public function process($ip, &$stats = array(), &$options = array(), &$post = array())
{
$email = $post['email'];
//$p=print_r($post,true);
//if ($post['email']=='*****@*****.**') {
//return false; // use to test plugin
//}
// can't ever block local server because of cron jobs
$ip = kpg_get_ip();
// we are losing ip occasionally
// for addons
$addons = array();
$addons = apply_filters('kpg_ss_addons_allow', $addons);
// these are the allow before addons
// returns array
//[0]=class location,[1]=class name (also used as counter),[2]=addon name,
//[3]=addon author, [4]=addon description
if (!empty($addons) && is_array($addons)) {
foreach ($addons as $add) {
if (!empty($add) && is_array($add)) {
$reason = be_load($add);
if ($reason !== false) {
// need to log a passed hit on post here.
kpg_ss_log_good(kpg_get_ip(), $reason, $add[1], $add);
// aded get ip because it might be altered
return $reason;
}
}
}
}
// checks the list of Allow List items according to the options being set
// if cloudflare or ip is local then the deny tests for ips are not done.
$actions = array('chkcloudflare', 'chkadminlog', 'chkaws', 'chkgcache', 'chkgenallowlist', 'chkgoogle', 'chkmiscallowlist', 'chkpaypal', 'chkscripts', 'chkwlem', 'chkwluserid', 'chkwlist', 'chkyahoomerchant');
foreach ($actions as $chk) {
if ($options[$chk] == 'Y') {
$reason = be_load($chk, kpg_get_ip(), $stats, $options, $post);
if ($reason !== false) {
// need to log a passed hit on post here.
kpg_ss_log_good(kpg_get_ip(), $reason, $chk);
return $reason;
}
} else {
//sfs_debug_msg('no wl check '.$chk);
}
}
// these are the allow after addons
// returns array
//[0]=class location,[1]=class name (also used as counter),[2]=addon name,
//[3]=addon author, [4]=addon description
return false;
}
public function process($ip, &$stats = array(), &$options = array(), &$post = array())
{
// does all of the post checks.
// these are the deny before addons
// returns array
//[0]=class location,[1]=class name (also used as counter),[2]=addon name,
//[3]=addon author, [4]=addon description
$addons = array();
$addons = apply_filters('kpg_ss_addons_deny', $addons);
if (!empty($addons) && is_array($addons)) {
foreach ($addons as $add) {
if (!empty($add) && is_array($add)) {
$reason = be_load($add, kpg_get_ip(), $stats, $options, $post);
if ($reason !== false) {
// need to log a passed hit on post here.
kpg_ss_log_bad(kpg_get_ip(), $reason, $add[1], $add);
exit;
}
}
}
}
// here on a post only so it will not check GET vars.
$noipactions = array('chkagent', 'chkbbcode', 'chkblem', 'chkbluserid', 'chkdisp', 'chkexploits', 'chklong', 'chkreferer', 'chksession', 'chkspamwords', 'chktld', 'chkaccept', 'chkadmin');
$actions = array('chkamazon', 'chkbcache', 'chkblip', 'chkdisp', 'chkhosting', 'chkinvalidip', 'chkubiquity', 'chkmulti', 'chkgooglesafe', 'chkAD', 'chkAE', 'chkAF', 'chkAL', 'chkAM', 'chkAR', 'chkAT', 'chkAU', 'chkAX', 'chkAZ', 'chkBA', 'chkBB', 'chkBD', 'chkBE', 'chkBG', 'chkBH', 'chkBN', 'chkBO', 'chkBR', 'chkBS', 'chkBY', 'chkBZ', 'chkCA', 'chkCD', 'chkCH', 'chkCL', 'chkCN', 'chkCO', 'chkCR', 'chkCU', 'chkCW', 'chkCY', 'chkCZ', 'chkDE', 'chkDK', 'chkDO', 'chkDZ', 'chkEC', 'chkEE', 'chkES', 'chkEU', 'chkFI', 'chkFJ', 'chkFR', 'chkGB', 'chkGE', 'chkGF', 'chkGI', 'chkGP', 'chkGR', 'chkGT', 'chkGU', 'chkGY', 'chkHK', 'chkHN', 'chkHR', 'chkHT', 'chkHU', 'chkID', 'chkIE', 'chkIL', 'chkIN', 'chkIQ', 'chkIR', 'chkIS', 'chkIT', 'chkJM', 'chkJO', 'chkJP', 'chkKE', 'chkKG', 'chkKH', 'chkKR', 'chkKW', 'chkKY', 'chkKZ', 'chkLA', 'chkLB', 'chkLK', 'chkLT', 'chkLU', 'chkLV', 'chkMD', 'chkME', 'chkMK', 'chkMM', 'chkMN', 'chkMO', 'chkMP', 'chkMQ', 'chkMT', 'chkMV', 'chkMX', 'chkMY', 'chkNC', 'chkNI', 'chkNL', 'chkNO', 'chkNP', 'chkNZ', 'chkOM', 'chkPA', 'chkPE', 'chkPG', 'chkPH', 'chkPK', 'chkPL', 'chkPR', 'chkPS', 'chkPT', 'chkPW', 'chkPY', 'chkQA', 'chkRO', 'chkRS', 'chkRU', 'chkSA', 'chkSC', 'chkSE', 'chkSG', 'chkSI', 'chkSK', 'chkSV', 'chkSX', 'chkSY', 'chkTH', 'chkTJ', 'chkTM', 'chkTR', 'chkTT', 'chkTW', 'chkUA', 'chkUK', 'chkUS', 'chkUY', 'chkUZ', 'chkVC', 'chkVE', 'chkVN', 'chkYE', 'chksfs', 'chkhoney', 'chkbotscout', 'chkdnsbl');
$chk = '';
// start with the no ip list
foreach ($noipactions as $chk) {
if ($options[$chk] == 'Y') {
$reason = be_load($chk, kpg_get_ip(), $stats, $options, $post);
if ($reason !== false) {
break;
}
}
}
if ($reason === false) {
// check for a valid ip - if ip is valid we can do the ip checks
$actionvalid = array('chkvalidip');
// took out the cloudflare exclusion
foreach ($actionvalid as $chk) {
$reason = be_load($chk, kpg_get_ip(), $stats, $options, $post);
if ($reason !== false) {
break;
}
}
// if the ip is valid reason will be false
if ($reason !== false) {
return false;
}
}
if ($reason === false) {
foreach ($actions as $chk) {
if ($options[$chk] == 'Y') {
$reason = be_load($chk, kpg_get_ip(), $stats, $options, $post);
if ($reason !== false) {
break;
}
}
}
}
//sfs_debug_msg("check post $ip, ".print_r($post,true));
if (array_key_exists('email', $post) && $post['email'] == '*****@*****.**') {
$post['reason'] = "testing IP - will always be blocked";
// use to test plugin
be_load('kpg_ss_challenge', kpg_get_ip(), $stats, $options, $post);
return;
}
// these are the deny after addons
// returns array
//[0]=class location,[1]=class name (also used as counter),[2]=addon name,
//[3]=addon author, [4]=addon description
if ($reason === false) {
return false;
}
// here because we have a spammer that's been caught
kpg_ss_log_bad(kpg_get_ip(), $reason, $chk);
exit;
}
</form>
</fieldset>
<?php
}
$ip = kpg_get_ip();
?>
<p>Your current IP address is: <span style="font-weight:bold;font-size:1.1em;"><?php
echo $ip;
?>
.</span><p>
<?php
// check the ip to see if we are local
$ansa = be_load('chkvalidip', kpg_get_ip());
if ($ansa == false) {
$ansa = be_load('chkcloudflare', kpg_get_ip());
}
if ($ansa !== false) {
?>
<p>This address is invalid for testing for the following reason:
<span style="font-weight:bold;font-size:1.2em;"><?php
echo $ansa;
?>
</span>.<br>
If you working on a local installation of Wordpress, this might be OK. However, if the plugin reports that your IP is invalid it may be because you are using CloudFlare or a proxy server to access this page. This will make it impossible for the plugin to check IP addresses. You may want to go to the Stop Spammers Testing menu option in order to test all possible reasons that your IP is not appearing as the IP of the machine that your using to browse this site.<br>
It is possible to use the plugin if this problem appears, but most checking functions will be turned off. The plugin will still perform spam checks which do not require an IP.<br>
If the error says that this is a CloudFlare ip address, you can fix this by installing the cloudflare plugin. If you use CloudFlare to protect and speed up your site then you MUST install the CloudFlare plugin. This plugin will be crippled until you install it.
<p>
<?php
}
}
// just in case
$stats = kpg_ss_get_stats();
$options = kpg_ss_get_options();
if (!current_user_can('manage_options')) {
die('Access Denied');
}
$now = date('Y/m/d H:i:s', time() + get_option('gmt_offset') * 3600);
// for session speed checks
//if(!isset($_POST)||empty($_POST)) { // no post defined
//$_SESSION['kpg_stop_spammers_time']=time();
// if (! isset($_COOKIE['kpg_stop_spammers_time'])) { // if previous set do not reset
// setcookie( 'kpg_stop_spammers_time', strtotime("now"), strtotime('+1 min'));
// }
//}
$ip = kpg_get_ip();
$hip = "unknown";
if (array_key_exists('SERVER_ADDR', $_SERVER)) {
$hip = $_SERVER["SERVER_ADDR"];
}
$email = '';
$author = '';
$subject = '';
$body = '';
if (array_key_exists('ip', $_POST)) {
$ip = $_POST['ip'];
}
if (array_key_exists('email', $_POST)) {
$email = $_POST['email'];
}
if (array_key_exists('author', $_POST)) {
public function kpg_ss_send_email($options = array())
{
if (!array_key_exists('notify', $options)) {
return false;
}
$notify = $options['notify'];
$wlreqmail = $options['wlreqmail'];
if ($notify == 'N') {
return false;
}
if (array_key_exists('ke', $_POST) && !empty($_POST['ke'])) {
// send wp_mail to sysop
$now = date('Y/m/d H:i:s', time() + get_option('gmt_offset') * 3600);
$ke = $_POST['ke'];
if (!is_email($ke)) {
return false;
}
if (empty($ke)) {
return false;
}
$ke = sanitize_text_field($_POST['ke']);
$km = sanitize_text_field($_POST['km']);
if (strlen($km) > 200) {
$km = substr($km, 0, 197) . '...';
}
$kr = really_clean(sanitize_text_field($_POST['kr']));
$to = get_option('admin_email');
if (!empty($wlreqmail)) {
$to = $wlreqmail;
}
$subject = 'Allow List request from blog ' . get_bloginfo('name');
$ip = kpg_get_ip();
$message = "\r\nWebmaster,\r\nA request has been received from someone who has been marked as a spammer by the STOP SPAMMER plugin.\r\nYou have are being notified because you have checked off the box on the settings page indicating that you wanted this email.\r\nThe information from the request is:\r\nTime: {$now}\r\nUser IP: " . $ip . "\r\nUser email: " . $ke . "\r\nSpam Reason: " . $kr . "\r\nUsers Message: " . $km . "\r\n\r\nPlease be aware that the user has been recognized as a potential spammer. \r\nSome spam robots are already filling out the request form with a bogus explanation. \r\n\r\n\r\nStop Spammers Plugin";
$message = wordwrap($message, 70, "\r\n");
$headers = 'From: ' . get_option('admin_email') . "\r\n";
wp_mail($to, $subject, $message, $headers);
$rejectmessage = "<h2>Mail sent, thank you</h2>";
return true;
}
}
function sfs_ErrorHandler($errno, $errmsg, $filename, $linenum, $vars)
{
// write the answers to the file
// we are only concerned with the errors and warnings, not the notices
//if ($errno==E_NOTICE || $errno==E_WARNING) return false;
//if ($errno==2048) return; // wordpress throws deprecated all over the place.
$serrno = "";
if (strpos($filename, 'kpg') === false && strpos($filename, 'admin-options') === false && strpos($filename, 'mu-options') === false && strpos($filename, 'stop-spam') === false && strpos($filename, 'sfr_mu') === false && strpos($filename, 'settings.php') === false && strpos($filename, 'options-general.php') === false) {
return false;
}
switch ($errno) {
case E_ERROR:
$serrno = "Fatal run-time errors. These indicate errors that can not be recovered from, such as a memory allocation problem. Execution of the script is halted. ";
break;
case E_WARNING:
$serrno = "Run-time warnings (non-fatal errors). Execution of the script is not halted. ";
break;
case E_NOTICE:
$serrno = "Run-time notices. Indicate that the script encountered something that could indicate an error, but could also happen in the normal course of running a script. ";
break;
default:
$serrno = "Unknown Error type {$errno}";
}
if (strpos($errmsg, 'modify header information')) {
return false;
}
$now = date('Y/m/d H:i:s', time() + get_option('gmt_offset') * 3600);
$m1 = memory_get_usage(true);
$m2 = memory_get_peak_usage(true);
$ip = kpg_get_ip();
$msg = "\r\n\tTime: {$now}\r\n\tError number: {$errno}\r\n\tError type: {$serrno}\r\n\tError Msg: {$errmsg}\r\n\tIP address: {$ip}\r\n\tFile name: {$filename}\r\n\tLine Number: {$linenum}\r\n\tMemory used, peak: {$m1}, {$m2}\r\n\t---------------------\r\n\t";
// write out the error
$f = '';
$f = @fopen(KPG_SS_PLUGIN_DATA . ".sfs_debug_output.txt", 'a');
if (empty($f)) {
return false;
}
@fwrite($f, $msg);
@fclose($f);
return false;
}
function kpg_ss_check_white_block()
{
sfs_errorsonoff();
$options = kpg_ss_get_options();
$stats = kpg_ss_get_stats();
$post = get_post_variables();
$post['block'] = true;
$ansa = be_load('kpg_ss_check_white', kpg_get_ip(), $stats, $options, $post);
sfs_errorsonoff('off');
return $ansa;
}
function kpg_ss_user_reg_filter($user_login)
{
// the plugin should be all initialized
// check the ip, etc.
sfs_errorsonoff();
$options = kpg_ss_get_options();
$stats = kpg_ss_get_stats();
// fake out the post variables
$post = get_post_variables();
$post['author'] = $user_login;
$post['addon'] = 'chkRegister';
// no really an addon - but may be moved out when working.
if ($options['filterregistrations'] != 'Y') {
remove_filter('pre_user_login', kpg_ss_user_reg_filter, 1);
sfs_errorsonoff('off');
return $user_login;
}
// if the suspect is already in the bad cache he does not get a second chance?
// prevents looping
$reason = be_load('chkbcache', kpg_get_ip(), $stats, $options, $post);
sfs_errorsonoff();
if ($reason !== false) {
$rejectmessage = $options['rejectmessage'];
$post['reason'] = 'Failed Registration: bad cache';
$host['chk'] = 'chkbcache';
$ansa = be_load('kpg_ss_log_bad', kpg_get_ip(), $stats, $options, $post);
wp_die("{$rejectmessage}", "Login Access Denied", array('response' => 403));
exit;
}
// check the white list
$reason = kpg_ss_check_white();
sfs_errorsonoff();
if ($reason !== false) {
$post['reason'] = 'passed registration:' . $reason;
$ansa = be_load('kpg_ss_log_good', kpg_get_ip(), $stats, $options, $post);
sfs_errorsonoff('off');
return $user_login;
}
// check the black list
//sfs_debug_msg("Checking black list on registration: /r/n".print_r($post,true));
$ret = be_load('kpg_ss_check_post', kpg_get_ip(), $stats, $options, $post);
$post['reason'] = 'Passed Registration ' . $ret;
$ansa = be_load('kpg_ss_log_good', kpg_get_ip(), $stats, $options, $post);
return $user_login;
}
