summaryrefslogtreecommitdiff
path: root/extensions
diff options
context:
space:
mode:
authorPierre Schmitz <pierre@archlinux.de>2009-10-29 01:19:30 +0100
committerPierre Schmitz <pierre@archlinux.de>2009-10-29 01:19:30 +0100
commitae8cdf4df1028e44cca47df4137405cb4ea7b001 (patch)
treec1b918308221eab1616ddf792ae5b8fdeab8fd9f /extensions
parentd6cff842056275da0ccc229e4f23a35b2521c9d0 (diff)
more robust spam protection; does not rely on client caching
Diffstat (limited to 'extensions')
-rw-r--r--extensions/FunnyDot.php23
1 files changed, 8 insertions, 15 deletions
diff --git a/extensions/FunnyDot.php b/extensions/FunnyDot.php
index b45b8681..bf8dab77 100644
--- a/extensions/FunnyDot.php
+++ b/extensions/FunnyDot.php
@@ -2,7 +2,7 @@
$wgExtensionCredits['other'][] = array(
'name' => 'FunnyDot',
- 'version' => '2.0',
+ 'version' => '2.1',
'description' => 'Automated CAPTCHA',
'author' => 'Pierre Schmitz',
'url' => 'https://www.archlinux.de'
@@ -34,11 +34,11 @@ private static function getFunnyDot() {
!isset($wgFunnyDotHash) && $wgFunnyDotHash = '';
$time = time();
$hash = substr(sha1($time.$wgFunnyDotHash), 0, 4);
- setCookie('FunnyDotTime', $time, 0, '/', null, isset($_SERVER['HTTPS']), true);
- return '<div style="background-image:url('.$wgScript.'?title=Special:FunnyDotImage);visibility:hidden;position:absolute;z-index:-1">
+ return '<div style="background-image:url('.$wgScript.'?title=Special:FunnyDotImage&amp;FunnyDotTime='.$time.');visibility:hidden;position:absolute;z-index:-1">
<label for="FunnyDotHashField">Please type in the following code: <strong>'.$hash.'</strong></label>
<input id="FunnyDotHashField" type="text" name="FunnyDotHash" size="4" value="" />
+ <input type="hidden" name="FunnyDotTime" value="'.$time.'" />
</div>';
}
@@ -51,9 +51,9 @@ private static function checkFunnyDot() {
!isset($wgFunnyDotTimeout) && $wgFunnyDotTimeout = 3600;
!isset($wgFunnyDotWait) && $wgFunnyDotWait = 2;
- if (!empty($_COOKIE['FunnyDotTime']) && (!empty($_COOKIE['FunnyDotHash']) || !empty($_POST['FunnyDotHash']))) {
+ if (!empty($_POST['FunnyDotTime']) && (!empty($_COOKIE['FunnyDotHash']) || !empty($_POST['FunnyDotHash']))) {
$now = time();
- $time = $_COOKIE['FunnyDotTime'];
+ $time = $_POST['FunnyDotTime'];
$hash = !empty($_POST['FunnyDotHash']) ? $_POST['FunnyDotHash'] : $_COOKIE['FunnyDotHash'];
} else {
return false;
@@ -133,19 +133,12 @@ function execute($par) {
!isset($wgFunnyDotHash) && $wgFunnyDotHash = '';
- # FunnyDotTime should be set in the Form
- # if not just set a new value
- if (!empty($_COOKIE['FunnyDotTime'])) {
- $time = $_COOKIE['FunnyDotTime'];
- } else {
- $time = time();
- setCookie('FunnyDotTime', $time, 0, '/', null, isset($_SERVER['HTTPS']), true);
+ if (!empty($_GET['FunnyDotTime'])) {
+ setCookie('FunnyDotHash', substr(sha1($_GET['FunnyDotTime'].$wgFunnyDotHash), 0, 4), 0, '/', null, isset($_SERVER['HTTPS']), true);
}
- setCookie('FunnyDotHash', substr(sha1($time.$wgFunnyDotHash), 0, 4), 0, '/', null, isset($_SERVER['HTTPS']), true);
-
header('HTTP/1.1 200 OK');
- header("Cache-Control: no-cache, must-revalidate");
+ header("Cache-Control: no-cache, must-revalidate, no-store");
header('Content-Type: image/png');
header('Content-Length: 135');