 | Forcing the spammer to pay the price (computing power) before submitting rubish to Your homepage (in comments or guestbook section for example). The user will have to create a new cryptographic value of a hidden field (Javascript code provided) and that may take 1 to 2 seconds, but may be more with RSA 1024....
This also do not allow robot to easily sumbit code without parsing Your HTML page before... User developer guide of the cryptographic component framework for Mambo: com_hashcash | | A version 1.0 will be release soon....GNU/GPL |
Developer Documentation
@component: com_hashcash
@copyright (C) 2005 Walter Cedric for Mambo Integration
@license http://www.gnu.org/copyleft/gpl.html GNU/GPL
Free Software
3rd partly Javascript 3rd partly PHP - MD5/RSA/SHA1 part of PHP language.
Based on: Kudo to all developer above! Thanks to GPL I do not have to reinvent the wheel... Links: Requirements- Component: com_hashcash - cryptographic facility for Mambo
- Component already using com_hashcash: com_akobook 3.42 and hashcash1.0 and com_akocomment 2.0 and hashcash 1.0
- Required prior to installation: com_log4php
Principe:Forcing the spammer to pay the price (computing power) before submitting rubish to Your homepage. The user will have to create a new cryptographic value of a hidden field (Javascript code provided) and that may take 1 to 2 seconds, but may be more with RSA 1024....
This also do not allow robot to easily sumbit code without parsing Your HTML page before... How It works in detailsThis code add a supplementary hidden field in all html form submitted to the user. - The hidden field name has a random name (Hname), each time different at each load of the page
- The hidden field value is a cryptographic hashcode (MD5, MD4 or RSA) value. (Hvalue), Hvalue = Crypt(UserSessionID + mosConfig_absolute_path + UserBrowserAgent + TodayDate(F j, Y, g a)) Crypt is the cryptographic PHP function: MD5, MD4 or RSA If the user want to submit a comment, the browser with the help of a small javascript will have to
- locate the hidden field name (Hname) with javascript: (function replace())
- rehash with MD5 the hidden field value (Hvalue) (it is time consuming)
and send everything back to server.
If the spammer do not follow the challenge, the comment wont be accepted....
You Can switch ON/OFF this feature in Admin control panel under the tab posting of component akocomment and akobook Configuring HashCashopen file /com_hashcash/settings.php with Your favorite text editor: | key in file | values | notes | | | $hashcash_use = 'md5' | 'md4','md5' or 'sha1' | md4, md5 or sha1 | | | $hashcash_debug | true/false | Will write all informations in page by from submit | | | $hashcash_log_active | true/false | Spams submission will be written to logs | | | $hashcash_log_all | true/false | Log accepted and refused post -> be careful with size of logs! | | | $hashcash_log_file | $GLOBALS['mosConfig_absolute_path'] . "/components/com_hashcash/hashcash.log" | Location of the logs file | | | $hashcash_Notify_Admin | true/false | Notify an administrator by email? | | | $hashcash_log_size | integer | each 64kb a mail will be sent to admin with the content of logs | | | $hashcash_AdminEmail | valid email | admin email | |
Note: An Administrator frontend will be shipped with release 1.0 
Protecting Your Mambo Forms against Spammers and Robots | php code send to the client (in the code where You create the form) | # include and instance of Object, in the portion of code where Hashcash is needed, note that I have here a strong reference to the algorithm...(Here MD5)
# This will be soon a factory
include($mosConfig_absolute_path.'/components/com_hashcash/plugins/md5/php/CodeInliner.php');
$MD5CodeInliner =& new MD5CodeInliner(true);... #Insert this JS (js1), the browser will use this js during submit to localize the random hidden field name, and encrypt its value
echo $MD5CodeInliner->insertHashCashJavascript(false);
... #Insert this code in your submit or validation JS method, this will call js1
echo $MD5CodeInliner->insertSubmitJavascript(); ... #add the hascash input field in Your form
echo $MD5CodeInliner->insertHiddenField($contentid); |
Verifying on the server in Your code that the user submission can be accepted| in the code where You validate and do somethig interesting with the submission | include($mosConfig_absolute_path.'/components/com_hashcash/HashcashChecker.php');
$HashcashChecker =& new HashcashChecker();$submission = $HashcashChecker->check($submission, $contentid); $commentIsAccepted = strlen($submission) != 0;
if ($commentIsAccepted)
{ ... } else |
Changelog:Real object model, abstract class and factory still missing...
|
Tags
