On 9/6/19 3:28 PM, Lukas Fleischer wrote: > Add a CAPTCHA to protect against automated account creation. The CAPTCHA > changes whenever three new accounts are registered. > > Signed-off-by: Lukas Fleischer <lfleisc...@archlinux.org> > --- > This is a first attempt to stop the recent wave of spammers. Other > counter-measures will be implemented if it is not effective.
So far seems like it may be helping.
> web/html/register.php | 14 +++++-
> web/lib/acctfuncs.inc.php | 74 +++++++++++++++++++++++++++++-
> web/template/account_edit_form.php | 11 +++++
> 3 files changed, 95 insertions(+), 4 deletions(-)
> + * Return the CAPTCHA challenge for a given salt.
> + *
> + * @param string $salt The salt to be used for the CAPTCHA computation.
> + *
> + * @return string The challenge as a string.
> + */
> +function get_captcha_challenge($salt) {
> + $token = substr(md5($salt), 0, 3);
> + return "pacman -V|sed -r 's#[0-9]+#" . $token . "#g'|md5sum|cut -c1-6";
> +}
But I think we need to mention LC_ALL=C here. See e.g.
https://bugs.archlinux.org/task/63808
--
Eli Schwartz
Bug Wrangler and Trusted User
signature.asc
Description: OpenPGP digital signature
