From 66636df70277ddf33b0ad43b74eccb020542f69d Mon Sep 17 00:00:00 2001
From: towards-a-new-leftypol <paul_cockshott@protonmail.com>
Date: Fri, 19 Jul 2024 15:40:25 -0400
Subject: [PATCH] anti-bot: do not flag missing hash values as spam

---
 inc/anti-bot.php | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/inc/anti-bot.php b/inc/anti-bot.php
index faa34ee0..278a07a3 100644
--- a/inc/anti-bot.php
+++ b/inc/anti-bot.php
@@ -295,13 +295,19 @@ function checkSpam(array $extra_salt = array()) {
   #print_err("checkSpam start");
   $extra_salt_orig = $extra_salt;
 
+  /*
   if (!isset($_POST['hash'])) {
     print_err("checkSpam: _POST array doesn't have key 'hash', check failed.");
     dumpVars($extra_salt_orig);
     return true;
   }
+  */
 
-  $hash = $_POST['hash'];
+  if (isset($_POST['hash'])) {
+    $hash = $_POST['hash'];
+  } else {
+    $hash = "";
+  }
 
   if (!empty($extra_salt)) {
     // create a salted hash of the "extra salt"
@@ -336,7 +342,12 @@ function checkSpam(array $extra_salt = array()) {
   // Use SHA1 for the hash
   $_hash = sha1($_hash . $extra_salt);
 
-  if ($hash != $_hash) {
+  if (empty($hash)) {
+    print_err("checkSpam: hash is either empty or was never present, check failed. Not flagging as spam however.");
+    dumpVars($extra_salt_orig);
+    // Ignore missing hash, because it was missing for some legitimate posters and bots tend to fill in any field.
+    return false;
+  } else if ($hash != $_hash) {
     print_err("checkSpam: Hash values do not match! submitted hash value from POST data: $hash ; Computed hash value: $_hash");
     dumpVars($extra_salt_orig);
     return true;