From 1de75c6d473ad6eaf313eec905a51a2bdadca1f0 Mon Sep 17 00:00:00 2001
From: Tracker-Friendly <jliwin98@danwin1210.de>
Date: Sun, 19 Nov 2023 11:38:22 +0000
Subject: [PATCH] More bypass prevention

---
 app.py               | 13 +++++++++++--
 templates/index.html |  1 +
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/app.py b/app.py
index c0e5eca..800e050 100644
--- a/app.py
+++ b/app.py
@@ -91,8 +91,9 @@ def index():
     captcha_text = generate_captcha_text()
     image = ImageCaptcha().generate(captcha_text)
 
-    # Store the CAPTCHA in the session
+    # Store the CAPTCHA and token in the session
     session['captcha_text'] = captcha_text
+    session['unique_token'] = unique_token
 
     # Encode the image in base64
     image_base64 = base64.b64encode(image.getvalue()).decode('utf-8')
@@ -101,7 +102,7 @@ def index():
     print(captcha_text)
 
     # Pass the CAPTCHA through to index.html
-    return render_template('index.html', captcha_text=captcha_text, captcha_image=image_base64)
+    return render_template('index.html', captcha_image=image_base64, unique_token=unique_token)
 
 @app.route('/api', methods=['POST'])
 def register():
@@ -112,6 +113,14 @@ def register():
     # Get the CAPTCHA
     user_captcha = request.form.get('captcha')
 
+    # Get the unique token
+    submitted_token = request.form.get('unique_token')
+
+    # Check if the submitted token matches the one in the session
+    if submitted_token != session.get('unique_token'):
+        # Token mismatch, handle accordingly
+        return "Token Expired", 400
+
     # Report the user captcha result
     print(user_captcha)
 
diff --git a/templates/index.html b/templates/index.html
index 9e8192f..e25b340 100644
--- a/templates/index.html
+++ b/templates/index.html
@@ -35,6 +35,7 @@
 	        </div>
 	    </div>
             <br>
+            <input type="hidden" name="unique_token" value="{{ unique_token }}">
             <input type="submit" value="Register">
         </form>
     </div>