/** * check_comment_with_defensio() * * @return */ function check_comment_with_defensio() { global $pixelpost_db_prefix, $cfgrow, $parent_id, $message, $ip, $name, $url; require_once 'addons/_defensio2.0/lib/defensio-php/Defensio.php'; require_once 'addons/_defensio2.0/lib/pixelpost/defensio_pixelpost.php'; $defensio_result = mysql_query("SELECT * FROM `{$pixelpost_db_prefix}defensio` LIMIT 1") or die(mysql_error()); $defensio_conf = mysql_fetch_array($defensio_result); $defensio = new Defensio($defensio_conf['key']); $document = array(); // store the $cfgrow['commentemail'] in a seperate temp variable and set it to no $tmp_commentmail = $cfgrow['commentemail']; $cfgrow['commentemail'] = 'no'; // first update the comment in the database, assume it has failed. // sometimes the callback isn't issued properly. $query = "UPDATE {$pixelpost_db_prefix}comments \r\n SET publish = 'dfn',\r\n `spaminess` = '-1',\r\n `status` = 'fail' \r\n WHERE id = last_insert_id()"; mysql_query($query); /** * Only continue with Defensio if the API key is valid */ if (array_shift($defensio->getUser()) == 200) { $document = array('client' => 'Pixelpost Defensio Addon | ' . $addon_version . ' | Schonhose | schonhose@pixelpost.org', 'content' => $message, 'platform' => 'pixelpost', 'type' => 'comment', 'async' => 'true', 'async-callback' => $defensio_conf['blog'] . 'addons/_defensio2.0/lib/callback.php?id=' . md5($defensio_conf['key']), 'author-email' => $email, 'author-ip' => $ip, 'author-logged-in' => 'false', 'author-name' => $name, 'parent-document-date' => defensio_get_datetime_post($parent_id), 'parent-document-permalink' => $defensio_conf['blog'] . "index.php?showimage=" . $parent_id, 'referrer' => $_SERVER['HTTP_REFERER'], 'author-url' => $url); $post_result = $defensio->postDocument($document); $cfgrow['commentemail'] = $tmp_commentmail; defensio_process_comment_pixelpost($post_result, true); } }
public function process() { $post = $this->getObject(); if ($post) { $author = $post->Owner(); $balance = $author->Balance; if (self::$api_key && $post->Content != self::SPAM_CONTENT) { require_once Director::baseFolder() . '/microblog/thirdparty/defensio/Defensio.php'; $defensio = new Defensio(self::$api_key); $document = array('type' => 'comment', 'content' => $post->Content, 'platform' => 'silverstripe_microblog', 'client' => 'MicroBlog Defensio-PHP | 0.1 | Marcus Nyeholt | marcus@silverstripe.com.au', 'async' => 'false'); try { $result = $defensio->postDocument($document); if ($result && isset($result[1])) { if ($result[1]->allow == 'false') { $post->Content = self::SPAM_CONTENT; $post->Down += self::SPAM_DOWN; $post->write(); $author->Down += self::SPAM_DOWN; $author->write(); } } } catch (Exception $e) { SS_Log::log($e, SS_Log::WARN); } } if ($post->Content != self::SPAM_CONTENT) { $post->analyseContent(); $post->write(); } } $this->isComplete = true; }
public function check($api_key, $comment, $name, $email, $url = '') { $defensio = new Defensio($api_key); $document = array(); if (array_shift($defensio->getUser()) != 200) { // api key is invalid return false; } $document = array('type' => 'comment', 'content' => $comment, 'author-name' => $name, 'author-email' => $email, 'platform' => 'php', 'client' => 'Photocake', 'async' => 'false'); if ($url != '') { $document['author-url'] = $url; } $result = $defensio->postDocument($document); return $result[1]->classification == 'legitimate'; }
/** * Function: create * Attempts to create a comment using the passed information. If a Defensio API key is present, it will check it. * * Parameters: * $author - The name of the commenter. * $email - The commenter's email. * $url - The commenter's website. * $body - The comment. * $post - The <Post> they're commenting on. * $type - The type of comment. Optional, used for trackbacks/pingbacks. */ static function create($author, $email, $url, $body, $post, $type = null) { if (!self::user_can($post->id) and !in_array($type, array("trackback", "pingback"))) { return; } $config = Config::current(); $route = Route::current(); $visitor = Visitor::current(); if (!$type) { $status = $post->user_id == $visitor->id ? "approved" : $config->default_comment_status; $type = "comment"; } else { $status = $type; } if (!empty($config->defensio_api_key)) { $comment = array("user-ip" => $_SERVER['REMOTE_ADDR'], "article-date" => when("Y/m/d", $post->created_at), "comment-author" => $author, "comment-type" => $type, "comment-content" => $body, "comment-author-email" => $email, "comment-author-url" => $url, "permalink" => $post->url(), "referrer" => $_SERVER['HTTP_REFERER'], "user-logged-in" => logged_in()); $defensio = new Defensio($config->url, $config->defensio_api_key); list($spam, $spaminess, $signature) = $defensio->auditComment($comment); if ($spam) { self::add($body, $author, $url, $email, $_SERVER['REMOTE_ADDR'], $_SERVER['HTTP_USER_AGENT'], "spam", $signature, null, null, $post, $visitor->id); error(__("Spam Comment"), __("Your comment has been marked as spam. It will have to be approved before it will show up.", "comments")); } else { $comment = self::add($body, $author, $url, $email, $_SERVER['REMOTE_ADDR'], $_SERVER['HTTP_USER_AGENT'], $status, $signature, null, null, $post, $visitor->id); fallback($_SESSION['comments'], array()); $_SESSION['comments'][] = $comment->id; if (isset($_POST['ajax'])) { exit("{ comment_id: " . $comment->id . ", comment_timestamp: \"" . $comment->created_at . "\" }"); } Flash::notice(__("Comment added."), $post->url() . "#comment_" . $comment->id); } } else { $comment = self::add($body, $author, $url, $email, $_SERVER['REMOTE_ADDR'], $_SERVER['HTTP_USER_AGENT'], $status, "", null, null, $post, $visitor->id); fallback($_SESSION['comments'], array()); $_SESSION['comments'][] = $comment->id; if (isset($_POST['ajax'])) { exit("{ comment_id: " . $comment->id . ", comment_timestamp: \"" . $comment->created_at . "\" }"); } Flash::notice(__("Comment added."), $post->url() . "#comment_" . $comment->id); } }
private function get_spam_level($content) { if ($this->comment_settings['monitor_enable']) { try { $defensio = new Defensio($this->comment_settings['monitor_api_key']); // Invalid API KEY if (array_shift($defensio->getUser()) != 200) { return false; } $document = array('type' => 'comment', 'content' => $content, 'platform' => 'Nibbleblog', 'client' => 'Nibbleblog', 'async' => 'false'); $defensio_result = $defensio->postDocument($document); return (double) $defensio_result[1]->spaminess; } catch (Exception $e) { // Something fail, timeout, invalid key, etc... return false; } } // Spam monitor disabled return 0; }
static function admin_bulk_comments() { $from = !isset($_GET['from']) ? "manage_comments" : "manage_spam"; if (!isset($_POST['comment'])) { Flash::warning(__("No comments selected."), "/admin/?action=" . $from); } $comments = array_keys($_POST['comment']); if (isset($_POST['delete'])) { foreach ($comments as $comment) { $comment = new Comment($comment); if ($comment->deletable()) { Comment::delete($comment->id); } } Flash::notice(__("Selected comments deleted.", "comments")); } $false_positives = array(); $false_negatives = array(); $sql = SQL::current(); $config = Config::current(); if (isset($_POST['deny'])) { foreach ($comments as $comment) { $comment = new Comment($comment); if (!$comment->editable()) { continue; } if ($comment->status == "spam") { $false_positives[] = $comment->signature; } $sql->update("comments", array("id" => $comment->id), array("status" => "denied")); } Flash::notice(__("Selected comments denied.", "comments")); } if (isset($_POST['approve'])) { foreach ($comments as $comment) { $comment = new Comment($comment); if (!$comment->editable()) { continue; } if ($comment->status == "spam") { $false_positives[] = $comment->signature; } $sql->update("comments", array("id" => $comment->id), array("status" => "approved")); } Flash::notice(__("Selected comments approved.", "comments")); } if (isset($_POST['spam'])) { foreach ($comments as $comment) { $comment = new Comment($comment); if (!$comment->editable()) { continue; } $sql->update("comments", array("id" => $comment->id), array("status" => "spam")); $false_negatives[] = $comment->signature; } Flash::notice(__("Selected comments marked as spam.", "comments")); } if (!empty($config->defensio_api_key)) { $defensio = new Defensio($config->url, $config->defensio_api_key); if (!empty($false_positives)) { $defensio->submitFalsePositives(implode(",", $false_positives)); } if (!empty($false_negatives)) { $defensio->submitFalseNegatives(implode(",", $false_negatives)); } } redirect("/admin/?action=" . $from); }
public static function validate_api_key($key, $owner_url) { $defensio = new Defensio($key, $owner_url); return $defensio->validate_key(); }
// we always try to get the results here. defensio_process_comment_pixelpost($get_result, false); } else { die("The API key is invalid!!! Bye Bye."); } } //Check whether ADMIN has submitted a comment to resend to Defensio if (isset($_GET['view']) && $_GET['view'] == 'comments' && isset($_GET['action']) and $_GET['action'] == 'defensiorecheck') { // build $comment array used for testing. $comment_id = (int) $_GET['cid']; // get the comment info in question $query = "SELECT * FROM `{$pixelpost_db_prefix}comments` WHERE `id` = '" . $comment_id . "'"; $defensio_result = mysql_query($query) or die(mysql_error()); $row = mysql_fetch_array($defensio_result); $document = array('client' => 'Pixelpost Defensio Addon | ' . $addon_version . ' | Schonhose | schonhose@pixelpost.org', 'content' => $row['message'], 'platform' => 'pixelpost', 'type' => 'comment', 'async' => 'true', 'async-callback' => $defensio_conf['blog'] . 'addons/_defensio2.0/lib/callback.php?id=' . md5($defensio_conf['key']), 'author-email' => $row['email'], 'author-ip' => $row['ip'], 'author-logged-in' => 'false', 'author-name' => $row['name'], 'parent-document-date' => defensio_get_datetime_post($row['parent_id']), 'parent-document-permalink' => $defensio_conf['blog'] . "index.php?showimage=" . $row['parent_id'], 'referrer' => $_SERVER['HTTP_REFERER'], 'author-url' => $row['url']); $defensio = new Defensio($defensio_conf['key']); /** * Only continue with Defensio if the API key is valid */ if (array_shift($defensio->getUser()) == 200) { $post_result = $defensio->postDocument($document); // we always do a NEW request here. defensio_process_comment_pixelpost($post_result, true, $comment_id); } else { die("The API key is invalid!!! Bye Bye."); } } //Check whether ADMIN has submitted an empty quarantine request if (isset($_GET['view']) && $_GET['view'] == 'comments' && isset($_GET['action']) and $_GET['action'] == 'emptyquarantine') { $query = "DELETE FROM {$pixelpost_db_prefix}comments WHERE publish='dfn'"; $defensio_result = mysql_query($query);
/** * defensio_process_unprocessed() * * @param mixed $defensio_conf * @return */ function defensio_process_unprocessed($defensio_conf) { global $pixelpost_db_prefix, $defensio; //There are three possibilities: it can have failed, it is pending or somehow the status is null //For each step there is a different approach. $defensio = new Defensio($defensio_conf['key']); $seconds = 1209600; //86399 is 24 hours, but in this case we approximately 14 days. // 1) first get all the comments that have failed or have status null for the last 2 weeks and process them again. $query = "SELECT *\n FROM `{$pixelpost_db_prefix}comments`\n WHERE (\n (\n `status` = 'fail'\n OR `status` IS NULL\n )\n AND (\n UNIX_TIMESTAMP( `datetime` )\n BETWEEN UNIX_TIMESTAMP( DATE_ADD( CURDATE( ) , INTERVAL - " . $seconds . "\n SECOND ) )\n AND UNIX_TIMESTAMP( DATE_ADD( CURDATE( ) , INTERVAL +86400\n SECOND ) )\n )\n )"; $defensio_result = mysql_query($query) or die(mysql_error()); while ($row = mysql_fetch_array($defensio_result)) { $document = array('client' => 'Pixelpost Defensio Addon | ' . $addon_version . ' | Schonhose | schonhose@pixelpost.org', 'content' => $row['message'], 'platform' => 'pixelpost', 'type' => 'comment', 'async' => 'true', 'async-callback' => $defensio_conf['blog'] . 'addons/_defensio2.0/lib/callback.php?id=' . md5($defensio_conf['key']), 'author-email' => $row['email'], 'author-ip' => $row['ip'], 'author-logged-in' => 'false', 'author-name' => $row['name'], 'parent-document-date' => defensio_get_datetime_post($row['parent_id']), 'parent-document-permalink' => $defensio_conf['blog'] . "index.php?showimage=" . $row['parent_id'], 'referrer' => $_SERVER['HTTP_REFERER'], 'author-url' => $row['url']); /** * Only continue with Defensio if the API key is valid */ if (array_shift($defensio->getUser()) == 200) { $post_result = $defensio->postDocument($document); // we always do a NEW request here. defensio_process_comment_pixelpost($post_result, true, $row['id']); } else { die("The API key is invalid!!! Bye Bye."); } } // 2) get the pending comments. But those are a bit tricky: depending on the date we either have to GET // results or process them again. $query = "SELECT * FROM `{$pixelpost_db_prefix}comments` WHERE `status` = 'pending'"; $defensio_result = mysql_query($query) or die(mysql_error()); while ($row = mysql_fetch_array($defensio_result)) { $document = array('client' => 'Pixelpost Defensio Addon | ' . $addon_version . ' | Schonhose | schonhose@pixelpost.org', 'content' => $row['message'], 'platform' => 'pixelpost', 'type' => 'comment', 'async' => 'true', 'async-callback' => $defensio_conf['blog'] . 'addons/_defensio2.0/lib/callback.php?id=' . md5($defensio_conf['key']), 'author-email' => $row['email'], 'author-ip' => $row['ip'], 'author-logged-in' => 'false', 'author-name' => $row['name'], 'parent-document-date' => defensio_get_datetime_post($row['parent_id']), 'parent-document-permalink' => $defensio_conf['blog'] . "index.php?showimage=" . $row['parent_id'], 'referrer' => $_SERVER['HTTP_REFERER'], 'author-url' => $row['url']); /** * Only continue with Defensio if the API key is valid */ if (array_shift($defensio->getUser()) == 200) { // here is the magic to decide if we need to GET or process // if the difference is less than thirty days we can still get it from Defensio // if it is more, then reprocess the comment. $no_days = floor((time() - strtotime($row['datetime'])) / 86400); if ($no_days < 30) { $get_result = $defensio->getDocument($row['signature']); // we always try to get the results here. defensio_process_comment_pixelpost($get_result, false); } else { $post_result = $defensio->postDocument($document); // we always do a NEW request here. defensio_process_comment_pixelpost($post_result, true, $row['id']); } } else { die("The API key is invalid!!! Bye Bye."); } } $defensio_comments_processed_at = mktime(); mysql_query("UPDATE " . $pixelpost_db_prefix . "defensio SET defensio_comments_processed_at='" . $defensio_comments_processed_at . "'"); }