コード例 #1
0
 public function process($ip, &$stats = array(), &$options = array(), &$post = array())
 {
     // it looks like I am not getting my stats and options correctly
     //sfs_debug_msg('Made it into challenge');
     $ip = kpg_get_ip();
     $stats = kpg_ss_get_stats();
     $options = kpg_ss_get_options();
     //$post=get_post_variables();
     /*
     		page is HEADER, Allow List Request, Captchas and then a button
     		Processing is 1) check for response from from
     		2) else display form.
     */
     // display deny message and captcha if set.
     // first, check to see if they should be redirected
     if ($options['redir'] == 'Y' && !empty($options['redirurl'])) {
         //sfs_debug_msg('Redir?');
         header('HTTP/1.1 307 Moved');
         header('Status: 307 Moved');
         header("location: " . $options['redirurl']);
         exit;
     }
     extract($options);
     $ke = '';
     $km = '';
     $kr = '';
     $ka = '';
     $kp = '';
     // serialized post
     // step 1 look for form response
     // nonce is in a field named kn - this is not to confuse with other forms that may be coming in
     $nonce = '';
     $msg = '';
     // this is the body message for failed captchas, notifies and requests
     if (!empty($_POST) && array_key_exists('kn', $_POST)) {
         //sfs_debug_msg('second time');
         $nonce = $_POST['kn'];
         // get the post items
         if (array_key_exists('ke', $_POST)) {
             $ke = sanitize_text_field($_POST['ke']);
         }
         if (array_key_exists('km', $_POST)) {
             $km = sanitize_text_field($_POST['km']);
         }
         if (strlen($km) > 80) {
             $km = substr($km, 0, 77) . '...';
         }
         if (array_key_exists('kr', $_POST)) {
             $kr = sanitize_text_field($_POST['kr']);
         }
         if (array_key_exists('ka', $_POST)) {
             $ka = sanitize_text_field($_POST['ka']);
         }
         if (array_key_exists('kp', $_POST)) {
             $kp = $_POST['kp'];
         }
         // serialized post
         if (!empty($nonce) && wp_verify_nonce($nonce, 'kpg_stopspam_deny')) {
             //sfs_debug_msg('nonce is good');
             // have a form return.
             //1) to see if the allow by request has been triggered
             $emailsent = $this->kpg_ss_send_email($options);
             //2) see if we should add to the allow list
             $allowset = false;
             if ($wlreq == 'Y') {
                 // allow things to added to allow list
                 $allowset = $this->kpg_ss_add_allow($ip, $options, $stats, $post, $post);
             }
             // now the captcha settings
             $msg = "Thank you,<br>";
             if ($emailsent) {
                 $msg .= "The blog master has been notified by email.<br>";
             }
             if ($allowset) {
                 $msg .= "You request has been recorded.<br>";
             }
             if (empty($chkcaptcha) || $chkcaptcha == 'N') {
                 // send out the thank you message
                 wp_die($msg, "Stop Spammers", array('response' => 200));
                 exit;
             }
             // they submitted a captcha
             switch ($chkcaptcha) {
                 case 'Y':
                     // open captcha
                     if (array_key_exists('img', $_POST) && !empty($_POST['img']) && !empty($_POST['code'])) {
                         //sfs_debug_msg('open capcha 2');
                         // validate open captcha
                         $fff = 'http://www.opencaptcha.com/validate.php?ans=';
                         $fff .= sanitize_text_field($_POST['code']);
                         $fff .= '&img=';
                         $fff .= sanitize_text_field($_POST['img']);
                         $sn = kpg_read_file($fff);
                         if ($sn == 'pass') {
                             // restore the post
                             //$kp=base64_encode(serialize($_POST));
                             $_POST = unserialize(base64_decode($kp));
                             ////sfs_debug_msg("trying to return the post to the comments program".print_r($_POST,true));
                             // success add to cache
                             kpg_ss_log_good($ip, 'passed open captcha', 'pass');
                             do_action('kpg_stop_spam_OK', $ip, $post);
                             // So plugins can undo spam report
                             return false;
                         } else {
                             $msg = "Open Captcha entry does not match, try again.";
                         }
                     }
                     break;
                 case 'G':
                     if (array_key_exists('recaptcha', $_POST) && !empty($_POST['recaptcha']) && array_key_exists('g-recaptcha-response', $_POST)) {
                         // check recaptcha
                         $recaptchaapisecret = $options['recaptchaapisecret'];
                         $recaptchaapisite = $options['recaptchaapisite'];
                         if (empty($recaptchaapisecret) || empty($recaptchaapisite)) {
                             $msg = "Recaptcha Keys are not set.";
                         } else {
                             $g = $_REQUEST['g-recaptcha-response'];
                             //$url="https://www.google.com/recaptcha/api/siteverify";
                             $url = "https://www.google.com/recaptcha/api/siteverify?secret={$recaptchaapisecret}&response={$g}&remoteip={$ip}";
                             $resp = kpg_read_file($url);
                             ////sfs_debug_msg("recaptcha '$g', '$ip' '$resp' - \r\n".print_r($_POST,true));
                             if (strpos($resp, '"success": true') !== false) {
                                 // found success
                                 //$kp=base64_encode(serialize($_POST));
                                 $_POST = unserialize(base64_decode($kp));
                                 ////sfs_debug_msg("trying to return the post to the comments program".print_r($_POST,true));
                                 // success add to cache
                                 kpg_ss_log_good($ip, 'passed recaptcha', 'pass');
                                 do_action('kpg_stop_spam_OK', $ip, $post);
                                 // So plugins can undo spam report
                                 return false;
                             } else {
                                 $msg = "Google reCaptcha entry does not match, try again";
                             }
                         }
                     }
                     break;
                 case 'S':
                     if (array_key_exists('adcopy_challenge', $_POST) && !empty($_POST['adcopy_challenge'])) {
                         // solve media
                         $solvmediaapivchallenge = $options['solvmediaapivchallenge'];
                         $solvmediaapiverify = $options['solvmediaapiverify'];
                         $adcopy_challenge = $_REQUEST['adcopy_challenge'];
                         $adcopy_response = $_REQUEST['adcopy_response'];
                         //$ip='127.0.0.1';
                         $postdata = http_build_query(array('privatekey' => $solvmediaapiverify, 'challenge' => $adcopy_challenge, 'response' => $adcopy_response, 'remoteip' => $ip));
                         $opts = array('http' => array('method' => 'POST', 'header' => 'Content-type: application/x-www-form-urlencoded', 'content' => $postdata));
                         //$context  = stream_context_create($opts);
                         // need to rewrite this post with the wp class
                         /**********************************************
                         				try to use the sp function
                         			**********************************************/
                         $body = array('privatekey' => $solvmediaapiverify, 'challenge' => $adcopy_challenge, 'response' => $adcopy_response, 'remoteip' => $ip);
                         $args = array('user-agent' => 'WordPress/' . '4.2' . '; ' . get_bloginfo('url'), 'blocking' => true, 'headers' => array('Content-type: application/x-www-form-urlencoded'), 'method' => 'POST', 'timeout' => 45, 'redirection' => 5, 'httpversion' => '1.0', 'body' => $body, 'cookies' => array());
                         $url = 'http://verify.solvemedia.com/papi/verify/';
                         $resultarray = wp_remote_post($url, $args);
                         $result = $resultarray['body'];
                         //$result =
                         //file_get_contents('http://verify.solvemedia.com/papi/verify/',
                         //false, $context);
                         if (strpos($result, 'true') !== false) {
                             $_POST = unserialize(base64_decode($kp));
                             ////sfs_debug_msg("trying to return the post to the comments program".print_r($_POST,true));
                             // success add to cache
                             kpg_ss_log_good($ip, 'passed open captcha', 'pass');
                             do_action('kpg_stop_spam_OK', $ip, $post);
                             // So plugins can undo spam report
                             return false;
                         } else {
                             $msg = "Captcha entry does not match, try again";
                         }
                     }
                     break;
                 case 'A':
                     if (array_key_exists('nums', $_POST) && !empty($_POST['nums'])) {
                         // simple arithmetic - at lease it is different for each website and changes occasionally
                         $seed = 5;
                         $spdate = $stats['spdate'];
                         if (!empty($spdate)) {
                             $seed = strtotime($spdate);
                         }
                         $nums = really_clean(sanitize_text_field($_POST['nums']));
                         $nums += $seed;
                         $sum = really_clean(sanitize_text_field($_POST['sum']));
                         if ($sum == $nums) {
                             $_POST = unserialize(base64_decode($kp));
                             ////sfs_debug_msg("trying to return the post to the comments program".print_r($_POST,true));
                             // success add to cache
                             kpg_ss_log_good($ip, 'passed open captcha', 'pass');
                             do_action('kpg_stop_spam_OK', $ip, $post);
                             // So plugins can undo spam report
                             return false;
                         } else {
                             $msg = "Your arithmetic sucks, try again";
                         }
                     }
                     break;
                 case 'F':
                     // future - more free captchas
                     break;
             }
         }
         // nonce check - not a valid nonce on form submit yet the value is there - what do we do?
         //sfs_debug_msg('leaving second time');
     } else {
         // first time through
         //print_r($post);
         //print_r($_POST);
         $ke = $post['email'];
         $km = '';
         $kr = "";
         //if (array_key_exists('reason',$post)) $kr=$post['reason'];
         $ka = $post['author'];
         $kp = base64_encode(serialize($_POST));
         //sfs_debug_msg('first time getting post stuff');
     }
     //sfs_debug_msg('creating form data');
     // made it here - we display the screens
     $knonce = wp_create_nonce('kpg_stopspam_deny');
     // this may be the second time through
     $formtop = '';
     if (!empty($msg)) {
         $msg = "\r\n<br><span style=\"color:red;\"> {$msg} </span><hr/>\r\n";
     }
     $formtop .= "\r\n<form action=\"\" method=\"post\" >\r\n<input type=\"hidden\" name=\"kn\" value=\"{$knonce}\">\r\n<input type=\"hidden\" name=\"kpg_deny\" value=\"{$chkcaptcha}\">\r\n<input type=\"hidden\" name=\"kp\" value=\"{$kp}\">\r\n<input type=\"hidden\" name=\"kr\" value=\"{$kr}\">\r\n<input type=\"hidden\" name=\"ka\" value=\"{$ka}\">\r\n";
     $formbot = "\r\n<input type=\"submit\" value=\"Press to continue\">\r\n\r\n</form>\r\n\r\n";
     $not = '';
     if ($wlreq == 'Y') {
         // halfhearted attempt to hide which field is the email field.
         $not = "\r\n<fieldset style=\"border:thin solid black;padding:6px;width:100%;\">\r\n<legend><span style=\"font-weight:bold;font-size:1.2em\" >Allow Request</span></legend>\r\n<p>You have been blocked from entering information on this blog. In order to prevent this from happening in the future you\r\nmay ask the owner to add your network address to a list that allows you full access.</p>\r\n<p>Please enter your <b>e</b><b>ma</b><b>il</b> <b>add</b><b>re</b><b>ss</b> and a short note requesting access here</p>\r\n<span style=\"color:FFFEFF;\">e</span>-<span style=\"color:FFFDFF;\">ma</span>il for contact(required)<!-- not the message -->: <input type=\"text\" value=\"\" name=\"ke\"><br>\r\nmessage <!-- not email -->:<br><textarea name=\"km\"></textarea>\r\n</fieldset>\r\n";
     }
     $captop = "\r\n<fieldset style=\"border:thin solid black;padding:6px;width:100%;\">\r\n<legend><span style=\"font-weight:bold;font-size:1.2em\" >Please prove you are not a Robot</span></legend>\r\n\t\r\n\t\r\n";
     $capbot = "\r\n</fieldset>\r\n";
     // now the captchas
     $cap = '';
     switch ($chkcaptcha) {
         case 'Y':
             $date = date("Ymd");
             $rand = rand(0, 9999999999999);
             $height = "80";
             $width = "240";
             $img = "{$date}{$rand}-{$height}-{$width}.jpgx";
             $imgloc = 'http://www.opencaptcha.com/img/';
             $root = site_url();
             $imgloc = site_url() . '?ocimg=';
             //http://localhost/wordpress?ocimg=20150410628305005-80-240.jpgx
             $cap = "\r\n<br>\r\n<hr/>\r\n<img src='{$imgloc}{$img}' height='{$height}' alt='captcha' width='{$width}' border='0' />\r\n<input type='hidden' name='img' value='{$img}'><br>\r\nEnter the code: <input type=text name=code value='' size='35' />\r\n";
             break;
         case 'G':
             // recaptcha
             $recaptchaapisite = $options['recaptchaapisite'];
             $cap = "\r\n\t\t\t<script src=\"https://www.google.com/recaptcha/api.js\" async defer></script>\r\n\r\n\t\t\t<input type=\"hidden\" name=\"recaptcha\" value=\"recaptcha\">\r\n<div class=\"g-recaptcha\" data-sitekey=\"{$recaptchaapisite}\"></div>\r\n\r\n\r\n";
             break;
         case 'S':
             $solvmediaapivchallenge = $options['solvmediaapivchallenge'];
             $cap = "\r\n\t\t\t<script type=\"text/javascript\"\r\n\tsrc=\"http://api.solvemedia.com/papi/challenge.script?k={$solvmediaapivchallenge}\">\r\n</script>\r\n\r\n<noscript>\r\n\t<iframe src=\"http://api.solvemedia.com/papi/challenge.noscript?k={$solvmediaapivchallenge}\"\r\n\theight=\"300\" width=\"500\" frameborder=\"0\"></iframe><br/>\r\n\t<textarea name=\"adcopy_challenge\" rows=\"3\" cols=\"40\">\r\n\t</textarea>\r\n\t<input type=\"hidden\" name=\"adcopy_response\" value=\"manual_challenge\"/>\r\n</noscript><br>\r\n";
             break;
         case 'A':
             // arithmetic
             $n1 = rand(1, 9);
             $n2 = rand(1, 9);
             // try a much more nteresting way that can't be generalized
             // use the "since" date from stats
             $seed = 5;
             $spdate = $stats['spdate'];
             if (!empty($spdate)) {
                 $seed = strtotime($spdate);
             }
             $stupid = $n1 + $n2 - $seed;
             $cap = "\r\n<P>Enter the SUM of these two numbers: <span style=\"size:4em;font-weight:bold;\">{$n1} + {$n2}</span><br>\r\n<input name=\"sum\" value=\"\" type=\"text\">\r\n<input type=\"hidden\" name=\"nums\" value=\"{$stupid}\"><br>\r\n<input type=\"submit\" value=\"Press to continue\">\r\n\r\n\r\n";
             break;
         case 'F':
             // future
         // future
         default:
             $captop = '';
             $capbot = '';
             $cap = '';
             break;
     }
     // have a display
     // need to send it to the display
     if (empty($msg)) {
         $msg = $rejectmessage;
     }
     $ansa = "\r\n\t\t{$msg}\r\n\t\t{$formtop}\r\n\t\t{$not}\r\n\t\t{$captop}\r\n\t\t{$cap}\r\n\t\t{$capbot}\r\n\t\t{$formbot}\r\n\t\t";
     wp_die($ansa, "Stop Spammers", array('response' => 200));
     exit;
 }
コード例 #2
0
ファイル: ss-admin-options.php プロジェクト: blogfor/king
function sfs_handle_ajax_sub($data)
{
    // suddenly loading before 'init' has loaded things?
    // get the stuff from the $_GET and call stop forum spam
    // this tages the stuff from the get and uses it to do the get from sfs
    // get the configuration items
    $options = get_option('kpg_stop_sp_reg_options');
    // for some reason the main call is not available?
    if (empty($options)) {
        // can't happen?
        echo "No Options set";
        exit;
    }
    //print_r($options);
    extract($options);
    // get the comment_id parameter
    $comment_id = urlencode($_GET['comment_id']);
    if (empty($comment_id)) {
        echo "No comment id found";
        exit;
    }
    // need to pass the blog id also
    $blog = '';
    $blog = $_GET['blog_id'];
    if ($blog != '') {
        if (function_exists('switch_to_blog')) {
            switch_to_blog($blog);
        }
    }
    // get the comment
    $comment = get_comment($comment_id, ARRAY_A);
    if (empty($comment)) {
        echo "No comment found for {$comment_id}";
        exit;
    }
    //print_r($comment);
    $email = urlencode($comment['comment_author_email']);
    $uname = urlencode($comment['comment_author']);
    $ip_addr = $comment['comment_author_IP'];
    // code added as per Paul at sto Forum Spam
    $content = $comment['comment_content'];
    $evidence = $comment['comment_author_url'];
    if ($blog != '') {
        if (function_exists('restore_current_blog')) {
            restore_current_blog();
        }
    }
    if (empty($evidence)) {
        $evidence = '';
    }
    preg_match_all('@((https?://)?([-\\w]+\\.[-\\w\\.]+)+\\w(:\\d+)?(/([-\\w/_\\.]*(\\?\\S+)?)?)*)@', $content, $post, PREG_PATTERN_ORDER);
    $urls1 = array();
    $urls2 = array();
    if (is_array($post) && is_array($post[1])) {
        $urls1 = array_unique($post[1]);
    } else {
        $urls1 = array();
    }
    //bbcode
    preg_match_all('/\\[url=(.+)\\]/iU', $content, $post, PREG_PATTERN_ORDER);
    if (is_array($post) && is_array($post[0])) {
        $urls2 = array_unique($post[0]);
    } else {
        $urls2 = array();
    }
    $urls3 = array_merge($urls1, $urls2);
    if (is_array($urls3)) {
        $evidence .= "\r\n" . implode("\r\n", $urls3);
    }
    $evidence = urlencode(trim($evidence, "\r\n"));
    if (strlen($evidence) > 128) {
        $evidence = substr($evidence, 0, 125) . '...';
    }
    if (empty($apikey)) {
        echo "Cannot Report Spam without API Key";
        exit;
    }
    $hget = "http://www.stopforumspam.com/add.php?ip_addr={$ip_addr}&api_key={$apikey}&email={$email}&username={$uname}&evidence={$evidence}";
    //echo $hget;
    $ret = kpg_read_file($hget);
    if (stripos($ret, 'data submitted successfully') !== false) {
        echo $ret;
    } else {
        if (stripos($ret, 'recent duplicate entry') !== false) {
            echo ' recent duplicate entry ';
        } else {
            echo 'returning from ajax';
        }
    }
    exit;
}