/** * CleanTalk integrate register hook * @param array $regOptions * @param array $theme_vars * @return void */ function cleantalk_check_register(&$regOptions, $theme_vars) { global $language, $user_info, $modSettings; if ($regOptions['interface'] == 'admin') { return; } $ct = new Cleantalk(); $ct->server_url = CT_SERVER_URL; $ct_request = new CleantalkRequest(); $ct_request->auth_key = cleantalk_get_api_key(); $ct_request->response_lang = 'en'; // SMF use any charset and language $ct_request->agent = CT_AGENT_VERSION; $ct_request->sender_email = isset($regOptions['email']) ? $regOptions['email'] : ''; $ip = isset($regOptions['register_vars']['member_ip']) ? $regOptions['register_vars']['member_ip'] : $_SERVER['REMOTE_ADDR']; $ct_request->sender_ip = $ct->ct_session_ip($ip); $ct_request->sender_nickname = isset($regOptions['username']) ? $regOptions['username'] : ''; $ct_request->submit_time = cleantalk_get_form_submit_time(); $ct_request->js_on = cleantalk_is_valid_js() ? 1 : 0; $ct_request->sender_info = json_encode(array('REFFERRER' => isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : null, 'cms_lang' => substr($language, 0, 2), 'USER_AGENT' => isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : null)); if (defined('CT_DEBUG') && CT_DEBUG) { log_error('CleanTalk request: ' . var_export($ct_request, true), 'user'); } /** * @var CleantalkResponse $ct_result CleanTalk API call result */ $ct_result = $ct->isAllowUser($ct_request); if ($ct_result->errno != 0 && !cleantalk_is_valid_js()) { cleantalk_log('deny registration (errno !=0, invalid js test)' . strip_tags($ct_result->comment)); fatal_error('CleanTalk: ' . strip_tags($ct_result->comment), false); return; } if ($ct_result->inactive == 1) { // need admin approval cleantalk_log('need approval for "' . $regOptions['username'] . '"'); $regOptions['register_vars']['is_activated'] = 3; // waiting for admin approval $regOptions['require'] = 'approval'; if (!isset($modSettings['notify_new_registration']) || empty($modSettings['notify_new_registration'])) { // temporarly turn on notify for new registration $modSettings['notify_new_registration'] = 1; } // add Cleantalk message to email template $user_info['cleantalkmessage'] = $ct_result->comment; // temporarly turn on registration_method to approval_after $modSettings['registration_method'] = 2; return; } if ($ct_result->allow == 0) { // this is bot, stop registration cleantalk_log('deny registration' . strip_tags($ct_result->comment)); fatal_error('CleanTalk: ' . strip_tags($ct_result->comment), false); } else { // all ok, only logging cleantalk_log('allow regisration for "' . $regOptions['username'] . '"'); } }
/** * Test S2member registration * @return array with errors */ function ct_s2member_registration_test() { global $ct_agent_version, $ct_post_data_label, $ct_post_data_authnet_label, $ct_formtime_label, $ct_options, $ct_data; $ct_options = ct_get_options(); $ct_data = ct_get_data(); if ($ct_options['registrations_test'] == 0) { return null; } $submit_time = submit_time_test(); $checkjs = js_test('ct_checkjs', $_COOKIE, true); require_once 'cleantalk.class.php'; $sender_info = get_sender_info(); $sender_info = json_encode($sender_info); if ($sender_info === false) { $sender_info = ''; } $sender_email = null; if (isset($_POST[$ct_post_data_label]['email'])) { $sender_email = $_POST[$ct_post_data_label]['email']; } if (isset($_POST[$ct_post_data_authnet_label]['email'])) { $sender_email = $_POST[$ct_post_data_authnet_label]['email']; } $sender_nickname = null; if (isset($_POST[$ct_post_data_label]['username'])) { $sender_nickname = $_POST[$ct_post_data_label]['username']; } if (isset($_POST[$ct_post_data_authnet_label]['username'])) { $sender_nickname = $_POST[$ct_post_data_authnet_label]['username']; } $config = get_option('cleantalk_server'); $ct = new Cleantalk(); $ct->work_url = $config['ct_work_url']; $ct->server_url = $ct_options['server']; $ct->server_ttl = $config['ct_server_ttl']; $ct->server_changed = $config['ct_server_changed']; $ct->ssl_on = $ct_options['ssl_on']; $ct_request = new CleantalkRequest(); $ct_request->auth_key = $ct_options['apikey']; $ct_request->sender_email = $sender_email; $ct_request->sender_ip = $ct->ct_session_ip($_SERVER['REMOTE_ADDR']); $ct_request->sender_nickname = $sender_nickname; $ct_request->agent = $ct_agent_version; $ct_request->sender_info = $sender_info; $ct_request->js_on = $checkjs; $ct_request->submit_time = $submit_time; $ct_result = $ct->isAllowUser($ct_request); if ($ct->server_change) { update_option('cleantalk_server', array('ct_work_url' => $ct->work_url, 'ct_server_ttl' => $ct->server_ttl, 'ct_server_changed' => time())); } if ($ct_result->errno != 0) { return false; } // Restart submit form counter for failed requests if ($ct_result->allow == 0) { $_SESSION[$ct_formtime_label] = time(); } if ($ct_result->allow == 0) { ct_die_extended($ct_result->comment); } return true; }
protected function _checkSpam($spam_check, $options) { require_once 'CleanTalk/Base/cleantalk.class.php'; $ct_authkey = $options->get('cleantalk', 'apikey'); $dataRegistryModel = $this->getModelFromCache('XenForo_Model_DataRegistry'); $ct_ws = $dataRegistryModel->get('cleantalk_ws'); if (!$ct_ws) { $ct_ws = array('work_url' => 'http://moderate.cleantalk.ru', 'server_url' => 'http://moderate.cleantalk.ru', 'server_ttl' => 0, 'server_changed' => 0); } $field_name = CleanTalk_Base_CleanTalk::getCheckjsName(); if (!isset($_COOKIE[$field_name])) { $checkjs = NULL; } elseif (in_array($_COOKIE[$field_name], CleanTalk_Base_CleanTalk::getCheckJSArray())) { $checkjs = 1; } else { $checkjs = 0; } $user_agent = $_SERVER['HTTP_USER_AGENT']; $refferrer = $_SERVER['HTTP_REFERER']; $ct = new Cleantalk(); $ct->work_url = $ct_ws['work_url']; $ct->server_url = $ct_ws['server_url']; $ct->server_ttl = $ct_ws['server_ttl']; $ct->server_changed = $ct_ws['server_changed']; $options = XenForo_Application::getOptions(); $ct_options = array('enabled' => $options->get('cleantalk', 'enabled'), 'apikey' => $options->get('cleantalk', 'apikey')); $sender_info = json_encode(array('cms_lang' => 'en', 'REFFERRER' => $refferrer, 'post_url' => $refferrer, 'USER_AGENT' => $user_agent, 'ct_options' => json_encode($ct_options))); $ct_request = new CleantalkRequest(); $ct_request->auth_key = $ct_authkey; $ct_request->agent = 'xenforo-15'; $ct_request->response_lang = 'en'; $ct_request->js_on = $checkjs; $ct_request->sender_info = $sender_info; $ct_request->sender_email = $spam_check['sender_email']; $ct_request->sender_nickname = $spam_check['sender_nickname']; $ct_request->sender_ip = $ct->ct_session_ip($_SERVER['REMOTE_ADDR']); $ct_submit_time = NULL; // session_start(); switch ($spam_check['type']) { case 'comment': $stored_time = XenForo_Application::getSession()->get('ct_submit_comment_time'); if (isset($stored_time)) { $ct_submit_time = time() - $stored_time; } $timelabels_key = 'e_comm'; $ct_request->submit_time = $ct_submit_time; $ct_request->message = $spam_check['message_title'] . " \n\n" . $spam_check['message_body']; $example = ''; $a_example = array(); $a_example['title'] = $spam_check['example_title']; $a_example['body'] = $spam_check['example_body']; $a_example['comments'] = $spam_check['example_comments']; // Additional info. $post_info = ''; $a_post_info['comment_type'] = 'comment'; // JSON format. $example = json_encode($a_example); $post_info = json_encode($a_post_info); // Plain text format. if ($example === FALSE) { $example = ''; $example .= $a_example['title'] . " \n\n"; $example .= $a_example['body'] . " \n\n"; $example .= $a_example['comments']; } if ($post_info === FALSE) { $post_info = ''; } // Example text + last N comments in json or plain text format. $ct_request->example = $example; $ct_request->post_info = $post_info; $ct_result = $ct->isAllowMessage($ct_request); break; case 'register': $stored_time = XenForo_Application::getSession()->get('ct_submit_register_time'); if (isset($stored_time)) { $ct_submit_time = time() - $stored_time; } $timelabels_key = 'e_reg'; $ct_request->submit_time = $ct_submit_time; $ct_request->tz = $spam_check['timezone']; $ct_result = $ct->isAllowUser($ct_request); break; } $ret_val = array(); $ret_val['ct_request_id'] = $ct_result->id; if ($ct->server_change) { $dataRegistryModel->set('cleantalk_ws', array('work_url' => $ct->work_url, 'server_url' => $ct->server_url, 'server_ttl' => $ct->server_ttl, 'server_changed' => time())); } // First check errstr flag. if (!empty($ct_result->errstr) || !empty($ct_result->inactive) && $ct_result->inactive == 1) { // Cleantalk error so we go default way (no action at all). $ret_val['errno'] = 1; // Just inform admin. //$err_title = $_SERVER['SERVER_NAME'] . ' - CleanTalk hook error'; if (!empty($ct_result->errstr)) { $ret_val['errstr'] = $this->_filterResponse($ct_result->errstr); } else { $ret_val['errstr'] = $this->_filterResponse($ct_result->comment); } $send_flag = FALSE; $ct_time = $dataRegistryModel->get('cleantalk_' . $timelabels_key); if (!$ct_time) { $send_flag = TRUE; } elseif (time() - 900 > $ct_time[0]) { // 15 minutes. $send_flag = TRUE; } if ($send_flag) { $dataRegistryModel->set('cleantalk_' . $timelabels_key, array(time())); $mail = XenForo_Mail::create('cleantalk_error', array('plainText' => $ret_val['errstr'], 'htmlText' => nl2br($ret_val['errstr']))); $mail->send($options->get('contactEmailAddress')); } return $ret_val; } $ret_val['errno'] = 0; if ($ct_result->allow == 1) { // Not spammer. $ret_val['allow'] = 1; /* // Store request_id in globals to store it in DB later. _cleantalk_ct_result('set', $ct_result->id); // Don't store 'ct_result_comment', means good comment. */ } else { // Spammer. $ret_val['allow'] = 0; $ret_val['ct_result_comment'] = $this->_filterResponse($ct_result->comment); // Check stop_queue flag. if ($spam_check['type'] == 'comment' && $ct_result->stop_queue == 0) { // Spammer and stop_queue == 0 - to manual approvement. $ret_val['stop_queue'] = 0; /* // Store request_id and comment in static to store them in DB later. // Store 'ct_result_comment' - means bad comment. _cleantalk_ct_result('set', $ct_result->id, $ret_val['ct_result_comment']); */ } else { // New user or Spammer and stop_queue == 1 - display form error message. $ret_val['stop_queue'] = 1; } } return $ret_val; }
/** * Universal method for checking comment or new user for spam * It makes checking itself * @param &array Entity to check (comment or new user) * @param boolean Notify admin about errors by email or not (default FALSE) * @return array|null Checking result or NULL when bad params */ static function CheckSpam(&$arEntity, $bSendEmail = FALSE) { if (!is_array($arEntity) || !array_key_exists('type', $arEntity)) { return; } $type = $arEntity['type']; if ($type != 'comment' && $type != 'register') { return; } $ct_key = Mage::getStoreConfig('general/cleantalk/api_key'); $ct_ws = self::GetWorkServer(); if (!(isset($_SERVER['HTTP_X_REQUESTED_WITH']) && !empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest')) { if (!session_id()) { session_start(); } } //This one is causing errors with ajax if (!isset($_COOKIE['ct_checkjs'])) { $checkjs = NULL; } elseif ($_COOKIE['ct_checkjs'] == self::GetCheckJSValue()) { $checkjs = 1; } else { $checkjs = 0; } if (isset($_SERVER['HTTP_USER_AGENT'])) { $user_agent = htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']); } else { $user_agent = NULL; } if (isset($_SERVER['HTTP_REFERER'])) { $refferrer = htmlspecialchars((string) $_SERVER['HTTP_REFERER']); } else { $refferrer = NULL; } $ct_language = 'en'; $sender_info = array('cms_lang' => $ct_language, 'REFFERRER' => $refferrer, 'post_url' => $refferrer, 'USER_AGENT' => $user_agent); $sender_info = json_encode($sender_info); require_once 'lib/cleantalk.class.php'; $ct = new Cleantalk(); $ct->work_url = $ct_ws['work_url']; $ct->server_url = $ct_ws['server_url']; $ct->server_ttl = $ct_ws['server_ttl']; $ct->server_changed = $ct_ws['server_changed']; if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { $forwarded_for = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? htmlentities($_SERVER['HTTP_X_FORWARDED_FOR']) : ''; } $sender_ip = !empty($forwarded_for) ? $forwarded_for : $_SERVER['REMOTE_ADDR']; $ct_request = new CleantalkRequest(); $ct_request->auth_key = $ct_key; $ct_request->sender_email = isset($arEntity['sender_email']) ? $arEntity['sender_email'] : ''; $ct_request->sender_nickname = isset($arEntity['sender_nickname']) ? $arEntity['sender_nickname'] : ''; $ct_request->sender_ip = isset($arEntity['sender_ip']) ? $arEntity['sender_ip'] : $sender_ip; $ct_request->agent = 'magento-121'; $ct_request->js_on = $checkjs; $ct_request->sender_info = $sender_info; $ct_submit_time = NULL; if (isset($_SESSION['ct_submit_time'])) { $ct_submit_time = time() - $_SESSION['ct_submit_time']; } switch ($type) { case 'comment': $timelabels_key = 'mail_error_comment'; $ct_request->submit_time = $ct_submit_time; $message_title = isset($arEntity['message_title']) ? $arEntity['message_title'] : ''; $message_body = isset($arEntity['message_body']) ? $arEntity['message_body'] : ''; $ct_request->message = $message_title . " \n\n" . $message_body; $example = ''; $a_example['title'] = isset($arEntity['example_title']) ? $arEntity['example_title'] : ''; $a_example['body'] = isset($arEntity['example_body']) ? $arEntity['example_body'] : ''; $a_example['comments'] = isset($arEntity['example_comments']) ? $arEntity['example_comments'] : ''; // Additional info. $post_info = ''; $a_post_info['comment_type'] = 'comment'; // JSON format. $example = json_encode($a_example); $post_info = json_encode($a_post_info); // Plain text format. if ($example === FALSE) { $example = ''; $example .= $a_example['title'] . " \n\n"; $example .= $a_example['body'] . " \n\n"; $example .= $a_example['comments']; } if ($post_info === FALSE) { $post_info = ''; } // Example text + last N comments in json or plain text format. $ct_request->example = $example; $ct_request->post_info = $post_info; $ct_result = $ct->isAllowMessage($ct_request); break; case 'register': $timelabels_key = 'mail_error_reg'; $ct_request->submit_time = $ct_submit_time; $ct_request->tz = isset($arEntity['user_timezone']) ? $arEntity['user_timezone'] : NULL; $ct_result = $ct->isAllowUser($ct_request); } $ret_val = array(); $ret_val['ct_request_id'] = $ct_result->id; if ($ct->server_change) { self::SetWorkServer($ct->work_url, $ct->server_url, $ct->server_ttl, time()); } // First check errstr flag. if (!empty($ct_result->errstr) || !empty($ct_result->inactive) && $ct_result->inactive == 1) { // Cleantalk error so we go default way (no action at all). $ret_val['errno'] = 1; $err_title = $_SERVER['SERVER_NAME'] . ' - CleanTalk module error'; if (!empty($ct_result->errstr)) { if (preg_match('//u', $ct_result->errstr)) { $err_str = preg_replace('/^[^\\*]*?\\*\\*\\*|\\*\\*\\*[^\\*]*?$/iu', '', $ct_result->errstr); } else { $err_str = preg_replace('/^[^\\*]*?\\*\\*\\*|\\*\\*\\*[^\\*]*?$/i', '', $ct_result->errstr); } } else { if (preg_match('//u', $ct_result->comment)) { $err_str = preg_replace('/^[^\\*]*?\\*\\*\\*|\\*\\*\\*[^\\*]*?$/iu', '', $ct_result->comment); } else { $err_str = preg_replace('/^[^\\*]*?\\*\\*\\*|\\*\\*\\*[^\\*]*?$/i', '', $ct_result->comment); } } $ret_val['errstr'] = $err_str; $timedata = FALSE; $send_flag = FALSE; $insert_flag = FALSE; try { $timelabels = Mage::getModel('antispam/timelabels'); $timelabels->load('mail_error'); $time = $timelabels->getData(); if (!$time || empty($time)) { $send_flag = TRUE; $insert_flag = TRUE; } elseif (time() - 900 > $time['ct_value']) { // 15 minutes $send_flag = TRUE; $insert_flag = FALSE; } } catch (Exception $e) { $send_flag = FALSE; Mage::log('Cannot operate with "cleantalk_timelabels" table.'); } if ($send_flag) { Mage::log($err_str); if (!$insert_flag) { $timelabels->setData('ct_key', 'mail_error'); } $timelabels->setData('ct_value', time()); $timelabels->save(); $general_email = Mage::getStoreConfig('trans_email/ident_general/email'); $mail = Mage::getModel('core/email'); $mail->setToEmail($general_email); $mail->setFromEmail($general_email); $mail->setSubject($err_title); $mail->setBody($_SERVER['SERVER_NAME'] . "\n\n" . $err_str); $mail->setType('text'); try { $mail->send(); } catch (Exception $e) { Mage::log('Cannot send CleanTalk module error message to ' . $general_email); } } return $ret_val; } $ret_val['errno'] = 0; if ($ct_result->allow == 1) { // Not spammer. $ret_val['allow'] = 1; } else { $ret_val['allow'] = 0; $ret_val['ct_result_comment'] = $ct_result->comment; // Spammer. // Check stop_queue flag. if ($type == 'comment' && $ct_result->stop_queue == 0) { // Spammer and stop_queue == 0 - to manual approvement. $ret_val['stop_queue'] = 0; } else { // New user or Spammer and stop_queue == 1 - display message and exit. $ret_val['stop_queue'] = 1; } } return $ret_val; }
/** * Universal method for checking comment or new user for spam * It makes checking itself * Use it in your modules * You must call it from OnBefore* events * @param &array Entity to check (comment or new user) * @param boolean Notify admin about errors by email or not (default FALSE) * @return array|null Checking result or NULL when bad params */ static function CheckAllBefore(&$arEntity, $bSendEmail = FALSE) { global $DB; if (!is_array($arEntity) || !array_key_exists('type', $arEntity)) { CEventLog::Add(array('SEVERITY' => 'SECURITY', 'AUDIT_TYPE_ID' => 'CLEANTALK_E_INTERNAL', 'MODULE_ID' => 'cleantalk.antispam', 'DESCRIPTION' => GetMessage('CLEANTALK_E_PARAM'))); return; } $type = $arEntity['type']; if ($type != 'comment' && $type != 'register') { CEventLog::Add(array('SEVERITY' => 'SECURITY', 'AUDIT_TYPE_ID' => 'CLEANTALK_E_INTERNAL', 'MODULE_ID' => 'cleantalk.antispam', 'DESCRIPTION' => GetMessage('CLEANTALK_E_TYPE'))); return; } require_once dirname(__FILE__) . '/classes/general/cleantalk.class.php'; $ct_key = COption::GetOptionString('cleantalk.antispam', 'key', '0'); $ct_ws = self::GetWorkServer(); $ct_submit_time = NULL; if (isset($_SESSION['ct_submit_time'])) { $ct_submit_time = time() - $_SESSION['ct_submit_time']; } if (!isset($_COOKIE['ct_checkjs'])) { $checkjs = NULL; } elseif (in_array($_COOKIE['ct_checkjs'], self::GetCheckJSValues())) { $checkjs = 1; } else { $checkjs = 0; } if (isset($_SERVER['HTTP_USER_AGENT'])) { $user_agent = htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']); } else { $user_agent = NULL; } if (isset($_SERVER['HTTP_REFERER'])) { $refferrer = htmlspecialchars((string) $_SERVER['HTTP_REFERER']); } else { $refferrer = NULL; } $sender_info = array('cms_lang' => 'ru', 'REFFERRER' => $refferrer, 'post_url' => $refferrer, 'USER_AGENT' => $user_agent); $sender_info = json_encode($sender_info); $ct = new Cleantalk(); $ct->work_url = $ct_ws['work_url']; $ct->server_url = $ct_ws['server_url']; $ct->server_ttl = $ct_ws['server_ttl']; $ct->server_changed = $ct_ws['server_changed']; if (defined('BX_UTF')) { $logicalEncoding = "utf-8"; } elseif (defined("SITE_CHARSET") && strlen(SITE_CHARSET) > 0) { $logicalEncoding = SITE_CHARSET; } elseif (defined("LANG_CHARSET") && strlen(LANG_CHARSET) > 0) { $logicalEncoding = LANG_CHARSET; } elseif (defined("BX_DEFAULT_CHARSET")) { $logicalEncoding = BX_DEFAULT_CHARSET; } else { $logicalEncoding = "windows-1251"; } $logicalEncoding = strtolower($logicalEncoding); $ct->data_codepage = $logicalEncoding == 'utf-8' ? NULL : $logicalEncoding; $ct_request = new CleantalkRequest(); $ct_request->auth_key = $ct_key; $ct_request->sender_email = isset($arEntity['sender_email']) ? $arEntity['sender_email'] : ''; $ct_request->sender_nickname = isset($arEntity['sender_nickname']) ? $arEntity['sender_nickname'] : ''; $ct_request->sender_ip = $ct->ct_session_ip($_SERVER['REMOTE_ADDR']); $ct_request->agent = 'bitrix-370'; $ct_request->response_lang = 'ru'; $ct_request->js_on = $checkjs; $ct_request->sender_info = $sender_info; switch ($type) { case 'comment': $timelabels_key = 'mail_error_comment'; $ct_request->submit_time = $ct_submit_time; $ct_request->message = isset($arEntity['message_title']) ? $arEntity['message_title'] : ''; $ct_request->message .= "\n\n"; $ct_request->message .= isset($arEntity['message_body']) ? $arEntity['message_body'] : ''; $ct_request->example = isset($arEntity['example_title']) ? $arEntity['example_title'] : ''; $ct_request->example .= empty($ct_request->example) ? '' : "\n\n"; $ct_request->example .= isset($arEntity['example_body']) ? $arEntity['example_body'] : ''; $ct_request->example .= empty($ct_request->example) ? '' : "\n\n"; $ct_request->example .= isset($arEntity['example_comments']) ? $arEntity['example_comments'] : ''; if (empty($ct_request->example)) { $ct_request->example = NULL; } $a_post_info['comment_type'] = 'comment'; $post_info = json_encode($a_post_info); if ($post_info === FALSE) { $post_info = ''; } $ct_request->post_info = $post_info; $ct_result = $ct->isAllowMessage($ct_request); break; case 'register': $timelabels_key = 'mail_error_reg'; $ct_request->submit_time = $ct_submit_time; $ct_request->tz = isset($arEntity['user_timezone']) ? $arEntity['user_timezone'] : NULL; $ct_result = $ct->isAllowUser($ct_request); } $ret_val = array(); $ret_val['ct_request_id'] = $ct_result->id; if ($ct->server_change) { self::SetWorkServer($ct->work_url, $ct->server_url, $ct->server_ttl, time()); } // First check errstr flag. if (!empty($ct_result->errstr) || !empty($ct_result->inactive) && $ct_result->inactive == 1) { // Cleantalk error so we go default way (no action at all). $ret_val['errno'] = 1; // Just inform admin. $err_title = 'CleanTalk module error'; if (!empty($ct_result->errstr)) { if (preg_match('//u', $ct_result->errstr)) { $err_str = preg_replace('/^[^\\*]*?\\*\\*\\*|\\*\\*\\*[^\\*]*?$/iu', '', $ct_result->errstr); } else { $err_str = preg_replace('/^[^\\*]*?\\*\\*\\*|\\*\\*\\*[^\\*]*?$/i', '', $ct_result->errstr); } } else { if (preg_match('//u', $ct_result->comment)) { $err_str = preg_replace('/^[^\\*]*?\\*\\*\\*|\\*\\*\\*[^\\*]*?$/iu', '', $ct_result->comment); } else { $err_str = preg_replace('/^[^\\*]*?\\*\\*\\*|\\*\\*\\*[^\\*]*?$/i', '', $ct_result->comment); } } $ret_val['errstr'] = $err_str; CEventLog::Add(array('SEVERITY' => 'SECURITY', 'AUDIT_TYPE_ID' => 'CLEANTALK_E_SERVER', 'MODULE_ID' => 'cleantalk.antispam', 'DESCRIPTION' => $err_str)); if ($bSendEmail) { $send_flag = FALSE; $insert_flag = FALSE; $time = $DB->Query('SELECT ct_value FROM cleantalk_timelabels WHERE ct_key=\'' . $timelabels_key . '\'')->Fetch(); if ($time === FALSE) { $send_flag = TRUE; $insert_flag = TRUE; } elseif (time() - 900 > $time['ct_value']) { // 15 minutes $send_flag = TRUE; $insert_flag = FALSE; } if ($send_flag) { if ($insert_flag) { $arInsert = $DB->PrepareInsert('cleantalk_timelabels', array('ct_key' => $timelabels_key, 'ct_value' => time())); $strSql = 'INSERT INTO cleantalk_timelabels(' . $arInsert[0] . ') VALUES (' . $arInsert[1] . ')'; } else { $strUpdate = $DB->PrepareUpdate('cleantalk_timelabels', array('ct_value' => time())); $strSql = 'UPDATE cleantalk_timelabels SET ' . $strUpdate . ' WHERE ct_key = \'' . $timelabels_key . '\''; } $DB->Query($strSql); bxmail(COption::GetOptionString("main", "email_from"), $err_title, $err_str); } } return $ret_val; } $ret_val['errno'] = 0; if ($ct_result->allow == 1) { // Not spammer. $ret_val['allow'] = 1; $GLOBALS['ct_request_id'] = $ct_result->id; } else { $ret_val['allow'] = 0; $ret_val['ct_result_comment'] = $ct_result->comment; // Spammer. // Check stop_queue flag. if ($type == 'comment' && $ct_result->stop_queue == 0) { // Spammer and stop_queue == 0 - to manual approvement. $ret_val['stop_queue'] = 0; $GLOBALS['ct_request_id'] = $ct_result->id; $GLOBALS['ct_result_comment'] = $ct_result->comment; } else { // New user or Spammer and stop_queue == 1 - display message and exit. $ret_val['stop_queue'] = 1; } } return $ret_val; }
function ct_user_register_ajaxlogin($user_id) { require_once CLEANTALK_PLUGIN_DIR . 'inc/cleantalk-public.php'; global $ct_agent_version, $ct_checkjs_register_form, $ct_session_request_id_label, $ct_session_register_ok_label, $bp, $ct_signup_done, $ct_formtime_label, $ct_negative_comment, $ct_options, $ct_data; $ct_options = ct_get_options(); $ct_data = ct_get_data(); if (class_exists('AjaxLogin') && isset($_POST['action']) && $_POST['action'] == 'register_submit') { $checkjs = js_test('ct_checkjs', $_COOKIE, true); $submit_time = submit_time_test(); $sender_info = get_sender_info(); $sender_info['post_checkjs_passed'] = $checkjs; if ($checkjs === null) { $checkjs = js_test('ct_checkjs', $_COOKIE, true); $sender_info['cookie_checkjs_passed'] = $checkjs; } $sender_info = json_encode($sender_info); if ($sender_info === false) { $sender_info = ''; } require_once 'cleantalk.class.php'; $config = get_option('cleantalk_server'); $ct = new Cleantalk(); $ct->work_url = $config['ct_work_url']; $ct->server_url = $ct_options['server']; $ct->server_ttl = $config['ct_server_ttl']; $ct->server_changed = $config['ct_server_changed']; $ct->ssl_on = $ct_options['ssl_on']; $ct_request = new CleantalkRequest(); $ct_request->auth_key = $ct_options['apikey']; $ct_request->sender_email = sanitize_email($_POST['email']); $ct_request->sender_ip = $ct->ct_session_ip($_SERVER['REMOTE_ADDR']); $ct_request->sender_nickname = sanitize_email($_POST['login']); $ct_request->agent = $ct_agent_version; $ct_request->sender_info = $sender_info; $ct_request->js_on = $checkjs; $ct_request->submit_time = $submit_time; $ct_result = $ct->isAllowUser($ct_request); if ($ct->server_change) { update_option('cleantalk_server', array('ct_work_url' => $ct->work_url, 'ct_server_ttl' => $ct->server_ttl, 'ct_server_changed' => time())); } if ($ct_result->allow === 0) { wp_delete_user($user_id); } } return $user_id; }
function ct_cs_registration_validation() { require_once CLEANTALK_PLUGIN_DIR . 'cleantalk-public.php'; global $ct_agent_version, $ct_checkjs_register_form, $ct_session_request_id_label, $ct_session_register_ok_label, $bp, $ct_signup_done, $ct_formtime_label, $ct_negative_comment, $ct_options, $ct_data; $ct_data = ct_get_data(); $ct_options = ct_get_options(); $sender_email = null; $message = ''; ct_get_fields($sender_email, $message, $_POST); if ($sender_email != null) { $checkjs = js_test('ct_checkjs', $_COOKIE, true); $submit_time = submit_time_test(); $sender_info = get_sender_info(); $sender_info['post_checkjs_passed'] = $checkjs; $sender_info = json_encode($sender_info); if ($sender_info === false) { $sender_info = ''; } if (isset($_POST['user_login'])) { $nickname = $_POST['user_login']; } else { $nickname = ''; } require_once 'cleantalk.class.php'; $config = get_option('cleantalk_server'); $ct = new Cleantalk(); $ct->work_url = $config['ct_work_url']; $ct->server_url = $ct_options['server']; $ct->server_ttl = $config['ct_server_ttl']; $ct->server_changed = $config['ct_server_changed']; $ct->ssl_on = $ct_options['ssl_on']; $ct_request = new CleantalkRequest(); $ct_request->auth_key = $ct_options['apikey']; $ct_request->sender_email = $sender_email; $ct_request->sender_ip = $_SERVER['REMOTE_ADDR']; $ct_request->sender_nickname = $nickname; $ct_request->agent = $ct_agent_version; $ct_request->sender_info = $sender_info; $ct_request->js_on = $checkjs; $ct_request->submit_time = $submit_time; $ct_result = $ct->isAllowUser($ct_request); if ($ct_result->allow == 0) { $result = array("type" => "error", "message" => $ct_result->comment); print json_encode($result); die; } } }
/** * Account spam test * @return bool */ public static function onAbortNewAccount($user, &$message) { global $wgCTAccessKey, $wgCTServerURL, $wgRequest, $wgCTAgent, $wgCTExtName; $allowAccount = true; // The facility in which to store the query parameters $ctRequest = new CleantalkRequest(); $ctRequest->auth_key = $wgCTAccessKey; $ctRequest->sender_email = $user->mEmail; $ctRequest->sender_nickname = $user->mName; $ctRequest->agent = $wgCTAgent; $ctRequest->sender_ip = $wgRequest->getIP(); $ctRequest->js_on = CTBody::JSTest(); $ctRequest->submit_time = CTBody::SubmitTimeTest(); $ctRequest->sender_info = json_encode(array('page_url' => htmlspecialchars(@$_SERVER['SERVER_NAME'] . @$_SERVER['REQUEST_URI']))); $ct = new Cleantalk(); $ct->server_url = $wgCTServerURL; // Check $ctResult = $ct->isAllowUser($ctRequest); // Allow account if we have any API errors if ($ctResult->errno != 0) { if (CTBody::JSTest() != 1) { $ctResult->allow = 0; $ctResult->comment = "Forbidden. Please, enable Javascript."; } else { $ctResult->allow = 1; } } // Disallow account with CleanTalk comment if ($ctResult->allow == 0) { $allowAccount = false; $message = $ctResult->comment; } if ($ctResult->inactive === 1) { CTBody::SendAdminEmail($wgCTExtName, $ctResult->comment); } return $allowAccount; }
/** * [ActiveRecord] Save Changed Columns * * @return void * @note We have to be careful when upgrading in case we are coming from an older version */ public function save() { $new = $this->_new; $enabled = \IPS\Settings::i()->plugin_enabled; $access_key = \IPS\Settings::i()->access_key; if ($enabled == 1 && $new) { require_once dirname($_SERVER['SCRIPT_FILENAME']) . "/uploads/cleantalk.class.php"; require_once dirname($_SERVER['SCRIPT_FILENAME']) . "/uploads/JSON.php"; session_name('cleantalksession'); if (!isset($_SESSION)) { session_start(); } if (array_key_exists('formtime', $_SESSION)) { $submit_time = time() - (int) $_SESSION['formtime']; } else { $submit_time = NULL; } $_SESSION['formtime'] = time(); $post_info = ''; $lang = \IPS\Lang::getEnabledLanguages(); $locale = $lang[\IPS\Lang::defaultLanguage()]->short; if (function_exists('json_encode')) { $arr = array('cms_lang' => $locale, 'REFFERRER' => $_SERVER['HTTP_REFERER'], 'USER_AGENT' => $_SERVER['HTTP_USER_AGENT']); $post_info = json_encode($arr); } if ($post_info === FALSE) { $post_info = ''; } $ct_url = 'http://moderate.cleantalk.ru'; $config_work_url = $ct_url; $config_ttl = 43200; $config_changed = 1349162987; $config_key = $access_key; $ct = new \Cleantalk(); $ct->work_url = $config_work_url; $ct->server_url = $ct_url; $ct->server_ttl = $config_ttl; $ct->server_changed = $config_changed; $sender_email = filter_var($_POST['email_address'], FILTER_SANITIZE_EMAIL); $sender_ip = $ct->ct_session_ip($_SERVER['REMOTE_ADDR']); $ct_request = new \CleantalkRequest(); $ct_request->auth_key = $config_key; $ct_request->sender_nickname = $_POST['username']; $ct_request->sender_ip = $sender_ip; $ct_request->sender_email = $sender_email; $ct_request->sender_info = $post_info; $ct_request->agent = 'ipboard4-18'; //$ct_request->js_on = $_COOKIE['ct_checkjs'] == md5(\IPS\Settings::i()->access_key . '+' . \IPS\Settings::i()->email_in) ? 1 : 0; $ct_request->js_on = in_array($_COOKIE['ct_checkjs'], self::getCheckJSArray()) ? 1 : 0; $ct_request->submit_time = $submit_time; $ct_result = $ct->isAllowUser($ct_request); if (isset($ct_result->errno) && $ct_result->errno > 0) { //sendErrorMessage("CleanTalk has some problems, errno is ".$ct_result->errno.", errstr is '".$ct_result->errstr."'") } if ($ct_result->allow == 1) { // Not spammer. call_user_func_array('parent::save', func_get_args()); } else { // Spammer - display message and exit. if (\IPS\Request::i()->isAjax()) { $err_str = '<span style="color:#ab1f39;">' . $ct_result->comment . '</span><script>setTimeout("history.back()", 5000);</script>'; print $err_str; } else { \IPS\Output::i()->sidebar['enabled'] = FALSE; \IPS\Output::i()->sendOutput(\IPS\Theme::i()->getTemplate('global', 'core')->globalTemplate("Forbidden", \IPS\Theme::i()->getTemplate('global', 'core')->error("Forbidden", $ct_result->comment, 1, ""), array('app' => \IPS\Dispatcher::i()->application ? \IPS\Dispatcher::i()->application->directory : NULL, 'module' => \IPS\Dispatcher::i()->module ? \IPS\Dispatcher::i()->module->key : NULL, 'controller' => \IPS\Dispatcher::i()->controller)), 200, 'text/html', array(), FALSE, FALSE); } die; } } return call_user_func_array('parent::save', func_get_args()); }