public function process($ip, &$stats = array(), &$options = array(), &$post = array())
{
$email = $post['email'];
//$p=print_r($post,true);
//if ($post['email']=='*****@*****.**') {
//return false; // use to test plugin
//}
// can't ever block local server because of cron jobs
$ip = kpg_get_ip();
// we are losing ip occasionally
// for addons
$addons = array();
$addons = apply_filters('kpg_ss_addons_allow', $addons);
// these are the allow before addons
// returns array
//[0]=class location,[1]=class name (also used as counter),[2]=addon name,
//[3]=addon author, [4]=addon description
if (!empty($addons) && is_array($addons)) {
foreach ($addons as $add) {
if (!empty($add) && is_array($add)) {
$reason = be_load($add);
if ($reason !== false) {
// need to log a passed hit on post here.
kpg_ss_log_good(kpg_get_ip(), $reason, $add[1], $add);
// aded get ip because it might be altered
return $reason;
}
}
}
}
// checks the list of Allow List items according to the options being set
// if cloudflare or ip is local then the deny tests for ips are not done.
$actions = array('chkcloudflare', 'chkadminlog', 'chkaws', 'chkgcache', 'chkgenallowlist', 'chkgoogle', 'chkmiscallowlist', 'chkpaypal', 'chkscripts', 'chkwlem', 'chkwluserid', 'chkwlist', 'chkyahoomerchant');
foreach ($actions as $chk) {
if ($options[$chk] == 'Y') {
$reason = be_load($chk, kpg_get_ip(), $stats, $options, $post);
if ($reason !== false) {
// need to log a passed hit on post here.
kpg_ss_log_good(kpg_get_ip(), $reason, $chk);
return $reason;
}
} else {
//sfs_debug_msg('no wl check '.$chk);
}
}
// these are the allow after addons
// returns array
//[0]=class location,[1]=class name (also used as counter),[2]=addon name,
//[3]=addon author, [4]=addon description
return false;
}
public function process($ip, &$stats = array(), &$options = array(), &$post = array())
{
// it looks like I am not getting my stats and options correctly
//sfs_debug_msg('Made it into challenge');
$ip = kpg_get_ip();
$stats = kpg_ss_get_stats();
$options = kpg_ss_get_options();
//$post=get_post_variables();
/*
page is HEADER, Allow List Request, Captchas and then a button
Processing is 1) check for response from from
2) else display form.
*/
// display deny message and captcha if set.
// first, check to see if they should be redirected
if ($options['redir'] == 'Y' && !empty($options['redirurl'])) {
//sfs_debug_msg('Redir?');
header('HTTP/1.1 307 Moved');
header('Status: 307 Moved');
header("location: " . $options['redirurl']);
exit;
}
extract($options);
$ke = '';
$km = '';
$kr = '';
$ka = '';
$kp = '';
// serialized post
// step 1 look for form response
// nonce is in a field named kn - this is not to confuse with other forms that may be coming in
$nonce = '';
$msg = '';
// this is the body message for failed captchas, notifies and requests
if (!empty($_POST) && array_key_exists('kn', $_POST)) {
//sfs_debug_msg('second time');
$nonce = $_POST['kn'];
// get the post items
if (array_key_exists('ke', $_POST)) {
$ke = sanitize_text_field($_POST['ke']);
}
if (array_key_exists('km', $_POST)) {
$km = sanitize_text_field($_POST['km']);
}
if (strlen($km) > 80) {
$km = substr($km, 0, 77) . '...';
}
if (array_key_exists('kr', $_POST)) {
$kr = sanitize_text_field($_POST['kr']);
}
if (array_key_exists('ka', $_POST)) {
$ka = sanitize_text_field($_POST['ka']);
}
if (array_key_exists('kp', $_POST)) {
$kp = $_POST['kp'];
}
// serialized post
if (!empty($nonce) && wp_verify_nonce($nonce, 'kpg_stopspam_deny')) {
//sfs_debug_msg('nonce is good');
// have a form return.
//1) to see if the allow by request has been triggered
$emailsent = $this->kpg_ss_send_email($options);
//2) see if we should add to the allow list
$allowset = false;
if ($wlreq == 'Y') {
// allow things to added to allow list
$allowset = $this->kpg_ss_add_allow($ip, $options, $stats, $post, $post);
}
// now the captcha settings
$msg = "Thank you,<br>";
if ($emailsent) {
$msg .= "The blog master has been notified by email.<br>";
}
if ($allowset) {
$msg .= "You request has been recorded.<br>";
}
if (empty($chkcaptcha) || $chkcaptcha == 'N') {
// send out the thank you message
wp_die($msg, "Stop Spammers", array('response' => 200));
exit;
}
// they submitted a captcha
switch ($chkcaptcha) {
case 'Y':
// open captcha
if (array_key_exists('img', $_POST) && !empty($_POST['img']) && !empty($_POST['code'])) {
//sfs_debug_msg('open capcha 2');
// validate open captcha
$fff = 'http://www.opencaptcha.com/validate.php?ans=';
$fff .= sanitize_text_field($_POST['code']);
$fff .= '&img=';
$fff .= sanitize_text_field($_POST['img']);
$sn = kpg_read_file($fff);
if ($sn == 'pass') {
// restore the post
//$kp=base64_encode(serialize($_POST));
$_POST = unserialize(base64_decode($kp));
////sfs_debug_msg("trying to return the post to the comments program".print_r($_POST,true));
// success add to cache
kpg_ss_log_good($ip, 'passed open captcha', 'pass');
do_action('kpg_stop_spam_OK', $ip, $post);
// So plugins can undo spam report
return false;
} else {
$msg = "Open Captcha entry does not match, try again.";
}
}
break;
case 'G':
if (array_key_exists('recaptcha', $_POST) && !empty($_POST['recaptcha']) && array_key_exists('g-recaptcha-response', $_POST)) {
// check recaptcha
$recaptchaapisecret = $options['recaptchaapisecret'];
$recaptchaapisite = $options['recaptchaapisite'];
if (empty($recaptchaapisecret) || empty($recaptchaapisite)) {
$msg = "Recaptcha Keys are not set.";
} else {
$g = $_REQUEST['g-recaptcha-response'];
//$url="https://www.google.com/recaptcha/api/siteverify";
$url = "https://www.google.com/recaptcha/api/siteverify?secret={$recaptchaapisecret}&response={$g}&remoteip={$ip}";
$resp = kpg_read_file($url);
////sfs_debug_msg("recaptcha '$g', '$ip' '$resp' - \r\n".print_r($_POST,true));
if (strpos($resp, '"success": true') !== false) {
// found success
//$kp=base64_encode(serialize($_POST));
$_POST = unserialize(base64_decode($kp));
////sfs_debug_msg("trying to return the post to the comments program".print_r($_POST,true));
// success add to cache
kpg_ss_log_good($ip, 'passed recaptcha', 'pass');
do_action('kpg_stop_spam_OK', $ip, $post);
// So plugins can undo spam report
return false;
} else {
$msg = "Google reCaptcha entry does not match, try again";
}
}
}
break;
case 'S':
if (array_key_exists('adcopy_challenge', $_POST) && !empty($_POST['adcopy_challenge'])) {
// solve media
$solvmediaapivchallenge = $options['solvmediaapivchallenge'];
$solvmediaapiverify = $options['solvmediaapiverify'];
$adcopy_challenge = $_REQUEST['adcopy_challenge'];
$adcopy_response = $_REQUEST['adcopy_response'];
//$ip='127.0.0.1';
$postdata = http_build_query(array('privatekey' => $solvmediaapiverify, 'challenge' => $adcopy_challenge, 'response' => $adcopy_response, 'remoteip' => $ip));
$opts = array('http' => array('method' => 'POST', 'header' => 'Content-type: application/x-www-form-urlencoded', 'content' => $postdata));
//$context = stream_context_create($opts);
// need to rewrite this post with the wp class
/**********************************************
try to use the sp function
**********************************************/
$body = array('privatekey' => $solvmediaapiverify, 'challenge' => $adcopy_challenge, 'response' => $adcopy_response, 'remoteip' => $ip);
$args = array('user-agent' => 'WordPress/' . '4.2' . '; ' . get_bloginfo('url'), 'blocking' => true, 'headers' => array('Content-type: application/x-www-form-urlencoded'), 'method' => 'POST', 'timeout' => 45, 'redirection' => 5, 'httpversion' => '1.0', 'body' => $body, 'cookies' => array());
$url = 'http://verify.solvemedia.com/papi/verify/';
$resultarray = wp_remote_post($url, $args);
$result = $resultarray['body'];
//$result =
//file_get_contents('http://verify.solvemedia.com/papi/verify/',
//false, $context);
if (strpos($result, 'true') !== false) {
$_POST = unserialize(base64_decode($kp));
////sfs_debug_msg("trying to return the post to the comments program".print_r($_POST,true));
// success add to cache
kpg_ss_log_good($ip, 'passed open captcha', 'pass');
do_action('kpg_stop_spam_OK', $ip, $post);
// So plugins can undo spam report
return false;
} else {
$msg = "Captcha entry does not match, try again";
}
}
break;
case 'A':
if (array_key_exists('nums', $_POST) && !empty($_POST['nums'])) {
// simple arithmetic - at lease it is different for each website and changes occasionally
$seed = 5;
$spdate = $stats['spdate'];
if (!empty($spdate)) {
$seed = strtotime($spdate);
}
$nums = really_clean(sanitize_text_field($_POST['nums']));
$nums += $seed;
$sum = really_clean(sanitize_text_field($_POST['sum']));
if ($sum == $nums) {
$_POST = unserialize(base64_decode($kp));
////sfs_debug_msg("trying to return the post to the comments program".print_r($_POST,true));
// success add to cache
kpg_ss_log_good($ip, 'passed open captcha', 'pass');
do_action('kpg_stop_spam_OK', $ip, $post);
// So plugins can undo spam report
return false;
} else {
$msg = "Your arithmetic sucks, try again";
}
}
break;
case 'F':
// future - more free captchas
break;
}
}
// nonce check - not a valid nonce on form submit yet the value is there - what do we do?
//sfs_debug_msg('leaving second time');
} else {
// first time through
//print_r($post);
//print_r($_POST);
$ke = $post['email'];
$km = '';
$kr = "";
//if (array_key_exists('reason',$post)) $kr=$post['reason'];
$ka = $post['author'];
$kp = base64_encode(serialize($_POST));
//sfs_debug_msg('first time getting post stuff');
}
//sfs_debug_msg('creating form data');
// made it here - we display the screens
$knonce = wp_create_nonce('kpg_stopspam_deny');
// this may be the second time through
$formtop = '';
if (!empty($msg)) {
$msg = "\r\n<br><span style=\"color:red;\"> {$msg} </span><hr/>\r\n";
}
$formtop .= "\r\n<form action=\"\" method=\"post\" >\r\n<input type=\"hidden\" name=\"kn\" value=\"{$knonce}\">\r\n<input type=\"hidden\" name=\"kpg_deny\" value=\"{$chkcaptcha}\">\r\n<input type=\"hidden\" name=\"kp\" value=\"{$kp}\">\r\n<input type=\"hidden\" name=\"kr\" value=\"{$kr}\">\r\n<input type=\"hidden\" name=\"ka\" value=\"{$ka}\">\r\n";
$formbot = "\r\n<input type=\"submit\" value=\"Press to continue\">\r\n\r\n</form>\r\n\r\n";
$not = '';
if ($wlreq == 'Y') {
// halfhearted attempt to hide which field is the email field.
$not = "\r\n<fieldset style=\"border:thin solid black;padding:6px;width:100%;\">\r\n<legend><span style=\"font-weight:bold;font-size:1.2em\" >Allow Request</span></legend>\r\n<p>You have been blocked from entering information on this blog. In order to prevent this from happening in the future you\r\nmay ask the owner to add your network address to a list that allows you full access.</p>\r\n<p>Please enter your <b>e</b><b>ma</b><b>il</b> <b>add</b><b>re</b><b>ss</b> and a short note requesting access here</p>\r\n<span style=\"color:FFFEFF;\">e</span>-<span style=\"color:FFFDFF;\">ma</span>il for contact(required)<!-- not the message -->: <input type=\"text\" value=\"\" name=\"ke\"><br>\r\nmessage <!-- not email -->:<br><textarea name=\"km\"></textarea>\r\n</fieldset>\r\n";
}
$captop = "\r\n<fieldset style=\"border:thin solid black;padding:6px;width:100%;\">\r\n<legend><span style=\"font-weight:bold;font-size:1.2em\" >Please prove you are not a Robot</span></legend>\r\n\t\r\n\t\r\n";
$capbot = "\r\n</fieldset>\r\n";
// now the captchas
$cap = '';
switch ($chkcaptcha) {
case 'Y':
$date = date("Ymd");
$rand = rand(0, 9999999999999);
$height = "80";
$width = "240";
$img = "{$date}{$rand}-{$height}-{$width}.jpgx";
$imgloc = 'http://www.opencaptcha.com/img/';
$root = site_url();
$imgloc = site_url() . '?ocimg=';
//http://localhost/wordpress?ocimg=20150410628305005-80-240.jpgx
$cap = "\r\n<br>\r\n<hr/>\r\n<img src='{$imgloc}{$img}' height='{$height}' alt='captcha' width='{$width}' border='0' />\r\n<input type='hidden' name='img' value='{$img}'><br>\r\nEnter the code: <input type=text name=code value='' size='35' />\r\n";
break;
case 'G':
// recaptcha
$recaptchaapisite = $options['recaptchaapisite'];
$cap = "\r\n\t\t\t<script src=\"https://www.google.com/recaptcha/api.js\" async defer></script>\r\n\r\n\t\t\t<input type=\"hidden\" name=\"recaptcha\" value=\"recaptcha\">\r\n<div class=\"g-recaptcha\" data-sitekey=\"{$recaptchaapisite}\"></div>\r\n\r\n\r\n";
break;
case 'S':
$solvmediaapivchallenge = $options['solvmediaapivchallenge'];
$cap = "\r\n\t\t\t<script type=\"text/javascript\"\r\n\tsrc=\"http://api.solvemedia.com/papi/challenge.script?k={$solvmediaapivchallenge}\">\r\n</script>\r\n\r\n<noscript>\r\n\t<iframe src=\"http://api.solvemedia.com/papi/challenge.noscript?k={$solvmediaapivchallenge}\"\r\n\theight=\"300\" width=\"500\" frameborder=\"0\"></iframe><br/>\r\n\t<textarea name=\"adcopy_challenge\" rows=\"3\" cols=\"40\">\r\n\t</textarea>\r\n\t<input type=\"hidden\" name=\"adcopy_response\" value=\"manual_challenge\"/>\r\n</noscript><br>\r\n";
break;
case 'A':
// arithmetic
$n1 = rand(1, 9);
$n2 = rand(1, 9);
// try a much more nteresting way that can't be generalized
// use the "since" date from stats
$seed = 5;
$spdate = $stats['spdate'];
if (!empty($spdate)) {
$seed = strtotime($spdate);
}
$stupid = $n1 + $n2 - $seed;
$cap = "\r\n<P>Enter the SUM of these two numbers: <span style=\"size:4em;font-weight:bold;\">{$n1} + {$n2}</span><br>\r\n<input name=\"sum\" value=\"\" type=\"text\">\r\n<input type=\"hidden\" name=\"nums\" value=\"{$stupid}\"><br>\r\n<input type=\"submit\" value=\"Press to continue\">\r\n\r\n\r\n";
break;
case 'F':
// future
// future
default:
$captop = '';
$capbot = '';
$cap = '';
break;
}
// have a display
// need to send it to the display
if (empty($msg)) {
$msg = $rejectmessage;
}
$ansa = "\r\n\t\t{$msg}\r\n\t\t{$formtop}\r\n\t\t{$not}\r\n\t\t{$captop}\r\n\t\t{$cap}\r\n\t\t{$capbot}\r\n\t\t{$formbot}\r\n\t\t";
wp_die($ansa, "Stop Spammers", array('response' => 200));
exit;
}
