The following patch has a number of improvements and fixes that I made in order to use honeypot on drupal.org (see #1759272: Test honeypot module on http://drupal.org).

To make Neil happy, these need to at least partially find their way into a released version and the D7 upgrade.

Unfortunately, this all-in-one but I can explain all the changes.

CommentFileSizeAuthor
#14 various_improvements_d7-1774150-14.patch8.12 KBgeerlingguy
#12 various_improvements_d7-1774150-12.patch7.48 KBgeerlingguy
#10 various_improvements_d7-1774150-10.patch7.48 KBgeerlingguy
#6 various_improvements-1774150-6.patch6.6 KBgeerlingguy
#6 interdiff.txt6.66 KBgeerlingguy
#3 various_improvements-1774150-1.patch5.89 KBkilles@www.drop.org
#1 various_improvements-1774150-1.patch5.89 KBkilles@www.drop.org
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

killes@www.drop.org’s picture

killes@www.drop.org CreditAttribution: killes@www.drop.org commented
FileSize
various_improvements-1774150-1.patch5.89 KB

and now: the patch

killes@www.drop.org’s picture

killes@www.drop.org CreditAttribution: killes@www.drop.org commented
Status: Active » Needs work 
+++ b/honeypot.admin.inc
@@ -96,6 +96,16 @@ function honeypot_admin_form($form) {
+

The above code adds support for profile module. Not much to say. I've found that the "protect" all forms setting doesn't work well on drupal.org as it has too many that are exposed to anon users.

+++ b/honeypot.install
@@ -41,3 +44,60 @@ function honeypot_update_6100() {
+

The above code adds a table to track failed submissions by registered users. 

+++ b/honeypot.install
@@ -41,3 +44,60 @@ function honeypot_update_6100() {
+

Schema definition for installation time. I didn't test it on a fresh install.

+++ b/honeypot.module
@@ -45,6 +45,9 @@ function honeypot_form_alter(&$form, &$form_state, $form_id) {

I've added three forms that IMO shouldn't be protected. I am ok with not havign this submitted.

+++ b/honeypot.module
@@ -72,6 +75,13 @@ function honeypot_form_alter(&$form, &$form_state, $form_id) {
+

The cronjob removes faied submit events from the table. The expiration time is fairly conservative. There is no UI for it.

+++ b/honeypot.module
@@ -183,12 +193,14 @@ function _honeypot_time_restriction_validate($form, &$form_state) {

I made the time limit stuff a bit more flexible.

+++ b/honeypot.module
@@ -183,12 +193,14 @@ function _honeypot_time_restriction_validate($form, &$form_state) {
+    $time_limit = honeypot_get_time_limit();

The time limit got possibly increased, we need to get the new one to display it to the user. 

+++ b/honeypot.module
@@ -183,12 +193,14 @@ function _honeypot_time_restriction_validate($form, &$form_state) {
+    $form_state['values']['honeypot_time'] = time();

This IMO fixes a bug: the counter would count from the first time the form was created. This change resets the creation time during validation.

+++ b/honeypot.module
@@ -204,6 +216,7 @@ function _honeypot_time_restriction_validate($form, &$form_state) {
+  honeypot_log_failure();

Log the failure of submission.

+++ b/honeypot.module
@@ -213,3 +226,33 @@ function _honeypot_log($form_id, $type) {
+    $number = db_result(db_query("SELECT COUNT(*) FROM {honeypot_user} WHERE uid = %d", $user->uid));

Gets the number of failed submissions of this user.

+++ b/honeypot.module
@@ -213,3 +226,33 @@ function _honeypot_log($form_id, $type) {
+    $number = db_result(db_query("SELECT COUNT(*) FROM {flood} WHERE event = '%s' AND hostname = '%s' AND timestamp > %d", 'honeypot', ip_address(), time() - variable_get('honeypot_expire', 300)));

For anon users we use the flood table and get the events by IP.

+++ b/honeypot.module
@@ -213,3 +226,33 @@ function _honeypot_log($form_id, $type) {
+  return variable_get('honeypot_time_limit', 5) + (int) exp($number);

I am increasing the time needed exponentially. This sounds worse than it really is:

the default cron config will delete events after 5 minutes

the first failure will increase time by 1 second, the 2nd by 7, the 3rd by 20, the 4th by 54. Above that it's your own fault.

+++ b/honeypot.module
@@ -213,3 +226,33 @@ function _honeypot_log($form_id, $type) {
+function honeypot_log_failure() {

Log the events.

killes@www.drop.org’s picture

killes@www.drop.org CreditAttribution: killes@www.drop.org commented
FileSize
various_improvements-1774150-1.patch5.89 KB

without the whitespace issue.

killes@www.drop.org’s picture

killes@www.drop.org CreditAttribution: killes@www.drop.org commented
Status: Needs work » Needs review

review please

geerlingguy’s picture

geerlingguy CreditAttribution: geerlingguy commented

Woah, thanks! I'll take a look at these changes asap, and will also work to forward-port what I can so the D7 branch has feature-parity with D6.

geerlingguy’s picture

geerlingguy CreditAttribution: geerlingguy commented
FileSize
interdiff.txt6.66 KB
various_improvements-1774150-6.patch6.6 KB

Attached patch changes a few comments for consistency, and incorporates a few more changes/fixes:

  • drupal_install_schema() needs to have module name (not table name) passed in.
  • If honeypot_time_limit is set to 0, the time limit functionality should be disabled altogether (the new honeypot_get_time_limit() function could've still returned a value in some circumstances, even if the time limit feature was turned off.

I've tested everything on my local site, and everything works great. Also, I think in the D7 version of the module, the search form and a few other simple forms were added in—I must've just forgotten to add them in D6.

Please review this patch (interdiff also attached) and see if you like it. I'll commit and add a new release after someone else puts a fresh set of eyes on it :)

killes@www.drop.org’s picture

killes@www.drop.org CreditAttribution: killes@www.drop.org commented
Status: Needs review » Reviewed & tested by the community

Thanks, this looks good!

I may come up with more improvements as we test drive this on d.o.

geerlingguy’s picture

geerlingguy CreditAttribution: geerlingguy commented
Status: Reviewed & tested by the community » Patch (to be ported)

Patch applied to D6 dev branch: http://drupalcode.org/project/honeypot.git/commit/3e50f7a. Changes need to be ported to D7 now. I'll try to work on this later today if I can get a few minutes.

geerlingguy’s picture

geerlingguy CreditAttribution: geerlingguy commented
Version: 6.x-1.x-dev » 7.x-1.x-dev
geerlingguy’s picture

geerlingguy CreditAttribution: geerlingguy commented
Status: Patch (to be ported) » Needs review
FileSize
various_improvements_d7-1774150-10.patch7.48 KB

A few things needed reworking (notably, the database queries and install file), but this should be functionally equivalent, and it doesn't require any additional D6->D7 upgrades, since form IDs for profile don't change.

Status: Needs review » Needs work

The last submitted patch, various_improvements_d7-1774150-10.patch, failed testing.

geerlingguy’s picture

geerlingguy CreditAttribution: geerlingguy commented
Status: Needs work » Needs review
FileSize
various_improvements_d7-1774150-12.patch7.48 KB

Try again (testbot rocks!).

Status: Needs review » Needs work

The last submitted patch, various_improvements_d7-1774150-12.patch, failed testing.

geerlingguy’s picture

geerlingguy CreditAttribution: geerlingguy commented
Status: Needs work » Needs review
FileSize
various_improvements_d7-1774150-14.patch8.12 KB

Ah, had to update the test too, since the time amount is variable.

geerlingguy’s picture

geerlingguy CreditAttribution: geerlingguy commented
Status: Needs review » Fixed

Committed: http://drupalcode.org/project/honeypot.git/commit/4bb04f5

I just tested a few things manually on my local site too, and didn't see any problems with update.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

Anonymous’s picture

(not verified) CreditAttribution: commented
Issue summary: View changes

Added issue link.