PHPXRef 0.7 : phpwcms V1.4.7 _r403 (01.11.10) : /include/inc_ext/bad-behavior/bad-behavior/post.inc.php source

[Summary view] [Print] [Text view]
   1  <?php if (!defined('BB2_CORE')) die('I said no cheating!');
   2  
   3  // All tests which apply specifically to POST requests
   4  function bb2_post($settings, $package)
   5  {
   6      // Check blackhole lists for known spam/malicious activity
   7      // require_once(BB2_CORE . "/blackhole.inc.php");
   8      // if ($r = bb2_blackhole($package)) return $r;
   9  
  10      // MovableType needs specialized screening
  11      if (stripos($package['headers_mixed']['User-Agent'], "MovableType") !== FALSE) {
  12          if (strcmp($package['headers_mixed']['Range'], "bytes=0-99999")) {
  13              return "7d12528e";
  14          }
  15      }
  16  
  17      // Trackbacks need special screening
  18      $request_entity = $package['request_entity'];
  19      if (isset($request_entity['title']) && isset($request_entity['url']) && isset($request_entity['blog_name'])) {
  20          require_once (BB2_CORE . "/trackback.inc.php");
  21          return bb2_trackback($package);
  22      }
  23  
  24      // Catch a few completely broken spambots
  25      foreach ($request_entity as $key => $value) {
  26          $pos = strpos($key, "    document.write");
  27          if ($pos !== FALSE) {
  28              return "dfd9b1ad";
  29          }
  30      }
  31  
  32      // If Referer exists, it should refer to a page on our site
  33      if ($settings['offsite_forms'] && array_key_exists('Referer', $package['headers_mixed']) && stripos($package['headers_mixed']['Referer'], $package['headers_mixed']['Host']) === FALSE) {
  34          return "cd361abb";
  35      }
  36  
  37      // Screen by cookie/JavaScript form add
  38      if (isset($_COOKIE[BB2_COOKIE])) {
  39          $screener1 = explode(" ", $_COOKIE[BB2_COOKIE]);
  40      } else {
  41          $screener1 = array(0);
  42      }
  43      if (isset($_POST[BB2_COOKIE])) {
  44          $screener2 = explode(" ", $_POST[BB2_COOKIE]);
  45      } else {
  46          $screener2 = array(0);
  47      }
  48      $screener = max($screener1[0], $screener2[0]);
  49  
  50      if ($screener > 0) {
  51          // Posting too fast? 5 sec
  52          // FIXME: even 5 sec is too intrusive
  53          // if ($screener + 5 > time())
  54          //    return "408d7e72";
  55          // Posting too slow? 48 hr
  56          if ($screener + 172800 < time())
  57              return "b40c8ddc";
  58  
  59          // Screen by IP address
  60          $ip = ip2long($package['ip']);
  61          $ip_screener = ip2long($screener[1]);
  62  //        FIXME: This is b0rked, but why?
  63  //        if ($ip && $ip_screener && abs($ip_screener - $ip) > 256)
  64  //            return "c1fa729b";
  65  
  66          if (!empty($package['headers_mixed']['X-Forwarded-For'])) {
  67              $ip = $package['headers_mixed']['X-Forwarded-For'];
  68          }
  69          // Screen for user agent changes
  70          // User connected previously with blank user agent
  71  //        $q = bb2_db_query("SELECT `ip` FROM " . $settings['log_table'] . " WHERE (`ip` = '" . $package['ip'] . "' OR `ip` = '" . $screener[1] . "') AND `user_agent` != '" . $package['user_agent'] . "' AND `date` > DATE_SUB('" . bb2_db_date() . "', INTERVAL 5 MINUTE)");
  72          // Damnit, too many ways for this to fail :(
  73  //        if ($q !== FALSE && $q != NULL && bb2_db_num_rows($q) > 0)
  74  //            return "799165c2";
  75      }
  76  
  77      return false;
  78  }
  79  
  80  ?>
PHP Cross Reference of phpwcms V1.4.7 _r403 (01.11.10)

/include/inc_ext/bad-behavior/bad-behavior/ -> post.inc.php (source)
