# Copyright (c) 2005, James Seng. (http://james.seng.cc/)
# This code is released under the Artistic License.
#
# TrackbackAntiSpam v0.1a
#
# The way this works is fairly simple - if the incoming ping does not
# comes from the ip specified by the URL, rejects it. For example,
# if the trackback from url  http://online-poker.psxtreme.com/
# but comes from 194.63.235.156, then it is a likely to be a spam.
# because online-poker.psxtreme.com does not resolved to 194.63.235.156
#
# Pitfalls
# - this does not stop spammers from sending trackback spams from their
#   own hosts
# - this may reject legit trackback if it is not send from their
#   blog-engine (e.g. blogging client)
#
# INSTALL (tested only on MT-3.15)
# 1) drop this file into your plugins/ directory
# 2) make sure the file is executable, ie chmod 755 TrackbackAntiSpam.pl

use MT;
use MT::Plugin;

# 0 - use TBPingFilter hook,  1 - use trackback::ping hook
# TBPingFilter hook is preferred because it is friendlier
my $hook = 0;   

# 1 - moderate rejects, 0 - denied rejects
# can we do trackback moderation in MT 3.x?
# my $action = 1;    # 1 - moderate, 0 - denied 

my $debug = 0;

$plugin = new MT::Plugin();
$plugin->name("James Seng's Trackback Antispam v0.1");
$plugin->description('Trackback Antispam Plugin for Movabletype');

MT->add_plugin($plugin);
MT->add_callback('TBPingFilter', 2, $plugin, \&tbas_ping_filter) if (!$hook);

{
    local $SIG{__WARN__} = sub {};
    glob $tbas_mt_trackback_ping = \&MT::App::Trackback::ping;
    *MT::App::Trackback::ping = \&tbas_ping_handler if ($hook);
}

sub tbas_ping_filter {
    my ($eh, $app, $ping) = @_;
    my $hostname = $ping->source_url;

    return 1 if (tbas_check($hostname));
    #if ($action) {
    #    $ping->visible(0);
    #    return 1;
    #} 
    return 0;
}

sub tbas_ping_handler {
    my $app = shift;
    my $hostname = $app->{query}->param('url');

    return &$tbas_mt_trackback_ping($app) if (tbas_check($hostname));

    $app->add_methods(ping => sub { 1; });
    my $output = $app->_response(Error => $app->translate("Trackback denied"));
    return $output;
}

sub tbas_check {;
    my ($hostname) = @_;
    my $remote_ip = $ENV{'REMOTE_ADDR'};

    $hostname =~ s/^.*\:\/\/([^\/]+).*/$1/;
    $hostname =~ s/^.*\@(.*)$/$1/ if ($hostname =~ /\@/);
    $hostname =~ s/^(.*)\:.*$/$1/ if ($hostname =~ /\:/);
        
    my ($name,$aliases,$addrtype,$length,@ips) = gethostbyname $hostname;
    print "X-Debug-Remote: ".$ENV{'REMOTE_ADDR'}."\n" if ($debug);
    print "X-Debug-Hostname: ".$hostname."\n" if ($debug);
    foreach my $ip (@ips) {
        print "X-Debug-IP: ".join('.',unpack('C4',$ip))."\n";
        return 1 if ($remote_ip eq join('.',unpack('C4',$ip)));
    }
    return 0;
}

1;