Location: PHPKode > projects > SEO Filter > seofilter-1.2.3/src/seofilter/plugins/anti_spam/anti_spam.plugin.php
<?php

/**
 * anti_spam.plugin.php
 *
 * Scans the buffer and if it finds external links
 * adds rel="nofollow" attribute to avoid page rank leaking.
 *
 * @author   Svetoslav Marinov <hide@address.com>
 * @version  1.0
 * @package  anti_spam
 */

class seofilter_plugin_anti_spam extends seofilter_plugin {

    var $version = 1.0;

    /**
     * this text can be added before each form to inform the user if he/she has JavaScript disabled.
     *
     * @var string
     */
    var $noscript = "<noscript>For normal operation of the form you need JavaScript functionality enabled.</noscript>\n";

    /**
     * Contructor
     * Plugin can be executed as
     * PRE, POST, INPUT, OUTPUT Filter
     *
     * @param   void
     * @access  public
     */
    function seofilter_plugin_anti_spam() {
    }

    /**
     * $event can be executed
     * PRE, POST, INPUT, OUTPUT Filter
     *
     * @param   constant
     * @access  public
     * @return  bool
     */
    function execute($event)
    {
      // Checking if spammer has filled in the variable that is supposed to be empty
      if ($event == SEOFILTER_EVENT_INPUT) {
          // #1 This should be empty, if it's not treat as a spam.
          // #2 If code2 is present it has to have the format __sf_as_code2_12345678 where 12345678 is unix time stamp added using JavaScript
          // #2 will be effective if bots try to be smart and get all the form fields and fill out random values
          if (!empty($_REQUEST['__sf_as_code']) ||
                (isset($_REQUEST['__sf_as_code2']) && !preg_match('#^__sf_as_code2_\d+$#', $_REQUEST['__sf_as_code2']))) {
            seofilter_http_redirect($_SERVER['REQUEST_URI']);
            $this->status(SEOFILTER_STATUS_EXIT);
            return false;
          }
      }

      if ($event == SEOFILTER_EVENT_PRE) {
        $params = $this->params();
        $buffer = $this->content();

        // Do we have any forms ?
        if (!empty($buffer) && (false !== strpos($buffer, '<form'))) {
            // Replace links starting with http or https not followed by *white list* domains.
            //<form action="/forum/" onsubmit="this.action='login.php';" method="post" target="_top">
            // <form action="profile.php"  method="post">
            //$buffer = preg_replace("#(<form [^>]*>)#si",
            $buffer = preg_replace_callback(
                        '#'
                        . '(<form[^>]*?action\s*=' # #1 beginning of the form + quote
                        . '(?:[\"\']|\s*))'
                        . '([^\"\'\s]*)'    # #2 form action enclosed in quotes
                        . '((?:[\"\']|\s*)'      # #3 closing quote and other form attributes
                        . '[^>]*)(>)'       # #4 closing >
                        . '#six',
                  array(&$this, '_correct_form'), $buffer);
              // inform the main module that the content has been modified
              $this->status(SEOFILTER_STATUS_CONTENT_CHANGED);
              $this->content($buffer);
          }
      }

      return true;
    }

    /**
     * Performs update of the <form...>
     *
     * @param   array $matches
     * @return  string
     * @access  private
     */
    function _correct_form($matches = array())
    {
        // We skip forms that have onsubmit action and empty actions
        if (strpos(strtolower($matches[0]), 'onsubmit')
                || strlen(trim($matches[2])) == 0) {
            return $matches[0];
        }

        $form   = '';
        $params = $this->params();

        if (isset($params['add_noscript'])) {
            $form .= $this->noscript;
        }

        $new_action     = 'http://' . $_SERVER['SERVER_NAME'] . (($_SERVER['SERVER_PORT'] != 80) ? ':' . $_SERVER['SERVER_PORT'] : '') . dirname($_SERVER['REQUEST_URI']);
        $fixed_action   = $matches[2];

        $fixed_action1   = substr($fixed_action, 0, strlen($fixed_action) / 2);
        $fixed_action2   = substr($fixed_action, strlen($fixed_action) / 2);

        // This has been breaking the forms' actions
        // I'll leave the form action intact and just set it using javascript.
//        $fixed_action = 'decodeURIComponent(\'' . rawurlencode(utf8_encode($fixed_action1)) . '\') + decodeURIComponent(\'' . rawurlencode(utf8_encode($fixed_action2)) . '\')';
//        $fixed_action = 'decodeURIComponent(\'' . rawurlencode(utf8_encode($fixed_action)) . '\')';
//        $fixed_action = 'unescape(\'' . rawurlencode($fixed_action) . '\')';

        $form .= $matches[1] . $new_action . $matches[3] . " onsubmit=\"this.action='{$fixed_action}';\" " . $matches[4];

        $form .= "\n" . '<input type="hidden" id="__sf_as_code" name="__sf_as_code" value="" />' . "\n";
        $form .= "" . '<input type="input" id="__sf_as_code2" name="__sf_as_code2" value="" style="display:none;" />' . "\n";

        $form .= "\n" . '<script type="text/javascript">' . "\n";
        $form .= "" . "document.getElementById('__sf_as_code2').value = '__sf_as_code2_' + new Date().getTime();"."\n";
        $form .= "\n" . "</script>\n";

        return $form;
    }
}

?>
Return current item: SEO Filter