Ignore:
Timestamp:
Jan 19, 2007, 3:56:54 AM (17 years ago)
Author:
rvelices
Message:

feature 625: comment anti-spam - protect against some of the spam robots

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/include/picture_comment.inc.php

    r1617 r1737  
    33// | PhpWebGallery - a PHP based picture gallery                           |
    44// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
    5 // | Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net |
     5// | Copyright (C) 2003-2007 PhpWebGallery Team - http://phpwebgallery.net |
    66// +-----------------------------------------------------------------------+
    77// | branch        : BSF (Best So Far)
    8 // | file          : $RCSfile$
     8// | file          : $Id$
    99// | last update   : $Date$
    1010// | last modifier : $Author$
     
    3030 *
    3131 */
     32
     33if (!function_exists('hash_hmac'))
     34{
     35function hash_hmac($algo, $data, $key, $raw_output=false)
     36{
     37  /* md5 and sha1 only */
     38  $algo=strtolower($algo);
     39  $p=array('md5'=>'H32','sha1'=>'H40');
     40  if ( !isset($p[$algo]) or !function_exists($algo) )
     41  {
     42    $algo = 'md5';
     43  }
     44  if(strlen($key)>64) $key=pack($p[$algo],$algo($key));
     45  if(strlen($key)<64) $key=str_pad($key,64,chr(0));
     46
     47  $ipad=substr($key,0,64) ^ str_repeat(chr(0x36),64);
     48  $opad=substr($key,0,64) ^ str_repeat(chr(0x5C),64);
     49
     50  $ret = $algo($opad.pack($p[$algo],$algo($ipad.$data)));
     51  if ($raw_output)
     52  {
     53    $ret = pack('H*', $ret);
     54  }
     55  return $ret;
     56}
     57}
     58
    3259//returns string action to perform on a new comment: validate, moderate, reject
    3360function user_comment_check($action, $comment, $picture)
     
    138165  }
    139166
     167  $key = explode(':', @$_POST['key']);
     168  if ( count($key)!=2
     169        or $key[0]>time() or $key[0]<time()-1800 // 30 minutes expiration
     170        or hash_hmac('md5', $key[0], $conf['secret_key'])!=$key[1]
     171      )
     172  {
     173    $comment_action='reject';
     174  }
     175 
    140176  if ($comment_action!='reject' and $conf['anti-flood_time']>0 )
    141177  { // anti-flood system
     
    317353      or ($user['is_the_guest'] and $conf['comments_forall']))
    318354  {
    319     $template->assign_block_vars('comments.add_comment', array());
     355    $key = time();
     356    $key .= ':'.hash_hmac('md5', $key, $conf['secret_key']);
     357    $template->assign_block_vars('comments.add_comment',
     358        array(
     359          'key' => $key
     360        ));
    320361    // display author field if the user is not logged in
    321362    if ($user['is_the_guest'])
Note: See TracChangeset for help on using the changeset viewer.