create a variable captcha_errorpage o some else. I've used the http error 503, but this is my humble choice.
// $Id: captcha.module,v 1.42.2.24 2007/08/24 03:16:29 wundo Exp $
function captcha_validate($form_values) {
// Get answer and preprocess if needed
$captcha_response = $form_values['#post']['captcha_response'];
$validationdata = $form_values['validationdata']['#value'];
if ($validationdata['preprocess']) {
$captcha_response = module_invoke($validationdata['module'], 'captcha', 'preprocess', $validationdata['type'], $captcha_response);
}
$form_id = $validationdata['form_id'];
$captcha_errorpage = variable_get('captcha_errorpage', 'Blank');
$captcha_token = $form_values['#post']['captcha_token'];
// Check if captcha_token exists
if (!isset($_SESSION['captcha'][$form_id][$captcha_token])) {
if ($captcha_errorpage == 'Blank'){
@header('HTTP/1.0 503 Service unavailable');
print t('Invalid captcha token.');
}
else
form_set_error('captcha_token', t('Invalid captcha token.'));
}
// Check answer
if ($captcha_response === $_SESSION['captcha'][$form_id][$captcha_token]) {
$_SESSION['captcha'][$form_id]['success'] = TRUE;
}
else {
if ($captcha_errorpage == 'Blank'){
@header('HTTP/1.0 503 Service unavailable');
print t('The answer you entered for the captcha challenge was not correct.');
}
else
form_set_error('captcha_response', t('The answer you entered for the captcha challenge was not correct.'));
}
// Unset the solution to prevent reuse of the same captcha solution
// by a spammer that repeats posting a form without requesting
// (and thus rendering) a new form. Note that a new captcha solution is only
// set at the pre_render phase.
unset($_SESSION['captcha'][$form_id][$captcha_token]);
}
Comments
Comment #1
psicomante commentedops i've set code, i should be enter php XD. sorry!
Comment #2
soxofaan commentedthis patch adds following option to the settings:
Comment #3
psicomante commentedit can useful set a message which can help the user
for example: t('Error: wrong code');
Comment #4
soxofaan commentedComment #5
robloachHad to recreate the patch as it conflicted with some other things that were recently put in. I also fixed a couple small grammatical errors.
Comment #6
soxofaan commentedI modified UI strings a bit further: shorter and more clear (I hope)
Moreover I don't think this is a critical issue.
I'm not sure if the feature would reduce the resources spent on spammers considerably, since there is still a fair amount of Drupal form processing involved before the wrong response is detected, and reacted upon.
Comment #7
elachlan commentedAs stated in #6, it won't really save on processing. Which is more important when dealing with a large influx of requests.