--- a/includes/comment.php Wed Feb 06 18:41:47 2008 -0500
+++ b/includes/comment.php Wed Feb 06 19:27:43 2008 -0500
@@ -262,7 +262,7 @@
if ( getConfig('comments_need_login') == '1' && !$session->user_logged_in )
{
$real_code = $session->get_captcha($data['captcha_id']);
- if ( $real_code != $data['captcha_code'] )
+ if ( strtolower($real_code) != strtolower($data['captcha_code']) )
$errors[] = 'The confirmation code you entered was incorrect.';
$session->kill_captcha();
}
--- a/includes/pageutils.php Wed Feb 06 18:41:47 2008 -0500
+++ b/includes/pageutils.php Wed Feb 06 19:27:43 2008 -0500
@@ -699,7 +699,7 @@
{
if(!$captcha_code || !$captcha_id) _die('BUG: PageUtils::addcomment: no CAPTCHA data passed to method');
$result = $session->get_captcha($captcha_id);
- if($captcha_code != $result) _die('The confirmation code you entered was incorrect.');
+ if(strtolower($captcha_code) != strtolower($result)) _die('The confirmation code you entered was incorrect.');
}
$text = RenderMan::preprocess_text($text);
$name = $session->user_logged_in ? RenderMan::preprocess_text($session->username) : RenderMan::preprocess_text($name);
--- a/includes/sessions.php Wed Feb 06 18:41:47 2008 -0500
+++ b/includes/sessions.php Wed Feb 06 19:27:43 2008 -0500
@@ -2738,21 +2738,24 @@
/**
* Makes a CAPTCHA code and caches the code in the database
* @param int $len The length of the code, in bytes
+ * @param string Optional, the hash to reuse
* @return string A unique identifier assigned to the code. This hash should be passed to sessionManager::getCaptcha() to retrieve the code.
*/
- function make_captcha($len = 7)
+ function make_captcha($len = 7, $hash = '')
{
global $db, $session, $paths, $template, $plugins; // Common objects
$code = $this->generate_captcha_code($len);
- $hash = md5(microtime() . mt_rand());
+ if ( !preg_match('/^[a-f0-9]{32}([a-z0-9]{8})?$/', $hash) )
+ $hash = md5(microtime() . mt_rand());
$session_data = $db->escape(serialize(array()));
// sanity check
if ( !is_valid_ip(@$_SERVER['REMOTE_ADDR']) || !is_int($this->user_id) )
return false;
- $this->sql('INSERT INTO '.table_prefix.'captcha(session_id, code, session_data, source_ip, user_id)' . " VALUES('$hash', '$code', '$session_data', '{$_SERVER['REMOTE_ADDR']}', {$this->user_id});");
+ $this->sql('DELETE FROM ' . table_prefix . "captcha WHERE session_id = '$hash';");
+ $this->sql('INSERT INTO ' . table_prefix . 'captcha(session_id, code, session_data, source_ip, user_id)' . " VALUES('$hash', '$code', '$session_data', '{$_SERVER['REMOTE_ADDR']}', {$this->user_id});");
return $hash;
}
@@ -2829,7 +2832,11 @@
return false;
}
- $q = $this->sql('SELECT code_id, code FROM ' . table_prefix . "captcha WHERE session_id = '$hash';");
+ // sanity check
+ if ( !is_valid_ip(@$_SERVER['REMOTE_ADDR']) || !is_int($this->user_id) )
+ return false;
+
+ $q = $this->sql('SELECT code_id, code FROM ' . table_prefix . "captcha WHERE session_id = '$hash' AND source_ip = '{$_SERVER['REMOTE_ADDR']};");
if ( $db->numrows() < 1 )
return false;
--- a/plugins/SpecialUserFuncs.php Wed Feb 06 18:41:47 2008 -0500
+++ b/plugins/SpecialUserFuncs.php Wed Feb 06 19:27:43 2008 -0500
@@ -1323,7 +1323,8 @@
{
$paths->main_page();
}
-
+
+ $session->make_captcha(7, $hash);
$code = $session->generate_captcha_code();
$q = $db->sql_query('UPDATE ' . table_prefix . "captcha SET code = '$code' WHERE session_id = '$hash';");
if ( !$q )