[Sommaire] [Imprimer]

   1  <?php if (!defined('BB2_CORE')) die('I said no cheating!');
   2  
   3  // All tests which apply specifically to POST requests
   4  function bb2_post($settings, $package)
   5  {
   6      // LifeType mod by pwestbro: dns blacklist checks can be done in the 
   7      // dnsantispam plugin.
   8  
   9      // Check blackhole lists for known spam/malicious activity
  10      // require_once(BB2_CORE . "/blackhole.inc.php");
  11      // bb2_test($settings, $package, bb2_blackhole($package));
  12      // MovableType needs specialized screening
  13      if (stripos($package['headers_mixed']['User-Agent'], "MovableType") !== FALSE) {
  14          if (strcmp($package['headers_mixed']['Range'], "bytes=0-99999")) {
  15              return "7d12528e";
  16          }
  17      }
  18  
  19      // Trackbacks need special screening
  20      $request_entity = $package['request_entity'];
  21      if (isset($request_entity['title']) && isset($request_entity['url']) && isset($request_entity['blog_name'])) {
  22          require_once (BB2_CORE . "/trackback.inc.php");
  23          return bb2_trackback($package);
  24      }
  25  
  26      // Catch a few completely broken spambots
  27      foreach ($request_entity as $key => $value) {
  28          $pos = strpos($key, "    document.write");
  29          if ($pos !== FAlSE) {
  30              return "dfd9b1ad";
  31          }
  32      }
  33  
  34      // Screen by cookie/JavaScript form add
  35      if (isset($_COOKIE[BB2_COOKIE])) {
  36          $screener1 = explode(" ", $_COOKIE[BB2_COOKIE]);
  37      }
  38      if (isset($_POST[BB2_COOKIE])) {
  39          $screener2 = explode(" ", $_POST[BB2_COOKIE]);
  40      }
  41      $screener = max($screener1[0], $screener2[0]);
  42  
  43      if ($screener > 0) {
  44          // Posting too fast? 5 sec
  45          // FIXME: even 5 sec is too intrusive
  46          // if ($screener + 5 > time())
  47          //    return "408d7e72";
  48          // Posting too slow? 48 hr
  49          // LifeType mod by jondaley: since pages can be cached, the cookie might not be updated
  50          // and this can get tripped incorrectly
  51          // if ($screener + 172800 < time())
  52          //     return "b40c8ddc";
  53  
  54          // Screen by IP address
  55          $ip = ip2long($package['ip']);
  56          $ip_screener = ip2long($screener[1]);
  57  //        FIXME: This is b0rked, but why?
  58  //        if ($ip && $ip_screener && abs($ip_screener - $ip) > 256)
  59  //            return "c1fa729b";
  60  
  61          // Screen for user agent changes
  62          // User connected previously with blank user agent
  63  //        $q = bb2_db_query("SELECT `ip` FROM " . $settings['log_table'] . " WHERE (`ip` = '" . $package['ip'] . "' OR `ip` = '" . $screener[1] . "') AND `user_agent` != '" . $package['user_agent'] . "' AND `date` > DATE_SUB('" . bb2_db_date() . "', INTERVAL 5 MINUTE)");
  64          // Damnit, too many ways for this to fail :(
  65  //        if ($q !== FALSE && $q != NULL && bb2_db_num_rows($q) > 0)
  66  //            return "799165c2";
  67      }
  68  
  69      return false;
  70  }
  71  
  72  ?>