Fossil SCM
Slightly more sophisticated captcha.
Commit
a10e785dfbdfe86bf625ff612de0765eff95ede53d9c6f60085c267705dfdfaa
Parent
a46ffe0fb71bdd0…
1 file changed
+30
-3
+30
-3
| --- src/robot.c | ||
| +++ src/robot.c | ||
| @@ -38,33 +38,60 @@ | ||
| 38 | 38 | */ |
| 39 | 39 | static int robot_send_captcha(void){ |
| 40 | 40 | unsigned h = 0; |
| 41 | 41 | const char *z; |
| 42 | 42 | |
| 43 | + /* Construct a proof-of-work value based on the IP address of the | |
| 44 | + ** sender and the sender's user-agent string. */ | |
| 43 | 45 | z = P("REMOTE_ADDR"); |
| 44 | 46 | if( z ){ |
| 45 | 47 | while( *z ){ h = (h + *(unsigned char*)(z++))*0x9e3779b1; } |
| 46 | 48 | } |
| 47 | 49 | z = P("HTTP_USER_AGENT"); |
| 48 | 50 | if( z ){ |
| 49 | 51 | while( *z ){ h = (h + *(unsigned char*)(z++))*0x9e3779b1; } |
| 50 | 52 | } |
| 51 | 53 | h %= 1000000000; |
| 54 | + | |
| 55 | + /* If there is already a proof-of-work cookie with this value | |
| 56 | + ** that means that the user agent has already authenticated. | |
| 57 | + */ | |
| 58 | + z = P("fossil-proofofwork"); | |
| 59 | + if( z && atoi(z)==h ){ | |
| 60 | + return 0; | |
| 61 | + } | |
| 62 | + | |
| 63 | + /* Check for a proof query parameter. If found, that means that | |
| 64 | + ** the captcha has just now passed, so set the proof-of-work cookie | |
| 65 | + ** in addition to letting the request through. | |
| 66 | + */ | |
| 52 | 67 | z = P("proof"); |
| 53 | - if( z && atoi(z)==h ) return 0; | |
| 68 | + if( z && atoi(z)==h ){ | |
| 69 | + cgi_set_cookie("fossil-proofofwork",z,"/",900); | |
| 70 | + return 0; | |
| 71 | + } | |
| 54 | 72 | cgi_tag_query_parameter("proof"); |
| 55 | 73 | |
| 74 | + /* Ask the client to present proof-of-work */ | |
| 56 | 75 | cgi_reset_content(); |
| 57 | 76 | cgi_set_content_type("text/html"); |
| 58 | 77 | style_header("Captcha"); |
| 59 | 78 | @ <h1>Prove That You Are Human</h1> |
| 60 | 79 | @ <form method="GET"> |
| 61 | 80 | @ <p>Press the button below</p><p> |
| 62 | 81 | cgi_query_parameters_to_hidden(); |
| 63 | - @ <input type="hidden" name="proof" value="%u(h)"> | |
| 64 | - @ <input type="submit" value="I Am Human"> | |
| 82 | + @ <input id="vx" type="hidden" name="proof" value="0"> | |
| 83 | + @ <input id="cx" type="submit" value="Wait..." disabled> | |
| 65 | 84 | @ </form> |
| 85 | + @ <script nonce='%s(style_nonce())'> | |
| 86 | + @ function enableHuman(){ | |
| 87 | + @ document.getElementById("vx").value = %u(h); | |
| 88 | + @ document.getElementById("cx").value = "Ok"; | |
| 89 | + @ document.getElementById("cx").disabled = false; | |
| 90 | + @ } | |
| 91 | + @ setTimeout(function(){enableHuman();}, 500); | |
| 92 | + @ </script> | |
| 66 | 93 | style_finish_page(); |
| 67 | 94 | return 1; |
| 68 | 95 | } |
| 69 | 96 | |
| 70 | 97 | |
| 71 | 98 |
| --- src/robot.c | |
| +++ src/robot.c | |
| @@ -38,33 +38,60 @@ | |
| 38 | */ |
| 39 | static int robot_send_captcha(void){ |
| 40 | unsigned h = 0; |
| 41 | const char *z; |
| 42 | |
| 43 | z = P("REMOTE_ADDR"); |
| 44 | if( z ){ |
| 45 | while( *z ){ h = (h + *(unsigned char*)(z++))*0x9e3779b1; } |
| 46 | } |
| 47 | z = P("HTTP_USER_AGENT"); |
| 48 | if( z ){ |
| 49 | while( *z ){ h = (h + *(unsigned char*)(z++))*0x9e3779b1; } |
| 50 | } |
| 51 | h %= 1000000000; |
| 52 | z = P("proof"); |
| 53 | if( z && atoi(z)==h ) return 0; |
| 54 | cgi_tag_query_parameter("proof"); |
| 55 | |
| 56 | cgi_reset_content(); |
| 57 | cgi_set_content_type("text/html"); |
| 58 | style_header("Captcha"); |
| 59 | @ <h1>Prove That You Are Human</h1> |
| 60 | @ <form method="GET"> |
| 61 | @ <p>Press the button below</p><p> |
| 62 | cgi_query_parameters_to_hidden(); |
| 63 | @ <input type="hidden" name="proof" value="%u(h)"> |
| 64 | @ <input type="submit" value="I Am Human"> |
| 65 | @ </form> |
| 66 | style_finish_page(); |
| 67 | return 1; |
| 68 | } |
| 69 | |
| 70 | |
| 71 |
| --- src/robot.c | |
| +++ src/robot.c | |
| @@ -38,33 +38,60 @@ | |
| 38 | */ |
| 39 | static int robot_send_captcha(void){ |
| 40 | unsigned h = 0; |
| 41 | const char *z; |
| 42 | |
| 43 | /* Construct a proof-of-work value based on the IP address of the |
| 44 | ** sender and the sender's user-agent string. */ |
| 45 | z = P("REMOTE_ADDR"); |
| 46 | if( z ){ |
| 47 | while( *z ){ h = (h + *(unsigned char*)(z++))*0x9e3779b1; } |
| 48 | } |
| 49 | z = P("HTTP_USER_AGENT"); |
| 50 | if( z ){ |
| 51 | while( *z ){ h = (h + *(unsigned char*)(z++))*0x9e3779b1; } |
| 52 | } |
| 53 | h %= 1000000000; |
| 54 | |
| 55 | /* If there is already a proof-of-work cookie with this value |
| 56 | ** that means that the user agent has already authenticated. |
| 57 | */ |
| 58 | z = P("fossil-proofofwork"); |
| 59 | if( z && atoi(z)==h ){ |
| 60 | return 0; |
| 61 | } |
| 62 | |
| 63 | /* Check for a proof query parameter. If found, that means that |
| 64 | ** the captcha has just now passed, so set the proof-of-work cookie |
| 65 | ** in addition to letting the request through. |
| 66 | */ |
| 67 | z = P("proof"); |
| 68 | if( z && atoi(z)==h ){ |
| 69 | cgi_set_cookie("fossil-proofofwork",z,"/",900); |
| 70 | return 0; |
| 71 | } |
| 72 | cgi_tag_query_parameter("proof"); |
| 73 | |
| 74 | /* Ask the client to present proof-of-work */ |
| 75 | cgi_reset_content(); |
| 76 | cgi_set_content_type("text/html"); |
| 77 | style_header("Captcha"); |
| 78 | @ <h1>Prove That You Are Human</h1> |
| 79 | @ <form method="GET"> |
| 80 | @ <p>Press the button below</p><p> |
| 81 | cgi_query_parameters_to_hidden(); |
| 82 | @ <input id="vx" type="hidden" name="proof" value="0"> |
| 83 | @ <input id="cx" type="submit" value="Wait..." disabled> |
| 84 | @ </form> |
| 85 | @ <script nonce='%s(style_nonce())'> |
| 86 | @ function enableHuman(){ |
| 87 | @ document.getElementById("vx").value = %u(h); |
| 88 | @ document.getElementById("cx").value = "Ok"; |
| 89 | @ document.getElementById("cx").disabled = false; |
| 90 | @ } |
| 91 | @ setTimeout(function(){enableHuman();}, 500); |
| 92 | @ </script> |
| 93 | style_finish_page(); |
| 94 | return 1; |
| 95 | } |
| 96 | |
| 97 | |
| 98 |