/**
* This file implements the "block_replay" spam hurdle. This hurdle will
* block form post replay attacks, by handing out keys to forms,
* which can only be used once to submit a form. If a spam bot tries to
* replay a form post, the post key will no longer be valid and the
* form post is blocked.
*
* Note that the default spam hurdles data cannot be used indefinitely
* to replay form posts (because of the TTL). However, this hurdle will
* make sure that the data can *never* be used twice, while the default
* spam hurdles data remains usable during its configured TTL.
*
* The advantage of the default TTL schema, is that no database storage
* is needed to record what keys have been used. This hurdle does need
* this storage, so it will result in extra database activity.
*/
function spamhurdle_block_replay_init($data)
{
$data['key'] = spamhurdles_generate_key();
return $data;
}
function spamhurdle_javascript_signature_init($data)
{
$rand = spamhurdles_generate_key();
$data['sig'] = array(substr($rand, 0, 8), substr($rand, 8, 8));
return $data;
}
