Spam protection, AntiSpam, FireWall by CleanTalk - Version 4.0

Version Description

2014-10-06 = * Improved anti spam protection for custom contact forms. * Improved anti spam protection for registration forms.

Download this release

Release Info

Developer shagimuratov
Plugin Icon 128x128 Spam protection, AntiSpam, FireWall by CleanTalk
Version 4.0
Comparing to
See all releases

Code changes from version 3.9 to 4.0

Files changed (5) hide show
  1. cleantalk.php +112 -45
  2. readme.txt +10 -3
  3. screenshot-1.png +0 -0
  4. screenshot-2.png +0 -0
  5. screenshot-3.png +0 -0
cleantalk.php CHANGED
@@ -3,14 +3,14 @@
3
  Plugin Name: Anti-spam by CleanTalk
4
  Plugin URI: http://cleantalk.org
5
  Description: Cloud antispam for comments, registrations and contacts. The plugin doesn't use CAPTCHA, Q&A, math, counting animals or quiz to stop spam bots.
6
- Version: 3.9
7
- Author: СleanTalk <welcome@cleantalk.ru>
8
  Author URI: http://cleantalk.org
9
  */
10
 
11
  define('CLEANTALK_PLUGIN_DIR', plugin_dir_path(__FILE__));
12
 
13
- $ct_agent_version = 'wordpress-39';
14
  $ct_plugin_name = 'Anti-spam by CleanTalk';
15
  $ct_checkjs_frm = 'ct_checkjs_frm';
16
  $ct_checkjs_register_form = 'ct_checkjs_register_form';
@@ -198,7 +198,6 @@ function ct_init() {
198
  $_SESSION[$ct_formtime_label] = time();
199
  }
200
 
201
- ct_cookies_test();
202
 
203
  add_action('comment_form', 'ct_comment_form');
204
 
@@ -243,6 +242,8 @@ function ct_init() {
243
  // Load JS code to website footer for contact forms
244
  //
245
  if (ct_is_user_enable()) {
 
 
246
  $options = get_option('cleantalk_settings');
247
  if (isset($options['general_contact_forms_test']) && $options['general_contact_forms_test'] == 1) {
248
 
@@ -292,7 +293,10 @@ function ct_def_options() {
292
  'next_account_status_check' => 0, // Time label when the plugin should check account status
293
  'user_token' => '', // User token
294
  'relevance_test' => 0, // Test comment for relevance
295
- 'notice_api_errors' => 0 // Send API error notices to WP admin
 
 
 
296
  );
297
  }
298
 
@@ -431,7 +435,7 @@ function ct_cookies_test ($test = false) {
431
  $result = 0;
432
  }
433
  }
434
-
435
  return $result;
436
  }
437
 
@@ -538,14 +542,14 @@ function ct_footer_add_cookie() {
538
 
539
  /**
540
  * Adds hidden filed to define avaialbility of client's JavaScript
541
- * @param int $post_id Post ID, not used
542
  */
543
- function ct_add_hidden_fields($post_id = null, $field_name = 'ct_checkjs', $return_string = false, $cookie_check = false) {
544
  global $ct_checkjs_def, $ct_plugin_name;
545
 
546
- $ct_checkjs_key = ct_get_checkjs_value();
 
547
 
548
-
549
  if ($cookie_check) {
550
  $html = '
551
  <script type="text/javascript">
@@ -554,16 +558,18 @@ function ctSetCookie(c_name, value) {
554
  }
555
  ctSetCookie("%s", "%s");
556
  </script>
557
- ';
558
  $html = sprintf($html, $field_name, $ct_checkjs_key);
559
  } else {
560
- $field_id = $field_name . '_' . md5(rand(0, 1000));
561
- $html = '
 
 
562
  <input type="hidden" id="%s" name="%s" value="%s" />
563
  <script type="text/javascript">
564
  var ct_input_name = \'%s\';
565
  var ct_input_value = document.getElementById(ct_input_name).value;
566
- var ct_input_challenge = \'%s\';
567
  document.getElementById(ct_input_name).value = document.getElementById(ct_input_name).value.replace(ct_input_value, ct_input_challenge);
568
  if (document.getElementById(ct_input_name).value == ct_input_value) {
569
  document.getElementById(ct_input_name).value = ct_set_challenge(ct_input_challenge);
@@ -573,7 +579,7 @@ function ct_set_challenge(val) {
573
  };
574
  </script>
575
  ';
576
- $html = sprintf($html, $field_id, $field_name, $ct_checkjs_def, $field_id, $ct_checkjs_key);
577
  };
578
 
579
  $html .= '<noscript><p><b>Please enable JavaScript to pass anti-spam protection!</b><br />Here are the instructions how to enable JavaScript in your web browser <a href="http://www.enable-javascript.com" rel="nofollow" target="_blank">http://www.enable-javascript.com</a>.<br />' . $ct_plugin_name . '.</p></noscript>';
@@ -901,7 +907,8 @@ function ct_die_extended($comment_body) {
901
  * Validates JavaScript anti-spam test
902
  *
903
  */
904
- function js_test($field_name = 'ct_checkjs', $data = null) {
 
905
  $checkjs = null;
906
  $js_post_value = null;
907
 
@@ -910,12 +917,30 @@ function js_test($field_name = 'ct_checkjs', $data = null) {
910
 
911
  if (isset($data[$field_name])) {
912
  $js_post_value = $data[$field_name];
913
- $ct_challenge = ct_get_checkjs_value();
914
- if(preg_match("/$ct_challenge/", $js_post_value)) {
915
- $checkjs = 1;
 
 
 
 
 
 
 
 
 
 
916
  } else {
917
- $checkjs = 0;
 
 
 
 
 
 
918
  }
 
 
919
  }
920
 
921
  return $checkjs;
@@ -1069,12 +1094,45 @@ function ct_plugin_active($plugin_name){
1069
  * Get ct_get_checkjs_value
1070
  * @return string
1071
  */
1072
- function ct_get_checkjs_value() {
1073
  $options = ct_get_options();
1074
 
1075
- $salt = $options['apikey'] . '+' . get_option('admin_email');
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1076
 
1077
- return md5($salt);
1078
  }
1079
 
1080
 
@@ -1090,7 +1148,7 @@ function ct_register_form() {
1090
  return false;
1091
  }
1092
 
1093
- ct_add_hidden_fields(null, $ct_checkjs_register_form, false);
1094
 
1095
  return null;
1096
  }
@@ -1190,34 +1248,33 @@ function ct_registration_errors($errors, $sanitized_user_login = null, $user_ema
1190
  $buddypress = true;
1191
  }
1192
 
1193
- $submit_time = submit_time_test();
1194
-
1195
  $options = ct_get_options();
1196
  if ($options['registrations_test'] == 0) {
1197
  return $errors;
1198
  }
 
 
 
 
1199
 
1200
- $checkjs = js_test($ct_checkjs_register_form, $_POST);
1201
-
 
1202
  //
1203
  // This hack can be helpfull when plugin uses with untested themes&signups plugins.
1204
  //
1205
  if ($checkjs === null) {
1206
  $checkjs = js_test('ct_checkjs', $_COOKIE);
 
1207
  }
1208
 
1209
- require_once('cleantalk.class.php');
1210
-
1211
- $sender_info = get_sender_info();
1212
  $sender_info = json_encode($sender_info);
1213
  if ($sender_info === false) {
1214
  $sender_info= '';
1215
  }
1216
-
1217
- $sender_email = $user_email;
1218
-
1219
  $config = get_option('cleantalk_server');
1220
-
1221
  $ct = new Cleantalk();
1222
  $ct->work_url = $config['ct_work_url'];
1223
  $ct->server_url = $options['server'];
@@ -1228,7 +1285,7 @@ function ct_registration_errors($errors, $sanitized_user_login = null, $user_ema
1228
 
1229
  $ct_request = new CleantalkRequest();
1230
  $ct_request->auth_key = $options['apikey'];
1231
- $ct_request->sender_email = $sender_email;
1232
  $ct_request->sender_ip = $ct->ct_session_ip($_SERVER['REMOTE_ADDR']);
1233
  $ct_request->sender_nickname = $sanitized_user_login;
1234
  $ct_request->agent = $ct_agent_version;
@@ -1707,13 +1764,7 @@ function ct_contact_form_validate () {
1707
  }
1708
 
1709
  $checkjs = js_test('ct_checkjs', $_COOKIE);
1710
-
1711
- $sender_info = get_sender_info();
1712
- $sender_info = json_encode($sender_info);
1713
- if ($sender_info === false) {
1714
- $sender_info= '';
1715
- }
1716
-
1717
  $post_info['comment_type'] = 'feedback_general_contact_form';
1718
  $post_info = json_encode($post_info);
1719
  if ($post_info === false) {
@@ -1725,9 +1776,25 @@ function ct_contact_form_validate () {
1725
  $subject = '';
1726
  $message = '';
1727
  $contact_form = false;
 
1728
  foreach ($_POST as $k => $v) {
1729
- if ($sender_email === null && isset($v) && is_string($v) && preg_match("/^\S+@\S+\.\S+$/", $v)) {
1730
- $sender_email = $v;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1731
  }
1732
  if ($sender_nickname === null && ct_get_data_from_submit($k, 'name')) {
1733
  $sender_nickname = $v;
3
  Plugin Name: Anti-spam by CleanTalk
4
  Plugin URI: http://cleantalk.org
5
  Description: Cloud antispam for comments, registrations and contacts. The plugin doesn't use CAPTCHA, Q&A, math, counting animals or quiz to stop spam bots.
6
+ Version: 4.0
7
+ Author: СleanTalk <welcome@cleantalk.org>
8
  Author URI: http://cleantalk.org
9
  */
10
 
11
  define('CLEANTALK_PLUGIN_DIR', plugin_dir_path(__FILE__));
12
 
13
+ $ct_agent_version = 'wordpress-40';
14
  $ct_plugin_name = 'Anti-spam by CleanTalk';
15
  $ct_checkjs_frm = 'ct_checkjs_frm';
16
  $ct_checkjs_register_form = 'ct_checkjs_register_form';
198
  $_SESSION[$ct_formtime_label] = time();
199
  }
200
 
 
201
 
202
  add_action('comment_form', 'ct_comment_form');
203
 
242
  // Load JS code to website footer for contact forms
243
  //
244
  if (ct_is_user_enable()) {
245
+ ct_cookies_test();
246
+
247
  $options = get_option('cleantalk_settings');
248
  if (isset($options['general_contact_forms_test']) && $options['general_contact_forms_test'] == 1) {
249
 
293
  'next_account_status_check' => 0, // Time label when the plugin should check account status
294
  'user_token' => '', // User token
295
  'relevance_test' => 0, // Test comment for relevance
296
+ 'notice_api_errors' => 0, // Send API error notices to WP admin
297
+ 'js_keys' => array(), // Keys to do JavaScript antispam test
298
+ 'js_keys_store_days' => 1, // JavaScript keys store days
299
+ 'js_key_lifetime' => 3600, // JavaScript key life time in seconds
300
  );
301
  }
302
 
435
  $result = 0;
436
  }
437
  }
438
+
439
  return $result;
440
  }
441
 
542
 
543
  /**
544
  * Adds hidden filed to define avaialbility of client's JavaScript
545
+ * @param bool $random_key switch on generation random key for every page load
546
  */
547
+ function ct_add_hidden_fields($random_key = false, $field_name = 'ct_checkjs', $return_string = false, $cookie_check = false) {
548
  global $ct_checkjs_def, $ct_plugin_name;
549
 
550
+ $ct_checkjs_key = ct_get_checkjs_value($random_key);
551
+ $field_id_hash = md5(rand(0, 1000));
552
 
 
553
  if ($cookie_check) {
554
  $html = '
555
  <script type="text/javascript">
558
  }
559
  ctSetCookie("%s", "%s");
560
  </script>
561
+ ';
562
  $html = sprintf($html, $field_name, $ct_checkjs_key);
563
  } else {
564
+ $ct_input_challenge = sprintf("'%s'", $ct_checkjs_key);
565
+
566
+ $field_id = $field_name . '_' . $field_id_hash;
567
+ $html = '
568
  <input type="hidden" id="%s" name="%s" value="%s" />
569
  <script type="text/javascript">
570
  var ct_input_name = \'%s\';
571
  var ct_input_value = document.getElementById(ct_input_name).value;
572
+ var ct_input_challenge = %s;
573
  document.getElementById(ct_input_name).value = document.getElementById(ct_input_name).value.replace(ct_input_value, ct_input_challenge);
574
  if (document.getElementById(ct_input_name).value == ct_input_value) {
575
  document.getElementById(ct_input_name).value = ct_set_challenge(ct_input_challenge);
579
  };
580
  </script>
581
  ';
582
+ $html = sprintf($html, $field_id, $field_name, $ct_checkjs_def, $field_id, $ct_input_challenge);
583
  };
584
 
585
  $html .= '<noscript><p><b>Please enable JavaScript to pass anti-spam protection!</b><br />Here are the instructions how to enable JavaScript in your web browser <a href="http://www.enable-javascript.com" rel="nofollow" target="_blank">http://www.enable-javascript.com</a>.<br />' . $ct_plugin_name . '.</p></noscript>';
907
  * Validates JavaScript anti-spam test
908
  *
909
  */
910
+ function js_test($field_name = 'ct_checkjs', $data = null, $random_key = false) {
911
+
912
  $checkjs = null;
913
  $js_post_value = null;
914
 
917
 
918
  if (isset($data[$field_name])) {
919
  $js_post_value = $data[$field_name];
920
+
921
+ //
922
+ // Random key check
923
+ //
924
+ if ($random_key) {
925
+ $options = ct_get_options();
926
+
927
+ $keys = $options['js_keys'];
928
+ if (isset($keys[$js_post_value])) {
929
+ $checkjs = 1;
930
+ } else {
931
+ $checkjs = 0;
932
+ }
933
  } else {
934
+ $ct_challenge = ct_get_checkjs_value();
935
+
936
+ if(preg_match("/$ct_challenge/", $js_post_value)) {
937
+ $checkjs = 1;
938
+ } else {
939
+ $checkjs = 0;
940
+ }
941
  }
942
+
943
+
944
  }
945
 
946
  return $checkjs;
1094
  * Get ct_get_checkjs_value
1095
  * @return string
1096
  */
1097
+ function ct_get_checkjs_value($random_key = false) {
1098
  $options = ct_get_options();
1099
 
1100
+ if ($random_key) {
1101
+ $keys = $options['js_keys'];
1102
+ $keys_checksum = md5(json_encode($keys));
1103
+
1104
+ $key = null;
1105
+ $latest_key_time = 0;
1106
+ foreach ($keys as $k => $t) {
1107
+
1108
+ // Removing key if it's to old
1109
+ if (time() - $t > $options['js_keys_store_days'] * 86400) {
1110
+ unset($keys[$k]);
1111
+ continue;
1112
+ }
1113
+
1114
+ if ($t > $latest_key_time) {
1115
+ $latest_key_time = $t;
1116
+ $key = $k;
1117
+ }
1118
+ }
1119
+
1120
+ // Get new key if the latest key is too old
1121
+ if (time() - $latest_key_time > $options['js_key_lifetime']) {
1122
+ $key = rand();
1123
+ $keys[$key] = time();
1124
+ }
1125
+
1126
+ if (md5(json_encode($keys)) != $keys_checksum) {
1127
+ $options['js_keys'] = $keys;
1128
+ update_option('cleantalk_settings', $options);
1129
+ }
1130
+ } else {
1131
+ $key = md5($options['apikey'] . '+' . get_option('admin_email'));
1132
+ }
1133
+
1134
 
1135
+ return $key;
1136
  }
1137
 
1138
 
1148
  return false;
1149
  }
1150
 
1151
+ ct_add_hidden_fields(true, $ct_checkjs_register_form, false);
1152
 
1153
  return null;
1154
  }
1248
  $buddypress = true;
1249
  }
1250
 
 
 
1251
  $options = ct_get_options();
1252
  if ($options['registrations_test'] == 0) {
1253
  return $errors;
1254
  }
1255
+
1256
+ $submit_time = submit_time_test();
1257
+
1258
+ $sender_info = get_sender_info();
1259
 
1260
+ $checkjs = js_test($ct_checkjs_register_form, $_POST, true);
1261
+ $sender_info['post_checkjs_passed'] = $checkjs;
1262
+
1263
  //
1264
  // This hack can be helpfull when plugin uses with untested themes&signups plugins.
1265
  //
1266
  if ($checkjs === null) {
1267
  $checkjs = js_test('ct_checkjs', $_COOKIE);
1268
+ $sender_info['cookie_checkjs_passed'] = $checkjs;
1269
  }
1270
 
 
 
 
1271
  $sender_info = json_encode($sender_info);
1272
  if ($sender_info === false) {
1273
  $sender_info= '';
1274
  }
1275
+
1276
+ require_once('cleantalk.class.php');
 
1277
  $config = get_option('cleantalk_server');
 
1278
  $ct = new Cleantalk();
1279
  $ct->work_url = $config['ct_work_url'];
1280
  $ct->server_url = $options['server'];
1285
 
1286
  $ct_request = new CleantalkRequest();
1287
  $ct_request->auth_key = $options['apikey'];
1288
+ $ct_request->sender_email = $user_email;
1289
  $ct_request->sender_ip = $ct->ct_session_ip($_SERVER['REMOTE_ADDR']);
1290
  $ct_request->sender_nickname = $sanitized_user_login;
1291
  $ct_request->agent = $ct_agent_version;
1764
  }
1765
 
1766
  $checkjs = js_test('ct_checkjs', $_COOKIE);
1767
+
 
 
 
 
 
 
1768
  $post_info['comment_type'] = 'feedback_general_contact_form';
1769
  $post_info = json_encode($post_info);
1770
  if ($post_info === false) {
1776
  $subject = '';
1777
  $message = '';
1778
  $contact_form = false;
1779
+
1780
  foreach ($_POST as $k => $v) {
1781
+ if ($sender_email === null && isset($v)) {
1782
+ if (is_string($v) && preg_match("/^\S+@\S+\.\S+$/", $v)) {
1783
+ $sender_email = $v;
1784
+ }
1785
+
1786
+ // Looing email address in arrays
1787
+ if (is_array($v)) {
1788
+ foreach ($v as $v2) {
1789
+ if ($sender_email) {
1790
+ continue;
1791
+ }
1792
+
1793
+ if (is_string($v2) && preg_match("/^\S+@\S+\.\S+$/", $v2)) {
1794
+ $sender_email = $v2;
1795
+ }
1796
+ }
1797
+ }
1798
  }
1799
  if ($sender_nickname === null && ct_get_data_from_submit($k, 'name')) {
1800
  $sender_nickname = $v;
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: znaeff, shagimuratov
3
  Tags: antispam, anti-spam, anti spam, spam, spammers, captcha, comments, registration, contact form, blacklist, math, signup, formidable, bot, spam bots, spammy, s2member, wordpress, support, BuddyPress, bbpress, landing pages, fast secure contact form, WooCommerce, jetpack, cf7, form
4
  Requires at least: 3.0
5
  Tested up to: 4.0
6
- Stable tag: 3.9
7
  License: GPLv2
8
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
9
 
@@ -20,7 +20,7 @@ No CAPTCHA, no questions, no counting animals, no puzzles, no math and no spam b
20
 
21
  = Spam protection =
22
  * WordPress, JetPack comments.
23
- * WordPress, BuddyPress, bbPress, S2Member signups.
24
  * Formidable forms, Contact form 7, JetPack Contact form, Fast Secure Contact form any themes/custom contact form.
25
  * WooCommerce review form.
26
  * WordPress Landing Pages.
@@ -72,7 +72,7 @@ At the sight of CAPTCHA and after input errors, many visitors leave the resource
72
 
73
  *** Forbidden. Sender blacklisted. Request number . Antispam service cleantalk.org. ***
74
 
75
- The setup is done! You can control anti spam plugin by <a href="http://cleantalk.org/my" target="_blank">Control panel</a> at the cleantalk.org or use <a href="https://play.google.com/store/apps/details?id=org.cleantalk.app">Adnroid</a>, <a href="https://itunes.apple.com/us/app/cleantalk/id825479913?mt=8">iPhone</a> anti spam app.
76
 
77
  == Frequently Asked Questions ==
78
 
@@ -151,6 +151,10 @@ WordPress 3.0 at least. PHP 4, 5 with CURL or file_get_contents() function and e
151
  1. Anti spam stopped spam bot at the CAPTCHA less registration form.
152
 
153
  == Changelog ==
 
 
 
 
154
  = 3.9 2014-10-01 =
155
  * Did exception to do not break to create new user in WordPress backend.
156
 
@@ -400,6 +404,9 @@ WordPress 3.0 at least. PHP 4, 5 with CURL or file_get_contents() function and e
400
  * First version
401
 
402
  == Upgrade Notice ==
 
 
 
403
  = 3.9 2014-10-01 =
404
  Did exception to do not break to create new user in WordPress backend.
405
 
3
  Tags: antispam, anti-spam, anti spam, spam, spammers, captcha, comments, registration, contact form, blacklist, math, signup, formidable, bot, spam bots, spammy, s2member, wordpress, support, BuddyPress, bbpress, landing pages, fast secure contact form, WooCommerce, jetpack, cf7, form
4
  Requires at least: 3.0
5
  Tested up to: 4.0
6
+ Stable tag: 4.0
7
  License: GPLv2
8
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
9
 
20
 
21
  = Spam protection =
22
  * WordPress, JetPack comments.
23
+ * WordPress, BuddyPress, bbPress, S2Member, WooCommerce registrations.
24
  * Formidable forms, Contact form 7, JetPack Contact form, Fast Secure Contact form any themes/custom contact form.
25
  * WooCommerce review form.
26
  * WordPress Landing Pages.
72
 
73
  *** Forbidden. Sender blacklisted. Request number . Antispam service cleantalk.org. ***
74
 
75
+ The setup is done! You can control anti spam plugin by <a href="http://cleantalk.org/my" target="_blank">Control panel</a> at the cleantalk.org or use <a href="https://play.google.com/store/apps/details?id=org.cleantalk.app">Android</a>, <a href="https://itunes.apple.com/us/app/cleantalk/id825479913?mt=8">iPhone</a> anti spam app.
76
 
77
  == Frequently Asked Questions ==
78
 
151
  1. Anti spam stopped spam bot at the CAPTCHA less registration form.
152
 
153
  == Changelog ==
154
+ = 4.0 2014-10-06 =
155
+ * Improved anti spam protection for custom contact forms.
156
+ * Improved anti spam protection for registration forms.
157
+
158
  = 3.9 2014-10-01 =
159
  * Did exception to do not break to create new user in WordPress backend.
160
 
404
  * First version
405
 
406
  == Upgrade Notice ==
407
+ = 4.0 2014-10-06 =
408
+ Major anti spam improvements for registration and contact forms.
409
+
410
  = 3.9 2014-10-01 =
411
  Did exception to do not break to create new user in WordPress backend.
412
 
screenshot-1.png CHANGED
Binary file
screenshot-2.png CHANGED
Binary file
screenshot-3.png CHANGED
Binary file