/** * This file implements the "block_replay" spam hurdle. This hurdle will * block form post replay attacks, by handing out keys to forms, * which can only be used once to submit a form. If a spam bot tries to * replay a form post, the post key will no longer be valid and the * form post is blocked. * * Note that the default spam hurdles data cannot be used indefinitely * to replay form posts (because of the TTL). However, this hurdle will * make sure that the data can *never* be used twice, while the default * spam hurdles data remains usable during its configured TTL. * * The advantage of the default TTL schema, is that no database storage * is needed to record what keys have been used. This hurdle does need * this storage, so it will result in extra database activity. */ function spamhurdle_block_replay_init($data) { $data['key'] = spamhurdles_generate_key(); return $data; }
function spamhurdle_javascript_signature_init($data) { $rand = spamhurdles_generate_key(); $data['sig'] = array(substr($rand, 0, 8), substr($rand, 8, 8)); return $data; }