From 4ab56ef99849fca2b266a78bb155fca2206bd97b Mon Sep 17 00:00:00 2001
From: Sascha Leib <sascha.leib@kolmio.com>
Date: Tue, 4 Nov 2025 20:23:48 +0100
Subject: [PATCH] Simplified captcha cookie

Until I found that pesky bug!
---
 action.php                 | 7 +++++--
 captcha.js                 | 9 +++++----
 config/default-config.json | 8 ++++++--
 3 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/action.php b/action.php
index e9f7652..2419061 100644
--- a/action.php
+++ b/action.php
@@ -314,7 +314,7 @@ class action_plugin_botmon extends DokuWiki_Action_Plugin {
 
 		$today = substr((new DateTime())->format('c'), 0, 10);
 
-		$raw = $this->getConf('captchaSeed') . '|' . $_SERVER['SERVER_NAME'] . '|' . $_SERVER['REMOTE_ADDR'] . '|' . $today;
+		$raw = $this->getConf('captchaSeed') /*. '|' . $_SERVER['SERVER_NAME'] . '|' . $_SERVER['REMOTE_ADDR'] . '|' . $today */;
 		$expected = $raw; //hash('sha256', $raw);
 
 		// for debugging: write captcha data to the log:
@@ -330,13 +330,16 @@ class action_plugin_botmon extends DokuWiki_Action_Plugin {
 	 */
 	private function writeCaptchaLog($remote_addr, $cookieVal, $serverName, $expected) {
 
+		global $INFO;
+
 		$logArr = Array(
 			$remote_addr, /* remote IP */
 			$cookieVal, /* cookie value */
 			$this->getConf('captchaSeed'), /* seed */
 			$serverName, /* server name */
 			$expected, /* expected cookie value */
-			$cookieVal == $expected /* cookie matches expected value? */
+			($cookieVal == $expected ? 'MATCH' : 'WRONG'), /* cookie matches expected value? */
+			$_SERVER['REQUEST_URI'] /* request URI */
 		);
 
 		//* create the log line */
diff --git a/captcha.js b/captcha.js
index 4ff05c0..89066b6 100644
--- a/captcha.js
+++ b/captcha.js
@@ -168,15 +168,16 @@ const $BMCaptcha = {
 			try {
 				var $status = 'loading';
 
-				// generate the hash:
-				const dat = [ // the data to encode
+				// generate the hash: -- disabled until I found the pesky bug in the digest
+				/*const dat = [ // the data to encode
 					document._botmon.seed || '',
 					location.hostname,
 					document._botmon.ip || '0.0.0.0',
 					(new Date()).toISOString().substring(0, 10)
-				];
+				]; */
 				//if ($BMCaptcha._st - performance.now() >= 0) dat.push($BMCaptcha._st - performance.now());
-				const hash = /*$BMCaptcha.digest.hash(*/dat.join('|')/*)*/;
+				//const hash = $BMCaptcha.digest.hash(dat.join('|'));
+				const hash = document._botmon.seed || ''
 
 				// set the cookie:
 				document.cookie = "DWConfirm=" + encodeURIComponent(hash) + ';path=/;hostOnly;session;sameSite=strict;'
diff --git a/config/default-config.json b/config/default-config.json
index 6088153..01e3a74 100644
--- a/config/default-config.json
+++ b/config/default-config.json
@@ -2,7 +2,7 @@
 	"threshold": 100,
 	"rules": [
 		{"func": "fromKnownBotIP",
-		 "id": "botIpRange", "desc": "Common Bot IP range",
+		 "id": "knownIpRange", "desc": "From known IP range",
 		 "bot": 40
 		},
 		{"func": "matchesClient", "params": ["aol","msie","ffold","chromeold","oldedge","operaold"],
@@ -57,9 +57,13 @@
 		 "id": "impPC", "desc": "Impossible combination of platform and client",
 		 "bot": 70
 		},
+		{"func": "loadSpeed", "params": [3, 10],
+		 "id": "speedRun", "desc": "Average time between page loads is less than 10 seconds",
+		 "bot": 30
+		},
 		{"func": "loadSpeed", "params": [3, 20],
 		 "id": "speedRun", "desc": "Average time between page loads is less than 20 seconds",
-		 "bot": 60
+		 "bot": 30
 		},
 		{"func": "noAcceptLang",
 		 "id": "noAcc", "desc": "No “Accept-Language” header",