User developer guide of the cryptographic component framework for Mambo: com_hashcash
A version 1.0 will be release soon....GNU/GPL
@copyright (C) 2005 Walter Cedric for Mambo Integration
@license http://www.gnu.org/copyleft/gpl.html GNU/GPL
3rd partly PHP
- MD5/RSA/SHA1 part of PHP language.
- Plugin Name: WordPress Hashcash Manual Version
- Plugin URI: http://dev.wp-plugins.org/wiki/wp-hashcash
- Description: This is a manual version of wp-hashcash.
- Author: Matt Mullenweg, Elliott Back
- Author URI:
- Hat tips:
C.S. - http://www.cimmanon.org/
Gene Shepherd - http://www.imporium.org/
John F. - www.stonegauge.com
Magenson - http://blog.magenson.de/
Matt Mullenweg - http://photomatt.net/
Matt Warden - http://www.mattwarden.com/
Paul Andrew Johnston - http://pajhome.org.uk/crypt/md5/
Kudo to all developer above! Thanks to GPL I do not have to reinvent the wheel...
- Component: com_hashcash - cryptographic facility for Mambo
- Component already using com_hashcash: com_akobook 3.42 and hashcash1.0 and com_akocomment 2.0 and hashcash 1.0
- Required prior to installation: com_log4php
This also do not allow robot to easily sumbit code without parsing Your HTML page before...
How It works in details
This code add a supplementary hidden field in all html form submitted to the user.
- The hidden field name has a random name (Hname), each time different at each load of the page
- The hidden field value is a cryptographic hashcode (MD5, MD4 or RSA) value. (Hvalue),
Hvalue = Crypt(UserSessionID + mosConfig_absolute_path + UserBrowserAgent + TodayDate(F j, Y, g a))
Crypt is the cryptographic PHP function: MD5, MD4 or RSA
- rehash with MD5 the hidden field value (Hvalue) (it is time consuming)
and send everything back to server.
If the spammer do not follow the challenge, the comment wont be accepted....
You Can switch ON/OFF this feature in Admin control panel under the tab posting of component akocomment and akobook
open file /com_hashcash/settings.php with Your favorite text editor:
|key in file||values||notes|
|$hashcash_use = 'md5'||'md4','md5' or 'sha1'||md4, md5 or sha1|
|$hashcash_debug||true/false||Will write all informations in page by from submit|
|$hashcash_log_active||true/false||Spams submission will be written to logs|
|$hashcash_log_all||true/false||Log accepted and refused post -> be careful with size of logs!|
|$hashcash_log_file||$GLOBALS['mosConfig_absolute_path'] . "/components/com_hashcash/hashcash.log"||Location of the logs file|
|$hashcash_Notify_Admin||true/false||Notify an administrator by email?|
|$hashcash_log_size||integer||each 64kb a mail will be sent to admin with the content of logs|
|$hashcash_AdminEmail||valid email||admin email|
Note: An Administrator frontend will be shipped with release 1.0
Protecting Your Mambo Forms against Spammers and Robots
|php code send to the client (in the code where You create the form)|
|# include and instance of Object, in the portion of code where Hashcash is needed, note that I have here a strong reference to the algorithm...(Here MD5)|
# This will be soon a factory
$MD5CodeInliner =& new MD5CodeInliner(true);
Insert this JS (js1), the browser will use this js during submit to localize the random hidden field name, and encrypt its value
Insert this code in your submit or validation JS method, this will call js1
add the hascash input field in Your form
Verifying on the server in Your code that the user submission can be accepted
|in the code where You validate and do somethig interesting with the submission|
$HashcashChecker =& new HashcashChecker();
$submission = $HashcashChecker->check($submission, $contentid);
$commentIsAccepted = strlen($submission) != 0;
Real object model, abstract class and factory still missing...