Skip to content
Permalink
Browse files Browse the repository at this point in the history
Use session rather than form key for captcha
Fixes #17811

Signed-off-by: Damien Regad <dregad@mantisbt.org>
  • Loading branch information
vboctor authored and dregad committed Nov 26, 2014
1 parent b002167 commit 7bb78e4
Show file tree
Hide file tree
Showing 4 changed files with 10 additions and 8 deletions.
2 changes: 2 additions & 0 deletions core/constant_inc.php
Expand Up @@ -540,3 +540,5 @@
define( 'PASSWORD_MAX_SIZE_BEFORE_HASH', 1024 );

define( 'SECONDS_PER_DAY', 86400 );

define( 'CAPTCHA_KEY', 'captcha_key' );
4 changes: 2 additions & 2 deletions make_captcha_img.php
Expand Up @@ -26,9 +26,9 @@
*/
require_once( 'core.php' );

$f_public_key = gpc_get_int( 'public_key' );
$t_form_key = session_get( CAPTCHA_KEY );

$t_key = utf8_strtolower( utf8_substr( md5( config_get( 'password_confirm_hash_magic_string' ) . $f_public_key ), 1, 5) );
$t_key = utf8_strtolower( utf8_substr( md5( config_get( 'password_confirm_hash_magic_string' ) . $t_form_key ), 1, 5) );
$t_system_font_folder = get_font_path();
$t_font_per_captcha = config_get( 'font_per_captcha' );

Expand Down
5 changes: 3 additions & 2 deletions signup.php
Expand Up @@ -32,7 +32,6 @@
$f_username = strip_tags( gpc_get_string( 'username' ) );
$f_email = strip_tags( gpc_get_string( 'email' ) );
$f_captcha = gpc_get_string( 'captcha', '' );
$f_public_key = gpc_get_int( 'public_key', '' );

$f_username = trim( $f_username );
$f_email = email_append_domain( trim( $f_email ) );
Expand All @@ -51,8 +50,10 @@

if( ON == config_get( 'signup_use_captcha' ) && get_gd_version() > 0 &&
helper_call_custom_function( 'auth_can_change_password', array() ) ) {
$t_form_key = session_get( CAPTCHA_KEY );

# captcha image requires GD library and related option to ON
$t_key = utf8_strtolower( utf8_substr( md5( config_get( 'password_confirm_hash_magic_string' ) . $f_public_key ), 1, 5) );
$t_key = utf8_strtolower( utf8_substr( md5( config_get( 'password_confirm_hash_magic_string' ) . $t_form_key ), 1, 5) );

if ( $t_key != $f_captcha ) {
trigger_error( ERROR_SIGNUP_NOT_MATCHING_CAPTCHA, ERROR );
Expand Down
7 changes: 3 additions & 4 deletions signup_page.php
Expand Up @@ -35,8 +35,6 @@

html_page_top1();
html_page_top2a();

$t_key = mt_rand( 0,99999 );
?>

<br />
Expand Down Expand Up @@ -68,6 +66,8 @@
<?php
$t_allow_passwd = helper_call_custom_function( 'auth_can_change_password', array() );
if( ON == config_get( 'signup_use_captcha' ) && get_gd_version() > 0 && ( true == $t_allow_passwd ) ) {
session_set( CAPTCHA_KEY, mt_rand( 0,99999 ) );

# captcha image requires GD library and related option to ON
?>
<tr class="row-1">
Expand All @@ -78,8 +78,7 @@
<?php print_captcha_input( 'captcha', '' ) ?>
</td>
<td>
<img src="make_captcha_img.php?public_key=<?php echo $t_key ?>" alt="visual captcha" />
<input type="hidden" name="public_key" value="<?php echo $t_key ?>" />
<img src="make_captcha_img.php" alt="visual captcha" />
</td>
</tr>
<?php
Expand Down

0 comments on commit 7bb78e4

Please sign in to comment.