Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PATCH: change captcha after it validates #1342

Closed
muayyad-alsadi opened this issue Sep 5, 2012 · 8 comments
Closed

PATCH: change captcha after it validates #1342

muayyad-alsadi opened this issue Sep 5, 2012 · 8 comments
Labels
type:enhancement

Comments

@muayyad-alsadi
Copy link

we want to change captcha after it validates correctly,
because a user might use the same captcha several times to post a spam comment or signup several fake accounts ..etc.

http://www.yiiframework.com/forum/index.php/topic/17638-captcha-code-not-changing/
@muayyad-alsadi
Copy link
Author

here is a part of CCaptchaAction.php:validate

                if($valid || $session[$name] > $this->testLimit && $this->testLimit > 0)
                        $this->getVerifyCode(true);
                return $valid;

I've just added "$valid || "

@saada
Copy link

saada commented Oct 14, 2012

Thanks for this awesome post!

@taseenb
Copy link

taseenb commented Jul 7, 2013

Is it tested? It does not work with save() because the model will be validated twice (1 for the rule + 1 for save): getVerifyCode will be true after the first one and save() will fail. Even setting $testLimit to 0 will not help.

@cebe
Copy link
Member

cebe commented Jul 7, 2013

You can call 'save(false)' when you already validated a model.

@taseenb
Copy link

taseenb commented Jul 7, 2013

Sure, this is a workaround. Another solution (maybe safer and more clear to the user?) is to remove the captcha session after save(). Captcha behavior does not look consistent with other validators.

@muayyad-alsadi
Copy link
Author

you should avoid two validations (wither use validate followed by save(false) or just "if ($model->save())" without validate as the default validate=true is implied

but I agree we need a fix that works even if two validations is done

this should work by just adding a flag and doing the actual regeneration of captcha in Controller::afterAction()

I can do this, but I guess it's better done by Yii's core team

@taseenb
Copy link

taseenb commented Jul 7, 2013

Yes, you could reset the session when it becomes useless (after a save for example) even if $testLimit is 0 or a high number. Another possibility: give the user a way to do that in a simple way. At the moment I only know this way, in the Controller or in ActiveRecord (to be used on afterSave):

 protected function removeCaptchaSession()
 {
    $session = Yii::app()->session;
    $prefixLen = strlen(CCaptchaAction::SESSION_VAR_PREFIX);
    foreach ($session->keys as $key)
    {
        if (strncmp(CCaptchaAction::SESSION_VAR_PREFIX, $key, $prefixLen) == 0)
        $session->remove($key);
    }
 }

@fazliddin
Copy link
Contributor

Why is it not corrected in yii yet?

@samdark samdark closed this as completed Nov 17, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type:enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@samdark @cebe @taseenb @saada @muayyad-alsadi @fazliddin