added: antispam mechanism

each html form has a hidden form_id and counter_id
counter_id on the client side is generated through javascript code
on the server the form_id and counter_id is stored in the session
after sending the html form the server checks the form_id and counter_id




git-svn-id: svn://ttmath.org/publicrep/winix/trunk@1116 e52654a7-88a9-db11-a3e9-0013d4bc506e

winixd/functions/emacs.cpp

@@ -5,7 +5,7 @@
  */
 
 /* 
- * Copyright (c) 2008-2014, Tomasz Sowa
+ * Copyright (c) 2008-2018, Tomasz Sowa
  * All rights reserved.
  * 
  * Redistribution and use in source and binary forms, with or without
@@ -81,6 +81,8 @@ bool Emacs::HasAccess()
 
 
 
+// !! IMPROVE ME in functions.cpp there is a similar function
+/*
 bool Emacs::PostEmacsCheckAbuse(bool adding)
 {
 	if( !system->rebus.CheckRebus() )
@@ -101,6 +103,7 @@ bool Emacs::PostEmacsCheckAbuse(bool adding)
 
 return true;
 }
+*/
 
 
 // !! zmienic nazwy 
@@ -152,7 +155,7 @@ void Emacs::MakePost()
 	if( adding )
 		functions->SetUser(cur->request->item); // set user before checking the rebus
 
-	if( !PostEmacsCheckAbuse(adding) )
+	if( functions->CheckAbuse() )
 		return;
 
 	if( adding )

winixd/functions/emacs.h

@@ -5,7 +5,7 @@
  */
 
 /* 
- * Copyright (c) 2010-2014, Tomasz Sowa
+ * Copyright (c) 2010-2018, Tomasz Sowa
  * All rights reserved.
  * 
  * Redistribution and use in source and binary forms, with or without
@@ -56,7 +56,6 @@ public:
 private:
 
 	bool HasAccess(const Item & item); // !! takie funkcje to nie powinny byc skladowe modelu?
-	bool PostEmacsCheckAbuse(bool adding);
 	void DoRedirectIfNeeded(bool adding);
 	int NotifyCodeEdit();
 	int NotifyCodeAdd();

winixd/functions/functions.cpp

@@ -487,7 +487,43 @@ void Functions::CheckGetPostTimes(time_t difference)
 
 
 
-// !!uwaga zwracana warto<74><6F> zmieniona (true/false)
+
+bool Functions::CheckAntispamCounter()
+{
+	if( !cur->session->puser )
+	{
+		long form_id = Tol(cur->request->PostVar(L"winix_form_id"));
+		long counter_id = Tol(cur->request->PostVar(L"winix_form_counter"));
+		auto i = cur->session->antispan.find(form_id);
+
+		if( i != cur->session->antispan.end() )
+		{
+			if( i->second != counter_id )
+			{
+				log << log2 << "AP: you have provided a different counter, expecting: " << i->second << ", given: " << counter_id << logend;
+				cur->session->antispan.erase(i);
+				return true;
+			}
+			else
+			{
+				cur->session->antispan.erase(i);
+				log << log2 << "AP: provided a correct counter for this form" << logend;
+			}
+		}
+		else
+		{
+			log << log2 << "AP: nonexisting form_id" << logend;
+			return true;
+		}
+	}
+
+	return false;
+}
+
+
+
+// !!uwaga zwracana wartosc zmieniona (true/false)
+// !! IMPROVE ME in emacs.cpp there is a similar function
 bool Functions::CheckAbuse()
 {
 	if( !system->rebus.CheckRebus() )
@@ -496,6 +532,11 @@ bool Functions::CheckAbuse()
 		return true;
 	}
 
+	if( CheckAntispamCounter() )
+	{
+		return true;
+	}
+
 	CheckGetPostTimes();
 
 	if( cur->session->spam_score > 0 )

winixd/functions/functions.h

@@ -221,6 +221,7 @@ private:
 	void CheckFunctionFollowDir(bool was_default_function);
 	void CheckFunctionFollowSymlink(bool was_default_function);
 
+	bool CheckAntispamCounter();
 };