1<?php if (!defined('BB2_CORE')) die('I said no cheating!');
2
3// All tests which apply specifically to POST requests
4function bb2_post($settings, $package)
5{
6	// Check blackhole lists for known spam/malicious activity
7	// require_once(BB2_CORE . "/blackhole.inc.php");
8	// bb2_test($settings, $package, bb2_blackhole($package));
9
10	// MovableType needs specialized screening
11	if (stripos($package['headers_mixed']['User-Agent'], "MovableType") !== FALSE) {
12		if (strcmp($package['headers_mixed']['Range'], "bytes=0-99999")) {
13			return "7d12528e";
14		}
15	}
16
17	// Trackbacks need special screening
18	$request_entity = $package['request_entity'];
19	if (isset($request_entity['title']) && isset($request_entity['url']) && isset($request_entity['blog_name'])) {
20		require_once(BB2_CORE . "/trackback.inc.php");
21		return bb2_trackback($package);
22	}
23
24	// Catch a few completely broken spambots
25	foreach ($request_entity as $key => $value) {
26		$pos = strpos($key, "	document.write");
27		if ($pos !== FALSE) {
28			return "dfd9b1ad";
29		}
30	}
31
32	// If Referer exists, it should refer to a page on our site
33	if (!$settings['offsite_forms'] && array_key_exists('Referer', $package['headers_mixed']) && stripos($package['headers_mixed']['Referer'], $package['headers_mixed']['Host']) === FALSE) {
34		return "cd361abb";
35	}
36
37	// Screen by cookie/JavaScript form add
38	if (isset($_COOKIE[BB2_COOKIE])) {
39		$screener1 = explode(" ", $_COOKIE[BB2_COOKIE]);
40	} else {
41		$screener1 = array(0);
42	}
43	if (isset($_POST[BB2_COOKIE])) {
44		$screener2 = explode(" ", $_POST[BB2_COOKIE]);
45	} else {
46		$screener2 = array(0);
47	}
48	$screener = max($screener1[0], $screener2[0]);
49
50	if ($screener > 0) {
51		// Posting too fast? 5 sec
52		// FIXME: even 5 sec is too intrusive
53		// if ($screener + 5 > time())
54		//	return "408d7e72";
55		// Posting too slow? 48 hr
56		if ($screener + 172800 < time())
57			return "b40c8ddc";
58
59		// Screen by IP address
60		$ip = ip2long($package['ip']);
61		$ip_screener = ip2long($screener[1]);
62//		FIXME: This is b0rked, but why?
63//		if ($ip && $ip_screener && abs($ip_screener - $ip) > 256)
64//			return "c1fa729b";
65
66		if (!empty($package['headers_mixed']['X-Forwarded-For'])) {
67			$ip = $package['headers_mixed']['X-Forwarded-For'];
68		}
69		// Screen for user agent changes
70		// User connected previously with blank user agent
71//		$q = bb2_db_query("SELECT `ip` FROM " . $settings['log_table'] . " WHERE (`ip` = '" . $package['ip'] . "' OR `ip` = '" . $screener[1] . "') AND `user_agent` != '" . $package['user_agent'] . "' AND `date` > DATE_SUB('" . bb2_db_date() . "', INTERVAL 5 MINUTE)");
72		// Damnit, too many ways for this to fail :(
73//		if ($q !== FALSE && $q != NULL && bb2_db_num_rows($q) > 0)
74//			return "799165c2";
75	}
76
77	return false;
78}
79
80?>
81