karthick b
Sep 23, 2016, 4:52:22 PM9/23/16
to Fat-Free Framework
Hi,
I am using verbatim copy of bosca's cms example for captcha. This is what happens for me.
- I fill the wrong username and password
- auth checks and login function dumps the captcha.
- I fill the correct username and password this time but fill wrong value for the captcha challenge.
instead of displaying invalid captcha I am able to successfully login. Can you help me resolve this.
Note: I tried various code changes to figure out what is happening. This is the present code.
Login function
function login($f3) {
$f3->clear('SESSION');
$f3->set('COOKIE.sent',TRUE);
if ($f3->get('message')) {
$img=new Image;
$f3->set('captcha',$f3->base64(
$img->captcha('../ui/fonts/thunder.ttf',18,5,'SESSION.captcha')->
dump(),'image/png'));
}
$f3->set('content', 'login.html');
echo Template::instance()->render($f3->AJAX ? $f3->content : 'layout.html');
}Auth Function
function auth($f3){
$captcha=$f3->get('SESSION.captcha');
if ($captcha && strtoupper($f3->get('POST.captcha'))!=$captcha) {
$f3->set('message','Invalid CAPTCHA code');
$this->login($f3);
}
else {
$test13 = \WebUAM::doLogin($f3->POST['username'], $f3->POST['password']);
if($test13->success) {
$f3->clear('SESSION.captcha');
$f3->set('SESSION.username',$f3->get('POST.username'));
$cart = new \Basket( 'cart' );
if($cart->count() > 0) $f3->reroute('/checkout');
$f3->reroute('/order-food');
}
else {
$f3->set('message','Invalid user ID or password');
$this->login($f3);
}
}
}Login.html
<div class="login-form">
<h2>Login to your account</h2>
<form action="{{ @BASE.'/auth' }}" method="post" class="form-signin">
<check if="{{ isset(@message) }}">
<p class="message">{{ @message }}</p>
</check>
<label for="inputName" class="sr-only">Email address</label>
<input type="username" id="inputEmail" name="username" class="form-control" placeholder="Username" required autofocus>
<label for="inputPassword" class="sr-only">Password</label>
<input type="password" id="inputPassword" name="password" class="form-control" placeholder="Password" required>
<check if="{{ isset(@message) }}">
<p>
<label for="captcha"><small>CAPTCHA</small></label><br />
<img src="{{ @captcha }}" title="captcha" />
<input id="captcha" name="captcha" type="text" required/>
</p>
</check>
<button class="btn btn-lg btn-primary btn-block" type="submit">Sign in</button>
</form>
</div>Thanks in anticipation.
Anatol Buchholz
Sep 29, 2016, 1:47:30 PM9/29/16
to f3-fra...@googlegroups.com
Hey karthick,
mhh mhh mhh I did not rebuild your situation but did a quick test:
Look this very basic but working for me.
When you enter the correct code you´ll get "correct now login".
I´ve also echo´ed the current session var + the user-post-input which can help you to see what´s going on.
$f3->route('GET|POST /check', function($f3) {
if ($f3->get('SESSION.captcha_code') != strtoupper($f3->get('POST.userinput'))){ echo $f3->get('SESSION.captcha_code') . ' # ' . $f3->get('POST.userinput') . '<br>'; echo '<html> <img src="captcha" /> <form action="check" method="post"> What do you see?<br> <input type="text" name="userinput"><br> <input type="submit"> </form></html>'; } else { echo 'correct login'; } });
$f3->route('GET /captcha', function($f3) { $img = new Image(); $img->captcha('osifont.ttf',16,5,'SESSION.captcha_code'); $img->render(); });I think I have some time this weekend. I can have a look at your exact code again.
Cheers,
Anatol
Reply all
Reply to author
Forward
0 new messages