Commit 3ec4ae4a authored by git's avatar git Committed by elachlan

Issue #810534 by soxofaan, MiroslavBanov, Rajamohamed A, Yogesh Pawar,...

Issue #810534 by soxofaan, MiroslavBanov, Rajamohamed A, Yogesh Pawar, sandeepreddyg, 72ls.net, solian: Fix CAPTCHA session reuse
parent 198e7bcd
......@@ -73,6 +73,11 @@ class Captcha extends FormElement {
// Generate a new CAPTCHA session if we could
// not reuse one from a posted form.
$captcha_sid = _captcha_generate_captcha_session($this_form_id, CAPTCHA_STATUS_UNSOLVED);
$captcha_token = md5(mt_rand());
db_update('captcha_sessions')
->fields(['token' => $captcha_token])
->condition('csid', $captcha_sid)
->execute();
}
// Store CAPTCHA session ID as hidden field.
......@@ -86,11 +91,12 @@ class Captcha extends FormElement {
];
// Additional one time CAPTCHA token: store in database and send with form.
$captcha_token = hash('sha256', mt_rand());
db_update('captcha_sessions')
->fields(['token' => $captcha_token])
->condition('csid', $captcha_sid)
->execute();
// $captcha_token = hash('sha256', mt_rand());
// db_update('captcha_sessions')
// ->fields(['token' => $captcha_token])
// ->condition('csid', $captcha_sid)
// ->execute();
$captcha_token = db_query("SELECT token FROM {captcha_sessions} WHERE csid = :csid", [':csid' => $captcha_sid])->fetchField();
$element['captcha_token'] = [
'#type' => 'hidden',
'#value' => $captcha_token,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment