diego sevilla’s weblog » Código fuente de WP-Morph

16/3/2005

Código fuente de WP-Morph

Filed under: english, español, blogging, código/code — Diego Sevilla @ 0:46 — In English

Aquí os pongo el código fuente del plugin WP-Morph anti-Spam para Wordpress, que se puede descargar aquí. Me gustaría que me contárais qué os parece. Después comentaré los puntos más importantes e interesantes:

<?php // -*- mode: php -*- vim: expandtab ts=8 sw=8 /* Plugin Name: WP-Morph Plugin URI: http://wordpress.org/# Description: Fool spammers by creating a complicated javascript program to be executed by a real browser. Author: Diego Sevilla Ruiz Version: 1.0 Author URI: http://neuromancer.dif.um.es/blog Id: $Id: wp-morph.php 500 2005-03-15 20:39:58Z dsevilla $ */


/// Put some random value here!!!
// Greater than 0, and less than 1000000
$rnd_val = xxx;
/// Put some random value here!!!

// Check the result through the MD5 sum.
function morph_check_md5($comment) {
    global $rnd_val;
    
    // Check the fast check  
    if (’spammers_go_home’ == trim(strip_tags($_POST[‘checkpoint’])) )
    {
        // Check that md5 of check is the same than produced
        $v = $_POST[‘calc_value’];
        
        // This value cannot be known by spammers
        $v += $rnd_val;
        
        $v = md5($v);
        
        if ($v == $_POST[‘result_md5′])
        {
            return $comment;
        }
    }
    
    die( “Spammer, go home” );
}

add_filter(‘post_comment_text’, ‘morph_check_md5′);

// Output form actions
function morph_output_form_items($page) {
    global $rnd_val;
    
    // We have three arrays of random size. Complicated calculus can
    // be made here.
    // 6 to 20 variables
    $nvars = rand(6,20);
    $maxval = rand(1000,10000);
    $vvv = array();
    
    for ($i = 0 ; $i < $nvars; $i++)
    {
        $v = rand(1,$maxval - 1);
        $js_str .= ‘v’ . $i . ‘=’ . $v . ‘;’;
        $vvv[$i] = $v;
    }
    
    $nops = rand(3,20);
    for ($i = 0; $i < $nops; $i++)
    {
        // Operator
        $op = rand(0,5);
        
        // Select two variables and result, random
        $v1 = rand(0, $nvars - 1);
        $v2 = rand(0, $nvars - 1);
        $v3 = rand(0, $nvars - 1);
        
        switch($op)
        {
            // +
            case ‘0′:
            $vvv[$v3] = ($vvv[$v1] + $vvv[$v2]) % $maxval;
            $js_str .= ‘v’.$v3.‘=(v’.$v1
            . ‘+v’.$v2.‘)%’. $maxval .‘;’;
            break;
            // -
            case ‘1′:
            $vvv[$v3] = ($vvv[$v1] - $vvv[$v2]) % $maxval;
            $js_str .= ‘v’.$v3.‘=(v’.$v1
            . ‘-v’.$v2.‘)%’. $maxval .‘;’;
            break;
            // *
            case ‘2′:
            $vvv[$v3] = ($vvv[$v1] * $vvv[$v2]) % $maxval;
            $js_str .= ‘v’.$v3.‘=(v’.$v1
            . ‘*v’.$v2.‘)%’. $maxval .‘;’;
            break;
            
            // if, >
            case ‘3′:
            $v4 = rand (1, $maxval - 1);
            
            $js_str .= ‘if ( v’ . $v1 . ‘ > ‘. $v4 . ‘)
            { v’ . $v2 . ‘ = v’ . $v3 . ‘; }’;
            
            if ($vvv[$v1] > $v4)
            {
                $vvv[$v2] = $vvv[$v3];
            }
            break;
            
            // if, <
            case ‘4′:
            $v4 = rand (1, $maxval - 1);
            
            $js_str .= ‘if ( v’ . $v1 . ‘ < ‘. $v4 . ‘)
            { v’ . $v2 . ‘ = v’ . $v3 . ‘; }’;
            
            if ($vvv[$v1] < $v4)
            {
                $vvv[$v2] = $vvv[$v3];
            }
            break;
            
            // while
            case ‘5′:
            $v4 = rand (1, 100);
            
            // Quick and dirty check
            if ($v1 == $v2)
            break;
            
            $js_str .= ‘v’. $v1 .‘=Math.abs(v’.$v1.‘);
            v’. $v1 .‘%=’. $v4 .‘; while (v’.$v1.‘–) {
            v’. $v2.‘++; }’;
            
            // Calc the final value
            $vvv[$v1] = abs ($vvv[$v1]);
            $vvv[$v2] += $vvv[$v1] % $v4;
            $vvv[$v1] = -1;
            break;
        }
        
    }
    
    $final_val = 0;
    
    $js_str .= “eElement.value = (”;
    for ($i = 0 ; $i < $nvars; $i++)
    {
        if ($i != 0)
        {
            $js_str .= ‘+’;
        }
        $js_str .= ‘v’ . $i;
        $final_val += $vvv[$i];
    }
    
    
    $js_str .= ‘)%’. $maxval.‘;’;
    
    $final_val %= $maxval;
    
    //$js_str .= ‘// ‘.$final_val;
    
    // Add the secret quantity
    $final_val += $rnd_val;
    
    // Calc the md5 of the value
    $md5_value = md5($final_val);
    
    // Write in hidden field
    $page = str_replace(‘<input type=”hidden” name=”comment_post_ID”‘,
    ‘<input type=”hidden” name=”checkpoint” value=”spammers_go_home” />
    <input type=”hidden” name=”result_md5″ value=”‘
    . $md5_value . ‘” />
    <input type=”hidden” id=”chk” name=”calc_value” value=”" />
    <input type=”hidden” name=”comment_post_ID”‘, $page);
    
    // The form action
    $page = str_replace(‘<form’,
    ‘<form onsubmit=”go_anti_spam();” ‘,
    $page);
    
    // The jscript
    $page = str_replace(‘</head>’, ‘<script type=”text/javascript”>
    
    function go_anti_spam()
    {
        eElement = document.getElementById(”chk”);
        if(!eElement){ return false; }
        else
        {
            ’.$js_str.‘
            return true;
        }
    }</script></head>’, $page);
    
    return $page;
}

function morph_call_output_items() {
    ob_start(‘morph_output_form_items’);
}

// Now we set that function up to execute when the wp_head action is called
add_action(‘wp_head’, ‘morph_call_output_items’);

?>

1 Comment »

hola sabes esta muy bien el codigo fuente pero no se en que lenguaje hay que hacerlo

Comment by luis — 2/12/2006 @ 19:15

RSS feed for comments on this post. TrackBack URI

Line and paragraph breaks automatic, e-mail address never displayed, HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>