[Xfce4-commits] <forum:master> Add the user question.
Nick Schermer
noreply at xfce.org
Fri Nov 12 18:12:04 CET 2010
Updating branch refs/heads/master
to bfb8f517a6fbabdfa39373c58b06df18d55990d3 (commit)
from 18dad3133645c36de454db68fd575238f08b6505 (commit)
commit bfb8f517a6fbabdfa39373c58b06df18d55990d3
Author: Nick Schermer <nick at xfce.org>
Date: Fri Nov 12 17:09:06 2010 +0100
Add the user question.
Got the idea from bbs.archlinux.org. Hopefully this unique question
will help us getting rid of most of the spam bots.
include/sha256question.php | 56 ++++++++++++++++++++++++++++++++++++++++++++
register.php | 5 ++++
2 files changed, 61 insertions(+), 0 deletions(-)
diff --git a/include/sha256question.php b/include/sha256question.php
new file mode 100644
index 0000000..df75690
--- /dev/null
+++ b/include/sha256question.php
@@ -0,0 +1,56 @@
+<?php
+
+if (!defined('PUN'))
+ exit;
+
+$question_format = "%jXfce";
+$question_fld_name = "the_mouse_told_you";
+
+function sha256question_normalize($answer)
+{
+ return preg_replace('/[^a-z0-9]/', '', strtolower($answer));
+}
+
+function sha256question_get()
+{
+ global $question_format, $question_fld_name;
+
+ $command = "date -u +$question_format|sha256sum|sed 's/\W//g'";
+
+ return '<div class="inform">
+ <fieldset>
+ <legend>Your answer</legend>
+ <div class="infldset">
+ <label class="required">
+ <strong>What is the output of "'.$command.'"?<span>'.$lang_common['Required'].'></span></strong><br />
+ <input type="text" name="'.$question_fld_name.'" value="" size="50" /><br />
+ </label>
+ </div>
+ </fieldset>
+ </div>';
+}
+
+function sha256question_check()
+{
+ global $question_format, $question_fld_name;
+
+ // Get the users' reply
+ if (!empty ($_POST[$question_fld_name]))
+ $user_answer = sha256question_normalize ($_POST[$question_fld_name]);
+ else
+ return False;
+
+ // Because the user might be in a different time zone, or day changed right
+ // after submit, we also check the hash of yesterday and tomorrow.
+ foreach (array (0, 1, -1) as $i)
+ {
+ // The date command adds a new line at the end
+ $str = gmstrftime ($question_format, time() - ($i * 60*60*24)) ."\n";
+ $answer = hash ("sha256", $str);
+
+ if (sha256question_normalize ($answer) == $user_answer)
+ return True;
+ }
+
+ return False;
+}
diff --git a/register.php b/register.php
index d79ba60..71f14e3 100644
--- a/register.php
+++ b/register.php
@@ -8,6 +8,7 @@
define('PUN_ROOT', './');
require PUN_ROOT.'include/common.php';
+require PUN_ROOT.'include/sha256question.php';
// If we are logged in, we shouldn't be here
@@ -65,6 +66,9 @@ $errors = array();
if (isset($_POST['form_sent']))
{
+ // Check our user question
+ sha256question_check() || $errors[] = "Sorry, your answer was wrong. Try again!";
+
// Check that someone from this IP didn't register a user within the last hour (DoS prevention)
$result = $db->query('SELECT 1 FROM '.$db->prefix.'users WHERE registration_ip=\''.get_remote_address().'\' AND registered>'.(time() - 3600)) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
@@ -402,6 +406,7 @@ if (!empty($errors))
</div>
</fieldset>
</div>
+ <?php echo sha256question_get(); ?>
<p class="buttons"><input type="submit" name="register" value="<?php echo $lang_register['Register'] ?>" /></p>
</form>
</div>
More information about the Xfce4-commits
mailing list