Browse Source

Add meaningful error codes for captchas

discomrade 2 years ago
committed by -
parent
commit
66fe5dc02e
  1. 5
      inc/config.php
  2. 41
      post.php
  3. 14
      securimage.php

5
inc/config.php

@ -1283,8 +1283,9 @@
$config['error']['delete_post_cutoff'] = _('You can\'t delete a post with this many replies.');
$config['error']['mime_exploit'] = _('MIME type detection XSS exploit (IE) detected; post discarded.');
$config['error']['invalid_embed'] = _('Couldn\'t make sense of the URL of the video you tried to embed.');
$config['error']['captcha'] = _('You seem to have mistyped the verification.');
$config['error']['captcha_incorrect'] = _('You seem to have mistyped the verification.');
$config['error']['captcha_expired'] = _('That captcha has expired.');
$config['error']['captcha'] = _('Captcha failed.');
// Moderator errors
$config['error']['toomanyunban'] = _('You are only allowed to unban %s users at a time. You tried to unban %u users.');

41
post.php

@ -327,8 +327,16 @@ if (isset($_POST['delete'])) {
if ($config['report_captcha']) {
if ($config['captcha']['local']) {
require_once '.' . $config['captcha']['provider_check'];
if (!captcha_check($_POST['captcha_cookie'], $config['captcha']['extra'], $_POST['captcha_text'])) {
error($config['error']['captcha']);
$code = captcha_check($_POST['captcha_cookie'], $config['captcha']['extra'], $_POST['captcha_text']);
if ($code !== 1) {
if ($code === 2) {
error($config['error']['captcha_incorrect']);
} else if ($code === 3) {
error($config['error']['captcha_expired']);
} else {
error($config['error']['captcha']);
}
}
} else {
$ch = curl_init($config['domain'].$config['captcha']['provider_check'] . "?" . http_build_query([
@ -341,7 +349,13 @@ if (isset($_POST['delete'])) {
$resp = curl_exec($ch);
if ($resp !== '1') {
error($config['error']['captcha']);
if ($resp === '2') {
error($config['error']['captcha_incorrect']);
} else if ($resp === '3') {
error($config['error']['captcha_expired']);
} else {
error($config['error']['captcha']);
}
}
}
}
@ -443,8 +457,16 @@ if (isset($_POST['delete'])) {
if (($config['captcha']['enabled']) || (($post['op']) && ($config['new_thread_capt'])) ) {
if ($config['captcha']['local']) {
require_once '.' . $config['captcha']['provider_check'];
if (!captcha_check($_POST['captcha_cookie'], $config['captcha']['extra'], $_POST['captcha_text'])) {
error($config['error']['captcha']);
$code = captcha_check($_POST['captcha_cookie'], $config['captcha']['extra'], $_POST['captcha_text']);
if ($code !== 1) {
if ($code === 2) {
error($config['error']['captcha_incorrect']);
} else if ($code === 3) {
error($config['error']['captcha_expired']);
} else {
error($config['error']['captcha']);
}
}
} else {
$ch = curl_init($config['domain'].$config['captcha']['provider_check'] . "?" . http_build_query([
@ -457,8 +479,13 @@ if (isset($_POST['delete'])) {
$resp = curl_exec($ch);
if ($resp !== '1') {
error($config['error']['captcha'] .
'<script>if (actually_load_captcha !== undefined) actually_load_captcha("'.$config['captcha']['provider_get'].'", "'.$config['captcha']['extra'].'");</script>');
if ($resp === '2') {
error($config['error']['captcha_incorrect']);
} else if ($resp === '3') {
error($config['error']['captcha_expired']);
} else {
error($config['error']['captcha']);
}
}
}
}

14
securimage.php

@ -15,6 +15,10 @@ function cleanup() {
prepare("DELETE FROM `captchas` WHERE `created_at` < ?")->execute([time() - $expires_in]);
}
// Checks captcha and returns a code
// 1 = success
// 2 = incorrect
// 3 = expired
function captcha_check($cookie, $extra, $text) {
cleanup();
$query = prepare("SELECT * FROM `captchas` WHERE `cookie` = ? AND `extra` = ?");
@ -23,13 +27,13 @@ function captcha_check($cookie, $extra, $text) {
$ary = $query->fetchAll();
if (!$ary) {
return false;
return 3;
} else {
$query = prepare("DELETE FROM `captchas` WHERE `cookie` = ? AND `extra` = ?");
$query->execute([$cookie, $extra]);
}
return ($ary[0]['text'] === $text);
return ($ary[0]['text'] === $text ? 1 : 2);
}
$mode = @$_GET['mode'];
@ -65,10 +69,6 @@ switch ($mode) {
if (!isset ($_GET['mode']) || !isset ($_GET['cookie']) || !isset ($_GET['extra']) || !isset ($_GET['text'])) {
die();
}
if (captcha_check($_GET['cookie'], $_GET['extra'], $_GET['text'])){
echo "1";
} else {
echo "0";
}
echo strval(captcha_check($_GET['cookie'], $_GET['extra'], $_GET['text']));
break;
}

Loading…
Cancel
Save