diff --git a/app/Http/Controllers/HumanVerification.php b/app/Http/Controllers/HumanVerification.php
index 034ac52135c5e234480c49f4de838733c2918b7f..6b979855358f80b1bd2b195417e9a3d8f0e8899b 100644
--- a/app/Http/Controllers/HumanVerification.php
+++ b/app/Http/Controllers/HumanVerification.php
@@ -39,6 +39,7 @@ class HumanVerification extends Controller
$key = strtolower($key);
if (!$hasher->check($key, $lockedKey)) {
+ sleep(\random_int(1, 8));
$captcha = Captcha::create("default", true);
$user["lockedKey"] = $captcha["key"];
HumanVerification::saveUser($user);
@@ -65,6 +66,7 @@ class HumanVerification extends Controller
}
}
}
+ sleep(\random_int(1, 8));
$captcha = Captcha::create("default", true);
$user["lockedKey"] = $captcha["key"];
HumanVerification::saveUser($user);
diff --git a/app/Http/Middleware/HumanVerification.php b/app/Http/Middleware/HumanVerification.php
index 1ce6b38a2a8ab00f0f7d0db9e3fdbca1352f81d2..a39debc384ccfb8a86bbc3f7a3c99311431f4054 100644
--- a/app/Http/Middleware/HumanVerification.php
+++ b/app/Http/Middleware/HumanVerification.php
@@ -80,7 +80,7 @@ class HumanVerification
}
}
}
-
+
# A lot of automated requests are from websites that redirect users to our result page.
# We will detect those requests and put a captcha
$referer = URL::previous();
@@ -98,9 +98,10 @@ class HumanVerification
if ((!$alone && $sum >= 50 && !$user["whitelist"]) || $refererLock) {
$user["locked"] = true;
}
-
+
# If the user is locked we will force a Captcha validation
if ($user["locked"]) {
+ sleep(\random_int(1, 8));
$captcha = Captcha::create("default", true);
$user["lockedKey"] = $captcha["key"];
\App\PrometheusExporter::CaptchaShown();