PHPXRef 0.7 : phpwcms V1.4.3 _r380 (23.11.09) : /include/inc_module/mod_bad-behavior/bad-behavior/post.inc.php source

[Summary view] [Print] [Text view]
   1  <?php if (!defined('BB2_CORE')) die('I said no cheating!');
   2  
   3  // All tests which apply specifically to POST requests
   4  function bb2_post($settings, $package)
   5  {
   6      // Check blackhole lists for known spam/malicious activity
   7      require_once (BB2_CORE . "/blackhole.inc.php");
   8      bb2_test($settings, $package, bb2_blackhole($package));
   9  
  10      // MovableType needs specialized screening
  11      if (stripos($package['headers_mixed']['User-Agent'], "MovableType") !== FALSE) {
  12          if (strcmp($package['headers_mixed']['Range'], "bytes=0-99999")) {
  13              return "7d12528e";
  14          }
  15      }
  16  
  17      // Trackbacks need special screening
  18      $request_entity = $package['request_entity'];
  19      if (isset($request_entity['title']) && isset($request_entity['url']) && isset($request_entity['blog_name'])) {
  20          require_once (BB2_CORE . "/trackback.inc.php");
  21          return bb2_trackback($package);
  22      }
  23  
  24      // Catch a few completely broken spambots
  25      foreach ($request_entity as $key => $value) {
  26          $pos = strpos($key, "    document.write");
  27          if ($pos !== FAlSE) {
  28              return "dfd9b1ad";
  29          }
  30      }
  31  
  32      // Screen by cookie/JavaScript form add
  33      $screener1 = isset($_COOKIE[BB2_COOKIE]) ? explode(" ", $_COOKIE[BB2_COOKIE]) : array(0);
  34      $screener2 = isset($_POST[BB2_COOKIE]) ? explode(" ", $_POST[BB2_COOKIE]) : array(0);
  35      $screener = max($screener1[0], $screener2[0]);
  36  
  37      if ($screener > 0) {
  38          // Posting too fast? 5 sec
  39          // FIXME: even 5 sec is too intrusive
  40          // if ($screener + 5 > time())
  41          //    return "408d7e72";
  42          // Posting too slow? 48 hr
  43          if ($screener + 172800 < time())
  44              return "b40c8ddc";
  45  
  46          // Screen by IP address
  47          $ip = ip2long($package['ip']);
  48          $ip_screener = ip2long($screener[1]);
  49  //        FIXME: This is b0rked, but why?
  50  //        if ($ip && $ip_screener && abs($ip_screener - $ip) > 256)
  51  //            return "c1fa729b";
  52  
  53          if ($package['headers_mixed']['X-Forwarded-For']) {
  54              $ip = $package['headers_mixed']['X-Forwarded-For'];
  55          }
  56          // Screen for user agent changes
  57          // User connected previously with blank user agent
  58  //        $q = bb2_db_query("SELECT `ip` FROM " . $settings['log_table'] . " WHERE (`ip` = '" . $package['ip'] . "' OR `ip` = '" . $screener[1] . "') AND `user_agent` != '" . $package['user_agent'] . "' AND `date` > DATE_SUB('" . bb2_db_date() . "', INTERVAL 5 MINUTE)");
  59          // Damnit, too many ways for this to fail :(
  60  //        if ($q !== FALSE && $q != NULL && bb2_db_num_rows($q) > 0)
  61  //            return "799165c2";
  62      }
  63  
  64      return false;
  65  }
  66  
  67  ?>
PHP Cross Reference of phpwcms V1.4.3 _r380 (23.11.09)

/include/inc_module/mod_bad-behavior/bad-behavior/ -> post.inc.php (source)
