From 0314e67900f01410bc8c81c58a40dc0515e3c91d Mon Sep 17 00:00:00 2001
From: Madhura Jayaratne <madhura.cj@gmail.com>
Date: Tue, 8 Sep 2015 07:02:16 +1000
Subject: [PATCH] Fix reCaptcha bypass

Signed-off-by: Madhura Jayaratne <madhura.cj@gmail.com>
---
 ChangeLog                                          |  3 +++
 .../plugins/auth/AuthenticationCookie.class.php    | 29 +---------------------
 .../plugin/auth/PMA_AuthenticationCookie_test.php  | 19 +++++++-------
 3 files changed, 14 insertions(+), 37 deletions(-)

diff --git a/libraries/plugins/auth/AuthenticationCookie.class.php b/libraries/plugins/auth/AuthenticationCookie.class.php
index c901248..fed2281 100644
--- a/libraries/plugins/auth/AuthenticationCookie.class.php
+++ b/libraries/plugins/auth/AuthenticationCookie.class.php
@@ -218,18 +218,9 @@ public function auth()
                 . $GLOBALS['server'] . '" />';
         } // end if (server choice)
 
-        // We already have one correct captcha.
-        $skip = false;
-        if (  isset($_SESSION['last_valid_captcha'])
-            && $_SESSION['last_valid_captcha']
-        ) {
-            $skip = true;
-        }
-
         // Add captcha input field if reCaptcha is enabled
         if (  !empty($GLOBALS['cfg']['CaptchaLoginPrivateKey'])
             && !empty($GLOBALS['cfg']['CaptchaLoginPublicKey'])
-            && !$skip
         ) {
             // If enabled show captcha to the user on the login screen.
             echo '<script type="text/javascript">
@@ -349,18 +340,9 @@ public function authCheck()
             return false;
         }
 
-        // We already have one correct captcha.
-        $skip = false;
-        if (  isset($_SESSION['last_valid_captcha'])
-            && $_SESSION['last_valid_captcha']
-        ) {
-            $skip = true;
-        }
-
         // Verify Captcha if it is required.
         if (  !empty($GLOBALS['cfg']['CaptchaLoginPrivateKey'])
             && !empty($GLOBALS['cfg']['CaptchaLoginPublicKey'])
-            && !$skip
         ) {
             if (  !empty($_POST["recaptcha_challenge_field"])
                 && !empty($_POST["recaptcha_response_field"])
@@ -378,10 +360,7 @@ public function authCheck()
                 // Check if the captcha entered is valid, if not stop the login.
                 if ( !$resp->is_valid ) {
                     $conn_error = __('Entered captcha is wrong, try again!');
-                    $_SESSION['last_valid_captcha'] = false;
                     return false;
-                } else {
-                    $_SESSION['last_valid_captcha'] = true;
                 }
             } elseif (! empty($_POST["recaptcha_challenge_field"])
                 && empty($_POST["recaptcha_response_field"])
@@ -389,11 +368,7 @@ public function authCheck()
                 $conn_error = __('Please enter correct captcha!');
                 return false;
             } else {
-                if (! isset($_SESSION['last_valid_captcha'])
-                    || ! $_SESSION['last_valid_captcha']
-                ) {
-                    return false;
-                }
+                return false;
             }
         }
 
@@ -406,8 +381,6 @@ public function authCheck()
 
             if (! defined('TESTSUITE')) {
                 session_destroy();
-                // $_SESSION array is not immediately emptied
-                $_SESSION['last_valid_captcha'] = false;
             }
             // -> delete password cookie(s)
             if ($GLOBALS['cfg']['LoginCookieDeleteAll']) {