Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Using CodeIgniter Libraries & Helpers Anti spam honey pot
Anti spam honey pot
  • Offline peterm87
    Newbie
  • *
  • Posts: 2
    Threads: 0
    Joined: Mar 2016
    Reputation: 0
#11
03-30-2016, 12:16 PM

Greet addon! Some bots can get through the CSRF protection in some way, so this is a nice extra security for bots. I had some issues with our excluded CSRF URIs so I fix this by adding the following core code to the function honey_pot_verify in MY_Security.php:

PHP Code:
// Check if URI has been whitelisted from CSRF checks
if ($exclude_uris config_item('csrf_exclude_uris'))
{
    $uri load_class('URI''core');
    foreach ($exclude_uris as $excluded)
    {
        if (preg_match('#^'.$excluded.'$#i'.(UTF8_ENABLED 'u' ''), $uri->uri_string()))
        {
            return $this;
        }
    }


So this is new function code:

PHP Code:
public function honey_pot_verify()
{
    // If it's not a POST request, set the honey pot and return
    if (strtoupper($_SERVER['REQUEST_METHOD']) !== 'POST') {
        return $this->_spam_protection_set_honey_pot();
    }
    
    // Check if URI has been whitelisted from CSRF checks
    if ($exclude_uris config_item('csrf_exclude_uris'))
    {
        $uri load_class('URI''core');
        foreach ($exclude_uris as $excluded)
        {
            if (preg_match('#^'.$excluded.'$#i'.(UTF8_ENABLED 'u' ''), $uri->uri_string()))
            {
                return $this;
            }
        }
    }

    // It's a post, get the stored token name to use with the available $_POST data
    $this->_honey_pot_token_name $_COOKIE[$this->_honey_pot_name];
    
    // Do the tokens exist in the _POST
    if (!isset($_POST[$this->_honey_pot_token_name]) OR strlen($_POST[$this->_honey_pot_token_name]) > 0// Is the honey pot empty?
    {
        // Log a clear error, but don't print clear honey pot errors to screen
        log_message('error''The honey pot was invalid OR not empty!');
        $this->csrf_show_error();
    }
    
    // We kill this since we're done and we don't want to polute the _POST array
    unset($_POST[$this->_honey_pot_token_name]);
    
    // Nothing should last forever
    unset($_COOKIE[$this->_honey_pot_name]);
    $this->_honey_pot_token_name NULL;

    $this->_spam_protection_set_honey_pot();
    
    log_message('info''Honey pot verified');
    return $this;

Reply


Messages In This Thread
Anti spam honey pot - by Martin7483 - 09-30-2015, 03:28 AM
RE: Anti spam honey pot - by ignitedcms - 10-01-2015, 10:52 AM
RE: Anti spam honey pot - by Martin7483 - 10-08-2015, 07:48 AM
RE: Anti spam honey pot - by ardavan - 12-19-2015, 08:20 PM
RE: Anti spam honey pot - by skunkbad - 12-19-2015, 10:06 PM
RE: Anti spam honey pot - by Martin7483 - 12-19-2015, 11:26 PM
RE: Anti spam honey pot - by Diederik - 12-20-2015, 08:00 AM
RE: Anti spam honey pot - by includebeer - 12-20-2015, 04:25 PM
RE: Anti spam honey pot - by Martin7483 - 12-22-2015, 04:57 AM
RE: Anti spam honey pot - by ardavan - 02-29-2016, 05:35 AM
RE: Anti spam honey pot - by peterm87 - 03-30-2016, 12:22 PM
RE: Anti spam honey pot - by peterm87 - 03-30-2016, 12:16 PM
RE: Anti spam honey pot - by Martin7483 - 04-07-2016, 07:12 AM
RE: Anti spam honey pot - by Martin7483 - 06-20-2017, 04:58 AM
RE: Anti spam honey pot - by jj.ranran225566 - 07-10-2022, 12:08 AM



Theme © iAndrew 2016 - Forum software by © MyBB