<?php
$encrypt_key = md5('RANDOM_STRING_OF_TEXT_HERE_WITH_NO_SPACES'.date('z'));
$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_TWOFISH, MCRYPT_MODE_ECB), MCRYPT_RAND);
?>
<input type="hidden" name="hash0" value="<?=bin2hex($iv)?>">
<input type="hidden" name="hash1" value="<?=bin2hex(mcrypt_encrypt(MCRYPT_TWOFISH, $encrypt_key, time(), MCRYPT_MODE_CBC, $iv))?>">
<?php
//USE THIS WHEN PROCESSING THE FORM
### additional spam checks ###
$huzzah = "WEASSUMESPAM";
$encrypt_key = md5($_POST['eK'].date('z'));
$iv = $_POST['hash0'];
$hash1 = $_POST['hash1'];
if ($iv == '') {
print('Error: You are not authorized to do that');
exit;
} else if ($hash1 == '') {
print('Error: You are not authorized to do that');
exit;
} else {
$post_time = mcrypt_decrypt(MCRYPT_TWOFISH, $encrypt_key, pack('H*', $hash1), MCRYPT_MODE_CBC, pack('H*', $iv));
}
if ($post_time == '') {
print('Error: You are not authorized to do that');
exit;
} else if (is_numeric($post_time)) {
print('Error: You are not authorized to do that');
exit;
} else if (time() - $post_time > 60*1000000000) {
print('Error: Your session has expired, please go back and try again.');
exit;
} else if (time() - $post_time < 0) {
print('Error: You are not authorized to do that');
exit;
} else if (time() - $post_time < 5) {
print('Error: You are not authorized to do that');
exit;
} else {
### spam check passed.... proceed with processing ###
$huzzah = "TRUE";
}
?>