Cool_Tools/vichan
1
0
Fork 0
mirror of https://github.com/vichan-devel/vichan.git synced 2025-02-27 07:19:18 +01:00
Code Releases Wiki Activity

Use Unicode in antispam stuff

Browse Source
This commit is contained in:
Michael Foster 2013-09-08 17:01:55 +10:00
parent 06db74fa97
commit 06eb467808
2 changed files with 32 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
inc/anti-bot.php
View File

@ -11,14 +11,19 @@ $hidden_inputs_twig = array();
class AntiBot { class AntiBot {
public $salt, $inputs = array(), $index = 0; public $salt, $inputs = array(), $index = 0;
public static function randomString($length, $uppercase = false, $special_chars = false) { public static function randomString($length, $uppercase = false, $special_chars = false, $unicode_chars = false) {
$chars = 'abcdefghijklmnopqrstuvwxyz0123456789'; $chars = 'abcdefghijklmnopqrstuvwxyz0123456789';
if ($uppercase) if ($uppercase)
$chars .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'; $chars .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
if ($special_chars) if ($special_chars)
$chars .= ' ~!@#$%^&*()_+,./;\'[]\\{}|:<>?=-` '; $chars .= ' ~!@#$%^&*()_+,./;\'[]\\{}|:<>?=-` ';
if ($unicode_chars) {
$len = strlen($chars) / 10;
for ($n = 0; $n < $len; $n++)
$chars .= mb_convert_encoding('&#' . mt_rand(0x2600, 0x26FF) . ';', 'UTF-8', 'HTML-ENTITIES');
}
$chars = str_split($chars); $chars = preg_split('//u', $chars, -1, PREG_SPLIT_NO_EMPTY);
$ch = array(); $ch = array();
@ -41,10 +46,10 @@ class AntiBot {
} }
public static function make_confusing($string) { public static function make_confusing($string) {
$chars = str_split($string); $chars = preg_split('//u', $string, -1, PREG_SPLIT_NO_EMPTY);
foreach ($chars as &$c) { foreach ($chars as &$c) {
if (rand(0, 2) != 0) if (mt_rand(0, 3) != 0)
$c = utf8tohtml($c); $c = utf8tohtml($c);
else else
$c = mb_encode_numericentity($c, array(0, 0xffff, 0, 0xffff), 'UTF-8'); $c = mb_encode_numericentity($c, array(0, 0xffff, 0, 0xffff), 'UTF-8');
@ -65,13 +70,13 @@ class AntiBot {
shuffle($config['spam']['hidden_input_names']); shuffle($config['spam']['hidden_input_names']);
$input_count = rand($config['spam']['hidden_inputs_min'], $config['spam']['hidden_inputs_max']); $input_count = mt_rand($config['spam']['hidden_inputs_min'], $config['spam']['hidden_inputs_max']);
$hidden_input_names_x = 0; $hidden_input_names_x = 0;
for ($x = 0; $x < $input_count ; $x++) { for ($x = 0; $x < $input_count ; $x++) {
if ($hidden_input_names_x === false || rand(0, 2) == 0) { if ($hidden_input_names_x === false || mt_rand(0, 2) == 0) {
// Use an obscure name // Use an obscure name
$name = $this->randomString(rand(10, 40)); $name = $this->randomString(mt_rand(10, 40), false, false, $config['spam']['unicode']);
} else { } else {
// Use a pre-defined confusing name // Use a pre-defined confusing name
$name = $config['spam']['hidden_input_names'][$hidden_input_names_x++]; $name = $config['spam']['hidden_input_names'][$hidden_input_names_x++];
@ -79,25 +84,33 @@ class AntiBot {
$hidden_input_names_x = false; $hidden_input_names_x = false;
} }
if (rand(0, 2) == 0) { if (mt_rand(0, 2) == 0) {
// Value must be null // Value must be null
$this->inputs[$name] = ''; $this->inputs[$name] = '';
} elseif (rand(0, 4) == 0) { } elseif (mt_rand(0, 4) == 0) {
// Numeric value // Numeric value
$this->inputs[$name] = (string)rand(0, 100); $this->inputs[$name] = (string)mt_rand(0, 100000);
} else { } else {
// Obscure value // Obscure value
$this->inputs[$name] = $this->randomString(rand(5, 100), true, true); $this->inputs[$name] = $this->randomString(mt_rand(5, 100), true, true, $config['spam']['unicode']);
} }
} }
} }
public static function space() {
if (mt_rand(0, 3) != 0)
return ' ';
return str_repeat(' ', mt_rand(1, 3));
}
public function html($count = false) { public function html($count = false) {
global $config; global $config;
$elements = array( $elements = array(
'<input type="hidden" name="%name%" value="%value%">', '<input type="hidden" name="%name%" value="%value%">',
'<input type="hidden" value="%value%" name="%name%">', '<input type="hidden" value="%value%" name="%name%">',
'<input name="%name%" value="%value%" type="hidden">',
'<input value="%value%" name="%name%" type="hidden">',
'<input style="display:none" type="text" name="%name%" value="%value%">', '<input style="display:none" type="text" name="%name%" value="%value%">',
'<input style="display:none" type="text" value="%value%" name="%name%">', '<input style="display:none" type="text" value="%value%" name="%name%">',
'<span style="display:none"><input type="text" name="%name%" value="%value%"></span>', '<span style="display:none"><input type="text" name="%name%" value="%value%"></span>',
@ -110,7 +123,7 @@ class AntiBot {
$html = ''; $html = '';
if ($count === false) { if ($count === false) {
$count = rand(1, count($this->inputs) / 15); $count = mt_rand(1, abs(count($this->inputs) / 15) + 1);
} }
if ($count === true) { if ($count === true) {
@ -125,6 +138,9 @@ class AntiBot {
$element = false; $element = false;
while (!$element) { while (!$element) {
$element = $elements[array_rand($elements)]; $element = $elements[array_rand($elements)];
$element = str_replace(' ', self::space(), $element);
if (mt_rand(0, 5) == 0)
$element = str_replace('>', self::space() . '>', $element);
if (strpos($element, 'textarea') !== false && $value == '') { if (strpos($element, 'textarea') !== false && $value == '') {
// There have been some issues with mobile web browsers and empty <textarea>'s. // There have been some issues with mobile web browsers and empty <textarea>'s.
$element = false; $element = false;
@ -133,7 +149,7 @@ class AntiBot {
$element = str_replace('%name%', utf8tohtml($name), $element); $element = str_replace('%name%', utf8tohtml($name), $element);
if (rand(0, 2) == 0) if (mt_rand(0, 2) == 0)
$value = $this->make_confusing($value); $value = $this->make_confusing($value);
else else
$value = utf8tohtml($value); $value = utf8tohtml($value);

3
inc/config.php
View File

@ -233,6 +233,9 @@
// How soon after regeneration do hashes expire (in seconds)? // How soon after regeneration do hashes expire (in seconds)?
$config['spam']['hidden_inputs_expire'] = 60 * 60 * 3; // three hours $config['spam']['hidden_inputs_expire'] = 60 * 60 * 3; // three hours
// Whether to use Unicode characters in hidden input names and values.
$config['spam']['unicode'] = true;
// These are fields used to confuse the bots. Make sure they aren't actually used by Tinyboard, or it won't work. // These are fields used to confuse the bots. Make sure they aren't actually used by Tinyboard, or it won't work.
$config['spam']['hidden_input_names'] = array( $config['spam']['hidden_input_names'] = array(
'user', 'user',