public static function wp_die($error_msg = NULL, $cust_error_txt = FALSE, $status_code = '403')
{
/**
* Wrapper for wp_die() with nicer formatting.
*/
$error_txt = '<strong>' . rs_wpss_error_txt() . ':</strong> ';
$error_txt = !empty($cust_error_txt) && !empty($error_msg) ? '' : $error_txt;
$error_msg = empty($error_msg) ? __('You do not have sufficient permissions to access this page.') : $error_msg;
$error_str = $error_txt . $error_msg . WPSS_EOL;
$args = array('response' => $status_code);
wp_die($error_str, '', $args);
}
function rs_wpss_check_new_user($errors = NULL, $user_login = NULL, $user_email = NULL)
{
/* Error checking for new user registration */
global $spamshield_options, $wpss_reg_err_chk_complete, $wpss_wc_reg_inprog;
if (is_user_logged_in() || !empty($wpss_reg_err_chk_complete)) {
return $errors;
}
if (!empty($wpss_wc_reg_inprog) || rs_wpss_is_woocom_enabled()) {
/* Check if we're on a WooCommerce Checkout Page */
if (isset($_GET['action']) && $_GET['action'] === 'woocommerce_checkout') {
return $errors;
}
$ecom_urls = array('/checkout/', '/store/', '/shop/', '/cart/');
foreach ($ecom_urls as $k => $u) {
if (strpos($_SERVER['REQUEST_URI'], $u) !== FALSE) {
return $errors;
}
}
} elseif (rs_wpss_is_ecom_enabled()) {
/* Check if we're on another e-commerce Checkout or Shopping Cart Page */
$ecom_urls = array('/checkout/', '/store/', '/shop/', '/cart/');
foreach ($ecom_urls as $k => $u) {
if (strpos($_SERVER['REQUEST_URI'], $u) !== FALSE) {
return $errors;
}
}
}
if (empty($spamshield_options)) {
$spamshield_options = get_option('spamshield_options');
}
if (!empty($spamshield_options['registration_shield_disable'])) {
return $errors;
}
/* BYPASS - HOOK */
$reg_check_bypass = apply_filters('wpss_registration_check_bypass', FALSE);
if (!empty($reg_check_bypass)) {
return $errors;
}
/* BYPASS CHECKS COMPLETE - NOW START */
if (empty($errors) || !is_object($errors)) {
$errors = new WP_Error();
}
$reg_filter_status = $wpss_error_code = $log_pref = '';
$reg_jsck_error = $reg_badrobot_error = $wpss_reg_err_chk_complete = $buddypress_status = $wc_status = $s2member_status = $wpmembers_status = $affiliates_status = FALSE;
$ns_val = 'NS3';
$pref = 'R-';
$errors_3p = array();
/* Error array for 3rd party plugins that don't follow WordPress standards for registration processing: BuddyPress, ... */
$error_txt = rs_wpss_error_txt();
if (class_exists('BuddyPress')) {
if (empty($user_login) && isset($_POST['signup_username'])) {
$user_login = rs_wpss_casetrans('lower', sanitize_user(wp_unslash($_POST['signup_username'])));
$buddypress_status = TRUE;
$log_pref = 'bp-';
}
if (empty($user_email) && isset($_POST['signup_email'])) {
$user_email = rs_wpss_casetrans('lower', sanitize_email(wp_unslash($_POST['signup_email'])));
$buddypress_status = TRUE;
$log_pref = 'bp-';
}
}
if (!empty($wpss_wc_reg_inprog)) {
$wc_status = TRUE;
$log_pref = 'wc-';
}
if (defined('WS_PLUGIN__S2MEMBER_VERSION')) {
$s2member_status = TRUE;
$log_pref = 's2-';
}
if (defined('AFFILIATES_CORE_VERSION')) {
$affiliates_status = TRUE;
$log_pref = 'aff-';
}
if (defined('WPMEM_VERSION')) {
$wpmembers_status = TRUE;
$log_pref = 'wpm-';
}
if (TRUE === $wc_status) {
$user_login = '';
if (empty($user_login) && isset($_POST['username'])) {
$user_login = rs_wpss_casetrans('lower', sanitize_user(wp_unslash($_POST['username'])));
}
if (empty($user_email) && isset($_POST['email'])) {
$user_email = rs_wpss_casetrans('lower', sanitize_email(wp_unslash($_POST['email'])));
}
}
if (TRUE === $affiliates_status) {
if (empty($user_login) && isset($_POST['user_login'])) {
$user_login = rs_wpss_casetrans('lower', sanitize_user(wp_unslash($_POST['user_login'])));
}
if (empty($user_email) && isset($_POST['user_email'])) {
$user_email = rs_wpss_casetrans('lower', sanitize_email(wp_unslash($_POST['user_email'])));
}
}
$new_fields = array('first_name' => __('First Name', WPSS_PLUGIN_NAME), 'last_name' => __('Last Name', WPSS_PLUGIN_NAME), 'disp_name' => __('Display Name', WPSS_PLUGIN_NAME));
$user_data = array();
foreach ($new_fields as $k => $v) {
if (isset($_POST[$k])) {
$user_data[$k] = sanitize_text_field(wp_unslash($_POST[$k]));
} else {
$user_data[$k] = '';
}
}
if (FALSE === $buddypress_status && FALSE === $wc_status && FALSE === $s2member_status && FALSE === $affiliates_status) {
/* Check New Fields for Blanks */
foreach ($new_fields as $k => $v) {
$k_uc = rs_wpss_casetrans('upper', $k);
if (empty($_POST[$k])) {
$errors->add('empty_' . $k, '<strong>' . $error_txt . ':</strong> ' . sprintf(__('Please enter your %s', WPSS_PLUGIN_NAME) . '.', $v));
$wpss_error_code .= ' R-BLANK-' . $k_uc;
}
}
}
/* BAD ROBOT TEST - BEGIN */
$bad_robot_filter_data = rs_wpss_bad_robot_blacklist_chk('register', $reg_filter_status, '', '', $user_data['disp_name'], $user_email);
$reg_filter_status = $bad_robot_filter_data['status'];
$bad_robot_blacklisted = $bad_robot_filter_data['blacklisted'];
if (!empty($bad_robot_blacklisted)) {
$wpss_error_code .= $bad_robot_filter_data['error_code'];
$reg_badrobot_error = TRUE;
}
/* BAD ROBOT TEST - END */
/* BAD ROBOTS */
if ($reg_badrobot_error !== FALSE) {
$err_cod = 'badrobot_error';
$err_msg = __('User registration is currently not allowed.');
if (TRUE === $buddypress_status) {
$errors_3p[$err_cod] = $err_msg;
} else {
$errors->add($err_cod, '<strong>' . $error_txt . ':</strong> ' . $err_msg);
}
}
/* JS/COOKIES CHECK */
$wpss_ck_key_bypass = $wpss_js_key_bypass = FALSE;
$wpss_key_values = rs_wpss_get_key_values();
extract($wpss_key_values);
$wpss_jsck_cookie_val = !empty($_COOKIE[$wpss_ck_key]) ? $_COOKIE[$wpss_ck_key] : '';
$wpss_jsck_field_val = !empty($_POST[$wpss_js_key]) ? $_POST[$wpss_js_key] : '';
$wpss_jsck_jquery_val = !empty($_POST[$wpss_jq_key]) ? $_POST[$wpss_jq_key] : '';
if (TRUE === WPSS_COMPAT_MODE || defined('WPSS_SOFT_COMPAT_MODE')) {
/* 1.9.1 */
$wpss_ck_key_bypass = TRUE;
}
if (FALSE === $wpss_ck_key_bypass) {
/* 1.8.9 */
/* If jscripts.php is disabled, these would be skipped - Compatibility Mode */
if ($wpss_jsck_cookie_val !== $wpss_ck_val) {
$wpss_error_code .= ' ' . $pref . 'COOKIE-3';
$reg_jsck_error = TRUE;
}
if ($wpss_jsck_jquery_val !== $wpss_jq_val) {
$wpss_error_code .= ' ' . $pref . 'JQHFT-3';
$reg_jsck_error = TRUE;
}
}
if (FALSE === $wpss_js_key_bypass) {
if ($wpss_jsck_field_val !== $wpss_js_val) {
$wpss_error_code .= ' ' . $pref . 'FVFJS-3';
$reg_jsck_error = TRUE;
}
}
$post_jsonst = !empty($_POST[WPSS_JSONST]) ? trim($_POST[WPSS_JSONST]) : '';
$post_jsonst_lc = rs_wpss_casetrans('lower', $post_jsonst);
if (FALSE === $buddypress_status) {
if ($post_jsonst_lc === 'ns1' || $post_jsonst_lc === 'ns2' || $post_jsonst_lc === 'ns3' || $post_jsonst_lc === 'ns4' || $post_jsonst_lc === 'ns5') {
$wpss_error_code .= ' ' . $pref . 'JSONST-1000-3';
$reg_jsck_error = TRUE;
}
}
if ($reg_jsck_error !== FALSE && $reg_badrobot_error !== TRUE) {
$err_cod = 'jsck_error';
$err_msg = __('JavaScript and Cookies are required in order to register. Please be sure JavaScript and Cookies are enabled in your browser, and reload the page.', WPSS_PLUGIN_NAME);
if (TRUE === $buddypress_status) {
$errors_3p[$err_cod] = $err_msg;
} else {
$errors->add($err_cod, '<strong>' . $error_txt . ':</strong> ' . $err_msg);
}
}
if (FALSE === $wc_status) {
/* EMAIL BLACKLIST */
if (rs_wpss_email_blacklist_chk($user_email)) {
$wpss_error_code .= ' ' . $pref . '9200E-BL';
if ($reg_badrobot_error !== TRUE && $reg_jsck_error !== TRUE) {
$err_cod = 'blacklist_email_error';
$err_msg = __('Sorry, that email address is not allowed!') . ' ' . __('Please enter a valid email address.');
if (TRUE === $buddypress_status) {
$errors_3p[$err_cod] = $err_msg;
} else {
$errors->add($err_cod, '<strong>' . $error_txt . ':</strong> ' . $err_msg);
}
}
}
}
if (FALSE === $buddypress_status && FALSE === $wc_status && FALSE === $s2member_status && FALSE === $affiliates_status) {
/* AUTHOR KEYPHRASE BLACKLIST */
foreach ($user_data as $k => $v) {
$k_uc = rs_wpss_casetrans('upper', $k);
if (($k === 'user_login' || $k === 'first_name' || $k === 'last_name' || $k === 'disp_name') && rs_wpss_anchortxt_blacklist_chk($v)) {
$wpss_error_code .= ' ' . $pref . '10500A-BL-' . $k_uc;
if ($reg_badrobot_error !== TRUE && $reg_jsck_error !== TRUE) {
$nfk = $new_fields[$k];
$errors->add('blacklist_' . $k . '_error', '<strong>' . $error_txt . ':</strong> ' . sprintf(__('"%1$s" appears to be spam. Please enter a different value in the <strong> %2$s </strong> field.', WPSS_PLUGIN_NAME), sanitize_text_field($v), $nfk));
}
}
}
}
if (FALSE === $wc_status) {
/* BLACKLISTED USER */
if (empty($wpss_error_code) && rs_wpss_ubl_cache()) {
$wpss_error_code .= ' ' . $pref . '0-BL';
$err_cod = 'blacklisted_user_error';
$err_msg = __('User registration is currently not allowed.');
if (TRUE === $buddypress_status) {
$errors_3p[$err_cod] = $err_msg;
} else {
$errors->add($err_cod, '<strong>' . $error_txt . ':</strong> ' . $err_msg);
}
}
}
/* Done with Tests */
/* Now Log the Errors, if any */
$post_ref2xjs = !empty($_POST[WPSS_REF2XJS]) ? trim($_POST[WPSS_REF2XJS]) : '';
$post_ref2xjs_lc = rs_wpss_casetrans('lower', $post_ref2xjs);
if (!empty($post_ref2xjs)) {
$ref2xJS = rs_wpss_casetrans('lower', addslashes(urldecode($post_ref2xjs)));
$ref2xJS = str_replace('%3a', ':', $ref2xJS);
$ref2xJS = str_replace(' ', '+', $ref2xJS);
$wpss_javascript_page_referrer = esc_url_raw($ref2xJS);
} else {
$wpss_javascript_page_referrer = '[None]';
}
if ($post_jsonst_lc === 'ns1' || $post_jsonst_lc === 'ns2' || $post_jsonst_lc === 'ns3' || $post_jsonst_lc === 'ns4' || $post_jsonst_lc === 'ns5') {
$wpss_jsonst = $post_jsonst;
} else {
$wpss_jsonst = '[None]';
}
$user_id = 'None';
/* Possibly change to '' */
$register_author_data = array('display_name' => $user_data['disp_name'], 'user_firstname' => $user_data['first_name'], 'user_lastname' => $user_data['last_name'], 'user_email' => $user_email, 'user_login' => $user_login, 'ID' => $user_id, 'comment_author' => $user_data['disp_name'], 'comment_author_email' => $user_email, 'comment_author_url' => '', 'javascript_page_referrer' => $wpss_javascript_page_referrer, 'jsonst' => $wpss_jsonst);
if (empty($register_author_data['comment_author']) && !empty($user_login)) {
$register_author_data['comment_author'] = $user_login;
}
unset($wpss_javascript_page_referrer, $wpss_jsonst);
$wpss_error_code = trim($wpss_error_code);
if (strpos($wpss_error_code, '0-BL') !== FALSE) {
rs_wpss_append_log_data('Blacklisted user detected. Registration has been temporarily disabled to prevent spam. ERROR CODE: ' . $wpss_error_code, FALSE);
}
if (!empty($wpss_error_code)) {
if (TRUE === $buddypress_status) {
$wpss_error_code = str_replace('R-', 'BPR-', $wpss_error_code);
} elseif (TRUE === $wc_status) {
$wpss_error_code = str_replace('R-', 'WCR-', $wpss_error_code);
} elseif (TRUE === $s2member_status) {
$wpss_error_code = str_replace('R-', 'S2R-', $wpss_error_code);
} elseif (TRUE === $wpmembers_status) {
$wpss_error_code = str_replace('R-', 'WPMR-', $wpss_error_code);
} elseif (TRUE === $affiliates_status) {
$wpss_error_code = str_replace('R-', 'AFFR-', $wpss_error_code);
}
rs_wpss_update_accept_status($register_author_data, 'r', 'Line: ' . __LINE__, $wpss_error_code);
rs_wpss_increment_reg_count();
if (!empty($spamshield_options['comment_logging'])) {
rs_wpss_log_data($register_author_data, $wpss_error_code, $log_pref . 'register');
}
} elseif (TRUE === $buddypress_status) {
rs_wpss_update_accept_status($register_author_data, 'a', 'Line: ' . __LINE__);
if (!empty($spamshield_options['comment_logging']) && !empty($spamshield_options['comment_logging_all'])) {
rs_wpss_log_data($register_author_data, $wpss_error_code, $log_pref . 'register');
}
}
/* Now return the error values, or output error message */
if (TRUE === $wc_status) {
$wpss_wc_reg_inprog = FALSE;
}
if (!empty($wpss_error_code)) {
if (TRUE === $buddypress_status) {
$error_msg = '';
foreach ($errors_3p as $c => $m) {
$error_msg .= '<strong>' . $error_txt . ':</strong> ' . $m . '<br /><br />' . WPSS_EOL;
}
$args = array('response' => '403');
wp_die($error_msg, '', $args);
}
} elseif (TRUE === $wc_status) {
rs_wpss_update_accept_status($register_author_data, 'a', 'Line: ' . __LINE__);
if (!empty($spamshield_options['comment_logging']) && !empty($spamshield_options['comment_logging_all'])) {
rs_wpss_log_data($register_author_data, $wpss_error_code, $log_pref . 'register');
}
}
$wpss_reg_err_chk_complete = TRUE;
return $errors;
}
public static function early_post_intercept()
{
/**
* SECURITY - Checks all incoming POST requests early for malicious behavior
* Added 1.9.7.8
*/
if ('POST' !== $_SERVER['REQUEST_METHOD'] || rs_wpss_is_local_request() || is_user_logged_in()) {
return;
}
global $spamshield_options;
if (empty($spamshield_options)) {
$spamshield_options = get_option('spamshield_options');
}
if (!empty($spamshield_options['disable_misc_form_shield'])) {
return;
}
$url = rs_wpss_get_url();
$url_lc = rs_wpss_casetrans('lower', $url);
$req_uri = $_SERVER['REQUEST_URI'];
$req_uri_lc = rs_wpss_casetrans('lower', $req_uri);
$epc_filter_status = $wpss_error_code = $log_pref = '';
$epc_jsck_error = $epc_badrobot_error = FALSE;
$form_type = 'misc form';
$pref = 'EPC-';
$errors_3p = array();
$error_txt = rs_wpss_error_txt();
$server_name = WPSS_SERVER_NAME;
$server_email_domain = rs_wpss_get_email_domain($server_name);
$epc_serial_post = json_encode($_POST);
$form_auth_dat = array('comment_author' => '', 'comment_author_email' => '', 'comment_author_url' => '');
$blocked = FALSE;
$c = array('name' => '', 'value' => '1', 'expire' => time() + 60 * 60 * 24 * 365 * 1, 'path' => '/', 'domain' => rs_wpss_get_cookie_domain(), 'secure' => FALSE, 'httponly' => FALSE);
if (rs_wpss_is_xmlrpc()) {
if (empty($_POST) || !empty($_GET)) {
$blocked = TRUE;
}
rs_wpss_start_session();
$c['name'] = 'P_XMLRPC';
}
if (rs_wpss_is_doing_ajax()) {
if (empty($_POST) && empty($_GET) || empty($_REQUEST['action'])) {
$wpss_error_code .= ' ' . $pref . 'FAR1020';
$err_cod = 'fake_ajax_request_error';
$err_msg = __('That action is currently not allowed.');
$errors_3p[$err_cod] = $err_msg;
}
}
if (rs_wpss_skiddie_ua_check()) {
$wpss_error_code .= ' ' . $pref . 'UA1004';
$err_cod = 'badrobot_skiddie_error';
$err_msg = __('That action is currently not allowed.');
$errors_3p[$err_cod] = $err_msg;
}
if (rs_wpss_ubl_cache()) {
if (TRUE === WPSS_IP_BAN_ENABLE && rs_wpss_is_xmlrpc()) {
self::ip_ban();
}
$wpss_error_code .= ' ' . $pref . '0-BL';
$err_cod = 'blacklisted_user_error';
$err_msg = __('That action is currently not allowed.');
$errors_3p[$err_cod] = $err_msg;
}
if (!empty($c['name'])) {
/* Setting cookie to honeypot bad actors */
@setcookie($c['name'], $c['value'], $c['expire'], $c['path'], $c['domain'], $c['secure'], $c['httponly']);
}
if (!empty($wpss_error_code)) {
rs_wpss_update_accept_status($form_auth_dat, 'r', 'Line: ' . __LINE__, $wpss_error_code);
if (!empty($spamshield_options['comment_logging'])) {
rs_wpss_log_data($form_auth_dat, $wpss_error_code, $form_type, $epc_serial_post);
}
} else {
rs_wpss_update_accept_status($form_auth_dat, 'a', 'Line: ' . __LINE__);
}
/* Now output error message */
if (!empty($wpss_error_code)) {
$error_msg = '';
foreach ($errors_3p as $c => $m) {
$error_msg .= '<strong>' . $error_txt . ':</strong> ' . $m . '<br /><br />' . WPSS_EOL;
}
WP_SpamShield::wp_die($error_msg, TRUE);
}
}