added: antispam mechanism

each html form has a hidden form_id and counter_id
counter_id on the client side is generated through javascript code
on the server the form_id and counter_id is stored in the session
after sending the html form the server checks the form_id and counter_id




git-svn-id: svn://ttmath.org/publicrep/winix/trunk@1116 e52654a7-88a9-db11-a3e9-0013d4bc506e

winixd/functions/functions.cpp

@@ -487,7 +487,43 @@ void Functions::CheckGetPostTimes(time_t difference)
 
 
 
-// !!uwaga zwracana warto<74><6F> zmieniona (true/false)
+
+bool Functions::CheckAntispamCounter()
+{
+	if( !cur->session->puser )
+	{
+		long form_id = Tol(cur->request->PostVar(L"winix_form_id"));
+		long counter_id = Tol(cur->request->PostVar(L"winix_form_counter"));
+		auto i = cur->session->antispan.find(form_id);
+
+		if( i != cur->session->antispan.end() )
+		{
+			if( i->second != counter_id )
+			{
+				log << log2 << "AP: you have provided a different counter, expecting: " << i->second << ", given: " << counter_id << logend;
+				cur->session->antispan.erase(i);
+				return true;
+			}
+			else
+			{
+				cur->session->antispan.erase(i);
+				log << log2 << "AP: provided a correct counter for this form" << logend;
+			}
+		}
+		else
+		{
+			log << log2 << "AP: nonexisting form_id" << logend;
+			return true;
+		}
+	}
+
+	return false;
+}
+
+
+
+// !!uwaga zwracana wartosc zmieniona (true/false)
+// !! IMPROVE ME in emacs.cpp there is a similar function
 bool Functions::CheckAbuse()
 {
 	if( !system->rebus.CheckRebus() )
@@ -496,6 +532,11 @@ bool Functions::CheckAbuse()
 		return true;
 	}
 
+	if( CheckAntispamCounter() )
+	{
+		return true;
+	}
+
 	CheckGetPostTimes();
 
 	if( cur->session->spam_score > 0 )