add an initial (and basic) challenge to avoid spam (at least to try)

php · Jul 5, 2006 · 377dc8d · 377dc8d
1 parent d8cdce1
commit 377dc8d
Show file tree

Hide file tree

Showing 2 changed files with 96 additions and 6 deletions.
diff --git a/manual/add-note.php b/manual/add-note.php
@@ -4,21 +4,22 @@
 include_once $_SERVER['DOCUMENT_ROOT'] . '/include/prepend.inc';
 include_once $_SERVER['DOCUMENT_ROOT'] . '/include/posttohost.inc';
 include_once $_SERVER['DOCUMENT_ROOT'] . '/include/shared-manual.inc';
+include      $_SERVER['DOCUMENT_ROOT'] . '/manual/spam_challenge.php';
 site_header("Add Manual Note");
 
 // Copy over "sect" and "redirect" from GET to POST
-if (!isset($_POST['sect']) && isset($_GET['sect'])) {
+if (empty($_POST['sect']) && isset($_GET['sect'])) {
     $_POST['sect'] = $_GET['sect'];
 }
-if (!isset($_POST['redirect']) && isset($_GET['redirect'])) {
+if (empty($_POST['redirect']) && isset($_GET['redirect'])) {
     $_POST['redirect'] = $_GET['redirect'];
 }
 
 // Decide on whether all vars are present for processing 
 $process = TRUE;
-$needed_vars = array('note', 'user', 'sect', 'redirect', 'action');
+$needed_vars = array('note', 'user', 'sect', 'redirect', 'action', 'func', 'arga', 'argb', 'answer');
 foreach ($needed_vars as $varname) {
-    if (!isset($_POST[$varname])) {
+    if (empty($_POST[$varname])) {
         $process = FALSE;
         break;
     }
@@ -49,13 +50,18 @@
     if (strlen($note) == 0) {
         $error = "You have not specified the note text.";
     }
-
+
+    // SPAM challenge failed
+    elseif (!test_answer($_POST['func'], $_POST['arga'], $_POST['argb'], $_POST['answer'])) {
+        $error = 'SPAM challenge failed.';
+    }
+
     // The user name contains a malicious character
     elseif (stristr($user, "|")) {
         $error = "You have included bad characters within your username. We appreciate you may want to obfuscate your email further, but we have a system in place to do this for you.";
     }
 
-    // Check if the note is not too long
+    // Check if the note is too long
     elseif (strlen($note) >= 4096) {
         $error = "Your note is too long. You'll have to make it shorter before you can post it. Keep in mind that this is not the place for long code examples!";
     }
@@ -272,8 +278,17 @@
    <br />
   </td>
   </tr>
+  <tr>
+   <th class="subr">Answer to this simple question (SPAM challenge):<br />
+   <?php $c = gen_challenge(); echo $c[3]; ?>?</th>
+   <td><input type="text" name="answer" size="60" maxlength="10" /></td>
+  </td>
+  </tr>
   <tr>
    <th colspan="2">
+    <input type="hidden" name="func" value="<?php echo $c[0]; ?>" />
+    <input type="hidden" name="arga" value="<?php echo $c[1]; ?>" />
+    <input type="hidden" name="argb" value="<?php echo $c[2]; ?>" />
     <input type="submit" name="action" value="Preview" />
     <input type="submit" name="action" value="Add Note" />
    </th>

diff --git a/manual/spam_challenge.php b/manual/spam_challenge.php
@@ -0,0 +1,75 @@
+<?php
+// $Id$
+
+// simple and stupid SPAM protection (using little challenges)
+
+$nums = array('zero', 'one', 'two', 'three', 'four', 'five', 'six', 'seven', 'eight', 'nine');
+
+function plus($a, $b) {
+	return $a + $b;
+}
+
+function gen_plus($a) {
+	return rand(0, 9 - $a);
+}
+
+function minus($a, $b) {
+	return $a - $b;
+}
+
+function gen_minus($a) {
+	return rand(0, $a);
+}
+
+function print_infix($name, $a, $b) {
+	return "$a $name $b";
+}
+
+function print_prefix($name, $a, $b) {
+	return "$name($a, $b)";
+}
+
+$challenges = array(
+	// name, print, generator
+	array('max',   'print_prefix'),
+	array('min',   'print_prefix'),
+	array('minus', 'print_infix', 'gen_minus'),
+	array('plus',  'print_infix', 'gen_plus'),
+);
+
+
+// generate a challenge
+function gen_challenge() {
+	global $challenges, $nums;
+	$c = $challenges[rand(0, sizeof($challenges)-1)];
+
+	$a  = rand(0, 9);
+	$an = $nums[$a];
+	$b  = isset($c[2]) ? $c[2]($a) : rand(0, 9);
+	$bn = $nums[$b];
+
+	return array($c[0], $an, $bn, $c[1]($c[0], $an, $bn));
+}
+
+
+// test an answer for validity
+function test_answer($name, $an, $bn, $answer) {
+	global $challenges, $nums;
+
+	foreach ($challenges as $x) {
+		if ($x[0] === $name) {
+			$c = $x;
+			break;
+		}
+	}
+
+	$a = array_search($an, $nums);
+	$b = array_search($bn, $nums);
+
+	if (empty($c) || $a === false || $b === false) return false;
+
+	return ($nums[$c[0]($a, $b)] === $answer);
+}
+
+
+?>