diff --git a/README.md b/README.md index 2f2f6e74..d29e0432 100644 --- a/README.md +++ b/README.md @@ -30,7 +30,7 @@ it need one. ### Recommended 1. PHP >= 5.3 2. MySQL server >= 5.5.3 -3. ImageMagick or command-line version (```convert``` and ```identify```) +3. ImageMagick (command-line ImageMagick or GraphicsMagick preferred). 4. [APC (Alternative PHP Cache)](http://php.net/manual/en/book.apc.php), [XCache](http://xcache.lighttpd.net/) or [Memcached](http://www.php.net/manual/en/intro.memcached.php) Contributing diff --git a/inc/anti-bot.php b/inc/anti-bot.php index 41e0a1d6..59f5351f 100644 --- a/inc/anti-bot.php +++ b/inc/anti-bot.php @@ -4,24 +4,26 @@ * Copyright (c) 2010-2013 Tinyboard Development Group */ -if (realpath($_SERVER['SCRIPT_FILENAME']) == str_replace('\\', '/', __FILE__)) { - // You cannot request this file directly. - exit; -} +defined('TINYBOARD') or exit; $hidden_inputs_twig = array(); class AntiBot { public $salt, $inputs = array(), $index = 0; - public static function randomString($length, $uppercase = false, $special_chars = false) { + public static function randomString($length, $uppercase = false, $special_chars = false, $unicode_chars = false) { $chars = 'abcdefghijklmnopqrstuvwxyz0123456789'; if ($uppercase) $chars .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'; if ($special_chars) $chars .= ' ~!@#$%^&*()_+,./;\'[]\\{}|:<>?=-` '; + if ($unicode_chars) { + $len = strlen($chars) / 10; + for ($n = 0; $n < $len; $n++) + $chars .= mb_convert_encoding('&#' . mt_rand(0x2600, 0x26FF) . ';', 'UTF-8', 'HTML-ENTITIES'); + } - $chars = str_split($chars); + $chars = preg_split('//u', $chars, -1, PREG_SPLIT_NO_EMPTY); $ch = array(); @@ -44,10 +46,10 @@ class AntiBot { } public static function make_confusing($string) { - $chars = str_split($string); + $chars = preg_split('//u', $string, -1, PREG_SPLIT_NO_EMPTY); foreach ($chars as &$c) { - if (rand(0, 2) != 0) + if (mt_rand(0, 3) != 0) $c = utf8tohtml($c); else $c = mb_encode_numericentity($c, array(0, 0xffff, 0, 0xffff), 'UTF-8'); @@ -68,13 +70,13 @@ class AntiBot { shuffle($config['spam']['hidden_input_names']); - $input_count = rand($config['spam']['hidden_inputs_min'], $config['spam']['hidden_inputs_max']); + $input_count = mt_rand($config['spam']['hidden_inputs_min'], $config['spam']['hidden_inputs_max']); $hidden_input_names_x = 0; for ($x = 0; $x < $input_count ; $x++) { - if ($hidden_input_names_x === false || rand(0, 2) == 0) { + if ($hidden_input_names_x === false || mt_rand(0, 2) == 0) { // Use an obscure name - $name = $this->randomString(rand(10, 40)); + $name = $this->randomString(mt_rand(10, 40), false, false, $config['spam']['unicode']); } else { // Use a pre-defined confusing name $name = $config['spam']['hidden_input_names'][$hidden_input_names_x++]; @@ -82,25 +84,33 @@ class AntiBot { $hidden_input_names_x = false; } - if (rand(0, 2) == 0) { + if (mt_rand(0, 2) == 0) { // Value must be null $this->inputs[$name] = ''; - } elseif (rand(0, 4) == 0) { + } elseif (mt_rand(0, 4) == 0) { // Numeric value - $this->inputs[$name] = (string)rand(0, 100); + $this->inputs[$name] = (string)mt_rand(0, 100000); } else { // Obscure value - $this->inputs[$name] = $this->randomString(rand(5, 100), true, true); + $this->inputs[$name] = $this->randomString(mt_rand(5, 100), true, true, $config['spam']['unicode']); } } } + public static function space() { + if (mt_rand(0, 3) != 0) + return ' '; + return str_repeat(' ', mt_rand(1, 3)); + } + public function html($count = false) { global $config; $elements = array( '', '', + '', + '', '', '', '', @@ -113,7 +123,7 @@ class AntiBot { $html = ''; if ($count === false) { - $count = rand(1, count($this->inputs) / 15); + $count = mt_rand(1, abs(count($this->inputs) / 15) + 1); } if ($count === true) { @@ -128,6 +138,9 @@ class AntiBot { $element = false; while (!$element) { $element = $elements[array_rand($elements)]; + $element = str_replace(' ', self::space(), $element); + if (mt_rand(0, 5) == 0) + $element = str_replace('>', self::space() . '>', $element); if (strpos($element, 'textarea') !== false && $value == '') { // There have been some issues with mobile web browsers and empty