public static function counter_sm_short($atts = array()) { if (rs_wpss_is_admin_sproc()) { return NULL; } global $wpss_wid_inst; if (!isset($wpss_wid_inst)) { $wpss_wid_inst = 0; } ++$wpss_wid_inst; $counter_sm_option = $atts['style']; $counter_sm_option_max = 5; $counter_sm_option_min = 1; if (empty($counter_sm_option) || $counter_sm_option > $counter_sm_option_max || $counter_sm_option < $counter_sm_option_min) { $counter_sm_option = 1; } /*** * Display Small Counter * Implementation: [spamshieldcountersm style=1] or [spamshieldcountersm] where "style" is 1-5 ***/ $spamshield_count = !empty($atts['spamshield_count']) ? $atts['spamshield_count'] : rs_wpss_number_format(rs_wpss_count()); $counter_sm_div_height = array('0', '50', '50', '50', '50', '50'); $counter_sm_count_padding_top = array('0', '11', '11', '11', '11', '11'); $wpss_shortcode_content = ''; $wpss_shortcode_content .= WPSS_EOL . WPSS_EOL; $wpss_shortcode_content .= '<style type="text/css">' . WPSS_EOL; $wpss_shortcode_content .= '#rs_wpss_counter_sm_wrap_' . $wpss_wid_inst . ' {color:#ffffff;text-decoration:none;width:120px;}' . WPSS_EOL; $wpss_shortcode_content .= '#rs_wpss_counter_sm_' . $wpss_wid_inst . ' {background:url(' . WPSS_PLUGIN_COUNTER_URL . '/o/spamshield-counter-sm-bg-' . $counter_sm_option . '.png) no-repeat top left;height:' . $counter_sm_div_height[$counter_sm_option] . 'px;width:120px;overflow:hidden;border-style:none;color:#ffffff;font-family:Arial,Helvetica,sans-serif;font-weight:bold;line-height:100%;text-align:center;padding-top:' . $counter_sm_count_padding_top[$counter_sm_option] . 'px;}' . WPSS_EOL; $wpss_shortcode_content .= '</style>' . WPSS_EOL . WPSS_EOL; $wpss_shortcode_content .= '<div id="rs_wpss_counter_sm_wrap_' . $wpss_wid_inst . '" >' . WPSS_EOL . "\t"; $wpss_shortcode_content .= '<div id="rs_wpss_counter_sm_' . $wpss_wid_inst . '" >' . WPSS_EOL; $sip1c = substr(WPSS_SERVER_ADDR, 0, 1); if ($counter_sm_option >= 1 && $counter_sm_option <= 5) { if ($sip1c > '5') { $spamshield_counter_title_text = WPSS_Promo_Links::promo_text(9); } else { $spamshield_counter_title_text = WPSS_Promo_Links::promo_text(10); } $wpss_shortcode_content .= "\t" . '<strong style="color:#ffffff;font-family:Arial,Helvetica,sans-serif;font-weight:bold;line-height:100%;text-align:center;text-decoration:none;border-style:none;"><a href="' . WPSS_HOME_URL . '" style="color:#ffffff;font-family:Arial,Helvetica,sans-serif;font-weight:bold;text-decoration:none;border-style:none;" target="_blank" rel="external" title="' . $spamshield_counter_title_text . '" >' . WPSS_EOL; $wpss_shortcode_content .= "\t" . '<span style="color:#ffffff;font-size:18px !important;line-height:100% !important;font-family:Arial,Helvetica,sans-serif;font-weight:bold;text-decoration:none;border-style:none;">' . $spamshield_count . '</span><br />' . WPSS_EOL; $wpss_shortcode_content .= "\t" . '<span style="color:#ffffff;font-size:10px !important;line-height:120% !important;letter-spacing:1px;font-family:Arial,Helvetica,sans-serif;font-weight:bold;text-decoration:none;border-style:none;">' . WPSS_Promo_Links::promo_text(0) . '</span>' . WPSS_EOL; $wpss_shortcode_content .= "\t" . '</a></strong>' . WPSS_EOL; } $wpss_shortcode_content .= "\t" . '</div>' . WPSS_EOL; $wpss_shortcode_content .= '</div>' . WPSS_EOL; return $wpss_shortcode_content; }
function rs_wpss_contact_form($content = NULL, $shortcode_check = NULL) { /*** * Contact Form ***/ if (rs_wpss_is_admin_sproc()) { return $content; } $spamshield_contact_repl_text = array('<!--spamshield-contact-->', '<!--spamfree-contact-->'); $server_name = WPSS_SERVER_NAME; $email_domain = rs_wpss_get_email_domain($server_name); $wpss_contact_sender_email = 'wpspamshield.noreply@' . $email_domain; $wpss_contact_sender_name = __('Contact Form', WPSS_PLUGIN_NAME); /* IP / PROXY INFO - BEGIN */ global $wpss_ip_proxy_info; if (empty($wpss_ip_proxy_info)) { $wpss_ip_proxy_info = rs_wpss_ip_proxy_info(); } extract($wpss_ip_proxy_info); /* IP / PROXY INFO - END */ $user_agent = rs_wpss_get_user_agent(TRUE, FALSE); $user_agent_lc = rs_wpss_casetrans('lower', $user_agent); $user_agent_lc_word_count = rs_wpss_count_words($user_agent_lc); $user_http_accept = rs_wpss_get_http_accept(TRUE, FALSE); $user_http_accept_lc = rs_wpss_casetrans('lower', $user_http_accept); $user_http_accept_language = rs_wpss_get_http_accept(TRUE, FALSE, TRUE); $user_http_accept_language_lc = rs_wpss_casetrans('lower', $user_http_accept_language); $cf_url = $_SERVER['REQUEST_URI']; $cf_url_lc = rs_wpss_casetrans('lower', $cf_url); /* Detect Incapsula, and disable rs_wpss_ubl_cache - 1.8.9.6 */ if (strpos($reverse_dns_lc, '.ip.incapdns.net') !== FALSE) { update_option('spamshield_ubl_cache_disable', TRUE); } /* Moved Back URL here to make available to rest of contact form back end - v 1.5.5 */ if (strpos($cf_url_lc, '&form=response') !== FALSE) { $cf_back_url = str_replace('&form=response', '', $cf_url); } elseif (strpos($cf_url_lc, '?form=response') !== FALSE) { $cf_back_url = str_replace('?form=response', '', $cf_url); } $cf_query_op = !empty($_SERVER['QUERY_STRING']) ? '&' : '?'; $get_form = !empty($_GET['form']) ? $_GET['form'] : ''; $post_jsonst = !empty($_POST[WPSS_JSONST]) ? trim($_POST[WPSS_JSONST]) : ''; $post_ref2xjs = !empty($_POST[WPSS_REF2XJS]) ? trim($_POST[WPSS_REF2XJS]) : ''; $post_jsonst_lc = rs_wpss_casetrans('lower', $post_jsonst); $post_ref2xjs_lc = rs_wpss_casetrans('lower', $post_ref2xjs); $ref2xjs_lc = rs_wpss_casetrans('lower', WPSS_REF2XJS); $wpss_error_code = $cf_content = ''; if (is_page() && in_the_loop() && is_main_query() && (!is_home() && !is_feed() && !is_archive() && !is_search() && !is_404())) { /* Modified 1.7.7, 1.9.5.6 */ /* MAKE SURE WE ONLY SHOW THE FORM IN THE RIGHT PLACE */ global $spamshield_options; if (empty($spamshield_options)) { $spamshield_options = get_option('spamshield_options'); } extract($spamshield_options); $wpss_ck_key_bypass = $wpss_js_key_bypass = FALSE; $wpss_key_values = rs_wpss_get_key_values(); extract($wpss_key_values); $wpss_jsck_cookie_val = !empty($_COOKIE[$wpss_ck_key]) ? $_COOKIE[$wpss_ck_key] : ''; $wpss_jsck_field_val = !empty($_POST[$wpss_js_key]) ? $_POST[$wpss_js_key] : ''; $wpss_jsck_jquery_val = !empty($_POST[$wpss_jq_key]) ? $_POST[$wpss_jq_key] : ''; $form_response_thank_you_message = trim(stripslashes($spamshield_options['form_response_thank_you_message'])); $form_require_website_sess_ovr = 0; /* SESSION Override - Added 1.7.8 */ if (!empty($_SESSION['form_require_website_' . WPSS_HASH])) { $form_require_website_sess_ovr = 1; } else { $_SESSION['form_require_website_' . WPSS_HASH] = 0; } if (empty($form_require_website) && !empty($form_require_website_sess_ovr)) { $form_require_website = 1; } $form_include = array('website' => array('i' => $form_include_website, 'r' => $form_require_website), 'phone' => array('i' => $form_include_phone, 'r' => $form_require_phone), 'company' => array('i' => $form_include_company, 'r' => $form_require_company)); $form_drop_down_menu_item = array('', $form_drop_down_menu_item_1, $form_drop_down_menu_item_2, $form_drop_down_menu_item_3, $form_drop_down_menu_item_4, $form_drop_down_menu_item_5, $form_drop_down_menu_item_6, $form_drop_down_menu_item_7, $form_drop_down_menu_item_8, $form_drop_down_menu_item_9, $form_drop_down_menu_item_10); if ($form_message_width < 40) { $form_message_width = 40; } if ($form_message_height < 5) { $form_message_height = 5; } elseif (empty($form_message_height)) { $form_message_height = 10; } if ($form_message_min_length < 15) { $form_message_min_length = 15; } elseif (empty($form_message_min_length)) { $form_message_min_length = 25; } $form_message_max_length = 25600; /* 25kb */ if ($get_form === 'response' && ($_SERVER['REQUEST_METHOD'] !== 'POST' || empty($_POST))) { /*** * 1 - PRE-CHECK FOR BLANK FORMS * REQUEST_METHOD not POST or empty $_POST - Not a legitimate contact form submission - likely a bot scraping the site * Added in v 1.5.5 to conserve server resources ***/ $error_txt = rs_wpss_error_txt(); $wpss_error = $error_txt . ':'; $cf_content = '<p><strong>' . $wpss_error . ' ' . __('Please return to the contact form and fill out all required fields.', WPSS_PLUGIN_NAME) . '</strong></p><p> </p>' . WPSS_EOL; $content_new = str_replace($content, $cf_content, $content); $content_shortcode = $cf_content; } elseif ($get_form === 'response') { /*** * 2 - RESPONSE PAGE - FORM HAS BEEN SUBMITTED * CONTACT FORM BACK END - BEGIN ***/ $wpss_whitelist = $wp_blacklist = $message_spam = $blank_field = $invalid_value = $restricted_url = $restricted_email = $bad_email = $bad_phone = $bad_company = $message_short = $message_long = $cf_jsck_error = $cf_badrobot_error = $cf_spam_loc = $cf_domain_spam_loc = $generic_spam_company = $free_email_address = 0; $combo_spam_signal_1 = $combo_spam_signal_2 = $combo_spam_signal_3 = $bad_phone_spammer = 0; $wpss_user_blacklisted_prior_cf = 0; /* TO DO: Add here */ /* PROCESSING CONTACT FORM - BEGIN */ $wpss_contact_name = $wpss_contact_email = $wpss_contact_website = $wpss_contact_phone = $wpss_contact_company = $wpss_contact_drop_down_menu = $wpss_contact_subject = $wpss_contact_message = $wpss_raw_contact_message = ''; $wpss_contact_time = microtime(TRUE); $cf_author_data = array(); if (strpos(WPSS_SERVER_NAME_REV, WPSS_DEBUG_SERVER_NAME_REV) === 0) { global $wpss_geolocation; if (empty($wpss_geolocation)) { $wpss_geolocation = rs_wpss_wf_geoiploc($ip, TRUE); } } else { global $wpss_geoloc_short; if (empty($wpss_geoloc_short)) { $wpss_geoloc_short = rs_wpss_wf_geoiploc_short($ip); } } if (!empty($_POST['wpss_contact_name'])) { $wpss_contact_name = sanitize_text_field($_POST['wpss_contact_name']); } if (!empty($_POST['wpss_contact_email'])) { $wpss_contact_email = sanitize_email($_POST['wpss_contact_email']); } $wpss_contact_email_lc = rs_wpss_casetrans('lower', $wpss_contact_email); $wpss_contact_email_lc_rev = strrev($wpss_contact_email_lc); if (!empty($_POST['wpss_contact_website'])) { $wpss_contact_website = esc_url_raw($_POST['wpss_contact_website']); } $wpss_contact_website_lc = rs_wpss_casetrans('lower', $wpss_contact_website); $wpss_contact_domain = rs_wpss_get_domain($wpss_contact_website_lc); $wpss_contact_domain_rev = strrev($wpss_contact_domain); if (!empty($_POST['wpss_contact_phone'])) { $wpss_contact_phone = sanitize_text_field($_POST['wpss_contact_phone']); } if (!empty($_POST['wpss_contact_company'])) { $wpss_contact_company = sanitize_text_field($_POST['wpss_contact_company']); } $wpss_contact_company_lc = rs_wpss_casetrans('lower', $wpss_contact_company); $wpss_common_spam_countries = array('india', 'china', 'russia', 'ukraine', 'pakistan', 'turkey'); /* Most common sources of human spam */ $wpss_common_spam_ccodes = array('IN', 'CN', 'RU', 'UA', 'PK', 'TR'); $wpss_contact_company_lc_nc = trim(str_replace($wpss_common_spam_countries, '', $wpss_contact_company_lc)); /* Remove country names for testing */ if (!empty($_POST['wpss_contact_drop_down_menu'])) { $wpss_contact_drop_down_menu = sanitize_text_field($_POST['wpss_contact_drop_down_menu']); } if (!empty($_POST['wpss_contact_subject'])) { $wpss_contact_subject = sanitize_text_field($_POST['wpss_contact_subject']); } $wpss_contact_subject_lc = rs_wpss_casetrans('lower', $wpss_contact_subject); if (!empty($_POST['wpss_contact_message'])) { $wpss_contact_message = sanitize_text_field($_POST['wpss_contact_message']); /* body_content */ $wpss_raw_contact_message = trim($_POST['wpss_contact_message']); /* body_content_unsan */ } $wpss_contact_message_lc = rs_wpss_casetrans('lower', $wpss_contact_message); /* body_content_lc */ $wpss_raw_contact_message_lc = rs_wpss_casetrans('lower', $wpss_raw_contact_message); $wpss_raw_contact_message_lc_deslashed = stripslashes($wpss_raw_contact_message_lc); $wpss_contact_extracted_urls = rs_wpss_parse_links($wpss_raw_contact_message_lc_deslashed, 'url'); /* Parse message content for all URLs */ $wpss_contact_num_links = count($wpss_contact_extracted_urls); /* Count extracted URLS from body content - Added 1.8.4 */ $wpss_contact_num_limit = 10; /* Max number of links in message body content */ $message_length = rs_wpss_strlen($wpss_contact_message); $cf_author_data['body_content_len'] = $message_length; $cf_author_data['comment_author'] = $wpss_contact_name; $cf_author_data['comment_author_email'] = $wpss_contact_email_lc; $cf_author_data['comment_author_url'] = $wpss_contact_website_lc; $wpss_contact_id_str = $wpss_contact_email_lc . '_' . $ip . '_' . $wpss_contact_time; /* Email/IP/Time */ $wpss_contact_id_hash = rs_wpss_md5($wpss_contact_id_str); $key_contact_status = 'contact_status_' . $wpss_contact_id_hash; /* Update Session Vars */ $key_comment_auth = 'comment_author_' . WPSS_HASH; $key_comment_email = 'comment_author_email_' . WPSS_HASH; $key_comment_url = 'comment_author_url_' . WPSS_HASH; $_SESSION[$key_comment_auth] = $wpss_contact_name; $_SESSION[$key_comment_email] = $wpss_contact_email_lc; $_SESSION[$key_comment_url] = $wpss_contact_website_lc; $_SESSION[$key_contact_status] = 'INITIATED'; /* Add New Tests for Logging - BEGIN */ if (!empty($post_ref2xjs)) { $ref2xJS = rs_wpss_casetrans('lower', addslashes(urldecode($post_ref2xjs))); $ref2xJS = str_replace('%3a', ':', $ref2xJS); $ref2xJS = str_replace(' ', '+', $ref2xJS); $wpss_javascript_page_referrer = esc_url_raw($ref2xJS); } else { $wpss_javascript_page_referrer = '[None]'; } if ($post_jsonst_lc === 'ns1' || $post_jsonst_lc === 'ns2' || $post_jsonst_lc === 'ns3' || $post_jsonst_lc === 'ns4' || $post_jsonst_lc === 'ns5') { $wpss_jsonst = $post_jsonst; } else { $wpss_jsonst = '[None]'; } $cf_author_data['javascript_page_referrer'] = $wpss_javascript_page_referrer; $cf_author_data['jsonst'] = $wpss_jsonst; unset($wpss_javascript_page_referrer, $wpss_jsonst); /* Add New Tests for Logging - END */ /* PROCESSING CONTACT FORM - END */ /* FORM INFO - BEGIN */ if (!empty($form_message_recipient)) { $wpss_contact_form_to = $form_message_recipient; } else { $wpss_contact_form_to = get_option('admin_email'); } $wpss_contact_form_to_name = $wpss_contact_form_to; $wpss_contact_form_subject = '[' . __('Website Contact', WPSS_PLUGIN_NAME) . '] ' . $wpss_contact_subject; $wpss_contact_form_msg_headers = "From: {$wpss_contact_sender_name} <{$wpss_contact_sender_email}>" . "\r\n" . "Reply-To: {$wpss_contact_name} <{$wpss_contact_email_lc}>" . "\r\n" . "Content-Type: text/plain\r\n"; $wpss_contact_form_blog = WPSS_SITE_URL; /* Another option: "Content-Type: text/html" */ /* FORM INFO - END */ /* TEST TO PREVENT CONTACT FORM SPAM - BEGIN */ /* Check if user is blacklisted prior to submitting contact form */ if (rs_wpss_ubl_cache()) { $wpss_user_blacklisted_prior_cf = 1; } /* TESTING CONTACT FORM SUBMISSION FOR SPAM - BEGIN */ /* JS/CK Tests - BEGIN */ if (TRUE === WPSS_COMPAT_MODE || defined('WPSS_SOFT_COMPAT_MODE')) { /* 1.9.1 */ $wpss_ck_key_bypass = TRUE; } if (FALSE === $wpss_ck_key_bypass) { if ($wpss_jsck_cookie_val !== $wpss_ck_val) { $wpss_error_code .= ' CF-COOKIE-2'; $cf_jsck_error = TRUE; } } if (FALSE === $wpss_js_key_bypass) { /* 1.8.9 */ if ($wpss_jsck_field_val !== $wpss_js_val) { $wpss_error_code .= ' CF-FVFJS-2'; $cf_jsck_error = TRUE; } } if ($post_jsonst_lc === 'ns1' || $post_jsonst_lc === 'ns2' || $post_jsonst_lc === 'ns3' || $post_jsonst_lc === 'ns4' || $post_jsonst_lc === 'ns5') { $wpss_error_code .= ' CF-JSONST-1000-2'; $cf_jsck_error = TRUE; } /* JS/CK Tests - END */ /*** * WPSS Whitelist Check - BEGIN * Test WPSS Whitelist if option set ***/ if (!empty($spamshield_options['enable_whitelist']) && empty($wpss_error_code) && rs_wpss_whitelist_check($wpss_contact_email_lc)) { $wpss_whitelist = 1; } /* WPSS Whitelist Check - END */ /* TO DO: REWORK SO THAT IF FAILS COOKIE TEST, TESTS ARE COMPLETE */ /* ERROR CHECKING */ $cf_blacklist_status = $contact_response_status_message_addendum = ''; /* TO DO: Switch this old code to REGEX */ $cf_spam_1_count = rs_wpss_substr_count($wpss_contact_message_lc, 'link'); $cf_spam_1_limit = 7; $cf_spam_2_count = rs_wpss_substr_count($wpss_contact_message_lc, 'link building'); $cf_spam_2_limit = 3; $cf_spam_3_count = rs_wpss_substr_count($wpss_contact_message_lc, 'link exchange'); $cf_spam_3_limit = 2; $cf_spam_4_count = rs_wpss_substr_count($wpss_contact_message_lc, 'link request'); $cf_spam_4_limit = 1; $cf_spam_5_count = rs_wpss_substr_count($wpss_contact_message_lc, 'link building service'); $cf_spam_5_limit = 2; $cf_spam_6_count = rs_wpss_substr_count($wpss_contact_message_lc, 'link building experts india'); $cf_spam_6_limit = 0; $cf_spam_7_count = rs_wpss_substr_count($wpss_contact_message_lc, 'india'); $cf_spam_7_limit = 1; $cf_spam_8_count = rs_wpss_substr_count($wpss_contact_message_lc, 'can you outsource some seo business to us? we will work according to you and your clients and for a long term relationship we can start our SEO services in only $99 per month per website. looking forward for your positive reply'); $cf_spam_8_limit = 0; $cf_spam_9_count = rs_wpss_substr_count($wpss_contact_message_lc, 'can you outsource some seo business to us'); $cf_spam_9_limit = 0; $cf_spam_10_count = rs_wpss_substr_count($wpss_contact_message_lc, 'outsource some seo business'); $cf_spam_10_limit = 0; $cf_spam_11_count = rs_wpss_substr_count($wpss_contact_message_lc, 'hit4hit.org'); $cf_spam_11_limit = 1; $cf_spam_12_count = rs_wpss_substr_count($wpss_contact_message_lc, 'traffic exchange'); $cf_spam_12_limit = 1; /* Check if Subject seems spammy */ $subject_blacklisted_count = 0; $cf_spam_subj_arr = array('link request', 'link exchange', 'seo service $99 per month', 'seo services $99 per month', 'seo services @ $99 per month', 'partnership with offshore development center'); $cf_spam_subj_arr_regex = rs_wpss_get_regex_phrase($cf_spam_subj_arr, '', 'red_str'); if (preg_match($cf_spam_subj_arr_regex, $wpss_contact_subject_lc)) { $subject_blacklisted = TRUE; $subject_blacklisted_count = 1; } else { $subject_blacklisted = FALSE; } /* Check if Content seems spammy */ if (rs_wpss_cf_content_blacklist_chk($wpss_contact_message_lc)) { $content_blacklisted = TRUE; $wpss_error_code .= ' CF-10400C-BL'; } else { $content_blacklisted = FALSE; } /* Check if email is blacklisted */ if (empty($wpss_whitelist) && rs_wpss_email_blacklist_chk($wpss_contact_email_lc)) { $email_blacklisted = TRUE; $wpss_error_code .= ' CF-9200E-BL'; } else { $email_blacklisted = FALSE; } /* Website - Check if domain is blacklisted */ if (empty($wpss_whitelist) && rs_wpss_domain_blacklist_chk($wpss_contact_domain)) { $domain_blacklisted = TRUE; $wpss_error_code .= ' CF-10500AU-BL'; } else { $domain_blacklisted = FALSE; } /* Website - URL Shortener Check - Added in 1.3.8 */ if (empty($wpss_whitelist) && rs_wpss_urlshort_blacklist_chk($wpss_contact_website_lc)) { $website_shortened_url = TRUE; $wpss_error_code .= ' CF-10501AU-BL'; } else { $website_shortened_url = FALSE; } /* Website - Excessively Long URL Check (Obfuscated & Exploit) - Added in 1.3.8 */ if (empty($wpss_whitelist) && rs_wpss_long_url_chk($wpss_contact_website_lc)) { $website_long_url = TRUE; $wpss_error_code .= ' CF-10502AU-BL'; } else { $website_long_url = FALSE; } /*** * Spam URL Check - Check for URL Shorteners, Bogus Long URLs, and Misc Spam Domains if( empty( $wpss_whitelist ) && rs_wpss_at_link_spam_url_chk( $wpss_contact_website_lc ) ) { $website_spam_url = TRUE; $wpss_error_code .= ' CF-10510AU-BL'; } else { $website_spam_url = FALSE; } ***/ /* Add Misc Spam URLs next... */ /* Check Website URL for Exploits - Ignores Whitelist */ if (rs_wpss_exploit_url_chk($wpss_contact_website_lc)) { $website_exploit_url = TRUE; $wpss_error_code .= ' CF-15000AU-XPL'; /* Added in 1.4 */ } else { $website_exploit_url = FALSE; } /* Body Content - Check for excessive number of links in message ( body_content ) - Added 1.8.4 */ if (empty($wpss_whitelist) && $wpss_contact_num_links > $wpss_contact_num_limit) { $content_excess_links = TRUE; $wpss_error_code .= ' CF-1-HT'; } else { $content_excess_links = FALSE; } /* Body Content - Parse URLs and check for URL Shortener Links - Added in 1.3.8 */ if (empty($wpss_whitelist) && rs_wpss_cf_link_spam_url_chk($wpss_raw_contact_message_lc_deslashed, $wpss_contact_email_lc)) { $content_shortened_url = TRUE; $wpss_error_code .= ' CF-10530CU-BL'; } else { $content_shortened_url = FALSE; } /* Check all URL's in Body Content for Exploits - Ignores Whitelist */ if (rs_wpss_exploit_url_chk($wpss_contact_extracted_urls)) { $content_exploit_url = TRUE; $wpss_error_code .= ' CF-15000CU-XPL'; /* Added in 1.4 */ } else { $content_exploit_url = FALSE; } $cf_spam_term_total = $cf_spam_1_count + $cf_spam_2_count + $cf_spam_3_count + $cf_spam_4_count + $cf_spam_7_count + $cf_spam_10_count + $cf_spam_11_count + $cf_spam_12_count + $subject_blacklisted_count; $cf_spam_term_total_limit = 15; if (strpos($reverse_dns_lc_rev, 'ni.') === 0 || strpos($reverse_dns_lc_rev, 'ur.') === 0 || strpos($reverse_dns_lc_rev, 'kp.') === 0 || strpos($reverse_dns_lc_rev, 'nc.') === 0 || strpos($reverse_dns_lc_rev, 'au.') === 0 || strpos($reverse_dns_lc_rev, 'rt.') === 0 || preg_match("~^1\\.22\\.2(19|20|23)\\.~", $ip) || strpos($reverse_dns_lc_rev, '.aidni-tenecap.')) { $cf_spam_loc = 1; /* TO DO: Add more, switch to Regex */ } elseif (strpos($wpss_contact_email_lc_rev, 'ni.') === 0 || strpos($wpss_contact_email_lc_rev, 'ur.') === 0 || strpos($wpss_contact_email_lc_rev, 'kp.') === 0 || strpos($wpss_contact_email_lc_rev, 'nc.') === 0 || strpos($wpss_contact_email_lc_rev, 'au.') === 0 || strpos($wpss_contact_email_lc_rev, 'rt.') === 0) { $cf_spam_loc = 2; /* TO DO: Add more, switch to Regex */ } elseif (strpos($wpss_contact_domain_rev, 'ni.') === 0 || strpos($wpss_contact_domain_rev, 'ur.') === 0 || strpos($wpss_contact_domain_rev, 'kp.') === 0 || strpos($wpss_contact_domain_rev, 'nc.') === 0 || strpos($wpss_contact_domain_rev, 'au.') === 0 || strpos($wpss_contact_domain_rev, 'rt.') === 0) { $cf_spam_loc = 3; /* TO DO: Add more, switch to Regex */ } else { global $wpss_geoiploc_data; if (empty($wpss_geoiploc_data)) { $wpss_geoiploc_data = rs_wpss_wf_geoiploc($ip); } if (!empty($wpss_geoiploc_data)) { extract($wpss_geoiploc_data); } if (!empty($countryCode) && in_array($countryCode, $wpss_common_spam_ccodes)) { $cf_spam_loc = 4; /* TO DO: Add more, switch to Regex */ } } if (strpos(WPSS_SERVER_NAME_REV, 'ni.') === 0 || strpos(WPSS_SERVER_NAME_REV, 'ur.') === 0 || strpos(WPSS_SERVER_NAME_REV, 'kp.') === 0 || strpos(WPSS_SERVER_NAME_REV, 'nc.') === 0 || strpos(WPSS_SERVER_NAME_REV, 'au.') === 0 || strpos(WPSS_SERVER_NAME_REV, 'rt.') === 0) { $cf_domain_spam_loc = 1; /* TO DO: Add more, switch to Regex */ } if (!empty($form_include_company) && !empty($wpss_contact_company_lc) && preg_match("~^(se(o|m)|(search\\s*engine|internet|web)\\s*(optimi[zs](a[tc]ion|ing|er)|market(ing|er))|it|informa[tc]ions?\\s*tech?nolog(y|i[ea]?)|(se(o|m)|((search\\s*engine|internet|web)\\s*)?(optimi[zs](a[tc]ion|ing|er)|market(ing|er))|web\\s*(design(er|ing)?|develop(ment|er|ing))|(content\\s*|copy\\s*)?(writ|right)(er?|ing)|it|informa[tc]ions?\\s*tech?nolog(y|i[ea]?))s?\\s*(comp(an|na)y|firm|services?|freelanc(er?|ing))|(comp(an|na)y|firm|services?|freelanc(er?|ing))\\s*(se(o|m)|((search\\s*engine|internet|web)\\s*)?(optimi[zs](a[tc]ion|ing|er)|market(ing|er))|web\\s*(design(er|ing)?|develop(ment|er|ing))|(content\\s*|copy\\s*)?(writ|right)(er?|ing)|it|informa[tc]ions?\\s*tech?nolog(y|i[ea]?))s?)\$~", $wpss_contact_company_lc_nc)) { $generic_spam_company = 1; } if (rs_wpss_is_free_email($wpss_contact_email_lc)) { $free_email_address = 1; } /* Combo Tests - Pre */ if (preg_match("~((reply|email\\s+us)\\s+back\\s+to\\s+get\\s+(a\\s+)?full\\s+proposal\\.\$|can\\s+you\\s+outsource\\s+some\\s+seo\\s+business\\s+to\\s+us|humble\\s+request\\s+we\\s+are\\s+not\\s+spammers\\.|if\\s+by\\s+sending\\s+this\\s+email\\s+we\\s+have\\s+made\\s+(an\\s+)?offense\\s+to\\s+you|if\\s+you\\s+are\\s+not\\s+interested\\s+then\\s+please\\s+(do\\s+)?reply\\s+back\\s+as|in\\s+order\\s+to\\s+stop\\s+receiving\\s+(such\\s+)?emails\\s+from\\s+us\\s+in\\s+(the\\s+)?future\\s+please\\s+reply\\s+with|if\\s+you\\s+do\\s+not\\s+wish\\s+to\\s+receive\\s+further\\s+emails\\s+(kindly\\s+)?reply\\s+with)~", $wpss_contact_message_lc)) { $combo_spam_signal_1 = 1; } if (preg_match("~^(get|want)\\s+more\\s+(customer|client|visitor)s?\\s+(and|\\&|or)\\s+(customer|client|visitor)s?\\?+\$~", $wpss_contact_subject_lc)) { $combo_spam_signal_2 = 1; } if (preg_match("~(?:^|[,;\\.\\!\\?\\s]+)india(?:[,;\\.\\!\\?\\s]+|\$)~", $wpss_contact_message_lc)) { preg_match_all("~(?:^|[,;\\.\\!\\?\\s]+)(SEO)(?:[,;\\.\\!\\?\\s]+|\$)~", $wpss_contact_message, $matches_raw, PREG_PATTERN_ORDER); $spam_signal_3_matches = $matches_raw[1]; /* Array containing matches parsed from haystack text ($wpss_contact_message) */ $spam_signal_3_matches_count = count($spam_signal_3_matches); /* Changed from 7 to 2 occurrences - 1.6.2 */ if ($spam_signal_3_matches_count > 1) { $combo_spam_signal_3 = 1; } } if (preg_match("~^(01[2-9]){3}0\$~", $wpss_contact_phone)) { $bad_phone_spammer = 1; } /* Combo Tests */ if (empty($wpss_whitelist) && ($cf_spam_term_total > $cf_spam_term_total_limit || $cf_spam_1_count > $cf_spam_1_limit || $cf_spam_2_count > $cf_spam_2_limit || $cf_spam_5_count > $cf_spam_5_limit || $cf_spam_6_count > $cf_spam_6_limit || $cf_spam_10_count > $cf_spam_10_limit) && !empty($cf_spam_loc)) { $message_spam = 1; $wpss_error_code .= ' CF-MSG-SPAM1'; $contact_response_status_message_addendum .= '• ' . __('Message appears to be spam.', WPSS_PLUGIN_NAME) . ' ' . __('Please note that link requests, link exchange requests, and SEO outsourcing requests will be automatically deleted, and are not an acceptable use of this contact form.', WPSS_PLUGIN_NAME) . '<br /> <br />'; } elseif (empty($wpss_whitelist) && (!empty($subject_blacklisted) || !empty($content_blacklisted) || $cf_spam_8_count > $cf_spam_8_limit || $cf_spam_9_count > $cf_spam_9_limit || $cf_spam_11_count > $cf_spam_11_limit || $cf_spam_12_count > $cf_spam_12_limit || !empty($email_blacklisted) || !empty($domain_blacklisted) || !empty($website_shortened_url) || !empty($website_long_url) || !empty($website_exploit_url) || !empty($content_excess_links) || !empty($content_shortened_url) || !empty($content_exploit_url))) { $message_spam = 1; $wpss_error_code .= ' CF-MSG-SPAM2'; $contact_response_status_message_addendum .= '• ' . __('Message appears to be spam.', WPSS_PLUGIN_NAME) . ' ' . __('Please note that link requests, link exchange requests, and SEO outsourcing/offshoring spam will be automatically deleted, and are not an acceptable use of this contact form.', WPSS_PLUGIN_NAME) . '<br /> <br />'; } elseif (empty($wpss_whitelist) && !empty($cf_spam_loc) && empty($cf_domain_spam_loc) && !empty($free_email_address) && (!empty($generic_spam_company) || !empty($combo_spam_signal_1) || !empty($combo_spam_signal_2) || !empty($bad_phone_spammer))) { $message_spam = 1; $wpss_error_code .= ' CF-MSG-SPAM3'; $contact_response_status_message_addendum .= '• ' . __('Message appears to be spam.', WPSS_PLUGIN_NAME) . ' ' . __('Please note that link requests, link exchange requests, and SEO outsourcing/offshoring spam will be automatically deleted, and are not an acceptable use of this contact form.', WPSS_PLUGIN_NAME) . '<br /> <br />'; /* Blacklist on failure - future attempts blocked */ rs_wpss_ubl_cache('set'); } elseif (empty($wpss_whitelist) && !empty($generic_spam_company) && !empty($combo_spam_signal_3)) { $message_spam = 1; $wpss_error_code .= ' CF-MSG-SPAM4'; $contact_response_status_message_addendum .= '• ' . __('Message appears to be spam.', WPSS_PLUGIN_NAME) . ' ' . __('Please note that link requests, link exchange requests, and SEO outsourcing/offshoring spam will be automatically deleted, and are not an acceptable use of this contact form.', WPSS_PLUGIN_NAME) . '<br /> <br />'; /* Blacklist on failure - future attempts blocked */ rs_wpss_ubl_cache('set'); } elseif (empty($wpss_whitelist) && !empty($generic_spam_company) && !empty($free_email_address)) { /* BOTH are odd as legit companies include their name and don't use free email */ $message_spam = 1; $wpss_error_code .= ' CF-MSG-SPAM5'; $contact_response_status_message_addendum .= '• ' . __('Message appears to be spam.', WPSS_PLUGIN_NAME) . ' ' . __('Please note that link requests, link exchange requests, and SEO outsourcing/offshoring spam will be automatically deleted, and are not an acceptable use of this contact form.', WPSS_PLUGIN_NAME) . '<br /> <br />'; /* Blacklist on failure - future attempts blocked */ rs_wpss_ubl_cache('set'); } if (empty($wpss_contact_name) || empty($wpss_contact_email) || empty($wpss_contact_subject) || empty($wpss_contact_message) || !empty($form_include_website) && !empty($form_require_website) && empty($wpss_contact_website) || !empty($form_include_phone) && !empty($form_require_phone) && empty($wpss_contact_phone) || !empty($form_include_company) && !empty($form_require_company) && empty($wpss_contact_company) || !empty($form_include_drop_down_menu) && !empty($form_drop_down_menu_title) && !empty($form_drop_down_menu_item_1) && !empty($form_drop_down_menu_item_2) && empty($wpss_contact_drop_down_menu)) { $blank_field = 1; $wpss_error_code .= ' CF-BLANKFIELD'; $contact_response_status_message_addendum .= '• ' . __('At least one required field was left blank.', WPSS_PLUGIN_NAME) . '<br /> <br />'; } if (strpos(WPSS_SERVER_NAME_REV, WPSS_DEBUG_SERVER_NAME_REV) === 0) { if ($wpss_contact_domain === WPSS_SERVER_NAME && (!rs_wpss_is_admin_ip($ip) || !empty($cf_spam_loc))) { $invalid_value = 1; $restricted_url = 1; $wpss_error_code .= ' CF-RESTR-URL'; /* TO DO: TRANSLATE */ $contact_response_status_message_addendum .= '• ' . __('Please enter a valid website.', WPSS_PLUGIN_NAME) . ' ' . __('Please use <em>your</em> company website URL, not ours.', WPSS_PLUGIN_NAME) . '<br /> <br />'; /*** * Bump user spam count to 5 ***/ if (empty($_SESSION['user_spamshield_count_' . WPSS_HASH]) || $_SESSION['user_spamshield_count_' . WPSS_HASH] < 5) { $_SESSION['user_spamshield_count_' . WPSS_HASH] = 5; } } } if (strpos(WPSS_SERVER_NAME_REV, WPSS_DEBUG_SERVER_NAME_REV) === 0) { $wpss_debug_server_rgx = rs_wpss_preg_quote(ltrim(WPSS_DEBUG_SERVER_NAME, '.')); if (preg_match("~@{$wpss_debug_server_rgx}\$~", $wpss_contact_email) && (!rs_wpss_is_admin_ip($ip) || !empty($cf_spam_loc))) { $invalid_value = 1; $restricted_email = 1; $wpss_error_code .= ' CF-RESTR-EMAIL'; /* TO DO: TRANSLATE */ $contact_response_status_message_addendum .= '• ' . __('Please enter a valid email address.') . ' ' . __('Please use <em>your</em> email address, not one of ours.', WPSS_PLUGIN_NAME) . '<br /> <br />'; /*** * Bump user spam count to 5 ***/ if (empty($_SESSION['user_spamshield_count_' . WPSS_HASH]) || $_SESSION['user_spamshield_count_' . WPSS_HASH] < 5) { $_SESSION['user_spamshield_count_' . WPSS_HASH] = 5; } } } if (!is_email($wpss_contact_email)) { $invalid_value = 1; $bad_email = 1; $wpss_error_code .= ' CF-INVAL-EMAIL'; $contact_response_status_message_addendum .= '• ' . __('Please enter a valid email address.') . '<br /> <br />'; } /* TO DO: RE-WORK THIS SECTION */ $wpss_contact_phone_zero = str_replace(array('0120120120', '0130130130', '123456', ' ', '0', '-', '(', ')', '+', 'N/A', 'NA', 'n/a', 'na'), '', $wpss_contact_phone); $wpss_contact_phone_clean = preg_replace("~[^0-9]+~", "", $wpss_contact_phone); $phone_length = rs_wpss_strlen($wpss_contact_phone_clean); /* Min = 5 */ if (!empty($form_require_phone) && !empty($form_include_phone) && (empty($wpss_contact_phone_zero) || !empty($bad_phone_spammer) || $phone_length < 5 || strpos($wpss_contact_phone, '123456') === 0 || strpos($wpss_contact_phone, '0123456') === 0 || strpos($wpss_contact_phone, '1234567') !== FALSE)) { $invalid_value = 1; $bad_phone = 1; $wpss_error_code .= ' CF-INVAL-PHONE'; $contact_response_status_message_addendum .= '• ' . __('Please enter a valid phone number.', WPSS_PLUGIN_NAME) . '<br /> <br />'; } $wpss_contact_company_zero = str_replace(array(' ', '0', '-', '(', ')', '+', 'N/A', 'NA', 'n/a', 'na'), '', $wpss_contact_company_lc); if (!empty($form_require_company) && !empty($form_include_company) && (empty($wpss_contact_company_zero) || preg_match("~(^https?\\:/+|^(0+|company|confidential|empty|f**k\\s*you|invalid|na|n/a|nada|negative|nein|no|non|none|nothing|null|nyet|private|personal|restricted|secret|unknown|void)\$)~", $wpss_contact_company_lc))) { $invalid_value = 1; $bad_company = 1; $wpss_error_code .= ' CF-INVAL-COMPANY'; $contact_response_status_message_addendum .= '• ' . __('Please enter a valid company.', WPSS_PLUGIN_NAME) . '<br /> <br />'; } /* Spammers using one of Google's official domains as their URL */ if (!empty($form_include_website) && (!empty($generic_spam_company) && strpos($reverse_dns_lc, 'google') === FALSE && strpos($reverse_dns_lc, 'blogger') === FALSE && !rs_wpss_is_google_ip($ip)) && rs_wpss_is_google_domain($wpss_contact_domain)) { $invalid_value = 1; $bad_website = 1; $wpss_error_code .= ' CF-INVAL-URL-G'; /* TO DO: TRANSLATE */ $contact_response_status_message_addendum .= '• ' . __('Please enter a valid website.', WPSS_PLUGIN_NAME) . ' ' . __('Please use <em>your</em> company website URL, not Google\'s.', WPSS_PLUGIN_NAME) . '<br /> <br />'; /*** * The only reason we're even putting up with these fools is to honeypot them. * Also, now makes website field required temporarily for this SESSION. ***/ $_SESSION['form_require_website_' . WPSS_HASH] = 1; } if ($message_length < $form_message_min_length) { $message_short = 1; $wpss_error_code .= ' CF-MSG-SHORT'; $contact_response_status_message_addendum .= '• ' . __('Message too short. Please enter a complete message.', WPSS_PLUGIN_NAME) . '<br /> <br />'; } if ($message_length > $form_message_max_length) { $message_long = 1; $wpss_error_code .= ' CF-MSG-LONG'; $contact_response_status_message_addendum .= '• ' . __('Message too long. Please enter a shorter message.', WPSS_PLUGIN_NAME) . '<br /> <br />'; } /*** * BAD ROBOT TEST - BEGIN * This replaces previous CF-REF-2-1023 test and previous rs_wpss_revdns_filter() here. ***/ $bad_robot_filter_data = rs_wpss_bad_robot_blacklist_chk('contact', '', $ip, $reverse_dns, $wpss_contact_name, $wpss_contact_email_lc); $cf_filter_status = $bad_robot_filter_data['status']; $bad_robot_blacklisted = $bad_robot_filter_data['blacklisted']; if (!empty($bad_robot_blacklisted)) { $message_spam = 1; $wpss_error_code .= $bad_robot_filter_data['error_code']; $cf_badrobot_error = TRUE; $cf_blacklist_status = '3'; /* Implement */ $contact_response_status_message_addendum = '• ' . __('Message appears to be spam.', WPSS_PLUGIN_NAME) . ' ' . __('Please note that link requests, link exchange requests, SEO outsourcing/offshoring spam, and automated contact form submissions will be automatically deleted, and are not an acceptable use of this contact form.', WPSS_PLUGIN_NAME) . '<br /> <br />'; } /* BAD ROBOT TEST - END */ /* WP Blacklist Check - BEGIN */ /* Test WP Blacklist if option set */ if (empty($wpss_whitelist) && !empty($spamshield_options['enhanced_comment_blacklist']) && empty($wpss_error_code)) { if (rs_wpss_blacklist_check('', $wpss_contact_email_lc, '', '', $ip, '', $reverse_dns_lc)) { $message_spam = 1; $wp_blacklist = 1; $wpss_error_code .= ' CF-WP-BLACKLIST'; $contact_response_status_message_addendum = '• ' . __('Your message has been blocked based on the website owner\'s blacklist settings.', WPSS_PLUGIN_NAME) . ' ' . __('If you feel this is in error, please contact the site owner by some other method.', WPSS_PLUGIN_NAME); if (!empty($cf_spam_loc) && empty($cf_domain_spam_loc)) { $contact_response_status_message_addendum .= ' ' . __('Please note that link requests, link exchange requests, SEO outsourcing/offshoring spam, and automated contact form submissions will be automatically deleted, and are not an acceptable use of this contact form.', WPSS_PLUGIN_NAME); } $contact_response_status_message_addendum .= '<br /> <br />'; } } /* WP Blacklist Check - END */ /*** * FINAL TEST * TEST 0-POST - See if user has already been blacklisted this session (before submission of this form), or a previous session, included for cases where caching is active ***/ if (!empty($wpss_user_blacklisted_prior_cf)) { /* User is blacklisted prior to submitting contact form */ $message_spam = 1; $user_blacklisted = TRUE; $wpss_error_code .= ' CF-0-POST-BL'; $cf_blacklist_status = '3'; /* Implement */ rs_wpss_ubl_cache('set'); $contact_response_status_message_addendum = '• ' . __('Contact form has been temporarily disabled to prevent spam. Please try again later.', WPSS_PLUGIN_NAME) . '<br /> <br />'; } else { $user_blacklisted = FALSE; } /*** * Track # of submissions this session * Must go after spam tests ***/ if (!isset($_SESSION['wpss_cf_submissions_' . WPSS_HASH])) { $_SESSION['wpss_cf_submissions_' . WPSS_HASH] = 1; } else { ++$_SESSION['wpss_cf_submissions_' . WPSS_HASH]; } /* TESTING SUBMISSION FOR SPAM - END */ /* Sanitized versions for output */ $wpss_contact_form_http_accept_language = $wpss_contact_form_http_accept = $wpss_contact_form_http_referer = ''; $wpss_contact_form_http_accept_language = rs_wpss_get_http_accept(FALSE, FALSE, TRUE); $wpss_contact_form_http_accept = rs_wpss_get_http_accept(); $wpss_contact_form_http_user_agent = rs_wpss_get_user_agent(); $wpss_contact_form_http_referer = rs_wpss_get_referrer(FALSE, TRUE, TRUE); /* Initial referrer, aka "Referring Site" - Changed 1.7.9 */ /* MESSAGE CONTENT - BEGIN */ $wpss_contact_form_msg_1 = $wpss_contact_form_msg_2 = $wpss_contact_form_msg_3 = ''; $wpss_contact_form_msg_1 .= __('Message', WPSS_PLUGIN_NAME) . ': ' . "\r\n"; $wpss_contact_form_msg_1 .= $wpss_contact_message . "\r\n\r\n"; $wpss_contact_form_msg_1 .= __('Name') . ': ' . $wpss_contact_name . "\r\n"; $wpss_contact_form_msg_1 .= __('Email') . ': ' . $wpss_contact_email_lc . "\r\n"; $form_include['phone']['d'] = $wpss_contact_phone; $form_include['company']['d'] = $wpss_contact_company; $form_include['website']['d'] = $wpss_contact_website_lc; foreach ($form_include as $k => $v) { if ($k === 'website') { $text = __('Website'); $type = 'url'; } else { $text = __(rs_wpss_casetrans('ucfirst', $k), WPSS_PLUGIN_NAME); $type = 'text'; } if (!empty($v['i'])) { $wpss_contact_form_msg_1 .= $text . ': ' . $v['d'] . "\r\n"; } } if (!empty($form_include_drop_down_menu) && !empty($form_drop_down_menu_title) && !empty($form_drop_down_menu_item_1) && !empty($form_drop_down_menu_item_2)) { $wpss_contact_form_msg_1 .= $form_drop_down_menu_title . ": " . $wpss_contact_drop_down_menu . "\r\n"; } $wpss_contact_form_msg_2 .= "\r\n"; if (!empty($form_include_user_meta)) { $wpss_contact_form_msg_2 .= "\r\n"; $wpss_contact_form_msg_2 .= __('Website Generating This Email', WPSS_PLUGIN_NAME) . ': ' . $wpss_contact_form_blog . "\r\n"; $wpss_contact_form_msg_2 .= __('Referrer', WPSS_PLUGIN_NAME) . ': ' . $wpss_contact_form_http_referer . "\r\n"; /* Initial referrer, aka "Referring Site" - Changed 1.7.9 */ $wpss_contact_form_msg_2 .= __('User-Agent (Browser/OS)', WPSS_PLUGIN_NAME) . ": " . $wpss_contact_form_http_user_agent . "\r\n"; if (strpos(WPSS_SERVER_NAME_REV, WPSS_DEBUG_SERVER_NAME_REV) === 0) { if (!empty($wpss_geolocation) && rs_wpss_is_lang_en_us()) { /* English only for now; TO DO: TRANSLATE */ $wpss_contact_form_msg_2 .= __('Location', WPSS_PLUGIN_NAME) . ': ' . $wpss_geolocation . "\r\n"; } } else { if (!empty($wpss_geoloc_short) && rs_wpss_is_lang_en_us()) { /* English only for now; TO DO: TRANSLATE */ $wpss_contact_form_msg_2 .= __('Country', WPSS_PLUGIN_NAME) . ': ' . $wpss_geoloc_short . "\r\n"; } } $wpss_contact_form_msg_2 .= __('IP Address', WPSS_PLUGIN_NAME) . ': ' . $ip . "\r\n"; $wpss_contact_form_msg_2 .= __('Server', WPSS_PLUGIN_NAME) . ': ' . $reverse_dns . "\r\n"; $wpss_contact_form_msg_2 .= __('IP Address Lookup', WPSS_PLUGIN_NAME) . ': http://ipaddressdata.com/' . $ip . "\r\n"; if (!current_user_can('manage_options')) { $blacklist_text = __('Blacklist the IP Address:', WPSS_PLUGIN_NAME); $ip_nodot = str_replace('.', '', $ip); $ip_blacklist_nonce_action = 'blacklist_IP_' . $ip; $ip_blacklist_nonce_name = 'bl' . $ip_nodot . 'tkn'; $nonce = rs_wpss_create_nonce($ip_blacklist_nonce_action, $ip_blacklist_nonce_name); $blacklist_url = WPSS_ADMIN_URL . '/options-general.php?page=' . WPSS_PLUGIN_NAME . '&wpss_action=blacklist_ip&bl_ip=' . $ip . '&' . $ip_blacklist_nonce_name . '=' . $nonce; $wpss_contact_form_msg_2 .= $blacklist_text . ' ' . $blacklist_url . "\r\n"; } } $wpss_contact_form_msg_3 .= "\r\n\r\n"; $wpss_contact_form_msg = $wpss_contact_form_msg_1 . $wpss_contact_form_msg_2 . $wpss_contact_form_msg_3; $wpss_contact_form_msg_cc = $wpss_contact_form_msg_1 . $wpss_contact_form_msg_3; /* MESSAGE CONTENT - END */ /*** * CREATE MESSAGE WPSSID - BEGIN * Added 1.7.7 ***/ $wpsseid_args = array('name' => $wpss_contact_name, 'email' => $wpss_contact_email_lc, 'url' => $wpss_contact_website_lc, 'content' => $wpss_contact_message); $wpsseid = rs_wpss_get_wpss_eid($wpsseid_args); $wpss_contact_form_mid = $wpsseid['eid']; $wpss_contact_form_mcid = $wpsseid['ecid']; /* CREATE MESSAGE WPSSID - END */ if (empty($blank_field) && empty($invalid_value) && empty($message_short) && empty($message_long) && empty($message_spam) && empty($cf_jsck_error) && empty($server_blacklisted) && empty($cf_badrobot_error) && empty($user_blacklisted)) { /* SEND MESSAGE */ /* Verify if Already Sent - to Prevent Duplicates - Added in 1.6 */ $key_contact_forms_submitted = 'contact_forms_submitted_' . WPSS_HASH; if (empty($_SESSION[$key_contact_forms_submitted])) { $_SESSION[$key_contact_forms_submitted] = array(); } $spamshield_wpssmid_cache = get_option('spamshield_wpssmid_cache'); if (empty($spamshield_wpssmid_cache)) { $spamshield_wpssmid_cache = array(); } if (!empty($_SESSION[$key_contact_status]) && $_SESSION[$key_contact_status] !== 'SENT' && !in_array($wpss_contact_form_mid, $_SESSION[$key_contact_forms_submitted], TRUE) && !in_array($wpss_contact_form_mid, $spamshield_wpssmid_cache, TRUE)) { WP_SpamShield::mail($wpss_contact_form_to, $wpss_contact_form_subject, $wpss_contact_form_msg, $wpss_contact_form_msg_headers); $_SESSION[$key_contact_status] = 'SENT'; $_SESSION[$key_contact_forms_submitted][] = $wpss_contact_form_mid; $spamshield_wpssmid_cache[] = $wpss_contact_form_mid; update_option('spamshield_wpssmid_cache', $spamshield_wpssmid_cache); } elseif (in_array($wpss_contact_form_mid, $_SESSION[$key_contact_forms_submitted], TRUE)) { if (!in_array($wpss_contact_form_mid, $spamshield_wpssmid_cache, TRUE)) { $spamshield_wpssmid_cache[] = $wpss_contact_form_mid; update_option('spamshield_wpssmid_cache', $spamshield_wpssmid_cache); } rs_wpss_append_log_data('Duplicate contact form submission. Message not sent. WPSSMID: ' . $wpss_contact_form_mid . ' WPSSMCID: ' . $wpss_contact_form_mcid . ' [S]', FALSE); } elseif (in_array($wpss_contact_form_mid, $spamshield_wpssmid_cache, TRUE)) { $_SESSION[$key_contact_forms_submitted][] = $wpss_contact_form_mid; rs_wpss_append_log_data('Duplicate contact form submission. Message not sent. WPSSMID: ' . $wpss_contact_form_mid . ' WPSSMCID: ' . $wpss_contact_form_mcid . ' [D]', FALSE); } $contact_response_status = 'thank-you'; $wpss_error_code = 'No Error'; rs_wpss_update_accept_status($cf_author_data, 'a', 'Line: ' . __LINE__); if (!empty($spamshield_options['comment_logging']) && !empty($spamshield_options['comment_logging_all'])) { rs_wpss_log_data($cf_author_data, $wpss_error_code, 'contact form', $wpss_contact_form_msg, $wpss_contact_form_mid, $wpss_contact_form_mcid); } } else { $wpss_error_code = trim($wpss_error_code); if (TRUE === $user_blacklisted) { rs_wpss_append_log_data('Blacklisted user detected. Contact form has been temporarily disabled to prevent spam. ERROR CODE: ' . $wpss_error_code, FALSE); } rs_wpss_update_accept_status($cf_author_data, 'r', 'Line: ' . __LINE__, $wpss_error_code); $contact_response_status = 'error'; if (!empty($spamshield_options['comment_logging'])) { rs_wpss_log_data($cf_author_data, $wpss_error_code, 'contact form', $wpss_contact_form_msg, $wpss_contact_form_mid, $wpss_contact_form_mcid); } } /* TEST TO PREVENT CONTACT FORM SPAM - END */ $form_response_thank_you_message_default = '<p>' . __('Your message was sent successfully. Thank you.', WPSS_PLUGIN_NAME) . '</p><p> </p>'; $form_response_thank_you_message = __($form_response_thank_you_message, WPSS_PLUGIN_NAME); $error_txt = rs_wpss_error_txt(); $wpss_error = $error_txt . ':'; $wpss_js_disabled_msg_short = __('Currently you have JavaScript disabled.', WPSS_PLUGIN_NAME); if ($contact_response_status === 'thank-you') { if (!empty($form_response_thank_you_message)) { $cf_content .= '<p>' . $form_response_thank_you_message . '</p><p> </p>' . WPSS_EOL; } else { $cf_content .= $form_response_thank_you_message_default . WPSS_EOL; } } else { /* Back URL was here...moved */ if (!empty($message_spam)) { $contact_response_status_message_addendum .= '<noscript><br /> <br />• ' . $wpss_js_disabled_msg_short . '</noscript>' . WPSS_EOL; $cf_content .= '<p><strong>' . $wpss_error . ' <br /> <br />' . $contact_response_status_message_addendum . '</strong></p><p> </p>' . WPSS_EOL; } else { $contact_response_status_message_addendum .= '<noscript><br /> <br />• ' . $wpss_js_disabled_msg_short . '</noscript>' . WPSS_EOL; $cf_content .= '<p><strong>' . $wpss_error . ' ' . __('Please return to the contact form and fill out all required fields.', WPSS_PLUGIN_NAME); $cf_content .= ' ' . __('Please make sure JavaScript and Cookies are enabled in your browser.', WPSS_PLUGIN_NAME); $cf_content .= '<br /> <br />' . $contact_response_status_message_addendum . '</strong></p><p> </p>' . WPSS_EOL; } /* Log error messages when debug is on */ if (rs_wpss_get_error_type($wpss_error_code) === 'algo') { rs_wpss_append_log_data('$cf_content: "' . $cf_content . '" Line: ' . __LINE__ . ' | ' . __FUNCTION__ . ' | MEM USED: ' . rs_wpss_wp_memory_used() . ' | VER: ' . WPSS_VERSION, TRUE); } } $content_new = str_replace($content, $cf_content, $content); $content_shortcode = $cf_content; /* CONTACT FORM BACK END - END */ } else { /*** * 3 - ALL OTHER CASES * CONTACT FORM FRONT END - BEGIN ***/ if (!empty($_COOKIE['comment_author_' . WPSS_HASH])) { /* Can't use server side if caching is active - TO DO: AJAX */ $stored_author_data = rs_wpss_get_author_cookie_data(); $stored_author = $stored_author_data['comment_author']; $stored_author_email = $stored_author_data['comment_author_email']; $stored_author_url = $stored_author_data['comment_author_url']; } $cf_content .= '<form id="wpss_contact_form" name="wpss_contact_form" action="' . $cf_url . $cf_query_op . 'form=response" method="post" style="text-align:left;" >' . WPSS_EOL; $cf_req = 'required="required" '; $cf_content .= '<p><label><strong>' . __('Name') . '</strong> *<br />' . WPSS_EOL; $cf_content .= '<input type="text" id="wpss_contact_name" name="wpss_contact_name" value="" size="40" ' . $cf_req . '/> </label></p>' . WPSS_EOL; $cf_content .= '<p><label><strong>' . __('Email') . '</strong> *<br />' . WPSS_EOL; $cf_content .= '<input type="email" id="wpss_contact_email" name="wpss_contact_email" value="" size="40" ' . $cf_req . '/> </label></p>' . WPSS_EOL; foreach ($form_include as $k => $v) { if ($k === 'website') { $text = __('Website'); $type = 'url'; } else { $text = __(rs_wpss_casetrans('ucfirst', $k), WPSS_PLUGIN_NAME); $type = 'text'; } if (!empty($v['i'])) { $cf_req = ''; $cf_content .= '<p><label><strong>' . $text . '</strong> '; if (!empty($v['r'])) { $cf_content .= '*'; $cf_req = 'required="required" '; } $cf_content .= '<br />' . WPSS_EOL . '<input type="' . $type . '" id="wpss_contact_' . $k . '" name="wpss_contact_' . $k . '" value="" size="40" ' . $cf_req . '/> </label></p>' . WPSS_EOL; } } if (!empty($form_include_drop_down_menu) && !empty($form_drop_down_menu_title) && !empty($form_drop_down_menu_item_1) && !empty($form_drop_down_menu_item_2)) { $cf_req = ''; $cf_content .= '<p><label><strong>' . $form_drop_down_menu_title . '</strong> '; if (!empty($form_require_drop_down_menu)) { $cf_content .= '*'; $cf_req = 'required="required" '; } $cf_content .= '<br />' . WPSS_EOL; $cf_content .= '<select id="wpss_contact_drop_down_menu" name="wpss_contact_drop_down_menu" ' . $cf_req . '> ' . WPSS_EOL; $cf_content .= '<option value="" selected="selected">' . __('Select') . '</option> ' . WPSS_EOL; $cf_content .= '<option value="">--------------------------</option> ' . WPSS_EOL; $i = 1; while ($i <= 10) { if (!empty($form_drop_down_menu_item[$i])) { $cf_content .= '<option value="' . $form_drop_down_menu_item[$i] . '">' . $form_drop_down_menu_item[$i] . '</option> ' . WPSS_EOL; } ++$i; } $cf_content .= '</select> ' . WPSS_EOL; $cf_content .= '</label></p>' . WPSS_EOL; } $cf_req = 'required="required" '; $cf_content .= '<p><label><strong>' . __('Subject', WPSS_PLUGIN_NAME) . '</strong> *<br />' . WPSS_EOL; $cf_content .= '<input type="text" id="wpss_contact_subject" name="wpss_contact_subject" value="" size="40" ' . $cf_req . '/> </label></p>' . WPSS_EOL; $cf_content .= '<p><label><strong>' . __('Message', WPSS_PLUGIN_NAME) . '</strong> *<br />' . WPSS_EOL; $cf_content .= '<textarea id="wpss_contact_message" name="wpss_contact_message" cols="' . $form_message_width . '" rows="' . $form_message_height . '" minlength="' . $form_message_min_length . '" maxlength="25600" ' . $cf_req . '></textarea> </label></p>' . WPSS_EOL; $cf_content .= '<noscript><input type="hidden" name="' . WPSS_JSONST . '" value="NS2" /></noscript>' . WPSS_EOL; $wpss_js_disabled_msg = __('Currently you have JavaScript disabled. In order to use this contact form, please make sure JavaScript and Cookies are enabled, and reload the page.', WPSS_PLUGIN_NAME); $wpss_js_enable_msg = __('Click here for instructions on how to enable JavaScript in your browser.', WPSS_PLUGIN_NAME); $cf_content .= '<noscript><p><strong>' . $wpss_js_disabled_msg . '</strong> <a href="http://enable-javascript.com/" rel="nofollow external" >' . $wpss_js_enable_msg . '</a></p></noscript>' . WPSS_EOL; $cf_content .= '<p><input type="submit" id="wpss_contact_submit" name="wpss_contact_submit" value="' . __('Send Message', WPSS_PLUGIN_NAME) . '" /></p>' . WPSS_EOL; $cf_content .= '<p>' . sprintf(__('Required fields are marked %s'), '*') . '</p>' . WPSS_EOL; $cf_content .= '<p> </p>' . WPSS_EOL; if (!empty($promote_plugin_link)) { $sip5c = '0'; $sip5c = substr(WPSS_SERVER_ADDR, 4, 1); /* Server IP 5th Char */ $ppl_code = array('0' => 2, '1' => 2, '2' => 2, '3' => 2, '4' => 2, '5' => 2, '6' => 1, '7' => 0, '8' => 2, '9' => 2, '.' => 2); if (preg_match("~^[0-9\\.]\$~", $sip5c)) { $int = $ppl_code[$sip5c]; } else { $int = 0; } $cf_content .= WPSS_Promo_Links::contact_promo_link($int) . WPSS_EOL; $cf_content .= '<p> </p>' . WPSS_EOL; } $cf_content .= '</form>' . WPSS_EOL; /* PRE-TESTS, WILL DISABLE CONTACT FORM */ $cf_blacklist_status = ''; /* Used in pre-tests, not yet implemented in post */ /*** * TEST 0-PRE - See if user has already been blacklisted this session. * As of 1.8.4, this is only test that will shut down contact form BEFORE it's submitted. ***/ if (rs_wpss_ubl_cache()) { $cf_blacklist_status = '3'; /* Was '2', changed to '3' in 1.8.4 */ $wpss_error_code .= ' CF-0-PRE-BL'; } $wpss_error_code = trim($wpss_error_code); /* DISABLE CONTACT FORM IF BLACKLISTED */ if (!empty($cf_blacklist_status) && $cache_check_status !== 'ACTIVE') { $cf_content = '<strong>' . __('Contact form has been temporarily disabled to prevent spam. Please try again later.', WPSS_PLUGIN_NAME) . '</strong>'; rs_wpss_append_log_data('Blacklisted user detected. Contact form has been temporarily disabled to prevent spam. ERROR CODE: ' . $wpss_error_code, FALSE); } $content_new = str_replace($spamshield_contact_repl_text, $cf_content, $content); $content_shortcode = $cf_content; /* CONTACT FORM FRONT END - END */ } } else { return !empty($content) ? $content : get_the_content(); } if ($get_form === 'response') { $content_new = str_replace($content, $cf_content, $content); $content_shortcode = $cf_content; } else { $content_new = str_replace($spamshield_contact_repl_text, $cf_content, $content); $content_shortcode = $cf_content; } if ($shortcode_check === 'shortcode' && !empty($content_shortcode)) { $content_new = $content_shortcode; } return $content_new; }