diff -r 7eef739a5b81 -r 6ae6e387a0e3 plugins/SpecialUserFuncs.php
--- a/plugins/SpecialUserFuncs.php	Mon Feb 04 05:52:12 2008 -0500
+++ b/plugins/SpecialUserFuncs.php	Wed Feb 06 18:41:47 2008 -0500
@@ -1319,37 +1319,21 @@
   }
   
   $hash = $paths->getParam(0);
-  if ( !$hash || !preg_match('#^([0-9a-f]*){32,32}$#i', $hash) )
+  if ( !$hash || !preg_match('#^([0-9a-f]*){32,40}$#i', $hash) )
   {
     $paths->main_page();
   }
   
-  // Determine code length
-  $ip = ip2hex($_SERVER['REMOTE_ADDR']);
-  if ( !$ip )
-    die('(very desperate) Hacking attempt');
-  $q = $db->sql_query('SELECT CHAR_LENGTH(salt) AS len FROM ' . table_prefix . 'session_keys WHERE session_key = \'' . $db->escape($hash) . '\' AND source_ip = \'' . $db->escape($ip) . '\';');
+  $code = $session->generate_captcha_code();
+  $q = $db->sql_query('UPDATE ' . table_prefix . "captcha SET code = '$code' WHERE session_id = '$hash';");
   if ( !$q )
-    $db->_die('SpecialUserFuncs selecting CAPTCHA code');
-  if ( $db->numrows() < 1 )
-    die('Invalid hash or hacking attempt by IP');
-  
-  // Generate code
-  $row = $db->fetchrow();
-  $db->free_result();
-  $len = intval($row['len']);
-  if ( $len < 4 )
-    $len = 7;
-  $code = $session->generate_captcha_code($len);
-  
-  // Update database with new code
-  $q = $db->sql_query('UPDATE ' . table_prefix . 'session_keys SET salt = \'' . $code . '\' WHERE session_key = \'' . $db->escape($hash) . '\' AND source_ip = \'' . $db->escape($ip) . '\';');
-  if ( !$q )
-    $db->_die('SpecialUserFuncs generating new CAPTCHA confirmation code');
+    $db->_die();
   
   require ( ENANO_ROOT.'/includes/captcha.php' );
-  $captcha = new captcha($code);
+  $captcha = captcha_object($hash, 'freecap');
+  $captcha->debug = true;
   $captcha->make_image();
+  
   exit;
 }