# HG changeset patch
# User Dan
# Date 1260650376 18000
# Node ID e733f984c9907807700e7ff453c877540fcf167f
# Parent  a1770361ef88c398940b31ae9aba9b29123c715e
CAPTCHA: Added smart autosubmit for registration page. Usability testing was so-so, may back out later.

diff -r a1770361ef88 -r e733f984c990 includes/sessions.php
--- a/includes/sessions.php	Mon Dec 07 15:21:47 2009 -0500
+++ b/includes/sessions.php	Sat Dec 12 15:39:36 2009 -0500
@@ -3487,10 +3487,11 @@
   /**
    * For the given code ID, returns the correct CAPTCHA code, or false on failure
    * @param string $hash The unique ID assigned to the code
+   * @param bool If true, the code is NOT deleted from the database. Use with caution!
    * @return string The correct confirmation code
    */
   
-  function get_captcha($hash)
+  function get_captcha($hash, $nodelete = false)
   {
     global $db, $session, $paths, $template, $plugins; // Common objects
     
@@ -3516,7 +3517,10 @@
     list($code_id, $code) = $db->fetchrow_num();
     
     $db->free_result();
-    $this->sql('DELETE FROM ' . table_prefix . "captcha WHERE code_id = $code_id;");
+    
+    // delete it
+    if ( !$nodelete )
+      $this->sql('DELETE FROM ' . table_prefix . "captcha WHERE code_id = $code_id;");
     
     return $code;
   }
diff -r a1770361ef88 -r e733f984c990 plugins/SpecialUserFuncs.php
--- a/plugins/SpecialUserFuncs.php	Mon Dec 07 15:21:47 2009 -0500
+++ b/plugins/SpecialUserFuncs.php	Sat Dec 12 15:39:36 2009 -0500
@@ -817,10 +817,10 @@
                 </small>
               </td>
               <td class="row1">
-                <img id="captchaimg" alt="CAPTCHA image" src="<?php echo makeUrlNS('Special', 'Captcha/'.$captchacode); ?>" /><br />
-                <span id="b_username"></span>
+                <img id="captchaimg" alt="CAPTCHA image" src="<?php echo makeUrlNS('Special', 'Captcha/'.$captchacode); ?>" style="cursor: pointer;" onclick="regenCaptcha(); return false;" />
               </td>
               <td class="row1">
+                <img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/checkbad.png" id="s_captcha" />
               </td>
             </tr>
             
@@ -828,7 +828,8 @@
             <tr>
               <td class="row1" colspan="2">
                 <?php echo $lang->get('user_reg_lbl_field_captcha_code'); ?>
-                <input tabindex="6" name="captchacode" type="text" size="10" />
+                <input tabindex="6" name="captchacode" type="text" size="10" onkeyup="validateCaptcha(this);" />
+                <img id="captchaajax" width="16" height="16" src="<?php echo cdnPath; ?>/images/spacer.gif" />
                 <input type="hidden" name="captchahash" value="<?php echo $captchacode; ?>" />
               </td>
             </tr>
@@ -1060,8 +1061,49 @@
           {
             var frm = document.forms.regform;
             document.getElementById('captchaimg').src = '<?php echo makeUrlNS("Special", "Captcha/$captchacode"); ?>/'+Math.floor(Math.random() * 100000);
+            frm.captchacode.value = '';
             return false;
           }
+          function validateCaptcha(input)
+          {
+            var frm = document.forms.regform;
+            if ( input.value.length < 7 )
+            {
+              return false;
+            }
+            var valid_field = document.getElementById('s_captcha');
+            var loader_img = document.getElementById('captchaajax');
+            loader_img.src = cdnPath + '/images/loading.gif';
+            ajaxGet(makeUrlNS('Special', 'Captcha/' + frm.captchahash.value + '/validate=' + input.value), function(ajax)
+              {
+                if ( ajax.readyState == 4 && ajax.status == 200 )
+                {
+                  var response = String(ajax.responseText + '');
+                  if ( !check_json_response(response) )
+                  {
+                    handle_invalid_json(response);
+                    return false;
+                  }
+                  response = parseJSON(response);
+                  if ( response.valid )
+                  {
+                    loader_img.src = cdnPath + '/images/spacer.gif';
+                    valid_field.src = cdnPath + '/images/check.png';
+                  }
+                  else
+                  {
+                    valid_field.src = cdnPath + '/images/checkbad.png';
+                    regenCaptcha();
+                    document.getElementById('captchaimg').onload = function()
+                    {
+                      document.getElementById('captchaajax').src = cdnPath + '/images/spacer.gif';
+                      input.focus();
+                    };
+                    input.value = '';
+                  }
+                }
+              });
+          }
           addOnloadHook(function()
             {
               <?php if ( getConfig('pw_strength_enable') == '1' ): ?>
@@ -1282,6 +1324,24 @@
   {
     $paths->main_page();
   }
+  
+  if ( $validate_code = $paths->getParam(1) )
+  {
+    if ( preg_match('/^validate=(.+)$/', $validate_code, $match) )
+    {
+      header('Content-type: text/javascript');
+      $code = $session->get_captcha($hash, true);
+      $valid = strtolower($code) === strtolower($match[1]);
+      if ( !$valid )
+      {
+        $session->make_captcha(7, $hash);
+      }
+      echo enano_json_encode(array(
+        'valid' => $valid
+        ));
+      exit;
+    }
+  }
 
   $session->make_captcha(7, $hash);
   $code = $session->generate_captcha_code();
@@ -1292,6 +1352,8 @@
     if ( stristr($code, $word) )
     {
       // but don't put too much effort into this (will only correct this once)
+      // I mean, face it. If it generates one of those words twice in a row, either the local root has had
+      // way too much fun with his /dev/random, or this server is just plain gutter-minded.
       $code = $session->generate_captcha_code();
       break;
     }