From 375816df87e70a6dbcb6ba0bec9a506a78bdf95c Mon Sep 17 00:00:00 2001
From: wzj <244142824@qq.com>
Date: Mon, 16 Jun 2025 12:04:59 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E9=AA=8C=E8=AF=81=E7=A0=81bu?=
 =?UTF-8?q?g?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app.py | 24 +++++++++++++++++-------
 1 file changed, 17 insertions(+), 7 deletions(-)

diff --git a/app.py b/app.py
index 9df1b11..94ef79d 100644
--- a/app.py
+++ b/app.py
@@ -222,13 +222,23 @@ def generate_captcha():
 
 
 def verify_captcha(user_input):
+    """验证用户输入的验证码是否正确（只验证最新的4位验证码）"""
     conn = get_db_connection()
     if conn:
         try:
             cursor = conn.cursor()
-            cursor.execute("SELECT code FROM captcha ORDER BY created_at DESC LIMIT 1")
+            # 只查询最新的验证码（确保是4位的）
+            cursor.execute("""
+                SELECT code FROM captcha 
+                WHERE LENGTH(code) = 4  -- 只查询4位验证码
+                ORDER BY created_at DESC 
+                LIMIT 1
+            """)
             result = cursor.fetchone()
             if result and user_input.upper() == result[0]:
+                # 验证成功后删除已使用的验证码
+                cursor.execute("DELETE FROM captcha WHERE code = %s", (result[0],))
+                conn.commit()
                 return True
             return False
         except Error as e:
@@ -859,11 +869,11 @@ def register():
                     conn.close()
 
     # 生成新验证码
-    captcha_code = generate_captcha()
+    captcha_url = url_for('captcha')  # 使用图片验证码
     return render_template('register.html',
-                           captcha_code=captcha_code,
-                           registration_open=current_app.config['REGISTRATION_OPEN'],
-                           email_required=current_app.config['EMAIL_VERIFICATION_REQUIRED'])
+                         captcha_url=captcha_url,  # 前端改为显示图片验证码
+                         registration_open=current_app.config['REGISTRATION_OPEN'],
+                         email_required=current_app.config['EMAIL_VERIFICATION_REQUIRED'])
 
 
 @app.route('/verify-email/<token>')
@@ -1081,8 +1091,8 @@ def login():
                     cursor.close()
                     conn.close()
 
-    captcha_code = generate_captcha()
-    return render_template('login.html', captcha_code=captcha_code)
+    captcha_url = url_for('captcha')
+    return render_template('login.html', captcha_url=captcha_url)
 
 
 @app.route('/logout')