/**
* Display the honeypot URL
*/
public function getHtmlHoneyPotUrl()
{
$url = $this->_core->getOptionElement('php', 'honeypoturl');
$words = array('intermittently', 'tawse', 'goldurn', 'coemption', 'semipurposive', 'tensibly', 'dissident', 'reductive', 'plowstaff', 'sprang', 'intersoluble', 'mildly', 'unrumpled', 'freeway', 'overappreciative', 'prealliance', 'hypercoagulability', 'makalu', 'aspersive', 'colleagueship', 'feminacy', 'cuirie', 'vanir', 'unvitalized', 'noncreativity', 'interproportional', 'areosystyle', 'exsolve', 'replow', 'septuor', 'comptrollership', 'mortarless', 'ruddily', 'find', 'poppy', 'knowledgeless', 'amenorrheal', 'referenced', 'veranda', 'parishad', 'lexeme', 'expediency', 'anemotropism', 'bangalay', 'complexional', 'uneminent', 'stephenville', 'lozenge', 'archiepiscopacy', 'propitiable');
$keys = array_rand($words, 2);
$text = $words[$keys[0]] . '-' . $words[$keys[1]];
$url_array[] = '<div style="display: none;"><a href="%s">%s</a></div>';
$url_array[] = '<a href="%s" style="display: none;">%s</a>';
$url_array[] = '<a href="%s"><span style="display: none;">%s</span></a>';
$url_array[] = '<a href="%s"><!-- %s --></a>';
$url_array[] = '<!-- <a href="%s">%s</a> -->';
$url_array[] = '<div style="position: absolute; top: -250px; left: -250px;"><a href="%s">%s</a></div>';
$url_array[] = '<a href="%s"><span style="display: none;">%s</span></a>';
$full_url = sprintf($url_array[array_rand($url_array)], $url, $text);
return $full_url;
}
/**
* Do the HTTP call to and report the spammer
*
* @param string $username
* @param string $email
* @param string $ip_addr
*/
private function _handleReportSpammer($username, $email, $ip_addr)
{
if (!empty($email)) {
$url = 'http://www.stopforumspam.com/add.php';
$call = wp_remote_post($url, array('user-agent' => 'WordPress/AVH ' . AVH_FDAS_Define::PLUGIN_VERSION . '; ' . get_bloginfo('url'), 'body' => array('username' => $username, 'ip_addr' => $ip_addr, 'email' => $email, 'api_key' => $this->_core->getOptionElement('sfs', 'sfsapikey'))));
if (is_wp_error($call) || 200 != $call['response']['code']) {
$to = get_option('admin_email');
$subject = sprintf('[%s] AVH First Defense Against Spam - ' . __('Error reporting spammer', 'avh-fdas'), wp_specialchars_decode(get_option('blogname'), ENT_QUOTES));
if (is_wp_error($call)) {
$message = $call->get_error_messages();
} else {
$message[] = $call['body'];
}
AVH_Common::sendMail($to, $subject, $message, $this->_settings->getSetting('mail_footer'));
}
}
}
/**
* Check the nonce field set with a comment.
*
* @WordPress Filter preprocess_comment
*
* @param mixed $commentdata
*
* @return mixed
* @since 1.2
*
*/
public function filterCheckNonceFieldToComment($commentdata)
{
// When we're in Admin no need to check the nonce.
if (!defined('WP_ADMIN') && !defined('XMLRPC_REQUEST')) {
if (empty($commentdata['comment_type'])) {
// If it's a trackback or pingback this has a value
$nonce = wp_create_nonce('avh-first-defense-against-spam_' . $commentdata['comment_post_ID']);
if (!wp_verify_nonce($_POST['_avh_first_defense_against_spam'], 'avh-first-defense-against-spam_' . $commentdata['comment_post_ID'])) {
if (1 == $this->_core->getOptionElement('general', 'emailsecuritycheck')) {
$to = get_option('admin_email');
$ip = AVH_Visitor::getUserIp();
$sfs_apikey = $this->_core->getOptionElement('sfs', 'sfsapikey');
$commentdata['comment_author_email'] = empty($commentdata['comment_author_email']) ? '*****@*****.**' : $commentdata['comment_author_email'];
$subject = sprintf('[%s] AVH First Defense Against Spam - ' . __('Comment security check failed', 'avh-fdas'), wp_specialchars_decode(get_option('blogname'), ENT_QUOTES));
if (isset($_POST['_avh_first_defense_against_spam'])) {
$message[] = __('Reason: The nonce check failed.', 'avh-fdas');
} else {
$message[] = __('Reason: An attempt was made to directly access wp-comment-post.php', 'avh-fdas');
}
$message[] = sprintf(__('Username: %s', 'avh-fdas'), $commentdata['comment_author']);
$message[] = sprintf(__('Email: %s', 'avh-fdas'), $commentdata['comment_author_email']);
$message[] = sprintf(__('IP: %s', 'avh-fdas'), $ip);
$message[] = '';
$message[] = __('Comment trying to post:', 'avh-fdas');
$message[] = __('--- START OF COMMENT ---', 'avh-fdas');
$message[] = $commentdata['comment_content'];
$message[] = __('--- END OF COMMENT ---', 'avh-fdas');
$message[] = '';
if ('' != $sfs_apikey && !empty($commentdata['comment_author_email'])) {
$q['action'] = 'emailreportspammer';
$q['a'] = $commentdata['comment_author'];
$q['e'] = $commentdata['comment_author_email'];
$q['i'] = $ip;
$q['_avhnonce'] = AVH_Security::createNonce($q['a'] . $q['e'] . $q['i']);
$query = $this->_core->BuildQuery($q);
$report_url = admin_url('admin.php?' . $query);
$message[] = sprintf(__('Report spammer: %s'), $report_url);
}
$message[] = sprintf(__('For more information: http://www.stopforumspam.com/search?q=%s'), $ip);
$blacklisturl = admin_url('admin.php?action=blacklist&i=') . $ip . '&_avhnonce=' . AVH_Security::createNonce($ip);
$message[] = sprintf(__('Add to the local blacklist: %s'), $blacklisturl);
AVH_Common::sendMail($to, $subject, $message, $this->_settings->getSetting('mail_footer'));
}
// Only keep track if we have the ability to report add Stop Forum Spam
if ('' != $sfs_apikey && !empty($commentdata['comment_author_email'])) {
// Prevent a spam attack to overflow the database.
if (!$this->_checkDbNonces($q['_avhnonce'])) {
$option = get_option($this->_core->getDbNonces());
$option[$q['_avhnonce']] = $q['a'] . $q['e'] . $q['i'];
update_option($this->_core->getDbNonces(), $option);
}
}
$m = __('<p>Cheating huh</p>', 'avh-fdas');
$m .= __('<p>Protected by: AVH First Defense Against Spam</p>', 'avh-fdas');
if ($this->_core->getOptionElement('php', 'usehoneypot')) {
$m .= $this->_spamcheck->getHtmlHoneyPotUrl();
}
wp_die($m);
}
}
}
return $commentdata;
}
