Serendipity Forums

This is a simple sample scenario that the current captchas verification mechanism fails:

1. Open blog entry 1 in browser window 1
2. Open blog entry 2 in browser window 2
3. Write a comment for entry 1 in browser window 1 and press the Send button -> failure

The verification fails because the session variable generated by the server when we opened entry 1 has been erased when we opened entry 2 (the server generates a new value). The conflict comes from the fact that there is only one variable holding this value.

In my opinion, we can do a bit different: the server holds a variable-size-array of captchas values. Each time a blog entry is open, we push a new captchas value in this array and send its index to the browser (a field in the comment form). When the viewer submit his comment, this index number will be sent back to the server, and the server will be able to find out the correct captchas value.

Thanks for your attention.
Best regards.

Hi!

This sounds as if you already have a clue on how to code it? It would be great if you could have a look at the spamblock plugin (plugins/serendipity_event_spamblock/serendipity_event_spamblock.php) and send us a patch that we can include?

Apart from that I believe the error is non-fatal; if someone gets told the captcha was wrong, his inputs are preserved, he gets the latest captcha and upon the next submit it would work. But I agree that the solution you offered would be much nicer.

Best regards,
Garvin

Hi, I'm sorry that I've just changed my study place. I haven't had a computer dedicated for me here yet. The computer I'm using now is just for general purposes and doesn't have coding tools. I will return to this later when possible.

Thanks.

Hi!

Thanks a lot, yes. We'll wait, and thanks for your offer

Best regards,
Garvin