PageRenderTime 55ms CodeModel.GetById 14ms RepoModel.GetById 0ms app.codeStats 0ms

/blog/wp-content/plugins/wp-hashcash/wp-hashcash.php

https://bitbucket.org/sergiohzlz/reportaprod
PHP | 681 lines | 498 code | 106 blank | 77 comment | 72 complexity | acdacbc85eb2410621b213a830803e33 MD5 | raw file
Possible License(s): GPL-2.0, GPL-3.0, AGPL-1.0, LGPL-2.1 
    

  1. <?php

    2. 

  2. /*

    3. 

  3.  Plugin Name: WordPress Hashcash

    4. 

  4.  Plugin URI: http://wordpress-plugins.feifei.us/hashcash/

    5. 

  5.  Description: Client-side javascript blocks all spam bots.  XHTML 1.1 compliant.

    6. 

  6.  Author: Elliott Back

    7. 

  7.  Author URI: http://elliottback.com

    8. 

  8.  Version: 4.5.1

    9. 

  9. 

    10. 

  10.  This program is free software; you can redistribute it and/or modify

    11. 

  11.  it under the terms of the GNU General Public License as published by

    12. 

  12.  the Free Software Foundation; either version 2 of the License, or

    13. 

  13.  (at your option) any later version.

    14. 

  14. 

    15. 

  15.  This program is distributed in the hope that it will be useful,

    16. 

  16.  but WITHOUT ANY WARRANTY; without even the implied warranty of

    17. 

  17.  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

    18. 

  18.  GNU General Public License for more details.

    19. 

  19. 

    20. 

  20.  */

    21. 

  21. 

    22. 

  22. function wphc_option($save = false){

    23. 

  23. 	if($save) {

    24. 

  24. 		if( function_exists( 'update_site_option' ) ) {

    25. 

  25. 			update_site_option('plugin_wp-hashcash', $save);

    26. 

  26. 		} else {

    27. 

  27. 			update_option('plugin_wp-hashcash', $save);

    28. 

  28. 		}

    29. 

  29. 

    30. 

  30. 		return $save;

    31. 

  31. 	} else {

    32. 

  32. 		if( function_exists( 'get_site_option' ) ) {

    33. 

  33. 			$options = get_site_option('plugin_wp-hashcash');

    34. 

  34. 		} else {

    35. 

  35. 			$options = get_option('plugin_wp-hashcash');

    36. 

  36. 		}

    37. 

  37. 

    38. 

  38. 		if(!is_array($options))

    39. 

  39. 			$options = array();

    40. 

  40. 

    41. 

  41. 		return $options;

    42. 

  42. 	}

    43. 

  43. }

    44. 

  44. 

    45. 

  45. /**

    46. 

  46.  * Install WP Hashcash

    47. 

  47.  */

    48. 

  48. 

    49. 

  49. function wphc_install () {

    50. 

  50. 	// set our default options

    51. 

  51. 	$options = wphc_option();

    52. 

  52. 	$options['comments-spam'] = $options['comments-spam'] || 0;

    53. 

  53. 	$options['comments-ham'] = $options['comments-ham'] || 0;

    54. 

  54. 	$options['signups-spam'] = $options['signups-spam'] || 0;

    55. 

  55. 	$options['signups-ham'] = $options['signups-ham'] || 0;

    56. 

  56. 	$options['key'] = array();

    57. 

  57. 	$options['key-date'] = 0;

    58. 

  58. 	$options['refresh'] = 60 * 60 * 24 * 7;

    59. 

  59. 	$options['signup_active'] = 1;

    60. 

  60. 	$options['comments_active'] = 1;

    61. 

  61. 	$options['attribution'] = 1;

    62. 

  62. 	

    63. 

  63. 	// akismet compat check

    64. 

  64. 	if(function_exists('akismet_init')){

    65. 

  65. 		$options['moderation'] = 'akismet';

    66. 

  66. 	} else {

    67. 

  67. 		$options['moderation'] = 'moderate';

    68. 

  68. 	}

    69. 

  69. 	

    70. 

  70. 	// validate ip / url

    71. 

  71. 	$options['validate-ip'] = true;

    72. 

  72. 	$options['validate-url'] = true;

    73. 

  73. 

    74. 

  74. 	// logging

    75. 

  75. 	$options['logging'] = true;

    76. 

  76. 

    77. 

  77. 	// update the key

    78. 

  78. 	wphc_option($options);

    79. 

  79. 	wphc_refresh();

    80. 

  80. }

    81. 

  81. 

    82. 

  82. add_action('activate_wp-hashcash/wp-hashcash.php', 'wphc_install');

    83. 

  83. add_action('activate_wp-hashcash.php', 'wphc_install');

    84. 

  84. 

    85. 

  85. /**

    86. 

  86.  * Update the key, if needed

    87. 

  87.  */

    88. 

  88. 

    89. 

  89. function wphc_refresh(){

    90. 

  90. 	$options = wphc_option();

    91. 

  91. 

    92. 

  92. 	if( !isset( $options[ 'signup_active' ] ) ) {

    93. 

  93. 		wphc_install();

    94. 

  94. 		return;

    95. 

  95. 	}

    96. 

  96. 

    97. 

  97. 	if(time() - $options['key-date'] > $options['refresh']) {

    98. 

  98. 		if(count($options['key']) >= 5)

    99. 

  99. 			array_shift($options['key']);

    100. 

  100. 

    101. 

  101. 		array_push($options['key'], rand(21474836, 2126008810));

    102. 

  102. 

    103. 

  103. 		$options['key-date'] = time();

    104. 

  104. 		wphc_option($options);

    105. 

  105. 	}

    106. 

  106. }

    107. 

  107. 

    108. 

  108. add_action('shutdown', 'wphc_refresh');

    109. 

  109. 

    110. 

  110. /**

    111. 

  111.  * Our plugin can also have a widget

    112. 

  112.  */

    113. 

  113. 

    114. 

  114. function get_spam_ratio( $ham, $spam ) {

    115. 

  115. 	if($spam + $ham == 0)

    116. 

  116. 		$ratio = 0;

    117. 

  117. 	else

    118. 

  118. 		$ratio = round(100 * ($spam/($ham+$spam)),2);

    119. 

  119. 

    120. 

  120. 	return $ratio;

    121. 

  121. }

    122. 

  122. 

    123. 

  123. function widget_ratio($options){

    124. 

  124. 	$signups_ham = (int)$options['signups-ham'];

    125. 

  125. 	$signups_spam = (int)$options['signups-spam'];

    126. 

  126. 	$ham = (int)$options['comments-ham'];

    127. 

  127. 	$spam = (int)$options['comments-spam'];

    128. 

  128. 	$ratio = get_spam_ratio( $ham, $spam );

    129. 

  129. 	$signups_ratio = get_spam_ratio( $signups_ham, $signups_spam );

    130. 

  130. 

    131. 

  131. 	$msg = "<li><span>$spam spam comments blocked out of $ham human comments.  " . $ratio ."% of your comments are spam!</span></li>";

    132. 

  132. 

    133. 

  133. 	if( $signups_ham && $signups_spam )

    134. 

  134. 		$msg = "<li><span>$signups_spam spam signups blocked out of $signups_ham human signups.  " . $signups_ratio ."% of your signups are spam!</span></li>";

    135. 

  135. 

    136. 

  136. 	return $msg;

    137. 

  137. }

    138. 

  138. 

    139. 

  139. function wphc_widget_init () {

    140. 

  140. 	if(!function_exists('register_sidebar_widget'))

    141. 

  141. 		return;

    142. 

  142. 

    143. 

  143. 	function widget_wphc($args) {

    144. 

  144. 		extract($args);

    145. 

  145. 		$options = wphc_option();

    146. 

  146. 

    147. 

  147. 		echo $before_widget . $before_title . '<a href="http://wordpress-plugins.feifei.us/hashcash/">WP Hashcash</a>' . $after_title;

    148. 

  148. 		echo '<ul>';

    149. 

  149. 		echo '<li><a href="http://elliottback.com/wp/">By Elliott Back</a></li>';

    150. 

  150. 		echo widget_ratio($options);

    151. 

  151. 		echo '</ul>';

    152. 

  152. 		echo $after_widget;

    153. 

  153. 	}

    154. 

  154. 	

    155. 

  155. 	register_sidebar_widget(array('WP Hashcash', 'widgets'), 'widget_wphc');

    156. 

  156. }

    157. 

  157. 

    158. 

  158. add_action('widgets_init', 'wphc_widget_init');

    159. 

  159. 

    160. 

  160. /**

    161. 

  161.  * Admin Options

    162. 

  162.  */

    163. 

  163. 

    164. 

  164. add_action('admin_menu', 'wphc_add_options_to_admin');

    165. 

  165. 

    166. 

  166. function wphc_add_options_to_admin() {

    167. 

  167. 	if( function_exists( 'is_site_admin' ) && !is_site_admin() )

    168. 

  168. 		return;

    169. 

  169. 

    170. 

  170. 	if (function_exists('add_options_page')) {

    171. 

  171. 		if( function_exists( 'is_site_admin' ) ) {

    172. 

  172. 			add_submenu_page('wpmu-admin.php', __('WordPress Hashcash'), __('WordPress Hashcash'), 'manage_options', 'wphc_admin', 'wphc_admin_options');

    173. 

  173. 		} else {

    174. 

  174. 			add_options_page('Wordpress Hashcash', 'Wordpress Hashcash', 8, basename(__FILE__), 'wphc_admin_options');

    175. 

  175. 		}

    176. 

  176. 	}

    177. 

  177. }

    178. 

  178. 

    179. 

  179. function wphc_admin_options() {

    180. 

  180. 	if( function_exists( 'is_site_admin' ) && !is_site_admin() )

    181. 

  181. 		return;

    182. 

  182. 

    183. 

  183. 	$options = wphc_option();

    184. 

  184. 

    185. 

  185. 	if( !isset( $options[ 'signup_active' ] ) ) {

    186. 

  186. 		wphc_install(); // MU has no activation hook

    187. 

  187. 		$options = wphc_option();

    188. 

  188. 	}

    189. 

  189. 

    190. 

  190. 	// POST HANDLER

    191. 

  191. 	if($_POST['wphc-submit']){

    192. 

  192. 		check_admin_referer( 'wphc-options' );

    193. 

  193. 		if ( function_exists('current_user_can') && !current_user_can('manage_options') )

    194. 

  194. 			die('Current user not authorized to managed options');

    195. 

  195. 

    196. 

  196. 		$options['refresh'] = strip_tags(stripslashes($_POST['wphc-refresh']));

    197. 

  197. 		$options['moderation'] = strip_tags(stripslashes($_POST['wphc-moderation']));

    198. 

  198. 		$options['validate-ip'] = strip_tags(stripslashes($_POST['wphc-validate-ip']));

    199. 

  199. 		$options['validate-url'] = strip_tags(stripslashes($_POST['wphc-validate-url']));

    200. 

  200. 		$options['logging'] = strip_tags(stripslashes($_POST['wphc-logging']));

    201. 

  201. 		$options['signup_active'] = (int) $_POST['signup_active'];

    202. 

  202. 		$options['comments_active'] = (int) $_POST['comments_active'];

    203. 

  203. 		wphc_option($options);

    204. 

  204. 	}

    205. 

  205. 	

    206. 

  206. 	// MAIN FORM

    207. 

  207. 	echo '<style type="text/css">

    208. 

  208. 		.wrap h3 { color: black; background-color: #e5f3ff; padding: 4px 8px; }

    209. 

  209. 

    210. 

  210. 		.sidebar {

    211. 

  211. 			border-right: 2px solid #e5f3ff;

    212. 

  212. 			width: 200px;

    213. 

  213. 			float: left;

    214. 

  214. 			padding: 0px 20px 0px 10px;

    215. 

  215. 			margin: 0px 20px 0px 0px;

    216. 

  216. 		}

    217. 

  217. 

    218. 

  218. 		.sidebar input {

    219. 

  219. 			background-color: #FFF;

    220. 

  220. 			border: none;

    221. 

  221. 		}

    222. 

  222. 

    223. 

  223. 		.main {

    224. 

  224. 			float: left;

    225. 

  225. 			width: 600px;

    226. 

  226. 		}

    227. 

  227. 

    228. 

  228. 		.clear { clear: both; }

    229. 

  229. 	</style>';

    230. 

  230. 

    231. 

  231. 	echo '<div class="wrap">';

    232. 

  232. 

    233. 

  233. 	echo '<div class="sidebar">';

    234. 

  234. 	echo '<h3>Plugin</h3>';

    235. 

  235. 	echo '<ul>

    236. 

  236. 	<li><a href="http://wordpress-plugins.feifei.us/hashcash/">Plugin\'s Homepage</a></li>';

    237. 

  237. 	if( function_exists( 'is_site_admin' ) && is_site_admin() ) {

    238. 

  238. 		echo '<li><a href="http://mu.wordpress.org/forums/">WordPress MU Forums</a></li>';

    239. 

  239. 	}

    240. 

  240. 	echo '<li><a href="http://wordpress.org/tags/wp-hashcash">Plugin Support Forum</a></li>';

    241. 

  241. 	echo '</ul>';		

    242. 

  242. 	echo '<h3>Donation</h3>';

    243. 

  243. 	echo '<center><form action="https://www.paypal.com/cgi-bin/webscr" method="post">

    244. 

  244. <input type="hidden" name="cmd" value="_s-xclick">

    245. 

  245. <input style="border:none;" type="image" src="https://www.paypal.com/en_US/i/btn/btn_donate_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!">

    246. 

  246. <img alt="" border="0" src="https://www.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1">

    247. 

  247. <input type="hidden" name="encrypted" value="-----BEGIN PKCS7-----MIIHTwYJKoZIhvcNAQcEoIIHQDCCBzwCAQExggEwMIIBLAIBADCBlDCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20CAQAwDQYJKoZIhvcNAQEBBQAEgYB92DQNuZFkPnoaXIGUgUCBMNWj7VUVJdLa3lfGJ7JbMOoBJA0T5e4p/iydz35l+95Chl9z17WRD00ne+fkm6f2/9IKLzvp8jOhuHzD/OyQPj9hGXH6uXGrAeLrPEfh4GpWnsv8g5c3ARM1wdETboRudQwjy7Fxjsz3SzGseILnXTELMAkGBSsOAwIaBQAwgcwGCSqGSIb3DQEHATAUBggqhkiG9w0DBwQIKY5dtf5OOeqAgahu2NkH46BLYa4W734anwXSxL8AbN0QPmgYZ4TAxEG2Tzd7EmFlC1WeG1hi/fGS7aoJ4jzr08N25QZyvcAKwF4Ud2ycMRvmoPqHwFtlxF+vQ4yDGwjUuMcwK8+yhOwuCD4ElHoGp1A7SzPGsjrFBaComuzzdBSuuIXoS8v/l7BKOepUJkpAj2lhshh562GvUqY8UtanV5QY5pN9wEIkx1zZrvcfh8YUQFGgggOHMIIDgzCCAuygAwIBAgIBADANBgkqhkiG9w0BAQUFADCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20wHhcNMDQwMjEzMTAxMzE1WhcNMzUwMjEzMTAxMzE1WjCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMFHTt38RMxLXJyO2SmS+Ndl72T7oKJ4u4uw+6awntALWh03PewmIJuzbALScsTS4sZoS1fKciBGoh11gIfHzylvkdNe/hJl66/RGqrj5rFb08sAABNTzDTiqqNpJeBsYs/c2aiGozptX2RlnBktH+SUNpAajW724Nv2Wvhif6sFAgMBAAGjge4wgeswHQYDVR0OBBYEFJaffLvGbxe9WT9S1wob7BDWZJRrMIG7BgNVHSMEgbMwgbCAFJaffLvGbxe9WT9S1wob7BDWZJRroYGUpIGRMIGOMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC1BheVBhbCBJbmMuMRMwEQYDVQQLFApsaXZlX2NlcnRzMREwDwYDVQQDFAhsaXZlX2FwaTEcMBoGCSqGSIb3DQEJARYNcmVAcGF5cGFsLmNvbYIBADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAIFfOlaagFrl71+jq6OKidbWFSE+Q4FqROvdgIONth+8kSK//Y/4ihuE4Ymvzn5ceE3S/iBSQQMjyvb+s2TWbQYDwcp129OPIbD9epdr4tJOUNiSojw7BHwYRiPh58S1xGlFgHFXwrEBb3dgNbMUa+u4qectsMAXpVHnD9wIyfmHMYIBmjCCAZYCAQEwgZQwgY4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLUGF5UGFsIEluYy4xEzARBgNVBAsUCmxpdmVfY2VydHMxETAPBgNVBAMUCGxpdmVfYXBpMRwwGgYJKoZIhvcNAQkBFg1yZUBwYXlwYWwuY29tAgEAMAkGBSsOAwIaBQCgXTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wODAzMjQwMDE3NTBaMCMGCSqGSIb3DQEJBDEWBBS0fFUHov0nsYX2eSAA/ufHpUOIIDANBgkqhkiG9w0BAQEFAASBgHJc/pMXctQsQFliIlc/izXs4whQ5vDPC+UUy+FQ8jKp+lA6as3P5+EXCUOtbx9xTj8HEYwM0DodZv0w+Y6DTo6y/uNzbhOAKSGkml1l6co1WTtKY4axurF/b1lJqZuC1a57qALC72F62OvVeeYILmu6Z/ZIvMaWERL85cwp0mCl-----END PKCS7-----"></form></center>';

    248. 

  248. 	echo '<p>Any small donation would be highly appreciated.</p>';

    249. 

  249. 	echo '<h3>Miscellaneous</h3>';

    250. 

  250. 	echo '<ul>

    251. 

  251. 	<li><a href="http://wordpress-plugins.feifei.us/">Elliott\'s WP Plugins</a></li>

    252. 

  252. 	<li><a href="http://ocaoimh.ie/wordpress-plugins/">Donncha\'s WP Plugins</a></li>

    253. 

  253. 	</ul>';

    254. 

  254. 	echo '<h3>Statistics</h3>';

    255. 

  255. 	echo '<p>'.widget_ratio($options).'</p>';

    256. 

  256. 	echo '</div>';

    257. 

  257. 

    258. 

  258. 	echo '<div class="main">';

    259. 

  259. 	echo '<h2>WordPress Hashcash</h2>';

    260. 

  260. 	echo '<p>This is an antispam plugin that eradicates spam signups on WordPress sites. It works because your visitors must use obfuscated

    261. 

  261. 	javascript to submit a proof-of-work that indicates they opened your website in a web browser, not a robot.  You can read more about it on the 

    262. 

  262. 	<a href="http://wordpress-plugins.feifei.us/hashcash/">WordPress Hashcash plugin page</a> of my site.</p>';

    263. 

  263. 

    264. 

  264. 	echo '<h3>Standard Options</h3>';

    265. 

  265. 	echo '<form method="POST" action="?page=' . $_GET[ 'page' ] . '&updated=true">';

    266. 

  266. 	wp_nonce_field('wphc-options');

    267. 

  267. 	if( function_exists( 'is_site_admin' ) ) { // MU only

    268. 

  268. 		$signup_active = (int)$options[ 'signup_active' ];

    269. 

  269. 		$comments_active = (int)$options[ 'comments_active' ];

    270. 

  270. 		echo "<p><label>Signup protection enabled: <input type='checkbox' name='signup_active' value='1' " . ( $signup_active == '1' ? ' checked' : '' ) . " /></label></p>";

    271. 

  271. 		echo "<p><label>Comments protection enabled: <input type='checkbox' name='comments_active' value='1' " . ( $comments_active == '1' ? ' checked' : '' ) . " /></label></p>";

    272. 

  272. 	}

    273. 

  273. 	// moderation options

    274. 

  274. 	$moderate = htmlspecialchars($options['moderation'], ENT_QUOTES);

    275. 

  275. 	echo '<p><label for="wphc-moderation">' . __('Moderation:', 'wp-hashcash') . '</label>';

    276. 

  276. 	echo '<select id="wphc-moderation" name="wphc-moderation">';

    277. 

  277. 	echo '<option value="moderate"'.($moderate=='moderate'?' selected':'').'>Moderate</option>';

    278. 

  278. 	echo '<option value="akismet"'.($moderate=='akismet'?' selected':'').'>Akismet</option>';

    279. 

  279. 	echo '<option value="delete"'.($moderate=='delete'?' selected':'').'>Delete</option>';

    280. 

  280. 	echo '</select>';

    281. 

  281. 	echo '<br/><span style="color: grey; font-size: 90%;">The default is to place spam comments into the

    282. 

  282. 	akismet/moderation queue. Otherwise, the delete option will immediately discard spam comments.</span>';

    283. 

  283. 	echo '</p>';

    284. 

  284. 

    285. 

  285. 	// refresh interval

    286. 

  286. 	$refresh = htmlspecialchars($options['refresh'], ENT_QUOTES);

    287. 

  287. 	echo '<p><label for="wphc-refresh">' . __('Key Expiry:', 'wp-hashcash').'</label>

    288. 

  288. 		<input style="width: 200px;" id="wphc-refresh" name="wphc-refresh" type="text" value="'.$refresh.'" />

    289. 

  289. 		<br/><span style="color: grey; font-size: 90%;">Default is one week, or <strong>604800</strong> seconds.</p>';

    290. 

  290. 

    291. 

  291. 	// current key

    292. 

  292. 	echo '<p>Your current key is <strong>' . $options['key'][count($options['key']) - 1] . '</strong>.';

    293. 

  293. 	if(count($options['key']) > 1)

    294. 

  294. 		echo ' Previously you had keys '. join(', ', array_reverse(array_slice($options['key'], 0, count($options['key']) - 1))).'.';

    295. 

  295. 	echo '</p>';

    296. 

  296. 

    297. 

  297. 	// additional options

    298. 

  298. 	echo '<h3>Additional options:</h3>';

    299. 

  299. 

    300. 

  300. 	$validate_ip = htmlspecialchars($options['validate-ip'], ENT_QUOTES);

    301. 

  301. 	echo '<p><label for="wphc-validate-ip">Validate IP Address</label>

    302. 

  302. 		<input name="wphc-validate-ip" type="checkbox" id="wphc-validate-ip"'.($validate_ip?' checked':'').'/> 

    303. 

  303. 		<br /><span style="color: grey; font-size: 90%;">

    304. 

  304. 		Checks if the IP address of the trackback sender is equal to the IP address of the webserver the trackback URL is referring to.</span></p>';

    305. 

  305. 

    306. 

  306. 	$validate_url = htmlspecialchars($options['validate-url'], ENT_QUOTES);

    307. 

  307. 	echo '<p><label for="wphc-validate-url">Validate URL</label>

    308. 

  308. 		<input name="wphc-validate-url" type="checkbox" id="wphc-validate-url"'.($validate_url?' checked':'').'/> 

    309. 

  309. 		<br /><span style="color: grey; font-size: 90%;">Retrieves the web page located at the URL included 

    310. 

  310. 		in the trackback to check if it contains a link to your blog.  If it does not, it is spam!</span></p>';

    311. 

  311. 

    312. 

  312. 	// logging options

    313. 

  313. 	echo '<h3>Logging:</h3>';

    314. 

  314. 

    315. 

  315. 	$logging = htmlspecialchars($options['logging'], ENT_QUOTES);

    316. 

  316. 	echo '<p><label for="wphc-logging">Logging</label>

    317. 

  317. 		<input name="wphc-logging" type="checkbox" id="wphc-logging"'.($logging?' checked':'').'/> 

    318. 

  318. 		<br /><span style="color: grey; font-size: 90%;">Logs the reason why a given comment failed the spam

    319. 

  319. 		check into the comment body.  Works only if moderation / akismet mode is enabled.</span></p>';

    320. 

  320. 

    321. 

  321. 	echo '<input type="hidden" id="wphc-submit" name="wphc-submit" value="1" />';

    322. 

  322. 	echo '<input type="submit" id="wphc-submit-override" name="wphc-submit-override" value="Save WP Hashcash Settings"/>';

    323. 

  323. 	echo '</form>';

    324. 

  324. 	echo '</div>';

    325. 

  325. 

    326. 

  326. 	echo '<div class="clear">';

    327. 

  327. 	echo '<p style="text-align: center; font-size: .85em;">&copy; Copyright '.date('Y').' <a href="http://elliottback.com">Elliott B&auml;ck</a></p>';

    328. 

  328. 	echo '</div>';

    329. 

  329. 

    330. 

  330. 	echo '</div>';

    331. 

  331. }

    332. 

  332. 

    333. 

  333. /**

    334. 

  334.  * Add JS to the header

    335. 

  335.  */

    336. 

  336. function wphc_posthead() {

    337. 

  337. 	if( function_exists( 'is_site_admin' ) ) {

    338. 

  338. 		$options = wphc_option();

    339. 

  339. 		if( !$options['comments_active'] )

    340. 

  340. 			return;

    341. 

  341. 	}

    342. 

  342. 	if((is_single() || is_page()))

    343. 

  343. 		wphc_addhead();

    344. 

  344. }

    345. 

  345. add_action('wp_head', 'wphc_posthead');

    346. 

  346. 

    347. 

  347. function wphc_signuphead() {

    348. 

  348. 	if( function_exists( 'is_site_admin' ) ) {

    349. 

  349. 		$options = wphc_option();

    350. 

  350. 		if( !$options['signup_active'] )

    351. 

  351. 			return;

    352. 

  352. 	}

    353. 

  353. 	wphc_addhead();

    354. 

  354. }

    355. 

  355. add_action('signup_header', 'wphc_signuphead');

    356. 

  356. 

    357. 

  357. function wphc_addhead() {

    358. 

  358. 	echo "<script type=\"text/javascript\"><!--\n";

    359. 

  359. 	echo 'function addLoadEvent(func) {

    360. 

  360.   if( typeof jQuery != \'undefined\' ) {

    361. 

  361.     jQuery(document).ready( func );

    362. 

  362.   } else if( typeof Prototype != \'undefined\' ) {

    363. 

  363.     Event.observe( window, \'load\', func );

    364. 

  364.   } else {

    365. 

  365.     var oldonload = window.onload;

    366. 

  366.     if (typeof window.onload != \'function\') {

    367. 

  367.       window.onload = func;

    368. 

  368.     } else {

    369. 

  369.       window.onload = function() {

    370. 

  370.         if (oldonload)

    371. 

  371.           oldonload();

    372. 

  372.         

    373. 

  373.         func();

    374. 

  374.       }

    375. 

  375.     }

    376. 

  376.   }

    377. 

  377. }

    378. 

  378. ';

    379. 

  379. 	echo  wphc_getjs() . "\n";

    380. 

  380. 	echo "addLoadEvent(function(){var el=document.getElementById('wphc_value');if(el)el.value=wphc();});\n";

    381. 

  381. 	echo "//--></script>\n";

    382. 

  382. }

    383. 

  383. 

    384. 

  384. function wphc_getjs(){

    385. 

  385. 	$options = wphc_option();

    386. 

  386. 	$val = $options['key'][count($options['key']) - 1];

    387. 

  387. 	$js = 'function wphc_compute(){';

    388. 

  388. 

    389. 

  389. 	switch(rand(0, 3)){

    390. 

  390. 		/* Addition of n times of field value / n, + modulus:

    391. 

  391. 		 Time guarantee:  100 iterations or less */

    392. 

  392. 		case 0:

    393. 

  393. 			$inc = rand($val / 100, $val - 1);

    394. 

  394. 			$n = floor($val / $inc);

    395. 

  395. 			$r = $val % $inc;

    396. 

  396. 		

    397. 

  397. 			$js .= "var wphc_eax = $inc; ";

    398. 

  398. 			for($i = 0; $i < $n - 1; $i++){

    399. 

  399. 				$js .= "wphc_eax += $inc; ";

    400. 

  400. 			}

    401. 

  401. 			

    402. 

  402. 			$js .= "wphc_eax += $r; ";

    403. 

  403. 			$js .= 'return wphc_eax; ';

    404. 

  404. 			break;

    405. 

  405. 

    406. 

  406. 			/* Conversion from binary:

    407. 

  407. 		Time guarantee:  log(n) iterations or less */

    408. 

  408. 		case 1:

    409. 

  409. 			$binval = strrev(base_convert($val, 10, 2));

    410. 

  410. 			$js .= "var wphc_eax = \"$binval\"; ";

    411. 

  411. 			$js .= 'var wphc_ebx = 0; ';

    412. 

  412. 			$js .= 'var wphc_ecx = 0; ';

    413. 

  413. 			$js .= 'while(wphc_ecx < wphc_eax.length){ ';

    414. 

  414. 			$js .= 'if(wphc_eax.charAt(wphc_ecx) == "1") { ';

    415. 

  415. 			$js .= 'wphc_ebx += Math.pow(2, wphc_ecx); ';

    416. 

  416. 			$js .= '} ';

    417. 

  417. 			$js .= 'wphc_ecx++; ';

    418. 

  418. 			$js .= '} ';

    419. 

  419. 			$js .= 'return wphc_ebx;';

    420. 

  420. 			

    421. 

  421. 		break;

    422. 

  422. 		

    423. 

  423. 		/* Multiplication of square roots:

    424. 

  424. 		Time guarantee:  constant time */

    425. 

  425. 		case 2:

    426. 

  426. 			$sqrt = floor(sqrt($val));

    427. 

  427. 			$r = $val - ($sqrt * $sqrt);

    428. 

  428. 			$js .= "return $sqrt * $sqrt + $r; ";

    429. 

  429. 		break;

    430. 

  430. 		

    431. 

  431. 		/* Sum of random numbers to the final value:

    432. 

  432. 		Time guarantee:  log(n) expected value */

    433. 

  433. 		case 3:

    434. 

  434. 			$js .= 'return ';

    435. 

  435. 	

    436. 

  436. 			$i = 0;

    437. 

  437. 			while($val > 0){

    438. 

  438. 				if($i++ > 0)

    439. 

  439. 					$js .= '+';

    440. 

  440. 				

    441. 

  441. 				$temp = rand(1, $val);

    442. 

  442. 				$val -= $temp;

    443. 

  443. 				$js .= $temp;

    444. 

  444. 			}

    445. 

  445. 	

    446. 

  446. 			$js .= ';';

    447. 

  447. 		break;

    448. 

  448. 	}

    449. 

  449. 		

    450. 

  450. 	$js .= '} wphc_compute();';

    451. 

  451. 	

    452. 

  452. 	// pack bytes

    453. 

  453. 	if( !function_exists( 'strToLongs' ) ) {

    454. 

  454. 	function strToLongs($s) {

    455. 

  455. 		$l = array();

    456. 

  456. 	    

    457. 

  457. 		// pad $s to some multiple of 4

    458. 

  458. 		$s = preg_split('//', $s, -1, PREG_SPLIT_NO_EMPTY);

    459. 

  459. 	    

    460. 

  460. 		while(count($s) % 4 != 0){

    461. 

  461. 			$s [] = ' ';

    462. 

  462. 		}

    463. 

  463. 	

    464. 

  464. 		for ($i = 0; $i < ceil(count($s)/4); $i++) {

    465. 

  465. 			$l[$i] = ord($s[$i*4]) + (ord($s[$i*4+1]) << 8) + (ord($s[$i*4+2]) << 16) + (ord($s[$i*4+3]) << 24);

    466. 

  466. 	    	}

    467. 

  467. 	

    468. 

  468. 		return $l;

    469. 

  469. 	}

    470. 

  470. 	}

    471. 

  471. 	

    472. 

  472. 	// xor all the bytes with a random key

    473. 

  473. 	$key = rand(21474836, 2126008810);

    474. 

  474. 	$js = strToLongs($js);

    475. 

  475. 	

    476. 

  476. 	for($i = 0; $i < count($js); $i++){

    477. 

  477. 		$js[$i] = $js[$i] ^ $key;

    478. 

  478. 	}

    479. 

  479. 	

    480. 

  480. 	// libs function encapsulation

    481. 

  481. 	$libs = "function wphc(){\n";

    482. 

  482. 	

    483. 

  483. 	// write bytes to javascript, xor with key

    484. 

  484. 	$libs .= "\tvar wphc_data = [".join(',',$js)."]; \n";

    485. 

  485. 	

    486. 

  486. 	// do the xor with key

    487. 

  487. 	$libs .= "\n\tfor (var i=0; i<wphc_data.length; i++){\n";

    488. 

  488. 	$libs .= "\t\twphc_data[i]=wphc_data[i]^$key;\n";

    489. 

  489. 	$libs .= "\t}\n";

    490. 

  490. 	

    491. 

  491. 	// convert bytes back to string

    492. 

  492. 	$libs .= "\n\tvar a = new Array(wphc_data.length); \n";

    493. 

  493. 	$libs .= "\tfor (var i=0; i<wphc_data.length; i++) { \n";

    494. 

  494. 	$libs .= "\t\ta[i] = String.fromCharCode(wphc_data[i] & 0xFF, wphc_data[i]>>>8 & 0xFF, ";

    495. 

  495. 	$libs .= "wphc_data[i]>>>16 & 0xFF, wphc_data[i]>>>24 & 0xFF);\n";

    496. 

  496. 	$libs .= "\t}\n";

    497. 

  497. 	

    498. 

  498. 	$libs .= "\n\treturn eval(a.join('')); \n";

    499. 

  499. 	

    500. 

  500. 	// call libs function

    501. 

  501. 	$libs .= "}";

    502. 

  502. 	

    503. 

  503. 	// return code

    504. 

  504. 	return $libs;

    505. 

  505. }

    506. 

  506. 

    507. 

  507. /**

    508. 

  508.  * Hook into the signups form

    509. 

  509.  */

    510. 

  510. function wphc_add_signupform(){

    511. 

  511. 	echo '<input type="hidden" id="wphc_value" name="wphc_value" value=""/>';

    512. 

  512. }

    513. 

  513. add_action('signup_hidden_fields', 'wphc_add_signupform');

    514. 

  514. add_action('bp_after_registration_submit_buttons', 'wphc_add_signupform');

    515. 

  515. 

    516. 

  516. function wphc_add_commentform(){

    517. 

  517. 	$options = wphc_option();

    518. 

  518. 	

    519. 

  519. 	switch($options['moderation']){

    520. 

  520. 		case 'delete':

    521. 

  521. 			$verb = 'deleted';

    522. 

  522. 			break;

    523. 

  523. 		case 'akismet':

    524. 

  524. 			$verb = 'queued in Akismet';

    525. 

  525. 			break;

    526. 

  526. 		case 'moderate':

    527. 

  527. 		default:

    528. 

  528. 			$verb = 'placed in moderation';

    529. 

  529. 			break;

    530. 

  530. 	}

    531. 

  531. 	

    532. 

  532. 	echo '<div><input type="hidden" id="wphc_value" name="wphc_value" value=""/></div>';

    533. 

  533. 	echo '<p>' . __('Powered by', 'wp-hashcash') . ' <a href="http://wordpress-plugins.feifei.us/hashcash/">WP Hashcash</a></p>';

    534. 

  534. 	echo '<noscript><div><small>Wordpress Hashcash needs javascript to work, but your browser has javascript disabled. Your comment will be '.$verb.'!</small></div></noscript>';

    535. 

  535. }

    536. 

  536. 

    537. 

  537. add_action('comment_form', 'wphc_add_commentform');

    538. 

  538. 

    539. 

  539. /**

    540. 

  540.  * Validate our tag

    541. 

  541.  */

    542. 

  542. 

    543. 

  543. function wphc_check_signup_hidden_tag( $result ) {

    544. 

  544. 	// get our options

    545. 

  545. 	$options = wphc_option();

    546. 

  546. 	$spam = false;

    547. 

  547. 	if( !strpos( $_SERVER[ 'PHP_SELF' ], 'wp-signup.php' ) )

    548. 

  548. 		return $result;

    549. 

  549. 

    550. 

  550. 	// Check the wphc values against the last five keys

    551. 

  551. 	$spam = !in_array($_POST["wphc_value"], $options['key']);

    552. 

  552. 	

    553. 

  553. 	if($spam){

    554. 

  554. 		$options['signups-spam'] = ((int) $options['signups-spam']) + 1;

    555. 

  555. 		wphc_option($options);

    556. 

  556. 		$result['errors']->add( 'blogname', __('You did not pass a spam check. Please enable JavaScript in your browser.') );

    557. 

  557. 	} else {

    558. 

  558. 		$options['signups-ham'] = ((int) $options['signups-ham']) + 1;

    559. 

  559. 		wphc_option($options);

    560. 

  560. 	}

    561. 

  561. 	

    562. 

  562. 	return $result;

    563. 

  563. }

    564. 

  564. 

    565. 

  565. add_filter( 'wpmu_validate_blog_signup', 'wphc_check_signup_hidden_tag' );

    566. 

  566. add_filter( 'wpmu_validate_user_signup', 'wphc_check_signup_hidden_tag' );

    567. 

  567. 

    568. 

  568. function wphc_check_signup_for_bp(){

    569. 

  569. 	global $bp;

    570. 

  570. 

    571. 

  571. 	// get our options

    572. 

  572. 	$options = wphc_option();

    573. 

  573. 	$spam = false;

    574. 

  574. 

    575. 

  575. 	// Check the wphc values against the last five keys

    576. 

  576. 	$spam = !in_array($_POST["wphc_value"], $options['key']);

    577. 

  577. 

    578. 

  578. 	if($spam){

    579. 

  579. 		$options['signups-spam'] = ((int) $options['signups-spam']) + 1;

    580. 

  580. 		wphc_option($options);

    581. 

  581. 		$bp->signup->errors['spam'] = __('You did not pass a spam check. Please enable JavaScript in your browser.');

    582. 

  582. 	} else {

    583. 

  583. 		$options['signups-ham'] = ((int) $options['signups-ham']) + 1;

    584. 

  584. 		wphc_option($options);

    585. 

  585. 	}

    586. 

  586. }

    587. 

  587. 

    588. 

  588. add_action('bp_signup_validate', 'wphc_check_signup_for_bp');

    589. 

  589. 

    590. 

  590. function wphc_error_hook_register_page(){

    591. 

  591. 	do_action('bp_spam_errors');

    592. 

  592. }

    593. 

  593. 

    594. 

  594. add_action('bp_before_register_page', 'wphc_error_hook_register_page');

    595. 

  595. 

    596. 

  596. function wphc_check_hidden_tag($comment) {

    597. 

  597. 	// admins can do what they like

    598. 

  598. 	if( is_admin() )

    599. 

  599. 		return $comment;

    600. 

  600. 	

    601. 

  601. 	// get our options

    602. 

  602. 	$type = $comment['comment_type'];

    603. 

  603. 	$options = wphc_option();

    604. 

  604. 	$spam = false;

    605. 

  605. 

    606. 

  606. 	if($type == "trackback" || $type == "pingback"){

    607. 

  607. 		// check the website's IP against the url it's sending as a trackback

    608. 

  608. 		if($options['validate-ip']){

    609. 

  609. 			$server_ip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];

    610. 

  610. 			$web_ip = gethostbyname(parse_url($comment['comment_author_url'], PHP_URL_HOST));

    611. 

  611. 			$ipv = $server_ip != $web_ip;

    612. 

  612. 			$spam = $spam || ($ipv);

    613. 

  613. 			

    614. 

  614. 			if($options['logging'] && $ipv) $comment['comment_content'] .= "\n\n[WORDPRESS HASHCASH] The comment's server IP (".$server_ip.") doesn't match the"

    615. 

  615. 				. " comment's URL host IP (".$web_ip.") and so is spam.";

    616. 

  616. 		}

    617. 

  617. 

    618. 

  618. 		// look for our link in the page itself

    619. 

  619. 		if(!$spam && $options['validate-url']){

    620. 

  620. 			if(!class_exists('Snoopy'))

    621. 

  621. 				require_once( ABSPATH . WPINC . '/class-snoopy.php' );

    622. 

  622. 				

    623. 

  623. 			$permalink = get_permalink($comment['comment_post_ID']);

    624. 

  624. 			$permalink = preg_replace('/\/$/', '', $permalink);

    625. 

  625. 			$snoop = new Snoopy;

    626. 

  626. 			

    627. 

  627. 			if (@$snoop->fetchlinks($comment['comment_author_url'])){

    628. 

  628. 				$found = false;

    629. 

  629. 				

    630. 

  630. 				if( !empty( $snoop->results ) )

    631. 

  631. 				{

    632. 

  632. 					foreach($snoop->results as $url){

    633. 

  633. 						$url = preg_replace('/(\/|\/trackback|\/trackback\/)$/', '', $url);

    634. 

  634. 						if($url == $permalink)

    635. 

  635. 							$found = true;	

    636. 

  636. 					}

    637. 

  637. 				}

    638. 

  638. 				

    639. 

  639. 				if($options['logging'] && !$found) 

    640. 

  640. 					$comment['comment_content'] .= "\n\n[WORDPRESS HASHCASH] The comment's actual post text did not contain your blog url (".$permalink.") and so is spam.";

    641. 

  641. 				

    642. 

  642. 				$spam = $spam || !$found;

    643. 

  643. 			} else {

    644. 

  644. 				$spam = true;

    645. 

  645. 				if($options['logging']) 

    646. 

  646. 					$comment['comment_content'] .= "\n\n[WORDPRESS HASHCASH] Snoopy failed to fetch results for the comment blog url (".$comment['comment_author_url'].") with error '".$snoop->error."' and so is spam.";

    647. 

  647. 			}

    648. 

  648. 		}

    649. 

  649. 	} else {

    650. 

  650. 		// Check the wphc values against the last five keys

    651. 

  651. 		$spam = !in_array($_POST["wphc_value"], $options['key']);

    652. 

  652. 		if($options['logging'] && $spam)

    653. 

  653. 			$comment['comment_content'] .= "\n\n[WORDPRESS HASHCASH] The poster sent us '".intval($_POST["wphc_value"])." which is not a hashcash value.";

    654. 

  654. 	}

    655. 

  655. 	

    656. 

  656. 	if($spam){

    657. 

  657. 		$options['comments-spam'] = ((int) $options['comments-spam']) + 1;

    658. 

  658. 		wphc_option($options);

    659. 

  659. 			

    660. 

  660. 		switch($options['moderation']){

    661. 

  661. 			case 'delete':

    662. 

  662. 				add_filter('comment_post', create_function('$id', 'wp_delete_comment($id); die(\'This comment has been deleted by WP Hashcash\');'));

    663. 

  663. 				break;

    664. 

  664. 			case 'akismet':

    665. 

  665. 				add_filter('pre_comment_approved', create_function('$a', 'return \'spam\';'));

    666. 

  666. 				break;

    667. 

  667. 			case 'moderate':

    668. 

  668. 			default:

    669. 

  669. 				add_filter('pre_comment_approved', create_function('$a', 'return 0;'));

    670. 

  670. 				break;

    671. 

  671. 		}

    672. 

  672. 	} else {

    673. 

  673. 		$options['comments-ham'] = ((int) $options['comments-ham']) + 1;

    674. 

  674. 		wphc_option($options);

    675. 

  675. 	}

    676. 

  676. 	

    677. 

  677. 	return $comment;

    678. 

  678. }

    679. 

  679. 

    680. 

  680. add_filter('preprocess_comment', 'wphc_check_hidden_tag');

    681. 

  681. ?>

    682. 

  682.