Código fuente de WP-Morph

Aquí os pongo el código fuente del plugin WP-Morph anti-Spam para Wordpress, que se puede descargar aquí. Me gustaría que me contárais qué os parece. Después comentaré los puntos más importantes e interesantes:


<?php // -*- mode: php -*- vim: expandtab ts=8 sw=8
/*
Plugin Name: WP-Morph
Plugin URI: http://wordpress.org/#
Description: Fool spammers by creating a complicated javascript program to be executed by a real browser.
Author: Diego Sevilla Ruiz
Version: 1.0
Author URI: http://neuromancer.inf.um.es/blog
Id: $Id: wp-morph.php 500 2005-03-15 20:39:58Z dsevilla $
*/

/// Put some random value here!!!
// Greater than 0, and less than 1000000
$rnd_val = xxx;
/// Put some random value here!!!


// Check the result through the MD5 sum.
function morph_check_md5($comment) {
    global
$rnd_val;
    
    
// Check the fast check :)
    
if ('spammers_go_home' == trim(strip_tags($_POST['checkpoint'])) )
    {
        
// Check that md5 of check is the same than produced
        
$v = $_POST['calc_value'];
        
        
// This value cannot be known by spammers
        
$v += $rnd_val;
        
        
$v = md5($v);
        
        if (
$v == $_POST['result_md5'])
        {
            return
$comment;
        }
    }
    
    die(
"Spammer, go home" );
}

add_filter('post_comment_text', 'morph_check_md5');

// Output form actions
function morph_output_form_items($page) {
    global
$rnd_val;
    
    
// We have three arrays of random size. Complicated calculus can
    // be made here.
    // 6 to 20 variables
    
$nvars = rand(6,20);
    
$maxval = rand(1000,10000);
    
$vvv = array();
    
    for (
$i = 0 ; $i < $nvars; $i++)
    {
        
$v = rand(1,$maxval - 1);
        
$js_str .= 'v' . $i . '=' . $v . ';';
        
$vvv[$i] = $v;
    }
    
    
$nops = rand(3,20);
    for (
$i = 0; $i < $nops; $i++)
    {
        
// Operator
        
$op = rand(0,5);
        
        
// Select two variables and result, random
        
$v1 = rand(0, $nvars - 1);
        
$v2 = rand(0, $nvars - 1);
        
$v3 = rand(0, $nvars - 1);
        
        switch(
$op)
        {
            
// +
            
case '0':
            
$vvv[$v3] = ($vvv[$v1] + $vvv[$v2]) % $maxval;
            
$js_str .= 'v'.$v3.'=(v'.$v1
            
. '+v'.$v2.')%'. $maxval .';';
            break;
            
// -
            
case '1':
            
$vvv[$v3] = ($vvv[$v1] - $vvv[$v2]) % $maxval;
            
$js_str .= 'v'.$v3.'=(v'.$v1
            
. '-v'.$v2.')%'. $maxval .';';
            break;
            
// *
            
case '2':
            
$vvv[$v3] = ($vvv[$v1] * $vvv[$v2]) % $maxval;
            
$js_str .= 'v'.$v3.'=(v'.$v1
            
. '*v'.$v2.')%'. $maxval .';';
            break;
            
            
// if, >
            
case '3':
            
$v4 = rand (1, $maxval - 1);
            
            
$js_str .= 'if ( v' . $v1 . ' > '. $v4 . ')
            { v'
. $v2 . ' = v' . $v3 . '; }';
            
            if (
$vvv[$v1] > $v4)
            {
                
$vvv[$v2] = $vvv[$v3];
            }
            break;
            
            
// if, <
            
case '4':
            
$v4 = rand (1, $maxval - 1);
            
            
$js_str .= 'if ( v' . $v1 . ' < '. $v4 . ')
            { v'
. $v2 . ' = v' . $v3 . '; }';
            
            if (
$vvv[$v1] < $v4)
            {
                
$vvv[$v2] = $vvv[$v3];
            }
            break;
            
            
// while
            
case '5':
            
$v4 = rand (1, 100);
            
            
// Quick and dirty check
            
if ($v1 == $v2)
            break;
            
            
$js_str .= 'v'. $v1 .'=Math.abs(v'.$v1.');
            v'
. $v1 .'%='. $v4 .'; while (v'.$v1.'--) {
            v'
. $v2.'++; }';
            
            
// Calc the final value
            
$vvv[$v1] = abs ($vvv[$v1]);
            
$vvv[$v2] += $vvv[$v1] % $v4;
            
$vvv[$v1] = -1;
            break;
        }
        
    }
    
    
$final_val = 0;
    
    
$js_str .= "eElement.value = (";
    for (
$i = 0 ; $i < $nvars; $i++)
    {
        if (
$i != 0)
        {
            
$js_str .= '+';
        }
        
$js_str .= 'v' . $i;
        
$final_val += $vvv[$i];
    }
    
    
    
$js_str .= ')%'. $maxval.';';
    
    
$final_val %= $maxval;
    
    
//$js_str .= '// '.$final_val;
    
    // Add the secret quantity
    
$final_val += $rnd_val;
    
    
// Calc the md5 of the value
    
$md5_value = md5($final_val);
    
    
// Write in hidden field
    
$page = str_replace('<input type="hidden" name="comment_post_ID"',
    
'<input type="hidden" name="checkpoint" value="spammers_go_home" />
    <input type="hidden" name="result_md5" value="'
    
. $md5_value . '" />
    <input type="hidden" id="chk" name="calc_value" value="" />
    <input type="hidden" name="comment_post_ID"'
, $page);
    
    
// The form action
    
$page = str_replace('<form',
    
'<form onsubmit="go_anti_spam();" ',
    
$page);
    
    
// The jscript
    
$page = str_replace('</head>', '<script type="text/javascript">
    
    function go_anti_spam()
    {
        eElement = document.getElementById("chk");
        if(!eElement){ return false; }
        else
        {
            '
.$js_str.'
            return true;
        }
    }</script></head>'
, $page);
    
    return
$page;
}

function
morph_call_output_items() {
    
ob_start('morph_output_form_items');
}

// Now we set that function up to execute when the wp_head action is called
add_action('wp_head', 'morph_call_output_items');

?>



blog comments powered by Disqus