Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Improved anti-robot captcha. |
|---|---|
| Timelines: | family | ancestors | descendants | both | robot-restrict-simplified |
| Files: | files | file ages | folders |
| SHA3-256: |
206089acd1be4b95e8315d5e8063ac26 |
| User & Date: | drh 2025-08-16 13:57:51.454 |
Context
|
2025-08-16
| ||
| 13:59 | Improvements and simplifications to anti-robot defenses. check-in: 16b33097fe user: drh tags: trunk | |
| 13:57 | Improved anti-robot captcha. Closed-Leaf check-in: 206089acd1 user: drh tags: robot-restrict-simplified | |
| 00:36 | Add the "timelineX" tag to robot-restrict processing. Move /honeypot over to the captcha.c file and have it use the resources found there. check-in: 54afc94ce0 user: drh tags: robot-restrict-simplified | |
Changes
Changes to src/robot.c.
| ︙ | ︙ | |||
20 21 22 23 24 25 26 27 28 29 30 31 32 33 |
** Fossil is run as a service.
*/
#include "config.h"
#include "robot.h"
#include <assert.h>
#include <time.h>
/*
** Rewrite the current page with a robot squelch captcha and return 1.
**
** Or, if valid proof-of-work is present as either a query parameter or
** as a cookie, then return 0.
*/
static int robot_proofofwork(void){
| > > | 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 |
** Fossil is run as a service.
*/
#include "config.h"
#include "robot.h"
#include <assert.h>
#include <time.h>
#define POW_COOKIE "fossil-proofofwork"
/*
** Rewrite the current page with a robot squelch captcha and return 1.
**
** Or, if valid proof-of-work is present as either a query parameter or
** as a cookie, then return 0.
*/
static int robot_proofofwork(void){
|
| ︙ | ︙ | |||
59 60 61 62 63 64 65 | } h1 = (h1 % 900000000) + 100000000; h2 = (h2 % 900000000) + 100000000; /* If there is already a proof-of-work cookie with this value ** that means that the user agent has already authenticated. */ | | | | | | | > | < | | | | | | | | > > > > > > | | | | 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 |
}
h1 = (h1 % 900000000) + 100000000;
h2 = (h2 % 900000000) + 100000000;
/* If there is already a proof-of-work cookie with this value
** that means that the user agent has already authenticated.
*/
z = P(POW_COOKIE);
if( z
&& (atoi(z)==h1 || atoi(z)==h2)
&& !cgi_is_qp(POW_COOKIE) ){
return 0;
}
/* Check for a proof query parameter. If found, that means that
** the captcha has just now passed, so set the proof-of-work cookie
** in addition to letting the request through.
*/
z = P("proof");
if( z
&& (atoi(z)==h1 || atoi(z)==h2)
){
cgi_set_cookie(POW_COOKIE,z,"/",900);
return 0;
}
cgi_tag_query_parameter("proof");
/* Ask the client to present proof-of-work */
cgi_reset_content();
cgi_set_content_type("text/html");
style_header("Browser Verification");
@ <h1 id="x1">Checking to see if you are a robot<span id="x2"></span></h1>
@ <form method="GET">
@ <p id="x3" style="visibility:hidden;">\
@ Press <input type="submit" id="x5" value="Ok" focus> to continue</p>
cgi_query_parameters_to_hidden();
@ <input id="x4" type="hidden" name="proof" value="0">
@ </form>
@ <script nonce='%s(style_nonce())'>
@ function aaa(x){return document.getElementById(x);}
@ function bbb(h,a){
@ aaa("x4").value=h
@ if((a%%75)==0){
@ aaa("x2").textContent=aaa("x2").textContent+".";
@ }
@ if(a>0){
@ setTimeout(bbb,1,h+a,a-1);
@ }else{
@ aaa("x3").style.visibility="visible";
@ aaa("x2").textContent="";
@ aaa("x1").textContent="All clear";
@ aaa("x5").focus();
@ }
@ }
k = 800 + h2%99;
h2 = (k*k + k)/2;
@ setTimeout(function(){bbb(%u(h1-h2),%u(k));},10);
@ </script>
style_finish_page();
return 1;
}
/*
** SETTING: robot-restrict width=40 block-text
|
| ︙ | ︙ | |||
160 161 162 163 164 165 166 |
return 0; /* There is a valid token= query parameter */
}
if( robot_proofofwork() ){
return 1;
}
return 0;
}
| > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 |
return 0; /* There is a valid token= query parameter */
}
if( robot_proofofwork() ){
return 1;
}
return 0;
}
/*
** WEBPAGE: test-robotck
**
** Run the robot_restrict() function using the value of the "name="
** query parameter as an argument. Used for testing the robot_restrict()
** logic.
**
** Whenever this page is successfully rendered (when it doesn't go to
** the captcha) it deletes the proof-of-work cookie. So reloading the
** page will reset the cookie and restart the verification.
*/
void robot_restrict_test_page(void){
const char *zName = P("name");
const char *zP1 = P("proof");
const char *zP2 = P(POW_COOKIE);
const char *z;
if( zName==0 || zName[0]==0 ) zName = g.zPath;
login_check_credentials();
if( !g.perm.Admin ){ login_needed(0); return; }
g.zLogin = 0;
if( robot_restrict(zName) ) return;
style_set_current_feature("test");
style_header("robot_restrict() test");
@ <h1>Captcha passed</h1>
@
@ <p>
if( zP1 && zP1[0] ){
@ proof=%h(zP1)<br>
}
if( zP2 && zP2[0] ){
@ fossil_proofofwork=%h(zP2)<br>
cgi_set_cookie(POW_COOKIE,"",0,-1);
}
z = db_get("robot-restrict",robot_restrict_default());
if( z && z[0] ){
@ robot-restrict=%h(z)</br>
}
@ </p>
@ <p><a href="%R/test-robotck/%h(zName)">Retry</a>
style_finish_page();
}
|