<?php
if (!defined('ABSPATH')) {
exit;
}
// just in case
if (!current_user_can('manage_options')) {
die('Access Denied');
}
$now = date('Y/m/d H:i:s', time() + get_option('gmt_offset') * 3600);
$options = kpg_ss_get_options();
extract($options);
$chkcloudflare = 'Y';
// force back to on - always fix cloudflare if the plugin is not present and cloudflare detected.
$nonce = '';
if (array_key_exists('kpg_stop_spammers_control', $_POST)) {
$nonce = $_POST['kpg_stop_spammers_control'];
}
if (!empty($nonce) && wp_verify_nonce($nonce, 'kpgstopspam_update')) {
if (array_key_exists('wlist', $_POST)) {
$wlist = $_POST['wlist'];
$wlist = explode("\n", $wlist);
$tblist = array();
foreach ($wlist as $bl) {
$bl = trim($bl);
if (!empty($bl)) {
$tblist[] = $bl;
}
}
$options['wlist'] = $tblist;
$wlist = $tblist;
public function process($ip, &$stats = array(), &$options = array(), &$post = array())
{
// it looks like I am not getting my stats and options correctly
//sfs_debug_msg('Made it into challenge');
$ip = kpg_get_ip();
$stats = kpg_ss_get_stats();
$options = kpg_ss_get_options();
//$post=get_post_variables();
/*
page is HEADER, Allow List Request, Captchas and then a button
Processing is 1) check for response from from
2) else display form.
*/
// display deny message and captcha if set.
// first, check to see if they should be redirected
if ($options['redir'] == 'Y' && !empty($options['redirurl'])) {
//sfs_debug_msg('Redir?');
header('HTTP/1.1 307 Moved');
header('Status: 307 Moved');
header("location: " . $options['redirurl']);
exit;
}
extract($options);
$ke = '';
$km = '';
$kr = '';
$ka = '';
$kp = '';
// serialized post
// step 1 look for form response
// nonce is in a field named kn - this is not to confuse with other forms that may be coming in
$nonce = '';
$msg = '';
// this is the body message for failed captchas, notifies and requests
if (!empty($_POST) && array_key_exists('kn', $_POST)) {
//sfs_debug_msg('second time');
$nonce = $_POST['kn'];
// get the post items
if (array_key_exists('ke', $_POST)) {
$ke = sanitize_text_field($_POST['ke']);
}
if (array_key_exists('km', $_POST)) {
$km = sanitize_text_field($_POST['km']);
}
if (strlen($km) > 80) {
$km = substr($km, 0, 77) . '...';
}
if (array_key_exists('kr', $_POST)) {
$kr = sanitize_text_field($_POST['kr']);
}
if (array_key_exists('ka', $_POST)) {
$ka = sanitize_text_field($_POST['ka']);
}
if (array_key_exists('kp', $_POST)) {
$kp = $_POST['kp'];
}
// serialized post
if (!empty($nonce) && wp_verify_nonce($nonce, 'kpg_stopspam_deny')) {
//sfs_debug_msg('nonce is good');
// have a form return.
//1) to see if the allow by request has been triggered
$emailsent = $this->kpg_ss_send_email($options);
//2) see if we should add to the allow list
$allowset = false;
if ($wlreq == 'Y') {
// allow things to added to allow list
$allowset = $this->kpg_ss_add_allow($ip, $options, $stats, $post, $post);
}
// now the captcha settings
$msg = "Thank you,<br>";
if ($emailsent) {
$msg .= "The blog master has been notified by email.<br>";
}
if ($allowset) {
$msg .= "You request has been recorded.<br>";
}
if (empty($chkcaptcha) || $chkcaptcha == 'N') {
// send out the thank you message
wp_die($msg, "Stop Spammers", array('response' => 200));
exit;
}
// they submitted a captcha
switch ($chkcaptcha) {
case 'Y':
// open captcha
if (array_key_exists('img', $_POST) && !empty($_POST['img']) && !empty($_POST['code'])) {
//sfs_debug_msg('open capcha 2');
// validate open captcha
$fff = 'http://www.opencaptcha.com/validate.php?ans=';
$fff .= sanitize_text_field($_POST['code']);
$fff .= '&img=';
$fff .= sanitize_text_field($_POST['img']);
$sn = kpg_read_file($fff);
if ($sn == 'pass') {
// restore the post
//$kp=base64_encode(serialize($_POST));
$_POST = unserialize(base64_decode($kp));
////sfs_debug_msg("trying to return the post to the comments program".print_r($_POST,true));
// success add to cache
kpg_ss_log_good($ip, 'passed open captcha', 'pass');
do_action('kpg_stop_spam_OK', $ip, $post);
// So plugins can undo spam report
return false;
} else {
$msg = "Open Captcha entry does not match, try again.";
}
}
break;
case 'G':
if (array_key_exists('recaptcha', $_POST) && !empty($_POST['recaptcha']) && array_key_exists('g-recaptcha-response', $_POST)) {
// check recaptcha
$recaptchaapisecret = $options['recaptchaapisecret'];
$recaptchaapisite = $options['recaptchaapisite'];
if (empty($recaptchaapisecret) || empty($recaptchaapisite)) {
$msg = "Recaptcha Keys are not set.";
} else {
$g = $_REQUEST['g-recaptcha-response'];
//$url="https://www.google.com/recaptcha/api/siteverify";
$url = "https://www.google.com/recaptcha/api/siteverify?secret={$recaptchaapisecret}&response={$g}&remoteip={$ip}";
$resp = kpg_read_file($url);
////sfs_debug_msg("recaptcha '$g', '$ip' '$resp' - \r\n".print_r($_POST,true));
if (strpos($resp, '"success": true') !== false) {
// found success
//$kp=base64_encode(serialize($_POST));
$_POST = unserialize(base64_decode($kp));
////sfs_debug_msg("trying to return the post to the comments program".print_r($_POST,true));
// success add to cache
kpg_ss_log_good($ip, 'passed recaptcha', 'pass');
do_action('kpg_stop_spam_OK', $ip, $post);
// So plugins can undo spam report
return false;
} else {
$msg = "Google reCaptcha entry does not match, try again";
}
}
}
break;
case 'S':
if (array_key_exists('adcopy_challenge', $_POST) && !empty($_POST['adcopy_challenge'])) {
// solve media
$solvmediaapivchallenge = $options['solvmediaapivchallenge'];
$solvmediaapiverify = $options['solvmediaapiverify'];
$adcopy_challenge = $_REQUEST['adcopy_challenge'];
$adcopy_response = $_REQUEST['adcopy_response'];
//$ip='127.0.0.1';
$postdata = http_build_query(array('privatekey' => $solvmediaapiverify, 'challenge' => $adcopy_challenge, 'response' => $adcopy_response, 'remoteip' => $ip));
$opts = array('http' => array('method' => 'POST', 'header' => 'Content-type: application/x-www-form-urlencoded', 'content' => $postdata));
//$context = stream_context_create($opts);
// need to rewrite this post with the wp class
/**********************************************
try to use the sp function
**********************************************/
$body = array('privatekey' => $solvmediaapiverify, 'challenge' => $adcopy_challenge, 'response' => $adcopy_response, 'remoteip' => $ip);
$args = array('user-agent' => 'WordPress/' . '4.2' . '; ' . get_bloginfo('url'), 'blocking' => true, 'headers' => array('Content-type: application/x-www-form-urlencoded'), 'method' => 'POST', 'timeout' => 45, 'redirection' => 5, 'httpversion' => '1.0', 'body' => $body, 'cookies' => array());
$url = 'http://verify.solvemedia.com/papi/verify/';
$resultarray = wp_remote_post($url, $args);
$result = $resultarray['body'];
//$result =
//file_get_contents('http://verify.solvemedia.com/papi/verify/',
//false, $context);
if (strpos($result, 'true') !== false) {
$_POST = unserialize(base64_decode($kp));
////sfs_debug_msg("trying to return the post to the comments program".print_r($_POST,true));
// success add to cache
kpg_ss_log_good($ip, 'passed open captcha', 'pass');
do_action('kpg_stop_spam_OK', $ip, $post);
// So plugins can undo spam report
return false;
} else {
$msg = "Captcha entry does not match, try again";
}
}
break;
case 'A':
if (array_key_exists('nums', $_POST) && !empty($_POST['nums'])) {
// simple arithmetic - at lease it is different for each website and changes occasionally
$seed = 5;
$spdate = $stats['spdate'];
if (!empty($spdate)) {
$seed = strtotime($spdate);
}
$nums = really_clean(sanitize_text_field($_POST['nums']));
$nums += $seed;
$sum = really_clean(sanitize_text_field($_POST['sum']));
if ($sum == $nums) {
$_POST = unserialize(base64_decode($kp));
////sfs_debug_msg("trying to return the post to the comments program".print_r($_POST,true));
// success add to cache
kpg_ss_log_good($ip, 'passed open captcha', 'pass');
do_action('kpg_stop_spam_OK', $ip, $post);
// So plugins can undo spam report
return false;
} else {
$msg = "Your arithmetic sucks, try again";
}
}
break;
case 'F':
// future - more free captchas
break;
}
}
// nonce check - not a valid nonce on form submit yet the value is there - what do we do?
//sfs_debug_msg('leaving second time');
} else {
// first time through
//print_r($post);
//print_r($_POST);
$ke = $post['email'];
$km = '';
$kr = "";
//if (array_key_exists('reason',$post)) $kr=$post['reason'];
$ka = $post['author'];
$kp = base64_encode(serialize($_POST));
//sfs_debug_msg('first time getting post stuff');
}
//sfs_debug_msg('creating form data');
// made it here - we display the screens
$knonce = wp_create_nonce('kpg_stopspam_deny');
// this may be the second time through
$formtop = '';
if (!empty($msg)) {
$msg = "\r\n<br><span style=\"color:red;\"> {$msg} </span><hr/>\r\n";
}
$formtop .= "\r\n<form action=\"\" method=\"post\" >\r\n<input type=\"hidden\" name=\"kn\" value=\"{$knonce}\">\r\n<input type=\"hidden\" name=\"kpg_deny\" value=\"{$chkcaptcha}\">\r\n<input type=\"hidden\" name=\"kp\" value=\"{$kp}\">\r\n<input type=\"hidden\" name=\"kr\" value=\"{$kr}\">\r\n<input type=\"hidden\" name=\"ka\" value=\"{$ka}\">\r\n";
$formbot = "\r\n<input type=\"submit\" value=\"Press to continue\">\r\n\r\n</form>\r\n\r\n";
$not = '';
if ($wlreq == 'Y') {
// halfhearted attempt to hide which field is the email field.
$not = "\r\n<fieldset style=\"border:thin solid black;padding:6px;width:100%;\">\r\n<legend><span style=\"font-weight:bold;font-size:1.2em\" >Allow Request</span></legend>\r\n<p>You have been blocked from entering information on this blog. In order to prevent this from happening in the future you\r\nmay ask the owner to add your network address to a list that allows you full access.</p>\r\n<p>Please enter your <b>e</b><b>ma</b><b>il</b> <b>add</b><b>re</b><b>ss</b> and a short note requesting access here</p>\r\n<span style=\"color:FFFEFF;\">e</span>-<span style=\"color:FFFDFF;\">ma</span>il for contact(required)<!-- not the message -->: <input type=\"text\" value=\"\" name=\"ke\"><br>\r\nmessage <!-- not email -->:<br><textarea name=\"km\"></textarea>\r\n</fieldset>\r\n";
}
$captop = "\r\n<fieldset style=\"border:thin solid black;padding:6px;width:100%;\">\r\n<legend><span style=\"font-weight:bold;font-size:1.2em\" >Please prove you are not a Robot</span></legend>\r\n\t\r\n\t\r\n";
$capbot = "\r\n</fieldset>\r\n";
// now the captchas
$cap = '';
switch ($chkcaptcha) {
case 'Y':
$date = date("Ymd");
$rand = rand(0, 9999999999999);
$height = "80";
$width = "240";
$img = "{$date}{$rand}-{$height}-{$width}.jpgx";
$imgloc = 'http://www.opencaptcha.com/img/';
$root = site_url();
$imgloc = site_url() . '?ocimg=';
//http://localhost/wordpress?ocimg=20150410628305005-80-240.jpgx
$cap = "\r\n<br>\r\n<hr/>\r\n<img src='{$imgloc}{$img}' height='{$height}' alt='captcha' width='{$width}' border='0' />\r\n<input type='hidden' name='img' value='{$img}'><br>\r\nEnter the code: <input type=text name=code value='' size='35' />\r\n";
break;
case 'G':
// recaptcha
$recaptchaapisite = $options['recaptchaapisite'];
$cap = "\r\n\t\t\t<script src=\"https://www.google.com/recaptcha/api.js\" async defer></script>\r\n\r\n\t\t\t<input type=\"hidden\" name=\"recaptcha\" value=\"recaptcha\">\r\n<div class=\"g-recaptcha\" data-sitekey=\"{$recaptchaapisite}\"></div>\r\n\r\n\r\n";
break;
case 'S':
$solvmediaapivchallenge = $options['solvmediaapivchallenge'];
$cap = "\r\n\t\t\t<script type=\"text/javascript\"\r\n\tsrc=\"http://api.solvemedia.com/papi/challenge.script?k={$solvmediaapivchallenge}\">\r\n</script>\r\n\r\n<noscript>\r\n\t<iframe src=\"http://api.solvemedia.com/papi/challenge.noscript?k={$solvmediaapivchallenge}\"\r\n\theight=\"300\" width=\"500\" frameborder=\"0\"></iframe><br/>\r\n\t<textarea name=\"adcopy_challenge\" rows=\"3\" cols=\"40\">\r\n\t</textarea>\r\n\t<input type=\"hidden\" name=\"adcopy_response\" value=\"manual_challenge\"/>\r\n</noscript><br>\r\n";
break;
case 'A':
// arithmetic
$n1 = rand(1, 9);
$n2 = rand(1, 9);
// try a much more nteresting way that can't be generalized
// use the "since" date from stats
$seed = 5;
$spdate = $stats['spdate'];
if (!empty($spdate)) {
$seed = strtotime($spdate);
}
$stupid = $n1 + $n2 - $seed;
$cap = "\r\n<P>Enter the SUM of these two numbers: <span style=\"size:4em;font-weight:bold;\">{$n1} + {$n2}</span><br>\r\n<input name=\"sum\" value=\"\" type=\"text\">\r\n<input type=\"hidden\" name=\"nums\" value=\"{$stupid}\"><br>\r\n<input type=\"submit\" value=\"Press to continue\">\r\n\r\n\r\n";
break;
case 'F':
// future
// future
default:
$captop = '';
$capbot = '';
$cap = '';
break;
}
// have a display
// need to send it to the display
if (empty($msg)) {
$msg = $rejectmessage;
}
$ansa = "\r\n\t\t{$msg}\r\n\t\t{$formtop}\r\n\t\t{$not}\r\n\t\t{$captop}\r\n\t\t{$cap}\r\n\t\t{$capbot}\r\n\t\t{$formbot}\r\n\t\t";
wp_die($ansa, "Stop Spammers", array('response' => 200));
exit;
}
function kpg_ss_check_white_block()
{
sfs_errorsonoff();
$options = kpg_ss_get_options();
$stats = kpg_ss_get_stats();
$post = get_post_variables();
$post['block'] = true;
$ansa = be_load('kpg_ss_check_white', kpg_get_ip(), $stats, $options, $post);
sfs_errorsonoff('off');
return $ansa;
}
function kpg_sfs_ip_column($value, $column_name, $user_id)
{
// get the ip for this column
$trash = KPG_SS_PLUGIN_URL . 'images/trash.png';
$tdown = KPG_SS_PLUGIN_URL . 'images/tdown.png';
$tup = KPG_SS_PLUGIN_URL . 'images/tup.png';
$whois = KPG_SS_PLUGIN_URL . 'images/whois.png';
$stophand = KPG_SS_PLUGIN_URL . 'images/stop.png';
$search = KPG_SS_PLUGIN_URL . 'images/search.png';
if ($column_name == 'signup_ip') {
$signup_ip = get_user_meta($user_id, 'signup_ip', true);
$signup_ip2 = $signup_ip;
$ipline = "";
if (!empty($signup_ip)) {
$ipline = apply_filters('ip2link', $signup_ip2);
// if the ip2link plugin is installed.
// now add the check
$user_info = get_userdata($user_id);
$useremail = urlencode($user_info->user_email);
// for reporting
$userurl = urlencode($user_info->user_url);
$username = $user_info->display_name;
$stopper = "<a title=\"Check Stop Forum Spam (SFS)\" target=\"_stopspam\" href=\"http://www.stopforumspam.com/search.php?q={$signup_ip}\"><img src=\"{$stophand}\" width=\"16px\"/></a>";
$honeysearch = "<a title=\"Check project HoneyPot\" target=\"_stopspam\" href=\"https://www.projecthoneypot.org/ip_{$signup_ip}\"><img src=\"{$search}\" width=\"16px\"/></a>";
$botsearch = "<a title=\"Check BotScount\" target=\"_stopspam\" href=\"http://botscout.com/search.htm?stype=q&sterm={$signup_ip}\"><img src=\"{$search}\" width=\"16px\"/></a>";
$who = "<a title=\"whois nic lookup\" target=\"_stopspam\" href=\"http://lacnic.net/cgi-bin/lacnic/whois?lg=EN&query={$signup_ip}\"><img src=\"{$whois}\" width=\"16px\"/></a>";
$action = " {$who} {$stopper} {$honeysearch} {$botsearch}";
$options = kpg_ss_get_options();
$apikey = $options['apikey'];
if (!empty($apikey)) {
$report = "<a title=\"Check Stop Forum Spam (SFS)\" target=\"_stopspam\" href=\"http://www.stopforumspam.com/add.php?username={$username}&email={$useremail}&ip_addr={$signup_ip}&evidence={$userurl}&api_key={$apikey}\"><img src=\"{$stophand}\" width=\"16px\"/></a>";
$action .= $report;
}
return $ipline . $action;
}
return "";
}
return $value;
}
function kpg_ss_user_reg_filter($user_login)
{
// the plugin should be all initialized
// check the ip, etc.
sfs_errorsonoff();
$options = kpg_ss_get_options();
$stats = kpg_ss_get_stats();
// fake out the post variables
$post = get_post_variables();
$post['author'] = $user_login;
$post['addon'] = 'chkRegister';
// no really an addon - but may be moved out when working.
if ($options['filterregistrations'] != 'Y') {
remove_filter('pre_user_login', kpg_ss_user_reg_filter, 1);
sfs_errorsonoff('off');
return $user_login;
}
// if the suspect is already in the bad cache he does not get a second chance?
// prevents looping
$reason = be_load('chkbcache', kpg_get_ip(), $stats, $options, $post);
sfs_errorsonoff();
if ($reason !== false) {
$rejectmessage = $options['rejectmessage'];
$post['reason'] = 'Failed Registration: bad cache';
$host['chk'] = 'chkbcache';
$ansa = be_load('kpg_ss_log_bad', kpg_get_ip(), $stats, $options, $post);
wp_die("{$rejectmessage}", "Login Access Denied", array('response' => 403));
exit;
}
// check the white list
$reason = kpg_ss_check_white();
sfs_errorsonoff();
if ($reason !== false) {
$post['reason'] = 'passed registration:' . $reason;
$ansa = be_load('kpg_ss_log_good', kpg_get_ip(), $stats, $options, $post);
sfs_errorsonoff('off');
return $user_login;
}
// check the black list
//sfs_debug_msg("Checking black list on registration: /r/n".print_r($post,true));
$ret = be_load('kpg_ss_check_post', kpg_get_ip(), $stats, $options, $post);
$post['reason'] = 'Passed Registration ' . $ret;
$ansa = be_load('kpg_ss_log_good', kpg_get_ip(), $stats, $options, $post);
return $user_login;
}