fix invalid token after captcha fail (#1018)

ltb-project · Jan 6, 2025 · 901c04e · 901c04e
1 parent ba318be
commit 901c04e
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 0 deletions.
diff --git a/htdocs/sendsms.php b/htdocs/sendsms.php
@@ -38,6 +38,11 @@
 $sessiontoken = "";
 $attempts = 0;
 
+if( isset($_REQUEST["formtoken"]) )
+{
+    $formtoken = strval($_REQUEST["formtoken"]);
+}
+
 #==============================================================================
 # Verify minimal information for treatment
 # Encryption needs to be activated

diff --git a/htdocs/sendtoken.php b/htdocs/sendtoken.php
@@ -69,9 +69,11 @@
 # Check tokenform
 #==============================================================================
 
+$check_tokenform = false;
 if ( !$result ) {
     $formtoken = strval($_REQUEST["formtoken"]);
     $result = $sspCache->verify_form_token($formtoken);
+    $check_tokenform = true;
 }
 
 #==============================================================================
@@ -160,6 +162,16 @@
     }
 }
 
+#==============================================================================
+# if:
+#  * form token has been checked previously (and thus erased) and
+#  * something bad happened (bad captcha,...)
+# regenerate a form token
+#==============================================================================
+if( $check_tokenform && $result != "" )
+{
+    $formtoken = $sspCache->generate_form_token($cache_form_expiration);
+}
 
 #==============================================================================
 # Build and store token