More bypass prevention

This commit is contained in:
Tracker-Friendly 2023-11-19 11:38:22 +00:00
parent 8ba3a8fcea
commit 1de75c6d47
2 changed files with 12 additions and 2 deletions

13
app.py
View File

@ -91,8 +91,9 @@ def index():
captcha_text = generate_captcha_text()
image = ImageCaptcha().generate(captcha_text)
# Store the CAPTCHA in the session
# Store the CAPTCHA and token in the session
session['captcha_text'] = captcha_text
session['unique_token'] = unique_token
# Encode the image in base64
image_base64 = base64.b64encode(image.getvalue()).decode('utf-8')
@ -101,7 +102,7 @@ def index():
print(captcha_text)
# Pass the CAPTCHA through to index.html
return render_template('index.html', captcha_text=captcha_text, captcha_image=image_base64)
return render_template('index.html', captcha_image=image_base64, unique_token=unique_token)
@app.route('/api', methods=['POST'])
def register():
@ -112,6 +113,14 @@ def register():
# Get the CAPTCHA
user_captcha = request.form.get('captcha')
# Get the unique token
submitted_token = request.form.get('unique_token')
# Check if the submitted token matches the one in the session
if submitted_token != session.get('unique_token'):
# Token mismatch, handle accordingly
return "Token Expired", 400
# Report the user captcha result
print(user_captcha)

View File

@ -35,6 +35,7 @@
</div>
</div>
<br>
<input type="hidden" name="unique_token" value="{{ unique_token }}">
<input type="submit" value="Register">
</form>
</div>