2 files changed, 8 insertions, 2 deletions

diff --git a/src/invidious/users.cr b/src/invidious/users.cr
index 28879d23..7caefb7c 100644
--- a/src/invidious/users.cr
+++ b/src/invidious/users.cr
@@ -262,6 +262,10 @@ def validate_response(challenge, token, user_id, operation, key, db)
 end
 
 def generate_captcha(key, db)
+  second = Random::Secure.rand(12)
+  second_angle = second * 30
+  second = second * 5
+
   minute = Random::Secure.rand(12)
   minute_angle = minute * 30
   minute = minute * 5
@@ -290,6 +294,7 @@ def generate_captcha(key, db)
   <text x="50"     y="15"     text-anchor="middle" fill="black" font-family="Arial" font-size="10px">12</text>
 
   <circle cx="50" cy="50" r="3" fill="black"></circle>
+  <line id="second" transform="rotate(#{second_angle}, 50, 50)" x1="50" y1="50" x2="50" y2="12" fill="black" stroke="black" stroke-width="1"></line>
   <line id="minute" transform="rotate(#{minute_angle}, 50, 50)" x1="50" y1="50" x2="50" y2="16" fill="black" stroke="black" stroke-width="2"></line>
   <line id="hour"   transform="rotate(#{hour_angle}, 50, 50)" x1="50" y1="50" x2="50" y2="24" fill="black" stroke="black" stroke-width="2"></line>
   </svg>
@@ -303,7 +308,7 @@ def generate_captcha(key, db)
     image = "data:image/png;base64,#{image}"
   end
 
-  answer = "#{hour}:#{minute.to_s.rjust(2, '0')}"
+  answer = "#{hour}:#{minute.to_s.rjust(2, '0')}:#{second.to_s.rjust(2, '0')}"
   answer = OpenSSL::HMAC.hexdigest(:sha256, key, answer)
 
   challenge, token = create_response(answer, "sign_in", key, db)
diff --git a/src/invidious/views/login.ecr b/src/invidious/views/login.ecr
index 69f04ed2..f9c5029c 100644
--- a/src/invidious/views/login.ecr
+++ b/src/invidious/views/login.ecr
@@ -28,7 +28,8 @@
                     <img style="width:100%" src='<%= captcha.not_nil![:image] %>'/>
                     <input type="hidden" name="token" value="<%= captcha.not_nil![:token] %>">
                     <input type="hidden" name="challenge" value="<%= captcha.not_nil![:challenge] %>">
-                    <input required type="text" name="answer" type="text" placeholder="h:mm">
+                    <label for="answer">Time (h:mm:ss):</label>
+                    <input required type="text" name="answer" type="text" placeholder="h:mm:ss">
                     
                     <label>
                         <a href="/login?referer=<%= URI.escape(referer) %>&type=invidious&captcha=text">Text CAPTCHA</a>