forked from leftypol/leftypol
better anti-bot check
This commit is contained in:
Michael Save
parent
96ffd9eb3b
commit
dd0f421015
5 changed files with 274 additions and 178 deletions
|
|
@ -13,6 +13,7 @@ require_once 'inc/display.php';
|
|||
require_once 'inc/template.php';
|
||||
require_once 'inc/database.php';
|
||||
require_once 'inc/events.php';
|
||||
require_once 'inc/anti-bot.php';
|
||||
require_once 'inc/lib/gettext/gettext.inc';
|
||||
|
||||
// the user is not currently logged in as a moderator
|
||||
|
|
@ -1160,166 +1161,6 @@ function checkMute() {
|
|||
}
|
||||
}
|
||||
|
||||
function createHiddenInputs($extra_salt = array()) {
|
||||
global $config;
|
||||
|
||||
if(!empty($extra_salt)) {
|
||||
// create a salted hash of the "extra salt"
|
||||
$extra_salt = implode(':', $extra_salt);
|
||||
} else {
|
||||
$extra_salt = '';
|
||||
}
|
||||
|
||||
$inputs = array();
|
||||
|
||||
shuffle($config['spam']['hidden_input_names']);
|
||||
$hidden_input_names_x = 0;
|
||||
|
||||
$input_count = rand($config['spam']['hidden_inputs_min'], $config['spam']['hidden_inputs_max']);
|
||||
for($x=0;$x<$input_count;$x++) {
|
||||
if(rand(0, 2) == 0 || $hidden_input_names_x < 0) {
|
||||
// Use an obscure name
|
||||
$name = strtolower(substr(base64_encode(sha1(rand(), true)), 0, rand(2, 20)));
|
||||
|
||||
} else {
|
||||
// Use a pre-defined confusing name
|
||||
$name = $config['spam']['hidden_input_names'][$hidden_input_names_x++];
|
||||
if($hidden_input_names_x >= count($config['spam']['hidden_input_names']))
|
||||
$hidden_input_names_x = -1;
|
||||
}
|
||||
|
||||
if(rand(0, 2) == 0) {
|
||||
// Value must be null
|
||||
$inputs[$name] = '';
|
||||
} elseif(rand(0, 4) == 0) {
|
||||
// Numeric value
|
||||
$inputs[$name] = rand(0, 100);
|
||||
} else {
|
||||
// Obscure value
|
||||
$inputs[$name] = substr(base64_encode(sha1(rand(), true) . sha1(rand(), true)), 0, rand(2, 54));
|
||||
}
|
||||
}
|
||||
|
||||
$content = '';
|
||||
foreach($inputs as $name => $value) {
|
||||
$display_type = rand(0, 8);
|
||||
|
||||
switch($display_type) {
|
||||
case 0:
|
||||
$content .= '<input type="hidden" name="' . htmlspecialchars($name) . '" value="' .
|
||||
htmlspecialchars($value) . '" />';
|
||||
break;
|
||||
case 1:
|
||||
$content .= '<input style="display:none" name="' . htmlspecialchars($name) . '" value="' .
|
||||
htmlspecialchars($value) . '" />';
|
||||
break;
|
||||
case 2:
|
||||
$content .= '<input type="hidden" value="' . htmlspecialchars($value) . '" name="' .
|
||||
htmlspecialchars($name) . '" />';
|
||||
break;
|
||||
case 3:
|
||||
$content .= '<input type="hidden" name="' . htmlspecialchars($name) . '" value="' .
|
||||
htmlspecialchars($value) . '" />';
|
||||
break;
|
||||
case 4:
|
||||
$content .= '<span style="display:none"><input type="text" name="' . htmlspecialchars($name) . '" value="' .
|
||||
htmlspecialchars($value) .'" /></span>';
|
||||
break;
|
||||
case 5:
|
||||
$content .= '<div style="display:none"><input type="text" name="' . htmlspecialchars($name) . '" value="' .
|
||||
htmlspecialchars($value) . '" /></div>';
|
||||
break;
|
||||
case 6:
|
||||
if(!empty($value))
|
||||
$content .= '<textarea style="display:none" name="' . htmlspecialchars($name) . '">' .
|
||||
htmlspecialchars($value) . '</textarea>';
|
||||
else
|
||||
$content .= '<input type="hidden" name="' . htmlspecialchars($name) . '" value="' .
|
||||
htmlspecialchars($value) . '" />';
|
||||
break;
|
||||
case 7:
|
||||
if(!empty($value))
|
||||
$content .= '<textarea name="' . htmlspecialchars($name) . '" style="display:none">' .
|
||||
htmlspecialchars($value) . '</textarea>';
|
||||
else
|
||||
$content .= '<input type="hidden" name="' . htmlspecialchars($name) . '" value="' .
|
||||
htmlspecialchars($value) . '" />';
|
||||
break;
|
||||
case 8:
|
||||
$content .= '<div style="display:none"><textarea name="' . htmlspecialchars($name) . '" style="display:none">' .
|
||||
htmlspecialchars($value) . '</textarea></div>';
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
// Create a hash to validate it after
|
||||
// This is the tricky part.
|
||||
|
||||
// First, sort the keys in alphabetical order (A-Z)
|
||||
ksort($inputs);
|
||||
|
||||
$hash = '';
|
||||
|
||||
// Iterate through each input
|
||||
foreach($inputs as $name => $value) {
|
||||
$hash .= $name . '=' . $value;
|
||||
}
|
||||
|
||||
// Add a salt to the hash
|
||||
$hash .= $config['cookies']['salt'];
|
||||
|
||||
// Use SHA1 for the hash
|
||||
$hash = sha1($hash . $extra_salt);
|
||||
|
||||
// Append it to the HTML
|
||||
$content .= '<input type="hidden" name="hash" value="' . $hash . '" />';
|
||||
|
||||
return $content;
|
||||
}
|
||||
|
||||
function checkSpam($extra_salt = array()) {
|
||||
global $config;
|
||||
|
||||
if(!isset($_POST['hash']))
|
||||
return true;
|
||||
|
||||
$hash = $_POST['hash'];
|
||||
|
||||
if(!empty($extra_salt)) {
|
||||
// create a salted hash of the "extra salt"
|
||||
$extra_salt = implode(':', $extra_salt);
|
||||
} else {
|
||||
$extra_salt = '';
|
||||
}
|
||||
|
||||
// Reconsturct the $inputs array
|
||||
$inputs = array();
|
||||
|
||||
foreach($_POST as $name => $value) {
|
||||
if(in_array($name, $config['spam']['valid_inputs']))
|
||||
continue;
|
||||
|
||||
$inputs[$name] = $value;
|
||||
}
|
||||
|
||||
// Sort the inputs in alphabetical order (A-Z)
|
||||
ksort($inputs);
|
||||
|
||||
$_hash = '';
|
||||
|
||||
// Iterate through each input
|
||||
foreach($inputs as $name => $value) {
|
||||
$_hash .= $name . '=' . $value;
|
||||
}
|
||||
|
||||
// Add a salt to the hash
|
||||
$_hash .= $config['cookies']['salt'];
|
||||
|
||||
// Use SHA1 for the hash
|
||||
$_hash = sha1($_hash . $extra_salt);
|
||||
|
||||
return $hash != $_hash;
|
||||
}
|
||||
|
||||
function buildIndex() {
|
||||
global $board, $config;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue