/**
* Check the trackback for spam (currently using Hardened Trackback if enabled).
*
* @return void
*/
function killtrackbackspam()
{
global $Pivot_Vars, $Paths, $Cfg;
// Do nothing if hardened trackback isn't enabled.
if ($Cfg["hardened_trackback"] != 1) {
return true;
}
$keydir = $Paths["pivot_path"] . "db/tbkeys/";
if (strlen($Pivot_Vars["key"]) < 32) {
logspammer('tampered key: invalid length', "htrackback", urldecode($Pivot_Vars['url']));
exit;
} else {
if (!preg_match('/^[a-f0-9]{32}$/', $Pivot_Vars["key"])) {
logspammer('tampered key: invalid characters found', "htrackback", urldecode($Pivot_Vars['url']));
exit;
}
if (file_exists($keydir . $Pivot_Vars["key"])) {
$offset = timediffwebfile();
if (time() - filectime($keydir . $Pivot_Vars["key"]) > 900 + $offset) {
@unlink($keydir . $Pivot_Vars["key"]);
// pbl_suspectIP($aConfig["blockstrikes"]);
logspammer(stripslashes(urldecode($Pivot_Vars['excerpt'])), "htrackback", urldecode($Pivot_Vars['url']));
exit;
}
} else {
logspammer('key not found', "htrackback");
exit;
}
unlink($keydir . $Pivot_Vars["key"]);
}
}
$tburl = $Paths["host"] . $Paths["pivot_url"] . "tb.php?tb_id=" . $_GET["id"] . "&key=";
if (!strstr($_SERVER["HTTP_REFERER"], $_SERVER["SERVER_NAME"])) {
// Creating a bogus key
$tbkey = md5(microtime());
debug("hardened trackbacks: illegal request - creating bogus key");
} else {
makedir($keydir);
$tbkey = md5($Cfg['server_spam_key'] . $_SERVER["REMOTE_ADDR"] . $_GET["id"] . time());
if (!touch($keydir . $tbkey)) {
debug("hardened trackbacks: directory {$keydir} isn't writable - can't create key");
} else {
chmod_file($keydir . $tbkey);
}
}
// Getting the time offset between the web and file server (if there is any)
$offset = timediffwebfile($tbkey_debug);
// delete keys older than 15 minutes
$nNow = time();
$handle = opendir($keydir);
while (false !== ($file = readdir($handle))) {
$filepath = $keydir . $file;
if (!is_dir($filepath) && $file != "index.html") {
$Diff = $nNow - filectime($filepath);
if ($Diff > 60 * 15 + $offset && $tbkey_debug != true) {
unlink($filepath);
}
}
}
closedir($handle);
echo "\nvar tbkey='{$tbkey}';\n";
echo <<<EOM
/**
* Check the trackback for spam (currently using Hardened Trackback if enabled).
*
* @return void
*/
function killtrackbackspam()
{
global $PIVOTX;
// Do nothing if hardened trackback isn't enabled.
if ($PIVOTX['config']->get('hardened_trackback') != 1) {
return true;
}
$keydir = $PIVOTX['paths']["db_path"] . "tbkeys/";
$key = $_GET["key"];
if (strlen($key) < 32) {
logspammer('tampered key: invalid length', "htrackback", $_POST['url']);
exit;
} else {
if (!preg_match('/^[a-f0-9]{32}$/', $_GET["key"])) {
logspammer('tampered key: invalid characters found', "htrackback", $_POST['url']);
exit;
}
if (file_exists($keydir . $key)) {
$offset = timediffwebfile();
if (time() - filectime($keydir . $key) > 900 + $offset) {
@unlink($keydir . $key);
// pbl_suspectIP($aConfig["blockstrikes"]);
logspammer(stripslashes($_POST['excerpt']), "htrackback", $_POST['url']);
exit;
}
} else {
logspammer('key not found', "htrackback");
exit;
}
unlink($keydir . $key);
}
}
