From 6645a8f98932ffc3f158c532aec8f091d09273c4 Mon Sep 17 00:00:00 2001
From: discomrade <nice@try.fbi>
Date: Mon, 31 Jan 2022 22:23:27 -0100
Subject: [PATCH] Add meaningful error codes for captchas

---
 inc/config.php |  5 +++--
 post.php       | 41 ++++++++++++++++++++++++++++++++++-------
 securimage.php | 14 +++++++-------
 3 files changed, 44 insertions(+), 16 deletions(-)

diff --git a/inc/config.php b/inc/config.php
index a3119a60..a595c822 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -1288,10 +1288,11 @@
 	$config['error']['delete_post_cutoff']	= _('You can\'t delete a post with this many replies.');
 	$config['error']['mime_exploit']	= _('MIME type detection XSS exploit (IE) detected; post discarded.');
 	$config['error']['invalid_embed']	= _('Couldn\'t make sense of the URL of the video you tried to embed.');
-	$config['error']['captcha']		= _('You seem to have mistyped the verification.');
+	$config['error']['captcha_incorrect']		= _('You seem to have mistyped the verification.');
+	$config['error']['captcha_expired']		= _('That captcha has expired.');
+	$config['error']['captcha']		= _('Captcha failed.');
 	$config['error']['already_voted']		= _('You have already voted for this thread to be featured.');
 
-
 	// Moderator errors
 	$config['error']['toomanyunban']	= _('You are only allowed to unban %s users at a time. You tried to unban %u users.');
 	$config['error']['invalid']		= _('Invalid username and/or password.');
diff --git a/post.php b/post.php
index ef3bfa34..0ad9ea5f 100644
--- a/post.php
+++ b/post.php
@@ -327,8 +327,16 @@ if (isset($_POST['delete'])) {
 	if ($config['report_captcha']) {
 		if ($config['captcha']['local']) {
 			require_once '.' . $config['captcha']['provider_check'];
-			if (!captcha_check($_POST['captcha_cookie'], $config['captcha']['extra'], $_POST['captcha_text'])) {
-				error($config['error']['captcha']);
+			$code = captcha_check($_POST['captcha_cookie'], $config['captcha']['extra'], $_POST['captcha_text']);
+
+			if ($code !== 1) {
+				if ($code === 2) {
+					error($config['error']['captcha_incorrect']);
+				} else if ($code === 3) {
+					error($config['error']['captcha_expired']);
+				} else {
+					error($config['error']['captcha']);
+				}
 			}
 		} else {
 			$ch = curl_init($config['domain'].$config['captcha']['provider_check'] . "?" . http_build_query([
@@ -341,7 +349,13 @@ if (isset($_POST['delete'])) {
 			$resp = curl_exec($ch);
 
 			if ($resp !== '1') {
-				error($config['error']['captcha']);
+				if ($resp === '2') {
+					error($config['error']['captcha_incorrect']);
+				} else if ($resp === '3') {
+					error($config['error']['captcha_expired']);
+				} else {
+					error($config['error']['captcha']);
+				}
 			}
 		}
 	}
@@ -443,8 +457,16 @@ if (isset($_POST['delete'])) {
  		if (($config['captcha']['enabled']) || (($post['op']) && ($config['new_thread_capt'])) ) {
  			if ($config['captcha']['local']) {
  				require_once '.' . $config['captcha']['provider_check'];
-				if (!captcha_check($_POST['captcha_cookie'], $config['captcha']['extra'], $_POST['captcha_text'])) {
-					error($config['error']['captcha']);
+				$code = captcha_check($_POST['captcha_cookie'], $config['captcha']['extra'], $_POST['captcha_text']);
+
+				if ($code !== 1) {
+					if ($code === 2) {
+						error($config['error']['captcha_incorrect']);
+					} else if ($code === 3) {
+						error($config['error']['captcha_expired']);
+					} else {
+						error($config['error']['captcha']);
+					}
 				}
  			} else { 			
 				$ch = curl_init($config['domain'].$config['captcha']['provider_check'] . "?" . http_build_query([
@@ -457,8 +479,13 @@ if (isset($_POST['delete'])) {
 				$resp = curl_exec($ch);
 
 				if ($resp !== '1') {
-					error($config['error']['captcha'] .
-					'<script>if (actually_load_captcha !== undefined) actually_load_captcha("'.$config['captcha']['provider_get'].'", "'.$config['captcha']['extra'].'");</script>');
+					if ($resp === '2') {
+						error($config['error']['captcha_incorrect']);
+					} else if ($resp === '3') {
+						error($config['error']['captcha_expired']);
+					} else {
+						error($config['error']['captcha']);
+					}
 				}
 			}
 		}
diff --git a/securimage.php b/securimage.php
index 679b4671..5538c0a4 100644
--- a/securimage.php
+++ b/securimage.php
@@ -15,6 +15,10 @@ function cleanup() {
 	prepare("DELETE FROM `captchas` WHERE `created_at` < ?")->execute([time() - $expires_in]);
 }
 
+// Checks captcha and returns a code
+// 1 = success
+// 2 = incorrect
+// 3 = expired
 function captcha_check($cookie, $extra, $text) {
 		cleanup();
 		$query = prepare("SELECT * FROM `captchas` WHERE `cookie` = ? AND `extra` = ?");
@@ -23,13 +27,13 @@ function captcha_check($cookie, $extra, $text) {
 		$ary = $query->fetchAll();
 
 		if (!$ary) {
-			return false;
+			return 3;
 		} else {
 			$query = prepare("DELETE FROM `captchas` WHERE `cookie` = ? AND `extra` = ?");
 			$query->execute([$cookie, $extra]);
 		}
 
-		return ($ary[0]['text'] === $text);
+		return ($ary[0]['text'] === $text ? 1 : 2);
 }
 
 $mode = @$_GET['mode'];
@@ -65,10 +69,6 @@ switch ($mode) {
 		if (!isset ($_GET['mode']) || !isset ($_GET['cookie']) || !isset ($_GET['extra']) || !isset ($_GET['text'])) {
 			die();
 		}
-		if (captcha_check($_GET['cookie'], $_GET['extra'], $_GET['text'])){
-			echo "1";
-		} else {
-			echo "0";
-		}
+		echo strval(captcha_check($_GET['cookie'], $_GET['extra'], $_GET['text']));
 		break;
 }