diff --git a/badbot.install b/badbot.install index 80676ad..1faad0c 100644 --- a/badbot.install +++ b/badbot.install @@ -8,7 +8,17 @@ * Implements hook_install(); */ function badbot_install() { - variable_set('badbot_forms_salt', md5(time() . mt_rand(0, 30))); + variable_set('badbot_forms_salt', user_password(30)); + $forms = array( + 'exact' => array( + 'contact_site_form', + 'user_register_form', + ), + 'pattern' => array( + 'comment_node_.*', + ), + ); + variable_set('badbot_forms_ids', $forms); } /** @@ -16,5 +26,22 @@ function badbot_install() { */ function badbot_uninstall() { variable_del('badbot_forms_salt'); + variable_del('badbot_forms_ids'); +} + +/** + * Implements hook_update_N(). + */ +function badbot_update_7101() { variable_del('badbot_forms_user_registration'); -} \ No newline at end of file + $forms = array( + 'exact' => array( + 'contact_site_form', + 'user_register_form', + ), + 'pattern' => array( + 'comment_node_.*', + ), + ); + variable_set('badbot_forms_ids', $forms); +} diff --git a/badbot.module b/badbot.module index 91c2c71..16a0656 100644 --- a/badbot.module +++ b/badbot.module @@ -1,4 +1,11 @@ 'Badbot', + 'description' => 'Configuration page for Badbot module', 'page callback' => 'badbot_settings', 'access arguments' => array('administer badbot'), ); @@ -52,50 +60,74 @@ function badbot_permission() { * Implements hook_form_alter(); */ function badbot_form_alter(&$form, &$form_state, $form_id) { - $form_ids = &drupal_static(__FUNCTION__); - - if (!isset($form_ids)) { - $form_ids = array(); + $forms = variable_get('badbot_forms_ids', FALSE); + $valid = FALSE; + + if (isset($forms['all'])) { + $valid = TRUE; + } + elseif (in_array($form_id, $forms['exact'])) { + $valid = TRUE; + } + elseif ($forms['pattern']) { + foreach ($forms['pattern'] as $key => $value) { + if (preg_match('`^' . $value . '$`', $form_id)) { + $valid = TRUE; + break; + } + } } - if ($form_id == 'user_register_form' && variable_get('badbot_forms_user_registration', FALSE) && variable_get('badbot_forms_salt', FALSE)) { - // name of the field which will be used as content for token generation - $field = 'mail'; - $validation_field = $field . '_validate'; + if ($valid && variable_get('badbot_forms_salt', FALSE)) { // include our core JS - drupal_add_js(drupal_get_path('module', 'badbot') . '/js/badbot.js'); + drupal_add_js(drupal_get_path('module', 'badbot') . '/js/badbot.js'); + + $form['badbot_wrapper'] = array( + '#type' => 'fieldset', + '#title' => t('Badbot Fields'), + '#description' => t('If you see these fields, something is wrong.'), + '#attributes' => array( + 'class' => array('element-hidden'), + ), + ); // create validation field which will be populated with the token upon form submission; - // this field is hidden from view, so normal users will never see it - $form[$validation_field] = array( - '#type' => 'textfield', - '#prefix' => '
', - ); - - // track the names of our field and validation field in $form_state so we can identify - // them in the validation handler - $form_state['badbot']['field'] = $field; - $form_state['badbot']['validation_field'] = $validation_field; + // this field is hidden from view, so normal users will never see it. + $form['badbot_wrapper'][BADBOT_FIELD] = array( + '#type' => 'textfield', + '#default_value' => user_password(), + '#title' => t('Badbot seed'), + '#description' => t('If you see this field, something is wrong.'), + ); + $form['badbot_wrapper'][BADBOT_VALIDATION_FIELD] = array( + '#type' => 'textfield', + '#title' => t('badbot hash'), + '#description' => t('If you see this field, something is wrong.'), + ); + $form['badbot_wrapper']['last_name'] = array( + '#type' => 'textfield', + '#title' => t('Badbot catch'), + '#description' => t('If you see this field, something is wrong.'), + ); // track our form id & relevant fields and save to Drupal.settings for access from our - // core JS - $form_ids[] = array( - 'form_id' => $form['#id'], - 'field' => $field, - 'validation_field' => str_replace('_', '-', $validation_field), - ); - - drupal_add_js(array( - 'badbot' => array( - 'base_path' => url('', array('absolute' => TRUE)), - 'forms' => $form_ids, - ), - ), 'setting'); - - // validation handler to check the token - $form['#validate'][] = 'badbot_form_validate'; + // core JS. + $form_ids[] = array( + 'form_id' => $form['#id'], + 'field' => BADBOT_FIELD, + 'validation_field' => BADBOT_VALIDATION_FIELD, + ); + + drupal_add_js(array( + 'badbot' => array( + 'base_path' => url('', array('absolute' => TRUE)), + 'forms' => $form_ids, + ), + ), 'setting'); + + // validation handler to check the token. + $form['#validate'][] = 'badbot_form_validate'; } } @@ -107,10 +139,8 @@ function badbot_form_alter(&$form, &$form_state, $form_id) { * Callback for /admin/config/system/badbot */ function badbot_settings() { - $form = drupal_get_form('badbot_settings_form'); - - $output = drupal_render($form); - + $output = array(); + $output[] = drupal_get_form('badbot_settings_form'); return $output; } @@ -141,63 +171,98 @@ function badbot_js_token($field_data, $return = FALSE) { * @return [type] [description] */ function badbot_settings_form($form, &$form_state) { - $form['badbot'] = array( - '#type' => 'vertical_tabs', + $form['badbot_forms_salt'] = array( + '#title' => t('Salt'), + '#type' => 'textfield', + '#description' => t("This salt is used during the field hashing process. A salt had been genererated + for you when the module was installed, but you're free to change it. If you + don't know the consenquences of changing this value, it's best to leave it alone.") . + ' ' . t('Do not disclose this value to anyone. Treat it as you would a password.') . '' , + '#default_value' => variable_get('badbot_forms_salt'), ); - - $form['badbot']['forms'] = array( - '#title' => t('Forms'), - '#type' => 'fieldset', - '#description' => t('Enable JavaScript detection on select forms.') . '