each captcha can only be tried once

metager/app/Http/Controllers/HumanVerification.php

@@ -60,10 +60,14 @@ class HumanVerification extends Controller
         // Extract the correct solution to this captcha for generating the Audio Captcha
         $text = implode(" ", $captcha->getText());
 
+        // Make sure each capture can only be tried once
+        $captcha_id = Crypt::encryptString(md5(microtime(true) . $text));
+
         $tts_url = TTSController::CreateTTSUrl($text, Localization::getLanguage());
 
         \App\PrometheusExporter::CaptchaShown();
         return view('humanverification.captcha')->with('title', 'Bestätigung notwendig')
+            ->with("id", $captcha_id)
             ->with('url', $redirect_url)
             ->with("key", $request->input("key"))
             ->with('correct', $captcha_key["key"])
@@ -90,7 +94,21 @@ class HumanVerification extends Controller
         $rules = ['captcha' => 'required|captcha_api:' . $lockedKey . ',math'];
         $validator = validator()->make(request()->all(), $rules);
 
-        if (empty($lockedKey) || $validator->fails() || !$request->has("key") || !Cache::has($request->input("key"))) {
+        // There will be an entry in Cache for this key if this same captcha was already tried
+        $captcha_id = $request->input("id", "");
+        if (!empty($captcha_id)) {
+            try {
+                $captcha_id = Crypt::decryptString($captcha_id);
+            } catch (\Illuminate\Contracts\Encryption\DecryptException $e) {
+                $captcha_id = "";
+            }
+            // If this is not a md5
+            if (strlen($captcha_id) !== 32 || !ctype_xdigit($captcha_id)) {
+                $captcha_id = "";
+            }
+        }
+
+        if (empty($captcha_id) || Cache::has($captcha_id) || empty($lockedKey) || $validator->fails() || !$request->has("key") || !Cache::has($request->input("key"))) {
             $params = [
                 "url" => $redirect_url,
                 "e" => "",
@@ -99,6 +117,7 @@ class HumanVerification extends Controller
             if ($request->has("dnaa")) {
                 $params["dnaa"] = true;
             }
+            Cache::put($captcha_id, true, now()->addMinutes(10));
             return redirect(route('captcha_show', $params));
         } else {
             // Check if the user wants to store a cookie
@@ -149,6 +168,8 @@ class HumanVerification extends Controller
             $human_verification->unlockUser();
             $human_verification->verifyUser();
 
+            Cache::put($captcha_id, true, now()->addMinutes(10));
+
             return redirect($url);
         }
     }

metager/resources/views/humanverification/captcha.blade.php

@@ -6,6 +6,7 @@
 <h1>@lang('captcha.1')</h1>
 <p>@lang('captcha.2')</p>
 <form method="post" action="{{ route('captcha_solve') }}" target="_top">
+    <input type="hidden" name="id" value="{{ $id }}">
     <input type="hidden" name="url" value="{!! $url !!}">
     <input type="hidden" name="key" value="{{ $key }}">
     <input type="hidden" name="begin" value="{{ \microtime(true) }}">