CHips L pro

Current Path : /opt/cpanel/ea-php54/root/usr/share/pear/RVSeagullMod/lib/SGL/fsbb/
Upload File :
Current File : //opt/cpanel/ea-php54/root/usr/share/pear/RVSeagullMod/lib/SGL/fsbb/fsbb.php

// +----------------------------------------------------------------------+
// | formSpamBotBlocker 0.3                                               |
// +----------------------------------------------------------------------+
// | Date: 3 May 2007                                                     |
// +----------------------------------------------------------------------+
// | License: LGPL                                                        |
// +----------------------------------------------------------------------+
// | formSpamBotBlocker is a PHP class, that tries to prevent web form    |
// | submissions by spambots without having to interact with a human user.|
// | It generates <input type="hidden"> or visually hidden tags (CSS)     |
// | and checks their unique names and values to identify a spambot.      |
// | No CAPTCHA-, COOKIE or Javascript-based methods are used.            |
// +----------------------------------------------------------------------+
// | Author: Giorgos Tsiledakis <gt(at)corissia(dot)com>                  |
// +----------------------------------------------------------------------+
// Please take a look at the included documentation file first: readme.txt
// Use of the class:
// 1. Create the required <input> tags on the page contaning the web form:
// a. Optionally set your defaults in the class source file (public variables), set your own unique $initKey!
// b. Include the class in your script
// c. Create an object: $blocker=new formSpamBotBlocker();
// d. Optionally call public functions or set public variables to adapt your defaults to the current web form
// e. get the xhtml string: $hiddentags=$blocker->makeTags(); (if $hasSession=true, make sure you call makeTags() before the output of any html code, or you will get an error message!)
// f. within your web form: print $hiddentags;
// 2. Check if the $_POST or $_GET array contains the valid parametes on the target page
// if ($_POST){ // or $_GET
// 		$blocker=new formSpamBotBlocker();
// 		$nospam=false;
// 		$nospam=$blocker->checkTags($_POST); // or $_GET
//			if ($nospam) print "Valid Submission"; // handle valid request
// 			else print "Invalid Submission"; // handle invalid request
// 	} 
class formSpamBotBlocker{

//TODO: $initkey should be dynamically configure per RVSiteBuilder project.    
var $initKey="abcd1234"; // set some string here to make the encoded names and values hard to guess 
var $minutesAfterMidnight=20; // minutes after midnight to allow a submission of a form generated at the previous day
var $minTime=2; // time in seconds needed to have passed, before o form can be submitted, set also by setTimeWindow()
var $maxTime=600; // max time in seconds to submit a form, set also by setTimeWindow()
var $hasTrap=true; // true: a visually hidden input tag will be generated, set also by setTrap()
var $trapName="spambot"; // name of the visually hidden input tag, set also by setTrap()
var $trapLabel="Do not enter anything in this text box otherwise your message will not be sent!"; // label info to warn human users, who do not use CSS, set also by setTrap()
var $hasSession=true; // enables a session based method to prevent multiple submissions with the same parameters
// PUBLIC setTrap()
// param $bol: true to enable the trap tag, false to disable it [boolean, optional, default=true]
// param $name: if given, it sets the name of the trap tag [string, optional, default=false]
// param $label: if given, it sets the label of the trap tag [string, optional, default=false]
	function setTrap($bol=true,$name=false,$label=false){
		if ($bol==false) $this->hasTrap=false;
			if ($name) $this->trapName=$name;
			if ($label) $this->trapLabel=$label;
// PUBLIC setTimeWindow()
// param $min: time in seconds needed to have passed, before o form can be submitted [numeric, optional, default=2]
// param $max: max time in seconds to submit a form [numeric, optional, default=600]
	function setTimeWindow($min=2,$max=600){
	function formSpamBotBlocker(){

// PUBLIC makeTags() [string]
// generates the xhtml string for the required form input tags
	function makeTags(){
		if ($this->hasTrap) $out.=$this->trapID();
		return $out;
	var $aFsbbOpts = array();
	function getArrayTag(){
	    $sesNum= (isset($_SESSION[$this->sesName])) ? $_SESSION[$this->sesName] : "";
	    $this->aFsbbOpts[$this->keyName] = $this->codeInit;
        $tagName=substr($userID, $this->userIDNamestart, $this->userIDNameLength);
        $tagValue=substr($userID, $this->userIDValuestart, $this->userIDValueLength);
        $this->aFsbbOpts[$tagName] = $tagValue;
        $tagName=substr($this->enc($today.$this->initKey), $this->dynIDNamestart, $this->dynIDNameLength);
        $this->aFsbbOpts[$tagName] = $tagValue;
        if ($this->hasTrap){
             $this->aFsbbOpts[$this->trapName] = '';

// PUBLIC checkTags() [boolean]
// param $arr: the $_POST or $_GET array sent by a form
// checks if there are valid parameters in the $arr array
	function checkTags($arr=array()){
		if ($arr[$this->keyName] && $arr[$this->keyName] != ""){
		} else {
		    $msg = $this->keyName . ' hidden input field doesn\'t exist. ';
		    return false; 
		/* For DEBUG
		echo "\n enc:" . $this->enc('');
		echo "<br> 2enc:82958d5da23bac2f443368d98655722e";
		echo '<pre>';
		echo "\n \$this->sesName:" . $this->sesName;
		echo "\n \$this->keyName:". $this->keyName;
		echo "\n \$this->hasSession:" . $this->hasSession;
		echo "\n session";
		if (!$this->sessionCheck($arr[$this->keyName])) {
		    $msg = 'You already submit the form or the session has been changed after submitting the form. 
		                 If this occurs, please close your browser and submit the form again.';
		    return false;
		if (!$this->checkUserID($arr)) {
		    $msg = 'You must use the same IP and the same browser to access the form and the target page.';
		    return false;

		if (!$this->checkDynID($arr)) {
		    //check time to submit form around 2 second.
		    //checks if the form was submitted within the time period, set by minTime and maxTime variables
		    // Do not display $this->minTime to reduce the chance of robot to detect the minTime
            $msg = 'You submit the form faster than a specific time windows or longer than ' . $this->maxTime . ' seconds. 
                        If this occurs, please close your browser and submit the form again.';
		    return false;
		if (!$this->checkTrap($arr)) {		    
		    $msg = 'Unexpected value detected. There is a hidden trap form input which should be empty.';
		    return false;

        return true;
// PUBLIC getTagNames() [array]
// returns an array with the names of the generated form elements
// [0]: Name of the element that contains the generated key
// [1]: Name of the element that contains the generated userID
// [2]: Name of the element that contains the generated dynID
// [3]: Name of the element that contains the generated visually hidden element
	function getTagNames(){
		return $tagNames;
var $version="v0.3 (030507)";
var $keyName="fsbb_key";
var $sesName="fsbb_ses";
var $userIDName="";
var $dynIDName="";
var $dynTime="";
// PRIVATE sessionStart(), called in function makeTags()
// sets a session variable=0, if the public variable $hasSession==true, to prevent multiple submissions
var $countSession=0;	
function sessionStart($sid){
		if ($this->hasSession){
            * TODO: We need to ensure seagull session which 
            * 1. use different session cookie name than standard php
            * 2. use different session_save path  than standard php
            // $sessName = isset($conf['cookie']['name']) ? $conf['cookie']['name'] : 'SGLSESSID';
            // @session_name($sessName);
            // @session_set_cookie_params(....); # check example in /lib/SGL/Session.php 
            // @session_save_path('/home/user/.rvsitebuilder/project/var/tmp/);		    
// PRIVATE sessionCheck(), called in function checkTags()
// checks a session variable, if the public variable $hasSession==true, to prevent multiple submissions
	function sessionCheck($sid){
		if ($this->hasSession){
            /* Fix undefine index return true :apiruk 
            * TODO: This is wrong fix. If the session key is missing, it should return false. 
            * But need to ensure seagull session which 
            * 1. use different session cookie name than standard php
            * 2. use different session_save path than standard php
            // $sessName = isset($conf['cookie']['name']) ? $conf['cookie']['name'] : 'SGLSESSID';
            // @session_name($sessName);
            // @session_set_cookie_params(....); # check example in /lib/SGL/Session.php 
            // @session_save_path('/home/user/.rvsitebuilder/project/var/tmp/);
			if (!isset($_SESSION[$this->sesName]) || !isset($_SESSION[$this->keyName])) {
			    return true;

			$_SESSION[$this->sesName] = $_SESSION[$this->sesName]+1;
			$sesNum = $_SESSION[$this->sesName];
			$sesKey = $_SESSION[$this->keyName];
			/* DEBUG
			echo "\$sesNum:" . $sesNum;
			echo "\$sesKey:" . $sesKey;
			echo "\n \$sid:" . $sid;
			echo "\n enc:" . $this->enc($sid);
			if ($sesNum == 1 && $sesKey == $this->enc($sid)) { 
			    return true;
			} else {
  			    $_SESSION[$this->sesName] = $sesNum++;
				return false;
		} else {
		    return true;	
// PRIVATE userID() [string], called in function makeTags()
// generates the xhtml string for the hidden input tag, that contains some unique userID
	function userID(){
		$tagName=substr($userID, $this->userIDNamestart, $this->userIDNameLength);
		$tagValue=substr($userID, $this->userIDValuestart, $this->userIDValueLength);
		$out="<input type=\"hidden\" name=\"".$tagName."\" value=\"".$tagValue."\" />\n";
		return $out;
// PRIVATE dynID() [string], called in function makeTags()
// generates the xhtml string for the hidden input tag with a name, that changes daily
	function dynID(){
		$tagName=substr($this->enc($today.$this->initKey), $this->dynIDNamestart, $this->dynIDNameLength);
		$out="<input type=\"hidden\" name=\"".$tagName."\" value=\"".$tagValue."\" />\n";
		return $out;
// PRIVATE setCodeID() [string], called in function makeTags()
// generates the xhtml string for the hidden input tag, that contains the key do decrypt the code passed
	function setCodeID(){
		$out="<input type=\"hidden\" name=\"".$this->keyName."\" value=\"".$this->codeInit."\" />\n";
		return $out;
// PRIVATE trapID() [string], called in function makeTags()
// generates the xhtml string for the trag text input tag, that is hidden using CSS
// if CSS is disabled, a human user will be warned no to enter anything in this box
// It is a good idea to change the style="display:none" to class="somename"
// and set in your external CSS .somename {display:none;} to confuse spambots even more
	function trapID(){
		$out="<span style=\"display:none;visibility:hidden;\">\n";
		$out.="<label for=\"".$this->trapName."\">".$this->trapLabel."</label>\n";
		$out.="<input type=\"text\" name=\"".$this->trapName."\" id=\"".$this->trapName."\" value=\"\" />\n";
		return $out;
// PRIVATE intUserID() [string], called in function userID()
// generates the unique userID
	function intUserID(){
		return $userID;
// PRIVATE enc() [string]
// encoding method
	function enc($var,$method=false){
		if ($method=="base64") return base64_encode($var);
		else return md5($var);
// PRIVATE initCode(), called in function makeTags()
// generates the required parameters to encrypt the generated hidden names and values
	function initCode(){
// PRIVATE getCodeID(), called in function checkTags()
// sets the required perameters for the code decryption
	function getCodeID($key){
// PRIVATE checkUserID() [boolean], called by function checkTags()
// checks if there is a valid userID in an array specified
	function checkUserID($arr=array()){
		$tagName=substr($userID, $this->userIDNamestart, $this->userIDNameLength);
		$tagValue=substr($userID, $this->userIDValuestart, $this->userIDValueLength);
			foreach ($arr as $name=>$value){
				if ($tagName==$name && $tagValue==$value){
		return $found;
// PRIVATE checkDynID() [boolean], called by function checkTags()
// checks if there is a valid dynID in an array specified
	function checkDynID($arr=array()){
	    $found = false;
		$checktoday=substr($this->enc($today.$this->initKey), $this->dynIDNamestart, $this->dynIDNameLength);
		$checkyesterday=substr($this->enc($yesterday.$this->initKey), $this->dynIDNamestart, $this->dynIDNameLength);
			foreach ($arr as $name=>$value){
				if ($name==$checktoday OR ($name==$checkyesterday && $indelay<=0)){
					if ($this->checkSubmisionTime($val)){
		return $found;
// PRIVATE checkSubmisionTime() [boolean], called by function checkDynID()
// checks if the form was submitted within the time period, set by minTime and maxTime variables
	function checkSubmisionTime($var){
		if (($elapsed<$this->minTime) OR ($elapsed>$this->maxTime)) return false;
		else return true; 
// PRIVATE checkTrap() [boolean], called by function checkTags()
// checks if a parameter, hidden by CSS, has some value
	function checkTrap($arr = array()){
		$noTrap = true;
			foreach ($arr as $name=>$value){
				if ($name == $this->trapName && $value != "") $noTrap = false;
		return $noTrap;	
//function  use fsbb spam bot rvsitebuilder set

    function isnotSpamBot() {
        $param = false;
        $nospam = false;
        if ($_POST) {
            $param = $_POST;
        } elseif ($_GET) {
            $param = $_GET;
        if (!$param) {
            die("This script requires some POST or GET parameters from");
        $nospam = $this->checkTags($param);
        //skip validate spam
        if (defined('RVS_PUBLISH_PATH')) {
        	$fsbbPath = RVS_PUBLISH_PATH . '/scripts/fsbb';
        	if (is_file($fsbbPath . '/.skipValidateSpam')) {
        		$nospam = true;
        ///fix undefine index $submissions = $_SESSION[$this->sesName]; :apiruk
        $submissions = (isset($_SESSION[$this->sesName])) ? $_SESSION[$this->sesName] : '';
        return $nospam;
    function showWarning($msg)
        // funciton print_error in rvform.php
        if (function_exists('print_error')) {
        } else {
            echo sprintf('<div align="center"><font color="red">%s</font></div>', $msg);
//end class


Copyright 2K16 - 2K18 Indonesian Hacker Rulez