PageRenderTime 48ms CodeModel.GetById 20ms RepoModel.GetById 0ms app.codeStats 0ms

/system/plugins/spamchecker/spamchecker.plugin.php

https://github.com/HabariMag/habarimag-old
PHP | 239 lines | 179 code | 19 blank | 41 comment | 20 complexity | a96f131b44e6f1273fcb80f6ad2b4f01 MD5 | raw file
Possible License(s): Apache-2.0 
    

  1. <?php
    2. 

  2. 

  3. /**
    4. 

  4.  * SpamChecker Class
    5. 

  5.  *
    6. 

  6.  * This class implements first round spam checking.
    7. 

  7.  *
    8. 

  8.  **/
    9. 

  9. 

  10. class SpamChecker extends Plugin
    11. 

  11. {
    12. 

  12. 

  13. 	/**
    14. 

  14. 	 * function act_comment_insert_before
    15. 

  15. 	 * This function is executed when the action "comment_insert_before"
    16. 

  16. 	 * is invoked from a Comment object.
    17. 

  17. 	 * The parent class, Plugin, handles registering the action
    18. 

  18. 	 * and hook name using the name of the function to determine
    19. 

  19. 	 * where it will be applied.
    20. 

  20. 	 * You can still register functions as hooks without using
    21. 

  21. 	 * this method, but boy, is it handy.
    22. 

  22. 	 * @param Comment The comment that will be processed before storing it in the database.
    23. 

  23. 	 **/
    24. 

  24. 	function action_comment_insert_before ( $comment )
    25. 

  25. 	{
    26. 

  26. 		// This plugin ignores non-comments
    27. 

  27. 		if ($comment->type != Comment::COMMENT) {
    28. 

  28. 			return;
    29. 

  29. 		}
    30. 

  30. 

  31. 		$spamcheck = array();
    32. 

  32. 

  33. 		// <script> is bad, mmmkay?
    34. 

  34. 		$comment->content = InputFilter::filter($comment->content);
    35. 

  35. 

  36. 		// first, check the commenter's name
    37. 

  37. 		// if it's only digits, then we can discard this comment
    38. 

  38. 		if ( preg_match( "/^\d+$/", $comment->name ) ) {
    39. 

  39. 			$comment->status = Comment::STATUS_SPAM;
    40. 

  40. 			$spamcheck[] = _t('Commenters with numeric names are spammy.');
    41. 

  41. 		}
    42. 

  42. 

  43. 		// now look at the comment text
    44. 

  44. 		// if it's digits only, discard it
    45. 

  45. 		$textonly = strip_tags( $comment->content );
    46. 

  46. 

  47. 		if ( preg_match( "/^\d+$/", $textonly ) ) {
    48. 

  48. 			$comment->status = Comment::STATUS_SPAM;
    49. 

  49. 			$spamcheck[] = _t('Comments that are only numeric are spammy.');
    50. 

  50. 		}
    51. 

  51. 

  52. 		// is the content whitespaces only?
    53. 

  53. 		if ( preg_match( "/\A\s+\z/", $textonly ) ) {
    54. 

  54. 			$comment->status = Comment::STATUS_SPAM;
    55. 

  55. 			$spamcheck[] = _t('Comments that are only whitespace characters are spammy.');
    56. 

  56. 		}
    57. 

  57. 

  58. 		// is the content the single word "array"?
    59. 

  59. 		if ( 'array' == strtolower( $textonly ) ) {
    60. 

  60. 			$comment->status = Comment::STATUS_SPAM;
    61. 

  61. 			$spamcheck[] = _t('Comments that are only "array" are spammy.');
    62. 

  62. 		}
    63. 

  63. 

  64. 		// is the content the same as the name?
    65. 

  65. 		if ( strtolower( $textonly ) == strtolower( $comment->name ) ) {
    66. 

  66. 			$comment->status = Comment::STATUS_SPAM;
    67. 

  67. 			$spamcheck[] = _t('Comments that consist of only the commenters name are spammy.');
    68. 

  68. 		}
    69. 

  69. 

  70. 		// a lot of spam starts with "<strong>some text...</strong>"
    71. 

  71. 		if ( preg_match( "#^<strong>[^.]+\.\.\.</strong>#", $comment->content ) )
    72. 

  72. 		{
    73. 

  73. 			$comment->status = Comment::STATUS_SPAM;
    74. 

  74. 			$spamcheck[] = _t('Comments that start with strong text are spammy.');
    75. 

  75. 		}
    76. 

  76. 

  77. 		// are there more than 3 URLs posted?  If so, it's almost certainly spam
    78. 

  78. 		if ( preg_match_all( "#https?://#", strtolower( $comment->content ), $matches, PREG_SET_ORDER ) > 3 ) {
    79. 

  79. 			$comment->status = Comment::STATUS_SPAM;
    80. 

  80. 			$spamcheck[] = _t('There is a 3 URL limit in comments.');
    81. 

  81. 		}
    82. 

  82. 

  83. 		// are there more than 3 URLencoded characters in the content?
    84. 

  84. 		if ( preg_match_all( "/%[0-9a-f]{2}/", strtolower( $comment->content ), $matches, PREG_SET_ORDER ) > 3 ) {
    85. 

  85. 			$comment->status = Comment::STATUS_SPAM;
    86. 

  86. 			$spamcheck[] = _t('There is a 3 URL-encoded character limit in comments.');
    87. 

  87. 		}
    88. 

  88. 

  89. 		// Was the tcount high enough?
    90. 

  90. 		/* // This only works with special javascript running on comment form
    91. 

  91. 		if ( empty($handlervars['tcount']) || $handlervars['tcount'] < 10 ) {
    92. 

  92. 			$comment->status = Comment::STATUS_SPAM;
    93. 

  93. 			$spamcheck[] = _t('Commenter did not actually type content.');
    94. 

  94. 		}
    95. 

  95. 		*/
    96. 

  96. 

  97. 		// We don't allow bbcode here, silly
    98. 

  98. 		if ( stripos($comment->content, '[url=') !== false ) {
    99. 

  99. 			$comment->status = Comment::STATUS_SPAM;
    100. 

  100. 			$spamcheck[] = _t('We do not accept BBCode here.');
    101. 

  101. 		}
    102. 

  102. 

  103. 		// Must have less than half link content
    104. 

  104. 		$nonacontent = strip_tags(preg_replace('/<a.*?<\/a/i', '', $comment->content));
    105. 

  105. 		$text_length = strlen( $textonly );
    106. 

  106. 		if ( strlen($nonacontent) / ( $text_length == 0 ? 1 : $text_length) < 0.5 ) {
    107. 

  107. 			$comment->status = Comment::STATUS_SPAM;
    108. 

  108. 			$spamcheck[] = _t('Too much text that is a link compared to that which is not.');
    109. 

  109. 		}
    110. 

  110. 

  111. 		// Only do db checks if it's not already spam
    112. 

  112. 		if ($comment->status != Comment::STATUS_SPAM) {
    113. 

  113. 			$spams = DB::get_value('SELECT count(*) FROM ' . DB::table('comments') . ' WHERE status = ? AND ip = ?', array(Comment::STATUS_SPAM, $comment->ip));
    114. 

  114. 			// If you've already got two spams on your IP address, all you ever do is spam
    115. 

  115. 			if ($spams > 1) {
    116. 

  116. 				$comment->status = Comment::STATUS_SPAM;
    117. 

  117. 				$spamcheck[] = sprintf(_t('Too many existing spams from this IP: %s'), long2ip($comment->ip));
    118. 

  118. 			}
    119. 

  119. 		}
    120. 

  120. 

  121. 		// Any commenter that takes longer than the session timeout is automatically moderated
    122. 

  122. 		if (!isset($_SESSION['comments_allowed']) || ! in_array(Controller::get_var('ccode'), $_SESSION['comments_allowed'])) {
    123. 

  123. 			$comment->status = Comment::STATUS_UNAPPROVED;
    124. 

  124. 			$spamcheck[] = _t("The commenter's session timed out.");
    125. 

  125. 		}
    126. 

  126. 

  127. 		if ( isset($comment->info->spamcheck) && is_array($comment->info->spamcheck)) {
    128. 

  128. 			$comment->info->spamcheck = array_unique(array_merge($comment->info->spamcheck, $spamcheck));
    129. 

  129. 		}
    130. 

  130. 		else {
    131. 

  131. 			$comment->info->spamcheck = $spamcheck;
    132. 

  132. 		}
    133. 

  133. 

  134. 		// otherwise everything looks good
    135. 

  135. 		// so continue processing the comment
    136. 

  136. 		return;
    137. 

  137. 	}
    138. 

  138. 

  139. 

  140. 	/**
    141. 

  141. 	 * Add a rule to replace the existing rule for creating a comment post url
    142. 

  142. 	 *
    143. 

  143. 	 * @param array $rules The array of rewrite rules to route incoming URL requests to handlers
    144. 

  144. 	 * @return array The modified rules array
    145. 

  145. 	 */
    146. 

  146. 	public function filter_rewrite_rules($rules)
    147. 

  147. 	{
    148. 

  148. 		$rules[] = new RewriteRule(array(
    149. 

  149. 			'name' => 'submit_feedback',
    150. 

  150. 			'parse_regex' => '/^(?P<id>([0-9]+))\/(?P<ccode>([0-9a-f]+))\/feedback[\/]{0,1}$/i',
    151. 

  151. 			'build_str' => '{$id}/{$ccode}/feedback',
    152. 

  152. 			'handler' => 'FeedbackHandler',
    153. 

  153. 			'action' => 'add_comment',
    154. 

  154. 			'priority' => 7,
    155. 

  155. 			'is_active' => 1,
    156. 

  156. 		));
    157. 

  157. 

  158. 		return $rules;
    159. 

  159. 	}
    160. 

  160. 

  161. 	/**
    162. 

  162. 	 * Change some outgoing arguments supplied to rewrite rules during URL generation
    163. 

  163. 	 *
    164. 

  164. 	 * @param array $args The arguments passed to build a URL
    165. 

  165. 	 * @param string $rulename The name of the URL that is to be built
    166. 

  166. 	 * @return array The modified arguments
    167. 

  167. 	 */
    168. 

  168. 	public function filter_rewrite_args($args, $rulename)
    169. 

  169. 	{
    170. 

  170. 		switch ($rulename) {
    171. 

  171. 		case 'submit_feedback':
    172. 

  172. 			$args['ccode'] = $this->get_code($args['id']);
    173. 

  173. 			if ( !isset($_SESSION['comments_allowed'])) {
    174. 

  174. 				$_SESSION['comments_allowed'] = array();
    175. 

  175. 			}
    176. 

  176. 			$_SESSION['comments_allowed'][] = $args['ccode'];
    177. 

  177. 			// Only allow comments on the last 10 posts you look at
    178. 

  178. 			$_SESSION['comments_allowed'] = array_slice($_SESSION['comments_allowed'], -10);
    179. 

  179. 			break;
    180. 

  180. 		}
    181. 

  181. 

  182. 		return $args;
    183. 

  183. 	}
    184. 

  184. 

  185. 	/**
    186. 

  186. 	 * Ensure that the code assigned to this user for their commenting URL is genuine
    187. 

  187. 	 *
    188. 

  188. 	 * @param float $spam_rating The spamminess of the comment as detected by other plugins
    189. 

  189. 	 * @param Comment $comment The submitted comment object
    190. 

  190. 	 * @param array $handlervars An array of handlervars passed in via the comment submission URL
    191. 

  191. 	 * @return float The original spam rating
    192. 

  192. 	 */
    193. 

  193. 	function filter_spam_filter( $spam_rating, $comment, $handlervars )
    194. 

  194. 	{
    195. 

  195. 		// This plugin ignores non-comments
    196. 

  196. 		if ($comment->type != Comment::COMMENT) {
    197. 

  197. 			return $spam_rating;
    198. 

  198. 		}
    199. 

  199. 

  200. 		if (!$this->verify_code($handlervars['ccode'], $comment->post_id)) {
    201. 

  201. 			ob_end_clean();
    202. 

  202. 			header( 'HTTP/1.1 403 Forbidden', true, 403 );
    203. 

  203. 			die('<h1>' . _t('The selected action is forbidden.') . '</h1>');
    204. 

  204. 		}
    205. 

  205. 

  206. 		return $spam_rating;
    207. 

  207. 	}
    208. 

  208. 

  209. 	/**
    210. 

  210. 	 * Get a 10-digit hex code that identifies the user submitting the comment
    211. 

  211. 	 * @param A post id to which the comment will be submitted
    212. 

  212. 	 * @param The IP address of the commenter
    213. 

  213. 	 * @return A 10-digit hex code
    214. 

  214. 	 **/
    215. 

  215. 	public function get_code($post_id, $ip = '')
    216. 

  216. 	{
    217. 

  217. 		if ( $ip == '' ) {
    218. 

  218. 			$ip = sprintf( "%u", ip2long( Utils::get_ip() ) );
    219. 

  219. 		}
    220. 

  220. 		$code = substr( md5( $post_id . Options::get( 'GUID' ) . 'more salt' . $ip ), 0, 10 );
    221. 

  221. 		$code = Plugins::filter( 'comment_code', $code, $post_id, $ip );
    222. 

  222. 		return $code;
    223. 

  223. 	}
    224. 

  224. 

  225. 	/**
    226. 

  226. 	 * Verify a 10-digit hex code that identifies the user submitting the comment
    227. 

  227. 	 * @param A post id to which the comment has been submitted
    228. 

  228. 	 * @param The IP address of the commenter
    229. 

  229. 	 * @return True if the code is valid, false if not
    230. 

  230. 	 **/
    231. 

  231. 	public function verify_code($suspect_code, $post_id, $ip = '')
    232. 

  232. 	{
    233. 

  233. 		$code = $this->get_code( $post_id, $ip );
    234. 

  234. 		return ( $suspect_code == $code );
    235. 

  235. 	}
    236. 

  236. 

  237. }
    238. 

  238. 

  239. ?>
    240. 

  240.