `extra` = ?");
- $query->execute([$_GET['cookie'], $_GET['extra']]);
- }
-
- if ($ary[0]['text'] !== $_GET['text']) {
echo "0";
- } else {
- echo "1";
}
break;
}
diff --git a/templates/post_form.html b/templates/post_form.html
index 81d922ba..343168bb 100644
--- a/templates/post_form.html
+++ b/templates/post_form.html
@@ -91,7 +91,7 @@
@@ -107,7 +107,7 @@