diff options
author | Andrew Dolgov <[email protected]> | 2019-02-19 20:25:48 +0300 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2019-02-19 20:25:48 +0300 |
commit | 59df261fb84f24870c6a846bb358f46a617834e4 (patch) | |
tree | 2236e2fcb6f20ef166cf7ebed599401894878d72 | |
parent | 3b057d5f02d8e482262459f5ed1fe0ac7cdd03db (diff) |
forgotpass: slightly better anti-bot protection
-rwxr-xr-x | classes/handler/public.php | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/classes/handler/public.php b/classes/handler/public.php index 48722a0ec..c58ac41d8 100755 --- a/classes/handler/public.php +++ b/classes/handler/public.php @@ -838,6 +838,7 @@ class Handler_Public extends Handler { function forgotpass() { startup_gettext(); + session_start(); @$hash = clean($_REQUEST["hash"]); @@ -916,8 +917,11 @@ class Handler_Public extends Handler { print "<input class='input input-text' type='email' name='email' value='' required>"; print "</fieldset>"; + $_SESSION["pwdreset:testvalue1"] = rand(1,10); + $_SESSION["pwdreset:testvalue2"] = rand(1,10); + print "<fieldset>"; - print "<label>".__("How much is two plus two:")."</label>"; + print "<label>".T_sprintf("How much is %d + %d:", $_SESSION["pwdreset:testvalue1"], $_SESSION["pwdreset:testvalue2"])."</label>"; print "<input class='input input-text' type='text' name='test' value='' required>"; print "</fieldset>"; @@ -933,7 +937,7 @@ class Handler_Public extends Handler { $email = clean($_POST["email"]); $test = clean($_POST["test"]); - if (($test != 4 && $test != 'four') || !$email || !$login) { + if ($test != ($_SESSION["pwdreset:testvalue1"] + $_SESSION["pwdreset:testvalue2"]) || !$email || !$login) { print_error(__('Some of the required form parameters are missing or incorrect.')); print "<form method=\"GET\" action=\"public.php\"> |