[Xfce4-commits] <forum:master> Add the user question.

Nick Schermer noreply at xfce.org
Fri Nov 12 18:12:04 CET 2010


Updating branch refs/heads/master
         to bfb8f517a6fbabdfa39373c58b06df18d55990d3 (commit)
       from 18dad3133645c36de454db68fd575238f08b6505 (commit)

commit bfb8f517a6fbabdfa39373c58b06df18d55990d3
Author: Nick Schermer <nick at xfce.org>
Date:   Fri Nov 12 17:09:06 2010 +0100

    Add the user question.
    
    Got the idea from bbs.archlinux.org. Hopefully this unique question
    will help us getting rid of most of the spam bots.

 include/sha256question.php |   56 ++++++++++++++++++++++++++++++++++++++++++++
 register.php               |    5 ++++
 2 files changed, 61 insertions(+), 0 deletions(-)

diff --git a/include/sha256question.php b/include/sha256question.php
new file mode 100644
index 0000000..df75690
--- /dev/null
+++ b/include/sha256question.php
@@ -0,0 +1,56 @@
+<?php
+
+if (!defined('PUN'))
+	exit;
+
+$question_format = "%jXfce";
+$question_fld_name = "the_mouse_told_you";
+
+function sha256question_normalize($answer)
+{
+	return preg_replace('/[^a-z0-9]/', '', strtolower($answer));
+}
+
+function sha256question_get()
+{
+	global $question_format, $question_fld_name;
+
+	$command = "date -u +$question_format|sha256sum|sed 's/\W//g'";
+
+	return '<div class="inform">
+			<fieldset>
+				<legend>Your answer</legend>
+				<div class="infldset">
+					<label class="required">
+						<strong>What is the output of "'.$command.'"?<span>'.$lang_common['Required'].'></span></strong><br />
+						<input type="text" name="'.$question_fld_name.'" value="" size="50" /><br />
+					</label>
+				</div>
+			</fieldset>
+		</div>';
+}
+
+function sha256question_check()
+{
+	global $question_format, $question_fld_name;
+
+	// Get the users' reply
+	if (!empty ($_POST[$question_fld_name]))
+		$user_answer = sha256question_normalize ($_POST[$question_fld_name]);
+	else
+		return False;
+
+	// Because the user might be in a different time zone, or day changed right
+	// after submit, we also check the hash of yesterday and tomorrow.
+	foreach (array (0, 1, -1) as $i)
+	{
+		// The date command adds a new line at the end
+		$str = gmstrftime ($question_format, time() - ($i * 60*60*24)) ."\n";
+		$answer = hash ("sha256", $str);
+
+		if (sha256question_normalize ($answer) == $user_answer)
+			return True;
+	}
+
+	return False;
+}
diff --git a/register.php b/register.php
index d79ba60..71f14e3 100644
--- a/register.php
+++ b/register.php
@@ -8,6 +8,7 @@
 
 define('PUN_ROOT', './');
 require PUN_ROOT.'include/common.php';
+require PUN_ROOT.'include/sha256question.php';
 
 
 // If we are logged in, we shouldn't be here
@@ -65,6 +66,9 @@ $errors = array();
 
 if (isset($_POST['form_sent']))
 {
+	// Check our user question
+	sha256question_check() || $errors[] = "Sorry, your answer was wrong. Try again!";
+
 	// Check that someone from this IP didn't register a user within the last hour (DoS prevention)
 	$result = $db->query('SELECT 1 FROM '.$db->prefix.'users WHERE registration_ip=\''.get_remote_address().'\' AND registered>'.(time() - 3600)) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
 
@@ -402,6 +406,7 @@ if (!empty($errors))
 					</div>
 				</fieldset>
 			</div>
+			<?php echo sha256question_get(); ?>
 			<p class="buttons"><input type="submit" name="register" value="<?php echo $lang_register['Register'] ?>" /></p>
 		</form>
 	</div>



More information about the Xfce4-commits mailing list