Hack Name: Spam protection with asking three random chars from a random string of chars.
Description: From 10 random letters, people will have to count what letterls the spam protection is asking for (it asks for 3 letters). In example from abcdefghij, one must count first, seventh and fourth char (agd). What char is must be given, is also randomized.
Author: Ifa
Find
if($comments == ""){
echo("<div style=\"text-align: center;\">Sorry but the comment can not be blank
[url=]go back[/url]</div>");
$CN_HALT = TRUE;
break 1;
}
And add below it
$pass = FALSE;
if (htmlentities($_POST['letters'], ENT_QUOTES, 'UTF-8'))
{
$letters = str_split(substr(htmlentities($_POST['letters'], ENT_QUOTES, 'UTF-8'), 0, 3));
print_r($letters);
$random_letters = str_split(htmlentities($_POST['cba'], ENT_QUOTES, 'UTF-8'));
$order = str_split(htmlentities($_POST['abc'], ENT_QUOTES, 'UTF-8'));
foreach ($order as $key => $check)
{
if ($random_letters[$check] == $letters[$key]) $pass = TRUE;
else
{
$pass = FALSE;
break;
}
}
}
if (!$pass)
{
echo("<div style=\"text-align: center;\">Spam protection check failed,
[url=]go back[/url]</div>");
$CN_HALT = TRUE;
break 1;
}
Find
$template_form = str_replace("{smilies}", $smilies_form, $template_form);
echo"<form $CN_remember_form method=\"post\" name=\"comment\" id=\"comment\" action=\"\">".$template_form."<div><input type=\"hidden\" name=\"subaction\" value=\"addcomment\" /><input type=\"hidden\" name=\"ucat\" value=\"$ucat\" /><input type=\"hidden\" name=\"show\" value=\"$show\" />$user_post_query</div></form>
\n $CN_remember_include";
And replace it with
function r_letters($nc, $a='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0')
{
$l = strlen($a) - 1;
$r = '';
while($nc-->0) $r .= $a{mt_rand(0,$l)};
return $r;
}
$words_array = array ('first', 'second', 'third', 'fourth', 'fifth', 'sixth', 'seventh', 'eight', 'ninth', 'tenth');
$first = $words_array[mt_rand (0, 9)];
$second = $words_array[mt_rand (0, 9)];
$third = $words_array[mt_rand (0, 9)];
$random_letters = r_letters(10);
$template_form = str_replace("{r-letters}", $random_letters, $template_form);
$template_form = str_replace("{letter-input}", "<input type=\"text\" name=\"letters\" />",$template_form);
$template_form = str_replace("{first}", $first ,$template_form);
$template_form = str_replace("{second}", $second ,$template_form);
$template_form = str_replace("{third}", $third ,$template_form);
$template_form = str_replace("{smilies}", $smilies_form, $template_form);
echo"<form $CN_remember_form method=\"post\" name=\"comment\" id=\"comment\" action=\"\">".$template_form."<div><input type=\"hidden\" name=\"subaction\" value=\"addcomment\" /><input type=\"hidden\" name=\"ucat\" value=\"$ucat\" /><input type=\"hidden\" name=\"show\" value=\"$show\" />$user_post_query
<input type=\"hidden\" name=\"cba\" value=\"".$random_letters."\" /><input type=\"hidden\" name=\"abc\" value=\"".array_search($first, $words_array).array_search($second, $words_array).array_search($third, $words_array)."\" />
</div></form>\n $CN_remember_include";
Now, in your Add comment form template, you can use the following:
{r-letters} - shows 10 randomly generated letters.
{letter-input} - the text field where users type the 3 letters
{first}, {second} and {third} will output witch letters users should type (ie Please type the {first}, the {second} and the {third} letter)