post.php: make dynamic captcha less prone to misuse

2024-07-29 20:48:22 +02:00 · 2024-07-29 20:48:22 +02:00 · 8f98665a1c
commit 8f98665a1c
parent 40475158eb
1 changed files with 19 additions and 19 deletions
--- a/post.php
+++ b/post.php
@ -727,27 +727,27 @@ function handle_post()


    if (!$dropped_post) {
-        if ($config['dynamic_captcha'] !== false && $_SERVER['REMOTE_ADDR'] === $config['dynamic_captcha']) {
-            if ($config['recaptcha']) {
-                if (!isset($_POST['g-recaptcha-response'])) {
-                    error($config['error']['bot']);
-                }
-                if (!check_recaptcha($config['recaptcha_private'], $_POST['g-recaptcha-response'], null)) {
-                    error($config['error']['captcha']);
-                }
-            } elseif ($config['turnstile']) {
-                if (!isset($_POST['cf-turnstile-response'])) {
-                    error($config['error']['bot']);
-                }
-                $expected_action = $post['op'] ? 'post-thread' : 'post-reply';
-                if (!check_turnstile($config['turnstile_private'], $_POST['cf-turnstile-response'], null, $expected_action)) {
-                    error($config['error']['captcha']);
+        if ($config['dynamic_captcha'] !== false) {
+            if ($_SERVER['REMOTE_ADDR'] === $config['dynamic_captcha']) {
+                if ($config['recaptcha']) {
+                    if (!isset($_POST['g-recaptcha-response'])) {
+                        error($config['error']['bot']);
+                    }
+                    if (!check_recaptcha($config['recaptcha_private'], $_POST['g-recaptcha-response'], null)) {
+                        error($config['error']['captcha']);
+                    }
+                } elseif ($config['turnstile']) {
+                    if (!isset($_POST['cf-turnstile-response'])) {
+                        error($config['error']['bot']);
+                    }
+                    $expected_action = $post['op'] ? 'post-thread' : 'post-reply';
+                    if (!check_turnstile($config['turnstile_private'], $_POST['cf-turnstile-response'], null, $expected_action)) {
+                        error($config['error']['captcha']);
+                    }
                }
            }
-        }
-
-        // Check for CAPTCHA right after opening the board so the "return" link is in there.
-        if ($config['dynamic_captcha'] === false) {
+        } else {
+            // Check for CAPTCHA right after opening the board so the "return" link is in there.
            if ($config['recaptcha']) {
                if (!isset($_POST['g-recaptcha-response'])) {
                    error($config['error']['bot']);