On 9/6/19 3:28 PM, Lukas Fleischer wrote:
Add a CAPTCHA to protect against automated account creation. The CAPTCHA changes whenever three new accounts are registered.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org> --- This is a first attempt to stop the recent wave of spammers. Other counter-measures will be implemented if it is not effective.
So far seems like it may be helping.
web/html/register.php | 14 +++++- web/lib/acctfuncs.inc.php | 74 +++++++++++++++++++++++++++++- web/template/account_edit_form.php | 11 +++++ 3 files changed, 95 insertions(+), 4 deletions(-)
+ * Return the CAPTCHA challenge for a given salt. + * + * @param string $salt The salt to be used for the CAPTCHA computation. + * + * @return string The challenge as a string. + */ +function get_captcha_challenge($salt) { + $token = substr(md5($salt), 0, 3); + return "pacman -V|sed -r 's#[0-9]+#" . $token . "#g'|md5sum|cut -c1-6"; +}
But I think we need to mention LC_ALL=C here. See e.g. https://bugs.archlinux.org/task/63808 -- Eli Schwartz Bug Wrangler and Trusted User