| #
f469e1e3 |
| 22-Jan-2026 |
Andreas Gohr <gohr@cosmocode.de> |
Support multiple CAPTCHAs on a single page
Replace ID selectors with classes to allow multiple CAPTCHA instances
on the same page. Modernize JavaScript to use vanilla JS methods and
ES6 syntax (cons
Support multiple CAPTCHAs on a single page
Replace ID selectors with classes to allow multiple CAPTCHA instances
on the same page. Modernize JavaScript to use vanilla JS methods and
ES6 syntax (const, arrow functions).
fixes #98
show more ...
|
| #
184a2060 |
| 06-Dec-2023 |
Andreas Gohr <andi@splitbrain.org> |
cleanup styles, use SVG icon for audio
|
| #
5697ecf8 |
| 06-Dec-2023 |
Andreas Gohr <andi@splitbrain.org> |
adjust tests and fix file cookie handling
|
| #
1cd9cde7 |
| 06-Dec-2023 |
Andreas Gohr <andi@splitbrain.org> |
more cleanup for the html generation
|
| #
c6d794b3 |
| 06-Dec-2023 |
Andreas Gohr <andi@splitbrain.org> |
move file cookies to class
|
| #
09b1e97e |
| 06-Dec-2023 |
Andreas Gohr <andi@splitbrain.org> |
first go at cleaning up the code
|
| #
bb63fb25 |
| 06-Dec-2023 |
Daniel Dias Rodrigues <danieldiasr@gmail.com> |
Fix utf8_strtolower() is deprecated warning (#141)
Use \dokuwiki\Utf8\PhpString::strtolower() instead
|
| #
64382f29 |
| 27-Aug-2022 |
Andreas Gohr <andi@splitbrain.org> |
use $INPUT for access to $_SERVER. fixes #131
|
| #
63609b6e |
| 04-Aug-2022 |
Andreas Gohr <andi@splitbrain.org> |
fix audio captcha. closes #115
It seems browsers pass different accept-encoding headers now for the
audio request, breaking auth_browseruid()
|
| #
969b14c4 |
| 11-Jan-2022 |
Andreas Gohr <andi@splitbrain.org> |
added bruteforce protection on login
The new default for protecting the login now takes failed logins from
the originating IP into account.
|
| #
18622736 |
| 11-Jan-2022 |
Andreas Gohr <andi@splitbrain.org> |
auto reformat code
|
| #
39bbdaef |
| 22-Jul-2021 |
Andreas Gohr <andi@splitbrain.org> |
fix deprecated use of curly braces
|
| #
9efb703b |
| 27-Feb-2021 |
Stefan Bethke <stb@lassitu.de> |
In the registration form, I've picked "question" and added HTML to the question, to link to the answer (because the question is kind of arcane). However, clicking the link does nothing. Inspecting th
In the registration form, I've picked "question" and added HTML to the question, to link to the answer (because the question is kind of arcane). However, clicking the link does nothing. Inspecting the page, I found JS code that tries to extract the link to the audio snipped from an anchor tag, and then attaches a hander to the anchor that starts playing the audio and stop event processing. About line 16 in script.js
This change makes the JS code more specific.
show more ...
|
| #
9bc1fab2 |
| 05-Dec-2017 |
Apostolos P. Tsompanopoulos <monotropos@gmail.com> |
Removed "?" from math function in helper.php:348
|
| #
08f248e4 |
| 01-Feb-2017 |
Andreas Gohr <andi@splitbrain.org> |
added new mode SVG
This mode generates an SVG image an inlines it. This is much easier to
read than the obfuscated image but should still be relatively hard for
most spammers (until they start handl
added new mode SVG
This mode generates an SVG image an inlines it. This is much easier to
read than the obfuscated image but should still be relatively hard for
most spammers (until they start handling inline SVGs).
show more ...
|
| #
cde3ece1 |
| 01-Feb-2017 |
Andreas Gohr <andi@splitbrain.org> |
clean up old captcha cookies
Old cookies are now cleared once per day.
|
| #
a285df67 |
| 01-Feb-2017 |
Andreas Gohr <andi@splitbrain.org> |
implement "cookies" against replay attacks
The CAPTCHA plugin tried to be stateless. No cookie related information
was stored on the server (eg. in the session). Instead encryption of
available info
implement "cookies" against replay attacks
The CAPTCHA plugin tried to be stateless. No cookie related information
was stored on the server (eg. in the session). Instead encryption of
available information was used to ensure captcha codes couldn't be
faked. To avoid replay attacks the plugin relied on the last change date
of the current page. When a captcha was filled in correctly a page edit
was allowed and the next captcha would use different encryption. However
this does not work where the captcha is used independently from a page
edit. Eg. for logins or comments.
To fix this some data has to be stored server side. Most captchas simply
store the code in the session of the user. This has two disadvantages:
1) only one code can be used, which makes having multiple tabs with
editing sessions a pain
2) the session must be open for writing when the captcha is displayed
and checked
This change implements a different approach. For each displayed captcha
a "cookie" (a 0 byte file) is stored in the tmp directory. When a
captcha is checked, the cookie is removed again. This way each captcha
can only be used once.
Cleaning up the tmp directory is still missing and comes in a second
commit.
show more ...
|
| #
3ee37481 |
| 29-May-2015 |
Andreas Gohr <andi@splitbrain.org> |
make function protected
helps testability
|
| #
14e271eb |
| 26-May-2015 |
Patrick Brown <ptbrown@whoopdedo.org> |
Don't skip tests when input is empty (guards against timing attacks)
|
| #
09870f99 |
| 26-May-2015 |
Patrick Brown <ptbrown@whoopdedo.org> |
Always validate string before decrypting
|
| #
9a516eda |
| 26-May-2015 |
Patrick Brown <ptbrown@whoopdedo.org> |
Limit length of generated string
|
| #
a02b2219 |
| 26-May-2015 |
Patrick Brown <ptbrown@whoopdedo.org> |
Fix generator when random seed is zero
|
| #
478e363c |
| 17-Apr-2015 |
Andreas Gohr <andi@splitbrain.org> |
use $INPUT and avoid decrypting empty strings
|
| #
7218f96c |
| 17-Apr-2015 |
Andreas Gohr <andi@splitbrain.org> |
removed deprecated events
|
| #
f044313d |
| 04-Jan-2014 |
Andreas Gohr <andi@splitbrain.org> |
don't use deprecated blowfish libs. fixes #24
only falls back to blowfish on old wiki versions
|