You are here

function _botcha_recipe2 in BOTCHA Spam Prevention 6

Same name and namespace in other branches
  1. 7 botcha.botcha.inc \_botcha_recipe2()

Botcha recipe.

1 string reference to '_botcha_recipe2'
_botcha_recipes in ./botcha.botcha.inc

File

./botcha.botcha.inc, line 215
Implementation of botcha form logic.

Code

function _botcha_recipe2($form, $secret, $error_field) {
  $myseed = 'itr_r2' . substr($secret, 0, 7);
  $spf = md5($myseed . substr('secret', 0, -4));
  $field_class = 'a' . substr($spf, 1, 4) . '_field';

  // 'a' fix for Firefox - it breaks on ".<number>" class in CSS filter!
  $field_name = substr($spf, 0, 3) . '_name';
  $field_prefx = substr($spf, 10, mt_rand(3, 6));
  $secure_token = substr($spf, 4, -2) . '_form';
  $js_name = substr($myseed, 0, 10) . substr($spf, 6, 8);

  // Script name
  // Chop the token in 3 parts
  $chop1 = 2;
  $chop2 = mt_rand(5, 8);
  $js_tok1 = substr($secure_token, 0, $chop1);
  $field_dflt = $field_prefx . substr($secure_token, $chop1, $chop2);

  // What server sends to JS in the field.
  $js_tok2 = substr($secure_token, $chop1 + $chop2);

  // JS has to reconstruct the token form tok1, part of field_dflt, tok2
  $js_match = substr($field_dflt, 0, strlen($field_prefx) + mt_rand(2, $chop2));

  // What JS matches in the field
  $js_pos = strlen($field_prefx);

  // What position is the part of the token
  $recipe = new stdClass();
  $recipe->name = 'honeypot_js_field';
  $recipe->description = t('Insert JS+CSS+honeypot field');
  $recipe->description_bots = t('Bots will not run JS or will mess with the field value');
  $recipe->description_how = t('%parts is added to the form.', array(
    '%parts' => t('Honeypot field') . ',CSS , JS',
  )) . ' ' . t('CSS hides the input field.') . ' ' . t('JS enters key value into the field.');
  $recipe->error_field = $error_field;
  $recipe->error_text = _botcha_error_text_errorcode($spf) . '<li>' . _botcha_error_text_javascript() . '<li>' . _botcha_error_text();
  $recipe->form_elements = array(
    $field_name => array(
      '#type' => 'textfield',
      '#title' => t('Enter your name'),
      // Leave the bot enough hints for it to guess it is a good name field
      '#default_value' => $field_dflt,
      // Store part of secure_token
      '#description' => t('Your first name.'),
      // This is for human users without CSS.
      '#prefix' => '<div class="' . $field_class . '">' . '<span class="description"> (' . t('If you\'re a human, don\'t change the following field') . ')</span>',
      '#suffix' => '</div>' . _botcha_error_noscript(),
      '#attributes' => array(
        'class' => $field_class,
        'autocomplete' => 'off',
      ),
      '#weight' => -20,
      '!valid_token' => $secure_token,
    ),
  );
  $selector = "input.{$field_class}";
  $recipe->css = 'div.' . $field_class . ' { display: none; visibility: hidden; }';
  $recipe->js = <<<END
Drupal.behaviors.{<span class="php-variable">$js_name</span>} = function() {
  \$("{<span class="php-variable">$selector</span>}").each(function() {
    f=\$(this)[0];
    if (f.value.indexOf("{<span class="php-variable">$js_match</span>}")==0){f.value="{<span class="php-variable">$js_tok1</span>}"+f.value.substring({<span class="php-variable">$js_pos</span>})+"{<span class="php-variable">$js_tok2</span>}";}
  });
};
END;

  // Note: There is a jQuery+Firefox+FireBug bug ($(document).ready)
  // on POST under FireBug - http://bugs.jquery.com/ticket/7688
  return $recipe;
}