On 9/6/19 3:28 PM, Lukas Fleischer wrote: > Add a CAPTCHA to protect against automated account creation. The CAPTCHA > changes whenever three new accounts are registered. > > Signed-off-by: Lukas Fleischer <lfleisc...@archlinux.org> > --- > This is a first attempt to stop the recent wave of spammers. Other > counter-measures will be implemented if it is not effective.
So far seems like it may be helping. > web/html/register.php | 14 +++++- > web/lib/acctfuncs.inc.php | 74 +++++++++++++++++++++++++++++- > web/template/account_edit_form.php | 11 +++++ > 3 files changed, 95 insertions(+), 4 deletions(-) > + * Return the CAPTCHA challenge for a given salt. > + * > + * @param string $salt The salt to be used for the CAPTCHA computation. > + * > + * @return string The challenge as a string. > + */ > +function get_captcha_challenge($salt) { > + $token = substr(md5($salt), 0, 3); > + return "pacman -V|sed -r 's#[0-9]+#" . $token . "#g'|md5sum|cut -c1-6"; > +} But I think we need to mention LC_ALL=C here. See e.g. https://bugs.archlinux.org/task/63808 -- Eli Schwartz Bug Wrangler and Trusted User
signature.asc
Description: OpenPGP digital signature