Commit 72bb2eb7 authored by Dominik Hebeler's avatar Dominik Hebeler
Browse files

each captcha can only be tried once

parent 517b5bf1
......@@ -60,10 +60,14 @@ class HumanVerification extends Controller
// Extract the correct solution to this captcha for generating the Audio Captcha
$text = implode(" ", $captcha->getText());
// Make sure each capture can only be tried once
$captcha_id = Crypt::encryptString(md5(microtime(true) . $text));
$tts_url = TTSController::CreateTTSUrl($text, Localization::getLanguage());
\App\PrometheusExporter::CaptchaShown();
return view('humanverification.captcha')->with('title', 'Bestätigung notwendig')
->with("id", $captcha_id)
->with('url', $redirect_url)
->with("key", $request->input("key"))
->with('correct', $captcha_key["key"])
......@@ -90,7 +94,21 @@ class HumanVerification extends Controller
$rules = ['captcha' => 'required|captcha_api:' . $lockedKey . ',math'];
$validator = validator()->make(request()->all(), $rules);
if (empty($lockedKey) || $validator->fails() || !$request->has("key") || !Cache::has($request->input("key"))) {
// There will be an entry in Cache for this key if this same captcha was already tried
$captcha_id = $request->input("id", "");
if (!empty($captcha_id)) {
try {
$captcha_id = Crypt::decryptString($captcha_id);
} catch (\Illuminate\Contracts\Encryption\DecryptException $e) {
$captcha_id = "";
}
// If this is not a md5
if (strlen($captcha_id) !== 32 || !ctype_xdigit($captcha_id)) {
$captcha_id = "";
}
}
if (empty($captcha_id) || Cache::has($captcha_id) || empty($lockedKey) || $validator->fails() || !$request->has("key") || !Cache::has($request->input("key"))) {
$params = [
"url" => $redirect_url,
"e" => "",
......@@ -99,6 +117,7 @@ class HumanVerification extends Controller
if ($request->has("dnaa")) {
$params["dnaa"] = true;
}
Cache::put($captcha_id, true, now()->addMinutes(10));
return redirect(route('captcha_show', $params));
} else {
// Check if the user wants to store a cookie
......@@ -149,6 +168,8 @@ class HumanVerification extends Controller
$human_verification->unlockUser();
$human_verification->verifyUser();
Cache::put($captcha_id, true, now()->addMinutes(10));
return redirect($url);
}
}
......
......@@ -6,6 +6,7 @@
<h1>@lang('captcha.1')</h1>
<p>@lang('captcha.2')</p>
<form method="post" action="{{ route('captcha_solve') }}" target="_top">
<input type="hidden" name="id" value="{{ $id }}">
<input type="hidden" name="url" value="{!! $url !!}">
<input type="hidden" name="key" value="{{ $key }}">
<input type="hidden" name="begin" value="{{ \microtime(true) }}">
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment