web commit by http://willu.myopenid.com/: Fix CAPTCHA code so you can actually try again if you get it wrong now.
Joey Hess
parent
1020550375
commit
899c319191
|
|
@ -18,16 +18,20 @@ Okie - I have a first pass of this. There are still some issues.
|
||||||
|
|
||||||
Currently the code verifies the CAPTCHA. If you get it right then you're fine.
|
Currently the code verifies the CAPTCHA. If you get it right then you're fine.
|
||||||
If you get the CAPTCHA wrong then the current code tells formbuilder that
|
If you get the CAPTCHA wrong then the current code tells formbuilder that
|
||||||
one of the fields in invalid. This stops the login from going through.
|
one of the fields is invalid. This stops the login from going through.
|
||||||
Unfortunately, formbuilder is caching this validity somewhere, and I haven't
|
Unfortunately, formbuilder is caching this validity somewhere, and I haven't
|
||||||
found a way around that yet. This means that if you get the CAPTCHA
|
found a way around that yet. This means that if you get the CAPTCHA
|
||||||
wrong, it will continue to fail. You need to load the login page again so
|
wrong, it will continue to fail. You need to load the login page again so
|
||||||
it doesn't have the error message on the screen, then it'll work again.
|
it doesn't have the error message on the screen, then it'll work again.
|
||||||
|
|
||||||
|
> fixed this - updated code is attached.
|
||||||
|
|
||||||
A second issue is that the OpenID login system resets the 'required' flags
|
A second issue is that the OpenID login system resets the 'required' flags
|
||||||
of all the other fields, so using OpenID will cause the CAPTCHA to be
|
of all the other fields, so using OpenID will cause the CAPTCHA to be
|
||||||
ignored.
|
ignored.
|
||||||
|
|
||||||
|
> This is still a todo.
|
||||||
|
|
||||||
Instructions
|
Instructions
|
||||||
=====
|
=====
|
||||||
|
|
||||||
|
|
@ -121,25 +125,13 @@ EOTAGS
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
debug("To use reCAPTCHA you must get an API key from http://recaptcha.net/api/getkey")
|
die("To use reCAPTCHA you must get an API key from http://recaptcha.net/api/getkey")
|
||||||
unless $pubkey;
|
unless $pubkey;
|
||||||
debug("To use reCAPTCHA you must get an API key from http://recaptcha.net/api/getkey")
|
die("To use reCAPTCHA you must get an API key from http://recaptcha.net/api/getkey")
|
||||||
unless $privkey;
|
unless $privkey;
|
||||||
debug("To use reCAPTCHA you must know the remote IP address")
|
die("To use reCAPTCHA you must know the remote IP address")
|
||||||
unless $session->remote_addr();
|
unless $session->remote_addr();
|
||||||
|
|
||||||
my $extras = $form->keepextras();
|
|
||||||
if ($extras) {
|
|
||||||
push ( @$extras, qw(recaptcha_challenge_field recaptcha_response_field) );
|
|
||||||
} else {
|
|
||||||
$extras = [qw(recaptcha_challenge_field recaptcha_response_field)];
|
|
||||||
}
|
|
||||||
$form->keepextras($extras);
|
|
||||||
|
|
||||||
my $challenge = "invalid";
|
|
||||||
my $response = "invalid";
|
|
||||||
my $result = { is_valid => 0, error => 'recaptcha-not-tested' };
|
|
||||||
|
|
||||||
$form->field(
|
$form->field(
|
||||||
name => "recaptcha",
|
name => "recaptcha",
|
||||||
label => "",
|
label => "",
|
||||||
|
|
@ -155,7 +147,11 @@ EOTAGS
|
||||||
length $form->cgi_param("recaptcha_challenge_field") &&
|
length $form->cgi_param("recaptcha_challenge_field") &&
|
||||||
defined $form->cgi_param("recaptcha_response_field") &&
|
defined $form->cgi_param("recaptcha_response_field") &&
|
||||||
length $form->cgi_param("recaptcha_response_field")) {
|
length $form->cgi_param("recaptcha_response_field")) {
|
||||||
|
|
||||||
|
my $challenge = "invalid";
|
||||||
|
my $response = "invalid";
|
||||||
|
my $result = { is_valid => 0, error => 'recaptcha-not-tested' };
|
||||||
|
|
||||||
$form->field(name => "recaptcha",
|
$form->field(name => "recaptcha",
|
||||||
message => "CAPTCHA verification failed",
|
message => "CAPTCHA verification failed",
|
||||||
required => 1,
|
required => 1,
|
||||||
|
|
@ -164,18 +160,19 @@ EOTAGS
|
||||||
$response ne $form->cgi_param("recaptcha_response_field")) {
|
$response ne $form->cgi_param("recaptcha_response_field")) {
|
||||||
$challenge = $form->cgi_param("recaptcha_challenge_field");
|
$challenge = $form->cgi_param("recaptcha_challenge_field");
|
||||||
$response = $form->cgi_param("recaptcha_response_field");
|
$response = $form->cgi_param("recaptcha_response_field");
|
||||||
warn("Validating: ".$challenge." ".$response);
|
debug("Validating: ".$challenge." ".$response);
|
||||||
$result = check_answer($privkey,
|
$result = check_answer($privkey,
|
||||||
$session->remote_addr(),
|
$session->remote_addr(),
|
||||||
$challenge, $response);
|
$challenge, $response);
|
||||||
} else {
|
} else {
|
||||||
warn("re-Validating");
|
debug("re-Validating");
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($result->{is_valid}) {
|
if ($result->{is_valid}) {
|
||||||
warn("valid");
|
debug("valid");
|
||||||
return 1;
|
return 1;
|
||||||
} else {
|
} else {
|
||||||
warn("invalid");
|
debug("invalid");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
@ -183,8 +180,8 @@ EOTAGS
|
||||||
}
|
}
|
||||||
} # }}}
|
} # }}}
|
||||||
|
|
||||||
# The following function is borrowed with modifications from
|
# The following function is borrowed from
|
||||||
# Captcha::reCAPTCHA by Andy Armstrong and is under the PERL Artistic License
|
# Captcha::reCAPTCHA by Andy Armstrong and are under the PERL Artistic License
|
||||||
|
|
||||||
sub check_answer {
|
sub check_answer {
|
||||||
my ( $privkey, $remoteip, $challenge, $response ) = @_;
|
my ( $privkey, $remoteip, $challenge, $response ) = @_;
|
||||||
|
|
@ -197,7 +194,7 @@ sub check_answer {
|
||||||
unless $remoteip;
|
unless $remoteip;
|
||||||
|
|
||||||
if (! ($challenge && $response)) {
|
if (! ($challenge && $response)) {
|
||||||
warn("Challenge or response not set!");
|
debug("Challenge or response not set!");
|
||||||
return { is_valid => 0, error => 'incorrect-captcha-sol' };
|
return { is_valid => 0, error => 'incorrect-captcha-sol' };
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -216,17 +213,17 @@ sub check_answer {
|
||||||
if ( $resp->is_success ) {
|
if ( $resp->is_success ) {
|
||||||
my ( $answer, $message ) = split( /\n/, $resp->content, 2 );
|
my ( $answer, $message ) = split( /\n/, $resp->content, 2 );
|
||||||
if ( $answer =~ /true/ ) {
|
if ( $answer =~ /true/ ) {
|
||||||
warn("CAPTCHA valid");
|
debug("CAPTCHA valid");
|
||||||
return { is_valid => 1 };
|
return { is_valid => 1 };
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
chomp $message;
|
chomp $message;
|
||||||
warn("CAPTCHA failed: ".$message);
|
debug("CAPTCHA failed: ".$message);
|
||||||
return { is_valid => 0, error => $message };
|
return { is_valid => 0, error => $message };
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
warn("Unable to contact reCaptcha verification host!");
|
debug("Unable to contact reCaptcha verification host!");
|
||||||
return { is_valid => 0, error => 'recaptcha-not-reachable' };
|
return { is_valid => 0, error => 'recaptcha-not-reachable' };
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue