function spamshield_check_new_user($errors = NULL, $user_login = NULL, $user_email = NULL)
{
    /* Error checking for new user registration */
    if (spamshield_is_woocom_enabled()) {
        /* Check if we're on a WooCommerce Checkout Page */
        if (isset($_GET['action']) && $_GET['action'] == 'woocommerce_checkout') {
            return $errors;
        }
        $ecom_urls = array('/checkout/');
        foreach ($ecom_urls as $k => $u) {
            if (strpos($_SERVER['REQUEST_URI'], $u) !== FALSE) {
                return $errors;
            }
        }
    } elseif (spamshield_is_ecom_enabled()) {
        /* Check if we're on another e-commerce Checkout or Shopping Cart Page */
        $ecom_urls = array('/checkout/', '/store/', '/shop/', '/cart/');
        foreach ($ecom_urls as $k => $u) {
            if (strpos($_SERVER['REQUEST_URI'], $u) !== FALSE) {
                return $errors;
            }
        }
    }
    $spamshield_options = get_option('spamshield_options');
    /* Check if registration spam shield is disabled - Added in 1.6.9 */
    if (!empty($spamshield_options['registration_shield_disable'])) {
        return $errors;
    }
    $reg_filter_status = $wpss_error_code = $log_pref = '';
    $reg_jsck_error = $reg_badrobot_error = $buddypress_status = $wc_status = $s2member_status = $wpmembers_status = FALSE;
    $ns_val = 'NS3';
    $pref = 'R-';
    $errors_3p = array();
    /* Error array for 3rd party plugins that don't follow WordPress standards for registration processing: BuddyPress, ... */
    $error_txt = spamshield_error_txt();
    if (empty($user_login) && isset($_POST['signup_username'])) {
        $user_login = spamshield_casetrans('lower', trim(wp_unslash($_POST['signup_username'])));
        $buddypress_status = TRUE;
        $log_pref = 'bp-';
    }
    if (empty($user_email) && isset($_POST['signup_email'])) {
        $user_email = spamshield_casetrans('lower', trim(wp_unslash($_POST['signup_email'])));
        $buddypress_status = TRUE;
        $log_pref = 'bp-';
    }
    global $wpss_wc_reg_inprog;
    if (!empty($wpss_wc_reg_inprog)) {
        $wc_status = TRUE;
        $log_pref = 'wc-';
    }
    if (defined('WS_PLUGIN__S2MEMBER_VERSION')) {
        $s2member_status = TRUE;
        $log_pref = 's2-';
    }
    if (defined('WPMEM_VERSION')) {
        $wpmembers_status = TRUE;
        $log_pref = 'wpm-';
    }
    if (TRUE == $wc_status) {
        $user_login = '';
        if (empty($user_login) && isset($_POST['username'])) {
            $user_login = spamshield_casetrans('lower', trim(wp_unslash($_POST['username'])));
        }
        if (empty($user_email) && isset($_POST['email'])) {
            $user_email = spamshield_casetrans('lower', trim(wp_unslash($_POST['email'])));
        }
    }
    $new_fields = array('first_name' => __('First Name', WPSS_PLUGIN_NAME), 'last_name' => __('Last Name', WPSS_PLUGIN_NAME), 'disp_name' => __('Display Name', WPSS_PLUGIN_NAME));
    $user_data = array();
    foreach ($new_fields as $k => $v) {
        if (isset($_POST[$k])) {
            $user_data[$k] = trim(wp_unslash($_POST[$k]));
        } else {
            $user_data[$k] = '';
        }
    }
    if (FALSE == $buddypress_status && FALSE == $wc_status && FALSE == $s2member_status) {
        /* Check New Fields for Blanks */
        foreach ($new_fields as $k => $v) {
            $k_uc = spamshield_casetrans('upper', $k);
            if (empty($_POST[$k])) {
                $errors->add('empty_' . $k, '<strong>' . $error_txt . ':</strong> ' . sprintf(__('Please enter your %s', WPSS_PLUGIN_NAME) . '.', $v));
                $wpss_error_code .= ' R-BLANK-' . $k_uc;
            }
        }
    }
    /* BAD ROBOT TEST - BEGIN */
    $bad_robot_filter_data = spamshield_bad_robot_blacklist_chk('register', $reg_filter_status, '', '', $user_data['disp_name'], $user_email);
    $reg_filter_status = $bad_robot_filter_data['status'];
    $bad_robot_blacklisted = $bad_robot_filter_data['blacklisted'];
    if (!empty($bad_robot_blacklisted)) {
        $wpss_error_code .= $bad_robot_filter_data['error_code'];
        $reg_badrobot_error = TRUE;
    }
    /* BAD ROBOT TEST - END */
    /* BAD ROBOTS */
    if ($reg_badrobot_error != FALSE) {
        $err_cod = 'badrobot_error';
        $err_msg = __('User registration is currently not allowed.');
        if (TRUE == $buddypress_status) {
            $errors_3p[$err_cod] = $err_msg;
        } else {
            $errors->add($err_cod, '<strong>' . $error_txt . ':</strong> ' . $err_msg);
        }
    }
    /* JS/COOKIES CHECK */
    $wpss_ck_key_bypass = $wpss_js_key_bypass = FALSE;
    $wpss_key_values = spamshield_get_key_values();
    extract($wpss_key_values);
    $wpss_jsck_cookie_val = !empty($_COOKIE[$wpss_ck_key]) ? $_COOKIE[$wpss_ck_key] : '';
    $wpss_jsck_field_val = !empty($_POST[$wpss_js_key]) ? $_POST[$wpss_js_key] : '';
    $wpss_jsck_jquery_val = !empty($_POST[$wpss_jq_key]) ? $_POST[$wpss_jq_key] : '';
    if (TRUE == WPSS_COMPAT_MODE) {
        /* 1.9.1 */
        $wpss_ck_key_bypass = TRUE;
    }
    if (FALSE == $wpss_ck_key_bypass) {
        /* 1.8.9 */
        /* If jscripts.php is disabled, these would be skipped - Compatibility Mode */
        if ($wpss_jsck_cookie_val != $wpss_ck_val) {
            $wpss_error_code .= ' ' . $pref . 'COOKIE-3';
            $reg_jsck_error = TRUE;
        }
        if ($wpss_jsck_jquery_val != $wpss_jq_val) {
            $wpss_error_code .= ' ' . $pref . 'JQHFT-3';
            $reg_jsck_error = TRUE;
        }
    }
    if (FALSE == $wpss_js_key_bypass) {
        if ($wpss_jsck_field_val != $wpss_js_val) {
            $wpss_error_code .= ' ' . $pref . 'FVFJS-3';
            $reg_jsck_error = TRUE;
        }
    }
    $post_jsonst = !empty($_POST[WPSS_JSONST]) ? trim($_POST[WPSS_JSONST]) : '';
    $post_jsonst_lc = spamshield_casetrans('lower', $post_jsonst);
    if (FALSE == $buddypress_status) {
        if ($post_jsonst_lc == 'ns1' || $post_jsonst_lc == 'ns2' || $post_jsonst_lc == 'ns3' || $post_jsonst_lc == 'ns4') {
            $wpss_error_code .= ' ' . $pref . 'JSONST-1000-3';
            $reg_jsck_error = TRUE;
        }
    }
    if ($reg_jsck_error != FALSE && $reg_badrobot_error != TRUE) {
        $err_cod = 'jsck_error';
        $err_msg = __('JavaScript and Cookies are required in order to register. Please be sure JavaScript and Cookies are enabled in your browser, and reload the page.', WPSS_PLUGIN_NAME);
        if (TRUE == $buddypress_status) {
            $errors_3p[$err_cod] = $err_msg;
        } else {
            $errors->add($err_cod, '<strong>' . $error_txt . ':</strong> ' . $err_msg);
        }
    }
    if (FALSE == $wc_status) {
        /* EMAIL BLACKLIST */
        if (spamshield_email_blacklist_chk($user_email)) {
            $wpss_error_code .= ' ' . $pref . '9200E-BL';
            if ($reg_badrobot_error != TRUE && $reg_jsck_error != TRUE) {
                $err_cod = 'blacklist_email_error';
                $err_msg = __('Sorry, that email address is not allowed!') . ' ' . __('Please enter a valid email address.');
                if (TRUE == $buddypress_status) {
                    $errors_3p[$err_cod] = $err_msg;
                } else {
                    $errors->add($err_cod, '<strong>' . $error_txt . ':</strong> ' . $err_msg);
                }
            }
        }
    }
    if (FALSE == $buddypress_status && FALSE == $wc_status && FALSE == $s2member_status) {
        /* AUTHOR KEYPHRASE BLACKLIST */
        foreach ($user_data as $k => $v) {
            $k_uc = spamshield_casetrans('upper', $k);
            if (($k == 'user_login' || $k == 'first_name' || $k == 'last_name' || $k == 'disp_name') && spamshield_anchortxt_blacklist_chk($v)) {
                $wpss_error_code .= ' ' . $pref . '10500A-BL-' . $k_uc;
                if ($reg_badrobot_error != TRUE && $reg_jsck_error != TRUE) {
                    $nfk = $new_fields[$k];
                    $errors->add('blacklist_' . $k . '_error', '<strong>' . $error_txt . ':</strong> ' . sprintf(__('"%1$s" appears to be spam. Please enter a different value in the <strong> %2$s </strong> field.', WPSS_PLUGIN_NAME), sanitize_text_field($v), $nfk));
                }
            }
        }
    }
    if (FALSE == $wc_status) {
        /* BLACKLISTED USER */
        if (empty($wpss_error_code) && spamshield_ubl_cache()) {
            $wpss_error_code .= ' ' . $pref . '0-BL';
            $err_cod = 'blacklisted_user_error';
            $err_msg = __('User registration is currently not allowed.');
            if (TRUE == $buddypress_status) {
                $errors_3p[$err_cod] = $err_msg;
            } else {
                $errors->add($err_cod, '<strong>' . $error_txt . ':</strong> ' . $err_msg);
            }
        }
    }
    /* Done with Tests */
    /* Now Log the Errors, if any */
    $post_ref2xjs = !empty($_POST[WPSS_REF2XJS]) ? trim($_POST[WPSS_REF2XJS]) : '';
    $post_ref2xjs_lc = spamshield_casetrans('lower', $post_ref2xjs);
    if (!empty($post_ref2xjs)) {
        $ref2xJS = spamshield_casetrans('lower', addslashes(urldecode($post_ref2xjs)));
        $ref2xJS = str_replace('%3a', ':', $ref2xJS);
        $ref2xJS = str_replace(' ', '+', $ref2xJS);
        $wpss_javascript_page_referrer = esc_url_raw($ref2xJS);
    } else {
        $wpss_javascript_page_referrer = '[None]';
    }
    if ($post_jsonst_lc == 'ns1' || $post_jsonst_lc == 'ns2' || $post_jsonst_lc == 'ns3' || $post_jsonst_lc == 'ns4') {
        $wpss_jsonst = $post_jsonst;
    } else {
        $wpss_jsonst = '[None]';
    }
    $user_id = 'None';
    /* Possibly change to '' */
    $register_author_data = array('display_name' => $user_data['disp_name'], 'user_firstname' => $user_data['first_name'], 'user_lastname' => $user_data['last_name'], 'user_email' => $user_email, 'user_login' => $user_login, 'ID' => $user_id, 'comment_author' => $user_data['disp_name'], 'comment_author_email' => $user_email, 'comment_author_url' => '', 'javascript_page_referrer' => $wpss_javascript_page_referrer, 'jsonst' => $wpss_jsonst);
    if (empty($register_author_data['comment_author']) && !empty($user_login)) {
        $register_author_data['comment_author'] = $user_login;
    }
    unset($wpss_javascript_page_referrer, $wpss_jsonst);
    $wpss_error_code = trim($wpss_error_code);
    if (!empty($wpss_error_code)) {
        if (TRUE == $buddypress_status) {
            $wpss_error_code = str_replace('R-', 'BPR-', $wpss_error_code);
        } elseif (TRUE == $wc_status) {
            $wpss_error_code = str_replace('R-', 'WCR-', $wpss_error_code);
        } elseif (TRUE == $s2member_status) {
            $wpss_error_code = str_replace('R-', 'S2R-', $wpss_error_code);
        } elseif (TRUE == $wpmembers_status) {
            $wpss_error_code = str_replace('R-', 'WPMR-', $wpss_error_code);
        }
        spamshield_update_accept_status($register_author_data, 'r', 'Line: ' . __LINE__, $wpss_error_code);
        spamshield_increment_reg_count();
        if (!empty($spamshield_options['comment_logging'])) {
            spamshield_log_data($register_author_data, $wpss_error_code, $log_pref . 'register');
        }
    } elseif (TRUE == $buddypress_status) {
        spamshield_update_accept_status($register_author_data, 'a', 'Line: ' . __LINE__);
        if (!empty($spamshield_options['comment_logging']) && !empty($spamshield_options['comment_logging_all'])) {
            spamshield_log_data($register_author_data, $wpss_error_code, $log_pref . 'register');
        }
    }
    /* Now return the error values, or output error message */
    if (TRUE == $wc_status) {
        $wpss_wc_reg_inprog = FALSE;
    }
    if (!empty($wpss_error_code)) {
        if (TRUE == $buddypress_status) {
            $error_msg = '';
            foreach ($errors_3p as $c => $m) {
                $error_msg .= '<strong>' . $error_txt . ':</strong> ' . $m . '<br /><br />' . "\n";
            }
            $args = array('response' => '403');
            wp_die($error_msg, '', $args);
        }
    } elseif (TRUE == $wc_status) {
        spamshield_update_accept_status($register_author_data, 'a', 'Line: ' . __LINE__);
        if (!empty($spamshield_options['comment_logging']) && !empty($spamshield_options['comment_logging_all'])) {
            spamshield_log_data($register_author_data, $wpss_error_code, $log_pref . 'register');
        }
    }
    return $errors;
}
Exemple #2
0
function spamshield_check_new_user($errors, $user_login, $user_email)
{
    /* Error checking for new user registration */
    $spamshield_options = get_option('spamshield_options');
    /* Check if registration spam shield is disabled - Added in 1.6.9 */
    if (!empty($spamshield_options['registration_shield_disable'])) {
        return $errors;
    }
    $reg_filter_status = $wpss_error_code = '';
    $reg_jsck_error = $reg_badrobot_error = FALSE;
    $ns_val = 'NS3';
    $pref = 'R-';
    $error_txt = spamshield_error_txt();
    $new_fields = array('first_name' => __('First Name', WPSS_PLUGIN_NAME), 'last_name' => __('Last Name', WPSS_PLUGIN_NAME), 'disp_name' => __('Display Name', WPSS_PLUGIN_NAME));
    $user_data = array();
    foreach ($new_fields as $k => $v) {
        if (isset($_POST[$k])) {
            $user_data[$k] = trim(wp_unslash($_POST[$k]));
        } else {
            $user_data[$k] = '';
        }
    }
    /* Check New Fields for Blanks */
    foreach ($new_fields as $k => $v) {
        $k_uc = spamshield_casetrans('upper', $k);
        if (empty($_POST[$k])) {
            $errors->add('empty_' . $k, '<strong>' . $error_txt . ':</strong> ' . sprintf(__('Please enter your %s', WPSS_PLUGIN_NAME) . '.', $v));
            $wpss_error_code .= ' R-BLANK-' . $k_uc;
        }
    }
    /* BAD ROBOT TEST - BEGIN */
    $bad_robot_filter_data = spamshield_bad_robot_blacklist_chk('register', $reg_filter_status, '', '', $user_data['disp_name'], $user_email);
    $reg_filter_status = $bad_robot_filter_data['status'];
    $bad_robot_blacklisted = $bad_robot_filter_data['blacklisted'];
    if (!empty($bad_robot_blacklisted)) {
        $wpss_error_code .= $bad_robot_filter_data['error_code'];
        $reg_badrobot_error = TRUE;
    }
    /* BAD ROBOT TEST - END */
    /* BAD ROBOTS */
    if ($reg_badrobot_error != FALSE) {
        $errors->add('badrobot_error', '<strong>' . $error_txt . ':</strong> ' . __('User registration is currently not allowed.'));
    }
    /* JS/COOKIES CHECK */
    $wpss_key_values = spamshield_get_key_values(TRUE);
    $wpss_ck_key = $wpss_key_values['wpss_ck_key'];
    $wpss_ck_val = $wpss_key_values['wpss_ck_val'];
    $wpss_js_key = $wpss_key_values['wpss_js_key'];
    $wpss_js_val = $wpss_key_values['wpss_js_val'];
    /* No need to check cache status here since registration form isn't cached */
    if (!empty($_COOKIE[$wpss_ck_key])) {
        $wpss_jsck_cookie_val = $_COOKIE[$wpss_ck_key];
    } else {
        $wpss_jsck_cookie_val = '';
    }
    if (!empty($_POST[$wpss_js_key])) {
        $wpss_jsck_field_val = $_POST[$wpss_js_key];
    } else {
        $wpss_jsck_field_val = '';
    }
    $wpss_ck_key_bypass = $wpss_js_key_bypass = FALSE;
    //if ( TRUE == WPSS_EDGE && !empty( $spamshield_options['js_head_disable'] ) ) { /* EDGE - 1.8.4 */
    if (!empty($spamshield_options['js_head_disable'])) {
        /* 1.8.9 */
        $wpss_ck_key_bypass = TRUE;
    }
    if (FALSE == $wpss_ck_key_bypass) {
        /* 1.8.9 */
        if ($wpss_jsck_cookie_val != $wpss_ck_val) {
            $wpss_error_code .= ' ' . $pref . 'COOKIE-3';
            $reg_jsck_error = TRUE;
        }
    }
    if ($wpss_jsck_field_val != $wpss_js_val) {
        $wpss_error_code .= ' ' . $pref . 'FVFJS-3';
        $reg_jsck_error = TRUE;
    }
    if (!empty($_POST[WPSS_JSONST])) {
        $post_jsonst = $_POST[WPSS_JSONST];
    } else {
        $post_jsonst = '';
    }
    if ($post_jsonst == $ns_val) {
        $wpss_error_code .= ' ' . $pref . 'JSONST-1000-3';
        $reg_jsck_error = TRUE;
    }
    if ($reg_jsck_error != FALSE && $reg_badrobot_error != TRUE) {
        $errors->add('jsck_error', '<strong>' . $error_txt . ':</strong> ' . __('JavaScript and Cookies are required in order to register. Please be sure JavaScript and Cookies are enabled in your browser, and reload the page.', WPSS_PLUGIN_NAME));
    }
    /* EMAIL BLACKLIST */
    if (spamshield_email_blacklist_chk($user_email)) {
        $wpss_error_code .= ' ' . $pref . '9200E-BL';
        if ($reg_badrobot_error != TRUE && $reg_jsck_error != TRUE) {
            $errors->add('blacklist_email_error', '<strong>' . $error_txt . ':</strong> ' . __('Sorry, that email address is not allowed!') . ' ' . __('Please enter a valid email address.'));
        }
    }
    /* AUTHOR KEYPHRASE BLACKLIST */
    foreach ($user_data as $k => $v) {
        $k_uc = spamshield_casetrans('upper', $k);
        if (($k == 'user_login' || $k == 'first_name' || $k == 'last_name' || $k == 'disp_name') && spamshield_anchortxt_blacklist_chk($v)) {
            $wpss_error_code .= ' ' . $pref . '10500A-BL-' . $k_uc;
            if ($reg_badrobot_error != TRUE && $reg_jsck_error != TRUE) {
                $nfk = $new_fields[$k];
                $errors->add('blacklist_' . $k . '_error', '<strong>' . $error_txt . ':</strong> ' . sprintf(__('"%1$s" appears to be spam. Please enter a different value in the <strong> %2$s </strong> field.', WPSS_PLUGIN_NAME), sanitize_text_field($v), $nfk));
            }
        }
    }
    /* BLACKLISTED USER */
    if (empty($wpss_error_code) && spamshield_ubl_cache()) {
        $wpss_error_code .= ' ' . $pref . '0-BL';
        $errors->add('blacklisted_user_error', '<strong>' . $error_txt . ':</strong> ' . __('User registration is currently not allowed.'));
    }
    /* Done with Tests */
    /* Now Log the Errors, if any */
    if (!empty($_POST[WPSS_REF2XJS])) {
        $post_ref2xjs = $_POST[WPSS_REF2XJS];
    } else {
        $post_ref2xjs = '';
    }
    $post_ref2xjs = spamshield_casetrans('lower', $post_ref2xjs);
    if (!empty($post_ref2xjs)) {
        $ref2xJS = spamshield_casetrans('lower', addslashes(urldecode($post_ref2xjs)));
        $ref2xJS = str_replace('%3a', ':', $ref2xJS);
        $ref2xJS = str_replace(' ', '+', $ref2xJS);
        $wpss_javascript_page_referrer = esc_url_raw($ref2xJS);
    } else {
        $wpss_javascript_page_referrer = '[None]';
    }
    if ($post_jsonst == 'NS3') {
        $wpss_jsonst = $post_jsonst;
    } else {
        $wpss_jsonst = '[None]';
    }
    $user_id = 'None';
    /* Possibly change to '' */
    $register_author_data = array('display_name' => $user_data['disp_name'], 'user_firstname' => $user_data['first_name'], 'user_lastname' => $user_data['last_name'], 'user_email' => $user_email, 'user_login' => $user_login, 'ID' => $user_id, 'comment_author' => $user_data['disp_name'], 'comment_author_email' => $user_email, 'comment_author_url' => '', 'javascript_page_referrer' => $wpss_javascript_page_referrer, 'jsonst' => $wpss_jsonst);
    if (empty($register_author_data['comment_author']) && !empty($user_login)) {
        $register_author_data['comment_author'] = $user_login;
    }
    unset($wpss_javascript_page_referrer, $wpss_jsonst);
    $wpss_error_code = trim($wpss_error_code);
    if (!empty($wpss_error_code)) {
        spamshield_update_accept_status($register_author_data, 'r', 'Line: ' . __LINE__);
        spamshield_increment_reg_count();
        if (!empty($spamshield_options['comment_logging'])) {
            spamshield_log_data($register_author_data, $wpss_error_code, 'register');
        }
    }
    /* Now return the error values */
    return $errors;
}