captcha isn't checked

Niels Berkers niels at quotar.com
Mon Apr 9 14:55:22 PDT 2007 

    ------------------------------------------------------------------------
    *From:* Jonathan Daugherty [mailto:cygnus at janrain.com]
    *To:* Niels Berkers [mailto:niels.berkers at tros.nl]
    *Cc:* general at openid.net
    *Sent:* Mon, 09 Apr 2007 19:36:37 +0200
    *Subject:* Re: [OpenID] general Digest, Vol 8, Issue 16

    # BTW the captcha in the registation process isn't checked when the
    # form is submitted.

    Yes, it is; please see src/render.php, function render_register. In
    addition, posts related to this package would best be sent to the
    Janrain development list. You can sign up at

    http://lists.openidenabled.com/mailman/listinfo/dev

    Thanks!


the captcha is checked indeed, all clear on that. The error is added if
the captcha is false.
and $success is set false. Later on $error is checked (but was never
filled if the captcha was wrong)

See Adjustment ( rearanged the code a bit for better security )

---original code (added debug info) ----------------------------------
   $success = true;
echo $hash." !== ".md5($request['captcha_text'])."
".$request['captcha_text']."\n";
        if ($hash !== md5($request['captcha_text'])) {
            $template->addError('Security code does not match image.
Please try again.');
echo " no success here";
            $success = false;
        }

        $errors = Server_accountCheck($request['username'],
                                      $request['pass1'],
                                      $request['pass2']);

        if ($errors) {
            foreach ($errors as $e) {
                $template->addError($e);
            }
        } else {
.
.
.
      }
--------------------------------------------------------------------
---------- Adjustment -------------------------------------------
        $bSuccess = (bool)true;
        $aErrors = array();

        $aErrors = Server_accountCheck($request['username'],
                                      $request['pass1'],
                                      $request['pass2']);

        if ($hash !== md5($request['captcha_text'])) {
            $aErrors[] = 'Security code does not match image.  Please
try again.';
            $bSuccess = false;
        }

        if ( count($aErrors) === 0 && $bSuccess !== FALSE) {
            // Good.
            .
            .
            .
        } else {
           foreach ($aErrors as $e) {
                $template->addError($e);
            }
        }
-------------------------------------------------------------------

More information about the Dev mailing list