This week only. Pastebin PRO Accounts Christmas Special! Don't miss out!Want more features on Pastebin? Sign Up, it's FREE!
Guest

stop-spammer-registrations.php wordpress plugin fix

By: rcain on Nov 16th, 2012  |  syntax: PHP  |  size: 77.46 KB  |  views: 183  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. <?PHP
  2. /*
  3. Plugin Name: Stop Spammer Registrations Plugin
  4. Plugin URI: http://www.BlogsEye.com/
  5. Description: The Stop Spammer Registrations Plugin checks against Spam Databases to to prevent spammers from registering or making comments.
  6. Version: 4.0
  7. Author: Keith P. Graham
  8. Author URI: http://www.BlogsEye.com/
  9.  
  10. This software is distributed in the hope that it will be useful,
  11. but WITHOUT ANY WARRANTY; without even the implied warranty of
  12. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  13. */
  14.  
  15. //mod jrc 171112 - fix to enable 'prevent user registration' in buddypress - see mod marks below - lines 57-60, 100-103 - based on V4.1 beta
  16.  
  17. /************************************************************
  18. *       Set the hooks and filters
  19. *       Primary hook is is_email()
  20. *       other hooks:  pre_user_email, user_registration_email
  21. *       The theory being I'll catch somebody on one of them.
  22. *       each hook has to remove the other hooks to prevent multiple entries into the code
  23. *
  24. *************************************************************/
  25. // try to make this work with bbpress
  26. if (function_exists('bbpress')) {
  27.         add_action('bbp_loaded','kpg_load_all_checks',99); // try hooking into bbpress loaded
  28. } else {
  29.         add_action('init','kpg_load_all_checks'); // loads up normally
  30. }
  31. function kpg_load_all_checks() {
  32.         // check the Post to see if we load the checks. This is for the validattions only
  33.         if (function_exists('is_user_logged_in')) { // no available in bbpress
  34.                 if(is_user_logged_in()) {
  35.                         return;
  36.                 }
  37.         }
  38.         // get a session to set the timer
  39.         if (!session_id()) {
  40.                 session_start();
  41.         }
  42.         kpg_load_all_checks_no_post();
  43.  
  44.         if(!isset($_POST)) { // no post defined
  45.                 $_SESSION['kpg_stop_spammers_time']=time();
  46.                 return;
  47.         }
  48.         if (empty($_POST)) { // no post sent
  49.                 $_SESSION['kpg_stop_spammers_time']=time();
  50.                 return;
  51.         }
  52.         // I am using a plugin with your-email, your-name fields - might as well test them, too.
  53.         if (!array_key_exists('akismet_comment_nonce',$_POST) &&
  54.                 !array_key_exists('bbp_anonymous_email',$_POST) &&
  55.                 !array_key_exists('email',$_POST) &&
  56.                 !array_key_exists('user_email',$_POST) &&
  57. //mod jrc 171112
  58.                 !array_key_exists('signup_email',$_POST) &&
  59.                 !array_key_exists('signup_username',$_POST) && 
  60. //end mod jrc 171112           
  61.                 !array_key_exists('user_login',$_POST) &&
  62.                 !array_key_exists('author',$_POST) &&
  63.                 !array_key_exists('your-name',$_POST) &&
  64.                 !array_key_exists('your-email',$_POST) &&
  65.                 !array_key_exists('log',$_POST) &&
  66.                 !array_key_exists('psw',$_POST) &&
  67.                 !array_key_exists('user_name',$_POST)  )
  68.         {
  69.         //
  70.                 // none of the required comment or login fields
  71.                 $_SESSION['kpg_stop_spammers_time']=time();
  72.                 // since we are not int a post we can call the inits for the non-post items
  73.                 return;
  74.         }
  75.         // here we can check to see if the posted data is correct
  76.        
  77.         // get the email author and ip
  78.         $em='';
  79.         if (array_key_exists('email',$_POST)) {
  80.                 $em=$_POST['email'];
  81.         } else if (array_key_exists('user_email',$_POST)) {
  82.                 $em=$_POST['user_email'];
  83.         } else if (array_key_exists('signup_email',$_POST)) {
  84.                 $em=$_POST['signup_email'];
  85.         } else if (array_key_exists('bbp_anonymous_email',$_POST)) {
  86.                 $em=$_POST['bbp_anonymous_email'];
  87.         }
  88.         //echo "\r\n<!--\r\n step 3 \r\n-->\r\n";
  89.        
  90.         if (strpos($em,'@')===false) { // not an email, but a username (or some other crap)
  91.                 $em='';
  92.         }
  93.         // see if they have an author or username
  94.         $author='';
  95.         $bauthor='';
  96.         if (array_key_exists('author',$_POST)) {
  97.                 $author=$_POST['author'];
  98.         } else if (array_key_exists('user_name',$_POST)) {
  99.                 $author=$_POST['user_name'];
  100. //mod jrc 171112               
  101.         } else if (array_key_exists('signup_username',$_POST)) {
  102.                 $author=$_POST['signup_username'];
  103. //end mod jrc 171112           
  104.         } else if (array_key_exists('your_name',$_POST)) {
  105.                 $author=$_POST['your_name'];
  106.         } else if (array_key_exists('user_login',$_POST)) {
  107.                 $author=$_POST['user_login'];
  108.         } else if (array_key_exists('log',$_POST)) {
  109.                 $author=$_POST['log'];
  110.                 if (array_key_exists('pwd',$_POST)) {
  111.                         $bauthor=$author.'/'.$_POST['pwd'];
  112.                 }
  113.         }
  114.         //echo "\r\n<!--\r\n step 4 \r\n-->\r\n";
  115.         // get the ip
  116.         $ip=$_SERVER['REMOTE_ADDR'];
  117.         $ip=check_forwarded_ip($ip);
  118.        
  119.         //  this is called once in "init" no need to call it ever again
  120.         sfs_errorsonoff();
  121.     $ansa=kpg_sfs_check($em,$author,$ip,$bauthor);
  122.         sfs_errorsonoff('off');
  123.         $_SESSION['kpg_stop_spammers_time']=time();
  124.        
  125.         return;
  126. }
  127. function kpg_load_all_checks_no_post() {
  128.         add_action( 'template_redirect', 'kpg_sfs_check_404s' ); // check if bogus search for wp-login
  129.         // optional checks
  130.         $options=kpg_sp_get_options();
  131.         if (array_key_exists('chkwpmail',$options)&&$options['chkwpmail']=='Y'){
  132.                 add_filter('wp_mail','kpg_sfs_reg_check_send_mail');
  133.         }
  134.         if (array_key_exists('redherring',$options)&&$options['redherring']=='Y') {
  135.                 add_action('comment_form_before','kpg_sfs_red_herring_comment'); // moved to comment form before
  136.                 add_filter('login_message','kpg_sfs_red_herring_login');       
  137.                 add_filter('before_signup_form','kpg_sfs_red_herring_signup');
  138.         }
  139.         if (array_key_exists('chkjscript',$options)&&$options['chkjscript']=='Y') {
  140.                 add_action('comment_form_before_fields','kpg_sfs_javascript');
  141.         }
  142.         return;
  143. }
  144.  
  145.  
  146. function load_sfs_mu() {
  147. // check to see if this is an MU installation
  148.         if (function_exists('is_multisite') && is_multisite() && !function_exists('kpg_ssp_global_setup')) {
  149.                 // install the global hooks to globalize the options
  150.                 $muswitch='Y';
  151.                 global $blog_id;
  152.                 // check blog 1 for the main copy of options
  153.                 switch_to_blog(1);
  154.                 $ansa=get_option('kpg_stop_sp_reg_options');
  155.                 restore_current_blog();
  156.                 if (empty($ansa)) $ansa=array();
  157.                 if (!is_array($ansa)) $ansa=array();
  158.                 if (array_key_exists('muswitch',$ansa)) $muswitch=$ansa['muswitch'];
  159.                 if ($muswitch!='N') $muswitch='Y';
  160.                 if ($muswitch=='Y') { // if it is true then the global options need to be installed.
  161.                         load_sfs_mu_options_file();
  162.                         kpg_ssp_global_setup();
  163.                 }
  164.         }
  165. }
  166. function load_sfs_mu_options_file() {
  167.         sfs_errorsonoff();
  168.         include_once('includes/sfr-mu-options.php');
  169.         sfs_errorsonoff('off');
  170. }
  171. /************************************************************
  172. *
  173. * show a bogus form. If the form is hit then this is a spammer
  174. *
  175. *************************************************************/
  176. function kpg_sfs_red_herring_comment($query) {
  177.         remove_action('comment_form_before','kpg_sfs_red_herring_comment');
  178.     if (is_feed()) return $query;
  179.         $sname=kpg_sfs_get_SCRIPT_URI();
  180.         if (empty($sname)) return;
  181.         if (strpos($sname,'/feed')) return $query;
  182.    $rhnonce=wp_create_nonce('kpgstopspam_redherring');
  183. ?>
  184. <div style="position:absolute;width:1px;height:1px;left:-1000px;top:-1000px;overflow:hidden;display:none;">
  185. <br/>
  186. <br/>
  187. <br/>
  188. <form action="<?php echo site_url( '/wp-comments-post.php' ); ?>" method="post" id="commentform">
  189. <p><input name="author" id="author" value="" size="22"  aria-required="true" type="text">
  190. <label for="author"><small>Name (required)</small></label></p>
  191.  
  192. <p><input name="email" id="email" value="" size="22"  aria-required="true" type="text">
  193. <label for="email"><small>Mail (will not be published) (required)</small></label></p>
  194.  
  195. <p><input name="url" id="url" value="" size="22" type="text">
  196. <label for="url"><small>Website</small></label></p>
  197. <p><textarea name="comment" id="comment" cols="58" rows="10" ></textarea></p>
  198. <p><input name="submit" id="submit" value="Submit Comment" type="submit">
  199. <input name="comment_post_ID" value="<?php echo get_the_ID();?>" id="comment_post_ID" type="hidden">
  200. <input name="comment_parent" id="comment_parent" value="0" type="hidden">
  201. </p>
  202. <p style="display: none;"><input id="akismet_comment_nonce" name="akismet_comment_nonce" value="<?php echo $rhnonce;?>" type="hidden"></p>
  203. </form>
  204. </div>
  205. <?php
  206.         return $query;
  207. }
  208.  
  209.  
  210. /************************************************************
  211. *
  212. * show a bogus form. If the form is hit then this is a spammer
  213. *
  214. *************************************************************/
  215. function kpg_sfs_red_herring_signup() {
  216.         remove_filter('before_signup_form','kpg_sfs_red_herring_signup');        
  217.         $rhnonce=wp_create_nonce('kpgstopspam_redherring');
  218.         // put a bugus signup form with the akismet nonce - maybe doesn't work but it might
  219.         $errors = new WP_Error();
  220. ?>
  221. <div style="position:absolute;width:1px;height:1px;left:-1000px;top:-1000px;overflow:hidden;">
  222. <br/>
  223. <br/>
  224. <br/>
  225. <form id="setupform" method="post" action="wp-signup.php">
  226.  
  227.                 <input type="hidden" name="stage" value="validate-user-signup" />
  228.                 <?php do_action( 'signup_hidden_fields' ); ?>
  229. <p style="display: none;"><input id="akismet_comment_nonce" name="akismet_comment_nonce" value="<?php echo $rhnonce;?>" type="hidden"></p>             
  230.                 <?php show_user_form('', '', $errors); ?>
  231.                 <p>
  232.                                         <input id="signupblog" type="radio" name="signup_for" value="blog"  checked='checked' />
  233.                         <label class="checkbox" for="signupblog">Gimme a site!</label>
  234.                         <br />
  235.                         <input id="signupuser" type="radio" name="signup_for" value="user"  />
  236.                         <label class="checkbox" for="signupuser">Just a username, please.</label>
  237.                                 </p>
  238.  
  239.                 <p class="submit"><input type="submit" name="submit" class="submit" value="Next" /></p>
  240. </form>
  241. </div>
  242.  
  243. <?php
  244.         return;
  245. } // end if red herring signup
  246. /************************************************************
  247. *
  248. * add javascript to a form to fill a hidden field onsubmit
  249. *
  250. *************************************************************/
  251. function kpg_sfs_javascript() {
  252.         //echo "\r\n\r\n<!-- Made it to comment_form_before_fields -->\r\n\r\n";
  253.         remove_filter('comment_form_before_fields','kpg_sfs_javascript');        
  254.         $jsnonce=wp_create_nonce('kpgstopspam_javascript');
  255.         $badjsnonce=wp_create_nonce('kpgstopspam_javascript_bad');
  256. // place some javascript on the page so that only humans using javascript use it
  257. ?>
  258. <p style="display: none;">
  259. <input id="kpg_jscript" name="kpg_jscript" value="<?php echo $badjsnonce;?>" type="hidden">
  260. </p>
  261. <script type="text/javascript" >
  262.         var kpg_jscript_id=document.getElementById('kpg_jscript');
  263.         kpg_jscript_id.value='<?php echo $jsnonce;?>';
  264. </script>
  265. <?php
  266.  
  267. }
  268. /************************************************************
  269. *
  270. * show a bogus form. If the form is hit then this is a spammer
  271. *
  272. *************************************************************/
  273. function kpg_sfs_red_herring_login($message) {
  274.         remove_filter('login_message','kpg_sfs_red_herring_login');    
  275.    $rhnonce=wp_create_nonce('kpgstopspam_redherring');
  276. ?>
  277. <div style="position:absolute;width:1px;height:1px;left:-1000px;top:-1000px;overflow:hidden;">
  278. <br/>
  279. <br/>
  280. <br/>
  281.  
  282.  
  283. <form name="loginform" id="loginform" action="<?php echo esc_url( site_url( 'wp-login.php', 'login_post' ) ); ?>?redir=<?php echo $rhnonce; ?>" method="post">
  284.         <p>
  285.                 <label for="user_login">User Name<br />
  286.                 <input type="text" name="log"  value="" size="20"  /></label>
  287.         </p>
  288.         <p>
  289.                 <label for="user_pass">Password<br />
  290.                 <input type="password" name="pwd"  value="" size="20"  /></label>
  291.         </p>
  292. <?php do_action('login_form'); ?>
  293.         <p class="forgetmenot"><label for="rememberme"><input name="rememberme" type="checkbox" checked="checked"  value="<?php echo $rhnonce; ?>"  />Remember Me</label></p>
  294.         <p class="submit">
  295.                 <input type="submit" name="wp-submit"  value="Log In"  />
  296.                 <input type="hidden" name="testcookie" value="1" />
  297.         </p>
  298.         <input id="akismet_comment_nonce" name="akismet_comment_nonce" value="<?php echo $rhnonce;?>" type="hidden">
  299. </form>
  300.  
  301.  
  302.  
  303. </div>
  304. <?php
  305.         return $message;
  306. }
  307.  
  308.  
  309. /************************************************************
  310. *       kpg_sfs_reg_check_send_mail()
  311. *       Hooked from wp_mail
  312. *       this returns the params
  313. *************************************************************/
  314. function kpg_sfs_reg_check_send_mail($stuff) {
  315.         if(is_user_logged_in()) {
  316.                 return $stuff;
  317.         }
  318.         $email='';
  319.         $header=array();
  320.         if (is_array($stuff)&&array_key_exists('header',$stuff)) $header=$stuff['header'];
  321.         if (is_array($header)&&array_key_exists('from',$stuff)) $email=$stuff['from'];
  322.         $from_name='';
  323.         $from_email=$email;
  324.         if ( strpos($email, '<' ) !== false ) {
  325.                 $from_name = substr( $email, 0, strpos( $email, '<' ) - 1 );
  326.                 $from_name = str_replace( '"', '', $from_name );
  327.                 $from_name = trim( $from_name );
  328.                 $from_email = substr( $email, strpos( $email, '<' ) + 1 );
  329.                 $from_email = str_replace( '>', '', $from_email );
  330.                 $from_email = trim( $from_email );
  331.         }
  332.         // get the ip
  333.         $ip=$_SERVER['REMOTE_ADDR'];
  334.         $ip=check_forwarded_ip($ip);
  335.         // now call the generic checker
  336.         sfs_errorsonoff();
  337.     kpg_sfs_check($from_email,$from_name,$ip);
  338.         sfs_errorsonoff('off');
  339.         return $stuff;
  340.  
  341. }
  342. function kpg_sfs_get_SCRIPT_URI() {
  343.         $sname='';
  344.         if (array_key_exists("SCRIPT_URI",$_SERVER)) {
  345.                 $sname=$_SERVER["SCRIPT_URI"]; 
  346.         }
  347.         if (empty($sname)) {
  348.                 $sname=$_SERVER["REQUEST_URI"];
  349.         }
  350.         return $sname;
  351.  
  352. }
  353. /************************************************************
  354. *       kpg_sfs_check_404s()
  355. *      
  356. *       If there is a 404 error on wp-login it is a spammer
  357. *   This just caches badips for spiders trolling for a login
  358. *************************************************************/
  359. function kpg_sfs_check_404s() {
  360.         sfs_errorsonoff();
  361.     kpg_sfs_check_404();
  362.         sfs_errorsonoff('off');
  363.     return;
  364. }
  365. function kpg_sfs_check_404() {
  366.         // fix request_uri on IIS
  367.         if (!isset($_SERVER['REQUEST_URI'])) {
  368.                 $_SERVER['REQUEST_URI'] = substr($_SERVER['PHP_SELF'],1 );
  369.                 if (isset($_SERVER['QUERY_STRING'])) {
  370.                         $_SERVER['REQUEST_URI'].='?'.$_SERVER['QUERY_STRING'];
  371.                 }
  372.         }      
  373.         if (!array_key_exists('SCRIPT_URI',$_SERVER)) {
  374.                 $sname=$_SERVER["REQUEST_URI"];
  375.                 if (strpos($sname,'?')!==false) $sname=substr($sname,0,strpos($sname,'?'));
  376.                 $_SERVER['SCRIPT_URI']=$sname;
  377.         }
  378.         if (!is_404()) return;
  379.         remove_action('template_redirect', 'kpg_sfs_check_404s');
  380.         $plink = $_SERVER['REQUEST_URI'];
  381.         if (strpos($plink,'?')!==false)  $plink=substr($plink,0,strpos($plink,'?'));
  382.         if (strpos($plink,'#')!==false)  $plink=substr($plink,0,strpos($plink,'#'));
  383.         $plink=basename($plink);
  384.         if (strpos($plink."\t","wp-signup.php\t")===false
  385.                 && strpos($plink."\t","wp-register.php\t")===false // where is this?
  386.                 && strpos($plink."\t","wp-comments-post.php\t")===false
  387.                 && strpos($plink."\t","xmlrpc.php\t")===false) {
  388.                         return;
  389.         }
  390.  
  391.        
  392.         // check to see if we should even be here
  393.         $options=kpg_sp_get_options();
  394.         if (!array_key_exists('chkwplogin',$options) || $options['chkwplogin']!='Y') return;   
  395.        
  396.         $ip=$_SERVER['REMOTE_ADDR'];
  397.         $ip=check_forwarded_ip($ip);
  398.     // check the white lists to prevent accidental blockage
  399.         $wlist=$options['wlist'];
  400.         if ((kpg_sp_searchi($ip,$wlist))) {
  401.                 return;
  402.         }
  403.        
  404.        
  405.         $stats=kpg_sp_get_stats();
  406.  
  407.         // have a bogus hit on a login or signup
  408.         // register the bad ip
  409.         $now=date('Y/m/d H:i:s',time() + ( get_option( 'gmt_offset' ) * 3600 ));
  410.         $badips=$stats['badips'];
  411.         if (!empty($ip)) $badips[$ip]=$now;
  412.         asort($badips);
  413.         $stats['badips']=$badips;
  414.         // put into the history list
  415.         $blog='';
  416.         if (function_exists('is_multisite') && is_multisite()) {
  417.                 global $blog_id;
  418.                 if (!isset($blog_id)||$blog_id!=1) {
  419.                         $blog=$blog_id;
  420.                 }
  421.         }
  422.         $hist=$stats['hist'];
  423.         $hist[$now]=array($ip,'-','-',$plink,"404 on $plink, added to reject cache.",$blog);
  424.         $hist[$now][4]="404 on $plink, added to reject cache.";
  425.         $stats['hist']=$hist;
  426.     update_option('kpg_stop_sp_reg_stats',$stats);
  427.     return;
  428. }
  429.  
  430.  
  431. /************************************************************
  432. *  function kpg_sfs_check_admin()
  433. * Checks to see if the current admin can login
  434. *************************************************************/
  435. register_activation_hook( __FILE__, 'kpg_sfs_check_admin' );
  436. $sfs_check_activation=substr(md5(uniqid(rand(), true)), 16, 16);
  437. function kpg_sfs_check_admin() {
  438.         global $sfs_check_activation;
  439.         // this confirms that the the current user is able to login
  440.         // it refuses to install the plugin if the user fails spam tests
  441.         $ip=$_SERVER['REMOTE_ADDR'];
  442.         $ip=check_forwarded_ip($ip);
  443.         //echo "Checking IP address for spam conflicts<br/>";
  444.         $sfs_check_activation=substr(md5(uniqid(rand(), true)), 16, 16);
  445.         if (kpg_sfs_check($sfs_check_activation,'Activation test',$ip)===false) {
  446.                 // break the installation
  447.                 echo "<br/>Your current configuration reports that you will be denied access as a spammer.<br/>
  448.                 Do not use this plugin until you can resolve this issue.
  449.                 If you are not a spammer, please copy the information above and leave it as a comment at http://www.blogseye.com
  450.                 <br/>
  451.                 This message is from the 'stop-spammer-registrations' plugin<br/>
  452.                 ";
  453.                 die();
  454.         }
  455.         $options=kpg_sp_get_options();
  456.         kpg_sfs_reg_add_user_to_whitelist($options);
  457.  
  458. }      
  459.  
  460.  
  461. /************************************************************
  462. *       kpg_sfs_check()
  463. *       This is the generic email check so that it can be called
  464. *       from several different hooks
  465. *   returns the email if good. Dies if bad
  466. *
  467. *************************************************************/
  468. function kpg_sfs_check($email='',$author='',$ip,$bauthor='') {
  469.     global $sfs_check_activation;
  470.     $sname=$_SERVER["REQUEST_URI"];    
  471.         if (empty($sname)) {
  472.                 $sname=$_SERVER["SCRIPT_NAME"];
  473.         }
  474.         if (empty($sname)) {
  475.                 $sname=' none? ';
  476.         }
  477. // No need to verify where we are.
  478. //      if (
  479. //              strpos($sname,'index.php')!==false||
  480. //              strpos($sname,'archive.php')!==false||
  481. //              strpos($sname,'archives.php')!==false||
  482. //              strpos($sname,'links.php')!==false||
  483. //              strpos($sname,'pages.php')!==false||
  484. //              strpos($sname,'seach.php')!==false||
  485. //              strpos($sname,'single.php')!==false||
  486. //              strpos($sname,'page.php')!==false
  487. //      ) {
  488. //              return $email; // no check for the above files
  489. //      }
  490.  
  491.         $now=date('Y/m/d H:i:s',time() + ( get_option( 'gmt_offset' ) * 3600 ));
  492.         $options=kpg_sp_get_options();
  493.         extract($options);
  494.         $stats=kpg_sp_get_stats();
  495.         extract($stats);
  496.  
  497.         if ($email!=$sfs_check_activation) {
  498. // from a user who wanted to exclure some of the checking.     
  499.                 if ($chkcomments!='Y') {
  500.                         if (strpos($sname,'wp-comments-post.php')!==false) return $email;
  501.                 }
  502.                 if ($chklogin!='Y') {
  503.                         if (strpos($sname,'wp-login.php')!==false) return $email;
  504.                 }
  505.                 if ($chksignup!='Y') {
  506.                         if (strpos($sname,'wp-signup.php')!==false) return $email;
  507.                 }
  508.                 if ($chkxmlrpc!='Y') {
  509.                         if (strpos($sname,'xmlrpc.php')!==false) return $email;
  510.                 }
  511.     }
  512.        
  513.        
  514.         // clean up cache and history  
  515.         while (count($badips)>$kpg_sp_cache) array_shift($badips);
  516.         while (count($badems)>$kpg_sp_cache) array_shift($badems);
  517.         while (count($goodips)>2) array_shift($goodips);
  518.         //$goodips=array(); // limiting good ips to just a few
  519.         while (count($hist)>$kpg_sp_hist) array_shift($hist);
  520.         $stats['badips']=$badips;
  521.         $stats['badems']=$badems;
  522.         $stats['goodips']=$goodips;
  523.         $stats['hist']=$hist;
  524.     $sname=$_SERVER["REQUEST_URI"];    
  525.         if (empty($sname)) {
  526.                 $sname=$_SERVER["SCRIPT_NAME"];
  527.         }
  528.         if (empty($sname)) {
  529.                 $sname=' none? ';
  530.         }
  531.         $blog='';
  532.         if (function_exists('is_multisite') && is_multisite()) {
  533.                 global $blog_id;
  534.                 if (!isset($blog_id)||$blog_id!=1) {
  535.                         $blog=$blog_id;
  536.                 }
  537.         }
  538.         $em=$email;
  539.         if ($email!=$sfs_check_activation) {
  540.                 $email=trim($email);
  541.                 $email=strip_tags($email);
  542.  
  543.                 // cleanup the input that is breaking the serialize functions here (I hope)
  544.                 $em=sanitize_email(strip_tags($email));
  545.                 $em=sanitize_text_field($em);
  546.                 $em=remove_accents($em);
  547.                 $em=utf8_decode($em);
  548.                 $em=really_clean($em);
  549.         }
  550.         $author=sanitize_text_field($author);
  551.         $author=remove_accents($author);
  552.         $author=utf8_decode($author);
  553.         $author=really_clean($author);
  554.         $whodunnit='';
  555.         // think of other things that might kill the serialize functions
  556.         if (strlen($author)>80) $author=substr($author,0,77).'...';
  557.         if (strlen($em)>80) $em=substr($em,0,80).'...';
  558.         // set up hist channel
  559.         $hist[$now]=array($ip,mysql_real_escape_string($em),mysql_real_escape_string($author),$sname,'begin',$blog);
  560.         //$accept_head=false;
  561.         //if (array_key_exists('HTTP_ACCEPT',$_SERVER)) $accept_head=true; // real browsers send HTTP_ACCEPT
  562.         // first check the ip address
  563.        
  564.         // check all of the ones that do not require file access
  565.         $deny=false;
  566.         // testing area goes here before other checks including white list
  567.         // move this down past the white lists after testing is done
  568.        
  569.         // first check white lists
  570.  
  571.         // paypal is whitelisted
  572.         if ($email!=$sfs_check_activation) {
  573.                 if (!$deny&&kpg_sp_checkPayPal($ip)){
  574.                         $hist[$now][4]='White List PayPal';
  575.                         $stats['hist']=$hist;
  576.                         $cntwhite++;
  577.                         $stats['cntwhite']=$cntwhite;
  578.                         update_option('kpg_stop_sp_reg_stats',$stats);
  579.                         return $email;
  580.                 }
  581.                 if (!$deny&&(kpg_sp_searchi($ip,$wlist))) {
  582.                         $hist[$now][4]='White List IP';
  583.                         $stats['hist']=$hist;
  584.                         $cntwhite++;
  585.                         $stats['cntwhite']=$cntwhite;
  586.                         update_option('kpg_stop_sp_reg_stats',$stats);
  587.                         return $email;
  588.                 }
  589.                 if (!$deny&&!empty($em)&&kpg_sp_searchi($em,$wlist)) {
  590.                         $hist[$now][4]='White List EMAIL';
  591.                         $stats['hist']=$hist;
  592.                         $cntwhite++;
  593.                         $stats['cntwhite']=$cntwhite;
  594.                         update_option('kpg_stop_sp_reg_stats',$stats);
  595.                         return $email;
  596.                 }
  597.         // check to see if the ip is in the goodips cache
  598.        
  599.                 if (!$deny&&kpg_sp_searchKi($ip,$goodips)) {
  600.                         $hist[$now][4]='Cached good ip';
  601.                         $stats['hist']=$hist;
  602.                         $cntgood++;
  603.                         $stats['cntgood']=$cntgood;
  604.                         update_option('kpg_stop_sp_reg_stats',$stats);
  605.                         return $email;
  606.                 }
  607.         }
  608.         // not white listed, now try the simple rejects that don't require remote access.
  609.  
  610.         // begin by checking the caches for bad ips. Do this before the regular checks
  611.         // this way only the first appearance of a bad actor is recorded by type
  612.  
  613.         if (!$deny&&kpg_sp_searchKi($ip,$badips)) {
  614.                 $whodunnit.='Cached bad ip';
  615.                 $deny=true;
  616.                 $cntcacheip++;
  617.         }
  618.         if (!$deny && kpg_sp_searchi($ip,$blist)) {
  619.             $whodunnit.='Black List IP';
  620.                 $deny=true;
  621.                 $cntblip++;
  622.         }
  623.        
  624.        
  625.         // check to see if they are coming in from the comment form and a post
  626.         if (!$deny&&$chksession!='N') {
  627.                 if (!defined("WP_CACHE")||(!WP_CACHE)) { // checking the cache does not work id caching
  628.                         // we are in a comment - we need to check the transient variable
  629.                         // only works for comments - not doing logins because I can login in under a second
  630.                         // modify this so only login is excluded. If we are this far then we need to
  631.                         // check the POST
  632.                         //if (strpos($sname,'wp-comments-post.php')!==false
  633.                                 // can't include login.php because in firefox its filled in and I just press the button.
  634.                                 //||strpos($sname,'wp-login.php')!==false
  635.                         //      ||strpos($sname,'signup.php')!==false
  636.                         //)
  637.                         if (strpos($sname,'wp-login.php')===false) {
  638.                                 if (isset($_SESSION['kpg_stop_spammers_time'])) {
  639.                                         $stime=$_SESSION['kpg_stop_spammers_time'];
  640.                                         $tm=time()-$stime;
  641.                                         if ($tm>0&&$tm<5) { // zero seconds is wrong, too. it means that session was set somewhere.
  642.                                                 // takes longer than 4 seconds to really type a comment
  643.                                                 $whodunnit.="Too Quick ($tm)";
  644.                                                 $deny=true;
  645.                                                 $cntsession++;
  646.                                         } else {
  647.                                                 $whodunnit.="($tm) "; // to follow timing
  648.                                         }
  649.                                 }
  650.                         }
  651.                 }
  652.         }
  653.        
  654.         // check to see if it is coming from the red herring form
  655.         $nonce='';
  656.         if (!$deny&&array_key_exists('akismet_comment_nonce',$_POST)) {
  657.                 $nonce=$_POST['akismet_comment_nonce'];
  658.                 if (!empty($nonce)&&kpg_verify_nonce($nonce,'kpgstopspam_redherring')) {
  659.                                 $whodunnit.='Red Herring';
  660.                                 $deny=true;
  661.                                 $cntrh++;
  662.                 }
  663.         }
  664.         if (!$deny&&array_key_exists('rememberme',$_POST)) {
  665.                 $nonce=$_POST['rememberme'];
  666.                 if (!empty($nonce)&&kpg_verify_nonce($nonce,'kpgstopspam_redherring')) {
  667.                                 $whodunnit.='Red Herring';
  668.                                 $deny=true;
  669.                                 $cntrh++;
  670.                 }
  671.         }
  672.         if (!$deny&&!empty($_GET)&&array_key_exists('redir',$_GET)) {
  673.                 $nonce=$_GET['redir'];
  674.                 if (!empty($nonce)&&kpg_verify_nonce($nonce,'kpgstopspam_redherring')) {
  675.                                 $whodunnit.='Red Herring';
  676.                                 $deny=true;
  677.                                 $cntrh++;
  678.                 }
  679.         }
  680.         // chkjscript
  681.         if (!$deny&&array_key_exists('kpg_jscript',$_POST)) {
  682.                 $nonce=$_POST['kpg_jscript'];
  683.                 if (!empty($nonce)&&kpg_verify_nonce($nonce,'kpgstopspam_javascript_bad')) {
  684.                                 $whodunnit.='JavaScript Trap';
  685.                                 $cntjscript++;
  686.                                 $deny=true;
  687.                 }
  688.         }
  689.         $ref='';
  690.         if (array_key_exists('HTTP_REFERER',$_SERVER)) {
  691.                 $ref=$_SERVER['HTTP_REFERER'];
  692.         }
  693.         $ua='';
  694.         if (array_key_exists('HTTP_USER_AGENT',$_SERVER)) {
  695.                 $ua=$_SERVER['HTTP_USER_AGENT'];
  696.         }
  697.        
  698.        
  699.        
  700.         // try checking to see if there is a referrer
  701.         if (!$deny&&$chkreferer=='Y') {
  702.                 // someone is sending a post. Therefore the referer must be from our site.
  703.                 // apple safari on the iphone does not send the referrer so we need to ignore this.
  704.                 if (strpos(strtolower($ua),'iphone')===false&&strpos(strtolower($ua),'ipad')===false) {
  705.                         // require the referer
  706.                         // check to see if our domain is found in the referer
  707.                         $host=$_SERVER['HTTP_HOST'];
  708.                         if (empty($ref)||strpos($ref,$host)===false) {
  709.                                 // bad referer
  710.                                 $whodunnit.="http referer";
  711.                                 $deny=true;
  712.                                 $cntreferer++;
  713.                         }
  714.                 }
  715.         }
  716.        
  717.         if (!$deny && $chkagent=='Y') {
  718.                 if (!array_key_exists('HTTP_USER_AGENT',$_SERVER)) {
  719.                         $whodunnit.='Missing User Agent';
  720.                         $deny=true;
  721.                 }
  722.                 if (!$deny) {
  723.                         $bua=kpg_check_bad_agents();
  724.                         if ($bua!==false) {
  725.                                 $deny=true;
  726.                                 $whodunnit.='Blacklist User agent:'.$bua;
  727.                                 $cntagent++;
  728.                         }
  729.                 }
  730.         }
  731.                        
  732.         if (!$deny && !empty($badTLDs)) {
  733.                 // check the ending to see if the tld should be banned
  734.                 if (kpg_sp_searchL($em,$badTLDs)) {
  735.                         $whodunnit.='Bad TLD';
  736.                         $deny=true;
  737.                         $cnttld++;
  738.                 }
  739.         }
  740.  
  741.         // These are the simple email checks
  742.         if (!empty($em)) {
  743.                 if (!$deny && kpg_sp_searchi($em,$blist)) {
  744.                         $whodunnit.='Black List EMAIL';
  745.                         $deny=true;
  746.                         $cntblem++;
  747.                 }
  748.                 if (!$deny) {
  749.                         $emdomain=explode('@',$em);
  750.                         if (count($emdomain)==2&&kpg_sp_searchi($em[1],$baddomains)) {
  751.                                 $whodunnit.='Blocked Domain';
  752.                                 $deny=true;
  753.                                 $cntemdom++;
  754.                         }
  755.                 }
  756.                 if (!$deny && array_key_exists($em,$badems)) {
  757.                         $deny=true;
  758.                         $whodunnit.='Cached bad email';
  759.                         $cntcacheem++;
  760.                 }
  761.                 if (!$deny && $chklong=='Y' && strlen($em)>64) {
  762.                         $deny=true;
  763.                         $whodunnit.='email too long';
  764.                         $cntlong++;
  765.                 }
  766.                 if (!$deny && $chklong=='Y' && strlen($em)<7) {
  767.                         $deny=true;
  768.                         $whodunnit.='email too short';
  769.                         $cntlong++;
  770.                 }
  771.                 if (!$deny && $chkdisp=='Y') {
  772.                         $ansa=kpg_check_disp($em);
  773.                         if ($ansa!==false) {
  774.                                 $deny=true;
  775.                                 $whodunnit.='Disposable em:'.$em;
  776.                                 $cntdisp++;
  777.                         }
  778.                 }
  779.                 if (!$deny && $chkspamwords=='Y') {
  780.                         $ansa=kpg_check_spamwords($em,$spamwords);
  781.                         if ($ansa!==false) {
  782.                                 $deny=true;
  783.                                 $whodunnit.='Email Spamwords:'.$ansa;
  784.                                 $cntspamwords++;
  785.                         }
  786.                 }
  787.         }
  788.         // check the author field
  789.     // getting a lot of huge author names
  790.         if (!empty($author)) {
  791.                 if (!$deny && $chklong=='Y' && strlen($author)>64) {
  792.                                 $whodunnit.='long author name '.strlen($author);
  793.                                 $deny=true;
  794.                                 $cntlongauth++;
  795.                 }
  796.                 if (!$deny && $chkspamwords=='Y') {
  797.                         $ansa=kpg_check_spamwords($author,$spamwords);
  798.                         if ($ansa!==false) {
  799.                                 $deny=true;
  800.                                 $whodunnit.='Author Spamwords:'.$ansa;
  801.                                 $cntspamwords++;
  802.                         }
  803.                 }
  804.         }
  805.         $accept_head=false;
  806.         if (array_key_exists('HTTP_ACCEPT',$_SERVER)) $accept_head=true; // real browsers send HTTP_ACCEPT
  807.         if (!$deny&&$accept=='Y'&&!$accept_head) {
  808.                 // no accept header - real browsers send the HTTP_ACCEPT header
  809.                 $whodunnit.='No Accept header;';
  810.                 $deny=true;
  811.                 $cntaccept++;
  812.         }
  813.         // Ubiquity servers rent their servers to spammers and should be blocked
  814.         if (!$deny&&$chkubiquity=='Y') {
  815.                 $ansa=kpg_check_ubiquity($ip);
  816.                 if ($ansa!==false) {
  817.                                 $deny=true;
  818.                                 $whodunnit.=$ansa;
  819.                                 $cntubiquity++;
  820.                 }
  821.         }
  822.         // try akismet
  823.         if (!$deny&&$chkakismet=='Y'&&(strpos($sname,'login.php')!==false||strpos($sname,'register.php')!==false||strpos($sname,'signup.php')!==false)) {
  824.                 $ansa=kpg_akismet_check($ip);
  825.                 if ($ansa!==false) {
  826.                                 $deny=true;
  827.                                 $whodunnit.='Akismet';
  828.                                 $cntakismet++;
  829.                 }
  830.         }
  831.         // here is the database lookups section. Simple checks did not work. We need to do a lookup
  832.         if (!$deny && $chksfs=='Y' ) {
  833.                 $query="http://www.stopforumspam.com/api?ip=$ip";
  834.                 if ($chkemail=='Y'&&!empty($em)) {
  835.                         $query=$query."&email=$em";
  836.                 }
  837.                 $check='';
  838.                 $check=kpg_sfs_reg_getafile($query);
  839.                 if (!empty($check)) {
  840.                         if (substr($check,0,4)=="ERR:") {
  841.                                 $whodunnit.=$check.', ';
  842.                         }
  843.                         $lastseen='';
  844.                         $frequency='';
  845.                         $n=strpos($check,'<appears>yes</appears>');
  846.                         if ($n!==false) {
  847.                             if (strpos($check,'<lastseen>',$n)!==false) {
  848.                                         $k=strpos($check,'<lastseen>',$n);
  849.                                         $k+=10;
  850.                                         $j=strpos($check,'</lastseen>',$k);
  851.                                         $lastseen=date('Y-m-d',time() + ( get_option( 'gmt_offset' ) * 3600 ));
  852.                                         if (($j-$k)>12&&($j-$k)<24) $lastseen=substr($check,$k,$j-$k); // should be about 20 characters
  853.                                         if (strpos($lastseen,' ')) $lastseen=substr($lastseen,0,strpos($lastseen,' ')); // trim out the time to save room.
  854.                                         if (strpos($check,'<frequency>',$n)!==false) {
  855.                                                 $k=strpos($check,'<frequency>',$n);
  856.                                                 $k+=11;
  857.                                                 $j=strpos($check,'</frequency',$k);
  858.                                                 $frequency='9999';                     
  859.                                                 if (($j-$k)&&($j-$k)<7) $frequency=substr($check,$k,$j-$k); // should be a number greater than 0 and probably no more than a few thousand.
  860.                                         }
  861.                                 }
  862.  
  863.                                 // have freqency and lastseen date - make these options in next release
  864.                                 // check freq and age
  865.                                 if (!empty($frequency) && !empty($lastseen) && ($frequency!=255) && ($frequency>=$sfsfreq) && (strtotime($lastseen)>(time()-(60*60*24*$sfsage))) )   {
  866.                                 //if ( ($frequency>=$sfsfreq) && (strtotime($lastseen)>(time()-(60*60*24*$sfsage))) )   {
  867.                                 // frequency we got from the db, sfsfreq is the min we'll accept (default 0)
  868.                                 // sfsage is the age in days. we get lastscene from
  869.                                         $deny=true;
  870.                                         $whodunnit.="SFS, $lastseen, $frequency";
  871.                                         $cntsfs++;
  872.                                 }
  873.                         }
  874.                 }
  875.                 //$whodunnit.="Passed SFS, $query $check";
  876.         }
  877.        
  878.         // testing the DNSBL sites for a bad ip. This is useful for email spammers, but I do not know if
  879.         // email spammers are the same as comment spammers.
  880.         if (!$deny&&$chkdnsbl=='Y') {
  881.                 $ansa=@kpg_check_all_dnsbl($ip);
  882.                 if ($ansa!==false) {
  883.                                 $deny=true;
  884.                                 $whodunnit.=$ansa;
  885.                                 $cntdnsbl++;
  886.                 }
  887.         }
  888.  
  889.         if (!$deny&&$honeyapi!='') {
  890.                 // do a further check on project honeypot here
  891.                 $lookup = $honeyapi . '.' . implode('.', array_reverse(explode ('.', $ip ))) . '.dnsbl.httpbl.org';
  892.                 $result = explode( '.', @gethostbyname($lookup));
  893.                 if (count($result)>2) {
  894.                         if ($result[0] == 127) {
  895.                                 // query successful
  896.                                 // 127 is a good lookup
  897.                                 //  [3] = type of threat - we are only interested in comment spam at this point - if user demand I will change.
  898.                                 // [2] is the threat level. 25 is recommended
  899.                                 // [1] is numbr of days since last report
  900.                                 //if ($result[2]>25&&$result[3]==4) { // 4 - comment spam, threat level 25 is average.
  901.                                 if ($result[1]<$hnyage&&$result[2]>$hnylevel&&$result[3]>=4) { // 4 - comment spam, threat level 25 is average.
  902.                                         $deny=true;
  903.                                         $whodunnit.='HTTP:bl, '.$result[1].', '.$result[2].', '.$result[3];
  904.                                         $cnthp++;
  905.                                 }
  906.                         }
  907.                 }
  908.         }
  909.         if (!$deny&&$botscoutapi!='') {
  910.                 // try the ip on botscoutapi
  911.             $query="http://botscout.com/test/?ip=$ip&key=$botscoutapi";
  912.                 $check='';
  913.                 $check=@kpg_sfs_reg_getafile($query);
  914.                 if (!empty($check)) {
  915.                         if (substr($check,0,4)=="ERR:") {
  916.                                 $whodunnit.=$check.', ';
  917.                         }
  918.                         if(strpos($check,'|')) {
  919.                                 $result=explode('|',$check);
  920.                                 if (count($result)>2) {
  921.                                         //  Y|IP|3 - found, type, database occurences
  922.                                         if ($result[0]=='Y'&&$result[2]>$botfreq) {
  923.                                                 $deny=true;
  924.                                                 $whodunnit.='BotScout, '.$result[2];
  925.                                                 $cntbotscout++;
  926.                                         }
  927.                                 }
  928.                         }
  929.                 }
  930.         }
  931.         $hist[$now][4]=$whodunnit;
  932.         if (!$deny) {
  933.                 $hist[$now][4].=' passed';
  934.                 $goodips[$ip]=$now;
  935.                 $stats['hist']=$hist;
  936.                 $stats['cntpassed']=$cntpassed+1;
  937.                 $stats['goodips']=$goodips; // uncomment to cache good ips.
  938.                 update_option('kpg_stop_sp_reg_stats',$stats);
  939.                 return;
  940.         }
  941.         $hist[$now][2]=$bauthor;
  942.  
  943.         if ($email!=''&&$email==$sfs_check_activation) {
  944.                 // failed activation check
  945.                 // report reason
  946.                 echo "<br/>Reason code: $whodunnit <br/>
  947.                 ip: $ip<br/>
  948.                 server uri: $sname<br/>
  949.                 MU blog number: $blog<br/>
  950.                 HTTP_REFERE: $ref<br/>
  951.                 User agent: $ua<br/>
  952.                 Accept head present: $accept_head<br/>
  953.                 <br/>";
  954.                
  955.                 return false;
  956.         }
  957.  
  958.         // update the history files.
  959.         // record the last few guys that have  tried to spam
  960.         // add the bad spammer to the history list
  961.         $spcount++;
  962.         $spmcount++;
  963.         $stats['spcount']=$spcount;
  964.         $stats['spmcount']=$spmcount;
  965.         // Cache the bad guy
  966.         if (!empty($em)) $badems[$em]=$now;
  967.         if (!empty($ip)) $badips[$ip]=$now;
  968.         asort($badips);
  969.         asort($badems);
  970.         while (count($badips)>$kpg_sp_cache) array_shift($badips);
  971.         while (count($badems)>$kpg_sp_cache) array_shift($badems);
  972.         $stats['badips']=$badips;
  973.         $stats['badems']=$badems;
  974.         $stats['hist']=$hist;
  975.         // reason types
  976.                         $stats['cntjscript']=$cntjscript;
  977.                         $stats['cntsfs']=$cntsfs;
  978.                         $stats['cntreferer']=$cntreferer;
  979.                        
  980.                         $stats['cntdisp']=$cntdisp;
  981.                         $stats['cntrh']=$cntrh;
  982.                         $stats['cntdnsbl']=$cntdnsbl;
  983.                        
  984.                         $stats['cntubiquity']=$cntubiquity;
  985.                         $stats['cntakismet']=$cntakismet;
  986.                         $stats['cntspamwords']=$cntspamwords;
  987.                        
  988.                         $stats['cntsession']=$cntsession;
  989.                         $stats['cntlong']=$cntlong;
  990.                         $stats['cntagent']=$cntagent;
  991.                        
  992.                         $stats['cnttld']=$cnttld;
  993.                         $stats['cntemdom']=$cntemdom;                  
  994.                         $stats['cntcacheip']=$cntcacheip;
  995.                        
  996.                         $stats['cntcacheem']=$cntcacheem;
  997.                         $stats['cnthp']=$cnthp;
  998.                         $stats['cntbotscout']=$cntbotscout;
  999.                        
  1000.                         $stats['cntaccept']=$cntaccept;
  1001.                         $stats['cntpassed']=$cntpassed;
  1002.                         $stats['cntwhite']=$cntwhite;
  1003.                         $stats['cntgood']=$cntgood;
  1004.        
  1005.         //
  1006.         update_option('kpg_stop_sp_reg_stats',$stats);
  1007.        
  1008.         if ($redir=='Y'&&!empty($redirurl)) {
  1009.                 sleep(5); // sleep for a few seconds to annoy spammers and maybe delay next hit on stopforumspam.com
  1010.                 header('HTTP/1.1 307 Moved');
  1011.                 header('Status: 307 Moved');
  1012.                 header("location: $redirurl");
  1013.                 exit();
  1014.         }
  1015.  
  1016.         sleep(5); // sleep for a few seconds to annoy spammers and maybe delay next hit on stopforumspam.com
  1017.         // here we do wp_die
  1018.         //header('HTTP/1.1 403 Forbidden');
  1019.         //echo $rejectmessage;
  1020.        
  1021.         // add the reason code to the login message
  1022.         $rejectmessage=str_replace('[reason]',$whodunnit,$rejectmessage);
  1023.         $rejectmessage=str_replace('[ip]',$ip,$rejectmessage);
  1024.         wp_die("$rejectmessage","Login Access Denied",array('response' => 403));
  1025.         exit();
  1026. }
  1027. // this checks to see if there is an ip forwarded involved here and corrects the IP
  1028. function check_forwarded_ip($ip) {
  1029.         if (substr($ip,0,3)=='10.' ||
  1030.                 $ip=='127.0.0.1' ||
  1031.                 substr($ip,0,8)=='192.168.' ||
  1032.                 (substr($ip,0,7)>='172.16.' && substr($ip,0,7)<='172.31.')
  1033.         ) {
  1034.                 $oldip=$ip;
  1035.                 // see if there is a forwarded header
  1036.                 if (function_exists('getallheaders')) {
  1037.                         $hlist=getallheaders();
  1038.                         // ucase
  1039.                         $ip='';
  1040.                         foreach ($hlist as $key => $data) {
  1041.                                 if (substr(strtoupper($key),0,strlen('X-FORWARDED-FOR'))=='X-FORWARDED-FOR') {
  1042.                                         // hit on the forwarded ip
  1043.                                         if (strpos($data,',')!==false) {
  1044.                                                 $ips=explode(',',$data);
  1045.                                         } else {
  1046.                                                 $ips=array($data);
  1047.                                         }
  1048.                                         $ip=trim($ips[count($ips)-1]); // gets the last ip - most likely to be spoofed, perhaps the first ip would be better?
  1049.                                         break;
  1050.                                 }
  1051.                         }
  1052.                         if (empty($ip)) return $oldip;
  1053.                 }
  1054.         }
  1055.         return $ip;
  1056. }
  1057. // still getting errors from bad data. I am now stripping all but ascii characters from 32 to 126
  1058. // email and user ideas are now plain 7 bit ascii as our founding fathers intended.
  1059. // there has to be a built-in php function to do this, but I did not find it.
  1060. // There is an MB_ convert, but it did not work on all of my php hosts, so I think it may not be part of a standard install
  1061. function really_clean($s) {
  1062.         // try to get all non 7-bit things out of the string
  1063.         if (empty($s)) return $s;
  1064.         $ss=array_slice(unpack("c*", "\0".$s), 1);
  1065.         if (empty($ss)) return $s;
  1066.         $s='';
  1067.         for ($j=0;$j<count($ss);$j++) {
  1068.                 if ($ss[$j]<127&&$ss[$j]>31) $s.=pack('C',$ss[$j]);
  1069.         }
  1070.         return $s;
  1071. }
  1072. function kpg_check_bad_agents() {
  1073.         $badagents=array("asterias","Atomic_Email_Hunter","b2w/0.1","BackDoorBot/1.0","Black Hole","BlowFish/1.0","BotALot","BotRightHere","BuiltBotTough","Bullseye/1.0","BunnySlippers","Cegbfeieh","CheeseBot","CherryPicker","CherryPickerElite/1.0","CherryPickerSE/1.0","CopyRightCheck","cosmos","Crescent","Crescent Internet ToolPak HTTP OLE Control v.1.0","discobot","DittoSpyder","DOC","Download Ninja","EmailCollector","EmailSiphon","EmailWolf","EroCrawler","ExtractorPro","Fasterfox","Fetch","Foobot","grub-client","Harvest/1.5","hloader","httplib","HTTrack","humanlinks","ieautodiscovery","InfoNaviRobot","JennyBot","k2spider","Kenjin Spider","Keyword Density/0.9","larbin","LexiBot","libWeb/clsHTTP","libwww","LinkextractorPro","linko","LinkScan/8.1a Unix","LinkWalker","LNSpiderguy","lwp-trivial","lwp-trivial/1.34","Mata Hari","Microsoft.URL.Control","Microsoft URL Control - 5.01.4511","Microsoft URL Control - 6.00.8169","MIIxpc","MIIxpc/4.2","Missigua Locator","Mister PiX","moget","moget/2.1","MSIECrawler","NetAnts","NICErsPRO","NPBot","Offline Explorer","Openfind","Openfind data gathere","ProPowerBot/2.14","ProWebWalker","QueryN Metasearch","RepoMonkey","RepoMonkey Bait & Tackle/v1.01","RMA","sitecheck.Internetseer.com","SiteSnagger","SnapPreviewBot","SpankBot","spanner","suzuran","Szukacz/1.4","Teleport","TeleportPro","Teleport Pro/1.29","Telesoft","TurnitinBot","The Intraformant","TheNomad","TightTwatBot","Titan","toCrawl/UrlDispatcher","True_Robot","True_Robot/1.0","turingos","UbiCrawler","URLy Warning","VCI","VCI WebViewer VCI WebViewer Win32","Web Image Collector","Web Downloader/6.9","WebAuto","WebBandit","WebBandit/3.50","WebCopier","WebCopier v4.0","WebEnhancer","WebmasterWorldForumBot","WebReaper","WebSauger","Website Quester","Webster Pro","WebStripper","WebZip","WebZip/4.0","Wget","Wget/1.5.3","Wget/1.6","WWW-Collector-E","Xenu's","Xenu's Link Sleuth 1.1c","Zao","Zeus","Zeus 32297 Webster Pro V2.9 Win32","ZyBORG","Java/1.");
  1074.         $agent=$_SERVER['HTTP_USER_AGENT'];
  1075.         if (empty($agent)) return false;
  1076.         foreach ($badagents as $a) {
  1077.                 if (strpos(strtolower($agent),strtolower($a))!==false) {
  1078.                         return $a;
  1079.                 }
  1080.         }
  1081.         return false;
  1082. }
  1083. function kpg_check_spamwords($chk,$spamwords) {
  1084.         // list of common spam words form wordpress: http://codex.wordpress.org/Spam_Words
  1085.         // these should be safe except for sites selling drugs, porn or gambling
  1086.         // there has to be better lists than this somewhere. This is dated and not especially applicable, although safe.
  1087.         // if these appear in email address or user id, we don't want them.
  1088.         if(empty($spamwords)) return false;
  1089.         if(empty($chk)) return false;
  1090.         $c=strtolower($chk);
  1091.         $c=str_replace(' ','-',$c);
  1092.         $c=str_replace('_','-',$c);
  1093.         $c=str_replace('.','-',$c);
  1094.         foreach ($spamwords as $s) {
  1095.                 if (strpos($c,$s)!==false) {
  1096.                         return $s;
  1097.                 }
  1098.         }
  1099.         return false;
  1100.  
  1101. }
  1102. function kpg_check_disp($em) {
  1103.         if (empty($em)) return false;
  1104.  
  1105.         $disposables=array('0815.ru','0clickemail.com','0wnd.net','0wnd.org','10minutemail.com','1chuan.com','1zhuan.com','20minutemail.com','2prong.com','3d-painting.com','4warding.com','4warding.net','4warding.org','675hosting.com','675hosting.net','675hosting.org','6url.com','75hosting.com','75hosting.net','75hosting.org','9ox.net','a-bc.net','afrobacon.com','ajaxapp.net','amilegit.com','amiri.net','amiriindustries.com','anonbox.net','anonymail.dk','anonymbox.com','antichef.com','antichef.net','antispam.de','baxomale.ht.cx','beefmilk.com','binkmail.com','bio-muesli.net','blogmyway.org','bobmail.info','bodhi.lawlita.com','bofthew.com','brefmail.com','bsnow.net','bugmenot.com','bumpymail.com','buyusedlibrarybooks.org','casualdx.com','centermail.com','centermail.net','chogmail.com','choicemail1.com','cool.fr.nf','correo.blogos.net','cosmorph.com','courriel.fr.nf','courrieltemporaire.com','curryworld.de','cust.in','dacoolest.com','dandikmail.com','deadaddress.com','deadspam.com','despam.it','despammed.com','devnullmail.com','dfgh.net','digitalsanctuary.com','discardmail.com','discardmail.de','disposableaddress.com','disposeamail.com','disposemail.com','dispostable.com','dm.w3internet.co.uk example.com','dodgeit.com','dodgit.com','dodgit.org','dontreg.com','dontsendmespam.de','dotmsg.com','dresssmall.com','dump-email.info','dumpandjunk.com','dumpmail.de','dumpyemail.com','e4ward.com','email60.com','emaildienst.de','emailias.com','emailinfive.com','emailmiser.com','emailtemporario.com.br','emailto.de','emailwarden.com','emailxfer.com','emz.net','enterto.com','ephemail.net','etranquil.com','etranquil.net','etranquil.org','explodemail.com','fakeinbox.com','fakeinformation.com','fakemailz.com','fastacura.com','fastchevy.com','fastchrysler.com','fastkawasaki.com','fastmazda.com','fastmitsubishi.com','fastnissan.com','fastsubaru.com','fastsuzuki.com','fasttoyota.com','fastyamaha.com','filzmail.com','fizmail.com','footard.com','forgetmail.com','frapmail.com','front14.org','fux0ringduh.com','garliclife.com','get1mail.com','getonemail.com','getonemail.net','ghosttexter.de','girlsundertheinfluence.com','gishpuppy.com','gowikibooks.com','gowikicampus.com','gowikicars.com','gowikifilms.com','gowikigames.com','gowikimusic.com','gowikinetwork.com','gowikitravel.com','gowikitv.com','great-host.in','greensloth.com','gsrv.co.uk','guerillamail.biz','guerillamail.com','guerillamail.net','guerillamail.org','guerrillamail.com','guerrillamail.net','guerrillamailblock.com','h8s.org','haltospam.com','hatespam.org','hidemail.de','hotpop.com','ieatspam.eu','ieatspam.info','ihateyoualot.info','iheartspam.org','imails.info','imstations.com','inboxclean.com','inboxclean.org','incognitomail.com','incognitomail.net','ipoo.org','irish2me.com','iwi.net','jetable.com','jetable.fr.nf','jetable.net','jetable.org','jnxjn.com','junk1e.com','kasmail.com','kaspop.com','killmail.com','killmail.net','klassmaster.com','klassmaster.net','klzlk.com','kulturbetrieb.info','kurzepost.de','lifebyfood.com','link2mail.net','litedrop.com','lookugly.com','lopl.co.cc','lortemail.dk','lovemeleaveme.com','lr78.com','maboard.com','mail.by','mail.mezimages.net','mail2rss.org','mail333.com','mail4trash.com','mailbidon.com','mailblocks.com','mailcatch.com','maileater.com','mailexpire.com','mailfreeonline.com','mailin8r.com','mailinater.com','mailinator.com','mailinator.net','mailinator2.com','mailincubator.com','mailme.lv','mailmoat.com','mailnator.com','mailnull.com','mailquack.com','mailshell.com','mailsiphon.com','mailslapping.com','mailzilla.com','mailzilla.org','mbx.cc','mega.zik.dj','meinspamschutz.de','meltmail.com','messagebeamer.de','mierdamail.com','mintemail.com','moncourrier.fr.nf','monemail.fr.nf','monmail.fr.nf','mt2009.com','mx0.wwwnew.eu','mycleaninbox.net','myspaceinc.com','myspaceinc.net','myspaceinc.org','myspacepimpedup.com','myspamless.com','mytrashmail.com','neomailbox.com','nervmich.net','nervtmich.net','netmails.com','netmails.net','netzidiot.de','neverbox.com','no-spam.ws','nobulk.com','noclickemail.com','nogmailspam.info','nomail.xl.cx','nomail2me.com','nospam.ze.tc','nospam4.us','nospamfor.us','nowmymail.com','nurfuerspam.de','objectmail.com','obobbo.com','oneoffemail.com','oneoffmail.com','onewaymail.com','oopi.org','ordinaryamerican.net','ourklips.com','outlawspam.com','owlpic.com','pancakemail.com','pimpedupmyspace.com','poofy.org','pookmail.com','privacy.net','proxymail.eu','punkass.com','putthisinyourspamdatabase.com','quickinbox.com','rcpt.at','recode.me','recursor.net','recyclemail.dk','regbypass.comsafe-mail.net','rejectmail.com','rklips.com','safersignup.de','safetymail.info','sandelf.de','saynotospams.com','selfdestructingmail.com','sendspamhere.com','shiftmail.com','shitmail.me','shortmail.net','sibmail.com','skeefmail.com','slaskpost.se','slopsbox.com','smellfear.com','snakemail.com','sneakemail.com','sofort-mail.de','sogetthis.com','soodonims.com','spam.la','spamavert.com','spambob.com','spambob.net','spambob.org','spambog.com','spambog.de','spambog.ru','spambox.info','spambox.us','spamcannon.com','spamcannon.net','spamcero.com','spamcon.org','spamcorptastic.com','spamcowboy.com','spamcowboy.net','spamcowboy.org','spamday.com','spamex.com','spamfree24.com','spamfree24.de','spamfree24.eu','spamfree24.info','spamfree24.net','spamfree24.org','spamgourmet.com','spamgourmet.net','spamgourmet.org','spamherelots.com','spamhereplease.com','spamhole.com','spamify.com','spaminator.de','spamkill.info','spaml.com','spaml.de','spammotel.com','spamobox.com','spamoff.de','spamslicer.com','spamspot.com','spamthis.co.uk','spamthisplease.com','spamtrail.com','speed.1s.fr','suremail.info','tempalias.com','tempe-mail.com','tempemail.biz','tempemail.com','tempemail.net','tempinbox.co.uk','tempinbox.com','tempomail.fr','temporarily.de','temporaryemail.net','temporaryforwarding.com','temporaryinbox.com','thankyou2010.com','thisisnotmyrealemail.com','throwawayemailaddress.com','tilien.com','tmailinator.com','tradermail.info','trash-amil.com','trash-mail.at','trash-mail.com','trash-mail.de','trash2009.com','trashdevil.com','trashdevil.de','trashmail.at','trashmail.com','trashmail.de','trashmail.me','trashmail.net','trashmail.org','trashmailer.com','trashymail.com','trashymail.net','turual.com','twinmail.de','tyldd.com','uggsrock.com','upliftnow.com','uplipht.com','venompen.com','viditag.com','viewcastmedia.com','viewcastmedia.net','viewcastmedia.org','walala.org','wegwerfadresse.de','wegwerfmail.de','wegwerfmail.net','wegwerfmail.org','wetrainbayarea.com','wetrainbayarea.org','wh4f.org','whopy.com','whyspam.me','wilemail.com','willselfdestruct.com','winemaven.info','wronghead.com','wuzup.net','wuzupmail.net','wwwnew.eu','xagloo.com','xemaps.com','xents.com','xmaily.com','xoxy.net','yep.it','yogamaven.com','yopmail.com','yopmail.fr','yopmail.net','yuurok.com','zippymail.info','zoemail.org');
  1106.         $emdomain=explode('@',$em);
  1107.         if (count($emdomain)==2&&in_array(strtolower($emdomain[1]),$disposables)) {
  1108.                 // the email is a disposable email address
  1109.                 // do you really want this guy????
  1110.                 return true;
  1111.         }
  1112.         return false;
  1113. }
  1114.  
  1115. function kpg_akismet_check($ip) {
  1116.         if (empty($ip)) return false;
  1117.         // give akismet a try - it seems to know more than anyone
  1118.         $api_key=get_option('wordpress_api_key');
  1119.         $agent=$_SERVER['HTTP_USER_AGENT'];
  1120.         $blogurl=site_url();
  1121.         $api_key=urlencode($api_key);
  1122.         $agent=urlencode($agent);
  1123.         $blogurl=urlencode($blogurl);
  1124.         if (empty($api_key)||empty($agent)||empty($blogurl)) return false;
  1125.         $request="blog=$blogurl&user_ip=$ip&user_agent=$agent";
  1126.         $host = $http_host = $api_key.'.rest.akismet.com';
  1127.     $path = '/1.1/comment-check';
  1128.     $port = 80;
  1129.     $akismet_ua = "WordPress/3.1.1 | Akismet/2.5.3";
  1130.     $content_length = strlen( $request );
  1131.     $http_request  = "POST $path HTTP/1.0\r\n";
  1132.     $http_request .= "Host: $host\r\n";
  1133.     $http_request .= "Content-Type: application/x-www-form-urlencoded\r\n";
  1134.     $http_request .= "Content-Length: {$content_length}\r\n";
  1135.     $http_request .= "User-Agent: {$akismet_ua}\r\n";
  1136.     $http_request .= "\r\n";
  1137.     $http_request .= $request;
  1138.     $response = '';
  1139.         //$f=fopen('akismet.txt',"a");
  1140.     if( false != ( $fs = @fsockopen( $http_host, $port, $errno, $errstr, 10 ) ) ) {
  1141.         fwrite( $fs, $http_request );
  1142.          while ( !feof( $fs ) )
  1143.             $response .= fgets( $fs, 1160 ); // One TCP-IP packet
  1144.         fclose( $fs );
  1145.                 //fwrite($f,"\r\n$response\r\n");
  1146.         $response = explode( "\r\n\r\n", $response, 2 );
  1147.     }
  1148.         //fwrite($f,"\r\n$request\r\n");
  1149.         //fwrite($f,"\r\n$http_request\r\n");
  1150.         //fclose($f);
  1151.     if ( 'true' == $response[1] )
  1152.         return true;
  1153.     else
  1154.         return false;
  1155. }      
  1156.  
  1157. function kpg_check_ubiquity($ip) {
  1158.         if (empty($ip)) return false;
  1159.         $userve=array(
  1160. 'XSServer',
  1161. array('46.251.228.0','46.251.229.255'),
  1162. array('109.230.197.0','109.230.197.255'),
  1163. array('109.230.213.0','109.230.213.255'),
  1164. array('109.230.216.0','109.230.217.255'),
  1165. array('109.230.220.0','109.230.223.255'),
  1166. array('109.230.246.0','109.230.246.255'),
  1167. array('109.230.248.0','109.230.249.255'),
  1168. array('109.230.251.0','109.230.251.255'),
  1169. 'Ubiquity-Nobis',
  1170. array('23.19.0.0','23.19.255.255'),
  1171. array('64.120.0.0','64.120.127.255'),
  1172. array('67.201.0.0','67.201.7.255'),
  1173. array('67.201.40.0','67.201.40.255'),
  1174. array('67.201.48.0','67.201.49.255'),
  1175. array('69.147.224.0','69.147.225.255'),
  1176. array('69.174.60.0','69.174.63.255'),
  1177. array('70.32.32.0','70.32.47.255'),
  1178. array('72.37.145.0','72.37.145.255'),
  1179. array('72.37.204.0','72.37.204.255'),
  1180. array('72.37.218.0','72.37.219.255'),
  1181. array('72.37.221.0','72.37.221.255'),
  1182. array('72.37.222.0','72.37.223.255'),
  1183. array('72.37.224.0','72.37.231.255'),
  1184. array('72.37.237.0','72.37.237.255'),
  1185. array('72.37.242.0','72.37.243.255'),
  1186. array('72.37.246.0','72.37.247.255'),
  1187. array('108.62.0.0','108.62.255.255'),
  1188. array('173.208.0.0','173.208.127.255'),
  1189. array('173.234.0.0','173.234.255.255'),
  1190. array('174.34.128.0','174.34.191.255'),
  1191. array('216.6.224.0','216.6.239.255'),
  1192. array('176.31.50.64','176.31.50.95'),
  1193. 'Balticom',
  1194. array('46.23.32.0','46.23.47.255'),
  1195. array('82.193.64.0','82.193.95.255'),
  1196. array('83.99.128.0','83.99.255.255'),
  1197. array('109.73.96.0','109.73.111.255'),
  1198. array('212.142.64.0','212.142.127.255'),
  1199. 'Everhost',
  1200. array('31.2.216.0','31.2.223.255'),
  1201. array('31.47.208.0','31.47.215.255'),
  1202. array('31.220.128.0','31.220.131.255'),
  1203. array('46.108.155.0','46.108.155.255'),
  1204. array('89.42.8.0','89.42.8.255'),
  1205. array('89.42.108.0','89.42.109.255'),
  1206. array('89.44.16.0','89.44.31.255'),
  1207. array('93.118.64.0','93.118.79.255'),
  1208. array('94.60.152.0','94.60.159.255'),
  1209. array('94.60.160.0','94.60.191.255'),
  1210. array('94.60.192.0','94.60.199.255'),
  1211. array('94.63.0.0','94.63.31.255'),
  1212. array('94.63.32.0','94.63.47.255'),
  1213. array('94.63.56.0','94.63.63.255'),
  1214. array('94.63.64.0','94.63.71.255'),
  1215. array('94.63.128.0','94.63.135.255'),
  1216. array('94.63.152.0','94.63.159.255'),
  1217. array('94.63.192.0','94.63.207.255'),
  1218. array('94.177.4.0','94.177.5.255'),
  1219. array('95.64.24.0','95.64.31.255'),
  1220. array('95.64.32.0','95.64.32.255'),
  1221. array('95.64.41.0','95.64.41.255'),
  1222. array('95.64.42.0','95.64.42.255'),
  1223. array('95.64.110.0','95.64.111.255'),
  1224. array('95.128.168.0','95.128.168.255'),
  1225. array('95.128.174.0','95.128.175.255'),
  1226. array('95.187.0.0','95.187.127.255'),
  1227. array('178.255.36.0','178.255.37.255'),
  1228. array('178.255.38.0','178.255.38.255'),
  1229. array('188.208.0.0','188.208.15.255'),
  1230. array('188.215.0.0','188.215.0.255'),
  1231. array('188.215.32.0','188.215.35.255'),
  1232. array('188.229.19.0','188.229.19.255'),
  1233. array('188.229.20.0','188.229.23.255'),
  1234. array('188.229.38.0','188.229.38.255'),
  1235. array('188.229.103.0','188.229.103.255'),
  1236. array('188.229.104.0','188.229.111.255'),
  1237. array('188.229.124.0','188.229.127.255'),
  1238. array('188.240.36.0','188.240.39.255'),
  1239. array('188.240.160.0','188.240.175.255'),
  1240. array('188.240.192.0','188.240.223.255'),
  1241. array('188.247.128.0','188.247.128.255'),
  1242. array('188.247.228.0','188.247.229.255'),
  1243. 'FDC',
  1244. array('67.159.0.0','67.159.63.255'),
  1245. array('66.90.64.0','66.90.127.255'),
  1246. array('208.53.128.0','208.53.191.255'),
  1247. array('50.7.0.0','50.7.255.255'),
  1248. array('204.45.0.0','204.45.255.255'),
  1249. array('76.73.0.0','76.73.255.255'),
  1250. array('74.63.64.0','74.63.127.255'),
  1251. 'Exetel',
  1252. array('109.230.244.0','109.230.245.255'),
  1253. array('31.214.155.0','31.214.155.255'),
  1254. 'Virpus',
  1255. array('50.115.160.0','50.115.175.255'),
  1256. array('173.0.48.0','173.0.63.255'),
  1257. array('199.119.224.0','199.119.227.255'),
  1258. array('199.180.128.0','199.180.135.255'),
  1259. array('208.89.208.0','208.89.215.255'),
  1260. 'MiscSpamServer',
  1261. array('74.63.222.74','74.63.222.74'),
  1262. array('86.181.176.121','86.181.176.121'),
  1263. array('98.126.4.202','98.126.4.202'),
  1264. array('98.126.251.234','98.126.251.234'),
  1265. array('188.168.0.0','188.168.255.255'),
  1266. array('81.17.22.21','81.17.22.21'),
  1267. array('66.219.17.212','66.219.17.212'),
  1268. array('46.29.248.0','46.29.249.255'),
  1269. array('74.221.208.0','74.221.223.255'),
  1270. array('109.169.57.204','109.169.57.204'),
  1271. array('184.22.139.0','184.22.139.255'),
  1272. array('99.187.246.108','99.187.246.108'),
  1273. array('195.62.24.0','195.62.25.255'),
  1274. array('141.105.65.151','141.105.65.151'),
  1275. array('146.0.74.0','146.0.74.255'),
  1276. array('194.28.112.0','194.28.115.255'),
  1277. array('159.224.130.96','159.224.130.96')
  1278. );
  1279. $srv='';
  1280.         for ($j=0;$j<count($userve);$j++) {
  1281.                 if (!is_array($userve[$j])) {
  1282.                         $srv=$userve[$j];
  1283.                 } else {
  1284.                         $st=ip2long($userve[$j][0]);
  1285.                         $en=ip2long($userve[$j][1]);
  1286.                         if (ip2long($ip)>=$st && ip2long($ip)<=$en) {
  1287.                                 // bad one
  1288.                                 return $srv;
  1289.                         }
  1290.                 }
  1291.                 //if (ip2long($ip)<$en) break; // done search
  1292.         }
  1293.         return false;
  1294. }
  1295. function kpg_check_all_dnsbl($ip) {
  1296.         if (empty($ip)) return false;
  1297.         // just for the heck of it, I found a bunch of blacklist sites
  1298.         // these use the dns returns but don't need an api key as far as I know
  1299.    $iplist = array(
  1300.             'sbl.spamhaus'      => '.sbl.spamhaus.org',
  1301.             'xbl.spamhaus'      => '.xbl.spamhaus.org',
  1302.             'dsbl'              => '.list.dsbl.org',
  1303.             'sorbs'     => '.dnsbl.sorbs.net',
  1304.             'spamcop'   => '.bl.spamcop.net',
  1305.             'ordb'              => '.relays.ordb.org',
  1306.             'njabl'     => '.dnsbl.njabl.org'
  1307.     );
  1308.         foreach($iplist as $key=>$data) {
  1309.                 // check using the dns method.
  1310.                 // returns the db that caused the hit else returns false
  1311.                 $lookup = implode('.', array_reverse(explode ('.', $ip ))) . $data;
  1312.                 $result = explode( '.', gethostbyname($lookup));
  1313.                 if (count($result)>2) {
  1314.                         if ($result[0] == 127) {
  1315.                                 // query successful
  1316.                                 // 127 is a good lookup hit
  1317.                                 //  [3] = type of threat - we are only interested in comment spam at this point - if user demand I will change.
  1318.                                 // [2] is the threat level. 25 is recommended
  1319.                                 // [1] is numbr of days since last report
  1320.                                 return $key.':'.$result[1].','.$result[2].','.$result[3];
  1321.                         }
  1322.                 }
  1323.                 return false;
  1324.         }
  1325. }
  1326. function kpg_sfs_reg_stats_control() {
  1327. // this displays the statistics
  1328.         if(!current_user_can('manage_options')) {
  1329.                 die('Access Denied');
  1330.         }
  1331.         // include it so as to make the core plugin smaller
  1332.         sfs_errorsonoff();
  1333.         require_once("includes/stop-spam-reg-stats.php");
  1334.         sfs_errorsonoff('off');
  1335.  
  1336. }
  1337. function kpg_sfs_reg_control()  {
  1338. // this is the display of information about the page.
  1339.  
  1340.         sfs_errorsonoff();
  1341.         require("includes/stop-spam-reg-options.php");
  1342.         sfs_errorsonoff('off');
  1343.        
  1344.  
  1345. }
  1346.  
  1347. function kpg_sfs_reg_check($actions,$comment) {
  1348.         $email=urlencode($comment->comment_author_email);
  1349.         $ip=$comment->comment_author_IP;
  1350.         $action="<a title=\"Check Stop Forum Spam (SFS)\" target=\"_stopspam\" href=\"http://www.stopforumspam.com/search.php?q=$ip\">Check SFS</a> |
  1351.          <a title=\"Check Project HoneyPot\" target=\"_stopspam\" href=\"http://www.projecthoneypot.org/search_ip.php?ip=$ip\">Check HoneyPot</a>";
  1352.         $actions['check_spam']=$action;
  1353.         return $actions;
  1354. }
  1355. function kpg_sfs_reg_report($actions,$comment) {
  1356.         // need to add a new action to the list
  1357.         $email=urlencode($comment->comment_author_email);
  1358.         if (empty($email)){
  1359.                 return $actions;
  1360.         }
  1361.         $options=kpg_sp_get_options();
  1362.         extract($options);
  1363.        
  1364.     $ID=$comment->comment_ID;
  1365.         $email=urlencode($comment->comment_author_email);
  1366.         $exst='';
  1367.         $uname=urlencode($comment->comment_author);
  1368.         $ip=$comment->comment_author_IP;
  1369.         // code added as per Paul at sto Forum Spam
  1370.         $content=$comment->comment_content;
  1371.        
  1372.         $evidence=$comment->comment_author_url;
  1373.         if (empty($evidence)) $evidence='';
  1374.         preg_match_all('@((https?://)?([-\w]+\.[-\w\.]+)+\w(:\d+)?(/([-\w/_\.]*(\?\S+)?)?)*)@',$content, $post, PREG_PATTERN_ORDER);
  1375.         if (is_array($post)&&is_array($post[1])) $urls1 = array_unique($post[1]); else $urls1 = array();
  1376.         //bbcode
  1377.         preg_match_all('/\[url=(.+)\]/iU', $content, $post, PREG_PATTERN_ORDER);
  1378.         if (is_array($post)&&is_array($post[0])) $urls2 = array_unique($post[0]); else $urls2 = array();
  1379.         $urls3=array_merge($urls1,$urls2);
  1380.     if (is_array($urls3)) $evidence.="\r\n".implode("\r\n",$urls3);    
  1381.         $evidence=urlencode(trim($evidence,"\r\n"));
  1382.         if (strlen($evidence)>128) $evidence=substr($evidence,0,125).'...';
  1383.         $target=" target=\"_blank\" ";
  1384.         $href="href=\"http://www.stopforumspam.com/add.php?username=$uname&email=$email&ip_addr=$ip&evidence=$evidence&api_key=$apikey\" ";
  1385.         if (!empty($apikey)) {
  1386.                 //$target="target=\"kpg_sfs_reg_if1\"";
  1387.                 // make this the xlsrpc call.
  1388.                 $href="href=\"#\"";
  1389.                 $onclick="onclick=\"sfs_ajax_report_spam(this,'$ID','$blog_id','$ajaxurl');return false;\"";
  1390.         }
  1391.         $action="<a $exst title=\"Report to Stop Forum Spam (SFS)\" $target $href $onclick class='delete:the-comment-list:comment-$ID::delete=1 delete vim-d vim-destructive'>Report to SFS</a>";
  1392.        
  1393.  
  1394.         $actions['report_spam']=$action;
  1395.         return $actions;
  1396.  
  1397. }
  1398. // hook the comment list with a "report Spam" filater
  1399. add_action('admin_menu', 'kpg_sfs_reg_admin_menus');
  1400. add_action('network_admin_menu', 'kpg_sfs_reg_net_admin_menus');
  1401.  
  1402. function kpg_sfs_reg_net_admin_menus() {
  1403.         if(!current_user_can('manage_network_options')) return;
  1404.         $options=kpg_sp_get_options();
  1405.     $muswitch=$options['muswitch'];
  1406.         kpg_sfs_reg_add_user_to_whitelist($options);
  1407.         // now install the admin stuff
  1408.         // if the muswitch is "Y" then we are in a network environment
  1409.         // it is a network, the muswitch is on and we can manage the network
  1410.         // this means we can install the options page on the network options page.
  1411.        
  1412.   add_submenu_page('settings.php', 'Stop Spammers', 'Stop Spammers', 'manage_options', 'adminstopspammersoptions', 'kpg_sfs_reg_control');
  1413.   add_submenu_page('settings.php', 'Stop Spammers History', 'Spammer History', 'manage_options', 'adminstopspammerstats', 'kpg_sfs_reg_stats_control');
  1414.  
  1415.        
  1416.        
  1417.         //add_options_page('Stop Spammers', 'Stop Spammers', 'manage_options','adminstopspammersoptions','kpg_sfs_reg_control');
  1418.         //add_options_page('Stop Spammers History', 'Spammer History', 'manage_options','adminstopspammerstats','kpg_sfs_reg_stats_control');
  1419.         add_action('mu_rightnow_end','kpg_sp_rightnow');
  1420.         add_filter('plugin_action_links', 'kpg_sp_plugin_action_links', 10, 2 );
  1421.         add_filter('comment_row_actions','kpg_sfs_reg_check',1,2);     
  1422.         add_filter('comment_row_actions','kpg_sfs_reg_report',1,2);    
  1423. }
  1424. function kpg_sfs_reg_admin_menus() {
  1425.         $options=kpg_sp_get_options();
  1426.     $muswitch=$options['muswitch'];
  1427.         if(!current_user_can('manage_options')) return;
  1428.         kpg_sfs_reg_add_user_to_whitelist($options);
  1429.         // now install the admin stuff
  1430.         // if the muswitch is "Y" then we are in a network environment and do not install
  1431.         if ($muswitch=='Y') {
  1432.                 // we are in the normal admin menu
  1433.                 // I am not sure that the muswitch can be turned on
  1434.                 //echo "<!-- \r\n\r\n the muswitch is on! \r\n\r\n -->";
  1435.                 return; // a network - only the admin can do it.
  1436.         }
  1437.         // this means we can install the options page on the network options page.
  1438.         add_options_page('Stop Spammers', 'Stop Spammers', 'manage_options','stopspammersoptions','kpg_sfs_reg_control');
  1439.         add_options_page('Stop Spammers History', 'Spammer History', 'manage_options','stopspammerstats','kpg_sfs_reg_stats_control');
  1440.         add_action('rightnow_end', 'kpg_sp_rightnow');
  1441.         add_filter( 'plugin_action_links', 'kpg_sp_plugin_action_links', 10, 2 );
  1442.         add_filter('comment_row_actions','kpg_sfs_reg_check',1,2);     
  1443.         add_filter('comment_row_actions','kpg_sfs_reg_report',1,2);    
  1444. }
  1445.  
  1446. function kpg_sfs_reg_add_user_to_whitelist($options) {
  1447.         $addtowhitelist=$options['addtowhitelist'];
  1448.         $wlist=$options['wlist'];
  1449.         $ip=$_SERVER['REMOTE_ADDR'];
  1450.         $ip=check_forwarded_ip($ip);
  1451.         if ($addtowhitelist=='Y'&&!in_array($ip,$wlist)) {
  1452.                 // add this ip to your white list
  1453.                 $wlist[count($wlist)]=$ip;
  1454.                 $options['wlist']=$wlist;
  1455.                 update_option('kpg_stop_sp_reg_options',$options);
  1456.         }
  1457. }
  1458.  
  1459.  
  1460. function kpg_sp_plugin_action_links( $links, $file ) {
  1461.         $options=kpg_sp_get_options();
  1462.         extract($options);
  1463.         $muswitch=$options['muswitch'];
  1464.         if ( basename($file) == basename(__FILE__))  {
  1465.                 $me=admin_url('options-general.php?page=stopspammersoptions');
  1466.                 if (function_exists('is_multisite') && is_multisite() && $muswitch=='Y') {
  1467.                         switch_to_blog(1);
  1468.                         $me=get_admin_url( 1,'network/settings.php?page=adminstopspammerstats');
  1469.                         restore_current_blog();
  1470.                 }
  1471.                 $links[] = "<a href=\"$me\">".__('Settings').'</a>';
  1472.         }
  1473.         return $links;
  1474. }
  1475.  
  1476.  
  1477. function kpg_sfs_reg_uninstall() {
  1478.         if(!current_user_can('manage_options')) {
  1479.                 die('Access Denied');
  1480.         }
  1481.         delete_option('kpg_stop_sp_reg_options');
  1482.         delete_option('kpg_stop_sp_reg_stats');
  1483.         return;
  1484. }  
  1485.  
  1486.  
  1487.  
  1488. if ( function_exists('register_uninstall_hook') ) {
  1489.         register_uninstall_hook(__FILE__, 'kpg_sfs_reg_uninstall');
  1490. }
  1491.  
  1492.  
  1493. function kpg_sfs_reg_getafile($f) {
  1494.         // try this using Wp_Http
  1495.         if( !class_exists( 'WP_Http' ) )
  1496.                 include_once( ABSPATH . WPINC. '/class-http.php' );
  1497.         $request = new WP_Http;
  1498.         $result = $request->request( $f );
  1499.         // see if there is anything there
  1500.         if (empty($result)) return '';
  1501.        
  1502.         if (is_array($result)) {
  1503.                 $ansa=$result['body'];
  1504.                 return $ansa;
  1505.         }
  1506.         if (is_object($result) ) {
  1507.                 $ansa='ERR: '.$result->get_error_message();
  1508.         }
  1509.         return '';
  1510. }
  1511.  
  1512. // special request to add to "right now section of the admin page
  1513. // WP 2.5+
  1514. function kpg_sp_rightnow() {
  1515.         $options=kpg_sp_get_options();
  1516.         extract($options);
  1517.         $muswitch=$options['muswitch'];
  1518.         $stats=kpg_sp_get_stats();
  1519.         extract($stats);
  1520.         $me=admin_url('options-general.php?page=stopspammerstats');
  1521.     if (function_exists('is_multisite') && is_multisite() && $muswitch=='Y') {
  1522.                 switch_to_blog(1);
  1523.                 $me=get_admin_url( 1,'network/settings.php?page=adminstopspammerstats');
  1524.                 restore_current_blog();
  1525.         }
  1526.         if ($spmcount>0) {
  1527.                 // steal the akismet stats css format
  1528.                 // get the path to the plugin
  1529.                 echo "<p><a style=\"font-style:italic;\" href=\"$me\">Stop Spammer Registrations</a> has prevented $spmcount spammers from registering or leaving comments.";
  1530.                 if ($nobuy=='N' && $spmcount>10000) echo "  <a style=\"font-style:italic;\" href=\"http://www.blogseye.com/buy-the-book/\">Buy Keith Graham&apos;s Science Fiction Book</a>";
  1531.                 echo"</p>";
  1532.         } else {
  1533.                 echo "<p><a style=\"font-style:italic\" href=\"$me\">Stop Spammer Registrations</a> has not stopped any spammers, yet.";
  1534.                 echo"</p>";
  1535.         }
  1536. }
  1537. function kpg_sp_checkPayPal($ip) { // returns true if a whitelisted paypal ip
  1538. $paypal=array('173.0.88.66','173.0.88.98','173.0.84.66','173.0.84.98','66.211.168.91','66.211.168.123','173.0.88.67','173.0.88.99','173.0.84.99','173.0.84.67','66.211.168.92','66.211.168.124','173.0.88.69','173.0.88.101','173.0.84.69','173.0.84.101','66.211.168.126','66.211.168.194','173.0.88.68','173.0.88.100','173.0.84.68','173.0.84.100','66.211.168.125','66.211.168.195','173.0.81.1','173.0.81.33','66.211.170.66','216.113.188.100','66.211.168.93','173.0.80.0/20','64.4.240.0/20','66.211.160.0/19','118.214.15.186','118.215.103.186','118.215.119.186','118.215.127.186','118.215.15.186','118.215.151.186','118.215.159.186','118.215.167.186','118.215.199.186','118.215.207.186','118.215.215.186','118.215.231.186','118.215.255.186','118.215.39.186','118.215.63.186','118.215.7.186','118.215.79.186','118.215.87.186','118.215.95.186','202.43.63.186','69.192.31.186','72.247.111.186','88.221.43.186','92.122.143.186','92.123.151.186','92.123.159.186','92.123.163.186','92.123.167.186','92.123.179.186','92.123.183.186','92.123.199.186','92.123.203.186','92.123.207.186','92.123.211.186','92.123.215.186','92.123.219.186','92.123.247.186','92.123.255.186','95.100.31.186','96.16.199.186','96.16.23.186','96.16.247.186','96.16.255.186','96.16.39.186','96.16.55.186','96.17.47.186','96.6.239.186','96.6.79.186','96.7.175.186','96.7.191.186','96.7.199.186','96.7.231.186','96.7.247.186','216.113.188.64','216.113.188.34','173.0.84.178','173.0.84.212','173.0.88.178','173.0.88.212','66.211.168.136','66.211.168.66','173.0.88.203','173.0.84.171','173.0.84.203','173.0.88.171','66.211.168.142','66.211.168.150','173.0.84.76','173.0.88.76','173.0.84.108','173.0.88.108','66.211.168.158','66.211.168.180','118.214.15.186','118.215.103.186','118.215.119.186','118.215.127.186','118.215.15.186','118.215.151.186','118.215.159.186','118.215.167.186','118.215.199.186','118.215.207.186','118.215.215.186','118.215.231.186','118.215.255.186','118.215.39.186','118.215.63.186','118.215.7.186','118.215.79.186','118.215.87.186','118.215.95.186','202.43.63.186','69.192.31.186','72.247.111.186','88.221.43.186','92.122.143.186','92.123.151.186','92.123.159.186','92.123.163.186','92.123.167.186','92.123.179.186','92.123.183.186','92.123.199.186','92.123.203.186','92.123.207.186','92.123.211.186','92.123.215.186','92.123.219.186','92.123.247.186','92.123.255.186','95.100.31.186','96.16.199.186','96.16.23.186','96.16.247.186','96.16.255.186','96.16.39.186','96.16.55.186','96.17.47.186','96.6.239.186','96.6.79.186','96.7.175.186','96.7.191.186','96.7.199.186','96.7.231.186','96.7.247.186',
  1539. // sandbox
  1540. '173.0.82.75','173.0.82.91','173.0.82.77','173.0.82.78','173.0.82.79','173.0.82.75','173.0.82.126','173.0.82.83','173.0.82.84','173.0.82.86','173.0.82.89','173.0.82.101'
  1541. );
  1542.         return kpg_sp_searchi($ip,$paypal);
  1543. }
  1544. function kpg_sp_searchi($needle,$haystack) {
  1545.         // ignore case in_array
  1546.         if (empty($needle)) return false;
  1547.         if (empty($haystack)) return false;
  1548.         if (!is_array($haystack)) return ralse;
  1549.         foreach($haystack as $val) {
  1550.                 if (strtolower($val)==strtolower($needle)) return true;
  1551.         }
  1552.         return false;
  1553. }
  1554. function kpg_sp_searchKi($needle,$haystack) {
  1555.         // ignore case in_array
  1556.         if (empty($needle)) return false;
  1557.         if (empty($haystack)) return false;
  1558.         if (!is_array($haystack)) return ralse;
  1559.         foreach($haystack as $key=>$value) {
  1560.                 if (strtolower($key)==strtolower($needle)) return true;
  1561.         }
  1562.         return false;
  1563. }
  1564. function kpg_sp_searchl($needle,$haystack) {
  1565.         // search the end of a string case insensitive
  1566.         if (empty($needle)) return false;
  1567.         if (empty($haystack)) return false;
  1568.         if (empty($needle)) return false;
  1569.     foreach($haystack as $val) {
  1570.             if (strpos(strtolower($val).'\t',strtolower($needle).'\t')!==false)  return true;
  1571.         }
  1572.         return false;
  1573. }
  1574. function kpg_sp_get_stats() {
  1575.         // check to see if we need to load the option redirector
  1576.         load_sfs_mu();
  1577.         $stats=get_option('kpg_stop_sp_reg_stats');
  1578.         if (empty($stats)||!is_array($stats)) $stats=array();
  1579.         $options=array(
  1580.                 'badips'=>array(),
  1581.                 'badems'=>array(),
  1582.                 'goodips'=>array(),
  1583.                 'hist'=>array(),
  1584.                
  1585.                 'spcount'=>0,
  1586.                 'spmcount'=>0,
  1587.                                
  1588.                 'cntjscript'=>0,
  1589.                 'cntsfs'=>0,
  1590.                 'cntreferer'=>0,
  1591.                
  1592.                 'cntdisp'=>0,
  1593.                 'cntrh'=>0,
  1594.                 'cntdnsbl'=>0,
  1595.                
  1596.                 'cntubiquity'=>0,
  1597.                 'cntakismet'=>0,               
  1598.                 'cntspamwords'=>0,
  1599.                
  1600.                 'cntsession'=>0,
  1601.                 'cntlong'=>0,
  1602.                 'cntagent'=>0,
  1603.                
  1604.                 'cnttld'=>0,
  1605.                 'cntemdom'=>0,         
  1606.                 'cntcacheip'=>0,
  1607.  
  1608.                 'cntcacheem'=>0,
  1609.                 'cnthp'=>0,            
  1610.                 'cntbotscout'=>0,
  1611.  
  1612.                 'cntblem'=>0,          
  1613.                 'cntlongauth'=>0,
  1614.                 'cntblip'=>0,
  1615.  
  1616.                 'cntaccept'=>0,
  1617.                
  1618.                 'cntpassed'=>0,        
  1619.                 'cntwhite'=>0, 
  1620.                 'cntgood'=>0,  
  1621.                
  1622.                 'autoload'=>'N',
  1623.                 'spmdate'=>'installation',
  1624.  
  1625.                 'spdate'=>'last cleared'
  1626.         );
  1627.         $ansa=array_merge($options,$stats);
  1628.         if (!is_array($ansa['badips'])) $ansa['badips']=array();
  1629.         if (!is_array($ansa['badems'])) $ansa['badems']=array();
  1630.         if (!is_array($ansa['hist'])) $ansa['hist']=array();
  1631.         if (!is_array($ansa['goodips'])) $ansa['goodips']=array();
  1632.         if (!is_numeric($ansa['spcount'])) $ansa['spcount']=0;
  1633.         if (!is_numeric($ansa['spmcount'])) $ansa['spmcount']=0;
  1634.         if ($ansa['spcount']==0) {
  1635.                 $ansa['spdate']=date('Y/m/d',time() + ( get_option( 'gmt_offset' ) * 3600 ));
  1636.                 update_option('kpg_stop_sp_reg_stats',$ansa);
  1637.         }
  1638.         if ($ansa['spmcount']==0) {
  1639.                 $ansa['spmdate']=date('Y/m/d',time() + ( get_option( 'gmt_offset' ) * 3600 ));
  1640.                 update_option('kpg_stop_sp_reg_stats',$ansa);
  1641.         }
  1642.         if ($ansa['autoload']=='N') {
  1643.                 delete_option('kpg_stop_sp_reg_stats');
  1644.                 $ansa['autoload']='Y';
  1645.                 add_option('kpg_stop_sp_reg_stats',$ansa, 0, 'no' );
  1646.         }
  1647.  
  1648.         return $ansa;
  1649. }
  1650.  
  1651. /*
  1652.  
  1653.  
  1654. */
  1655. function kpg_sp_get_options() {
  1656.         // first see if we need to load the option redirecor
  1657.         load_sfs_mu();
  1658.         $opts=get_option('kpg_stop_sp_reg_options');
  1659.         if (empty($opts)||!is_array($opts)) $opts=array();
  1660.         $options=array(
  1661.                 'wlist'=>array(),
  1662.                 'blist'=>array(),
  1663.                 'baddomains'=>array(),
  1664.                 'badTLDs'=>array(),
  1665.                 'apikey'=>'',
  1666.                 'honeyapi'=>'',
  1667.                 'botscoutapi'=>'',
  1668.                 'accept'=>'Y',
  1669.                 'nobuy'=>'N',
  1670.                 'chkemail'=>'Y',
  1671.                 'chkjscript'=>'N',
  1672.                 'chksfs'=>'Y',
  1673.                 'chkreferer'=>'Y',
  1674.                 'chkdisp'=>'Y',
  1675.                 'redherring'=>'Y',
  1676.                 'chkdnsbl'=>'Y',
  1677.                 'chkubiquity'=>'Y',
  1678.                 'chkakismet'=>'Y',
  1679.                 'chkcomments'=>'Y',
  1680.                 'chkspamwords'=>'N',
  1681.                 'chklogin'=>'Y',
  1682.                 'chksession'=>'Y',
  1683.                 'chksignup'=>'Y',
  1684.                 'chklong'=>'Y',
  1685.                 'chkagent'=>'Y',
  1686.                 'chkxmlrpc'=>'Y',
  1687.                 'chkwpmail'=>'Y',
  1688.                 'chkwplogin'=>'N',
  1689.                 'chk404'=>'Y',
  1690.                 'addtowhitelist'=>'Y',
  1691.                 'muswitch'=>'N',
  1692.                 'sfsfreq'=>0,
  1693.                 'hnyage'=>9999,
  1694.                 'botfreq'=>0,
  1695.                 'sfsage'=>9999,
  1696.                 'hnylevel'=>5,
  1697.                 'botage'=>9999,
  1698.                 'kpg_sp_cache'=>25,
  1699.                 'kpg_sp_hist'=>25,
  1700.                 'redirurl'=>'',
  1701.                 'redir'=>'N',
  1702.                 'autoload'=>'N',
  1703.                 'rejectmessage'=>"Access Denied<br/>
  1704. This site is protected by the Stop Spammer Registrations Plugin.<br/>",
  1705.                 'spamwords'=>array("-online","4u","4-u","adipex","advicer","baccarrat","blackjack","bllogspot","booker","byob","car-rental-e-site","car-rentals-e-site","carisoprodol","casino","chatroom","cialis","coolhu","credit-card-debt","credit-report","cwas","cyclen","cyclobenzaprine","dating-e-site","day-trading","debt-consolidation","debt-consolidation","discreetordering","duty-free","dutyfree","equityloans","fioricet","flowers-leading-site","freenet-shopping","freenet","gambling-","hair-loss","health-insurancedeals","homeequityloans","homefinance","holdem","hotel-dealse-site","hotele-site","hotelse-site","incest","insurance-quotes","insurancedeals","jrcreations","levitra","macinstruct","mortgagequotes","online-gambling","onlinegambling","ottawavalleyag","ownsthis","paxil","penis","pharmacy","phentermine","poker-chip","poze","pussy","rental-car-e-site","ringtones","roulette ","shemale","slot-machine","thorcarlson","top-site","top-e-site","tramadol","trim-spa","ultram","valeofglamorganconservatives","viagra","vioxx","xanax","zolus","ambien","poker","bingo","allstate","insurnce","work-at-home","workathome","home-based","homebased","weight-loss","weightloss","additional-income","extra-income","email-marketing","sibutramine","seo-","fast-cash")
  1706.                 );
  1707.         $ansa=array_merge($options,$opts);
  1708.         if (!is_array($ansa['wlist'])) $ansa['wlist']=array();
  1709.         if (!is_array($ansa['blist'])) $ansa['blist']=array();
  1710.         if (!is_array($ansa['baddomains'])) $ansa['baddomains']=array();
  1711.         if (!is_array($ansa['badTLDs'])) $ansa['badTLDs']=array();
  1712.         if (empty($ansa['apikey'])) $ansa['apikey']='';
  1713.         if (empty($ansa['honeyapi'])) $ansa['honeyapi']='';
  1714.         if (empty($ansa['botscoutapi'])) $ansa['botscoutapi']='';
  1715.         if ($ansa['accept']!='Y') $ansa['accept']='N';
  1716.         if ($ansa['nobuy']!='Y') $ansa['nobuy']='N';
  1717.         if ($ansa['chkemail']!='Y') $ansa['chkemail']='N';
  1718.         if ($ansa['chkdisp']!='Y') $ansa['chkdisp']='N';
  1719.         if ($ansa['chksfs']!='Y') $ansa['chksfs']='N';
  1720.         if ($ansa['chkdnsbl']!='Y') $ansa['chkdnsbl']='N';
  1721.         if ($ansa['chkubiquity']!='Y') $ansa['chkubiquity']='N';
  1722.         if ($ansa['chkakismet']!='Y') $ansa['chkakismet']='N';
  1723.         if ($ansa['chkcomments']!='Y') $ansa['chkcomments']='N';
  1724.         if ($ansa['chklogin']!='Y') $ansa['chklogin']='N';
  1725.         if ($ansa['chksignup']!='Y') $ansa['chksignup']='N';
  1726.         if ($ansa['chkxmlrpc']!='Y') $ansa['chkxmlrpc']='N';
  1727.         if ($ansa['chkwplogin']!='Y') $ansa['chkwplogin']='N';
  1728.         if ($ansa['muswitch']!='Y') $ansa['muswitch']='N';
  1729.         if (empty($ansa['kpg_sp_cache'])) $ansa['kpg_sp_cache']=25;
  1730.         if (empty($ansa['kpg_sp_hist'])) $ansa['kpg_sp_hist']=25;
  1731.         if (!is_array($ansa['spamwords'])) $ansa['spamwords']=array();
  1732.  
  1733.         if ($ansa['autoload']=='N') {
  1734.                 delete_option('kpg_stop_sp_reg_options');
  1735.                 $ansa['autoload']='Y';
  1736.                 add_option('kpg_stop_sp_reg_options',$ansa, 0, 'no' );
  1737.         }
  1738.         // need to check to see if the mu option has been set
  1739.         if (function_exists('is_multisite') && is_multisite()) {
  1740.                 switch_to_blog(1);
  1741.                 $options=get_option('kpg_stop_sp_reg_options');
  1742.                 restore_current_blog();
  1743.                 $muswitch=$options['muswitch'];
  1744.                 $ansa['muswitch']=$muswitch;
  1745.         } else {
  1746.                 $ansa['muswitch']='N';
  1747.         }
  1748.         return $ansa;
  1749. }
  1750. function sfs_handle_ajax_check($data) {
  1751.         // this does a call to the sfs site to check a known spammer
  1752.         // returns success or not
  1753.         $query="http://www.stopforumspam.com/api?ip=91.186.18.61";
  1754.         $check='';
  1755.         $check=kpg_sfs_reg_getafile($query);
  1756.         if (!empty($check)) {
  1757.             $check=trim($check);
  1758.             $check=trim($check,'0');
  1759.                 if (substr($check,0,4)=="ERR:") {
  1760.                         echo "Access to the Stop Forum Spam Database shows errors\r\n";
  1761.                         echo "response was $check\r\n";
  1762.                 }
  1763.                 //Access to the Stop Forum Spam Database is working
  1764.                 $n=strpos($check,'<response success="true">');
  1765.                 if ($n===false) {
  1766.                         echo "Access to the Stop Forum Spam Database is not working\r\n";
  1767.                         echo "response was\r\n $check\r\n";
  1768.                 } else {
  1769.                         echo "Access to the Stop Forum Spam Database is working";
  1770.                 }
  1771.         } else {
  1772.                 echo "No response from the Stop Forum Spam AP Call\r\n";
  1773.         }
  1774.         return;
  1775. }
  1776. function sfs_handle_ajax_sub($data) {
  1777.         // get the stuff from the $_GET and call stop forum spam
  1778.         // this tages the stuff from the get and uses it to do the get from sfs
  1779.         // get the configuration items
  1780.         //kpg_ssp_global_setup();
  1781.         $options=kpg_sp_get_options();
  1782.         if (empty($options)) { // can't happen?
  1783.                 echo "No Options set";
  1784.                 exit();
  1785.         }
  1786.         //print_r($options);
  1787.         extract($options);
  1788.         // get the comment_id parameter
  1789.         $comment_id=urlencode($_GET['comment_id']);
  1790.         if (empty($comment_id)) {
  1791.                 echo "No comment id found";
  1792.                 exit();
  1793.         }
  1794.         // need to pass the blog id also
  1795.         $blog='';
  1796.         $blog=$_GET['blog_id'];
  1797.         if ($blog!='') {
  1798.                 switch_to_blog($blog);
  1799.         }
  1800.         // get the comment
  1801.         $comment=get_comment( $comment_id, ARRAY_A );
  1802.         if (empty($comment)) {
  1803.                 echo "No comment found for $comment_id";
  1804.                 exit();
  1805.         }
  1806.         //print_r($comment);
  1807.         $email=urlencode($comment['comment_author_email']);
  1808.         $uname=urlencode($comment['comment_author']);
  1809.         $ip_addr=$comment['comment_author_IP'];
  1810.         // code added as per Paul at sto Forum Spam
  1811.         $content=$comment['comment_content'];
  1812.         $evidence=$comment['comment_author_url'];
  1813.         if ($blog!='') {
  1814.                 restore_current_blog();
  1815.         }
  1816.  
  1817.         if (empty($evidence)) $evidence='';
  1818.         preg_match_all('@((https?://)?([-\w]+\.[-\w\.]+)+\w(:\d+)?(/([-\w/_\.]*(\?\S+)?)?)*)@',$content, $post, PREG_PATTERN_ORDER);
  1819.         $urls1=array();
  1820.         $urls2=array();
  1821.         if (is_array($post)&&is_array($post[1])) $urls1 = array_unique($post[1]); else $urls1 = array();
  1822.         //bbcode
  1823.         preg_match_all('/\[url=(.+)\]/iU', $content, $post, PREG_PATTERN_ORDER);
  1824.         if (is_array($post)&&is_array($post[0])) $urls2 = array_unique($post[0]); else $urls2 = array();
  1825.         $urls3=array_merge($urls1,$urls2);
  1826.     if (is_array($urls3)) $evidence.="\r\n".implode("\r\n",$urls3);    
  1827.         $evidence=urlencode(trim($evidence,"\r\n"));
  1828.         if (strlen($evidence)>128) $evidence=substr($evidence,0,125).'...';
  1829.        
  1830.         if (empty($apikey)) {
  1831.                 echo "Cannot Report Spam without API Key";
  1832.                 exit();
  1833.         }
  1834. $hget="http://www.stopforumspam.com/add.php?ip_addr=$ip_addr&api_key=$apikey&email=$email&username=$uname&evidence=$evidence";
  1835. //echo $hget;
  1836.    $ret=@kpg_sfs_reg_getafile($hget);
  1837.         if (stripos($ret,'data submitted successfully')!==false) {
  1838.                 echo $ret;
  1839.         } else if (stripos($ret,'recent duplicate entry')!==false) {
  1840.                 echo ' recent duplicate entry ';
  1841.         } else {
  1842.                 echo $ret;
  1843.         }
  1844. }
  1845.         add_action('wp_ajax_nopriv_sfs_sub', 'sfs_handle_ajax_sub');   
  1846.         add_action('wp_ajax_sfs_sub', 'sfs_handle_ajax_sub');  
  1847.         add_action('wp_ajax_sfs_check', 'sfs_handle_ajax_check');       // used to check if ajax reporting works
  1848. /******************************************
  1849. * try ajax version of reporting
  1850. * right out of the api playbook
  1851. ******************************************/
  1852.         add_action('admin_head', 'sfs_handle_ajax_new');
  1853.         function sfs_handle_ajax_new() {
  1854.                 // this is the call that handles the call to ajax
  1855.                 // step 1: Create the script that handles the action
  1856. ?>
  1857. <script type="text/javascript" >
  1858. var sfs_ajax_who=null; //use this to update the message in the click
  1859. function sfs_ajax_report_spam(t,id,blog,url) {
  1860.         sfs_ajax_who=t;
  1861.        
  1862.         var data= {
  1863.                 action: 'sfs_sub',
  1864.                 blog_id: blog,
  1865.                 comment_id: id,
  1866.                 ajax_url: url
  1867.         }
  1868.         jQuery.get(ajaxurl, data, sfs_ajax_return_spam);
  1869. }
  1870. function sfs_ajax_return_spam(response) {
  1871.     sfs_ajax_who.innerHTML="Spam reported";
  1872.         sfs_ajax_who.style.color="green";
  1873.         sfs_ajax_who.style.fontWeight="bolder";
  1874.         //alert(response);
  1875.         if (response.indexOf('data submitted successfully')>0) {
  1876.                 return false;
  1877.         }
  1878.         if (response.indexOf('recent duplicate entry')>0) {
  1879.                 sfs_ajax_who.innerHTML="Spam Already reported";
  1880.                 sfs_ajax_who.style.color="brown";
  1881.                 sfs_ajax_who.style.fontWeight="bolder";
  1882.                 return false;
  1883.         }
  1884.         sfs_ajax_who.innerHTML="Error reporting spam";
  1885.         sfs_ajax_who.style.color="red";
  1886.         sfs_ajax_who.style.fontWeight="bolder";
  1887.         alert(response);
  1888.         return false;
  1889. }
  1890. </script>
  1891. <?php          
  1892.  
  1893.         }
  1894.        
  1895.        
  1896.        
  1897. // here are the debug functions
  1898. // change the debug=false to debug=true to start debugging.
  1899. // the plugin will drop a file sfs_debug_output.txt in the current directory (root, wp-admin, or network)
  1900. // directory must be writeable or plugin will crash.
  1901.  
  1902. function sfs_errorsonoff($old=null) {
  1903.         $debug=true;  // change to true to debug, false to stop debugging.
  1904.         if (!$debug) return;
  1905.         if (empty($old)) return set_error_handler("sfs_ErrorHandler");
  1906.         restore_error_handler();
  1907. }
  1908. function sfs_ErrorHandler($errno, $errmsg, $filename, $linenum, $vars) {
  1909.         // write the answers to the file
  1910.         // we are only conserned with the errors and warnings, not the notices
  1911.         //if ($errno==E_NOTICE || $errno==E_WARNING) return false;
  1912.         $serrno="";
  1913.         if (
  1914.         (strpos($filename,'stop-spam')===false)
  1915.         &&(strpos($filename,'sfr_mu')===false)
  1916.         &&(strpos($filename,'settings.php')===false)
  1917.         &&(strpos($filename,'options-general.php')===false)
  1918.         &&(!function_exists('bbpress'))
  1919.         ) return false;
  1920.         switch ($errno) {
  1921.                 case E_ERROR:
  1922.                         $serrno="Fatal run-time errors. These indicate errors that can not be recovered from, such as a memory allocation problem. Execution of the script is halted. ";
  1923.                         break;
  1924.                 case E_WARNING:
  1925.                         $serrno="Run-time warnings (non-fatal errors). Execution of the script is not halted. ";
  1926.                         break;
  1927.                 case E_NOTICE:
  1928.                         $serrno="Run-time notices. Indicate that the script encountered something that could indicate an error, but could also happen in the normal course of running a script. ";
  1929.                         break;
  1930.                 default;
  1931.                         $serrno="Unknown Error type $errno";
  1932.         }
  1933.         if (strpos($errmsg,'modify header information')) return false;
  1934.  
  1935.         $msg="
  1936.         Error number: $errno
  1937.         Error type: $serrno
  1938.         Error Msg: $errmsg
  1939.         File name: $filename
  1940.         Line Number: $linenum
  1941.         ---------------------
  1942.         ";
  1943.         // write out the error
  1944.         $f=fopen(dirname(__FILE__)."/sfs_debug_output.txt",'a');
  1945.         fwrite($f,$msg);
  1946.         fclose($f);
  1947.         return false;
  1948. }
  1949. function kpg_verify_nonce($a,$b) {
  1950.         if (function_exists('wp_verify_nonce')) {
  1951.                 return wp_verify_nonce($a, $b);
  1952.         }
  1953.         return false;
  1954. }
  1955. ?>
clone this paste RAW Paste Data