function _botcha_recipe3 in BOTCHA Spam Prevention 7
Same name and namespace in other branches
- 6 botcha.botcha.inc \_botcha_recipe3()
Botcha recipe.
1 string reference to '_botcha_recipe3'
File
- ./
botcha.botcha.inc, line 290 - Implementation of botcha form logic.
Code
function _botcha_recipe3($form, $secret, $error_field) {
$form_id = $form['#id'];
if (strpos($form_id, '-node-form') !== false) {
$js_form_id = 'node-form';
}
elseif (substr($form_id, 0, 7) == 'comment') {
$js_form_id = 'comment-form';
}
else {
$js_form_id = $form_id;
}
$myseed = 'itr_r3' . substr($secret, 0, 7);
$spf = md5($myseed . substr('secret', 0, -4));
$field_class = 'a' . substr($spf, 1, 4) . '_field';
// 'a' for Firefox ignores ".<number>" class in CSS filter!
$field_name = substr($spf, 0, 3) . '_name';
$field_name_url = substr($spf, 1, 4) . '_name';
$field_prefx = substr($spf, 10, mt_rand(3, 6));
$secure_token = substr($spf, 4, -2) . '_form';
$js_name = substr($myseed, 0, 10) . substr($spf, 6, 8);
// Script name
// Chop the token in 3 parts
$chop1 = 2;
$chop2 = mt_rand(5, 8);
$js_tok1 = substr($secure_token, 0, $chop1);
$field_dflt = $field_prefx . substr($secure_token, $chop1, $chop2);
// What server sends to JS in the field.
$js_tok2 = substr($secure_token, $chop1 + $chop2);
// JS has to reconstruct the token form tok1, part of field_dflt, tok2
$js_match = substr($field_dflt, 0, strlen($field_prefx) + mt_rand(2, $chop2));
// What JS matches in the field
$js_pos = strlen($field_prefx);
// What position is the part of the token
$recipe = new stdClass();
$recipe->name = 'obscure_url_field';
$recipe->description = t('Insert a new field into form action URL');
$recipe->description_bots = t('Bots will not run JS and miss the field');
$recipe->description_how = t('%parts is added to the form.', array(
'%parts' => 'JS',
)) . ' ' . t('JS enters key value into the field.');
$recipe->error_field = $error_field;
$recipe->error_text = _botcha_error_text_errorcode($spf) . '<li>' . _botcha_error_text_javascript() . '<li>' . _botcha_error_text();
// Add hidden field to keep part of the token
$recipe->form_elements = array(
$field_name => array(
'#type' => 'hidden',
'#default_value' => $field_dflt,
// Store part of secure_token
'#attributes' => array(
'class' => array(
$field_class,
),
),
'#weight' => 20,
),
);
// Describe URL field. JS will return token in URL field.
$recipe->url_elements = array(
$field_name_url => array(
'#type' => 'textfield',
'#default_value' => '',
'!valid_token' => $secure_token,
),
);
$selector = "input.{$field_class}";
$submit = _botcha_url($form['#action'], array(
'query' => array(
$field_name_url => '__replace__',
),
));
$submit = preg_replace('/__replace__/', $js_tok1 . '\'+v+\'' . $js_tok2, $submit);
$recipe->js = <<<END
(function (\$) {
Drupal.behaviors.{<span class="php-variable">$js_name</span>} = {
attach: function (context, settings) {
\$("{<span class="php-variable">$selector</span>}").each(function() {
f=\$(this)[0];
if (f.value.indexOf("{<span class="php-variable">$js_match</span>}")==0){
v=f.value.substring({<span class="php-variable">$js_pos</span>});
form=\$(this).parents("form#{<span class="php-variable">$js_form_id</span>}")[0];
\$(form)[0].action ='{<span class="php-variable">$submit</span>}';
}
});
}
};
}(jQuery));
END;
return $recipe;
}