[php-blog-cvs] serendipity/plugins/serendipity_event_spamblock serendipity_event_spamblock.php,1.1,1.2

[Garvin H. <gar...@us...>]

Update of /cvsroot/php-blog/serendipity/plugins/serendipity_event_spamblock
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv606

Modified Files:
	serendipity_event_spamblock.php 
Log Message:
* Output when a message was not stored.
* Disallow mass-posting of comments. Only one comment per IP every 2 minutes is allowed. That's pretty much the only measurement I know of which effectively blogs multi-comment spam. Referer detection and content analysis can be tricked to easily. Only kaptchas will block that kind of abuse...


Index: serendipity_event_spamblock.php
===================================================================
RCS file: /cvsroot/php-blog/serendipity/plugins/serendipity_event_spamblock/serendipity_event_spamblock.php,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- serendipity_event_spamblock.php	1 Sep 2004 14:15:10 -0000	1.1
+++ serendipity_event_spamblock.php	3 Sep 2004 15:00:17 -0000	1.2
@@ -4,6 +4,9 @@
     default:
         @define('PLUGIN_EVENT_SPAMBLOCK_TITLE', 'Spam-Protection');
         @define('PLUGIN_EVENT_SPAMBLOCK_DESC', 'Protection of comment spam, ... (ALPHA)');
+        @define('PLUGIN_EVENT_SPAMBLOCK_ERROR_BODY', 'SPAM Prevention detected invalid message. Comment not added.');
+        @define('PLUGIN_EVENT_SPAMBLOCK_ERROR_IP', 'SPAM Prevention asks you to not mass-post comments to this blog. Comment not added.');
+
         break;
 }
 
@@ -34,11 +37,23 @@
             switch($event) {
                 case 'frontend_saveComment':
                     if (!is_array($eventData) || serendipity_db_bool($eventData['allow_comments'])) {
+
                         // Check for identical comments.
                         $query = "SELECT count(id) AS counter FROM {$serendipity['dbPrefix']}comments WHERE body = '" . serendipity_db_escape_string($addData['comment']) . "'";
                         $row   = serendipity_db_query($query, true);
                         if (is_array($row) && $row['counter'] > 0) {
                             $eventData = array('allow_comments' => false);
+                            $serendipity['messagestack']['comments'][] = PLUGIN_EVENT_SPAMBLOCK_ERROR_BODY;
+                            return false;
+                        }
+
+                        // Check last IP
+                        $query = "SELECT max(timestamp) AS last_post FROM {$serendipity['dbPrefix']}comments WHERE ip = '" . serendipity_db_escape_string($_SERVER['REMOTE_ADDR']) . "'";
+                        $row   = serendipity_db_query($query, true);
+                        if (is_array($row) && $row['last_post'] > (time() - 120)) {
+                            $eventData = array('allow_comments' => false);
+                            $serendipity['messagestack']['comments'][] = PLUGIN_EVENT_SPAMBLOCK_ERROR_IP;
+                            return false;
                         }
                     }