Tell me more ×
Code Review Stack Exchange is a question and answer site for peer programmer code reviews. It's 100% free, no registration required.
up vote 4 down vote favorite

Hii, with some advice from SO [see the details on my previous questions if you are interested] i developed the system, which i think is quite strong for bot to automatically post comment !
I'm posting my code so you can view it and post some valuable comments !!
Any kind of constructive suggestion is welcome :)

index.php 

<html>
<head>
<script type="text/javascript" src="jquery.js"></script>
<script>
function main()
{
 var str=$("#key").load("getToken.php",function (responseText) {
                                                 $("#key").val(responseText);
                                               }
      );
 setTimeout("main()", 100000);
}
</script>
</head>
 <body onload='main()'>
 <form name="f" action="poster.php" method="post">
  <input type="text" name="text"/><br>
  <input type="text" name="key" id="key" value=""/><br>
  <input type="submit">
 </form>
</body>
</html>

getToken.php

<?php
 $key=date("Y-m-d H:i:s");
 $hash=sha1($key.'mySecretKey');
 echo $key.'#'.$hash;
?>

poster.php

<?php
if (!isset($_POST['key']))
 exit;

$parts = explode('#',$_POST['key'],2);
$key = $parts[0];
$hash = $parts[1];

$date1 = $key;
$date2 = date("Y-m-d H:i:s");
$diff = abs(strtotime($date2) - strtotime($date1)); 
$years   = floor($diff / (365*60*60*24)); 
$months  = floor(($diff - $years * 365*60*60*24) / (30*60*60*24)); 
$days    = floor(($diff - $years * 365*60*60*24 - $months*30*60*60*24)/ (60*60*24));
$hours   = floor(($diff - $years * 365*60*60*24 - $months*30*60*60*24 - $days*60*60*24)/ (60*60)); 
$minuts  = floor(($diff - $years * 365*60*60*24 - $months*30*60*60*24 - $days*60*60*24 - $hours*60*60)/ 60); 
$seconds = floor(($diff - $years * 365*60*60*24 - $months*30*60*60*24 - $days*60*60*24 - $hours*60*60 - $minuts*60)); 

if ($seconds < 5)
 echo $seconds.' Too fast, must be a naughty bot <br>';
else if ($seconds>5 && $seconds < 600)
 echo $seconds.' In time <br>';
else
 echo $seconds.' time out <br>';

if ($hash == (sha1($key.'sou')))
 echo $_POST['text'];
else
 echo 'You are a bot !';
?>
share|improve this question

2 Answers

up vote 2 down vote accepted

365*60*60*24 should be a constant.

You should really improve your variable naming.

$date2 = date("Y-m-d H:i:s");

date2? Does that say anything? currentTime is more like it. Always describe what variables contain, not what they are.

Update

isn't $diff already the number of seconds?

Update2

Most part of the date/time checking could be rewritten to:

$seconds = time() - strtotime($key);
share|improve this answer
Yes, you are correct ! But anything else which can enhance the security or something like that ? – Sourav May 11 '11 at 10:04
the security part is fine – jgauffin May 11 '11 at 10:07
But i think a bad human can program a bot which gets the token fill it in a dummy form and submit. any way to stop that ? – Sourav May 11 '11 at 10:10
1  
if a bot visit getToken.php , he get the token and filled it in a hidden field named KEY, and submit the form :( – Sourav May 11 '11 at 11:45
1  
@Sourav: no you didn;t. – SkippyChalmers May 26 '11 at 13:03
show 3 more comments
up vote 1 down vote

Why are you using abs()?

Why are there a 6-7 lines of code to just get the number of seconds between each timestamp? Just use the diff between $_SERVER['REQUEST_TIME'] and whatever time is pulled out of the token.

If all you are doing is checking the speed of the submit, ie. between page load and subsequent submit of the form, then you don't need a fancy hashed token - and you definitely don't need any javascript! Just write in the page load time into a hidden field, or store it in a session and compare to the submit time.

Also, most bots disable javascript, so that invalidates your entire solution.

My advice: Sign up to askimet or another 3rd party spam service, roll your own spam detection library with a bunch of keywords / phrases.

Don't take this the wrong way - a good attempt & keep up the effort! :)

share|improve this answer
thnx SkippyChalmers :) – Sourav May 26 '11 at 14:35

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.