From 9ff52f0dfa297b13659a78a55596c8904a9732d0 Mon Sep 17 00:00:00 2001 From: Jason Woofenden Date: Sun, 31 Dec 2017 22:49:30 -0500 Subject: [PATCH] contact: implement honeypot instead of visible robot field --- contact.html | 6 +----- contact.php | 49 +++++++++++++++++++++++++++++++++++-------------- inc/wfpl | 2 +- 3 files changed, 37 insertions(+), 20 deletions(-) diff --git a/contact.html b/contact.html index 227a19c..95d1412 100644 --- a/contact.html +++ b/contact.html @@ -14,11 +14,7 @@
Email
-
- -
Robot Barrier (Required)
-
Enter (below) the number between ~robot_minus_one~ and ~robot_plus_one~
-
+
Message
diff --git a/contact.php b/contact.php index 11d53b2..55077d9 100644 --- a/contact.php +++ b/contact.php @@ -8,21 +8,39 @@ $GLOBALS['contact_to'] = 'fixme@example.com'; $GLOBALS['contact_from'] = 'noreply@example.com'; $GLOBALS['contact_cc'] = ''; -$globals['contact_subject'] = ''; -$GLOBALS['contact_robot_answer'] = 1002; +$GLOBALS['contact_subject'] = ''; require_once(__DIR__.'/'.'inc/wfpl/format.php'); require_once(__DIR__.'/'.'inc/wfpl/email.php'); +# generate a new random 16-character string +function contact_new_field_key() { + $character_set = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; + $id = " "; + + # PHP 4.2.0 and up seed the random number generator for you. + # Lets hope that it seeds with something harder to guess than the clock. + for($i = 0; $i < 16; ++$i) { + $id{$i} = $character_set{mt_rand(0, 61)}; + } + + return $id; +} + function contact_get_fields() { $data = array(); + $data['name'] = format_oneline(_REQUEST_cut('name')); - $data['email'] = format_email(_REQUEST_cut('email')); - $data['robot'] = format_oneline(_REQUEST_cut('robot')); $data['comments'] = format_unix(_REQUEST_cut('comments')); + $fields = _REQUEST_cut('fields'); + if (preg_match('/^[a-zA-Z0-9]{32}$/', $fields)) { + $data['robot'] = format_oneline(_REQUEST_cut(substr($fields, 0, 16))); + $data['email'] = format_email(_REQUEST_cut(substr($fields, 16))); + } + return $data; } @@ -32,22 +50,22 @@ function contact_main() { } function contact_main_form() { - $robot_correct = "" . $GLOBALS['contact_robot_answer']; - $robot_minus_one = "" . ($GLOBALS['contact_robot_answer'] - 1); - $robot_plus_one = "" . ($GLOBALS['contact_robot_answer'] + 1); - tem_set('robot_minus_one', $robot_minus_one); - tem_set('robot_plus_one', $robot_plus_one); - if (isset($_POST['name'])) { $data = contact_get_fields(); $host = this_host(); + # gj robot, you did it ;) + if ($data['robot'] !== '') { + return './contact_thanks'; + } + if (!$data['name'] && !$data['email'] && !$data['comments']) { // message("you didn't fill anything out") - } elseif ($data['robot'] !== $robot_correct) { - message("Please type $robot_correct into the Robot Barrier field"); + } elseif (!$data['email']) { + message("Error: Please fill out the email field."); } else { - if ($GLOBALS['contact_to'] != 'fixme@example.com') { + $error = false; + if ($data['robot'] === '' && $GLOBALS['contact_to'] != 'fixme@example.com') { $to = $GLOBALS['contact_to']; if ($GLOBALS['contact_from'] === '') { $from = "$host/contact "; @@ -57,7 +75,7 @@ function contact_main_form() { $reply_to = $to; if (isset($data['email']) and valid_email($data['email'])) { $reply_to = $data['email']; - if ($data['name'] and ereg('^[a-zA-Z0-9_\' -]*$', $data['name']) !== false) { + if ($data['name'] and preg_match('/^[a-zA-Z0-9_\'. -]*$/', $data['name']) !== false) { $reply_to = "$data[name] <$reply_to>"; } } @@ -95,5 +113,8 @@ function contact_main_form() { $data = array(); } + $data['robot_field'] = contact_new_field_key(); + $data['email_field'] = contact_new_field_key(); + tem_set('form', $data); } diff --git a/inc/wfpl b/inc/wfpl index 5b22312..ebd28f9 160000 --- a/inc/wfpl +++ b/inc/wfpl @@ -1 +1 @@ -Subproject commit 5b223129ade45127f3945a354f8b2a56799f472c +Subproject commit ebd28f9548c9723fab12e3cb725db9a3b1530992 -- 1.7.10.4