Adding in the beginnins of spam protection tools.

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/trunk@39379 467b73ca-7a2a-4603-9d3b-597d59a354a9

code/sitefeatures/MathSpamProtection.php

@@ -0,0 +1,59 @@
+<?php
+/**
+ * Tools for adding an optional protection question to a form.
+ * Remember to add MathSpamProtection::enabled(true); to _config.php for this question to be added to the comments form.
+ */
+class MathSpamProtection {
+
+	private static $mathProtection = false;
+	
+	static function isEnabled() {
+		return (self::$mathProtection != null) ? true : false;
+	}
+	
+	static function enabled($math = true) {
+		MathSpamProtection::$mathProtection = $math;
+	}
+	
+	/**
+	 * Creates the question from random variables, which are also saved to the session.
+	 */
+	static function getMathQuestion(){
+		if(!Session::get("mathQuestionV1")&&!Session::get("mathQuestionV2")){
+			$v1 = rand(1,9);
+			$v2 = rand(1,9);
+			Session::set("mathQuestionV1",$v1);
+			Session::set("mathQuestionV2",$v2);
+		}
+		else{
+			$v1 = Session::get("mathQuestionV1");
+			$v2 = Session::get("mathQuestionV2");
+		}
+		return "What is ".MathSpamProtection::digitToWord($v1)." plus ".MathSpamProtection::digitToWord($v2)."?";
+	}
+	
+	/**
+	 * Checks the given answer if it matches the addition of the saved session variables. Users can answer using words or digits.
+	 */
+	static function correctAnswer($answer){
+		$v1 = Session::get("mathQuestionV1");
+		$v2 = Session::get("mathQuestionV2");
+		return (MathSpamProtection::digitToWord($v1 + $v2) == $answer || ($v1 + $v2) == $answer) ? true : false;	
+	}
+	
+	/**
+	 * Helper method for converting digits to their equivelant english words
+	 */
+	static function digitToWord($num){
+		$numbers = array("zero","one","two","three","four","five","six","seven","eight","nine",
+										"ten","eleven","twelve","thirteen","fourteen","fifteen","sixteen","seventeen","eighteen");									
+			if($num < 0){
+				return "minus ".($numbers[-1*$num]);
+			}
+		//TODO: add checking or return null for bad value??
+			return $numbers[$num];
+	}
+	
+	
+}
+?>

code/sitefeatures/PageCommentInterface.php

@@ -30,12 +30,22 @@ class PageCommentInterface extends ViewableData {
 		Requirements::javascript('jsparty/scriptaculous/effects.js');
 		Requirements::javascript('cms/javascript/PageCommentInterface.js');
 		
-		$form = new PageCommentInterface_Form($this->controller, $this->methodName . ".PostCommentForm", new FieldSet(
-			new HiddenField("ParentID", "ParentID", $this->page->ID),
-			new TextField("Name", "Your name"),
-			new TextareaField("Comment", "Comments")
 		
-		), new FieldSet(
+		$fields = new FieldSet(
+			new HiddenField("ParentID", "ParentID", $this->page->ID),
+			new TextField("Name", "Your name")
+		);	
+		if(MathSpamProtection::isEnabled()){
+			$fields->push(new TextField("Math","Spam protection question: ".MathSpamProtection::getMathQuestion()));
+		}				
+		
+		if(CaptchaSpamProtection::isEnabled()){
+			$fields->push(new TextField("Captcha",CaptchaSpamProtection::getImage()."<br /><br />Please copy down the text from the image above"));
+		}		
+		
+		$fields->push(new TextareaField("Comment", "Comments"));
+		
+		$form = new PageCommentInterface_Form($this->controller, $this->methodName . ".PostCommentForm",$fields, new FieldSet(
 			new FormAction("postcomment", "Post")
 		));
 		
@@ -102,6 +112,20 @@ class PageCommentInterface_Form extends Form {
 			}
 		}
 		
+		//check if spam question was right.
+		if(MathSpamProtection::isEnabled()){		
+			if(!MathSpamProtection::correctAnswer($data['Math'])){
+				echo "<div class='BlogError'><p>You got the spam protection question wrong.</p></div>";
+				return;
+			}
+		}
+		
+		if(CaptchaSpamProtection::isEnabled()){		
+			if(!CaptchaSpamProtection::correctAnswer($data['Captcha'])){
+				echo "<div class='BlogError'><p>You got the captcha protection question wrong.</p></div>";
+				return;
+			}
+		}
 		
 		Cookie::set("PageCommentInterface_Name", $data['Name']);