create a variable captcha_errorpage o some else. I've used the http error 503, but this is my humble choice.

// $Id: captcha.module,v 1.42.2.24 2007/08/24 03:16:29 wundo Exp $
function captcha_validate($form_values) {
  // Get answer and preprocess if needed
  $captcha_response = $form_values['#post']['captcha_response'];
  $validationdata = $form_values['validationdata']['#value'];
  if ($validationdata['preprocess']) {
    $captcha_response = module_invoke($validationdata['module'], 'captcha', 'preprocess', $validationdata['type'], $captcha_response);
  }
  $form_id = $validationdata['form_id'];
  $captcha_errorpage = variable_get('captcha_errorpage', 'Blank');
  $captcha_token = $form_values['#post']['captcha_token'];
  // Check if captcha_token exists
  if (!isset($_SESSION['captcha'][$form_id][$captcha_token])) {
    if ($captcha_errorpage == 'Blank'){
      @header('HTTP/1.0 503 Service unavailable');
      print t('Invalid captcha token.');
    }
    else 
      form_set_error('captcha_token', t('Invalid captcha token.'));
  }
  // Check answer
  if ($captcha_response === $_SESSION['captcha'][$form_id][$captcha_token]) {
    $_SESSION['captcha'][$form_id]['success'] = TRUE;
  }
  else {
    if ($captcha_errorpage == 'Blank'){
      @header('HTTP/1.0 503 Service unavailable');
      print t('The answer you entered for the captcha challenge was not correct.');
    }
    else 
      form_set_error('captcha_response', t('The answer you entered for the captcha challenge was not correct.'));
  }

  // Unset the solution to prevent reuse of the same captcha solution
  // by a spammer that repeats posting a form without requesting
  // (and thus rendering) a new form. Note that a new captcha solution is only
  // set at the pre_render phase.
  unset($_SESSION['captcha'][$form_id][$captcha_token]);
}

Comments

psicomante’s picture

ops i've set code, i should be enter php XD. sorry!

soxofaan’s picture

Status: Active » Needs review
StatusFileSize
new4.19 KB

this patch adds following option to the settings:

Reaction on wrong response:

  • Reshow form with error message (default Drupal behavior).
  • Show the access denied error page.
  • Show bare error message (with HTTP status code 403).

By changing the reaction on wrong responses, you can reduce the resources spend on processing wrong responses, presumably of spammers. Note however that this is less user friendly to human users, which can make errors too.

psicomante’s picture

it can useful set a message which can help the user

for example: t('Error: wrong code');

soxofaan’s picture

Title: Option for displaying e blank page in error case, to consume less resources. » Option for displaying blank page on wrong response, to consume less resources
Version: 5.x-3.0-rc3 » 5.x-3.x-dev
robloach’s picture

Priority: Normal » Critical
StatusFileSize
new4.13 KB

Had to recreate the patch as it conflicted with some other things that were recently put in. I also fixed a couple small grammatical errors.

soxofaan’s picture

Priority: Critical » Normal
StatusFileSize
new4.21 KB

I modified UI strings a bit further: shorter and more clear (I hope)

Moreover I don't think this is a critical issue.
I'm not sure if the feature would reduce the resources spent on spammers considerably, since there is still a fair amount of Drupal form processing involved before the wrong response is detected, and reacted upon.

elachlan’s picture

Status: Needs review » Closed (fixed)

As stated in #6, it won't really save on processing. Which is more important when dealing with a large influx of requests.