This is a little hack to hopefully stop some of the spam that gets posted into a phpBB forum. It uses javascript to dynamically set a cookie and a hidden token on the browser that is then checked by the server.
<?php $ct = mktime(); setcookie('token',md5('some random value'.$ct), 0, '/'); header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); header("Cache-Control: no-store, no-cache, must-revalidate"); header("Cache-Control: post-check=0, pre-check=0", false); header("Pragma: no-cache"); echo $ct; ?>
-- find -- prepare_post($mode, $post_data, $bbcode_on, $html_on, $smilies_on, $error_msg, $username, $bbcode_uid, $subject, $message, $poll_title, $poll_options, $poll_length); -- add below -- #Spam Hack if ( $error_msg == '' ) { $proceed = false; $seconds = 60*10; // 10 minutes //echo '<h1>Testing:</h1><p>Cookie: '.$_COOKIE['token'].'<br />Timestamp: '. $_POST['ts'].'</p>'; if(isset($_POST['ts']) && isset($_COOKIE['token']) && $_COOKIE['token'] == md5('some random value'.$_POST['ts'])) $proceed = true; if(!$proceed) { $error_msg = 'Form processing halted for suspicious activity'; } if(((int)$_POST['ts'] + $seconds) < mktime()) { $error_msg = 'Too much time elapsed'; } } #Spam Hack
-- find -- <form action="{S_POST_ACTION}" method="post" name="post" onsubmit="return checkForm(this)" class="secure"> -- replace with -- <!-- SPAM HACK --> <script src="jquery.js"></script> <script type="text/javascript"> $(document).ready(function(){ $('.warning').remove(); $.get("token.php",function(txt){ $(".secure").append('<input type="hidden" name="ts" value="'+txt+'" />'); }); }); </script> <!-- SPAM HACK --> <form action="{S_POST_ACTION}" method="post" name="post" onsubmit="return checkForm(this)" class="secure">