Fossil SCM
Obscure the captcha text using a character substitution for three seconds.
Commit
618420b1b8381e35acc38b063a3476a79bdaad3b
Parent
cc94bd078e322b6…
1 file changed
+35
-4
+35
-4
| --- src/captcha.c | ||
| +++ src/captcha.c | ||
| @@ -520,10 +520,39 @@ | ||
| 520 | 520 | z[i] = c; |
| 521 | 521 | } |
| 522 | 522 | if( strncmp(zDecode,z,8)!=0 ) return 0; |
| 523 | 523 | return 1; |
| 524 | 524 | } |
| 525 | + | |
| 526 | +/* | |
| 527 | +** Make a captcha string initially illegible in an attempt to confuse | |
| 528 | +** robots. | |
| 529 | +*/ | |
| 530 | +static char *captcha_obscure(char *z){ | |
| 531 | + int i; | |
| 532 | + for(i=0; z[i]; i++){ | |
| 533 | + if( strchr("/\\()_ |",z[i]) ) z[i] ^= 0x10; | |
| 534 | + } | |
| 535 | + return z; | |
| 536 | +} | |
| 537 | + | |
| 538 | +/* | |
| 539 | +** Output javascript that will de-obscure the capture string contained | |
| 540 | +** within the element name "zId" | |
| 541 | +*/ | |
| 542 | +static void capture_output_deobscurer(const char *zId, int nDelay){ | |
| 543 | + @ <script> | |
| 544 | + @ setTimeout(function(){ | |
| 545 | + @ var x = document.getElementById('%s(zId)'); | |
| 546 | + @ var str = x.innerHTML.replace(/</g,"<").replace(/>/g,">") | |
| 547 | + @ x.innerHTML = str.replace(/[?l89O0L]/g,function(c){ | |
| 548 | + @ return String.fromCharCode(c.charCodeAt(0)^0x10) | |
| 549 | + @ }).replace(/</g,"<").replace(/>/g,">"); | |
| 550 | + @ },%d(nDelay)); | |
| 551 | + @ </script> | |
| 552 | +} | |
| 553 | + | |
| 525 | 554 | |
| 526 | 555 | /* |
| 527 | 556 | ** Generate a captcha display together with the necessary hidden parameter |
| 528 | 557 | ** for the seed and the entry box into which the user will type the text of |
| 529 | 558 | ** the captcha. This is typically done at the very bottom of a form. |
| @@ -537,20 +566,21 @@ | ||
| 537 | 566 | |
| 538 | 567 | if( !captcha_needed() ) return; |
| 539 | 568 | uSeed = captcha_seed(); |
| 540 | 569 | zDecoded = captcha_decode(uSeed); |
| 541 | 570 | zCaptcha = captcha_render(zDecoded); |
| 542 | - @ <div class="captcha"><table class="captcha"><tr><td><pre> | |
| 543 | - @ %h(zCaptcha) | |
| 571 | + @ <div class="captcha"><table class="captcha"><tr><td><pre id='cx15'> | |
| 572 | + @ %h(captcha_obscure(zCaptcha)) | |
| 544 | 573 | @ </pre> |
| 545 | 574 | @ Enter security code shown above: |
| 546 | 575 | @ <input type="hidden" name="captchaseed" value="%u(uSeed)" /> |
| 547 | 576 | @ <input type="text" name="captcha" size=8 /> |
| 548 | 577 | if( showButton ){ |
| 549 | 578 | @ <input type="submit" value="Submit"> |
| 550 | 579 | } |
| 551 | 580 | @ </td></tr></table></div> |
| 581 | + capture_output_deobscurer("cx15",3000); | |
| 552 | 582 | } |
| 553 | 583 | |
| 554 | 584 | /* |
| 555 | 585 | ** WEBPAGE: test-captcha |
| 556 | 586 | */ |
| @@ -560,13 +590,14 @@ | ||
| 560 | 590 | u64 x; |
| 561 | 591 | sqlite3_randomness(sizeof(x), &x); |
| 562 | 592 | zPw = mprintf("%016llx", x); |
| 563 | 593 | } |
| 564 | 594 | style_header("Captcha Test"); |
| 565 | - @ <pre> | |
| 566 | - @ %s(captcha_render(zPw)) | |
| 595 | + @ <pre id='cx'> | |
| 596 | + @ %h(captcha_obscure(captcha_render(zPw))) | |
| 567 | 597 | @ </pre> |
| 598 | + capture_output_deobscurer("cx",2000); | |
| 568 | 599 | style_footer(); |
| 569 | 600 | } |
| 570 | 601 | |
| 571 | 602 | /* |
| 572 | 603 | ** Check to see if the current request is coming from an agent that might |
| 573 | 604 |
| --- src/captcha.c | |
| +++ src/captcha.c | |
| @@ -520,10 +520,39 @@ | |
| 520 | z[i] = c; |
| 521 | } |
| 522 | if( strncmp(zDecode,z,8)!=0 ) return 0; |
| 523 | return 1; |
| 524 | } |
| 525 | |
| 526 | /* |
| 527 | ** Generate a captcha display together with the necessary hidden parameter |
| 528 | ** for the seed and the entry box into which the user will type the text of |
| 529 | ** the captcha. This is typically done at the very bottom of a form. |
| @@ -537,20 +566,21 @@ | |
| 537 | |
| 538 | if( !captcha_needed() ) return; |
| 539 | uSeed = captcha_seed(); |
| 540 | zDecoded = captcha_decode(uSeed); |
| 541 | zCaptcha = captcha_render(zDecoded); |
| 542 | @ <div class="captcha"><table class="captcha"><tr><td><pre> |
| 543 | @ %h(zCaptcha) |
| 544 | @ </pre> |
| 545 | @ Enter security code shown above: |
| 546 | @ <input type="hidden" name="captchaseed" value="%u(uSeed)" /> |
| 547 | @ <input type="text" name="captcha" size=8 /> |
| 548 | if( showButton ){ |
| 549 | @ <input type="submit" value="Submit"> |
| 550 | } |
| 551 | @ </td></tr></table></div> |
| 552 | } |
| 553 | |
| 554 | /* |
| 555 | ** WEBPAGE: test-captcha |
| 556 | */ |
| @@ -560,13 +590,14 @@ | |
| 560 | u64 x; |
| 561 | sqlite3_randomness(sizeof(x), &x); |
| 562 | zPw = mprintf("%016llx", x); |
| 563 | } |
| 564 | style_header("Captcha Test"); |
| 565 | @ <pre> |
| 566 | @ %s(captcha_render(zPw)) |
| 567 | @ </pre> |
| 568 | style_footer(); |
| 569 | } |
| 570 | |
| 571 | /* |
| 572 | ** Check to see if the current request is coming from an agent that might |
| 573 |
| --- src/captcha.c | |
| +++ src/captcha.c | |
| @@ -520,10 +520,39 @@ | |
| 520 | z[i] = c; |
| 521 | } |
| 522 | if( strncmp(zDecode,z,8)!=0 ) return 0; |
| 523 | return 1; |
| 524 | } |
| 525 | |
| 526 | /* |
| 527 | ** Make a captcha string initially illegible in an attempt to confuse |
| 528 | ** robots. |
| 529 | */ |
| 530 | static char *captcha_obscure(char *z){ |
| 531 | int i; |
| 532 | for(i=0; z[i]; i++){ |
| 533 | if( strchr("/\\()_ |",z[i]) ) z[i] ^= 0x10; |
| 534 | } |
| 535 | return z; |
| 536 | } |
| 537 | |
| 538 | /* |
| 539 | ** Output javascript that will de-obscure the capture string contained |
| 540 | ** within the element name "zId" |
| 541 | */ |
| 542 | static void capture_output_deobscurer(const char *zId, int nDelay){ |
| 543 | @ <script> |
| 544 | @ setTimeout(function(){ |
| 545 | @ var x = document.getElementById('%s(zId)'); |
| 546 | @ var str = x.innerHTML.replace(/</g,"<").replace(/>/g,">") |
| 547 | @ x.innerHTML = str.replace(/[?l89O0L]/g,function(c){ |
| 548 | @ return String.fromCharCode(c.charCodeAt(0)^0x10) |
| 549 | @ }).replace(/</g,"<").replace(/>/g,">"); |
| 550 | @ },%d(nDelay)); |
| 551 | @ </script> |
| 552 | } |
| 553 | |
| 554 | |
| 555 | /* |
| 556 | ** Generate a captcha display together with the necessary hidden parameter |
| 557 | ** for the seed and the entry box into which the user will type the text of |
| 558 | ** the captcha. This is typically done at the very bottom of a form. |
| @@ -537,20 +566,21 @@ | |
| 566 | |
| 567 | if( !captcha_needed() ) return; |
| 568 | uSeed = captcha_seed(); |
| 569 | zDecoded = captcha_decode(uSeed); |
| 570 | zCaptcha = captcha_render(zDecoded); |
| 571 | @ <div class="captcha"><table class="captcha"><tr><td><pre id='cx15'> |
| 572 | @ %h(captcha_obscure(zCaptcha)) |
| 573 | @ </pre> |
| 574 | @ Enter security code shown above: |
| 575 | @ <input type="hidden" name="captchaseed" value="%u(uSeed)" /> |
| 576 | @ <input type="text" name="captcha" size=8 /> |
| 577 | if( showButton ){ |
| 578 | @ <input type="submit" value="Submit"> |
| 579 | } |
| 580 | @ </td></tr></table></div> |
| 581 | capture_output_deobscurer("cx15",3000); |
| 582 | } |
| 583 | |
| 584 | /* |
| 585 | ** WEBPAGE: test-captcha |
| 586 | */ |
| @@ -560,13 +590,14 @@ | |
| 590 | u64 x; |
| 591 | sqlite3_randomness(sizeof(x), &x); |
| 592 | zPw = mprintf("%016llx", x); |
| 593 | } |
| 594 | style_header("Captcha Test"); |
| 595 | @ <pre id='cx'> |
| 596 | @ %h(captcha_obscure(captcha_render(zPw))) |
| 597 | @ </pre> |
| 598 | capture_output_deobscurer("cx",2000); |
| 599 | style_footer(); |
| 600 | } |
| 601 | |
| 602 | /* |
| 603 | ** Check to see if the current request is coming from an agent that might |
| 604 |