This is an automated email from the git hooks/post-receive script. s k u n n y k p u s h e d a c o m m i t t o b r a n c h o l d f o r u m in repository www/forum.xfce.org.
commit bfb8f517a6fbabdfa39373c58b06df18d55990d3 Author: Nick Schermer <n...@xfce.org> Date: Fri Nov 12 17:09:06 2010 +0100 Add the user question. Got the idea from bbs.archlinux.org. Hopefully this unique question will help us getting rid of most of the spam bots. --- include/sha256question.php | 56 ++++++++++++++++++++++++++++++++++++++++++++++ register.php | 5 +++++ 2 files changed, 61 insertions(+) diff --git a/include/sha256question.php b/include/sha256question.php new file mode 100644 index 0000000..df75690 --- /dev/null +++ b/include/sha256question.php @@ -0,0 +1,56 @@ +<?php + +if (!defined('PUN')) + exit; + +$question_format = "%jXfce"; +$question_fld_name = "the_mouse_told_you"; + +function sha256question_normalize($answer) +{ + return preg_replace('/[^a-z0-9]/', '', strtolower($answer)); +} + +function sha256question_get() +{ + global $question_format, $question_fld_name; + + $command = "date -u +$question_format|sha256sum|sed 's/\W//g'"; + + return '<div class="inform"> + <fieldset> + <legend>Your answer</legend> + <div class="infldset"> + <label class="required"> + <strong>What is the output of "'.$command.'"?<span>'.$lang_common['Required'].'></span></strong><br /> + <input type="text" name="'.$question_fld_name.'" value="" size="50" /><br /> + </label> + </div> + </fieldset> + </div>'; +} + +function sha256question_check() +{ + global $question_format, $question_fld_name; + + // Get the users' reply + if (!empty ($_POST[$question_fld_name])) + $user_answer = sha256question_normalize ($_POST[$question_fld_name]); + else + return False; + + // Because the user might be in a different time zone, or day changed right + // after submit, we also check the hash of yesterday and tomorrow. + foreach (array (0, 1, -1) as $i) + { + // The date command adds a new line at the end + $str = gmstrftime ($question_format, time() - ($i * 60*60*24)) ."\n"; + $answer = hash ("sha256", $str); + + if (sha256question_normalize ($answer) == $user_answer) + return True; + } + + return False; +} diff --git a/register.php b/register.php index d79ba60..71f14e3 100644 --- a/register.php +++ b/register.php @@ -8,6 +8,7 @@ define('PUN_ROOT', './'); require PUN_ROOT.'include/common.php'; +require PUN_ROOT.'include/sha256question.php'; // If we are logged in, we shouldn't be here @@ -65,6 +66,9 @@ $errors = array(); if (isset($_POST['form_sent'])) { + // Check our user question + sha256question_check() || $errors[] = "Sorry, your answer was wrong. Try again!"; + // Check that someone from this IP didn't register a user within the last hour (DoS prevention) $result = $db->query('SELECT 1 FROM '.$db->prefix.'users WHERE registration_ip=\''.get_remote_address().'\' AND registered>'.(time() - 3600)) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); @@ -402,6 +406,7 @@ if (!empty($errors)) </div> </fieldset> </div> + <?php echo sha256question_get(); ?> <p class="buttons"><input type="submit" name="register" value="<?php echo $lang_register['Register'] ?>" /></p> </form> </div> -- To stop receiving notification emails like this one, please contact the administrator of this repository. _______________________________________________ Xfce4-commits mailing list Xfce4-commits@xfce.org https://mail.xfce.org/mailman/listinfo/xfce4-commits