Merge pull request #10 from CleanTalk/sha256-algo-in-checkjs

Sha256 algo in checkjs

Author: ArtemAnoshin

README.md

@@ -2,7 +2,7 @@ php-uni
 =======
 [![Build Status](https://travis-ci.org/CleanTalk/php-uni.svg)](https://travis-ci.org/CleanTalk/php-uni)
 
-# Version 2.5.3
+# Version 2.5.4
 
 Module for any CMS
 ## Installation

cleantalk/cleantalk.php

@@ -8,7 +8,8 @@
 		return;
 	}
 
-	$apbct_checkjs_val = md5($apikey);
+    global $apbct_salt;
+    $apbct_checkjs_val = apbct_checkjs_hash($apikey, $apbct_salt);
 	global $apbct_checkjs_val;
 	global $antispam_activity_status;
 	if ($spam_firewall == 1) {

cleantalk/inc/admin.php

@@ -70,7 +70,7 @@ function install( $files, $api_key, $cms, $exclusions ){
 function install_config( $modified_files, $api_key, $cms, $exclusions ){
 
     $path_to_config = CLEANTALK_ROOT . 'config.php';
-    $salt = str_pad(rand(0, getrandmax()), 6, '0').str_pad(rand(0, getrandmax()), 6, '0');
+    $apbct_salt = str_pad(rand(0, getrandmax()), 6, '0').str_pad(rand(0, getrandmax()), 6, '0');
     // Attention. Backwards order because inserting it step by step
 
     $pass = 'NO PASS';
@@ -119,8 +119,8 @@ function install_config( $modified_files, $api_key, $cms, $exclusions ){
         );
     }
 
-    File::inject__variable( $path_to_config, 'salt', $salt );
-    File::inject__variable( $path_to_config, 'security', hash( 'sha256', '0(o_O)0' . $salt ) );
+    File::inject__variable( $path_to_config, 'salt', $apbct_salt );
+    File::inject__variable( $path_to_config, 'security', hash( 'sha256', '0(o_O)0' . $apbct_salt ) );
     File::inject__variable( $path_to_config, 'modified_files', $modified_files, true );
     if( $exclusions )
         File::inject__variable( $path_to_config, 'exclusions', $exclusions, true );
@@ -215,6 +215,9 @@ function detect_cms( $path_to_index, $out = 'Unknown' ){
             $out = 'ShopScript';
         if (preg_match('/(DATALIFEENGINE.*?)/', $index_file))
             $out = 'DLE';
+        // CsCart
+        if (preg_match('/(Kalynyak.*?)/', $index_file))
+            $out = 'cscart';
     }
 
 	return $out;
@@ -235,3 +238,29 @@ function apbct__plugin_update_message() {
         echo '<p class="text-center">You are using the latest version '. APBCT_VERSION . '</p>';
     }
 }
+
+/**
+ * Print Block with CSCart Js Snippet
+ */
+function apbct__cscart_js_snippet() {
+    global $apikey, $apbct_salt, $detected_cms;
+    
+    // Only for CsCart
+    if ($detected_cms != 'cscart') return;
+    
+    $apbct_checkjs_hash = apbct_checkjs_hash($apikey, $apbct_salt);
+    ?>
+    
+    <div class="highlight">
+        <h4>Add this code to all pages of the site (use the basic template). Detailed instruction is <a href="https://blog.cleantalk.org/protecting-cs-cart-website-from-spam/">here</a></h4>
+        <pre tabindex="0" class="chroma">
+            <code class="language-html" data-lang="html">
+                &lt;script&gt;var apbct_checkjs_val="<?= $apbct_checkjs_hash; ?>";&lt;/script&gt;
+                &lt;script src="/cleantalk/js/ct_js_test.js"&gt;&lt;/script&gt;
+                &lt;script src="/cleantalk/js/ct_js_test.js"&gt;&lt;/script&gt;
+            </code>
+        </pre>
+    </div>
+
+    <?php
+}

cleantalk/inc/common.php

@@ -1,7 +1,7 @@
 <?php
 
 define('APBCT_PLUGIN', 'uni');
-define('APBCT_VERSION', '2.5.3');
+define('APBCT_VERSION', '2.5.4');
 define('APBCT_AGENT', APBCT_PLUGIN . '-' . str_replace( '.', '', APBCT_VERSION ) );
 define('APBCT_USER_AGENT', 'Cleantalk-Antispam-Universal-Plugin/' . APBCT_VERSION);
 
@@ -36,3 +36,10 @@ function apbct_restore_include_path(){
 	require_once CLEANTALK_ROOT . 'inc' . DS . 'cron_functions.php'; // File with cron wrappers
 	$cron->runTasks();
 unset( $cron );
+
+/**
+ * Generate value for checking JS
+ */
+function apbct_checkjs_hash($apikey, $salt) {
+    return hash('sha256', $apikey . $salt);
+}

cleantalk/inc/functions.php

@@ -446,9 +446,12 @@ function apbct_obfuscate_param($value = null)
 	 * return null|0|1;
 	 */
 	 function apbct_js_test(){
-		 global $apikey;
+		 global $apikey, $apbct_salt, $detected_cms;
 		 if(isset($_COOKIE['apbct_checkjs'])){
-			if($_COOKIE['apbct_checkjs'] == md5($apikey))
+			if(
+                $_COOKIE['apbct_checkjs'] == apbct_checkjs_hash($apikey, $apbct_salt) ||
+                ($detected_cms === 'cscart' && $_COOKIE['apbct_checkjs'] == md5($apikey))
+            )
 				return 1;
 			else
 				return 0;

cleantalk/lib/Cleantalk/ApbctUni/SFW.php

@@ -79,10 +79,10 @@ public function logs__update($ip, $result) {
 		if($ip === NULL || $result === NULL)
 			return;
 
-		global $salt;
+		global $apbct_salt;
 
 		$time = time();
-		$log_path = CLEANTALK_ROOT . 'data/sfw_logs/'. hash('sha256', $ip . $salt) .'.log';
+		$log_path = CLEANTALK_ROOT . 'data/sfw_logs/'. hash('sha256', $ip . $apbct_salt) .'.log';
 
 		if( file_exists( $log_path ) ){
 

cleantalk/lib/Cleantalk/Updater/Updater.php

@@ -308,4 +308,15 @@ private function rollback(){
 		}else
 			return false;
 	}
+
+    /**
+     * Update 2.5.3
+     */
+    function update_to_2_5_3()
+    {
+        global $apikey, $apbct_salt;
+
+        File::clean__variable(CLEANTALK_CONFIG_FILE, 'apbct_salt');
+        File::inject__variable(CLEANTALK_CONFIG_FILE, 'apbct_salt', apbct_checkjs_hash($apikey, $apbct_salt));
+    }
 }

cleantalk/settings.php

@@ -290,6 +290,11 @@
         </form>
 
         <?php
+        /**
+         * CsCart JS Snippet
+         */
+        apbct__cscart_js_snippet();
+
         /**
          * Plugin version section
          */