Fossil SCM
When there are repeated errors on a subscription or self-registration entry form, do not force the user to reenter the captcha if they have already entered it correctly once.
Commit
3d804812161ae4345e321c8faa703e296aef437df26ce18df5d7cb76702ab4d7
Parent
3b7970e032b39c6…
2 files changed
+33
-15
+11
-6
+33
-15
| --- src/alerts.c | ||
| +++ src/alerts.c | ||
| @@ -1208,10 +1208,19 @@ | ||
| 1208 | 1208 | int i, j, n; |
| 1209 | 1209 | char c; |
| 1210 | 1210 | |
| 1211 | 1211 | *peErr = 0; |
| 1212 | 1212 | *pzErr = 0; |
| 1213 | + | |
| 1214 | + /* Verify the captcha first */ | |
| 1215 | + if( needCaptcha ){ | |
| 1216 | + if( !captcha_is_correct(1) ){ | |
| 1217 | + *peErr = 2; | |
| 1218 | + *pzErr = mprintf("incorrect security code"); | |
| 1219 | + return 0; | |
| 1220 | + } | |
| 1221 | + } | |
| 1213 | 1222 | |
| 1214 | 1223 | /* Check the validity of the email address. |
| 1215 | 1224 | ** |
| 1216 | 1225 | ** (1) Exactly one '@' character. |
| 1217 | 1226 | ** (2) No other characters besides [a-zA-Z0-9._+-] |
| @@ -1249,17 +1258,10 @@ | ||
| 1249 | 1258 | *peErr = 1; |
| 1250 | 1259 | *pzErr = mprintf("email domain too short"); |
| 1251 | 1260 | return 0; |
| 1252 | 1261 | } |
| 1253 | 1262 | |
| 1254 | - /* Verify the captcha */ | |
| 1255 | - if( needCaptcha && !captcha_is_correct(1) ){ | |
| 1256 | - *peErr = 2; | |
| 1257 | - *pzErr = mprintf("incorrect security code"); | |
| 1258 | - return 0; | |
| 1259 | - } | |
| 1260 | - | |
| 1261 | 1263 | /* Check to make sure the email address is available for reuse */ |
| 1262 | 1264 | if( db_exists("SELECT 1 FROM subscriber WHERE semail=%Q", zEAddr) ){ |
| 1263 | 1265 | *peErr = 1; |
| 1264 | 1266 | *pzErr = mprintf("this email address is used by someone else"); |
| 1265 | 1267 | return 0; |
| @@ -1415,11 +1417,11 @@ | ||
| 1415 | 1417 | @ <blockquote><pre> |
| 1416 | 1418 | @ %h(pSender->zErr) |
| 1417 | 1419 | @ </pre></blockquote> |
| 1418 | 1420 | }else{ |
| 1419 | 1421 | @ <p>An email has been sent to "%h(zEAddr)". That email contains a |
| 1420 | - @ hyperlink that you must click on in order to activate your | |
| 1422 | + @ hyperlink that you must click to activate your | |
| 1421 | 1423 | @ subscription.</p> |
| 1422 | 1424 | } |
| 1423 | 1425 | alert_sender_free(pSender); |
| 1424 | 1426 | style_footer(); |
| 1425 | 1427 | } |
| @@ -1447,16 +1449,22 @@ | ||
| 1447 | 1449 | if( eErr==1 ){ |
| 1448 | 1450 | @ <tr><td><td><span class='loginError'>↑ %h(zErr)</span></td></tr> |
| 1449 | 1451 | } |
| 1450 | 1452 | @ </tr> |
| 1451 | 1453 | if( needCaptcha ){ |
| 1452 | - uSeed = captcha_seed(); | |
| 1454 | + const char *zInit = ""; | |
| 1455 | + if( P("captchaseed")!=0 && eErr!=2 ){ | |
| 1456 | + uSeed = strtoul(P("captchaseed"),0,10); | |
| 1457 | + zInit = P("captcha"); | |
| 1458 | + }else{ | |
| 1459 | + uSeed = captcha_seed(); | |
| 1460 | + } | |
| 1453 | 1461 | zDecoded = captcha_decode(uSeed); |
| 1454 | 1462 | zCaptcha = captcha_render(zDecoded); |
| 1455 | 1463 | @ <tr> |
| 1456 | 1464 | @ <td class="form_label">Security Code:</td> |
| 1457 | - @ <td><input type="text" name="captcha" value="" size="30"> | |
| 1465 | + @ <td><input type="text" name="captcha" value="%h(zInit)" size="30"> | |
| 1458 | 1466 | captcha_speakit_button(uSeed, "Speak the code"); |
| 1459 | 1467 | @ <input type="hidden" name="captchaseed" value="%u(uSeed)"></td> |
| 1460 | 1468 | @ </tr> |
| 1461 | 1469 | if( eErr==2 ){ |
| 1462 | 1470 | @ <tr><td><td><span class='loginError'>↑ %h(zErr)</span></td></tr> |
| @@ -1603,15 +1611,20 @@ | ||
| 1603 | 1611 | char *zErr = 0; /* Error message text */ |
| 1604 | 1612 | int sid = 0; /* Subscriber ID */ |
| 1605 | 1613 | int nName; /* Length of zName in bytes */ |
| 1606 | 1614 | char *zHalfCode; /* prefix of subscriberCode */ |
| 1607 | 1615 | |
| 1608 | - if( alert_webpages_disabled() ) return; | |
| 1616 | + db_begin_transaction(); | |
| 1617 | + if( alert_webpages_disabled() ){ | |
| 1618 | + db_commit_transaction(); | |
| 1619 | + return; | |
| 1620 | + } | |
| 1609 | 1621 | login_check_credentials(); |
| 1610 | 1622 | if( !g.perm.EmailAlert ){ |
| 1623 | + db_commit_transaction(); | |
| 1611 | 1624 | login_needed(g.anon.EmailAlert); |
| 1612 | - return; | |
| 1625 | + /*NOTREACHED*/ | |
| 1613 | 1626 | } |
| 1614 | 1627 | isLogin = login_is_individual(); |
| 1615 | 1628 | zName = P("name"); |
| 1616 | 1629 | nName = zName ? (int)strlen(zName) : 0; |
| 1617 | 1630 | if( g.perm.Admin && P("sid")!=0 ){ |
| @@ -1627,12 +1640,13 @@ | ||
| 1627 | 1640 | if( sid==0 && isLogin ){ |
| 1628 | 1641 | sid = db_int(0, "SELECT subscriberId FROM subscriber" |
| 1629 | 1642 | " WHERE suname=%Q", g.zLogin); |
| 1630 | 1643 | } |
| 1631 | 1644 | if( sid==0 ){ |
| 1645 | + db_commit_transaction(); | |
| 1632 | 1646 | cgi_redirect("subscribe"); |
| 1633 | - return; | |
| 1647 | + /*NOTREACHED*/ | |
| 1634 | 1648 | } |
| 1635 | 1649 | alert_submenu_common(); |
| 1636 | 1650 | if( P("submit")!=0 && cgi_csrf_safe(1) ){ |
| 1637 | 1651 | char newSsub[10]; |
| 1638 | 1652 | int nsub = 0; |
| @@ -1690,11 +1704,12 @@ | ||
| 1690 | 1704 | eErr = 9; |
| 1691 | 1705 | zErr = mprintf("Select this checkbox and press \"Unsubscribe\" again to" |
| 1692 | 1706 | " unsubscribe"); |
| 1693 | 1707 | }else{ |
| 1694 | 1708 | alert_unsubscribe(sid); |
| 1695 | - return; | |
| 1709 | + db_commit_transaction(); | |
| 1710 | + return; | |
| 1696 | 1711 | } |
| 1697 | 1712 | } |
| 1698 | 1713 | style_header("Update Subscription"); |
| 1699 | 1714 | db_prepare(&q, |
| 1700 | 1715 | "SELECT" |
| @@ -1709,12 +1724,13 @@ | ||
| 1709 | 1724 | " datetime(sctime,'unixepoch')," /* 8 */ |
| 1710 | 1725 | " hex(subscriberCode)" /* 9 */ |
| 1711 | 1726 | " FROM subscriber WHERE subscriberId=%d", sid); |
| 1712 | 1727 | if( db_step(&q)!=SQLITE_ROW ){ |
| 1713 | 1728 | db_finalize(&q); |
| 1729 | + db_commit_transaction(); | |
| 1714 | 1730 | cgi_redirect("subscribe"); |
| 1715 | - return; | |
| 1731 | + /*NOTREACHED*/ | |
| 1716 | 1732 | } |
| 1717 | 1733 | if( ssub==0 ){ |
| 1718 | 1734 | semail = db_column_text(&q, 0); |
| 1719 | 1735 | sdonotcall = db_column_int(&q, 2); |
| 1720 | 1736 | sdigest = db_column_int(&q, 3); |
| @@ -1868,10 +1884,12 @@ | ||
| 1868 | 1884 | @ </table> |
| 1869 | 1885 | @ </form> |
| 1870 | 1886 | fossil_free(zErr); |
| 1871 | 1887 | db_finalize(&q); |
| 1872 | 1888 | style_footer(); |
| 1889 | + db_commit_transaction(); | |
| 1890 | + return; | |
| 1873 | 1891 | } |
| 1874 | 1892 | |
| 1875 | 1893 | /* This is the message that gets sent to describe how to change |
| 1876 | 1894 | ** or modify a subscription |
| 1877 | 1895 | */ |
| 1878 | 1896 |
| --- src/alerts.c | |
| +++ src/alerts.c | |
| @@ -1208,10 +1208,19 @@ | |
| 1208 | int i, j, n; |
| 1209 | char c; |
| 1210 | |
| 1211 | *peErr = 0; |
| 1212 | *pzErr = 0; |
| 1213 | |
| 1214 | /* Check the validity of the email address. |
| 1215 | ** |
| 1216 | ** (1) Exactly one '@' character. |
| 1217 | ** (2) No other characters besides [a-zA-Z0-9._+-] |
| @@ -1249,17 +1258,10 @@ | |
| 1249 | *peErr = 1; |
| 1250 | *pzErr = mprintf("email domain too short"); |
| 1251 | return 0; |
| 1252 | } |
| 1253 | |
| 1254 | /* Verify the captcha */ |
| 1255 | if( needCaptcha && !captcha_is_correct(1) ){ |
| 1256 | *peErr = 2; |
| 1257 | *pzErr = mprintf("incorrect security code"); |
| 1258 | return 0; |
| 1259 | } |
| 1260 | |
| 1261 | /* Check to make sure the email address is available for reuse */ |
| 1262 | if( db_exists("SELECT 1 FROM subscriber WHERE semail=%Q", zEAddr) ){ |
| 1263 | *peErr = 1; |
| 1264 | *pzErr = mprintf("this email address is used by someone else"); |
| 1265 | return 0; |
| @@ -1415,11 +1417,11 @@ | |
| 1415 | @ <blockquote><pre> |
| 1416 | @ %h(pSender->zErr) |
| 1417 | @ </pre></blockquote> |
| 1418 | }else{ |
| 1419 | @ <p>An email has been sent to "%h(zEAddr)". That email contains a |
| 1420 | @ hyperlink that you must click on in order to activate your |
| 1421 | @ subscription.</p> |
| 1422 | } |
| 1423 | alert_sender_free(pSender); |
| 1424 | style_footer(); |
| 1425 | } |
| @@ -1447,16 +1449,22 @@ | |
| 1447 | if( eErr==1 ){ |
| 1448 | @ <tr><td><td><span class='loginError'>↑ %h(zErr)</span></td></tr> |
| 1449 | } |
| 1450 | @ </tr> |
| 1451 | if( needCaptcha ){ |
| 1452 | uSeed = captcha_seed(); |
| 1453 | zDecoded = captcha_decode(uSeed); |
| 1454 | zCaptcha = captcha_render(zDecoded); |
| 1455 | @ <tr> |
| 1456 | @ <td class="form_label">Security Code:</td> |
| 1457 | @ <td><input type="text" name="captcha" value="" size="30"> |
| 1458 | captcha_speakit_button(uSeed, "Speak the code"); |
| 1459 | @ <input type="hidden" name="captchaseed" value="%u(uSeed)"></td> |
| 1460 | @ </tr> |
| 1461 | if( eErr==2 ){ |
| 1462 | @ <tr><td><td><span class='loginError'>↑ %h(zErr)</span></td></tr> |
| @@ -1603,15 +1611,20 @@ | |
| 1603 | char *zErr = 0; /* Error message text */ |
| 1604 | int sid = 0; /* Subscriber ID */ |
| 1605 | int nName; /* Length of zName in bytes */ |
| 1606 | char *zHalfCode; /* prefix of subscriberCode */ |
| 1607 | |
| 1608 | if( alert_webpages_disabled() ) return; |
| 1609 | login_check_credentials(); |
| 1610 | if( !g.perm.EmailAlert ){ |
| 1611 | login_needed(g.anon.EmailAlert); |
| 1612 | return; |
| 1613 | } |
| 1614 | isLogin = login_is_individual(); |
| 1615 | zName = P("name"); |
| 1616 | nName = zName ? (int)strlen(zName) : 0; |
| 1617 | if( g.perm.Admin && P("sid")!=0 ){ |
| @@ -1627,12 +1640,13 @@ | |
| 1627 | if( sid==0 && isLogin ){ |
| 1628 | sid = db_int(0, "SELECT subscriberId FROM subscriber" |
| 1629 | " WHERE suname=%Q", g.zLogin); |
| 1630 | } |
| 1631 | if( sid==0 ){ |
| 1632 | cgi_redirect("subscribe"); |
| 1633 | return; |
| 1634 | } |
| 1635 | alert_submenu_common(); |
| 1636 | if( P("submit")!=0 && cgi_csrf_safe(1) ){ |
| 1637 | char newSsub[10]; |
| 1638 | int nsub = 0; |
| @@ -1690,11 +1704,12 @@ | |
| 1690 | eErr = 9; |
| 1691 | zErr = mprintf("Select this checkbox and press \"Unsubscribe\" again to" |
| 1692 | " unsubscribe"); |
| 1693 | }else{ |
| 1694 | alert_unsubscribe(sid); |
| 1695 | return; |
| 1696 | } |
| 1697 | } |
| 1698 | style_header("Update Subscription"); |
| 1699 | db_prepare(&q, |
| 1700 | "SELECT" |
| @@ -1709,12 +1724,13 @@ | |
| 1709 | " datetime(sctime,'unixepoch')," /* 8 */ |
| 1710 | " hex(subscriberCode)" /* 9 */ |
| 1711 | " FROM subscriber WHERE subscriberId=%d", sid); |
| 1712 | if( db_step(&q)!=SQLITE_ROW ){ |
| 1713 | db_finalize(&q); |
| 1714 | cgi_redirect("subscribe"); |
| 1715 | return; |
| 1716 | } |
| 1717 | if( ssub==0 ){ |
| 1718 | semail = db_column_text(&q, 0); |
| 1719 | sdonotcall = db_column_int(&q, 2); |
| 1720 | sdigest = db_column_int(&q, 3); |
| @@ -1868,10 +1884,12 @@ | |
| 1868 | @ </table> |
| 1869 | @ </form> |
| 1870 | fossil_free(zErr); |
| 1871 | db_finalize(&q); |
| 1872 | style_footer(); |
| 1873 | } |
| 1874 | |
| 1875 | /* This is the message that gets sent to describe how to change |
| 1876 | ** or modify a subscription |
| 1877 | */ |
| 1878 |
| --- src/alerts.c | |
| +++ src/alerts.c | |
| @@ -1208,10 +1208,19 @@ | |
| 1208 | int i, j, n; |
| 1209 | char c; |
| 1210 | |
| 1211 | *peErr = 0; |
| 1212 | *pzErr = 0; |
| 1213 | |
| 1214 | /* Verify the captcha first */ |
| 1215 | if( needCaptcha ){ |
| 1216 | if( !captcha_is_correct(1) ){ |
| 1217 | *peErr = 2; |
| 1218 | *pzErr = mprintf("incorrect security code"); |
| 1219 | return 0; |
| 1220 | } |
| 1221 | } |
| 1222 | |
| 1223 | /* Check the validity of the email address. |
| 1224 | ** |
| 1225 | ** (1) Exactly one '@' character. |
| 1226 | ** (2) No other characters besides [a-zA-Z0-9._+-] |
| @@ -1249,17 +1258,10 @@ | |
| 1258 | *peErr = 1; |
| 1259 | *pzErr = mprintf("email domain too short"); |
| 1260 | return 0; |
| 1261 | } |
| 1262 | |
| 1263 | /* Check to make sure the email address is available for reuse */ |
| 1264 | if( db_exists("SELECT 1 FROM subscriber WHERE semail=%Q", zEAddr) ){ |
| 1265 | *peErr = 1; |
| 1266 | *pzErr = mprintf("this email address is used by someone else"); |
| 1267 | return 0; |
| @@ -1415,11 +1417,11 @@ | |
| 1417 | @ <blockquote><pre> |
| 1418 | @ %h(pSender->zErr) |
| 1419 | @ </pre></blockquote> |
| 1420 | }else{ |
| 1421 | @ <p>An email has been sent to "%h(zEAddr)". That email contains a |
| 1422 | @ hyperlink that you must click to activate your |
| 1423 | @ subscription.</p> |
| 1424 | } |
| 1425 | alert_sender_free(pSender); |
| 1426 | style_footer(); |
| 1427 | } |
| @@ -1447,16 +1449,22 @@ | |
| 1449 | if( eErr==1 ){ |
| 1450 | @ <tr><td><td><span class='loginError'>↑ %h(zErr)</span></td></tr> |
| 1451 | } |
| 1452 | @ </tr> |
| 1453 | if( needCaptcha ){ |
| 1454 | const char *zInit = ""; |
| 1455 | if( P("captchaseed")!=0 && eErr!=2 ){ |
| 1456 | uSeed = strtoul(P("captchaseed"),0,10); |
| 1457 | zInit = P("captcha"); |
| 1458 | }else{ |
| 1459 | uSeed = captcha_seed(); |
| 1460 | } |
| 1461 | zDecoded = captcha_decode(uSeed); |
| 1462 | zCaptcha = captcha_render(zDecoded); |
| 1463 | @ <tr> |
| 1464 | @ <td class="form_label">Security Code:</td> |
| 1465 | @ <td><input type="text" name="captcha" value="%h(zInit)" size="30"> |
| 1466 | captcha_speakit_button(uSeed, "Speak the code"); |
| 1467 | @ <input type="hidden" name="captchaseed" value="%u(uSeed)"></td> |
| 1468 | @ </tr> |
| 1469 | if( eErr==2 ){ |
| 1470 | @ <tr><td><td><span class='loginError'>↑ %h(zErr)</span></td></tr> |
| @@ -1603,15 +1611,20 @@ | |
| 1611 | char *zErr = 0; /* Error message text */ |
| 1612 | int sid = 0; /* Subscriber ID */ |
| 1613 | int nName; /* Length of zName in bytes */ |
| 1614 | char *zHalfCode; /* prefix of subscriberCode */ |
| 1615 | |
| 1616 | db_begin_transaction(); |
| 1617 | if( alert_webpages_disabled() ){ |
| 1618 | db_commit_transaction(); |
| 1619 | return; |
| 1620 | } |
| 1621 | login_check_credentials(); |
| 1622 | if( !g.perm.EmailAlert ){ |
| 1623 | db_commit_transaction(); |
| 1624 | login_needed(g.anon.EmailAlert); |
| 1625 | /*NOTREACHED*/ |
| 1626 | } |
| 1627 | isLogin = login_is_individual(); |
| 1628 | zName = P("name"); |
| 1629 | nName = zName ? (int)strlen(zName) : 0; |
| 1630 | if( g.perm.Admin && P("sid")!=0 ){ |
| @@ -1627,12 +1640,13 @@ | |
| 1640 | if( sid==0 && isLogin ){ |
| 1641 | sid = db_int(0, "SELECT subscriberId FROM subscriber" |
| 1642 | " WHERE suname=%Q", g.zLogin); |
| 1643 | } |
| 1644 | if( sid==0 ){ |
| 1645 | db_commit_transaction(); |
| 1646 | cgi_redirect("subscribe"); |
| 1647 | /*NOTREACHED*/ |
| 1648 | } |
| 1649 | alert_submenu_common(); |
| 1650 | if( P("submit")!=0 && cgi_csrf_safe(1) ){ |
| 1651 | char newSsub[10]; |
| 1652 | int nsub = 0; |
| @@ -1690,11 +1704,12 @@ | |
| 1704 | eErr = 9; |
| 1705 | zErr = mprintf("Select this checkbox and press \"Unsubscribe\" again to" |
| 1706 | " unsubscribe"); |
| 1707 | }else{ |
| 1708 | alert_unsubscribe(sid); |
| 1709 | db_commit_transaction(); |
| 1710 | return; |
| 1711 | } |
| 1712 | } |
| 1713 | style_header("Update Subscription"); |
| 1714 | db_prepare(&q, |
| 1715 | "SELECT" |
| @@ -1709,12 +1724,13 @@ | |
| 1724 | " datetime(sctime,'unixepoch')," /* 8 */ |
| 1725 | " hex(subscriberCode)" /* 9 */ |
| 1726 | " FROM subscriber WHERE subscriberId=%d", sid); |
| 1727 | if( db_step(&q)!=SQLITE_ROW ){ |
| 1728 | db_finalize(&q); |
| 1729 | db_commit_transaction(); |
| 1730 | cgi_redirect("subscribe"); |
| 1731 | /*NOTREACHED*/ |
| 1732 | } |
| 1733 | if( ssub==0 ){ |
| 1734 | semail = db_column_text(&q, 0); |
| 1735 | sdonotcall = db_column_int(&q, 2); |
| 1736 | sdigest = db_column_int(&q, 3); |
| @@ -1868,10 +1884,12 @@ | |
| 1884 | @ </table> |
| 1885 | @ </form> |
| 1886 | fossil_free(zErr); |
| 1887 | db_finalize(&q); |
| 1888 | style_footer(); |
| 1889 | db_commit_transaction(); |
| 1890 | return; |
| 1891 | } |
| 1892 | |
| 1893 | /* This is the message that gets sent to describe how to change |
| 1894 | ** or modify a subscription |
| 1895 | */ |
| 1896 |
+11
-6
| --- src/login.c | ||
| +++ src/login.c | ||
| @@ -1498,13 +1498,14 @@ | ||
| 1498 | 1498 | void register_page(void){ |
| 1499 | 1499 | const char *zUserID, *zPasswd, *zConfirm, *zEAddr; |
| 1500 | 1500 | const char *zDName; |
| 1501 | 1501 | unsigned int uSeed; |
| 1502 | 1502 | const char *zDecoded; |
| 1503 | - char *zCaptcha; | |
| 1504 | 1503 | int iErrLine = -1; |
| 1505 | 1504 | const char *zErr = 0; |
| 1505 | + int captchaIsCorrect = 0; /* True on a correct captcha */ | |
| 1506 | + char *zCaptcha = ""; /* Value of the captcha text */ | |
| 1506 | 1507 | char *zPerms; /* Permissions for the default user */ |
| 1507 | 1508 | int canDoAlerts = 0; /* True if receiving email alerts is possible */ |
| 1508 | 1509 | int doAlerts = 0; /* True if subscription is wanted too */ |
| 1509 | 1510 | if( !db_get_boolean("self-register", 0) ){ |
| 1510 | 1511 | style_header("Registration not possible"); |
| @@ -1530,11 +1531,11 @@ | ||
| 1530 | 1531 | |
| 1531 | 1532 | /* Verify user imputs */ |
| 1532 | 1533 | if( P("new")==0 || !cgi_csrf_safe(1) ){ |
| 1533 | 1534 | /* This is not a valid form submission. Fall through into |
| 1534 | 1535 | ** the form display */ |
| 1535 | - }else if( !captcha_is_correct(1) ){ | |
| 1536 | + }else if( (captchaIsCorrect = captcha_is_correct(1))==0 ){ | |
| 1536 | 1537 | iErrLine = 6; |
| 1537 | 1538 | zErr = "Incorrect CAPTCHA"; |
| 1538 | 1539 | }else if( strlen(zUserID)<6 ){ |
| 1539 | 1540 | iErrLine = 1; |
| 1540 | 1541 | zErr = "User ID too short. Must be at least 6 characters."; |
| @@ -1658,12 +1659,11 @@ | ||
| 1658 | 1659 | @ <blockquote><pre> |
| 1659 | 1660 | @ %h(pSender->zErr) |
| 1660 | 1661 | @ </pre></blockquote> |
| 1661 | 1662 | }else{ |
| 1662 | 1663 | @ <p>An email has been sent to "%h(zEAddr)". That email contains a |
| 1663 | - @ hyperlink that you must click on in order to activate your | |
| 1664 | - @ subscription.</p> | |
| 1664 | + @ hyperlink that you must click to activate your account.</p> | |
| 1665 | 1665 | } |
| 1666 | 1666 | alert_sender_free(pSender); |
| 1667 | 1667 | if( zGoto ){ |
| 1668 | 1668 | @ <p><a href='%h(zGoto)'>Continue</a> |
| 1669 | 1669 | } |
| @@ -1672,11 +1672,15 @@ | ||
| 1672 | 1672 | } |
| 1673 | 1673 | redirect_to_g(); |
| 1674 | 1674 | } |
| 1675 | 1675 | |
| 1676 | 1676 | /* Prepare the captcha. */ |
| 1677 | - uSeed = captcha_seed(); | |
| 1677 | + if( captchaIsCorrect ){ | |
| 1678 | + uSeed = strtoul(P("captchaseed"),0,10); | |
| 1679 | + }else{ | |
| 1680 | + uSeed = captcha_seed(); | |
| 1681 | + } | |
| 1678 | 1682 | zDecoded = captcha_decode(uSeed); |
| 1679 | 1683 | zCaptcha = captcha_render(zDecoded); |
| 1680 | 1684 | |
| 1681 | 1685 | style_header("Register"); |
| 1682 | 1686 | /* Print out the registration form. */ |
| @@ -1731,11 +1735,12 @@ | ||
| 1731 | 1735 | if( iErrLine==5 ){ |
| 1732 | 1736 | @ <tr><td><td><span class='loginError'>↑ %h(zErr)</span></td></tr> |
| 1733 | 1737 | } |
| 1734 | 1738 | @ <tr> |
| 1735 | 1739 | @ <td class="form_label" align="right">Captcha:</td> |
| 1736 | - @ <td><input type="text" name="captcha" value="" size="30"> | |
| 1740 | + @ <td><input type="text" name="captcha" size="30"\ | |
| 1741 | + @ value="%h(captchaIsCorrect?zDecoded:"")" size="30"> | |
| 1737 | 1742 | captcha_speakit_button(uSeed, "Speak the captcha text"); |
| 1738 | 1743 | @ </td> |
| 1739 | 1744 | @ </tr> |
| 1740 | 1745 | if( iErrLine==6 ){ |
| 1741 | 1746 | @ <tr><td><td><span class='loginError'>↑ %h(zErr)</span></td></tr> |
| 1742 | 1747 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -1498,13 +1498,14 @@ | |
| 1498 | void register_page(void){ |
| 1499 | const char *zUserID, *zPasswd, *zConfirm, *zEAddr; |
| 1500 | const char *zDName; |
| 1501 | unsigned int uSeed; |
| 1502 | const char *zDecoded; |
| 1503 | char *zCaptcha; |
| 1504 | int iErrLine = -1; |
| 1505 | const char *zErr = 0; |
| 1506 | char *zPerms; /* Permissions for the default user */ |
| 1507 | int canDoAlerts = 0; /* True if receiving email alerts is possible */ |
| 1508 | int doAlerts = 0; /* True if subscription is wanted too */ |
| 1509 | if( !db_get_boolean("self-register", 0) ){ |
| 1510 | style_header("Registration not possible"); |
| @@ -1530,11 +1531,11 @@ | |
| 1530 | |
| 1531 | /* Verify user imputs */ |
| 1532 | if( P("new")==0 || !cgi_csrf_safe(1) ){ |
| 1533 | /* This is not a valid form submission. Fall through into |
| 1534 | ** the form display */ |
| 1535 | }else if( !captcha_is_correct(1) ){ |
| 1536 | iErrLine = 6; |
| 1537 | zErr = "Incorrect CAPTCHA"; |
| 1538 | }else if( strlen(zUserID)<6 ){ |
| 1539 | iErrLine = 1; |
| 1540 | zErr = "User ID too short. Must be at least 6 characters."; |
| @@ -1658,12 +1659,11 @@ | |
| 1658 | @ <blockquote><pre> |
| 1659 | @ %h(pSender->zErr) |
| 1660 | @ </pre></blockquote> |
| 1661 | }else{ |
| 1662 | @ <p>An email has been sent to "%h(zEAddr)". That email contains a |
| 1663 | @ hyperlink that you must click on in order to activate your |
| 1664 | @ subscription.</p> |
| 1665 | } |
| 1666 | alert_sender_free(pSender); |
| 1667 | if( zGoto ){ |
| 1668 | @ <p><a href='%h(zGoto)'>Continue</a> |
| 1669 | } |
| @@ -1672,11 +1672,15 @@ | |
| 1672 | } |
| 1673 | redirect_to_g(); |
| 1674 | } |
| 1675 | |
| 1676 | /* Prepare the captcha. */ |
| 1677 | uSeed = captcha_seed(); |
| 1678 | zDecoded = captcha_decode(uSeed); |
| 1679 | zCaptcha = captcha_render(zDecoded); |
| 1680 | |
| 1681 | style_header("Register"); |
| 1682 | /* Print out the registration form. */ |
| @@ -1731,11 +1735,12 @@ | |
| 1731 | if( iErrLine==5 ){ |
| 1732 | @ <tr><td><td><span class='loginError'>↑ %h(zErr)</span></td></tr> |
| 1733 | } |
| 1734 | @ <tr> |
| 1735 | @ <td class="form_label" align="right">Captcha:</td> |
| 1736 | @ <td><input type="text" name="captcha" value="" size="30"> |
| 1737 | captcha_speakit_button(uSeed, "Speak the captcha text"); |
| 1738 | @ </td> |
| 1739 | @ </tr> |
| 1740 | if( iErrLine==6 ){ |
| 1741 | @ <tr><td><td><span class='loginError'>↑ %h(zErr)</span></td></tr> |
| 1742 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -1498,13 +1498,14 @@ | |
| 1498 | void register_page(void){ |
| 1499 | const char *zUserID, *zPasswd, *zConfirm, *zEAddr; |
| 1500 | const char *zDName; |
| 1501 | unsigned int uSeed; |
| 1502 | const char *zDecoded; |
| 1503 | int iErrLine = -1; |
| 1504 | const char *zErr = 0; |
| 1505 | int captchaIsCorrect = 0; /* True on a correct captcha */ |
| 1506 | char *zCaptcha = ""; /* Value of the captcha text */ |
| 1507 | char *zPerms; /* Permissions for the default user */ |
| 1508 | int canDoAlerts = 0; /* True if receiving email alerts is possible */ |
| 1509 | int doAlerts = 0; /* True if subscription is wanted too */ |
| 1510 | if( !db_get_boolean("self-register", 0) ){ |
| 1511 | style_header("Registration not possible"); |
| @@ -1530,11 +1531,11 @@ | |
| 1531 | |
| 1532 | /* Verify user imputs */ |
| 1533 | if( P("new")==0 || !cgi_csrf_safe(1) ){ |
| 1534 | /* This is not a valid form submission. Fall through into |
| 1535 | ** the form display */ |
| 1536 | }else if( (captchaIsCorrect = captcha_is_correct(1))==0 ){ |
| 1537 | iErrLine = 6; |
| 1538 | zErr = "Incorrect CAPTCHA"; |
| 1539 | }else if( strlen(zUserID)<6 ){ |
| 1540 | iErrLine = 1; |
| 1541 | zErr = "User ID too short. Must be at least 6 characters."; |
| @@ -1658,12 +1659,11 @@ | |
| 1659 | @ <blockquote><pre> |
| 1660 | @ %h(pSender->zErr) |
| 1661 | @ </pre></blockquote> |
| 1662 | }else{ |
| 1663 | @ <p>An email has been sent to "%h(zEAddr)". That email contains a |
| 1664 | @ hyperlink that you must click to activate your account.</p> |
| 1665 | } |
| 1666 | alert_sender_free(pSender); |
| 1667 | if( zGoto ){ |
| 1668 | @ <p><a href='%h(zGoto)'>Continue</a> |
| 1669 | } |
| @@ -1672,11 +1672,15 @@ | |
| 1672 | } |
| 1673 | redirect_to_g(); |
| 1674 | } |
| 1675 | |
| 1676 | /* Prepare the captcha. */ |
| 1677 | if( captchaIsCorrect ){ |
| 1678 | uSeed = strtoul(P("captchaseed"),0,10); |
| 1679 | }else{ |
| 1680 | uSeed = captcha_seed(); |
| 1681 | } |
| 1682 | zDecoded = captcha_decode(uSeed); |
| 1683 | zCaptcha = captcha_render(zDecoded); |
| 1684 | |
| 1685 | style_header("Register"); |
| 1686 | /* Print out the registration form. */ |
| @@ -1731,11 +1735,12 @@ | |
| 1735 | if( iErrLine==5 ){ |
| 1736 | @ <tr><td><td><span class='loginError'>↑ %h(zErr)</span></td></tr> |
| 1737 | } |
| 1738 | @ <tr> |
| 1739 | @ <td class="form_label" align="right">Captcha:</td> |
| 1740 | @ <td><input type="text" name="captcha" size="30"\ |
| 1741 | @ value="%h(captchaIsCorrect?zDecoded:"")" size="30"> |
| 1742 | captcha_speakit_button(uSeed, "Speak the captcha text"); |
| 1743 | @ </td> |
| 1744 | @ </tr> |
| 1745 | if( iErrLine==6 ){ |
| 1746 | @ <tr><td><td><span class='loginError'>↑ %h(zErr)</span></td></tr> |
| 1747 |