/** * Really simple captcha validation * * @return void */ function validate_rs_captcha() { $rs_captcha_input = isset($_POST['rs_captcha']) ? $_POST['rs_captcha'] : ''; $rs_captcha_file = isset($_POST['rs_captcha_val']) ? $_POST['rs_captcha_val'] : ''; if (class_exists('ReallySimpleCaptcha')) { $captcha_instance = new ReallySimpleCaptcha(); if (!$captcha_instance->check($rs_captcha_file, $rs_captcha_input)) { $this->send_error(__('Really Simple Captcha validation failed', 'wpuf')); } else { // validation success, remove the files $captcha_instance->remove($rs_captcha_file); } } }
function rcl_check_register_captcha($errors) { $rcl_captcha = new ReallySimpleCaptcha(); $rcl_captcha_prefix = sanitize_text_field($_POST['rcl_captcha_prefix']); $rcl_captcha_code = sanitize_text_field($_POST['rcl_captcha_code']); $rcl_captcha_correct = false; $rcl_captcha_check = $rcl_captcha->check($rcl_captcha_prefix, $rcl_captcha_code); $rcl_captcha_correct = $rcl_captcha_check; $rcl_captcha->remove($rcl_captcha_prefix); $rcl_captcha->cleanup(); if (!$rcl_captcha_correct) { $errors = new WP_Error(); $errors->add('rcl_register_captcha', __('Field filled not right CAPTCHA!', 'wp-recall')); } return $errors; }
function mytheme_check_comment_captcha($comment_data) { $comment_captcha = new ReallySimpleCaptcha(); $comment_captcha_correct = false; $comment_captcha_prefix = $_POST['comment_captcha_prefix']; $comment_captcha_code = $_POST['comment_captcha_code']; $comment_captcha_check = $comment_captcha->check($comment_captcha_prefix, $comment_captcha_code); $comment_captcha_correct = $comment_captcha_check; //clean up $comment_captcha->remove($_POST['comment_captcha_prefix']); $comment_captcha->cleanup(); if (!$comment_captcha_correct) { wp_die('You have entered an incorrect CAPTCHA value. try again.'); break; } return $comment_data; }
/** * Register function * * Handles registering new users and updating existing users. * * @since 2.2.1 * * @param string $toggle toggles the function between 'register' and 'update'. * @global int $user_ID * @global string $wpmem_themsg * @global array $userdata * @return string $wpmem_themsg|success|editsuccess */ function wpmem_registration($toggle) { // get the globals global $user_ID, $wpmem_themsg, $userdata; // check the nonce if (defined('WPMEM_USE_NONCE')) { if (empty($_POST) || !wp_verify_nonce($_POST['wpmem-form-submit'], 'wpmem-validate-submit')) { $wpmem_themsg = __('There was an error processing the form.', 'wp-members'); return; } } // is this a registration or a user profile update? if ($toggle == 'register') { $fields['username'] = isset($_POST['log']) ? sanitize_user($_POST['log']) : ''; } // add the user email to the $fields array for _data hooks $fields['user_email'] = isset($_POST['user_email']) ? $_POST['user_email'] : ''; // build the $fields array from $_POST data $wpmem_fields = get_option('wpmembers_fields'); foreach ($wpmem_fields as $meta) { if ($meta[4] == 'y') { if ($meta[2] != 'password') { $fields[$meta[2]] = isset($_POST[$meta[2]]) ? sanitize_text_field($_POST[$meta[2]]) : ''; } else { // we do have password as part of the registration form $fields['password'] = isset($_POST['password']) ? $_POST['password'] : ''; } } } /** * Filter the submitted form field date prior to validation. * * @since 2.8.2 * * @param array $fields An array of the posted form field data. */ $fields = apply_filters('wpmem_pre_validate_form', $fields); // check for required fields $wpmem_fields_rev = array_reverse($wpmem_fields); foreach ($wpmem_fields_rev as $meta) { $pass_arr = array('password', 'confirm_password', 'password_confirm'); $pass_chk = $toggle == 'update' && in_array($meta[2], $pass_arr) ? true : false; if ($meta[5] == 'y' && $pass_chk == false) { if (!$fields[$meta[2]]) { $wpmem_themsg = sprintf(__('Sorry, %s is a required field.', 'wp-members'), $meta[1]); } } } switch ($toggle) { case "register": if (is_multisite()) { // multisite has different requirements $result = wpmu_validate_user_signup($fields['username'], $fields['user_email']); $errors = $result['errors']; if ($errors->errors) { $wpmem_themsg = $errors->get_error_message(); return $wpmem_themsg; exit; } } else { if (!$fields['username']) { $wpmem_themsg = __('Sorry, username is a required field', 'wp-members'); return $wpmem_themsg; exit; } if (!validate_username($fields['username'])) { $wpmem_themsg = __('The username cannot include non-alphanumeric characters.', 'wp-members'); return $wpmem_themsg; exit; } if (!is_email($fields['user_email'])) { $wpmem_themsg = __('You must enter a valid email address.', 'wp-members'); return $wpmem_themsg; exit; } if (username_exists($fields['username'])) { return "user"; exit; } if (email_exists($fields['user_email'])) { return "email"; exit; } } if ($wpmem_themsg) { return "empty"; exit; } // if form contains password and email confirmation, validate that they match if (array_key_exists('confirm_password', $fields) && $fields['confirm_password'] != $fields['password']) { $wpmem_themsg = __('Passwords did not match.', 'wp-members'); } if (array_key_exists('confirm_email', $fields) && $fields['confirm_email'] != $fields['user_email']) { $wpmem_themsg = __('Emails did not match.', 'wp-members'); } $wpmem_captcha = get_option('wpmembers_captcha'); // get the captcha settings (api keys) if (WPMEM_CAPTCHA == 1 && $wpmem_captcha['recaptcha']) { // if captcha is on, check the captcha if ($wpmem_captcha['recaptcha']['public'] && $wpmem_captcha['recaptcha']['private']) { // if there is no api key, the captcha never displayed to the end user if (!$_POST["recaptcha_response_field"]) { // validate for empty captcha field $wpmem_themsg = __('You must complete the CAPTCHA form.', 'wp-members'); return "empty"; exit; } } // check to see if the recaptcha library has already been loaded by another plugin if (!function_exists('_recaptcha_qsencode')) { require_once 'lib/recaptchalib.php'; } $publickey = $wpmem_captcha['recaptcha']['public']; $privatekey = $wpmem_captcha['recaptcha']['private']; // the response from reCAPTCHA $resp = null; // the error code from reCAPTCHA, if any $error = null; if ($_POST["recaptcha_response_field"]) { $resp = recaptcha_check_answer($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); if (!$resp->is_valid) { // set the error code so that we can display it global $wpmem_captcha_err; $wpmem_captcha_err = $resp->error; $wpmem_captcha_err = wpmem_get_captcha_err($wpmem_captcha_err); return "captcha"; exit; } } // end check recaptcha } elseif (WPMEM_CAPTCHA == 2) { if (defined('REALLYSIMPLECAPTCHA_VERSION')) { /** Validate Really Simple Captcha */ $wpmem_captcha = new ReallySimpleCaptcha(); // This variable holds the CAPTCHA image prefix, which corresponds to the correct answer $wpmem_captcha_prefix = isset($_POST['captcha_prefix']) ? $_POST['captcha_prefix'] : ''; // This variable holds the CAPTCHA response, entered by the user $wpmem_captcha_code = isset($_POST['captcha_code']) ? $_POST['captcha_code'] : ''; // Check CAPTCHA validity $wpmem_captcha_correct = $wpmem_captcha->check($wpmem_captcha_prefix, $wpmem_captcha_code) ? true : false; // clean up the tmp directory $wpmem_captcha->remove($wpmem_captcha_prefix); $wpmem_captcha->cleanup(); // If CAPTCHA validation fails (incorrect value entered in CAPTCHA field), return an error if (!$wpmem_captcha_correct) { $wpmem_themsg = wpmem_get_captcha_err('really-simple'); return "empty"; exit; } } } // check for user defined password $fields['password'] = !isset($_POST['password']) ? wp_generate_password() : $_POST['password']; // add for _data hooks $fields['user_registered'] = gmdate('Y-m-d H:i:s'); $fields['user_role'] = get_option('default_role'); $fields['wpmem_reg_ip'] = $_SERVER['REMOTE_ADDR']; $fields['wpmem_reg_url'] = $_REQUEST['redirect_to']; /** * these native fields are not installed by default, but if they * are added, use the $_POST value - otherwise, default to username. * value can be filtered with wpmem_register_data */ $fields['user_nicename'] = isset($_POST['user_nicename']) ? sanitize_title($_POST['user_nicename']) : $fields['username']; $fields['display_name'] = isset($_POST['display_name']) ? sanitize_user($_POST['display_name']) : $fields['username']; $fields['nickname'] = isset($_POST['nickname']) ? sanitize_user($_POST['nickname']) : $fields['username']; /** * Filter registration data after validation before data insertion. * * @since 2.8.2 * * @param array $fields An array of the registration field data. */ $fields = apply_filters('wpmem_register_data', $fields); /** * Fires before any insertion/emails. * * This action is the final step in pre registering a user. This * can be used for attaching custom validation to the registration * process. It cannot be used for changing any user registration * data. Use the wpmem_register_data filter for that. * * @since 2.7.2 * * @param array $fields The user's submitted registration data. */ do_action('wpmem_pre_register_data', $fields); // if the _pre_register_data hook sends back an error message if ($wpmem_themsg) { return $wpmem_themsg; } // main new user fields are ready $new_user_fields = array('user_pass' => $fields['password'], 'user_login' => $fields['username'], 'user_nicename' => $fields['user_nicename'], 'user_email' => $fields['user_email'], 'display_name' => $fields['display_name'], 'nickname' => $fields['nickname'], 'user_registered' => $fields['user_registered'], 'role' => $fields['user_role']); // get any excluded meta fields $excluded_meta = wpmem_get_excluded_meta('register'); // user_url, first_name, last_name, description, jabber, aim, yim $new_user_fields_meta = array('user_url', 'first_name', 'last_name', 'description', 'jabber', 'aim', 'yim'); foreach ($wpmem_fields as $meta) { if (in_array($meta[2], $new_user_fields_meta)) { if ($meta[4] == 'y' && !in_array($meta[2], $excluded_meta)) { $new_user_fields[$meta[2]] = $fields[$meta[2]]; } } } // inserts to wp_users table $fields['ID'] = wp_insert_user($new_user_fields); // set remaining fields to wp_usermeta table foreach ($wpmem_fields as $meta) { // if the field is not excluded, update accordingly if (!in_array($meta[2], $excluded_meta) && !in_array($meta[2], $new_user_fields_meta)) { if ($meta[4] == 'y' && $meta[2] != 'user_email') { update_user_meta($fields['ID'], $meta[2], $fields[$meta[2]]); } } } // capture IP address of user at registration update_user_meta($fields['ID'], 'wpmem_reg_ip', $fields['wpmem_reg_ip']); // store the registration url update_user_meta($fields['ID'], 'wpmem_reg_url', $fields['wpmem_reg_url']); // set user expiration, if used if (WPMEM_USE_EXP == 1 && WPMEM_MOD_REG != 1) { wpmem_set_exp($fields['ID']); } /** * Fires after user insertion but before email. * * @since 2.7.2 * * @param array $fields The user's submitted registration data. */ do_action('wpmem_post_register_data', $fields); require_once 'wp-members-email.php'; // if this was successful, and you have email properly // configured, send a notification email to the user wpmem_inc_regemail($fields['ID'], $fields['password'], WPMEM_MOD_REG, $wpmem_fields, $fields); // notify admin of new reg, if needed; if (WPMEM_NOTIFY_ADMIN == 1) { wpmem_notify_admin($fields['ID'], $wpmem_fields); } /** * Fires after registration is complete. * * @since 2.7.1 */ do_action('wpmem_register_redirect'); // successful registration message return "success"; exit; break; case "update": if ($wpmem_themsg) { return "updaterr"; exit; } // doing a check for existing email is not the same as a new reg. check first to // see if it's different, then check if it is a valid address and it exists. global $current_user; get_currentuserinfo(); if ($fields['user_email'] != $current_user->user_email) { if (email_exists($fields['user_email'])) { return "email"; exit; } if (!is_email($fields['user_email'])) { $wpmem_themsg = __('You must enter a valid email address.', 'wp-members'); return "updaterr"; exit; } } // if form includes email confirmation, validate that they match if (array_key_exists('confirm_email', $fields) && $fields['confirm_email'] != $fields['user_email']) { $wpmem_themsg = __('Emails did not match.', 'wp-members'); } // add the user_ID to the fields array $fields['ID'] = $user_ID; /** * Filter registration data after validation before data insertion. * * @since 2.8.2 * * @param array $fields An array of the registration field data. */ $fields = apply_filters('wpmem_register_data', $fields); /** * Fires before data insertion. * * This action is the final step in pre updating a user. This * can be used for attaching custom validation to the update * process. It cannot be used for changing any user update * data. Use the wpmem_register_data filter for that. * * @since 2.7.2 * * @param array $fields The user's submitted update data. */ do_action('wpmem_pre_update_data', $fields); // if the _pre_update_data hook sends back an error message // @todo - double check this. it should probably return "updaterr" and the hook should globalize wpmem_themsg if ($wpmem_themsg) { return $wpmem_themsg; } // a list of fields that can be updated by wp_update_user $native_fields = array('user_nicename', 'user_url', 'user_email', 'display_name', 'nickname', 'first_name', 'last_name', 'description', 'role', 'jabber', 'aim', 'yim'); $native_update = array('ID' => $user_ID); foreach ($wpmem_fields as $meta) { // if the field is not excluded, update accordingly if (!in_array($meta[2], wpmem_get_excluded_meta('update'))) { switch ($meta[2]) { // if the field can be updated by wp_update_user case in_array($meta[2], $native_fields): $fields[$meta[2]] = isset($fields[$meta[2]]) ? $fields[$meta[2]] : ''; //wp_update_user( array( 'ID' => $user_ID, $meta[2] => $fields[$meta[2]] ) ); $native_update[$meta[2]] = $fields[$meta[2]]; break; // if the field is password // if the field is password case 'password': // do nothing... break; // everything else goes into wp_usermeta // everything else goes into wp_usermeta default: if ($meta[4] == 'y') { update_user_meta($user_ID, $meta[2], $fields[$meta[2]]); } break; } } } // update wp_update_user fields wp_update_user($native_update); /** * Fires at the end of user update data insertion. * * @since 2.7.2 * * @param array $fields The user's submitted registration data. */ do_action('wpmem_post_update_data', $fields); return "editsuccess"; exit; break; } }
/** * Register function. * * Handles registering new users and updating existing users. * * @since 2.2.1 * * @param string $toggle toggles the function between 'register' and 'update'. * @global int $user_ID * @global string $wpmem_themsg * @global array $userdata * @return string $wpmem_themsg|success|editsuccess */ function wpmem_registration($toggle) { // Get the globals. global $user_ID, $wpmem, $wpmem_themsg, $userdata; // Check the nonce. if (defined('WPMEM_USE_NONCE')) { if (empty($_POST) || !wp_verify_nonce($_POST['wpmem-form-submit'], 'wpmem-validate-submit')) { $wpmem_themsg = __('There was an error processing the form.', 'wp-members'); return; } } // Is this a registration or a user profile update? if ($toggle == 'register') { $fields['username'] = isset($_POST['log']) ? sanitize_user($_POST['log']) : ''; } // Add the user email to the $fields array for _data hooks. $fields['user_email'] = isset($_POST['user_email']) ? $_POST['user_email'] : ''; // Build the $fields array from $_POST data. $wpmem_fields = $wpmem->fields; // get_option( 'wpmembers_fields' ); foreach ($wpmem_fields as $meta) { if ($meta[4] == 'y') { if ($meta[2] != 'password') { $fields[$meta[2]] = isset($_POST[$meta[2]]) ? sanitize_text_field($_POST[$meta[2]]) : ''; } else { // We do have password as part of the registration form. $fields['password'] = isset($_POST['password']) ? $_POST['password'] : ''; } } } /** * Filter the submitted form field date prior to validation. * * @since 2.8.2 * * @param array $fields An array of the posted form field data. */ $fields = apply_filters('wpmem_pre_validate_form', $fields); // Check for required fields, reverse the array for logical error message order. $wpmem_fields_rev = array_reverse($wpmem_fields); foreach ($wpmem_fields_rev as $meta) { $pass_arr = array('password', 'confirm_password', 'password_confirm'); $pass_chk = $toggle == 'update' && in_array($meta[2], $pass_arr) ? true : false; if ($meta[5] == 'y' && $pass_chk == false) { if (!$fields[$meta[2]]) { $wpmem_themsg = sprintf(__('Sorry, %s is a required field.', 'wp-members'), $meta[1]); } } } switch ($toggle) { case "register": if (is_multisite()) { // Multisite has different requirements. $result = wpmu_validate_user_signup($fields['username'], $fields['user_email']); $errors = $result['errors']; if ($errors->errors) { $wpmem_themsg = $errors->get_error_message(); return $wpmem_themsg; exit; } } else { // Validate username and email fields. $wpmem_themsg = email_exists($fields['user_email']) ? "email" : $wpmem_themsg; $wpmem_themsg = username_exists($fields['username']) ? "user" : $wpmem_themsg; $wpmem_themsg = !is_email($fields['user_email']) ? __('You must enter a valid email address.', 'wp-members') : $wpmem_themsg; $wpmem_themsg = !validate_username($fields['username']) ? __('The username cannot include non-alphanumeric characters.', 'wp-members') : $wpmem_themsg; $wpmem_themsg = !$fields['username'] ? __('Sorry, username is a required field', 'wp-members') : $wpmem_themsg; // If there is an error from username, email, or required field validation, stop registration and return the error. if ($wpmem_themsg) { return $wpmem_themsg; exit; } } // If form contains password and email confirmation, validate that they match. if (array_key_exists('confirm_password', $fields) && $fields['confirm_password'] != $fields['password']) { $wpmem_themsg = __('Passwords did not match.', 'wp-members'); } if (array_key_exists('confirm_email', $fields) && $fields['confirm_email'] != $fields['user_email']) { $wpmem_themsg = __('Emails did not match.', 'wp-members'); } // Get the captcha settings (api keys). $wpmem_captcha = get_option('wpmembers_captcha'); // If captcha is on, check the captcha. if ($wpmem->captcha == 1 && $wpmem_captcha['recaptcha']) { // If there is no api key, the captcha never displayed to the end user. if ($wpmem_captcha['recaptcha']['public'] && $wpmem_captcha['recaptcha']['private']) { if (!$_POST["recaptcha_response_field"]) { // validate for empty captcha field $wpmem_themsg = __('You must complete the CAPTCHA form.', 'wp-members'); return "empty"; exit; } } // Check to see if the recaptcha library has already been loaded by another plugin. if (!function_exists('_recaptcha_qsencode')) { require_once WPMEM_PATH . 'lib/recaptchalib.php'; } $publickey = $wpmem_captcha['recaptcha']['public']; $privatekey = $wpmem_captcha['recaptcha']['private']; // The response from reCAPTCHA. $resp = null; // The error code from reCAPTCHA, if any. $error = null; if ($_POST["recaptcha_response_field"]) { $resp = recaptcha_check_answer($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); if (!$resp->is_valid) { // Set the error code so that we can display it. global $wpmem_captcha_err; $wpmem_captcha_err = $resp->error; $wpmem_captcha_err = wpmem_get_captcha_err($wpmem_captcha_err); return "captcha"; exit; } } // End check recaptcha. } elseif ($wpmem->captcha == 2) { if (defined('REALLYSIMPLECAPTCHA_VERSION')) { // Validate Really Simple Captcha. $wpmem_captcha = new ReallySimpleCaptcha(); // This variable holds the CAPTCHA image prefix, which corresponds to the correct answer. $wpmem_captcha_prefix = isset($_POST['captcha_prefix']) ? $_POST['captcha_prefix'] : ''; // This variable holds the CAPTCHA response, entered by the user. $wpmem_captcha_code = isset($_POST['captcha_code']) ? $_POST['captcha_code'] : ''; // Check CAPTCHA validity. $wpmem_captcha_correct = $wpmem_captcha->check($wpmem_captcha_prefix, $wpmem_captcha_code) ? true : false; // Clean up the tmp directory. $wpmem_captcha->remove($wpmem_captcha_prefix); $wpmem_captcha->cleanup(); // If CAPTCHA validation fails (incorrect value entered in CAPTCHA field), return an error. if (!$wpmem_captcha_correct) { $wpmem_themsg = wpmem_get_captcha_err('really-simple'); return "empty"; exit; } } } elseif ($wpmem->captcha == 3 && $wpmem_captcha['recaptcha']) { // Get the captcha response. if (isset($_POST['g-recaptcha-response'])) { $captcha = $_POST['g-recaptcha-response']; } // If there is no captcha value, return error. if (!$captcha) { $wpmem_themsg = __('You must complete the CAPTCHA form.', 'wp-members'); return "empty"; exit; } // We need the private key for validation. $privatekey = $wpmem_captcha['recaptcha']['private']; // Validate the captcha. $response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=" . $privatekey . "&response=" . $captcha . "&remoteip=" . $_SERVER['REMOTE_ADDR']); // Decode the json response. $response = json_decode($response, true); // If captcha validation was unsuccessful. if ($response['success'] == false) { $wpmem_themsg = __('CAPTCHA was not valid.', 'wp-members'); return "empty"; exit; } } // Check for user defined password. $fields['password'] = !isset($_POST['password']) ? wp_generate_password() : $_POST['password']; // Add for _data hooks $fields['user_registered'] = gmdate('Y-m-d H:i:s'); $fields['user_role'] = get_option('default_role'); $fields['wpmem_reg_ip'] = $_SERVER['REMOTE_ADDR']; $fields['wpmem_reg_url'] = isset($_REQUEST['wpmem_reg_page']) ? $_REQUEST['wpmem_reg_page'] : $_REQUEST['redirect_to']; /* * These native fields are not installed by default, but if they * are added, use the $_POST value - otherwise, default to username. * Value can be filtered with wpmem_register_data. */ $fields['user_nicename'] = isset($_POST['user_nicename']) ? sanitize_title($_POST['user_nicename']) : $fields['username']; $fields['display_name'] = isset($_POST['display_name']) ? sanitize_user($_POST['display_name']) : $fields['username']; $fields['nickname'] = isset($_POST['nickname']) ? sanitize_user($_POST['nickname']) : $fields['username']; /** * Filter registration data after validation before data insertion. * * @since 2.8.2 * * @param array $fields An array of the registration field data. * @param string $toggle A switch to indicate the action (new|edit). */ $fields = apply_filters('wpmem_register_data', $fields, 'new'); /** * Fires before any insertion/emails. * * This action is the final step in pre registering a user. This * can be used for attaching custom validation to the registration * process. It cannot be used for changing any user registration * data. Use the wpmem_register_data filter for that. * * @since 2.7.2 * * @param array $fields The user's submitted registration data. */ do_action('wpmem_pre_register_data', $fields); // If the _pre_register_data hook sends back an error message. if ($wpmem_themsg) { return $wpmem_themsg; } // Main new user fields are ready. $new_user_fields = array('user_pass' => $fields['password'], 'user_login' => $fields['username'], 'user_nicename' => $fields['user_nicename'], 'user_email' => $fields['user_email'], 'display_name' => $fields['display_name'], 'nickname' => $fields['nickname'], 'user_registered' => $fields['user_registered'], 'role' => $fields['user_role']); // Get any excluded meta fields. $excluded_meta = wpmem_get_excluded_meta('register'); // Fields for wp_insert_user: user_url, first_name, last_name, description, jabber, aim, yim. $new_user_fields_meta = array('user_url', 'first_name', 'last_name', 'description', 'jabber', 'aim', 'yim'); foreach ($wpmem_fields as $meta) { if (in_array($meta[2], $new_user_fields_meta)) { if ($meta[4] == 'y' && !in_array($meta[2], $excluded_meta)) { $new_user_fields[$meta[2]] = $fields[$meta[2]]; } } } // Inserts to wp_users table. $fields['ID'] = wp_insert_user($new_user_fields); // Set remaining fields to wp_usermeta table. foreach ($wpmem_fields as $meta) { // If the field is not excluded, update accordingly. if (!in_array($meta[2], $excluded_meta) && !in_array($meta[2], $new_user_fields_meta)) { if ($meta[4] == 'y' && $meta[2] != 'user_email') { update_user_meta($fields['ID'], $meta[2], $fields[$meta[2]]); } } } // Capture IP address of user at registration. update_user_meta($fields['ID'], 'wpmem_reg_ip', $fields['wpmem_reg_ip']); // Store the registration url. update_user_meta($fields['ID'], 'wpmem_reg_url', $fields['wpmem_reg_url']); // Set user expiration, if used. if ($wpmem->use_exp == 1 && $wpmem->mod_reg != 1) { wpmem_set_exp($fields['ID']); } /** * Fires after user insertion but before email. * * @since 2.7.2 * * @param array $fields The user's submitted registration data. */ do_action('wpmem_post_register_data', $fields); require_once WPMEM_PATH . 'inc/email.php'; /* * If this was successful, and you have email properly * configured, send a notification email to the user. */ wpmem_inc_regemail($fields['ID'], $fields['password'], $wpmem->mod_reg, $wpmem_fields, $fields); // Notify admin of new reg, if needed. if ($wpmem->notify == 1) { wpmem_notify_admin($fields['ID'], $wpmem_fields); } /** * Fires after registration is complete. * * @since 2.7.1 */ do_action('wpmem_register_redirect'); // successful registration message return "success"; exit; break; case "update": if ($wpmem_themsg) { return "updaterr"; exit; } /* * Doing a check for existing email is not the same as a new reg. check first to * see if it's different, then check if it is a valid address and it exists. */ global $current_user; get_currentuserinfo(); if ($fields['user_email'] != $current_user->user_email) { if (email_exists($fields['user_email'])) { return "email"; exit; } if (!is_email($fields['user_email'])) { $wpmem_themsg = __('You must enter a valid email address.', 'wp-members'); return "updaterr"; exit; } } // If form includes email confirmation, validate that they match. if (array_key_exists('confirm_email', $fields) && $fields['confirm_email'] != $fields['user_email']) { $wpmem_themsg = __('Emails did not match.', 'wp-members'); } // Add the user_ID to the fields array. $fields['ID'] = $user_ID; /** * Filter registration data after validation before data insertion. * * @since 2.8.2 * * @param array $fields An array of the registration field data. * @param string $toggle A switch to indicate the action (new|edit). */ $fields = apply_filters('wpmem_register_data', $fields, 'edit'); /** * Fires before data insertion. * * This action is the final step in pre updating a user. This * can be used for attaching custom validation to the update * process. It cannot be used for changing any user update * data. Use the wpmem_register_data filter for that. * * @since 2.7.2 * * @param array $fields The user's submitted update data. */ do_action('wpmem_pre_update_data', $fields); /* * If the _pre_update_data hook sends back an error message. * @todo - double check this. it should probably return "updaterr" and the hook should globalize wpmem_themsg */ if ($wpmem_themsg) { return $wpmem_themsg; } // A list of fields that can be updated by wp_update_user. $native_fields = array('user_nicename', 'user_url', 'user_email', 'display_name', 'nickname', 'first_name', 'last_name', 'description', 'role', 'jabber', 'aim', 'yim'); $native_update = array('ID' => $user_ID); foreach ($wpmem_fields as $meta) { // If the field is not excluded, update accordingly. if (!in_array($meta[2], wpmem_get_excluded_meta('update'))) { switch ($meta[2]) { // If the field can be updated by wp_update_user. case in_array($meta[2], $native_fields): $fields[$meta[2]] = isset($fields[$meta[2]]) ? $fields[$meta[2]] : ''; $native_update[$meta[2]] = $fields[$meta[2]]; break; // If the field is password. // If the field is password. case 'password': // Do nothing. break; // Everything else goes into wp_usermeta. // Everything else goes into wp_usermeta. default: if ($meta[4] == 'y') { update_user_meta($user_ID, $meta[2], $fields[$meta[2]]); } break; } } } // Update wp_update_user fields. wp_update_user($native_update); /** * Fires at the end of user update data insertion. * * @since 2.7.2 * * @param array $fields The user's submitted registration data. */ do_action('wpmem_post_update_data', $fields); return "editsuccess"; exit; break; } }
function cbnet_check_comment_captcha($comment_data) { if (!is_user_logged_in() && $comment_data['comment_type'] == '' && class_exists('ReallySimpleCaptcha')) { $cbnet_comment_captcha = new ReallySimpleCaptcha(); // This variable holds the CAPTCHA image prefix, which corresponds to the correct answer $cbnet_comment_captcha_prefix = $_POST['comment_captcha_prefix']; // This variable holds the CAPTCHA response, entered by the user $cbnet_comment_captcha_code = $_POST['comment_captcha_code']; // This variable will hold the result of the CAPTCHA validation. Set to 'false' until CAPTCHA validation passes $cbnet_comment_captcha_correct = false; // Validate the CAPTCHA response $cbnet_comment_captcha_check = $cbnet_comment_captcha->check($cbnet_comment_captcha_prefix, $cbnet_comment_captcha_code); // Set to 'true' if validation passes, and 'false' if validation fails $cbnet_comment_captcha_correct = $cbnet_comment_captcha_check; // clean up the tmp directory $cbnet_comment_captcha->remove($cbnet_comment_captcha_prefix); $cbnet_comment_captcha->cleanup(); // If CAPTCHA validation fails (incorrect value entered in CAPTCHA field) don't process the comment. if (!$cbnet_comment_captcha_correct) { wp_die('You have entered an incorrect CAPTCHA value. Click the BACK button on your browser, and try again.'); break; } // if CAPTCHA validation passes (correct value entered in CAPTCHA field), process the comment as per normal return $comment_data; } else { return $comment_data; } }
function easy_t_check_captcha() { if (!class_exists('ReallySimpleCaptcha') && !easy_testimonials_use_recaptcha()) { // captcha's cannot possibly be checked, so return true return true; } else { $captcha_correct = false; // false until proven correct } // look for + verify a reCAPTCHA first if (!empty($_POST["g-recaptcha-response"])) { if (!class_exists('EZT_ReCaptcha')) { require_once 'include/lib/ezt_recaptchalib.php'; } $secret = get_option('easy_t_recaptcha_secret_key', ''); $response = null; if (!empty($secret)) { $reCaptcha = new EZT_ReCaptcha($secret); $response = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], $_POST["g-recaptcha-response"]); $captcha_correct = $response != null && $response->success; } } else { if (!empty($_POST['captcha_prefix']) && class_exists('ReallySimpleCaptcha')) { $captcha = new ReallySimpleCaptcha(); // This variable holds the CAPTCHA image prefix, which corresponds to the correct answer $captcha_prefix = $_POST['captcha_prefix']; // This variable holds the CAPTCHA response, entered by the user $captcha_code = $_POST['captcha_code']; // This variable will hold the result of the CAPTCHA validation. Set to 'false' until CAPTCHA validation passes $captcha_correct = false; // Validate the CAPTCHA response $captcha_check = $captcha->check($captcha_prefix, $captcha_code); // Set to 'true' if validation passes, and 'false' if validation fails $captcha_correct = $captcha_check; // clean up the tmp directory $captcha->remove($captcha_prefix); $captcha->cleanup(); } } return $captcha_correct; }
function et_send_msg_action() { $error_name = false; $error_email = false; $error_msg = false; $captcha_instance = new ReallySimpleCaptcha(); if (isset($_GET['contact-submit'])) { header("Content-type: application/json"); $name = ''; $email = ''; $website = ''; $message = ''; $reciever_email = ''; $return = array(); if (!$captcha_instance->check($_GET['captcha-prefix'], $_GET['captcha-word'])) { $return['status'] = 'error'; $return['msg'] = __('The security code you entered did not match. Please try again.', ETHEME_DOMAIN); echo json_encode($return); die; } if (trim($_GET['contact-name']) === '') { $error_name = true; } else { $name = trim($_GET['contact-name']); } if (trim($_GET['contact-email']) === '' || !isValidEmail($_GET['contact-email'])) { $error_email = true; } else { $email = trim($_GET['contact-email']); } if (trim($_GET['contact-msg']) === '') { $error_msg = true; } else { $message = trim($_GET['contact-msg']); } $website = stripslashes(trim($_GET['contact-website'])); // Check if we have errors if (!$error_name && !$error_email && !$error_msg) { // Get the received email $reciever_email = etheme_get_option('contacts_email'); $subject = 'You have been contacted by ' . $name; $body = "You have been contacted by {$name}. Their message is: " . PHP_EOL . PHP_EOL; $body .= $message . PHP_EOL . PHP_EOL; $body .= "You can contact {$name} via email at {$email}"; if ($website != '') { $body .= " and visit their website at {$website}" . PHP_EOL . PHP_EOL; } $body .= PHP_EOL . PHP_EOL; $headers = "From {$email} " . PHP_EOL; $headers .= "Reply-To: {$email}" . PHP_EOL; $headers .= "MIME-Version: 1.0" . PHP_EOL; $headers .= "Content-type: text/plain; charset=utf-8" . PHP_EOL; $headers .= "Content-Transfer-Encoding: quoted-printable" . PHP_EOL; if (wp_mail($reciever_email, $subject, $body, $headers)) { $return['status'] = 'success'; $return['msg'] = __('All is well, your email has been sent.', ETHEME_DOMAIN); } else { $return['status'] = 'error'; $return['msg'] = __('Error while sending a message!', ETHEME_DOMAIN); } $captcha_instance->remove($_GET['captcha-prefix']); } else { // Return errors $return['status'] = 'error'; $return['msg'] = __('Please, fill in the required fields!', ETHEME_DOMAIN); } echo json_encode($return); die; } }
/** * Check form input * * @param $captcha * @param $errors * * @return mixed */ function wpmtst_captcha_check($captcha, $errors) { switch ($captcha) { // Captcha by BestWebSoft case 'bwsmath': if (function_exists('cptch_check_custom_form') && cptch_check_custom_form() !== true) { $errors['captcha'] = __('The Captcha failed. Please try again.', 'strong-testimonials'); } break; // Really Simple Captcha by Takayuki Miyoshi // Really Simple Captcha by Takayuki Miyoshi case 'miyoshi': if (class_exists('ReallySimpleCaptcha')) { $captcha_instance = new ReallySimpleCaptcha(); $prefix = isset($_POST['captchac']) ? (string) $_POST['captchac'] : ''; $response = isset($_POST['captchar']) ? (string) $_POST['captchar'] : ''; $correct = $captcha_instance->check($prefix, $response); if (!$correct) { $errors['captcha'] = __('The Captcha failed. Please try again.', 'strong-testimonials'); } // remove the temporary image and text files (except on Windows) if ('127.0.0.1' != $_SERVER['SERVER_ADDR']) { $captcha_instance->remove($prefix); } } break; // Advanced noCaptcha reCaptcha by Shamim Hasan // Advanced noCaptcha reCaptcha by Shamim Hasan case 'advnore': if (function_exists('anr_verify_captcha') && !anr_verify_captcha()) { $errors['captcha'] = __('The Captcha failed. Please try again.', 'strong-testimonials'); } break; default: } return $errors; }
function gwolle_gb_frontend_posthandling() { global $wpdb, $gwolle_gb_errors, $gwolle_gb_error_fields, $gwolle_gb_messages, $gwolle_gb_data; /* * Handle $_POST and check and save entry. */ if (isset($_POST['gwolle_gb_function']) && $_POST['gwolle_gb_function'] == 'add_entry') { // Initialize errors $gwolle_gb_errors = false; $gwolle_gb_error_fields = array(); // Initialize messages $gwolle_gb_messages = ''; // Option to allow only logged-in users to post. Don't show the form if not logged-in. if (!is_user_logged_in() && get_option('gwolle_gb-require_login', 'false') == 'true') { $gwolle_gb_errors = true; $gwolle_gb_messages .= '<p class="require_login"><strong>' . __('Submitting a new guestbook entry is only allowed for logged-in users.', GWOLLE_GB_TEXTDOMAIN) . '</strong></p>'; return; } /* * Collect data from the Form */ $gwolle_gb_data = array(); $form_setting = gwolle_gb_get_setting('form'); /* Name */ if (isset($form_setting['form_name_enabled']) && $form_setting['form_name_enabled'] === 'true') { if (isset($_POST['gwolle_gb_author_name'])) { $gwolle_gb_data['author_name'] = trim($_POST['gwolle_gb_author_name']); $gwolle_gb_data['author_name'] = gwolle_gb_maybe_encode_emoji($gwolle_gb_data['author_name'], 'author_name'); if ($gwolle_gb_data['author_name'] == "") { if (isset($form_setting['form_name_mandatory']) && $form_setting['form_name_mandatory'] === 'true') { $gwolle_gb_errors = true; $gwolle_gb_error_fields[] = 'name'; // mandatory } } } else { if (isset($form_setting['form_name_mandatory']) && $form_setting['form_name_mandatory'] === 'true') { $gwolle_gb_errors = true; $gwolle_gb_error_fields[] = 'name'; // mandatory } } } /* City / Origin */ if (isset($form_setting['form_city_enabled']) && $form_setting['form_city_enabled'] === 'true') { if (isset($_POST['gwolle_gb_author_origin'])) { $gwolle_gb_data['author_origin'] = trim($_POST['gwolle_gb_author_origin']); $gwolle_gb_data['author_origin'] = gwolle_gb_maybe_encode_emoji($gwolle_gb_data['author_origin'], 'author_origin'); if ($gwolle_gb_data['author_origin'] == "") { if (isset($form_setting['form_city_mandatory']) && $form_setting['form_city_mandatory'] === 'true') { $gwolle_gb_errors = true; $gwolle_gb_error_fields[] = 'author_origin'; // mandatory } } } else { if (isset($form_setting['form_city_mandatory']) && $form_setting['form_city_mandatory'] === 'true') { $gwolle_gb_errors = true; $gwolle_gb_error_fields[] = 'author_origin'; // mandatory } } } /* Email */ if (isset($form_setting['form_email_enabled']) && $form_setting['form_email_enabled'] === 'true') { if (isset($_POST['gwolle_gb_author_email'])) { $gwolle_gb_data['author_email'] = trim($_POST['gwolle_gb_author_email']); if (filter_var($gwolle_gb_data['author_email'], FILTER_VALIDATE_EMAIL)) { // Valid Email address. } else { if (isset($form_setting['form_email_mandatory']) && $form_setting['form_email_mandatory'] === 'true') { $gwolle_gb_errors = true; $gwolle_gb_error_fields[] = 'author_email'; // mandatory } } } else { if (isset($form_setting['form_email_mandatory']) && $form_setting['form_email_mandatory'] === 'true') { $gwolle_gb_errors = true; $gwolle_gb_error_fields[] = 'author_email'; // mandatory } } } /* Website / Homepage */ if (isset($form_setting['form_homepage_enabled']) && $form_setting['form_homepage_enabled'] === 'true') { if (isset($_POST['gwolle_gb_author_website'])) { $gwolle_gb_data['author_website'] = trim($_POST['gwolle_gb_author_website']); $pattern = '/^http/'; if (!preg_match($pattern, $gwolle_gb_data['author_website'], $matches)) { $gwolle_gb_data['author_website'] = "http://" . $gwolle_gb_data['author_website']; } if (filter_var($gwolle_gb_data['author_website'], FILTER_VALIDATE_URL)) { // Valid Website URL. } else { if (isset($form_setting['form_homepage_mandatory']) && $form_setting['form_homepage_mandatory'] === 'true') { $gwolle_gb_errors = true; $gwolle_gb_error_fields[] = 'author_website'; // mandatory } } } else { if (isset($form_setting['form_homepage_mandatory']) && $form_setting['form_homepage_mandatory'] === 'true') { $gwolle_gb_errors = true; $gwolle_gb_error_fields[] = 'author_website'; // mandatory } } } /* Message */ if (isset($form_setting['form_message_enabled']) && $form_setting['form_message_enabled'] === 'true') { if (isset($_POST['gwolle_gb_content'])) { $gwolle_gb_data['content'] = trim($_POST['gwolle_gb_content']); if ($gwolle_gb_data['content'] == "") { if (isset($form_setting['form_message_mandatory']) && $form_setting['form_message_mandatory'] === 'true') { $gwolle_gb_errors = true; $gwolle_gb_error_fields[] = 'content'; // mandatory } } else { $gwolle_gb_data['content'] = gwolle_gb_maybe_encode_emoji($gwolle_gb_data['content'], 'content'); } } else { if (isset($form_setting['form_message_mandatory']) && $form_setting['form_message_mandatory'] === 'true') { $gwolle_gb_errors = true; $gwolle_gb_error_fields[] = 'content'; // mandatory } } } /* Custom Anti-Spam */ if (isset($form_setting['form_antispam_enabled']) && $form_setting['form_antispam_enabled'] === 'true') { $antispam_question = gwolle_gb_sanitize_output(get_option('gwolle_gb-antispam-question')); $antispam_answer = gwolle_gb_sanitize_output(get_option('gwolle_gb-antispam-answer')); if (isset($antispam_question) && strlen($antispam_question) > 0 && isset($antispam_answer) && strlen($antispam_answer) > 0) { if (isset($_POST["gwolle_gb_antispam_answer"]) && trim($_POST["gwolle_gb_antispam_answer"]) == trim($antispam_answer)) { //echo "You got it!"; } else { $gwolle_gb_errors = true; $gwolle_gb_error_fields[] = 'antispam'; // mandatory } } if (isset($_POST["gwolle_gb_antispam_answer"])) { $gwolle_gb_data['antispam'] = trim($_POST['gwolle_gb_antispam_answer']); } } /* CAPTCHA */ if (isset($form_setting['form_recaptcha_enabled']) && $form_setting['form_recaptcha_enabled'] === 'true') { if (class_exists('ReallySimpleCaptcha')) { $gwolle_gb_captcha = new ReallySimpleCaptcha(); // This variable holds the CAPTCHA image prefix, which corresponds to the correct answer $gwolle_gb_captcha_prefix = $_POST['gwolle_gb_captcha_prefix']; // This variable holds the CAPTCHA response, entered by the user $gwolle_gb_captcha_code = $_POST['gwolle_gb_captcha_code']; // Validate the CAPTCHA response $gwolle_gb_captcha_correct = $gwolle_gb_captcha->check($gwolle_gb_captcha_prefix, $gwolle_gb_captcha_code); // If CAPTCHA validation fails (incorrect value entered in CAPTCHA field) mark comment as spam. if (true != $gwolle_gb_captcha_correct) { $gwolle_gb_errors = true; $gwolle_gb_error_fields[] = 'captcha'; // mandatory //$gwolle_gb_messages .= '<p style="display_:none"><strong>' . $gwolle_gb_captcha_correct . '</strong></p>'; } else { // verified! //$gwolle_gb_messages .= '<p class="error_fields"><strong>Verified.</strong></p>'; } // clean up the tmp directory $gwolle_gb_captcha->remove($gwolle_gb_captcha_prefix); $gwolle_gb_captcha->cleanup(); } } /* If there are errors, stop here and return false */ if (is_array($gwolle_gb_error_fields) && !empty($gwolle_gb_error_fields)) { // There was no data filled in, even though that was mandatory. $gwolle_gb_messages .= '<p class="error_fields"><strong>' . __('There were errors submitting your guestbook entry.', GWOLLE_GB_TEXTDOMAIN) . '</strong></p>'; if (isset($gwolle_gb_error_fields)) { foreach ($gwolle_gb_error_fields as $field) { switch ($field) { case 'name': $gwolle_gb_messages .= '<p class="error_fields"><strong>' . __('Your name is not filled in, even though it is mandatory.', GWOLLE_GB_TEXTDOMAIN) . '</strong></p>'; break; case 'author_origin': $gwolle_gb_messages .= '<p class="error_fields"><strong>' . __('Your origin is not filled in, even though it is mandatory.', GWOLLE_GB_TEXTDOMAIN) . '</strong></p>'; break; case 'author_email': $gwolle_gb_messages .= '<p class="error_fields"><strong>' . __('Your e-mail address is not filled in correctly, even though it is mandatory.', GWOLLE_GB_TEXTDOMAIN) . '</strong></p>'; break; case 'author_website': $gwolle_gb_messages .= '<p class="error_fields"><strong>' . __('Your website is not filled in, even though it is mandatory.', GWOLLE_GB_TEXTDOMAIN) . '</strong></p>'; break; case 'content': $gwolle_gb_messages .= '<p class="error_fields"><strong>' . __('There is no message, even though it is mandatory.', GWOLLE_GB_TEXTDOMAIN) . '</strong></p>'; break; case 'antispam': $gwolle_gb_messages .= '<p class="error_fields"><strong>' . __('The anti-spam question was not answered correctly, even though it is mandatory.', GWOLLE_GB_TEXTDOMAIN) . '</strong></p>'; break; case 'captcha': $gwolle_gb_messages .= '<p class="error_fields"><strong>' . __('The CAPTCHA was not filled in correctly, even though it is mandatory.', GWOLLE_GB_TEXTDOMAIN) . '</strong></p>'; break; } } } $gwolle_gb_messages .= '<p class="error_fields" style="display: none;">' . print_r($gwolle_gb_error_fields, true) . '</p>'; return false; // no need to check and save } /* New Instance of gwolle_gb_entry. */ $entry = new gwolle_gb_entry(); /* Set the data in the instance */ $set_data = $entry->set_data($gwolle_gb_data); if (!$set_data) { // Data is not set in the Instance, something happened $gwolle_gb_errors = true; $gwolle_gb_messages .= '<p class="set_data"><strong>' . __('There were errors submitting your guestbook entry.', GWOLLE_GB_TEXTDOMAIN) . '</strong></p>'; return false; } /* Check for spam and set accordingly */ $isspam = gwolle_gb_akismet($entry, 'comment-check'); if ($isspam) { // Returned true, so considered spam $entry->set_isspam(true); // Is it wise to make them any wiser? Probably not... // $gwolle_gb_messages .= '<p><strong>' . __('Your guestbook entry is probably spam. A moderator will decide upon it.', GWOLLE_GB_TEXTDOMAIN) . '</strong></p>'; } /* if Moderation is off, set it to "ischecked" */ $user_id = get_current_user_id(); // returns 0 if no current user if (get_option('gwolle_gb-moderate-entries', 'true') == 'true') { if (gwolle_gb_is_moderator($user_id)) { $entry->set_ischecked(true); } else { $entry->set_ischecked(false); } } else { // First set to checked $entry->set_ischecked(true); // Check for abusive content (too long words). Set it to unchecked, so manual moderation is needed. $maxlength = 100; $words = explode(" ", $entry->get_content()); foreach ($words as $word) { if (strlen($word) > $maxlength) { $entry->set_ischecked(false); break; } } $maxlength = 60; $words = explode(" ", $entry->get_author_name()); foreach ($words as $word) { if (strlen($word) > $maxlength) { $entry->set_ischecked(false); break; } } } /* Check for logged in user, and set the userid as author_id, just in case someone is also admin, or gets promoted some day */ $entry->set_author_id($user_id); /* * Network Information */ $entry->set_author_ip($_SERVER['REMOTE_ADDR']); $entry->set_author_host(gethostbyaddr($_SERVER['REMOTE_ADDR'])); /* * Check for double post using email field and content. * Only if content is mandatory. */ if (isset($form_setting['form_message_mandatory']) && $form_setting['form_message_mandatory'] === 'true') { $entries = gwolle_gb_get_entries(array('email' => $entry->get_author_email())); if (is_array($entries) && !empty($entries)) { foreach ($entries as $entry_email) { if ($entry_email->get_content() == $entry->get_content()) { // Match is double entry $gwolle_gb_errors = true; $gwolle_gb_messages .= '<p class="double_post"><strong>' . __('Double post: An entry with the data you entered has already been saved.', GWOLLE_GB_TEXTDOMAIN) . '</strong></p>'; return false; } } } } /* * Save the Entry */ // $save = ""; // Testing mode $save = $entry->save(); //if ( WP_DEBUG ) { echo "save: "; var_dump($save); } if ($save) { // We have been saved to the Database $gwolle_gb_messages .= '<p class="entry_saved">' . __('Thank you for your entry.', GWOLLE_GB_TEXTDOMAIN) . '</p>'; if ($entry->get_ischecked() == 0) { $gwolle_gb_messages .= '<p>' . __('We will review it and unlock it in a short while.', GWOLLE_GB_TEXTDOMAIN) . '</p>'; } } /* * Update Cache plugins */ if ($entry->get_ischecked() == 1) { gwolle_gb_clear_cache(); } /* * Send the Notification Mail to moderators that have subscribed (only when it is not Spam) */ if (!$isspam) { $subscribers = array(); $recipients = get_option('gwolle_gb-notifyByMail', array()); if (count($recipients) > 0) { $recipients = explode(",", $recipients); foreach ($recipients as $recipient) { if (is_numeric($recipient)) { $userdata = get_userdata($recipient); $subscribers[] = $userdata->user_email; } } } @ini_set('sendmail_from', get_bloginfo('admin_mail')); // Set the Mail Content $mailTags = array('user_email', 'user_name', 'status', 'entry_management_url', 'blog_name', 'blog_url', 'wp_admin_url', 'entry_content', 'author_ip'); $mail_body = gwolle_gb_sanitize_output(get_option('gwolle_gb-adminMailContent', false)); if (!$mail_body) { $mail_body = __("\nHello,\n\nThere is a new guestbook entry at '%blog_name%'.\nYou can check it at %entry_management_url%.\n\nHave a nice day.\nYour Gwolle-GB-Mailer\n\n\nWebsite address: %blog_url%\nUser name: %user_name%\nUser email: %user_email%\nEntry status: %status%\nEntry content:\n%entry_content%\n", GWOLLE_GB_TEXTDOMAIN); } // Set the Mail Headers $subject = '[' . gwolle_gb_format_values_for_mail(get_bloginfo('name')) . '] ' . __('New Guestbook Entry', GWOLLE_GB_TEXTDOMAIN); $header = ""; if (get_option('gwolle_gb-mail-from', false)) { $header .= "From: " . gwolle_gb_format_values_for_mail(get_bloginfo('name')) . " <" . get_option('gwolle_gb-mail-from') . ">\r\n"; } else { $header .= "From: " . gwolle_gb_format_values_for_mail(get_bloginfo('name')) . " <" . get_bloginfo('admin_email') . ">\r\n"; } $header .= "Content-Type: text/plain; charset=UTF-8\r\n"; // Encoding of the mail // Replace the tags from the mailtemplate with real data from the website and entry $info['user_name'] = gwolle_gb_sanitize_output($entry->get_author_name()); $info['user_email'] = $entry->get_author_email(); $info['blog_name'] = get_bloginfo('name'); $info['blog_url'] = get_bloginfo('wpurl'); $info['wp_admin_url'] = $info['blog_url'] . '/wp-admin'; $info['entry_management_url'] = $info['wp_admin_url'] . '/admin.php?page=' . GWOLLE_GB_FOLDER . '/editor.php&entry_id=' . $entry->get_id(); $info['entry_content'] = gwolle_gb_format_values_for_mail(gwolle_gb_sanitize_output($entry->get_content())); $info['author_ip'] = $_SERVER['REMOTE_ADDR']; if ($entry->get_ischecked()) { $info['status'] = __('Checked', GWOLLE_GB_TEXTDOMAIN); } else { $info['status'] = __('Unchecked', GWOLLE_GB_TEXTDOMAIN); } // The last tags are bloginfo-based for ($tagNum = 0; $tagNum < count($mailTags); $tagNum++) { $mail_body = str_replace('%' . $mailTags[$tagNum] . '%', $info[$mailTags[$tagNum]], $mail_body); $mail_body = gwolle_gb_format_values_for_mail($mail_body); } if (is_array($subscribers) && !empty($subscribers)) { foreach ($subscribers as $subscriber) { wp_mail($subscriber, $subject, $mail_body, $header); } } } /* * Send Notification Mail to the author if set to true in an option */ if (!$isspam) { if (get_option('gwolle_gb-mail_author', 'false') == 'true') { // Set the Mail Content $mailTags = array('user_email', 'user_name', 'blog_name', 'blog_url', 'entry_content'); $mail_body = gwolle_gb_sanitize_output(get_option('gwolle_gb-authorMailContent', false)); if (!$mail_body) { $mail_body = __("\nHello,\n\nYou have just posted a new guestbook entry at '%blog_name%'.\n\nHave a nice day.\nThe editors at %blog_name%.\n\n\nWebsite address: %blog_url%\nUser name: %user_name%\nUser email: %user_email%\nEntry content:\n%entry_content%\n", GWOLLE_GB_TEXTDOMAIN); } // Set the Mail Headers $subject = '[' . gwolle_gb_format_values_for_mail(get_bloginfo('name')) . '] ' . __('New Guestbook Entry', GWOLLE_GB_TEXTDOMAIN); $header = ""; if (get_option('gwolle_gb-mail-from', false)) { $header .= "From: " . gwolle_gb_format_values_for_mail(get_bloginfo('name')) . " <" . gwolle_gb_sanitize_output(get_option('gwolle_gb-mail-from')) . ">\r\n"; } else { $header .= "From: " . gwolle_gb_format_values_for_mail(get_bloginfo('name')) . " <" . get_bloginfo('admin_email') . ">\r\n"; } $header .= "Content-Type: text/plain; charset=UTF-8\r\n"; // Encoding of the mail // Replace the tags from the mailtemplate with real data from the website and entry $info['user_name'] = gwolle_gb_sanitize_output($entry->get_author_name()); $info['user_email'] = $entry->get_author_email(); $info['blog_name'] = get_bloginfo('name'); $info['blog_url'] = get_bloginfo('wpurl'); $info['entry_content'] = gwolle_gb_format_values_for_mail(gwolle_gb_sanitize_output($entry->get_content())); for ($tagNum = 0; $tagNum < count($mailTags); $tagNum++) { $mail_body = str_replace('%' . $mailTags[$tagNum] . '%', $info[$mailTags[$tagNum]], $mail_body); $mail_body = gwolle_gb_format_values_for_mail($mail_body); } wp_mail($entry->get_author_email(), $subject, $mail_body, $header); } } /* * No Log for the Entry needed, it has a default post date in the Entry itself. */ } }
function gwolle_gb_frontend_posthandling() { global $wpdb, $gwolle_gb_errors, $gwolle_gb_error_fields, $gwolle_gb_messages, $gwolle_gb_data; /* * Handle $_POST and check and save entry. */ if (isset($_POST['gwolle_gb_function']) && $_POST['gwolle_gb_function'] == 'add_entry') { // Initialize errors $gwolle_gb_errors = false; $gwolle_gb_error_fields = array(); // Initialize messages $gwolle_gb_messages = ''; // Option to allow only logged-in users to post. Don't show the form if not logged-in. if (!is_user_logged_in() && get_option('gwolle_gb-require_login', 'false') == 'true') { $gwolle_gb_errors = true; $gwolle_gb_messages .= '<p class="require_login"><strong>' . __('Submitting a new guestbook entry is only allowed for logged-in users.', 'gwolle-gb') . '</strong></p>'; return; } /* * Collect data from the Form */ $gwolle_gb_data = array(); $form_setting = gwolle_gb_get_setting('form'); /* Name */ if (isset($form_setting['form_name_enabled']) && $form_setting['form_name_enabled'] === 'true') { if (isset($_POST['gwolle_gb_author_name'])) { $gwolle_gb_data['author_name'] = trim($_POST['gwolle_gb_author_name']); $gwolle_gb_data['author_name'] = gwolle_gb_maybe_encode_emoji($gwolle_gb_data['author_name'], 'author_name'); if ($gwolle_gb_data['author_name'] == "") { if (isset($form_setting['form_name_mandatory']) && $form_setting['form_name_mandatory'] === 'true') { $gwolle_gb_errors = true; $gwolle_gb_error_fields[] = 'name'; // mandatory } } } else { if (isset($form_setting['form_name_mandatory']) && $form_setting['form_name_mandatory'] === 'true') { $gwolle_gb_errors = true; $gwolle_gb_error_fields[] = 'name'; // mandatory } } } /* City / Origin */ if (isset($form_setting['form_city_enabled']) && $form_setting['form_city_enabled'] === 'true') { if (isset($_POST['gwolle_gb_author_origin'])) { $gwolle_gb_data['author_origin'] = trim($_POST['gwolle_gb_author_origin']); $gwolle_gb_data['author_origin'] = gwolle_gb_maybe_encode_emoji($gwolle_gb_data['author_origin'], 'author_origin'); if ($gwolle_gb_data['author_origin'] == "") { if (isset($form_setting['form_city_mandatory']) && $form_setting['form_city_mandatory'] === 'true') { $gwolle_gb_errors = true; $gwolle_gb_error_fields[] = 'author_origin'; // mandatory } } } else { if (isset($form_setting['form_city_mandatory']) && $form_setting['form_city_mandatory'] === 'true') { $gwolle_gb_errors = true; $gwolle_gb_error_fields[] = 'author_origin'; // mandatory } } } /* Email */ if (isset($form_setting['form_email_enabled']) && $form_setting['form_email_enabled'] === 'true') { if (isset($_POST['gwolle_gb_author_email'])) { $gwolle_gb_data['author_email'] = trim($_POST['gwolle_gb_author_email']); if (filter_var($gwolle_gb_data['author_email'], FILTER_VALIDATE_EMAIL)) { // Valid Email address. } else { if (isset($form_setting['form_email_mandatory']) && $form_setting['form_email_mandatory'] === 'true') { $gwolle_gb_errors = true; $gwolle_gb_error_fields[] = 'author_email'; // mandatory } } } else { if (isset($form_setting['form_email_mandatory']) && $form_setting['form_email_mandatory'] === 'true') { $gwolle_gb_errors = true; $gwolle_gb_error_fields[] = 'author_email'; // mandatory } } } else { if (isset($_POST['gwolle_gb_author_email'])) { $gwolle_gb_data['author_email'] = trim($_POST['gwolle_gb_author_email']); } } /* Website / Homepage */ if (isset($form_setting['form_homepage_enabled']) && $form_setting['form_homepage_enabled'] === 'true') { if (isset($_POST['gwolle_gb_author_website'])) { $gwolle_gb_data['author_website'] = trim($_POST['gwolle_gb_author_website']); $pattern = '/^http/'; if (!preg_match($pattern, $gwolle_gb_data['author_website'], $matches)) { $gwolle_gb_data['author_website'] = "http://" . $gwolle_gb_data['author_website']; } if (filter_var($gwolle_gb_data['author_website'], FILTER_VALIDATE_URL)) { // Valid Website URL. } else { if (isset($form_setting['form_homepage_mandatory']) && $form_setting['form_homepage_mandatory'] === 'true') { $gwolle_gb_errors = true; $gwolle_gb_error_fields[] = 'author_website'; // mandatory } } } else { if (isset($form_setting['form_homepage_mandatory']) && $form_setting['form_homepage_mandatory'] === 'true') { $gwolle_gb_errors = true; $gwolle_gb_error_fields[] = 'author_website'; // mandatory } } } /* Message */ if (isset($form_setting['form_message_enabled']) && $form_setting['form_message_enabled'] === 'true') { if (isset($_POST['gwolle_gb_content'])) { $gwolle_gb_data['content'] = trim($_POST['gwolle_gb_content']); if ($gwolle_gb_data['content'] == "") { if (isset($form_setting['form_message_mandatory']) && $form_setting['form_message_mandatory'] === 'true') { $gwolle_gb_errors = true; $gwolle_gb_error_fields[] = 'content'; // mandatory } } else { $gwolle_gb_data['content'] = gwolle_gb_maybe_encode_emoji($gwolle_gb_data['content'], 'content'); } } else { if (isset($form_setting['form_message_mandatory']) && $form_setting['form_message_mandatory'] === 'true') { $gwolle_gb_errors = true; $gwolle_gb_error_fields[] = 'content'; // mandatory } } } /* Custom Anti-Spam */ if (isset($form_setting['form_antispam_enabled']) && $form_setting['form_antispam_enabled'] === 'true') { $antispam_question = gwolle_gb_sanitize_output(get_option('gwolle_gb-antispam-question')); $antispam_answer = gwolle_gb_sanitize_output(get_option('gwolle_gb-antispam-answer')); if (isset($antispam_question) && strlen($antispam_question) > 0 && isset($antispam_answer) && strlen($antispam_answer) > 0) { if (isset($_POST["gwolle_gb_antispam_answer"]) && trim($_POST["gwolle_gb_antispam_answer"]) == trim($antispam_answer)) { //echo "You got it!"; } else { $gwolle_gb_errors = true; $gwolle_gb_error_fields[] = 'antispam'; // mandatory } } if (isset($_POST["gwolle_gb_antispam_answer"])) { $gwolle_gb_data['antispam'] = trim($_POST['gwolle_gb_antispam_answer']); } } /* CAPTCHA */ if (isset($form_setting['form_recaptcha_enabled']) && $form_setting['form_recaptcha_enabled'] === 'true') { if (class_exists('ReallySimpleCaptcha')) { $gwolle_gb_captcha = new ReallySimpleCaptcha(); // This variable holds the CAPTCHA image prefix, which corresponds to the correct answer $gwolle_gb_captcha_prefix = $_POST['gwolle_gb_captcha_prefix']; // This variable holds the CAPTCHA response, entered by the user $gwolle_gb_captcha_code = $_POST['gwolle_gb_captcha_code']; // Validate the CAPTCHA response $gwolle_gb_captcha_correct = $gwolle_gb_captcha->check($gwolle_gb_captcha_prefix, $gwolle_gb_captcha_code); // If CAPTCHA validation fails (incorrect value entered in CAPTCHA field) mark comment as spam. if (true != $gwolle_gb_captcha_correct) { $gwolle_gb_errors = true; $gwolle_gb_error_fields[] = 'captcha'; // mandatory //$gwolle_gb_messages .= '<p style="display_:none"><strong>' . $gwolle_gb_captcha_correct . '</strong></p>'; } else { // verified! //$gwolle_gb_messages .= '<p class="error_fields"><strong>Verified.</strong></p>'; } // clean up the tmp directory $gwolle_gb_captcha->remove($gwolle_gb_captcha_prefix); $gwolle_gb_captcha->cleanup(); } } /* If there are errors, stop here and return false */ if (is_array($gwolle_gb_error_fields) && !empty($gwolle_gb_error_fields)) { // There was no data filled in, even though that was mandatory. // $gwolle_gb_messages .= '<p class="error_fields"><strong>' . __('There were errors submitting your guestbook entry.', 'gwolle-gb') . '</strong></p>'; if (isset($gwolle_gb_error_fields)) { foreach ($gwolle_gb_error_fields as $field) { switch ($field) { case 'name': $gwolle_gb_messages .= '<p class="error_fields"><strong>Des mots aussi beaux, ça mérite une signature non ?</strong></p>'; break; case 'author_origin': $gwolle_gb_messages .= '<p class="error_fields"><strong>' . __('Your origin is not filled in, even though it is mandatory.', 'gwolle-gb') . '</strong></p>'; break; case 'author_email': $gwolle_gb_messages .= '<p class="error_fields"><strong>' . __('Your e-mail address is not filled in correctly, even though it is mandatory.', 'gwolle-gb') . '</strong></p>'; break; case 'author_website': $gwolle_gb_messages .= '<p class="error_fields"><strong>' . __('Your website is not filled in, even though it is mandatory.', 'gwolle-gb') . '</strong></p>'; break; case 'content': $gwolle_gb_messages .= '<p class="error_fields"><strong>Tu as oublié les mots doux ' . $gwolle_gb_data['author_name'] . ' :) !</strong></p>'; break; case 'antispam': $gwolle_gb_messages .= '<p class="error_fields"><strong>' . __('The anti-spam question was not answered correctly, even though it is mandatory.', 'gwolle-gb') . '</strong></p>'; break; case 'captcha': $gwolle_gb_messages .= '<p class="error_fields"><strong>' . __('The CAPTCHA was not filled in correctly, even though it is mandatory.', 'gwolle-gb') . '</strong></p>'; break; } } } $gwolle_gb_messages .= '<p class="error_fields" style="display: none;">' . print_r($gwolle_gb_error_fields, true) . '</p>'; return false; // no need to check and save } /* New Instance of gwolle_gb_entry. */ $entry = new gwolle_gb_entry(); /* Set the data in the instance */ $set_data = $entry->set_data($gwolle_gb_data); if (!$set_data) { // Data is not set in the Instance, something happened $gwolle_gb_errors = true; $gwolle_gb_messages .= '<p class="set_data"><strong>' . __('There were errors submitting your guestbook entry.', 'gwolle-gb') . '</strong></p>'; return false; } /* Check for spam and set accordingly */ $isspam = gwolle_gb_akismet($entry, 'comment-check'); if ($isspam) { // Returned true, so considered spam $entry->set_isspam(true); // Is it wise to make them any wiser? Probably not... // $gwolle_gb_messages .= '<p><strong>' . __('Your guestbook entry is probably spam. A moderator will decide upon it.', 'gwolle-gb') . '</strong></p>'; } /* if Moderation is off, set it to "ischecked" */ $user_id = get_current_user_id(); // returns 0 if no current user if (get_option('gwolle_gb-moderate-entries', 'true') == 'true') { if (gwolle_gb_is_moderator($user_id)) { $entry->set_ischecked(true); } else { $entry->set_ischecked(false); } } else { // First set to checked $entry->set_ischecked(true); // Check for abusive content (too long words). Set it to unchecked, so manual moderation is needed. $maxlength = 100; $words = explode(" ", $entry->get_content()); foreach ($words as $word) { if (strlen($word) > $maxlength) { $entry->set_ischecked(false); break; } } $maxlength = 60; $words = explode(" ", $entry->get_author_name()); foreach ($words as $word) { if (strlen($word) > $maxlength) { $entry->set_ischecked(false); break; } } } $entry->set_ischecked(false); /* Check for logged in user, and set the userid as author_id, just in case someone is also admin, or gets promoted some day */ $entry->set_author_id($user_id); /* * Network Information */ $entry->set_author_ip($_SERVER['REMOTE_ADDR']); $entry->set_author_host(gethostbyaddr($_SERVER['REMOTE_ADDR'])); /* * Book ID */ if (isset($_POST['gwolle_gb_book_id'])) { $gwolle_gb_data['book_id'] = (int) $_POST['gwolle_gb_book_id']; } if ($gwolle_gb_data['book_id'] < 1) { $gwolle_gb_data['book_id'] = 1; } $entry->set_book_id($gwolle_gb_data['book_id']); /* * Check for double post using email field and content. * Only if content is mandatory. */ if (isset($form_setting['form_message_mandatory']) && $form_setting['form_message_mandatory'] === 'true') { $entries = gwolle_gb_get_entries(array('email' => $entry->get_author_email())); if (is_array($entries) && !empty($entries)) { foreach ($entries as $entry_email) { if ($entry_email->get_content() == $entry->get_content()) { // Match is double entry $gwolle_gb_errors = true; $gwolle_gb_messages .= '<p class="double_post"><strong>' . __('Double post: An entry with the data you entered has already been saved.', 'gwolle-gb') . '</strong></p>'; return false; } } } } /* * Save the Entry */ // $save = ""; // Testing mode $save = $entry->save(); //if ( WP_DEBUG ) { echo "save: "; var_dump($save); } if ($save) { // We have been saved to the Database $gwolle_gb_messages .= '<p class="entry_saved">Merci pour ton message ' . $gwolle_gb_data['author_name'] . ' !</p>'; if ($entry->get_ischecked() == 0) { $gwolle_gb_messages .= '<p>Il apparaîtra bientôt sur le site !</p>'; } } /* * Update Cache plugins */ if ($entry->get_ischecked() == 1) { gwolle_gb_clear_cache(); } /* * Send the Notification Mail to moderators that have subscribed (only when it is not Spam) */ gwolle_gb_mail_moderators($entry); /* * Send Notification Mail to the author if set to true in an option */ gwolle_gb_mail_author($entry); /* * No Log for the Entry needed, it has a default post date in the Entry itself. */ } }
function easy_t_check_captcha() { $captcha = new ReallySimpleCaptcha(); // This variable holds the CAPTCHA image prefix, which corresponds to the correct answer $captcha_prefix = $_POST['captcha_prefix']; // This variable holds the CAPTCHA response, entered by the user $captcha_code = $_POST['captcha_code']; // This variable will hold the result of the CAPTCHA validation. Set to 'false' until CAPTCHA validation passes $captcha_correct = false; // Validate the CAPTCHA response $captcha_check = $captcha->check($captcha_prefix, $captcha_code); // Set to 'true' if validation passes, and 'false' if validation fails $captcha_correct = $captcha_check; // clean up the tmp directory $captcha->remove($captcha_prefix); $captcha->cleanup(); return $captcha_correct; }
function cbnet_check_comment_captcha($approved, $comment_data) { if (!is_user_logged_in() && $comment_data['comment_type'] == '' && class_exists('ReallySimpleCaptcha')) { $cbnet_rscc_captcha = new ReallySimpleCaptcha(); // This variable holds the CAPTCHA image prefix, which corresponds to the correct answer $cbnet_rscc_captcha_prefix = $_POST['comment_captcha_prefix']; // This variable holds the CAPTCHA response, entered by the user $cbnet_rscc_captcha_code = $_POST['comment_captcha_code']; // Validate the CAPTCHA response $cbnet_rscc_captcha_correct = $cbnet_rscc_captcha->check($cbnet_rscc_captcha_prefix, $cbnet_rscc_captcha_code); // If CAPTCHA validation fails (incorrect value entered in CAPTCHA field) mark comment as spam. if (true != $cbnet_rscc_captcha_correct) { $approved = 'spam'; } // clean up the tmp directory $cbnet_rscc_captcha->remove($cbnet_rscc_captcha_prefix); $cbnet_rscc_captcha->cleanup(); } // Return $approved return $approved; }