From 6d9f29121a6c03f3c0d3e2c232f0c7dfdba7dd46 Mon Sep 17 00:00:00 2001
From: Pk11 <pk11@outlook.jp>
Date: Tue, 14 Feb 2023 04:52:56 +0000
Subject: [PATCH] Add CAPTCHA

---
 index.php | 31 ++++++++++++++++++++++++++++---
 1 file changed, 28 insertions(+), 3 deletions(-)

diff --git a/index.php b/index.php
index 14c7697..8676ee6 100644
--- a/index.php
+++ b/index.php
@@ -26,6 +26,7 @@
 	 */
 
 	$start_time = microtime(true);
+	$captcha_str = substr(strtr(sha1($start_time), "1234567890", "ABCDEFGHgh"), 0, 6);
 
 	// Return source code
 	if(isset($_GET['source'])) {
@@ -71,7 +72,7 @@
 	//// Functions: ////
 
 	// Adds a post to the database
-	function post($name, $email, $comment, $img, $save_cookie) {
+	function post($name, $email, $comment, $img, $save_cookie, $captcha, $captcha_answer) {
 		$extensions = [
 			'image/bmp' => '.bmp',
 			'image/gif' => '.gif',
@@ -95,6 +96,12 @@
 			$_COOKIE['email'] = $email;
 		}
 
+		if($captcha != $captcha_answer) {
+			if(!empty($img['tmp_name']))
+				@unlink($img['tmp_name']);
+			return 'Invalid CAPTCHA answer, copy the text on the left into the box';
+		}
+
 		// Validate and move the uploaded image file, if necessary
 		if(!empty($img['tmp_name'])) {
 			if((($img['type'] == 'image/gif') || ($img['type'] == 'image/jpeg') || ($img['type'] == 'image/pjpeg')
@@ -142,7 +149,7 @@
 
 		if(empty($comment) && empty($target))
 			return 'You must include an image and/or a comment';
-		
+
 		// Check email
 		if(!empty($email)) {
 			if(!preg_match('/^[a-zA-Z0-9][a-zA-Z0-9\._\-&!?=#+]*@/', $email)) {
@@ -362,8 +369,10 @@
 		$comment = trim($_POST['comment']);
 		$img = $_FILES['img'];
 		$save_cookie = isset($_POST['save_cookie']);
+		$captcha = trim($_POST['captcha']);
+		$captcha_answer = trim($_POST['captcha_answer']);
 
-		$err = post($name, $email, $comment, $img, $save_cookie);
+		$err = post($name, $email, $comment, $img, $save_cookie, $captcha, $captcha_answer);
 		if($err == "") {
 			# Redirect to latest post
 			$query = 'SELECT post_id FROM posts ORDER BY posts.post_time DESC LIMIT 1';
@@ -456,6 +465,14 @@
 					<br />
 					<br />
 
+					<label for="captcha">CAPTCHA:</label></td>
+					<br />
+					<code><?php echo $captcha_str; ?></code>
+					<input id="captcha" name="captcha" />
+					<input type="hidden" name="captcha_answer" value="<?php echo $captcha_str; ?>" />
+					<br />
+					<br />
+
 					<label for="save-cookie">Save cookie:</label>
 					<input type="checkbox" id="save-cookie" name="save_cookie" <?php if($_COOKIE['uid']) echo 'checked'; ?> />
 					<br />
@@ -482,6 +499,14 @@
 							<td><label for="img">Image:</label></td>
 							<td><input type="file" id="img" name="img" /> (Limit: <?php echo MAX_FILE_SIZE >> 10; ?> KiB)</td>
 						</tr>
+						<tr>
+							<td><label for="captcha">CAPTCHA:</label></td>
+							<td>
+								<code><?php echo $captcha_str; ?></code>
+								<input id="captcha" name="captcha" />
+								<input type="hidden" name="captcha_answer" value="<?php echo $captcha_str; ?>" />
+							</td>
+						</tr>
 						<tr>
 							<td><label for="save-cookie">Save cookie:</label></td>
 							<td><input type="checkbox" id="save-cookie" name="save_cookie" <?php if($_COOKIE['uid']) echo 'checked'; ?> /> (Allows deleting your own posts)</td>