I am implementing a captcha that should only appear for a few minutes after a user mistyped his password. The logic is situated in isLoginAbuse function.
public function rules()
{
return array(
// email and password are required
array('email, password', 'required'),
// rememberMe needs to be a boolean
array('rememberMe', 'boolean'),
// password needs to be authenticated
array('password', 'authenticate'),
array('verifyCode', 'captcha', 'captchaAction' => 'site/captcha', 'allowEmpty'=>$this->isLoginAbuse()),
);
}
the problem I have come across is that it calls isLoginAbuse() every time I open the Login page, whereas it should only be invoked only after a user clicks Submit button. I do realize it is what it is supposed to be like. I have tried doing this
'allowEmpty'=>'isLoginAbuse'
but it didn’t work.
Do I have to create my own captcha class and override the run() method to accomplish this simple task? Is there a simpler way?
var hash = $('body').data('site/captcha.hash');
if (hash == null)
hash = 771;
else
hash = hash[1];
for(var i=value.length-1, h=0; i >= 0; --i) h+=value.toLowerCase().charCodeAt(i);
if(h != hash) {
messages.push("The verification code is incorrect.");
}
can it be considered safe?
Also, another question I have is is there any way to apply ajax validation to only a certain text-field, rather than to everything residing within CActiveForm widget?
