function _botcha_recipe4 in BOTCHA Spam Prevention 7
Same name and namespace in other branches
- 6 botcha.botcha.inc \_botcha_recipe4()
Botcha recipe. FIXME: WORK IN PROGRESS. Making a css->js->form recipe
File
- ./
botcha.botcha.inc, line 383 - Implementation of botcha form logic.
Code
function _botcha_recipe4($form, $secret, $error_field) {
$myseed = 'itr_r4' . substr($secret, 0, 8);
$spf = md5($myseed . substr('secret', 0, -4));
$field_class = 'a' . substr($spf, 1, 4) . '_field';
// 'a' fix for Firefox - it breaks on ".<number>" class in CSS filter!
$field_name = substr($spf, 0, 3) . '_name';
$field_prefx = substr($spf, 10, mt_rand(3, 6));
$secure_token = substr($spf, 4, -2) . '_form';
$js_name = substr($myseed, 0, 10) . substr($spf, 6, 8);
// Script name
// Chop the token in 3 parts
$chop1 = 2;
$chop2 = mt_rand(5, 8);
$js_tok1 = substr($secure_token, 0, $chop1);
$field_dflt = $field_prefx . substr($secure_token, $chop1, $chop2);
// What server sends to JS in the field.
$css_tok2 = substr($secure_token, $chop1 + $chop2);
// JS has to reconstruct the token form tok1, part of field_dflt, tok2
$js_match = substr($field_dflt, 0, strlen($field_prefx) + mt_rand(2, $chop2));
// What JS matches in the field
$js_pos = strlen($field_prefx);
// What position is the part of the token
$recipe = new stdClass();
$recipe->name = 'honeypot_js_css2field';
$recipe->description = t('Insert JS+CSS+honeypot field');
$recipe->description_bots = t('Bots will not run JS or not load CSS or will mess with the field value');
$recipe->description_how = t('%parts is added to the form.', array(
'%parts' => t('Honeypot field') . ',CSS , JS',
)) . ' ' . t('CSS carries secret data and hides the input field.') . ' ' . t('JS enters key value into the field.');
$recipe->error_field = $error_field;
$recipe->error_text = _botcha_error_text_errorcode($spf) . '<li>' . _botcha_error_text_javascript() . '<li>' . _botcha_error_text();
$recipe->form_elements = array(
$field_name => array(
'#type' => 'textfield',
'#title' => t('Enter your name'),
// Leave the bot enough hints for it to guess it is a good name field
'#default_value' => $field_dflt,
// Store part of secure_token
'#description' => t('Your first name.'),
// This is for human users without CSS.
'#prefix' => '<div class="' . $field_class . '">' . '<span class="description"> (' . t('If you\'re a human, don\'t change the following field') . ')</span>',
'#suffix' => '</div>' . _botcha_error_noscript(),
'#attributes' => array(
'class' => array(
$field_class,
),
'autocomplete' => 'off',
),
'#weight' => -20,
'!valid_token' => $secure_token,
),
);
$selector = "input.{$field_class}";
$recipe->css = 'div.' . $field_class . ' { display: none; visibility: hidden; } input.' . $field_class . ' { font-family: sans-serif,"' . $css_tok2 . '" !important; }';
$recipe->js = <<<END
(function (\$) {
Drupal.behaviors.{<span class="php-variable">$js_name</span>} = {
attach: function (context, settings) {
\$("{<span class="php-variable">$selector</span>}").each(function() {
f=\$(this)[0];
tok2=\$.trim(\$(f).css('fontFamily').split(',')[1]);
if(tok2[0] == "'" || tok2[0] == '"') tok2=tok2.substring(1, tok2.length-1);
if (f.value.indexOf("{<span class="php-variable">$js_match</span>}")==0){f.value="{<span class="php-variable">$js_tok1</span>}"+f.value.substring({<span class="php-variable">$js_pos</span>})+tok2;}
});
}
};
}(jQuery));
END;
// Note: There is a jQuery+Firefox+FireBug bug ($(document).ready)
// on POST under FireBug - http://bugs.jquery.com/ticket/7688
return $recipe;
}