<?php if (!defined('ABSPATH')) { exit; } // just in case if (!current_user_can('manage_options')) { die('Access Denied'); } $stats = kpg_ss_get_stats(); extract($stats); $now = date('Y/m/d H:i:s', time() + get_option('gmt_offset') * 3600); // counter list - this should be copied from the get option utility // counters should have the same name as the YN switch for the check. // I see lots of missing counters here. $counters = array('cntchkcloudflare' => 'pass CloudFlare', 'cntchkgcache' => 'pass Good Cache', 'cntchkakismet' => 'Reported by Akismet', 'cntchkgenallowlist' => 'pass Generated Allow List', 'cntchkgoogle' => 'pass Google', 'cntchkmiscallowlist' => 'pass Allow List', 'cntchkpaypal' => 'pass paypal', 'cntchkscripts' => 'pass scripts', 'cntchkvalidip' => 'pass uncheckable ip', 'cntchkwlem' => 'Allow List email', 'cntchkuserid' => 'Allow userid/author', 'cntchkwlist' => 'pass Allow List ip', 'cntchkyahoomerchant' => 'pass Yahoo merchant', 'cntchk404' => '404 exploit attempt', 'cntchkaccept' => 'bad or missing accept header', 'cntchkadmin' => 'admin login attempt', 'cntchkadminlog' => 'passed login ok', 'cntchkagent' => 'bad or missing user agent', 'cntchkamazon' => 'Amazon AWS', 'cntchkaws' => 'Amazon AWS allow', 'cntchkbcache' => 'bad cache', 'cntchkblem' => 'Deny List email', 'cntchkuserid' => 'Deny userid/author', 'cntchkblip' => 'Deny List ip', 'cntchkbotscout' => 'botscout', 'cntchkdisp' => 'disposable email', 'cntchkdnsbl' => 'dnsbl hit', 'cntchkexploits' => 'exploit attempt', 'cntchkgooglesafe' => 'google safe browsing', 'cntchkhoney' => 'project honeypot', 'cntchkhosting' => 'known spam host', 'cntchkinvalidip' => 'block invalid ip', 'cntchklong' => 'long email', 'cntchkbbcode' => 'bbcode in request', 'cntchkreferer' => 'bad HTTP_REFERER', 'cntchksession' => 'session speed', 'cntchksfs' => 'Stop Forum Spam', 'cntchkspamwords' => 'spam words', 'cntchktld' => 'email TLD', 'cntchkubiquity' => 'ubiquity servers', 'cntchkmulti' => 'Repeated hits', 'cntchkAD' => 'Andorra', 'cntchkAE' => 'United Arab Emirates', 'cntchkAF' => 'Afghanistan', 'cntchkAL' => 'Albania', 'cntchkAM' => 'Armenia', 'cntchkAR' => 'Argentina', 'cntchkAT' => 'Austria', 'cntchkAU' => 'Australia', 'cntchkAX' => 'Aland Islands', 'cntchkAZ' => 'Azerbaijan', 'cntchkBA' => 'Bosnia And Herzegovina', 'cntchkBB' => 'Barbados', 'cntchkBD' => 'Bangladesh', 'cntchkBE' => 'Belgium', 'cntchkBG' => 'Bulgaria', 'cntchkBH' => 'Bahrain', 'cntchkBN' => 'Brunei Darussalam', 'cntchkBO' => 'Bolivia', 'cntchkBR' => 'Brazil', 'cntchkBS' => 'Bahamas', 'cntchkBY' => 'Belarus', 'cntchkBZ' => 'Belize', 'cntchkCA' => 'Canada', 'cntchkCD' => 'Congo, Democratic Republic', 'cntchkCH' => 'Switzerland', 'cntchkCL' => 'Chile', 'cntchkCN' => 'China', 'cntchkCO' => 'Colombia', 'cntchkCR' => 'Costa Rica', 'cntchkCU' => 'Cuba', 'cntchkCW' => 'Curaçao', 'cntchkCY' => 'Cyprus', 'cntchkCZ' => 'Czech Republic', 'cntchkDE' => 'Germany', 'cntchkDK' => 'Denmark', 'cntchkDO' => 'Dominican Republic', 'cntchkDZ' => 'Algeria', 'cntchkEC' => 'Ecuador', 'cntchkEE' => 'Estonia', 'cntchkES' => 'Spain', 'cntchkEU' => 'European Union', 'cntchkFI' => 'Finland', 'cntchkFJ' => 'Fiji', 'cntchkFR' => 'France', 'cntchkGB' => 'Great Britain', 'cntchkGE' => 'Georgia', 'cntchkGF' => 'French Guiana', 'cntchkGI' => 'Gibraltar', 'cntchkGP' => 'Guadeloupe', 'cntchkGR' => 'Greece', 'cntchkGT' => 'Guatemala', 'cntchkGU' => 'Guam', 'cntchkGY' => 'Guyana', 'cntchkHK' => 'Hong Kong', 'cntchkHN' => 'Honduras', 'cntchkHR' => 'Croatia', 'cntchkHT' => 'Haiti', 'cntchkHU' => 'Hungary', 'cntchkID' => 'Indonesia', 'cntchkIE' => 'Ireland', 'cntchkIL' => 'Israel', 'cntchkIN' => 'India', 'cntchkIQ' => 'Iraq', 'cntchkIR' => 'Iran, Islamic Republic Of', 'cntchkIS' => 'Iceland', 'cntchkIT' => 'Italy', 'cntchkJM' => 'Jamaica', 'cntchkJO' => 'Jordan', 'cntchkJP' => 'Japan', 'cntchkKE' => 'Kenya', 'cntchkKG' => 'Kyrgyzstan', 'cntchkKH' => 'Cambodia', 'cntchkKR' => 'Korea', 'cntchkKW' => 'Kuwait', 'cntchkKY' => 'Cayman Islands', 'cntchkKZ' => 'Kazakhstan', 'cntchkLA' => "Lao People's Democratic Republic", 'cntchkLB' => 'Lebanon', 'cntchkLK' => 'Sri Lanka', 'cntchkLT' => 'Lithuania', 'cntchkLU' => 'Luxembourg', 'cntchkLV' => 'Latvia', 'cntchkMD' => 'Moldova', 'cntchkME' => 'Montenegro', 'cntchkMK' => 'Macedonia', 'cntchkMM' => 'Myanmar', 'cntchkMN' => 'Mongolia', 'cntchkMO' => 'Macao', 'cntchkMP' => 'Northern Mariana Islands', 'cntchkMQ' => 'Martinique', 'cntchkMT' => 'Malta', 'cntchkMV' => 'Maldives', 'cntchkMX' => 'Mexico', 'cntchkMY' => 'Malaysia', 'cntchkNC' => 'New Caledonia', 'cntchkNI' => 'Nicaragua', 'cntchkNL' => 'Netherlands', 'cntchkNO' => 'Norway', 'cntchkNP' => 'Nepal', 'cntchkNZ' => 'New Zealand', 'cntchkOM' => 'Oman', 'cntchkPA' => 'Panama', 'cntchkPE' => 'Peru', 'cntchkPG' => 'Papua New Guinea', 'cntchkPH' => 'Philippines', 'cntchkPK' => 'Pakistan', 'cntchkPL' => 'Poland', 'cntchkPR' => 'Puerto Rico', 'cntchkPS' => 'Palestinian Territory, Occupied', 'cntchkPT' => 'Portugal', 'cntchkPW' => 'Palau', 'cntchkPY' => 'Paraguay', 'cntchkQA' => 'Qatar', 'cntchkRO' => 'Romania', 'cntchkRS' => 'Serbia', 'cntchkRU' => 'Russian Federation', 'cntchkSA' => 'Saudi Arabia', 'cntchkSC' => 'Seychelles', 'cntchkSE' => 'Sweden', 'cntchkSG' => 'Singapore', 'cntchkSI' => 'Slovenia', 'cntchkSK' => 'Slovakia', 'cntchkSV' => 'El Salvador', 'cntchkSX' => 'Sint Maarten', 'cntchkSY' => 'Syrian Arab Republic', 'cntchkTH' => 'Thailand', 'cntchkTJ' => 'Tajikistan', 'cntchkTM' => 'Turkmenistan', 'cntchkTR' => 'Turkey', 'cntchkTT' => 'Trinidad And Tobago', 'cntchkTW' => 'Taiwan', 'cntchkUA' => 'Ukraine', 'cntchkUK' => 'United Kingdom', 'cntchkUS' => 'United States', 'cntchkUY' => 'Uruguay', 'cntchkUZ' => 'Uzbekistan', 'cntchkVC' => 'Saint Vincent And Grenadines', 'cntchkVE' => 'Venezuela', 'cntchkVN' => 'Viet Nam', 'cntchkYE' => 'Yemen', 'cntcap' => 'Passed Captcha', 'cntncap' => 'failed Captcha', 'cntpass' => 'Total Pass'); $message = ""; $nonce = ''; if (array_key_exists('kpg_stop_spammers_control', $_POST)) { $nonce = $_POST['kpg_stop_spammers_control']; } if (wp_verify_nonce($nonce, 'kpgstopspam_update')) { if (array_key_exists('clear', $_POST)) { foreach ($counters as $v1 => $v2) { $stats[$v1] = 0; } $addonstats = array(); $stats['addonstats'] = $addonstats; $msg = "Summary Cleared"; kpg_ss_set_stats($stats); extract($stats);
public function process($ip, &$stats = array(), &$options = array(), &$post = array()) { // it looks like I am not getting my stats and options correctly //sfs_debug_msg('Made it into challenge'); $ip = kpg_get_ip(); $stats = kpg_ss_get_stats(); $options = kpg_ss_get_options(); //$post=get_post_variables(); /* page is HEADER, Allow List Request, Captchas and then a button Processing is 1) check for response from from 2) else display form. */ // display deny message and captcha if set. // first, check to see if they should be redirected if ($options['redir'] == 'Y' && !empty($options['redirurl'])) { //sfs_debug_msg('Redir?'); header('HTTP/1.1 307 Moved'); header('Status: 307 Moved'); header("location: " . $options['redirurl']); exit; } extract($options); $ke = ''; $km = ''; $kr = ''; $ka = ''; $kp = ''; // serialized post // step 1 look for form response // nonce is in a field named kn - this is not to confuse with other forms that may be coming in $nonce = ''; $msg = ''; // this is the body message for failed captchas, notifies and requests if (!empty($_POST) && array_key_exists('kn', $_POST)) { //sfs_debug_msg('second time'); $nonce = $_POST['kn']; // get the post items if (array_key_exists('ke', $_POST)) { $ke = sanitize_text_field($_POST['ke']); } if (array_key_exists('km', $_POST)) { $km = sanitize_text_field($_POST['km']); } if (strlen($km) > 80) { $km = substr($km, 0, 77) . '...'; } if (array_key_exists('kr', $_POST)) { $kr = sanitize_text_field($_POST['kr']); } if (array_key_exists('ka', $_POST)) { $ka = sanitize_text_field($_POST['ka']); } if (array_key_exists('kp', $_POST)) { $kp = $_POST['kp']; } // serialized post if (!empty($nonce) && wp_verify_nonce($nonce, 'kpg_stopspam_deny')) { //sfs_debug_msg('nonce is good'); // have a form return. //1) to see if the allow by request has been triggered $emailsent = $this->kpg_ss_send_email($options); //2) see if we should add to the allow list $allowset = false; if ($wlreq == 'Y') { // allow things to added to allow list $allowset = $this->kpg_ss_add_allow($ip, $options, $stats, $post, $post); } // now the captcha settings $msg = "Thank you,<br>"; if ($emailsent) { $msg .= "The blog master has been notified by email.<br>"; } if ($allowset) { $msg .= "You request has been recorded.<br>"; } if (empty($chkcaptcha) || $chkcaptcha == 'N') { // send out the thank you message wp_die($msg, "Stop Spammers", array('response' => 200)); exit; } // they submitted a captcha switch ($chkcaptcha) { case 'Y': // open captcha if (array_key_exists('img', $_POST) && !empty($_POST['img']) && !empty($_POST['code'])) { //sfs_debug_msg('open capcha 2'); // validate open captcha $fff = 'http://www.opencaptcha.com/validate.php?ans='; $fff .= sanitize_text_field($_POST['code']); $fff .= '&img='; $fff .= sanitize_text_field($_POST['img']); $sn = kpg_read_file($fff); if ($sn == 'pass') { // restore the post //$kp=base64_encode(serialize($_POST)); $_POST = unserialize(base64_decode($kp)); ////sfs_debug_msg("trying to return the post to the comments program".print_r($_POST,true)); // success add to cache kpg_ss_log_good($ip, 'passed open captcha', 'pass'); do_action('kpg_stop_spam_OK', $ip, $post); // So plugins can undo spam report return false; } else { $msg = "Open Captcha entry does not match, try again."; } } break; case 'G': if (array_key_exists('recaptcha', $_POST) && !empty($_POST['recaptcha']) && array_key_exists('g-recaptcha-response', $_POST)) { // check recaptcha $recaptchaapisecret = $options['recaptchaapisecret']; $recaptchaapisite = $options['recaptchaapisite']; if (empty($recaptchaapisecret) || empty($recaptchaapisite)) { $msg = "Recaptcha Keys are not set."; } else { $g = $_REQUEST['g-recaptcha-response']; //$url="https://www.google.com/recaptcha/api/siteverify"; $url = "https://www.google.com/recaptcha/api/siteverify?secret={$recaptchaapisecret}&response={$g}&remoteip={$ip}"; $resp = kpg_read_file($url); ////sfs_debug_msg("recaptcha '$g', '$ip' '$resp' - \r\n".print_r($_POST,true)); if (strpos($resp, '"success": true') !== false) { // found success //$kp=base64_encode(serialize($_POST)); $_POST = unserialize(base64_decode($kp)); ////sfs_debug_msg("trying to return the post to the comments program".print_r($_POST,true)); // success add to cache kpg_ss_log_good($ip, 'passed recaptcha', 'pass'); do_action('kpg_stop_spam_OK', $ip, $post); // So plugins can undo spam report return false; } else { $msg = "Google reCaptcha entry does not match, try again"; } } } break; case 'S': if (array_key_exists('adcopy_challenge', $_POST) && !empty($_POST['adcopy_challenge'])) { // solve media $solvmediaapivchallenge = $options['solvmediaapivchallenge']; $solvmediaapiverify = $options['solvmediaapiverify']; $adcopy_challenge = $_REQUEST['adcopy_challenge']; $adcopy_response = $_REQUEST['adcopy_response']; //$ip='127.0.0.1'; $postdata = http_build_query(array('privatekey' => $solvmediaapiverify, 'challenge' => $adcopy_challenge, 'response' => $adcopy_response, 'remoteip' => $ip)); $opts = array('http' => array('method' => 'POST', 'header' => 'Content-type: application/x-www-form-urlencoded', 'content' => $postdata)); //$context = stream_context_create($opts); // need to rewrite this post with the wp class /********************************************** try to use the sp function **********************************************/ $body = array('privatekey' => $solvmediaapiverify, 'challenge' => $adcopy_challenge, 'response' => $adcopy_response, 'remoteip' => $ip); $args = array('user-agent' => 'WordPress/' . '4.2' . '; ' . get_bloginfo('url'), 'blocking' => true, 'headers' => array('Content-type: application/x-www-form-urlencoded'), 'method' => 'POST', 'timeout' => 45, 'redirection' => 5, 'httpversion' => '1.0', 'body' => $body, 'cookies' => array()); $url = 'http://verify.solvemedia.com/papi/verify/'; $resultarray = wp_remote_post($url, $args); $result = $resultarray['body']; //$result = //file_get_contents('http://verify.solvemedia.com/papi/verify/', //false, $context); if (strpos($result, 'true') !== false) { $_POST = unserialize(base64_decode($kp)); ////sfs_debug_msg("trying to return the post to the comments program".print_r($_POST,true)); // success add to cache kpg_ss_log_good($ip, 'passed open captcha', 'pass'); do_action('kpg_stop_spam_OK', $ip, $post); // So plugins can undo spam report return false; } else { $msg = "Captcha entry does not match, try again"; } } break; case 'A': if (array_key_exists('nums', $_POST) && !empty($_POST['nums'])) { // simple arithmetic - at lease it is different for each website and changes occasionally $seed = 5; $spdate = $stats['spdate']; if (!empty($spdate)) { $seed = strtotime($spdate); } $nums = really_clean(sanitize_text_field($_POST['nums'])); $nums += $seed; $sum = really_clean(sanitize_text_field($_POST['sum'])); if ($sum == $nums) { $_POST = unserialize(base64_decode($kp)); ////sfs_debug_msg("trying to return the post to the comments program".print_r($_POST,true)); // success add to cache kpg_ss_log_good($ip, 'passed open captcha', 'pass'); do_action('kpg_stop_spam_OK', $ip, $post); // So plugins can undo spam report return false; } else { $msg = "Your arithmetic sucks, try again"; } } break; case 'F': // future - more free captchas break; } } // nonce check - not a valid nonce on form submit yet the value is there - what do we do? //sfs_debug_msg('leaving second time'); } else { // first time through //print_r($post); //print_r($_POST); $ke = $post['email']; $km = ''; $kr = ""; //if (array_key_exists('reason',$post)) $kr=$post['reason']; $ka = $post['author']; $kp = base64_encode(serialize($_POST)); //sfs_debug_msg('first time getting post stuff'); } //sfs_debug_msg('creating form data'); // made it here - we display the screens $knonce = wp_create_nonce('kpg_stopspam_deny'); // this may be the second time through $formtop = ''; if (!empty($msg)) { $msg = "\r\n<br><span style=\"color:red;\"> {$msg} </span><hr/>\r\n"; } $formtop .= "\r\n<form action=\"\" method=\"post\" >\r\n<input type=\"hidden\" name=\"kn\" value=\"{$knonce}\">\r\n<input type=\"hidden\" name=\"kpg_deny\" value=\"{$chkcaptcha}\">\r\n<input type=\"hidden\" name=\"kp\" value=\"{$kp}\">\r\n<input type=\"hidden\" name=\"kr\" value=\"{$kr}\">\r\n<input type=\"hidden\" name=\"ka\" value=\"{$ka}\">\r\n"; $formbot = "\r\n<input type=\"submit\" value=\"Press to continue\">\r\n\r\n</form>\r\n\r\n"; $not = ''; if ($wlreq == 'Y') { // halfhearted attempt to hide which field is the email field. $not = "\r\n<fieldset style=\"border:thin solid black;padding:6px;width:100%;\">\r\n<legend><span style=\"font-weight:bold;font-size:1.2em\" >Allow Request</span></legend>\r\n<p>You have been blocked from entering information on this blog. In order to prevent this from happening in the future you\r\nmay ask the owner to add your network address to a list that allows you full access.</p>\r\n<p>Please enter your <b>e</b><b>ma</b><b>il</b> <b>add</b><b>re</b><b>ss</b> and a short note requesting access here</p>\r\n<span style=\"color:FFFEFF;\">e</span>-<span style=\"color:FFFDFF;\">ma</span>il for contact(required)<!-- not the message -->: <input type=\"text\" value=\"\" name=\"ke\"><br>\r\nmessage <!-- not email -->:<br><textarea name=\"km\"></textarea>\r\n</fieldset>\r\n"; } $captop = "\r\n<fieldset style=\"border:thin solid black;padding:6px;width:100%;\">\r\n<legend><span style=\"font-weight:bold;font-size:1.2em\" >Please prove you are not a Robot</span></legend>\r\n\t\r\n\t\r\n"; $capbot = "\r\n</fieldset>\r\n"; // now the captchas $cap = ''; switch ($chkcaptcha) { case 'Y': $date = date("Ymd"); $rand = rand(0, 9999999999999); $height = "80"; $width = "240"; $img = "{$date}{$rand}-{$height}-{$width}.jpgx"; $imgloc = 'http://www.opencaptcha.com/img/'; $root = site_url(); $imgloc = site_url() . '?ocimg='; //http://localhost/wordpress?ocimg=20150410628305005-80-240.jpgx $cap = "\r\n<br>\r\n<hr/>\r\n<img src='{$imgloc}{$img}' height='{$height}' alt='captcha' width='{$width}' border='0' />\r\n<input type='hidden' name='img' value='{$img}'><br>\r\nEnter the code: <input type=text name=code value='' size='35' />\r\n"; break; case 'G': // recaptcha $recaptchaapisite = $options['recaptchaapisite']; $cap = "\r\n\t\t\t<script src=\"https://www.google.com/recaptcha/api.js\" async defer></script>\r\n\r\n\t\t\t<input type=\"hidden\" name=\"recaptcha\" value=\"recaptcha\">\r\n<div class=\"g-recaptcha\" data-sitekey=\"{$recaptchaapisite}\"></div>\r\n\r\n\r\n"; break; case 'S': $solvmediaapivchallenge = $options['solvmediaapivchallenge']; $cap = "\r\n\t\t\t<script type=\"text/javascript\"\r\n\tsrc=\"http://api.solvemedia.com/papi/challenge.script?k={$solvmediaapivchallenge}\">\r\n</script>\r\n\r\n<noscript>\r\n\t<iframe src=\"http://api.solvemedia.com/papi/challenge.noscript?k={$solvmediaapivchallenge}\"\r\n\theight=\"300\" width=\"500\" frameborder=\"0\"></iframe><br/>\r\n\t<textarea name=\"adcopy_challenge\" rows=\"3\" cols=\"40\">\r\n\t</textarea>\r\n\t<input type=\"hidden\" name=\"adcopy_response\" value=\"manual_challenge\"/>\r\n</noscript><br>\r\n"; break; case 'A': // arithmetic $n1 = rand(1, 9); $n2 = rand(1, 9); // try a much more nteresting way that can't be generalized // use the "since" date from stats $seed = 5; $spdate = $stats['spdate']; if (!empty($spdate)) { $seed = strtotime($spdate); } $stupid = $n1 + $n2 - $seed; $cap = "\r\n<P>Enter the SUM of these two numbers: <span style=\"size:4em;font-weight:bold;\">{$n1} + {$n2}</span><br>\r\n<input name=\"sum\" value=\"\" type=\"text\">\r\n<input type=\"hidden\" name=\"nums\" value=\"{$stupid}\"><br>\r\n<input type=\"submit\" value=\"Press to continue\">\r\n\r\n\r\n"; break; case 'F': // future // future default: $captop = ''; $capbot = ''; $cap = ''; break; } // have a display // need to send it to the display if (empty($msg)) { $msg = $rejectmessage; } $ansa = "\r\n\t\t{$msg}\r\n\t\t{$formtop}\r\n\t\t{$not}\r\n\t\t{$captop}\r\n\t\t{$cap}\r\n\t\t{$capbot}\r\n\t\t{$formbot}\r\n\t\t"; wp_die($ansa, "Stop Spammers", array('response' => 200)); exit; }
function kpg_ss_check_white_block() { sfs_errorsonoff(); $options = kpg_ss_get_options(); $stats = kpg_ss_get_stats(); $post = get_post_variables(); $post['block'] = true; $ansa = be_load('kpg_ss_check_white', kpg_get_ip(), $stats, $options, $post); sfs_errorsonoff('off'); return $ansa; }
function sfs_handle_ajax_sfs_process_watch($data) { // anything in data? never // get the things out of the get // check for valid get if (!array_key_exists('func', $_GET)) { echo "func not found"; exit; } $trash = KPG_SS_PLUGIN_URL . 'images/trash.png'; $tdown = KPG_SS_PLUGIN_URL . 'images/tdown.png'; $tup = KPG_SS_PLUGIN_URL . 'images/tup.png'; // fix this $whois = KPG_SS_PLUGIN_URL . 'images/whois.png'; // fix this $ip = $_GET['ip']; $container = $_GET['cont']; $func = $_GET['func']; //echo "error $ip, $func, $container,".print_r($_GET,true);exit(); // container is blank, goodips, badips or log // func is add_black, add_white, delete_gcache or delete_bcache $options = kpg_ss_get_options(); $stats = kpg_ss_get_stats(); //$stats,$options); $ansa = array(); switch ($func) { case 'delete_gcache': // deletes a good cache item $ansa = be_load('kpg_ss_remove_gcache', $ip, $stats, $options); $show = be_load('kpg_ss_get_gcache', 'x', $stats, $options); echo $show; exit; break; case 'delete_bcache': // deletes a bad cache item $ansa = be_load('kpg_ss_remove_bcache', $ip, $stats, $options); $show = be_load('kpg_ss_get_bcache', 'x', $stats, $options); echo $show; exit; break; case 'add_black': if ($container == 'badips') { be_load('kpg_ss_remove_bcache', $ip, $stats, $options); } else { if ($container == 'goodips') { be_load('kpg_ss_remove_gcache', $ip, $stats, $options); } else { // wlreq be_load('kpg_ss_remove_bcache', $ip, $stats, $options); be_load('kpg_ss_remove_gcache', $ip, $stats, $options); } } be_load('kpg_ss_addtodenylist', $ip, $stats, $options); break; case 'add_white': if ($container == 'badips') { be_load('kpg_ss_remove_bcache', $ip, $stats, $options); } else { if ($container == 'goodips') { be_load('kpg_ss_remove_gcache', $ip, $stats, $options); } else { be_load('kpg_ss_remove_bcache', $ip, $stats, $options); be_load('kpg_ss_remove_gcache', $ip, $stats, $options); } } be_load('kpg_ss_addtoallowlist', $ip, $stats, $options); // if it is not good or bad ip we don't need the container as it is the log break; case 'delete_wl_row': // this is from the allow request list $ansa = be_load('kpg_ss_get_alreq', $ip, $stats, $options); echo $ansa; exit; break; case 'delete_wlip': // this is from the allow request list $ansa = be_load('kpg_ss_get_alreq', $ip, $stats, $options); echo $ansa; exit; break; case 'delete_wlem': // this is from the allow request list $ansa = be_load('kpg_ss_get_alreq', $ip, $stats, $options); echo $ansa; exit; break; default: echo "\r\n\r\nUnrecognized function '{$func}'"; exit; } $ajaxurl = admin_url('admin-ajax.php'); $cachedel = 'delete_gcache'; switch ($container) { case 'badips': $show = be_load('kpg_ss_get_bcache', 'x', $stats, $options); echo $show; exit; break; case 'goodips': $show = be_load('kpg_ss_get_gcache', 'x', $stats, $options); echo $show; exit; break; case 'wlreq': $ansa = be_load('kpg_ss_get_alreq', $ip, $stats, $options); echo $ansa; exit; default: // coming from logs report we need to display an appropriate message, I think echo "OK OK OK something is missing {$container} "; exit; } }
function kpg_ss_user_reg_filter($user_login) { // the plugin should be all initialized // check the ip, etc. sfs_errorsonoff(); $options = kpg_ss_get_options(); $stats = kpg_ss_get_stats(); // fake out the post variables $post = get_post_variables(); $post['author'] = $user_login; $post['addon'] = 'chkRegister'; // no really an addon - but may be moved out when working. if ($options['filterregistrations'] != 'Y') { remove_filter('pre_user_login', kpg_ss_user_reg_filter, 1); sfs_errorsonoff('off'); return $user_login; } // if the suspect is already in the bad cache he does not get a second chance? // prevents looping $reason = be_load('chkbcache', kpg_get_ip(), $stats, $options, $post); sfs_errorsonoff(); if ($reason !== false) { $rejectmessage = $options['rejectmessage']; $post['reason'] = 'Failed Registration: bad cache'; $host['chk'] = 'chkbcache'; $ansa = be_load('kpg_ss_log_bad', kpg_get_ip(), $stats, $options, $post); wp_die("{$rejectmessage}", "Login Access Denied", array('response' => 403)); exit; } // check the white list $reason = kpg_ss_check_white(); sfs_errorsonoff(); if ($reason !== false) { $post['reason'] = 'passed registration:' . $reason; $ansa = be_load('kpg_ss_log_good', kpg_get_ip(), $stats, $options, $post); sfs_errorsonoff('off'); return $user_login; } // check the black list //sfs_debug_msg("Checking black list on registration: /r/n".print_r($post,true)); $ret = be_load('kpg_ss_check_post', kpg_get_ip(), $stats, $options, $post); $post['reason'] = 'Passed Registration ' . $ret; $ansa = be_load('kpg_ss_log_good', kpg_get_ip(), $stats, $options, $post); return $user_login; }