kashire
/
lainchan
4
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 26 Wiki Activity
The version of vichan running on lainchan.org
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2035 Commits
3 Branches
120MB
Tree: 7f0de93608
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '7f0de93608'
${ noResults }
lainchan/inc/anti-bot.php

267 lines
7.1KB
Raw Blame History 

  1. <?php

  2. 

  3. /*

  4.  *  Copyright (c) 2010-2013 Tinyboard Development Group

  5.  */

  6. 

  7. defined('TINYBOARD') or exit;

  8. 

  9. $hidden_inputs_twig = array();

  10. 

  11. class AntiBot {

  12. 	public $salt, $inputs = array(), $index = 0;

  13. 	

  14. 	public static function randomString($length, $uppercase = false, $special_chars = false) {

  15. 		$chars = 'abcdefghijklmnopqrstuvwxyz0123456789';

  16. 		if ($uppercase)

  17. 			$chars .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';

  18. 		if ($special_chars)

  19. 			$chars .= ' ~!@#$%^&*()_+,./;\'[]\\{}|:<>?=-` ';

  20. 		

  21. 		$chars = str_split($chars);

  22. 		

  23. 		$ch = array();

  24. 		

  25. 		// fill up $ch until we reach $length

  26. 		while (count($ch) < $length) {

  27. 			$n = $length - count($ch);

  28. 			$keys = array_rand($chars, $n > count($chars) ? count($chars) : $n);

  29. 			if ($n == 1) {

  30. 				$ch[] = $chars[$keys];

  31. 				break;

  32. 			}

  33. 			shuffle($keys);

  34. 			foreach ($keys as $key)

  35. 				$ch[] = $chars[$key];

  36. 		}

  37. 		

  38. 		$chars = $ch;

  39. 		

  40. 		return implode('', $chars);

  41. 	}

  42. 	

  43. 	public static function make_confusing($string) {

  44. 		$chars = str_split($string);

  45. 		

  46. 		foreach ($chars as &$c) {

  47. 			if (rand(0, 2) != 0)

  48. 				$c = utf8tohtml($c);

  49. 			else

  50. 				$c = mb_encode_numericentity($c, array(0, 0xffff, 0, 0xffff), 'UTF-8');

  51. 		}

  52. 		

  53. 		return implode('', $chars);

  54. 	}

  55. 	

  56. 	public function __construct(array $salt = array()) {

  57. 		global $config;

  58. 		

  59. 		if (!empty($salt)) {

  60. 			// create a salted hash of the "extra salt"

  61. 			$this->salt = implode(':', $salt);

  62. 		} else { 

  63. 			$this->salt = '';

  64. 		}

  65. 		

  66. 		shuffle($config['spam']['hidden_input_names']);

  67. 		

  68. 		$input_count = rand($config['spam']['hidden_inputs_min'], $config['spam']['hidden_inputs_max']);

  69. 		$hidden_input_names_x = 0;

  70. 		

  71. 		for ($x = 0; $x < $input_count ; $x++) {

  72. 			if ($hidden_input_names_x === false || rand(0, 2) == 0) {

  73. 				// Use an obscure name

  74. 				$name = $this->randomString(rand(10, 40));

  75. 			} else {

  76. 				// Use a pre-defined confusing name

  77. 				$name = $config['spam']['hidden_input_names'][$hidden_input_names_x++];

  78. 				if ($hidden_input_names_x >= count($config['spam']['hidden_input_names']))

  79. 					$hidden_input_names_x = false;

  80. 			}

  81. 			

  82. 			if (rand(0, 2) == 0) {

  83. 				// Value must be null

  84. 				$this->inputs[$name] = '';

  85. 			} elseif (rand(0, 4) == 0) {

  86. 				// Numeric value

  87. 				$this->inputs[$name] = (string)rand(0, 100);

  88. 			} else {

  89. 				// Obscure value

  90. 				$this->inputs[$name] = $this->randomString(rand(5, 100), true, true);

  91. 			}

  92. 		}

  93. 	}

  94. 	

  95. 	public function html($count = false) {

  96. 		global $config;

  97. 		

  98. 		$elements = array(

  99. 			'<input type="hidden" name="%name%" value="%value%">',

  100. 			'<input type="hidden" value="%value%" name="%name%">',

  101. 			'<input style="display:none" type="text" name="%name%" value="%value%">',

  102. 			'<input style="display:none" type="text" value="%value%" name="%name%">',

  103. 			'<span style="display:none"><input type="text" name="%name%" value="%value%"></span>',

  104. 			'<div style="display:none"><input type="text" name="%name%" value="%value%"></div>',

  105. 			'<div style="display:none"><input type="text" name="%name%" value="%value%"></div>',

  106. 			'<textarea style="display:none" name="%name%">%value%</textarea>',

  107. 			'<textarea name="%name%" style="display:none">%value%</textarea>'

  108. 		);

  109. 		

  110. 		$html = '';

  111. 		

  112. 		if ($count === false) {

  113. 			$count = rand(1, count($this->inputs) / 15);

  114. 		}

  115. 		

  116. 		if ($count === true) {

  117. 			// all elements

  118. 			$inputs = array_slice($this->inputs, $this->index);

  119. 		} else {

  120. 			$inputs = array_slice($this->inputs, $this->index, $count);

  121. 		}

  122. 		$this->index += count($inputs);

  123. 		

  124. 		foreach ($inputs as $name => $value) {

  125. 			$element = false;

  126. 			while (!$element) {

  127. 				$element = $elements[array_rand($elements)];

  128. 				if (strpos($element, 'textarea') !== false && $value == '') {

  129. 					// There have been some issues with mobile web browsers and empty <textarea>'s.

  130. 					$element = false;

  131. 				}

  132. 			}

  133. 			

  134. 			$element = str_replace('%name%', utf8tohtml($name), $element);

  135. 			

  136. 			if (rand(0, 2) == 0)

  137. 				$value = $this->make_confusing($value);

  138. 			else

  139. 				$value = utf8tohtml($value);

  140. 			

  141. 			if (strpos($element, 'textarea') === false)

  142. 				$value = str_replace('"', '&quot;', $value);

  143. 			

  144. 			$element = str_replace('%value%', $value, $element);

  145. 			

  146. 			$html .= $element;

  147. 		}

  148. 		

  149. 		return $html;

  150. 	}

  151. 	

  152. 	public function reset() {

  153. 		$this->index = 0;

  154. 	}

  155. 	

  156. 	public function hash() {

  157. 		global $config;

  158. 		

  159. 		// This is the tricky part: create a hash to validate it after

  160. 		// First, sort the keys in alphabetical order (A-Z)

  161. 		$inputs = $this->inputs;

  162. 		ksort($inputs);

  163. 		

  164. 		$hash = '';

  165. 		// Iterate through each input

  166. 		foreach ($inputs as $name => $value) {

  167. 			$hash .= $name . '=' . $value;

  168. 		}

  169. 		// Add a salt to the hash

  170. 		$hash .= $config['cookies']['salt'];

  171. 		

  172. 		// Use SHA1 for the hash

  173. 		return sha1($hash . $this->salt);

  174. 	}

  175. }

  176. 

  177. function _create_antibot($board, $thread) {

  178. 	global $config, $purged_old_antispam;

  179. 	

  180. 	$antibot = new AntiBot(array($board, $thread));

  181. 	

  182. 	if (!isset($purged_old_antispam)) {

  183. 		$purged_old_antispam = true;

  184. 		query('DELETE FROM ``antispam`` WHERE `expires` < UNIX_TIMESTAMP()') or error(db_error());

  185. 	}

  186. 	

  187. 	if ($thread)

  188. 		$query = prepare('UPDATE ``antispam`` SET `expires` = UNIX_TIMESTAMP() + :expires WHERE `board` = :board AND `thread` = :thread AND `expires` IS NULL');

  189. 	else

  190. 		$query = prepare('UPDATE ``antispam`` SET `expires` = UNIX_TIMESTAMP() + :expires WHERE `board` = :board AND `thread` IS NULL AND `expires` IS NULL');

  191. 	

  192. 	$query->bindValue(':board', $board);

  193. 	if ($thread)

  194. 		$query->bindValue(':thread', $thread);

  195. 	$query->bindValue(':expires', $config['spam']['hidden_inputs_expire']);

  196. 	$query->execute() or error(db_error($query));

  197. 	

  198. 	$query = prepare('INSERT INTO ``antispam`` VALUES (:board, :thread, :hash, UNIX_TIMESTAMP(), NULL, 0)');

  199. 	$query->bindValue(':board', $board);

  200. 	$query->bindValue(':thread', $thread);

  201. 	$query->bindValue(':hash', $antibot->hash());

  202. 	$query->execute() or error(db_error($query));

  203. 	

  204. 	return $antibot;

  205. }

  206. 

  207. function checkSpam(array $extra_salt = array()) {

  208. 	global $config, $pdo;

  209. 

  210. 	if (!isset($_POST['hash']))

  211. 		return true;

  212. 

  213. 	$hash = $_POST['hash'];

  214. 

  215. 	if (!empty($extra_salt)) {

  216. 		// create a salted hash of the "extra salt"

  217. 		$extra_salt = implode(':', $extra_salt);

  218. 	} else { 

  219. 		$extra_salt = '';

  220. 	}

  221. 

  222. 	// Reconsturct the $inputs array

  223. 	$inputs = array();

  224. 

  225. 	foreach ($_POST as $name => $value) {

  226. 		if (in_array($name, $config['spam']['valid_inputs']))

  227. 			continue;

  228. 

  229. 		$inputs[$name] = $value;

  230. 	}

  231. 

  232. 	// Sort the inputs in alphabetical order (A-Z)

  233. 	ksort($inputs);

  234. 

  235. 	$_hash = '';

  236. 

  237. 	// Iterate through each input

  238. 	foreach ($inputs as $name => $value) {

  239. 		$_hash .= $name . '=' . $value;

  240. 	}

  241. 

  242. 	// Add a salt to the hash

  243. 	$_hash .= $config['cookies']['salt'];

  244. 

  245. 	// Use SHA1 for the hash

  246. 	$_hash = sha1($_hash . $extra_salt);

  247. 

  248. 	if ($hash != $_hash)

  249. 		return true;

  250. 

  251. 	$query = prepare('SELECT `passed` FROM ``antispam`` WHERE `hash` = :hash');

  252. 	$query->bindValue(':hash', $hash);

  253. 	$query->execute() or error(db_error($query));

  254. 	if ((($passed = $query->fetchColumn(0)) === false) || ($passed > $config['spam']['hidden_inputs_max_pass'])) {

  255. 		// there was no database entry for this hash. most likely expired.

  256. 		return true;

  257. 	}

  258. 

  259. 	return $hash;

  260. }

  261. 

  262. function incrementSpamHash($hash) {

  263. 	$query = prepare('UPDATE ``antispam`` SET `passed` = `passed` + 1 WHERE `hash` = :hash');

  264. 	$query->bindValue(':hash', $hash);

  265. 	$query->execute() or error(db_error($query));

  266. }