function spam_score($url, $title = "", $check_ip = true)
{
$score = 0;
if ($check_ip) {
/* Check DNSBLs */
if (check_blacklisted()) {
/* If a user is blacklisted in a DNSBL, his submission will be
* held for manual review. We do not want to assign any further
* spam points to this submission to avoid him accidentally
* getting blocked, so we return with a score of 5. */
return 5;
}
/* Check internal banlist */
if (check_banlist()) {
return 10;
}
}
if (!preg_match("/^https?:\\/\\/([^\\/:]*?\\.[^\\/:]*)(\\/|:[0-9]{1,5}|\$)/", $url, $matches)) {
return 10;
}
$domain = $matches[1];
if (preg_match("/^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\$/", $domain)) {
$localhost = false;
$localhost = $localhost || ip_in_range($domain, "10.0.0.0/8");
$localhost = $localhost || ip_in_range($domain, "127.0.0.1/8");
$localhost = $localhost || ip_in_range($domain, "172.16.0.0/12");
$localhost = $localhost || ip_in_range($domain, "192.168.0.0/16");
if ($localhost) {
// Adding entries that point to localhost is not allowed.
return 10;
}
}
$domain_parts = explode(".", $domain);
$top_domain = $domain_parts[count($domain_parts) - 2] . "." . $domain_parts[count($domain_parts) - 1];
if ($result = mysql_query_cached("SELECT * FROM blacklist")) {
$blacklist = $result->data;
} else {
return $score;
}
$banned_domains = array();
$banned_parts = array();
$banned_ips = array();
$banned_titles = array();
foreach ($blacklist as $element) {
if ($element['Type'] == "0") {
$banned_ips[] = $element['Value'];
} elseif ($element['Type'] == "1") {
$banned_parts[] = $element['Value'];
} elseif ($element['Type'] == "2") {
$banned_domains[] = $element['Value'];
} elseif ($element['Type'] == "3") {
$banned_titles[] = $element['Value'];
}
}
$ipList = explode(",", get_ip());
foreach ($ipList as $ip) {
if (in_array($ip, $banned_ips)) {
$score += 5;
}
}
if (count($domain_parts) >= 3) {
$sub_domain = $domain_parts[count($domain_parts) - 3] . "." . $domain_parts[count($domain_parts) - 2] . "." . $domain_parts[count($domain_parts) - 1];
} else {
$sub_domain = $top_domain;
}
foreach ($banned_domains as $part) {
if (strtolower($part) == strtolower($top_domain) || strtolower($part) == strtolower($sub_domain)) {
$score += 10;
} elseif (strpos($url, $part) !== false) {
$score += 5;
}
}
foreach ($banned_parts as $part) {
if (strpos(strtolower($url), strtolower($part)) !== false) {
$score += 3;
}
}
if (!empty($title)) {
foreach ($banned_titles as $part) {
if (strpos(strtolower($title), strtolower($part)) !== false) {
$score += 3;
}
}
}
return $score;
}
}
*/
/**
* Checks that form is from an approved "referer"
* - will exit and not proceed if referer is NOT found
* @var array string
*/
if (isset($referers)) {
check_referer($referers);
}
/**
* Checks if "email" included in form is on banlist
* - will exit and not proceed if email is on banlist
*/
if (isset($bannedEmails) && count($bannedEmails) > 0) {
check_banlist($bannedEmails, $email);
}
/**
* Sort the $_POST variables
*/
if (isset($sort) && $sort == "alphabetic") {
uksort($_POST, "strnatcasecmp");
} elseif (isset($sort) && isset($list) && ereg('^order:.*,.*', $sort) && ($list = explode(',', ereg_replace('^order:', '', $sort)))) {
$sort = $list;
}
/**
* Checks if the browser's IP address or Remote Host is on ban list
* - will exit and not proceed if either is found in ban list
*/
if ($useBanlist && is_writable($fileBanlist)) {
$banned = checkBanlist($fileBanlist);
if (!getenv("HTTP_REFERER"))
$found = false;
if (!$found){
print_error("You are coming from an <b>unauthorized domain.</b>");
error_log("[FormMail.php] Illegal Referer. (".getenv("HTTP_REFERER").")", 0);
}
return $found;
} else {
return true; // not a good idea, if empty, it will allow it.
}
}
if ($referers)
check_referer($referers);
if ($banlist)
check_banlist($banlist, $email);
// parse the form and create the content string which we will send
function parse_form($array) {
// build reserved keyword array
$reserved_keys[] = "MAX_FILE_SIZE";
$reserved_keys[] = "required";
$reserved_keys[] = "redirect";
$reserved_keys[] = "email";
$reserved_keys[] = "require";
$reserved_keys[] = "path_to_file";
$reserved_keys[] = "recipient";
$reserved_keys[] = "subject";
$reserved_keys[] = "bgcolor";
$reserved_keys[] = "text_color";
$reserved_keys[] = "link_color";
<?php
if (!isset($_ANONNEWS)) {
die;
}
/* Protect from direct requests */
/* This module allows a user to submit a new press release. */
if (check_banlist() == false) {
if (empty($var_id)) {
// Stage 0: The page with guidelines.
?>
<h2>Read these guidelines. Not reading them may get you banned.</h2>
<p><strong>While no censorship based on opinion, views, etc. takes place on AnonNews, there are several guidelines in place to keep content on the site relevant.</strong>
Read these guidelines completely before submitting a press release. Not reading them may get you banned.</p>
<p><strong>This is not a forum.</strong> Opinion posts, questions to anons, and other similar things do not belong here. <a href="/forum">Use the forum.</a></p>
<p><strong>AnonNews is about Anonymous.</strong> While you may think your local political party, a phone tapping scandal, or anything else is important, this is not the place for personal army requests.
If you wish to discuss a topic that may be of interest to other anons, you can do so on the <a href="/forum">forum</a>. If it's not a press release or manifesto from Anonymous, it doesn't belong here - period.</p>
<p><strong>Format your press releases properly.</strong> Press releases and manifestos are expected to be readable and in proper formatting. While we certainly don't expect perfect grammar, a press
release that uses an abbreviation every other word or contains excessive 'leetspeak' is not going to be accepted. If your press release is in bright pink with images of red flowers on the side, it will
probably not be accepted either.</p>
<p><strong>No copypasting.</strong> This section is intended for those that wish to submit a press release about an operation they are involved with (not necessarily being part of staff). Don't copypaste
news articles or press releases from others that you have nothing to do with. Submitting it for someone else who is involved with an operation, is of course not an issue at all.</p>
<p><strong>You are not the leader of Anonymous. Noone is.</strong> Don't try to imply that <em>all</em> of Anonymous agrees with something or condemns it - your press release will be rejected. Unless you
have talked through your press release with literally every single anon out there, you cannot speak for all of them. Making a generic 'from Anonymous' statement is fine, as long as you don't try to say that
'person X and operation Y were not Anonymous' or try to impose alleged 'universal values or ideologies' onto Anonymous - they simply do not exist.</p>
<p><strong>On the IP retention policy: we normally do not store IP addresses of anyone submitting content to AnonNews (feel free to use TOR or a proxy to be completely sure). If you hit a spam filter,
however (there is almost zero chance for a false positive), your IP may be recorded and banned. If an IP is incorrectly recorded (a false positive) it will be reviewed and removed from the log within 24 hours, without exception.</strong></p>
<p><form method="GET" action="/press/add/form/">
If you have read the guidelines, <button name="submit" type="submit">click here to submit your press release.</button>
</form></p>
<?php
while ($inString = read_file_line($fp)) {
list($key, $description, $value) = explode(':', $inString);
$whotos[trim($key)] = trim($value);
}
fclose($fp);
$recipient = $_POST['whoto'];
if (empty($_POST['email'])) {
$errors[] = "You didn't enter your email address.";
} elseif (!preg_match('/^[^\\s@]+@[a-z0-9\\.-]+?\\.[a-z]{2,4}$/i', $_POST['email'])) {
$errors[] = "\"" . $_POST['email'] . "\" doesn't look like a valid email address";
}
//if($_POST['test']=="yes") {
// $errors[] = "You can't send spam through this form.";
// error_log("spam whoo", 0);
//}
if ($banned = check_banlist($logOnBan, $_POST['email'])) {
if ($adviseOnBan) {
mail_advisory($errors);
}
if ($warnBanned) {
show_fatal($errors);
exit;
} else {
unset($errors);
}
}
if (empty($_POST['name'])) {
$errors[] = "You didn't enter your name.";
}
if (empty($_POST['subject'])) {
$errors[] = "You didn't enter a subject.";
