This is an automated email from the git hooks/post-receive script.
s���k���u���n���n���y���k��� ���p���u���s���h���e���d��� ���a���
���c���o���m���m���i���t��� ���t���o��� ���b���r���a���n���c���h���
���o���l���d���f���o���r���u���m���
���in repository www/forum.xfce.org.
commit bfb8f517a6fbabdfa39373c58b06df18d55990d3
Author: Nick Schermer <n...@xfce.org>
Date: Fri Nov 12 17:09:06 2010 +0100
Add the user question.
Got the idea from bbs.archlinux.org. Hopefully this unique question
will help us getting rid of most of the spam bots.
---
include/sha256question.php | 56 ++++++++++++++++++++++++++++++++++++++++++++++
register.php | 5 +++++
2 files changed, 61 insertions(+)
diff --git a/include/sha256question.php b/include/sha256question.php
new file mode 100644
index 0000000..df75690
--- /dev/null
+++ b/include/sha256question.php
@@ -0,0 +1,56 @@
+<?php
+
+if (!defined('PUN'))
+ exit;
+
+$question_format = "%jXfce";
+$question_fld_name = "the_mouse_told_you";
+
+function sha256question_normalize($answer)
+{
+ return preg_replace('/[^a-z0-9]/', '', strtolower($answer));
+}
+
+function sha256question_get()
+{
+ global $question_format, $question_fld_name;
+
+ $command = "date -u +$question_format|sha256sum|sed 's/\W//g'";
+
+ return '<div class="inform">
+ <fieldset>
+ <legend>Your answer</legend>
+ <div class="infldset">
+ <label class="required">
+ <strong>What is the output of
"'.$command.'"?<span>'.$lang_common['Required'].'></span></strong><br />
+ <input type="text"
name="'.$question_fld_name.'" value="" size="50" /><br />
+ </label>
+ </div>
+ </fieldset>
+ </div>';
+}
+
+function sha256question_check()
+{
+ global $question_format, $question_fld_name;
+
+ // Get the users' reply
+ if (!empty ($_POST[$question_fld_name]))
+ $user_answer = sha256question_normalize
($_POST[$question_fld_name]);
+ else
+ return False;
+
+ // Because the user might be in a different time zone, or day changed
right
+ // after submit, we also check the hash of yesterday and tomorrow.
+ foreach (array (0, 1, -1) as $i)
+ {
+ // The date command adds a new line at the end
+ $str = gmstrftime ($question_format, time() - ($i * 60*60*24))
."\n";
+ $answer = hash ("sha256", $str);
+
+ if (sha256question_normalize ($answer) == $user_answer)
+ return True;
+ }
+
+ return False;
+}
diff --git a/register.php b/register.php
index d79ba60..71f14e3 100644
--- a/register.php
+++ b/register.php
@@ -8,6 +8,7 @@
define('PUN_ROOT', './');
require PUN_ROOT.'include/common.php';
+require PUN_ROOT.'include/sha256question.php';
// If we are logged in, we shouldn't be here
@@ -65,6 +66,9 @@ $errors = array();
if (isset($_POST['form_sent']))
{
+ // Check our user question
+ sha256question_check() || $errors[] = "Sorry, your answer was wrong.
Try again!";
+
// Check that someone from this IP didn't register a user within the
last hour (DoS prevention)
$result = $db->query('SELECT 1 FROM '.$db->prefix.'users WHERE
registration_ip=\''.get_remote_address().'\' AND registered>'.(time() - 3600))
or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
@@ -402,6 +406,7 @@ if (!empty($errors))
</div>
</fieldset>
</div>
+ <?php echo sha256question_get(); ?>
<p class="buttons"><input type="submit" name="register"
value="<?php echo $lang_register['Register'] ?>" /></p>
</form>
</div>
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
_______________________________________________
Xfce4-commits mailing list
Xfce4-commits@xfce.org
https://mail.xfce.org/mailman/listinfo/xfce4-commits
