function rs_wpss_check_new_user($errors = NULL, $user_login = NULL, $user_email = NULL) { /* Error checking for new user registration */ global $spamshield_options, $wpss_reg_err_chk_complete, $wpss_wc_reg_inprog; if (is_user_logged_in() || !empty($wpss_reg_err_chk_complete)) { return $errors; } if (!empty($wpss_wc_reg_inprog) || rs_wpss_is_woocom_enabled()) { /* Check if we're on a WooCommerce Checkout Page */ if (isset($_GET['action']) && $_GET['action'] === 'woocommerce_checkout') { return $errors; } $ecom_urls = array('/checkout/', '/store/', '/shop/', '/cart/'); foreach ($ecom_urls as $k => $u) { if (strpos($_SERVER['REQUEST_URI'], $u) !== FALSE) { return $errors; } } } elseif (rs_wpss_is_ecom_enabled()) { /* Check if we're on another e-commerce Checkout or Shopping Cart Page */ $ecom_urls = array('/checkout/', '/store/', '/shop/', '/cart/'); foreach ($ecom_urls as $k => $u) { if (strpos($_SERVER['REQUEST_URI'], $u) !== FALSE) { return $errors; } } } if (empty($spamshield_options)) { $spamshield_options = get_option('spamshield_options'); } if (!empty($spamshield_options['registration_shield_disable'])) { return $errors; } /* BYPASS - HOOK */ $reg_check_bypass = apply_filters('wpss_registration_check_bypass', FALSE); if (!empty($reg_check_bypass)) { return $errors; } /* BYPASS CHECKS COMPLETE - NOW START */ if (empty($errors) || !is_object($errors)) { $errors = new WP_Error(); } $reg_filter_status = $wpss_error_code = $log_pref = ''; $reg_jsck_error = $reg_badrobot_error = $wpss_reg_err_chk_complete = $buddypress_status = $wc_status = $s2member_status = $wpmembers_status = $affiliates_status = FALSE; $ns_val = 'NS3'; $pref = 'R-'; $errors_3p = array(); /* Error array for 3rd party plugins that don't follow WordPress standards for registration processing: BuddyPress, ... */ $error_txt = rs_wpss_error_txt(); if (class_exists('BuddyPress')) { if (empty($user_login) && isset($_POST['signup_username'])) { $user_login = rs_wpss_casetrans('lower', sanitize_user(wp_unslash($_POST['signup_username']))); $buddypress_status = TRUE; $log_pref = 'bp-'; } if (empty($user_email) && isset($_POST['signup_email'])) { $user_email = rs_wpss_casetrans('lower', sanitize_email(wp_unslash($_POST['signup_email']))); $buddypress_status = TRUE; $log_pref = 'bp-'; } } if (!empty($wpss_wc_reg_inprog)) { $wc_status = TRUE; $log_pref = 'wc-'; } if (defined('WS_PLUGIN__S2MEMBER_VERSION')) { $s2member_status = TRUE; $log_pref = 's2-'; } if (defined('AFFILIATES_CORE_VERSION')) { $affiliates_status = TRUE; $log_pref = 'aff-'; } if (defined('WPMEM_VERSION')) { $wpmembers_status = TRUE; $log_pref = 'wpm-'; } if (TRUE === $wc_status) { $user_login = ''; if (empty($user_login) && isset($_POST['username'])) { $user_login = rs_wpss_casetrans('lower', sanitize_user(wp_unslash($_POST['username']))); } if (empty($user_email) && isset($_POST['email'])) { $user_email = rs_wpss_casetrans('lower', sanitize_email(wp_unslash($_POST['email']))); } } if (TRUE === $affiliates_status) { if (empty($user_login) && isset($_POST['user_login'])) { $user_login = rs_wpss_casetrans('lower', sanitize_user(wp_unslash($_POST['user_login']))); } if (empty($user_email) && isset($_POST['user_email'])) { $user_email = rs_wpss_casetrans('lower', sanitize_email(wp_unslash($_POST['user_email']))); } } $new_fields = array('first_name' => __('First Name', WPSS_PLUGIN_NAME), 'last_name' => __('Last Name', WPSS_PLUGIN_NAME), 'disp_name' => __('Display Name', WPSS_PLUGIN_NAME)); $user_data = array(); foreach ($new_fields as $k => $v) { if (isset($_POST[$k])) { $user_data[$k] = sanitize_text_field(wp_unslash($_POST[$k])); } else { $user_data[$k] = ''; } } if (FALSE === $buddypress_status && FALSE === $wc_status && FALSE === $s2member_status && FALSE === $affiliates_status) { /* Check New Fields for Blanks */ foreach ($new_fields as $k => $v) { $k_uc = rs_wpss_casetrans('upper', $k); if (empty($_POST[$k])) { $errors->add('empty_' . $k, '<strong>' . $error_txt . ':</strong> ' . sprintf(__('Please enter your %s', WPSS_PLUGIN_NAME) . '.', $v)); $wpss_error_code .= ' R-BLANK-' . $k_uc; } } } /* BAD ROBOT TEST - BEGIN */ $bad_robot_filter_data = rs_wpss_bad_robot_blacklist_chk('register', $reg_filter_status, '', '', $user_data['disp_name'], $user_email); $reg_filter_status = $bad_robot_filter_data['status']; $bad_robot_blacklisted = $bad_robot_filter_data['blacklisted']; if (!empty($bad_robot_blacklisted)) { $wpss_error_code .= $bad_robot_filter_data['error_code']; $reg_badrobot_error = TRUE; } /* BAD ROBOT TEST - END */ /* BAD ROBOTS */ if ($reg_badrobot_error !== FALSE) { $err_cod = 'badrobot_error'; $err_msg = __('User registration is currently not allowed.'); if (TRUE === $buddypress_status) { $errors_3p[$err_cod] = $err_msg; } else { $errors->add($err_cod, '<strong>' . $error_txt . ':</strong> ' . $err_msg); } } /* JS/COOKIES CHECK */ $wpss_ck_key_bypass = $wpss_js_key_bypass = FALSE; $wpss_key_values = rs_wpss_get_key_values(); extract($wpss_key_values); $wpss_jsck_cookie_val = !empty($_COOKIE[$wpss_ck_key]) ? $_COOKIE[$wpss_ck_key] : ''; $wpss_jsck_field_val = !empty($_POST[$wpss_js_key]) ? $_POST[$wpss_js_key] : ''; $wpss_jsck_jquery_val = !empty($_POST[$wpss_jq_key]) ? $_POST[$wpss_jq_key] : ''; if (TRUE === WPSS_COMPAT_MODE || defined('WPSS_SOFT_COMPAT_MODE')) { /* 1.9.1 */ $wpss_ck_key_bypass = TRUE; } if (FALSE === $wpss_ck_key_bypass) { /* 1.8.9 */ /* If jscripts.php is disabled, these would be skipped - Compatibility Mode */ if ($wpss_jsck_cookie_val !== $wpss_ck_val) { $wpss_error_code .= ' ' . $pref . 'COOKIE-3'; $reg_jsck_error = TRUE; } if ($wpss_jsck_jquery_val !== $wpss_jq_val) { $wpss_error_code .= ' ' . $pref . 'JQHFT-3'; $reg_jsck_error = TRUE; } } if (FALSE === $wpss_js_key_bypass) { if ($wpss_jsck_field_val !== $wpss_js_val) { $wpss_error_code .= ' ' . $pref . 'FVFJS-3'; $reg_jsck_error = TRUE; } } $post_jsonst = !empty($_POST[WPSS_JSONST]) ? trim($_POST[WPSS_JSONST]) : ''; $post_jsonst_lc = rs_wpss_casetrans('lower', $post_jsonst); if (FALSE === $buddypress_status) { if ($post_jsonst_lc === 'ns1' || $post_jsonst_lc === 'ns2' || $post_jsonst_lc === 'ns3' || $post_jsonst_lc === 'ns4' || $post_jsonst_lc === 'ns5') { $wpss_error_code .= ' ' . $pref . 'JSONST-1000-3'; $reg_jsck_error = TRUE; } } if ($reg_jsck_error !== FALSE && $reg_badrobot_error !== TRUE) { $err_cod = 'jsck_error'; $err_msg = __('JavaScript and Cookies are required in order to register. Please be sure JavaScript and Cookies are enabled in your browser, and reload the page.', WPSS_PLUGIN_NAME); if (TRUE === $buddypress_status) { $errors_3p[$err_cod] = $err_msg; } else { $errors->add($err_cod, '<strong>' . $error_txt . ':</strong> ' . $err_msg); } } if (FALSE === $wc_status) { /* EMAIL BLACKLIST */ if (rs_wpss_email_blacklist_chk($user_email)) { $wpss_error_code .= ' ' . $pref . '9200E-BL'; if ($reg_badrobot_error !== TRUE && $reg_jsck_error !== TRUE) { $err_cod = 'blacklist_email_error'; $err_msg = __('Sorry, that email address is not allowed!') . ' ' . __('Please enter a valid email address.'); if (TRUE === $buddypress_status) { $errors_3p[$err_cod] = $err_msg; } else { $errors->add($err_cod, '<strong>' . $error_txt . ':</strong> ' . $err_msg); } } } } if (FALSE === $buddypress_status && FALSE === $wc_status && FALSE === $s2member_status && FALSE === $affiliates_status) { /* AUTHOR KEYPHRASE BLACKLIST */ foreach ($user_data as $k => $v) { $k_uc = rs_wpss_casetrans('upper', $k); if (($k === 'user_login' || $k === 'first_name' || $k === 'last_name' || $k === 'disp_name') && rs_wpss_anchortxt_blacklist_chk($v)) { $wpss_error_code .= ' ' . $pref . '10500A-BL-' . $k_uc; if ($reg_badrobot_error !== TRUE && $reg_jsck_error !== TRUE) { $nfk = $new_fields[$k]; $errors->add('blacklist_' . $k . '_error', '<strong>' . $error_txt . ':</strong> ' . sprintf(__('"%1$s" appears to be spam. Please enter a different value in the <strong> %2$s </strong> field.', WPSS_PLUGIN_NAME), sanitize_text_field($v), $nfk)); } } } } if (FALSE === $wc_status) { /* BLACKLISTED USER */ if (empty($wpss_error_code) && rs_wpss_ubl_cache()) { $wpss_error_code .= ' ' . $pref . '0-BL'; $err_cod = 'blacklisted_user_error'; $err_msg = __('User registration is currently not allowed.'); if (TRUE === $buddypress_status) { $errors_3p[$err_cod] = $err_msg; } else { $errors->add($err_cod, '<strong>' . $error_txt . ':</strong> ' . $err_msg); } } } /* Done with Tests */ /* Now Log the Errors, if any */ $post_ref2xjs = !empty($_POST[WPSS_REF2XJS]) ? trim($_POST[WPSS_REF2XJS]) : ''; $post_ref2xjs_lc = rs_wpss_casetrans('lower', $post_ref2xjs); if (!empty($post_ref2xjs)) { $ref2xJS = rs_wpss_casetrans('lower', addslashes(urldecode($post_ref2xjs))); $ref2xJS = str_replace('%3a', ':', $ref2xJS); $ref2xJS = str_replace(' ', '+', $ref2xJS); $wpss_javascript_page_referrer = esc_url_raw($ref2xJS); } else { $wpss_javascript_page_referrer = '[None]'; } if ($post_jsonst_lc === 'ns1' || $post_jsonst_lc === 'ns2' || $post_jsonst_lc === 'ns3' || $post_jsonst_lc === 'ns4' || $post_jsonst_lc === 'ns5') { $wpss_jsonst = $post_jsonst; } else { $wpss_jsonst = '[None]'; } $user_id = 'None'; /* Possibly change to '' */ $register_author_data = array('display_name' => $user_data['disp_name'], 'user_firstname' => $user_data['first_name'], 'user_lastname' => $user_data['last_name'], 'user_email' => $user_email, 'user_login' => $user_login, 'ID' => $user_id, 'comment_author' => $user_data['disp_name'], 'comment_author_email' => $user_email, 'comment_author_url' => '', 'javascript_page_referrer' => $wpss_javascript_page_referrer, 'jsonst' => $wpss_jsonst); if (empty($register_author_data['comment_author']) && !empty($user_login)) { $register_author_data['comment_author'] = $user_login; } unset($wpss_javascript_page_referrer, $wpss_jsonst); $wpss_error_code = trim($wpss_error_code); if (strpos($wpss_error_code, '0-BL') !== FALSE) { rs_wpss_append_log_data('Blacklisted user detected. Registration has been temporarily disabled to prevent spam. ERROR CODE: ' . $wpss_error_code, FALSE); } if (!empty($wpss_error_code)) { if (TRUE === $buddypress_status) { $wpss_error_code = str_replace('R-', 'BPR-', $wpss_error_code); } elseif (TRUE === $wc_status) { $wpss_error_code = str_replace('R-', 'WCR-', $wpss_error_code); } elseif (TRUE === $s2member_status) { $wpss_error_code = str_replace('R-', 'S2R-', $wpss_error_code); } elseif (TRUE === $wpmembers_status) { $wpss_error_code = str_replace('R-', 'WPMR-', $wpss_error_code); } elseif (TRUE === $affiliates_status) { $wpss_error_code = str_replace('R-', 'AFFR-', $wpss_error_code); } rs_wpss_update_accept_status($register_author_data, 'r', 'Line: ' . __LINE__, $wpss_error_code); rs_wpss_increment_reg_count(); if (!empty($spamshield_options['comment_logging'])) { rs_wpss_log_data($register_author_data, $wpss_error_code, $log_pref . 'register'); } } elseif (TRUE === $buddypress_status) { rs_wpss_update_accept_status($register_author_data, 'a', 'Line: ' . __LINE__); if (!empty($spamshield_options['comment_logging']) && !empty($spamshield_options['comment_logging_all'])) { rs_wpss_log_data($register_author_data, $wpss_error_code, $log_pref . 'register'); } } /* Now return the error values, or output error message */ if (TRUE === $wc_status) { $wpss_wc_reg_inprog = FALSE; } if (!empty($wpss_error_code)) { if (TRUE === $buddypress_status) { $error_msg = ''; foreach ($errors_3p as $c => $m) { $error_msg .= '<strong>' . $error_txt . ':</strong> ' . $m . '<br /><br />' . WPSS_EOL; } $args = array('response' => '403'); wp_die($error_msg, '', $args); } } elseif (TRUE === $wc_status) { rs_wpss_update_accept_status($register_author_data, 'a', 'Line: ' . __LINE__); if (!empty($spamshield_options['comment_logging']) && !empty($spamshield_options['comment_logging_all'])) { rs_wpss_log_data($register_author_data, $wpss_error_code, $log_pref . 'register'); } } $wpss_reg_err_chk_complete = TRUE; return $errors; }
public static function misc_form_bypass() { /*** * Miscellaneous Form Spam Check Bypass ***/ /* Setup necessary variables */ $url = rs_wpss_get_url(); $url_lc = rs_wpss_casetrans('lower', $url); $req_uri = $_SERVER['REQUEST_URI']; $req_uri_lc = rs_wpss_casetrans('lower', $req_uri); $post_count = count($_POST); $ip = rs_wpss_get_ip_addr(); $user_agent = rs_wpss_get_user_agent(); $referer = rs_wpss_get_referrer(); /* IP / PROXY INFO - BEGIN */ global $wpss_ip_proxy_info; if (empty($wpss_ip_proxy_info)) { $wpss_ip_proxy_info = rs_wpss_ip_proxy_info(); } extract($wpss_ip_proxy_info); /* IP / PROXY INFO - END */ /* GEOLOCATION */ if ($post_count == 6 && isset($_POST['updatemylocation'], $_POST['log'], $_POST['lat'], $_POST['country'], $_POST['zip'], $_POST['myaddress'])) { return TRUE; } /* WP Remote */ if (defined('WPRP_PLUGIN_SLUG') && !empty($_POST['wpr_verify_key']) && preg_match("~\\ WP\\-Remote\$~", $user_agent) && preg_match("~\\.amazonaws\\.com\$~", $reverse_dns)) { return TRUE; } /* Ecommerce Plugins */ if ((rs_wpss_is_ssl() || !empty($_POST['add-to-cart']) || !empty($_POST['add_to_cart']) || !empty($_POST['addtocart']) || !empty($_POST['product-id']) || !empty($_POST['product_id']) || !empty($_POST['productid']) || preg_match("~^PayPal\\ IPN~", $user_agent) && preg_match("~(^|\\.)paypal\\.com\$~", $reverse_dns)) && rs_wpss_is_ecom_enabled()) { return TRUE; } /* WooCommerce Payment Gateways */ if (rs_wpss_is_woocom_enabled()) { if (preg_match("~^PayPal\\ IPN~", $user_agent) && preg_match("~(^|\\.)paypal\\.com\$~", $reverse_dns) || strpos($req_uri, 'WC_Gateway_Paypal') !== FALSE) { return TRUE; } if (preg_match("~(^|\\.)payfast\\.co\\.za\$~", $reverse_dns) || strpos($req_uri, 'wc-api') !== FALSE && strpos($req_uri, 'WC_Gateway_PayFast') !== FALSE) { return TRUE; } /* Plugin: 'woocommerce-gateway-payfast/gateway-payfast.php' */ if (preg_match("~((\\?|\\&)wc\\-api\\=WC_(Addons_)?Gateway_|/wc\\-api/.*WC_(Addons_)?Gateway_)~", $req_uri)) { return TRUE; } /* $wc_gateways = array( 'WC_Gateway_BACS', 'WC_Gateway_Cheque', 'WC_Gateway_COD', 'WC_Gateway_Paypal', 'WC_Addons_Gateway_Simplify_Commerce', 'WC_Gateway_Simplify_Commerce' ); */ } /* Easy Digital Downloads Payment Gateways */ if (defined('EDD_VERSION')) { if (preg_match("~^PayPal\\ IPN~", $user_agent) && preg_match("~(^|\\.)paypal\\.com\$~", $reverse_dns) || !empty($_GET['edd-listener']) && $_GET['edd-listener'] === 'IPN' || strpos($req_uri, 'edd-listener') !== FALSE && strpos($req_uri, 'IPN') !== FALSE) { return TRUE; } if (!empty($_GET['edd-listener']) && $_GET['edd-listener'] === 'amazon' || strpos($req_uri, 'edd-listener') !== FALSE && strpos($req_uri, 'amazon') !== FALSE) { return TRUE; } if (!empty($_GET['edd-listener']) || strpos($req_uri, 'edd-listener') !== FALSE) { return TRUE; } } /* Gravity Forms PayPal Payments Standard Add-On ( http://www.gravityforms.com/add-ons/paypal/ ) */ if (defined('GF_MIN_WP_VERSION') && defined('GF_PAYPAL_VERSION') || class_exists('GFForms') && class_exists('GF_PayPal_Bootstrap')) { if ($url === WPSS_SITE_URL . '/?page=gf_paypal_ipn' && isset($_POST['ipn_track_id'], $_POST['payer_id'], $_POST['receiver_id'], $_POST['txn_id'], $_POST['txn_type'], $_POST['verify_sign'])) { return TRUE; } } /* PayPal IPN */ if (isset($_POST['ipn_track_id'], $_POST['payer_id'], $_POST['payment_type'], $_POST['payment_status'], $_POST['receiver_id'], $_POST['txn_id'], $_POST['txn_type'], $_POST['verify_sign']) && FALSE !== strpos($req_uri_lc, 'paypal') && FALSE !== strpos($req_uri_lc, 'ipn') && $user_agent === 'PayPal IPN ( https://www.paypal.com/ipn )' && $reverse_dns === 'notify.paypal.com' && $fcrdns === '[Verified]') { return TRUE; } /* Clef */ if (defined('CLEF_VERSION')) { if (preg_match("~^Clef/[0-9](\\.[0-9]+)+\\ \\(https\\://getclef\\.com\\)\$~", $user_agent) && preg_match("~((^|\\.)clef\\.io|\\.amazonaws\\.com)\$~", $reverse_dns)) { return TRUE; } } /* OA Social Login */ if (defined('OA_SOCIAL_LOGIN_VERSION')) { $ref_dom_rev = strrev(rs_wpss_get_domain($referer)); $oa_dom_rev = strrev('api.oneall.com'); if ($post_count >= 4 && isset($_GET['oa_social_login_source'], $_POST['oa_action'], $_POST['oa_social_login_token'], $_POST['connection_token'], $_POST['identity_vault_key']) && $_POST['oa_action'] === 'social_login' && strpos($ref_dom_rev, $oa_dom_rev) === 0) { return TRUE; } } /* Nothing was triggered */ return FALSE; }