Spam protection, AntiSpam, FireWall by CleanTalk - Version 5.118

Version Description

April 19 2019 = * Fix: Cookies on registration page. * Fix: Update fix. * Fix: Wordpress built-in API. * Fix: WooCommerce checkout form. * Fix: UpdraftPlus. Saving settings. * Fix: Convert Pro saving settings. * Fix: UTF-8 Converting. * Fix: GDPR notice. * Fix: cleantalk_sessions table size reduced. * Mod: Localization. * Mod: Performance improved. * Mod: SpamFierWall improvments. * Mod: IP detection improved. * Mod: JavaScript check rewised. * New: Setting "Use alternative mechanism for cookies".

Download this release

Release Info

Developer Safronik
Plugin Icon 128x128 Spam protection, AntiSpam, FireWall by CleanTalk
Version 5.118
Comparing to
See all releases

Code changes from version 5.117.1 to 5.118

Files changed (16) hide show
  1. cleantalk.php +155 -108
  2. inc/cleantalk-ajax.php +10 -3
  3. inc/cleantalk-common.php +83 -55
  4. inc/cleantalk-public.php +41 -42
  5. inc/cleantalk-settings.php +27 -13
  6. inc/cleantalk-updater.php +10 -0
  7. lib/Cleantalk.php +212 -261
  8. lib/CleantalkAPI.php +13 -512
  9. lib/CleantalkAPI_base.php +602 -0
  10. lib/CleantalkHelper.php +281 -139
  11. lib/CleantalkRequest.php +24 -5
  12. lib/CleantalkResponse.php +1 -1
  13. lib/CleantalkSFW.php +9 -1
  14. lib/CleantalkSFW_Base.php +5 -4
  15. lib/CleantalkState.php +4 -6
  16. readme.txt +35 -1
cleantalk.php CHANGED
@@ -3,7 +3,7 @@
3
  Plugin Name: Anti-Spam by CleanTalk
4
  Plugin URI: http://cleantalk.org
5
  Description: Max power, all-in-one, no Captcha, premium anti-spam plugin. No comment spam, no registration spam, no contact spam, protects any WordPress forms.
6
- Version: 5.117.1
7
  Author: СleanTalk <welcome@cleantalk.org>
8
  Author URI: http://cleantalk.org
9
  */
@@ -23,7 +23,7 @@ define('APBCT_CASERT_PATH', file_exists(ABSPATH.WPINC.'/certificates/ca-bun
23
  // API params
24
  define('CLEANTALK_AGENT', 'wordpress-'.str_replace('.', '', $plugin_info['Version']));
25
  define('CLEANTALK_API_URL', 'https://api.cleantalk.org'); //Api URL
26
- define('CLEANTALK_MODERATE_URL', 'https://moderate.cleantalk.org'); //Api URL
27
 
28
  // Option names
29
  define('APBCT_DATA', 'cleantalk_data'); //Option name with different plugin data.
@@ -36,7 +36,7 @@ define('APBCT_WPMS', (is_multisite() ? true : false)); // WMPS is enabled
36
 
37
  // Sessions
38
  define('APBCT_SEESION__LIVE_TIME', 86400*3);
39
- define('APBCT_SEESION__CHANCE_TO_CLEAN', 5);
40
 
41
  // Different params
42
  define('APBCT_REMOTE_CALL_SLEEP', 10); // Minimum time between remote call
@@ -49,7 +49,8 @@ if(!defined('CLEANTALK_PLUGIN_DIR')){
49
 
50
  require_once( CLEANTALK_PLUGIN_DIR . 'lib/cleantalk-php-patch.php'); // Pathces fpr different functions which not exists
51
  require_once( CLEANTALK_PLUGIN_DIR . 'lib/CleantalkHelper.php'); // Helper class. Different useful functions
52
- require_once( CLEANTALK_PLUGIN_DIR . 'lib/CleantalkAPI.php'); // Helper class. Different useful functions
 
53
  require_once( CLEANTALK_PLUGIN_DIR . 'lib/Cleantalk.php'); // Main class for request
54
  require_once( CLEANTALK_PLUGIN_DIR . 'lib/CleantalkRequest.php'); // Holds request data
55
  require_once( CLEANTALK_PLUGIN_DIR . 'lib/CleantalkResponse.php'); // Holds response data
@@ -86,16 +87,10 @@ if(!defined('CLEANTALK_PLUGIN_DIR')){
86
 
87
  }
88
 
89
- // Do update actions if version is changed
90
- apbct_update_actions();
91
-
92
  // Passing JS key to frontend
93
  add_action('wp_ajax_apbct_js_keys__get', 'apbct_js_keys__get__ajax');
94
  add_action('wp_ajax_nopriv_apbct_js_keys__get', 'apbct_js_keys__get__ajax');
95
 
96
- /** @todo HARDCODE FIX */
97
- if($apbct->plugin_version === '1.0.0')
98
- $apbct->plugin_version = '5.100';
99
 
100
  // Database prefix
101
  global $wpdb;
@@ -107,6 +102,13 @@ if(!defined('CLEANTALK_PLUGIN_DIR')){
107
  define('APBCT_SELECT_LIMIT', 5000); // Select limit for logs.
108
  define('APBCT_WRITE_LIMIT', 5000); // Write limit for firewall data.
109
 
 
 
 
 
 
 
 
110
  // Self cron
111
  if(!defined('DOING_CRON') || (defined('DOING_CRON') && DOING_CRON !== true)){
112
 
@@ -126,7 +128,9 @@ if(!defined('CLEANTALK_PLUGIN_DIR')){
126
  add_action('wp_logout', 'apbct__hook__wp_logout__delete_trial_notice_cookie');
127
 
128
  // Set cookie only for public pages and for non-AJAX requests
129
- if (!is_admin() && !apbct_is_ajax() && !defined('DOING_CRON') && !headers_sent()){
 
 
130
  add_action('wp','apbct_cookie', 2);
131
  add_action('wp','apbct_store__urls', 2);
132
  if (empty($_POST) && empty($_GET['action'])){
@@ -317,6 +321,8 @@ if(!defined('CLEANTALK_PLUGIN_DIR')){
317
  add_filter('wp_die_handler', 'apbct_comment__sanitize_data__before_wp_die', 1); // Check comments after validation
318
 
319
  // Registrations
 
 
320
  add_action('register_form', 'ct_register_form');
321
  add_filter('registration_errors', 'ct_registration_errors', 1, 3);
322
  add_filter('registration_errors', 'ct_check_registration_erros', 999999, 3);
@@ -444,7 +450,7 @@ function apbct_sfw__check()
444
 
445
  $is_sfw_check = true;
446
  $sfw = new CleantalkSFW();
447
- $sfw->ip_array = (array)$sfw->ip_get(array('real'), true);
448
 
449
  foreach($sfw->ip_array as $ct_cur_ip){
450
  if(isset($_COOKIE['ct_sfw_pass_key']) && $_COOKIE['ct_sfw_pass_key'] == md5($ct_cur_ip.$apbct->api_key)){
@@ -454,8 +460,9 @@ function apbct_sfw__check()
454
  $apbct->data['sfw_counter']['all']++;
455
  $apbct->saveData();
456
  if(!headers_sent())
457
- setcookie ('ct_sfw_passed', '0', 1, "/");
458
  }
 
459
  }else{
460
  $is_sfw_check=true;
461
  }
@@ -467,7 +474,7 @@ function apbct_sfw__check()
467
  $spbc_key = !empty($spbc_settings['spbc_key']) ? $spbc_settings['spbc_key'] : false;
468
  if($_GET['access'] === $apbct->api_key || ($spbc_key !== false && $_GET['access'] === $spbc_key)){
469
  $is_sfw_check = false;
470
- setcookie ('spbc_firewall_pass_key', md5($_SERVER['REMOTE_ADDR'].$spbc_key), time()+1200, '/');
471
  setcookie ('ct_sfw_pass_key', md5($_SERVER['REMOTE_ADDR'].$apbct->api_key), time()+1200, '/');
472
  }
473
  unset($spbc_settings, $spbc_key);
@@ -492,7 +499,7 @@ function apbct_sfw__check()
492
  $sfw->sfw_die($apbct->api_key);
493
  }else{
494
  if(!empty($apbct->settings['set_cookies']) && !headers_sent())
495
- setcookie ('ct_sfw_pass_key', md5($sfw->passed_ip.$apbct->api_key), 0, "/");
496
  }
497
  }
498
  unset($is_sfw_check, $sfw, $sfw_ip, $ct_cur_ip);
@@ -501,17 +508,19 @@ function apbct_sfw__check()
501
  /**
502
  * On activation, set a time, frequency and name of an action hook to be scheduled.
503
  */
504
- function apbct_activation( $network ) {
505
 
506
  global $wpdb;
507
 
508
- $sfw_data_query = 'CREATE TABLE IF NOT EXISTS `%s` (
 
509
  `network` int(11) unsigned NOT NULL,
510
  `mask` int(11) unsigned NOT NULL,
511
  INDEX ( `network` , `mask` )
512
  ) ENGINE = MYISAM ;';
513
 
514
- $sfw_log_query = 'CREATE TABLE IF NOT EXISTS `%s` (
 
515
  `ip` VARCHAR(15) NOT NULL,
516
  `all_entries` INT NOT NULL,
517
  `blocked_entries` INT NOT NULL,
@@ -519,22 +528,21 @@ function apbct_activation( $network ) {
519
  PRIMARY KEY (`ip`))
520
  ENGINE = MYISAM;';
521
 
522
- $session_table = 'CREATE TABLE IF NOT EXISTS `%s` (
 
523
  `id` VARCHAR(64) NOT NULL,
524
  `name` TEXT NOT NULL,
525
  `value` TEXT NULL DEFAULT NULL,
526
  `last_update` DATETIME NULL DEFAULT NULL,
527
  PRIMARY KEY (`id`, `name`(10)))
528
  ENGINE = MYISAM;';
529
-
530
  if($network && !defined('CLEANTALK_ACCESS_KEY')){
531
  $initial_blog = get_current_blog_id();
532
  $blogs = array_keys($wpdb->get_results('SELECT blog_id FROM '. $wpdb->blogs, OBJECT_K));
533
  foreach ($blogs as $blog) {
534
  switch_to_blog($blog);
535
- $wpdb->query(sprintf($sfw_data_query, $wpdb->prefix . 'cleantalk_sfw')); // Table for SpamFireWall data
536
- $wpdb->query(sprintf($sfw_log_query, $wpdb->prefix . 'cleantalk_sfw_logs')); // Table for SpamFireWall logs
537
- $wpdb->query(sprintf($session_table, $wpdb->prefix . 'cleantalk_sessions')); // Table for session data
538
  // Cron tasks
539
  CleantalkCron::addTask('check_account_status', 'ct_account_status_check', 3600, time()+1800); // Checks account status
540
  CleantalkCron::addTask('delete_spam_comments', 'ct_delete_spam_comments', 3600, time()+3500); // Formerly ct_hourly_event_hook()
@@ -556,9 +564,7 @@ function apbct_activation( $network ) {
556
  CleantalkCron::addTask('get_brief_data', 'cleantalk_get_brief_data', 86400, time()+3500); // Get data for dashboard widget
557
  CleantalkCron::addTask('send_connection_report','ct_mail_send_connection_report', 86400, time()+3500); // Send connection report to welcome@cleantalk.org
558
 
559
- $wpdb->query(sprintf($sfw_data_query, APBCT_TBL_FIREWALL_DATA)); // Table for SpamFireWall data
560
- $wpdb->query(sprintf($sfw_log_query, APBCT_TBL_FIREWALL_LOG)); // Table for SpamFireWall logs
561
- $wpdb->query(sprintf($session_table, APBCT_TBL_SESSIONS)); // Table for SpamFireWall logs
562
  ct_sfw_update(); // Updating SFW
563
  ct_account_status_check(null, false);
564
  }
@@ -567,30 +573,52 @@ function apbct_activation( $network ) {
567
  add_option('ct_plugin_do_activation_redirect', true);
568
  }
569
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
570
  function apbct_activation__new_blog($blog_id, $user_id, $domain, $path, $site_id, $meta) {
571
  if (apbct_is_plugin_active_for_network('security-malware-firewall/security-malware-firewall.php')){
 
572
  switch_to_blog($blog_id);
 
573
  global $wpdb;
574
- $sfw_data_query = 'CREATE TABLE IF NOT EXISTS `%scleantalk_sfw` (
 
 
575
  `network` int(11) unsigned NOT NULL,
576
  `mask` int(11) unsigned NOT NULL,
577
  INDEX ( `network` , `mask` )
578
  ) ENGINE = MYISAM ;';
579
 
580
- $sfw_log_query = 'CREATE TABLE IF NOT EXISTS `%scleantalk_sfw_logs` (
 
581
  `ip` VARCHAR(15) NOT NULL,
582
  `all_entries` INT NOT NULL,
583
  `blocked_entries` INT NOT NULL,
584
  `entries_timestamp` INT NOT NULL,
585
- PRIMARY KEY (`id`, `name`(10)))
586
  ENGINE = MYISAM;';
587
-
588
- $session__query = 'CREATE TABLE IF NOT EXISTS `%s` (
 
589
  `id` VARCHAR(64) NOT NULL,
590
  `name` TEXT NOT NULL,
591
  `value` TEXT NULL DEFAULT NULL,
592
  `last_update` DATETIME NULL DEFAULT NULL,
593
- PRIMARY KEY (`id`))
594
  ENGINE = MYISAM;';
595
 
596
  // Cron tasks
@@ -601,9 +629,7 @@ function apbct_activation__new_blog($blog_id, $user_id, $domain, $path, $site_id
601
  CleantalkCron::addTask('send_sfw_logs', 'ct_sfw_send_logs', 3600, time()+1800); // SFW send logs
602
  CleantalkCron::addTask('get_brief_data', 'cleantalk_get_brief_data', 86400, time()+3500); // Get data for dashboard widget
603
  CleantalkCron::addTask('send_connection_report','ct_mail_send_connection_report', 86400, time()+3500); // Send connection report to welcome@cleantalk.org
604
- $wpdb->query(sprintf($sfw_data_query, $wpdb->prefx)); // Table for SpamFireWall data
605
- $wpdb->query(sprintf($sfw_log_query, $wpdb->prefx)); // Table for SpamFireWall logs
606
- $wpdb->query(sprintf($session__query, $wpdb->prefx)); // Table for SpamFireWall logs
607
  ct_sfw_update(); // Updating SFW
608
  ct_account_status_check(null, false);
609
  restore_current_blog();
@@ -839,70 +865,12 @@ function apbct__hook__wp_logout__delete_trial_notice_cookie(){
839
  setcookie('ct_trial_banner_closed', '', time()-3600);
840
  }
841
 
842
- /*
843
- * Set Cookies test for cookie test
844
- * Sets cookies with pararms timestamp && landing_timestamp && pervious_referer
845
- * Sets test cookie with all other cookies
846
- */
847
- function apbct_cookie(){
848
-
849
- global $apbct;
850
-
851
- if(
852
- empty($apbct->settings['set_cookies']) || // Do not set cookies if option is disabled (for Varnish cache).
853
- !empty($apbct->flags__cookies_setuped) // Cookies already set
854
- )
855
- return false;
856
-
857
- // Cookie names to validate
858
- $cookie_test_value = array(
859
- 'cookies_names' => array(),
860
- 'check_value' => $apbct->api_key,
861
- );
862
-
863
- $domain = parse_url(get_option('siteurl'),PHP_URL_HOST);
864
-
865
- // Submit time
866
- if(empty($_POST['ct_multipage_form'])){ // Do not start/reset page timer if it is multipage form (Gravitiy forms))
867
- $apbct_timestamp = time();
868
- setcookie('apbct_timestamp', $apbct_timestamp, 0, '/', $domain, false, true);
869
- $cookie_test_value['cookies_names'][] = 'apbct_timestamp';
870
- $cookie_test_value['check_value'] .= $apbct_timestamp;
871
- }
872
-
873
- // Pervious referer
874
- if(!empty($_SERVER['HTTP_REFERER'])){
875
- setcookie('apbct_prev_referer', $_SERVER['HTTP_REFERER'], 0, '/', $domain, false, true);
876
- $cookie_test_value['cookies_names'][] = 'apbct_prev_referer';
877
- $cookie_test_value['check_value'] .= $_SERVER['HTTP_REFERER'];
878
- }
879
-
880
- // Landing time
881
- if(isset($_COOKIE['apbct_site_landing_ts'])){
882
- $site_landing_timestamp = $_COOKIE['apbct_site_landing_ts'];
883
- }else{
884
- $site_landing_timestamp = time();
885
- setcookie('apbct_site_landing_ts', $site_landing_timestamp, 0, '/', $domain, false, true);
886
- }
887
- $cookie_test_value['cookies_names'][] = 'apbct_site_landing_ts';
888
- $cookie_test_value['check_value'] .= $site_landing_timestamp;
889
-
890
- // Page hits
891
- $page_hits = isset($_COOKIE['apbct_page_hits']) && apbct_cookies_test() ? $_COOKIE['apbct_page_hits'] + 1 : 1;
892
- setcookie('apbct_page_hits', $page_hits, 0, '/', $domain, false, true);
893
- $cookie_test_value['cookies_names'][] = 'apbct_page_hits';
894
- $cookie_test_value['check_value'] .= $page_hits;
895
-
896
- // Cookies test
897
- $cookie_test_value['check_value'] = md5($cookie_test_value['check_value']);
898
- setcookie('apbct_cookies_test', urlencode(json_encode($cookie_test_value)), 0, '/', $domain, false, true);
899
-
900
- $apbct->flags__cookies_setuped = true;
901
-
902
- }
903
-
904
  function apbct_alt_session__id__get(){
905
- $id = CleantalkHelper::ip_get(array('real')).filter_input(INPUT_SERVER, 'HTTP_USER_AGENT').filter_input(INPUT_SERVER, 'HTTP_ACCEPT_LANGUAGE');
 
 
 
 
906
  return hash('sha256', $id);
907
  }
908
 
@@ -1009,6 +977,85 @@ function apbct_store__urls(){
1009
  }
1010
  }
1011
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1012
  /**
1013
  * Cookies test for sender
1014
  * Also checks for valid timestamp in $_COOKIE['apbct_timestamp'] and other apbct_ COOKIES
@@ -1018,6 +1065,9 @@ function apbct_cookies_test()
1018
  {
1019
  global $apbct;
1020
 
 
 
 
1021
  if(isset($_COOKIE['apbct_cookies_test'])){
1022
 
1023
  $cookie_test = json_decode(urldecode($_COOKIE['apbct_cookies_test']),true);
@@ -1028,7 +1078,7 @@ function apbct_cookies_test()
1028
  $check_srting = $apbct->api_key;
1029
  foreach($cookie_test['cookies_names'] as $cookie_name){
1030
  $check_srting .= isset($_COOKIE[$cookie_name]) ? $_COOKIE[$cookie_name] : '';
1031
- } unset($cokie_name);
1032
 
1033
  if($cookie_test['check_value'] == md5($check_srting)){
1034
  return 1;
@@ -1063,18 +1113,15 @@ function apbct_cookies__delete_all(){
1063
  */
1064
  function apbct_get_submit_time()
1065
  {
1066
- return apbct_cookies_test() == 1 ? time() - (int)$_COOKIE['apbct_timestamp'] : null;
 
 
 
 
1067
  }
1068
 
1069
  function apbct_is_user_logged_in(){
1070
- if(count($_COOKIE)){
1071
- foreach($_COOKIE as $key => $val){
1072
- if(preg_match("/wordpress_logged_in/", $key)){
1073
- return true;
1074
- }
1075
- } unset($key, $val);
1076
- }
1077
- return false;
1078
  }
1079
 
1080
  /*
3
  Plugin Name: Anti-Spam by CleanTalk
4
  Plugin URI: http://cleantalk.org
5
  Description: Max power, all-in-one, no Captcha, premium anti-spam plugin. No comment spam, no registration spam, no contact spam, protects any WordPress forms.
6
+ Version: 5.118
7
  Author: СleanTalk <welcome@cleantalk.org>
8
  Author URI: http://cleantalk.org
9
  */
23
  // API params
24
  define('CLEANTALK_AGENT', 'wordpress-'.str_replace('.', '', $plugin_info['Version']));
25
  define('CLEANTALK_API_URL', 'https://api.cleantalk.org'); //Api URL
26
+ define('CLEANTALK_MODERATE_URL', 'http://moderate.cleantalk.org'); //Api URL
27
 
28
  // Option names
29
  define('APBCT_DATA', 'cleantalk_data'); //Option name with different plugin data.
36
 
37
  // Sessions
38
  define('APBCT_SEESION__LIVE_TIME', 86400*3);
39
+ define('APBCT_SEESION__CHANCE_TO_CLEAN', 50);
40
 
41
  // Different params
42
  define('APBCT_REMOTE_CALL_SLEEP', 10); // Minimum time between remote call
49
 
50
  require_once( CLEANTALK_PLUGIN_DIR . 'lib/cleantalk-php-patch.php'); // Pathces fpr different functions which not exists
51
  require_once( CLEANTALK_PLUGIN_DIR . 'lib/CleantalkHelper.php'); // Helper class. Different useful functions
52
+ require_once( CLEANTALK_PLUGIN_DIR . 'lib/CleantalkAPI_base.php'); // API.
53
+ require_once( CLEANTALK_PLUGIN_DIR . 'lib/CleantalkAPI.php'); // API extension for Wordpress
54
  require_once( CLEANTALK_PLUGIN_DIR . 'lib/Cleantalk.php'); // Main class for request
55
  require_once( CLEANTALK_PLUGIN_DIR . 'lib/CleantalkRequest.php'); // Holds request data
56
  require_once( CLEANTALK_PLUGIN_DIR . 'lib/CleantalkResponse.php'); // Holds response data
87
 
88
  }
89
 
 
 
 
90
  // Passing JS key to frontend
91
  add_action('wp_ajax_apbct_js_keys__get', 'apbct_js_keys__get__ajax');
92
  add_action('wp_ajax_nopriv_apbct_js_keys__get', 'apbct_js_keys__get__ajax');
93
 
 
 
 
94
 
95
  // Database prefix
96
  global $wpdb;
102
  define('APBCT_SELECT_LIMIT', 5000); // Select limit for logs.
103
  define('APBCT_WRITE_LIMIT', 5000); // Write limit for firewall data.
104
 
105
+ /** @todo HARDCODE FIX */
106
+ if($apbct->plugin_version === '1.0.0')
107
+ $apbct->plugin_version = '5.100';
108
+
109
+ // Do update actions if version is changed
110
+ apbct_update_actions();
111
+
112
  // Self cron
113
  if(!defined('DOING_CRON') || (defined('DOING_CRON') && DOING_CRON !== true)){
114
 
128
  add_action('wp_logout', 'apbct__hook__wp_logout__delete_trial_notice_cookie');
129
 
130
  // Set cookie only for public pages and for non-AJAX requests
131
+ if (!is_admin() && !apbct_is_ajax() && !defined('DOING_CRON') && !headers_sent()
132
+ && empty($_POST['ct_checkjs_register_form']) // Buddy press registration fix
133
+ ){
134
  add_action('wp','apbct_cookie', 2);
135
  add_action('wp','apbct_store__urls', 2);
136
  if (empty($_POST) && empty($_GET['action'])){
321
  add_filter('wp_die_handler', 'apbct_comment__sanitize_data__before_wp_die', 1); // Check comments after validation
322
 
323
  // Registrations
324
+ add_action('login_form_register', 'apbct_cookie');
325
+ add_action('login_form_register', 'apbct_store__urls');
326
  add_action('register_form', 'ct_register_form');
327
  add_filter('registration_errors', 'ct_registration_errors', 1, 3);
328
  add_filter('registration_errors', 'ct_check_registration_erros', 999999, 3);
450
 
451
  $is_sfw_check = true;
452
  $sfw = new CleantalkSFW();
453
+ $sfw->ip_array = (array)$sfw->ip__get(array('real'), true);
454
 
455
  foreach($sfw->ip_array as $ct_cur_ip){
456
  if(isset($_COOKIE['ct_sfw_pass_key']) && $_COOKIE['ct_sfw_pass_key'] == md5($ct_cur_ip.$apbct->api_key)){
460
  $apbct->data['sfw_counter']['all']++;
461
  $apbct->saveData();
462
  if(!headers_sent())
463
+ setcookie ('ct_sfw_passed', '0', time()+86400*3, '/', parse_url(get_option('siteurl'),PHP_URL_HOST) ,false, true);
464
  }
465
+ break;
466
  }else{
467
  $is_sfw_check=true;
468
  }
474
  $spbc_key = !empty($spbc_settings['spbc_key']) ? $spbc_settings['spbc_key'] : false;
475
  if($_GET['access'] === $apbct->api_key || ($spbc_key !== false && $_GET['access'] === $spbc_key)){
476
  $is_sfw_check = false;
477
+ setcookie ('spbc_firewall_pass_key', md5($_SERVER['REMOTE_ADDR'].$spbc_key), time()+1200, '/');
478
  setcookie ('ct_sfw_pass_key', md5($_SERVER['REMOTE_ADDR'].$apbct->api_key), time()+1200, '/');
479
  }
480
  unset($spbc_settings, $spbc_key);
499
  $sfw->sfw_die($apbct->api_key);
500
  }else{
501
  if(!empty($apbct->settings['set_cookies']) && !headers_sent())
502
+ setcookie ('ct_sfw_pass_key', md5($sfw->passed_ip.$apbct->api_key), time()+86400*3, '/', parse_url(get_option('siteurl'),PHP_URL_HOST) ,false, true);
503
  }
504
  }
505
  unset($is_sfw_check, $sfw, $sfw_ip, $ct_cur_ip);
508
  /**
509
  * On activation, set a time, frequency and name of an action hook to be scheduled.
510
  */
511
+ function apbct_activation( $network = false ) {
512
 
513
  global $wpdb;
514
 
515
+ // SFW data
516
+ $sqls[] = 'CREATE TABLE IF NOT EXISTS `%scleantalk_sfw` (
517
  `network` int(11) unsigned NOT NULL,
518
  `mask` int(11) unsigned NOT NULL,
519
  INDEX ( `network` , `mask` )
520
  ) ENGINE = MYISAM ;';
521
 
522
+ // SFW log
523
+ $sqls[] = 'CREATE TABLE IF NOT EXISTS `%scleantalk_sfw_logs` (
524
  `ip` VARCHAR(15) NOT NULL,
525
  `all_entries` INT NOT NULL,
526
  `blocked_entries` INT NOT NULL,
528
  PRIMARY KEY (`ip`))
529
  ENGINE = MYISAM;';
530
 
531
+ // Sessions
532
+ $sqls[] = 'CREATE TABLE IF NOT EXISTS `%scleantalk_sessions` (
533
  `id` VARCHAR(64) NOT NULL,
534
  `name` TEXT NOT NULL,
535
  `value` TEXT NULL DEFAULT NULL,
536
  `last_update` DATETIME NULL DEFAULT NULL,
537
  PRIMARY KEY (`id`, `name`(10)))
538
  ENGINE = MYISAM;';
539
+
540
  if($network && !defined('CLEANTALK_ACCESS_KEY')){
541
  $initial_blog = get_current_blog_id();
542
  $blogs = array_keys($wpdb->get_results('SELECT blog_id FROM '. $wpdb->blogs, OBJECT_K));
543
  foreach ($blogs as $blog) {
544
  switch_to_blog($blog);
545
+ apbct_activation__create_tables($sqls);
 
 
546
  // Cron tasks
547
  CleantalkCron::addTask('check_account_status', 'ct_account_status_check', 3600, time()+1800); // Checks account status
548
  CleantalkCron::addTask('delete_spam_comments', 'ct_delete_spam_comments', 3600, time()+3500); // Formerly ct_hourly_event_hook()
564
  CleantalkCron::addTask('get_brief_data', 'cleantalk_get_brief_data', 86400, time()+3500); // Get data for dashboard widget
565
  CleantalkCron::addTask('send_connection_report','ct_mail_send_connection_report', 86400, time()+3500); // Send connection report to welcome@cleantalk.org
566
 
567
+ apbct_activation__create_tables($sqls);
 
 
568
  ct_sfw_update(); // Updating SFW
569
  ct_account_status_check(null, false);
570
  }
573
  add_option('ct_plugin_do_activation_redirect', true);
574
  }
575
 
576
+ function apbct_activation__create_tables($sqls) {
577
+ global $wpdb;
578
+ $wpdb->show_errors = false;
579
+ foreach($sqls as $sql){
580
+ $sql = sprintf($sql, $wpdb->prefix); // Adding current blog prefix
581
+ $result = $wpdb->query($sql);
582
+ if($result === false)
583
+ $errors[] = "Failed.\nQuery: {$wpdb->last_query}\nError: {$wpdb->last_error}";
584
+ }
585
+ $wpdb->show_errors = true;
586
+
587
+ // Logging errors
588
+ if(!empty($errors))
589
+ apbct_log($errors);
590
+ }
591
+
592
  function apbct_activation__new_blog($blog_id, $user_id, $domain, $path, $site_id, $meta) {
593
  if (apbct_is_plugin_active_for_network('security-malware-firewall/security-malware-firewall.php')){
594
+
595
  switch_to_blog($blog_id);
596
+
597
  global $wpdb;
598
+
599
+ // SFW data
600
+ $sqls[] = 'CREATE TABLE IF NOT EXISTS `%scleantalk_sfw` (
601
  `network` int(11) unsigned NOT NULL,
602
  `mask` int(11) unsigned NOT NULL,
603
  INDEX ( `network` , `mask` )
604
  ) ENGINE = MYISAM ;';
605
 
606
+ // SFW log
607
+ $sqls[] = 'CREATE TABLE IF NOT EXISTS `%scleantalk_sfw_logs` (
608
  `ip` VARCHAR(15) NOT NULL,
609
  `all_entries` INT NOT NULL,
610
  `blocked_entries` INT NOT NULL,
611
  `entries_timestamp` INT NOT NULL,
612
+ PRIMARY KEY (`ip`))
613
  ENGINE = MYISAM;';
614
+
615
+ // Sessions
616
+ $sqls[] = 'CREATE TABLE IF NOT EXISTS `%scleantalk_sessions` (
617
  `id` VARCHAR(64) NOT NULL,
618
  `name` TEXT NOT NULL,
619
  `value` TEXT NULL DEFAULT NULL,
620
  `last_update` DATETIME NULL DEFAULT NULL,
621
+ PRIMARY KEY (`id`, `name`(10)))
622
  ENGINE = MYISAM;';
623
 
624
  // Cron tasks
629
  CleantalkCron::addTask('send_sfw_logs', 'ct_sfw_send_logs', 3600, time()+1800); // SFW send logs
630
  CleantalkCron::addTask('get_brief_data', 'cleantalk_get_brief_data', 86400, time()+3500); // Get data for dashboard widget
631
  CleantalkCron::addTask('send_connection_report','ct_mail_send_connection_report', 86400, time()+3500); // Send connection report to welcome@cleantalk.org
632
+ apbct_activation__create_tables($sqls);
 
 
633
  ct_sfw_update(); // Updating SFW
634
  ct_account_status_check(null, false);
635
  restore_current_blog();
865
  setcookie('ct_trial_banner_closed', '', time()-3600);
866
  }
867
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
868
  function apbct_alt_session__id__get(){
869
+ $id = CleantalkHelper::ip__get(array('real'))
870
+ .filter_input(INPUT_SERVER, 'HTTP_USER_AGENT')
871
+ //.filter_input(INPUT_SERVER, 'HTTP_ACCEPT') // Could be different. Broke session id
872
+ .filter_input(INPUT_SERVER, 'HTTP_ACCEPT_LANGUAGE')
873
+ .filter_input(INPUT_SERVER, 'HTTP_ACCEPT_ENCODING');
874
  return hash('sha256', $id);
875
  }
876
 
977
  }
978
  }
979
 
980
+ /*
981
+ * Set Cookies test for cookie test
982
+ * Sets cookies with pararms timestamp && landing_timestamp && pervious_referer
983
+ * Sets test cookie with all other cookies
984
+ */
985
+ function apbct_cookie(){
986
+
987
+ global $apbct;
988
+
989
+ if(
990
+ empty($apbct->settings['set_cookies']) || // Do not set cookies if option is disabled (for Varnish cache).
991
+ !empty($apbct->flags__cookies_setuped) // Cookies already set
992
+ )
993
+ return false;
994
+
995
+ // Cookie names to validate
996
+ $cookie_test_value = array(
997
+ 'cookies_names' => array(),
998
+ 'check_value' => $apbct->api_key,
999
+ );
1000
+
1001
+ $domain = parse_url(get_option('siteurl'),PHP_URL_HOST);
1002
+
1003
+ // Submit time
1004
+ if(empty($_POST['ct_multipage_form'])){ // Do not start/reset page timer if it is multipage form (Gravitiy forms))
1005
+ $apbct_timestamp = time();
1006
+ $apbct->settings['set_cookies__sessions']
1007
+ ? apbct_alt_session__save('apbct_timestamp', $apbct_timestamp)
1008
+ : setcookie('apbct_timestamp', $apbct_timestamp, 0, '/', $domain, false, true);
1009
+ $cookie_test_value['cookies_names'][] = 'apbct_timestamp';
1010
+ $cookie_test_value['check_value'] .= $apbct_timestamp;
1011
+ }
1012
+
1013
+ // Pervious referer
1014
+ if(!empty($_SERVER['HTTP_REFERER'])){
1015
+ $apbct->settings['set_cookies__sessions']
1016
+ ? apbct_alt_session__save('apbct_prev_referer', $_SERVER['HTTP_REFERER'])
1017
+ : setcookie('apbct_prev_referer', $_SERVER['HTTP_REFERER'], 0, '/', $domain, false, true);
1018
+ $cookie_test_value['cookies_names'][] = 'apbct_prev_referer';
1019
+ $cookie_test_value['check_value'] .= $_SERVER['HTTP_REFERER'];
1020
+ }
1021
+
1022
+ // Landing time
1023
+ $site_landing_timestamp = $apbct->settings['set_cookies__sessions']
1024
+ ? apbct_alt_session__get('apbct_site_landing_ts')
1025
+ : filter_input(INPUT_COOKIE, 'apbct_site_landing_ts');
1026
+ if(!$site_landing_timestamp){
1027
+ $site_landing_timestamp = time();
1028
+ $apbct->settings['set_cookies__sessions']
1029
+ ? apbct_alt_session__save('apbct_site_landing_ts', $site_landing_timestamp)
1030
+ : setcookie('apbct_site_landing_ts', $site_landing_timestamp, 0, '/', $domain, false, true);
1031
+ }
1032
+ $cookie_test_value['cookies_names'][] = 'apbct_site_landing_ts';
1033
+ $cookie_test_value['check_value'] .= $site_landing_timestamp;
1034
+
1035
+ // Page hits
1036
+ // Get
1037
+ $page_hits = $apbct->settings['set_cookies__sessions']
1038
+ ? apbct_alt_session__get('apbct_page_hits')
1039
+ : filter_input(INPUT_COOKIE, 'apbct_page_hits');
1040
+ // Set / Increase
1041
+ $page_hits = intval($page_hits) ? $page_hits + 1 : 1;
1042
+
1043
+ $apbct->settings['set_cookies__sessions']
1044
+ ? apbct_alt_session__save('apbct_page_hits', $page_hits)
1045
+ : setcookie('apbct_page_hits', $page_hits, 0, '/', $domain, false, true);
1046
+
1047
+ $cookie_test_value['cookies_names'][] = 'apbct_page_hits';
1048
+ $cookie_test_value['check_value'] .= $page_hits;
1049
+
1050
+ // Cookies test
1051
+ $cookie_test_value['check_value'] = md5($cookie_test_value['check_value']);
1052
+ if(!$apbct->settings['set_cookies__sessions'])
1053
+ setcookie('apbct_cookies_test', urlencode(json_encode($cookie_test_value)), 0, '/', $domain, false, true);
1054
+
1055
+ $apbct->flags__cookies_setuped = true;
1056
+
1057
+ }
1058
+
1059
  /**
1060
  * Cookies test for sender
1061
  * Also checks for valid timestamp in $_COOKIE['apbct_timestamp'] and other apbct_ COOKIES
1065
  {
1066
  global $apbct;
1067
 
1068
+ if($apbct->settings['set_cookies__sessions'])
1069
+ return 1;
1070
+
1071
  if(isset($_COOKIE['apbct_cookies_test'])){
1072
 
1073
  $cookie_test = json_decode(urldecode($_COOKIE['apbct_cookies_test']),true);
1078
  $check_srting = $apbct->api_key;
1079
  foreach($cookie_test['cookies_names'] as $cookie_name){
1080
  $check_srting .= isset($_COOKIE[$cookie_name]) ? $_COOKIE[$cookie_name] : '';
1081
+ } unset($cookie_name);
1082
 
1083
  if($cookie_test['check_value'] == md5($check_srting)){
1084
  return 1;
1113
  */
1114
  function apbct_get_submit_time()
1115
  {
1116
+ global $apbct;
1117
+ $apbct_timestamp = $apbct->settings['set_cookies__sessions']
1118
+ ? apbct_alt_session__get('apbct_timestamp')
1119
+ : filter_input(INPUT_COOKIE, 'apbct_timestamp');
1120
+ return apbct_cookies_test() == 1 ? time() - (int)$apbct_timestamp : null;
1121
  }
1122
 
1123
  function apbct_is_user_logged_in(){
1124
+ return count($_COOKIE) && defined('LOGGED_IN_COOKIE') && isset($_COOKIE[LOGGED_IN_COOKIE]);
 
 
 
 
 
 
 
1125
  }
1126
 
1127
  /*
inc/cleantalk-ajax.php CHANGED
@@ -157,7 +157,7 @@ function ct_validate_email_ajaxlogin($email=null, $is_ajax=true){
157
  'sender_email' => $email,
158
  'sender_nickname' => '',
159
  'sender_info' => $sender_info,
160
- 'checkjs' => $checkjs,
161
  ),
162
  true
163
  );
@@ -208,7 +208,7 @@ function ct_user_register_ajaxlogin($user_id)
208
  'sender_email' => sanitize_email($_POST['email']),
209
  'sender_nickname' => sanitize_email($_POST['login']),
210
  'sender_info' => $sender_info,
211
- 'checkjs' => $checkjs,
212
  ),
213
  true
214
  );
@@ -276,6 +276,10 @@ function ct_ajax_hook($message_obj = false, $additional = false)
276
  'wppb_msf_check_required_fields', //ProfileBuilder skip step checking
277
  'boss_we_login', //Login form
278
  'sidebar_login_process', // Login CF7
 
 
 
 
279
  );
280
 
281
  //General post_info for all ajax calls
@@ -352,6 +356,9 @@ function ct_ajax_hook($message_obj = false, $additional = false)
352
  // Mailpoet fix
353
  if (isset($message['wysijaData'], $message['wysijaplugin'], $message['task'], $message['controller']) && $message['wysijaplugin'] == 'wysija-newsletters' && $message['controller'] == 'campaigns')
354
  return false;
 
 
 
355
 
356
  // WP Foto Vote Fix
357
  if (!empty($_FILES)){
@@ -386,7 +393,7 @@ function ct_ajax_hook($message_obj = false, $additional = false)
386
  'sender_nickname' => $sender_nickname,
387
  'sender_info' => array('post_checkjs_passed' => $checkjs),
388
  'post_info' => $post_info,
389
- 'checkjs' => $checkjs,
390
  )
391
  );
392
  $ct_result = $base_call_result['ct_result'];
157
  'sender_email' => $email,
158
  'sender_nickname' => '',
159
  'sender_info' => $sender_info,
160
+ 'js_on' => $checkjs,
161
  ),
162
  true
163
  );
208
  'sender_email' => sanitize_email($_POST['email']),
209
  'sender_nickname' => sanitize_email($_POST['login']),
210
  'sender_info' => $sender_info,
211
+ 'js_on' => $checkjs,
212
  ),
213
  true
214
  );
276
  'wppb_msf_check_required_fields', //ProfileBuilder skip step checking
277
  'boss_we_login', //Login form
278
  'sidebar_login_process', // Login CF7
279
+ 'cp_update_style_settings', // Convert Pro. Saving settings
280
+ 'updraft_savesettings', // UpdraftPlus
281
+ 'wpdUpdateAutomatically', //Comments update
282
+ 'upload-attachment', // Skip ulpload attachments
283
  );
284
 
285
  //General post_info for all ajax calls
356
  // Mailpoet fix
357
  if (isset($message['wysijaData'], $message['wysijaplugin'], $message['task'], $message['controller']) && $message['wysijaplugin'] == 'wysija-newsletters' && $message['controller'] == 'campaigns')
358
  return false;
359
+ // Mailpoet3 admin skip fix
360
+ if (isset($_POST['action'], $_POST['method']) && $_POST['action'] == 'mailpoet' && $_POST['method'] =='save')
361
+ return false;
362
 
363
  // WP Foto Vote Fix
364
  if (!empty($_FILES)){
393
  'sender_nickname' => $sender_nickname,
394
  'sender_info' => array('post_checkjs_passed' => $checkjs),
395
  'post_info' => $post_info,
396
+ 'js_on' => $checkjs,
397
  )
398
  );
399
  $ct_result = $base_call_result['ct_result'];
inc/cleantalk-common.php CHANGED
@@ -79,46 +79,49 @@ function apbct_base_call($params = array(), $reg_flag = false){
79
  global $apbct;
80
 
81
  $sender_info = !empty($params['sender_info'])
82
- ? array_merge(apbct_get_sender_info(), (array) $params['sender_info'])
83
  : apbct_get_sender_info();
84
 
85
- $config = ct_get_server();
86
-
87
- $ct_request = new CleantalkRequest();
88
 
89
- // IPs
90
- $ct_request->sender_ip = defined('CT_TEST_IP') ? CT_TEST_IP : (isset($params['sender_ip']) ? $params['sender_ip'] : CleantalkHelper::ip_get(array('real'), false));
91
- $ct_request->x_forwarded_for = CleantalkHelper::ip_get(array('x_forwarded_for'), false);
92
- $ct_request->x_real_ip = CleantalkHelper::ip_get(array('x_real_ip'), false);
 
 
 
 
 
 
 
 
 
 
 
93
 
94
- // Misc
95
- $ct_request->auth_key = $apbct->api_key;
96
- $ct_request->message = !empty($params['message']) ? serialize(ct_filter_array($params['message'])) : null;
97
- $ct_request->example = !empty($params['example']) ? $params['example'] : null;
98
- $ct_request->sender_email = !empty($params['sender_email']) ? $params['sender_email'] : null;
99
- $ct_request->sender_nickname = !empty($params['sender_nickname']) ? $params['sender_nickname'] : null;
100
- $ct_request->post_info = isset($params['post_info']) ? json_encode($params['post_info']) : null;
101
- $ct_request->js_on = isset($params['checkjs']) ? $params['checkjs'] : apbct_js_test('ct_checkjs', $_COOKIE, true);
102
- $ct_request->agent = CLEANTALK_AGENT;
103
- $ct_request->sender_info = json_encode($sender_info);
104
- $ct_request->submit_time = apbct_get_submit_time();
105
 
106
  $ct = new Cleantalk();
107
 
108
  $ct->use_bultin_api = $apbct->settings['use_buitin_http_api'] ? true : false;
109
  $ct->ssl_on = $apbct->settings['ssl_on'];
110
  $ct->ssl_path = APBCT_CASERT_PATH;
111
- $ct->server_url = $config['ct_work_url'];
112
- $ct->server_ttl = $config['ct_server_ttl'];
113
  // Options store url without shceme because of DB error with ''://'
114
- $ct->work_url = preg_match('/http/', $config['ct_work_url']) ? $config['ct_work_url'] : 'http://'.$config['ct_work_url'];
 
 
 
115
  $ct->server_changed = $config['ct_server_changed'];
116
 
117
- if($reg_flag){
118
- $ct_result = @$ct->isAllowUser($ct_request);
119
- }else{
120
- $ct_result = @$ct->isAllowMessage($ct_request);
121
- }
122
 
123
  if ($ct_result->errno === 0 && empty($ct_result->errstr))
124
  $apbct->data['connection_reports']['success']++;
@@ -167,6 +170,18 @@ function apbct_get_sender_info() {
167
  // Validate cookie from the backend
168
  $cookie_is_ok = apbct_cookies_test();
169
 
 
 
 
 
 
 
 
 
 
 
 
 
170
  if (count($_POST) > 0) {
171
  foreach ($_POST as $k => $v) {
172
  if (preg_match("/^(ct_check|checkjs).+/", $k)) {
@@ -184,14 +199,14 @@ function apbct_get_sender_info() {
184
 
185
  $site_referer = $apbct->settings['store_urls__sessions']
186
  ? apbct_alt_session__get('apbct_site_referer')
187
- : (array)json_decode(filter_input(INPUT_COOKIE, 'apbct_site_referer'), true);
188
 
189
  $urls = $apbct->settings['store_urls__sessions']
190
- ? apbct_alt_session__get('apbct_urls')
191
  : (array)json_decode(filter_input(INPUT_COOKIE, 'apbct_urls'), true);
192
 
193
  return array(
194
- 'remote_addr' => CleantalkHelper::ip_get(array('remote_addr'), false),
195
  'REFFERRER' => isset($_SERVER['HTTP_REFERER']) ? htmlspecialchars($_SERVER['HTTP_REFERER']) : null,
196
  'USER_AGENT' => isset($_SERVER['HTTP_USER_AGENT']) ? htmlspecialchars($_SERVER['HTTP_USER_AGENT']) : null,
197
  'page_url' => isset($_SERVER['SERVER_NAME'], $_SERVER['REQUEST_URI']) ? htmlspecialchars($_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI']) : null,
@@ -204,9 +219,9 @@ function apbct_get_sender_info() {
204
  'checkjs_data_post' => !empty($checkjs_data_post) ? $checkjs_data_post : null,
205
  // PHP cookies
206
  'cookies_enabled' => $cookie_is_ok,
207
- 'REFFERRER_PREVIOUS' => !empty($_COOKIE['apbct_prev_referer']) && $cookie_is_ok ? $_COOKIE['apbct_prev_referer'] : null,
208
- 'site_landing_ts' => !empty($_COOKIE['apbct_site_landing_ts']) && $cookie_is_ok ? $_COOKIE['apbct_site_landing_ts'] : null,
209
- 'page_hits' => !empty($_COOKIE['apbct_page_hits']) ? $_COOKIE['apbct_page_hits'] : null,
210
  // JS cookies
211
  'js_info' => !empty($_COOKIE['ct_user_info']) ? json_decode(stripslashes($_COOKIE['ct_user_info']), true) : null,
212
  'mouse_cursor_positions' => !empty($_COOKIE['ct_pointer_data']) ? json_decode(stripslashes($_COOKIE['ct_pointer_data']), true) : null,
@@ -218,7 +233,6 @@ function apbct_get_sender_info() {
218
  // Misc
219
  'site_referer' => !empty($site_referer) ? $site_referer : null,
220
  'source_url' => !empty($urls) ? json_encode($urls) : null,
221
- //'validate_email_existence' => $apbct->settings['validate_email_existence'],
222
  // Debug stuff
223
  'amp_detected' => $amp_detected,
224
  );
@@ -255,7 +269,19 @@ function apbct_visibile_fields__process($visible_fields) {
255
  * Outputs JS key for AJAX-use only. Stops script.
256
  */
257
  function apbct_js_keys__get__ajax($direct_call = false){
258
- if(!$direct_call) check_ajax_referer('ct_secret_stuff');
 
 
 
 
 
 
 
 
 
 
 
 
259
  die(json_encode(array(
260
  'js_key' => ct_get_checkjs_value((bool)$_POST['random_key'])
261
  )));
@@ -396,21 +422,23 @@ function ct_send_feedback($feedback_request = null) {
396
  }
397
 
398
  if ($feedback_request !== null) {
399
-
400
- $config = ct_get_server();
 
 
 
 
 
401
 
402
  $ct = new Cleantalk();
403
 
404
- // Options store url without shceme because of DB error with ''://'
405
- $ct->work_url = preg_match('/http/', $config['ct_work_url']) ? $config['ct_work_url'] : 'http://'.$config['ct_work_url'];
406
- $ct->server_url = $apbct->settings['server'];
407
- $ct->server_ttl = $config['ct_server_ttl'];
408
- $ct->server_changed = $config['ct_server_changed'];
409
-
410
- $ct_request = new CleantalkRequest();
411
- $ct_request->auth_key = $apbct->api_key;
412
- $ct_request->feedback = $feedback_request;
413
-
414
  $ct->sendFeedback($ct_request);
415
 
416
  if ($ct->server_change) {
@@ -419,7 +447,7 @@ function ct_send_feedback($feedback_request = null) {
419
  array(
420
  'ct_work_url' => $ct->work_url,
421
  'ct_server_ttl' => $ct->server_ttl,
422
- 'ct_server_changed' => time()
423
  )
424
  );
425
  }
@@ -776,27 +804,27 @@ function check_ip_exclusions($exclusions = NULL){
776
  return false;
777
  }
778
 
779
- function ct_filter_array(&$array)
780
  {
781
  global $cleantalk_key_exclusions;
782
 
783
- if(isset($cleantalk_key_exclusions) && sizeof($cleantalk_key_exclusions) > 0){
784
 
785
- foreach($array as $key => $value){
786
 
787
  if(!is_array($value)){
788
  if(in_array($key,$cleantalk_key_exclusions)){
789
- unset($array[$key]);
790
  }
791
  }else{
792
- $array[$key] = ct_filter_array($value);
793
  }
794
  }
795
 
796
- return $array;
797
 
798
  }else{
799
- return $array;
800
  }
801
  }
802
 
79
  global $apbct;
80
 
81
  $sender_info = !empty($params['sender_info'])
82
+ ? CleantalkHelper::array_merge__save_numeric_keys__recursive(apbct_get_sender_info(), (array) $params['sender_info'])
83
  : apbct_get_sender_info();
84
 
85
+ !empty($params['message'])
86
+ ? $params['message'] = ct_filter_array($params['message'])
87
+ : null;
88
 
89
+ $default_params = array(
90
+
91
+ // IPs
92
+ 'sender_ip' => defined('CT_TEST_IP') ? CT_TEST_IP : (isset($params['sender_ip']) ? $params['sender_ip'] : CleantalkHelper::ip__get(array('real'), false)),
93
+ 'x_forwarded_for' => CleantalkHelper::ip__get(array('x_forwarded_for'), false),
94
+ 'x_real_ip' => CleantalkHelper::ip__get(array('x_real_ip'), false),
95
+
96
+ // Misc
97
+ 'auth_key' => $apbct->api_key,
98
+ 'js_on' => apbct_js_test('ct_checkjs', $_COOKIE, true) ? 1 : apbct_js_test('ct_checkjs', $_POST, true),
99
+
100
+ 'agent' => CLEANTALK_AGENT,
101
+ 'sender_info' => $sender_info,
102
+ 'submit_time' => apbct_get_submit_time(),
103
+ );
104
 
105
+ $ct_request = new CleantalkRequest(
106
+ CleantalkHelper::array_merge__save_numeric_keys__recursive($default_params, $params)
107
+ );
 
 
 
 
 
 
 
 
108
 
109
  $ct = new Cleantalk();
110
 
111
  $ct->use_bultin_api = $apbct->settings['use_buitin_http_api'] ? true : false;
112
  $ct->ssl_on = $apbct->settings['ssl_on'];
113
  $ct->ssl_path = APBCT_CASERT_PATH;
114
+
 
115
  // Options store url without shceme because of DB error with ''://'
116
+ $config = ct_get_server();
117
+ $ct->server_url = CLEANTALK_MODERATE_URL;
118
+ $ct->work_url = preg_match('/http:\/\/.+/', $config['ct_work_url']) ? $config['ct_work_url'] : null;
119
+ $ct->server_ttl = $config['ct_server_ttl'];
120
  $ct->server_changed = $config['ct_server_changed'];
121
 
122
+ $ct_result = $reg_flag
123
+ ? @$ct->isAllowUser($ct_request)
124
+ : @$ct->isAllowMessage($ct_request);
 
 
125
 
126
  if ($ct_result->errno === 0 && empty($ct_result->errstr))
127
  $apbct->data['connection_reports']['success']++;
170
  // Validate cookie from the backend
171
  $cookie_is_ok = apbct_cookies_test();
172
 
173
+ $referer_previous = $apbct->settings['set_cookies__sessions']
174
+ ? apbct_alt_session__get('apbct_prev_referer')
175
+ : filter_input(INPUT_COOKIE, 'apbct_prev_referer');
176
+
177
+ $site_landing_ts = $apbct->settings['set_cookies__sessions']
178
+ ? apbct_alt_session__get('apbct_site_landing_ts')
179
+ : filter_input(INPUT_COOKIE, 'apbct_site_landing_ts');
180
+
181
+ $page_hits = $apbct->settings['set_cookies__sessions']
182
+ ? apbct_alt_session__get('apbct_page_hits')
183
+ : filter_input(INPUT_COOKIE, 'apbct_page_hits');
184
+
185
  if (count($_POST) > 0) {
186
  foreach ($_POST as $k => $v) {
187
  if (preg_match("/^(ct_check|checkjs).+/", $k)) {
199
 
200
  $site_referer = $apbct->settings['store_urls__sessions']
201
  ? apbct_alt_session__get('apbct_site_referer')
202
+ : filter_input(INPUT_COOKIE, 'apbct_site_referer');
203
 
204
  $urls = $apbct->settings['store_urls__sessions']
205
+ ? (array)apbct_alt_session__get('apbct_urls')
206
  : (array)json_decode(filter_input(INPUT_COOKIE, 'apbct_urls'), true);
207
 
208
  return array(
209
+ 'remote_addr' => CleantalkHelper::ip__get(array('remote_addr'), false),
210
  'REFFERRER' => isset($_SERVER['HTTP_REFERER']) ? htmlspecialchars($_SERVER['HTTP_REFERER']) : null,
211
  'USER_AGENT' => isset($_SERVER['HTTP_USER_AGENT']) ? htmlspecialchars($_SERVER['HTTP_USER_AGENT']) : null,
212
  'page_url' => isset($_SERVER['SERVER_NAME'], $_SERVER['REQUEST_URI']) ? htmlspecialchars($_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI']) : null,
219
  'checkjs_data_post' => !empty($checkjs_data_post) ? $checkjs_data_post : null,
220
  // PHP cookies
221
  'cookies_enabled' => $cookie_is_ok,
222
+ 'REFFERRER_PREVIOUS' => !empty($referer_previous) && $cookie_is_ok ? $referer_previous : null,
223
+ 'site_landing_ts' => !empty($site_landing_ts) && $cookie_is_ok ? $site_landing_ts : null,
224
+ 'page_hits' => !empty($page_hits) ? $page_hits : null,
225
  // JS cookies
226
  'js_info' => !empty($_COOKIE['ct_user_info']) ? json_decode(stripslashes($_COOKIE['ct_user_info']), true) : null,
227
  'mouse_cursor_positions' => !empty($_COOKIE['ct_pointer_data']) ? json_decode(stripslashes($_COOKIE['ct_pointer_data']), true) : null,
233
  // Misc
234
  'site_referer' => !empty($site_referer) ? $site_referer : null,
235
  'source_url' => !empty($urls) ? json_encode($urls) : null,
 
236
  // Debug stuff
237
  'amp_detected' => $amp_detected,
238
  );
269
  * Outputs JS key for AJAX-use only. Stops script.
270
  */
271
  function apbct_js_keys__get__ajax($direct_call = false){
272
+ if(!$direct_call){
273
+ if(isset($_POST['_ajax_nonce'])){
274
+ if(!wp_verify_nonce($_POST['_ajax_nonce'], 'ct_secret_stuff')){
275
+ wp_doing_ajax()
276
+ ? wp_die( -1, 403 )
277
+ : die( '-1' );
278
+ }
279
+ }else{
280
+ wp_doing_ajax()
281
+ ? wp_die( -1, 403 )
282
+ : die( '-1' );
283
+ }
284
+ }
285
  die(json_encode(array(
286
  'js_key' => ct_get_checkjs_value((bool)$_POST['random_key'])
287
  )));
422
  }
423
 
424
  if ($feedback_request !== null) {
425
+
426
+ $ct_request = new CleantalkRequest(array(
427
+ // General
428
+ 'auth_key' => $apbct->api_key,
429
+ // Additional
430
+ 'feedback' => $feedback_request,
431
+ ));
432
 
433
  $ct = new Cleantalk();
434
 
435
+ // Server URL handling
436
+ $config = ct_get_server();
437
+ $ct->server_url = CLEANTALK_MODERATE_URL;
438
+ $ct->work_url = preg_match('/http:\/\/.+/', $config['ct_work_url']) ? $config['ct_work_url'] : null;
439
+ $ct->server_ttl = $config['ct_server_ttl'];
440
+ $ct->server_changed = $config['ct_server_changed'];
441
+
 
 
 
442
  $ct->sendFeedback($ct_request);
443
 
444
  if ($ct->server_change) {
447
  array(
448
  'ct_work_url' => $ct->work_url,
449
  'ct_server_ttl' => $ct->server_ttl,
450
+ 'ct_server_changed' => time(),
451
  )
452
  );
453
  }
804
  return false;
805
  }
806
 
807
+ function ct_filter_array(&$data)
808
  {
809
  global $cleantalk_key_exclusions;
810
 
811
+ if(isset($cleantalk_key_exclusions) && sizeof($cleantalk_key_exclusions) > 0 && is_array($data)){
812
 
813
+ foreach($data as $key => $value){
814
 
815
  if(!is_array($value)){
816
  if(in_array($key,$cleantalk_key_exclusions)){
817
+ unset($data[$key]);
818
  }
819
  }else{
820
+ $data[$key] = ct_filter_array($value);
821
  }
822
  }
823
 
824
+ return $data;
825
 
826
  }else{
827
+ return $data;
828
  }
829
  }
830
 
inc/cleantalk-public.php CHANGED
@@ -341,7 +341,7 @@ function ct_validate_ccf_submission($value, $field_id, $required){
341
  'sender_email' => $sender_email,
342
  'sender_nickname' => $sender_nickname,
343
  'post_info' => $post_info,
344
- 'checkjs' => $checkjs,
345
  'sender_info' => array('sender_url' => null),
346
  )
347
  );
@@ -389,7 +389,7 @@ function ct_woocommerce_wishlist_check($args){
389
  'sender_email' => $email,
390
  'sender_nickname' => $nickname,
391
  'post_info' => $post_info,
392
- 'checkjs' => $checkjs,
393
  'sender_info' => array('sender_url' => null),
394
  )
395
  );
@@ -435,7 +435,7 @@ function apbct_integration__buddyPres__activityWall( $is_spam, $activity_obj = n
435
  'post_url' => 'buddypress_activitywall',
436
  'comment_type' => isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : null,
437
  ),
438
- 'checkjs' => apbct_js_test('ct_checkjs', $_COOKIE, true),
439
  'sender_info' => array('sender_url' => null),
440
  )
441
  );
@@ -528,7 +528,7 @@ function apbct_integration__buddyPres__private_msg_check( $bp_message_obj){
528
  'comment_type' => 'buddypress_comment',
529
  'post_url' => isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : null,
530
  ),
531
- 'checkjs' => apbct_js_test('ct_checkjs', $_COOKIE, true)
532
  ? apbct_js_test('ct_checkjs', $_COOKIE, true)
533
  : apbct_js_test('ct_checkjs', $_POST, true),
534
  'sender_info' => array('sender_url' => null),
@@ -575,7 +575,7 @@ function ct_pirate_forms_check(){
575
  'sender_email' => $sender_email,
576
  'sender_nickname' => $sender_nickname,
577
  'post_info' => $post_info,
578
- 'checkjs' => apbct_js_test('ct_checkjs', $_COOKIE, true),
579
  'sender_info' => array('sender_url' => null),
580
  )
581
  );
@@ -792,7 +792,7 @@ function ct_frm_validate_entry ($errors, $values) {
792
  'sender_email' => $sender_email,
793
  'sender_nickname' => $sender_nickname,
794
  'post_info' => array('comment_type' => 'contact_form_wordpress_formidable'),
795
- 'checkjs' => $checkjs
796
  )
797
  );
798
  $ct_result = $base_call_result['ct_result'];
@@ -853,7 +853,7 @@ function ct_bbp_new_pre_content ($comment) {
853
  'sender_email' => isset($_POST['bbp_anonymous_email']) ? $_POST['bbp_anonymous_email'] : null,
854
  'sender_nickname' => isset($_POST['bbp_anonymous_name']) ? $_POST['bbp_anonymous_name'] : null,
855
  'post_info' => $post_info,
856
- 'checkjs' => $checkjs,
857
  'sender_info' => array('sender_url' => isset($_POST['bbp_anonymous_website']) ? $_POST['bbp_anonymous_website'] : null),
858
  )
859
  );
@@ -1049,7 +1049,7 @@ function ct_preprocess_comment($comment) {
1049
  'sender_email' => $comment['comment_author_email'],
1050
  'sender_nickname' => $comment['comment_author'],
1051
  'post_info' => $post_info,
1052
- 'checkjs' => $checkjs,
1053
  'sender_info' => array(
1054
  'sender_url' => @$comment['comment_author_url'],
1055
  'form_validation' => !isset($apbct->validation_error)
@@ -1126,7 +1126,7 @@ function ct_preprocess_comment($comment) {
1126
  ($ct_result->fast_submit == 1 || $ct_result->blacklisted == 1 || $ct_result->js_disabled == 1)
1127
  ){
1128
  $apbct->sender_email = $comment['comment_author_email'];
1129
- $apbct->sender_ip = CleantalkHelper::ip_get(array('real'));
1130
  add_filter('comment_moderation_text', 'apbct_comment__Wordpress__changeMailNotification', 100, 2); // Comment sent to moderation
1131
  add_filter('comment_notification_text', 'apbct_comment__Wordpress__changeMailNotification', 100, 2); // Comment approved
1132
  }
@@ -1246,28 +1246,26 @@ function apbct_js_test($field_name = 'ct_checkjs', $data = null, $random_key = f
1246
 
1247
  global $apbct;
1248
 
1249
- $checkjs = null;
1250
- $js_post_value = null;
1251
 
1252
- if (!$data)
1253
- return $checkjs;
1254
-
1255
- if (isset($data[$field_name])) {
1256
-
1257
- $js_post_value = $data[$field_name];
1258
 
1259
- // Random key check
1260
- if ($random_key) {
1261
- $keys = $apbct->js_keys;
1262
- $checkjs = isset($keys[$js_post_value]) ? 1 : 0;
1263
- } else {
1264
- $ct_challenge = ct_get_checkjs_value();
1265
- $checkjs = preg_match("/$ct_challenge/", $js_post_value) ? 1 : 0;
1266
- }
1267
-
1268
- }
1269
 
1270
- return $checkjs;
 
 
 
 
 
 
 
 
 
 
 
 
 
1271
  }
1272
 
1273
  /**
@@ -1495,7 +1493,7 @@ function ct_test_message($nickname, $email, $ip, $text){
1495
  'sender_email' => $email,
1496
  'sender_nickname' => $nickname,
1497
  'post_info' => array('comment_type' => 'feedback_plugin_check'),
1498
- 'checkjs' => apbct_js_test('ct_checkjs', $_COOKIE, true),
1499
  )
1500
  );
1501
 
@@ -1531,7 +1529,7 @@ function ct_test_registration($nickname, $email, $ip){
1531
  'sender_email' => $email,
1532
  'sender_nickname' => $nickname,
1533
  'sender_info' => $sender_info,
1534
- 'checkjs' => $checkjs,
1535
  ),
1536
  true
1537
  );
@@ -1613,7 +1611,7 @@ function ct_registration_errors($errors, $sanitized_user_login = null, $user_ema
1613
  'sender_email' => $user_email,
1614
  'sender_nickname' => $sanitized_user_login,
1615
  'sender_info' => $sender_info,
1616
- 'checkjs' => $checkjs,
1617
  ),
1618
  true
1619
  );
@@ -1624,7 +1622,7 @@ function ct_registration_errors($errors, $sanitized_user_login = null, $user_ema
1624
  ($ct_result->fast_submit == 1 || $ct_result->blacklisted == 1 || $ct_result->js_disabled == 1)
1625
  ){
1626
  $apbct->sender_email = $user_email;
1627
- $apbct->sender_ip = CleantalkHelper::ip_get(array('real'));
1628
  add_filter('wp_new_user_notification_email_admin', 'apbct_registration__Wordpress__changeMailNotification', 100, 3);
1629
  }
1630
 
@@ -1798,7 +1796,7 @@ function ct_contact_form_is_spam($form) {
1798
  'sender_nickname' => $sender_nickname,
1799
  'post_info' => array('comment_type' => 'contact_form_wordpress_grunion'),
1800
  'sender_info' => array('sender_url' => @$form['comment_author_url']),
1801
- 'checkjs' => apbct_js_test($js_field_name, $_POST, true),
1802
  )
1803
  );
1804
  $ct_result = $base_call_result['ct_result'];
@@ -1928,7 +1926,7 @@ function apbct_form__contactForm7__testSpam($param) {
1928
  'message' => $message,
1929
  'sender_email' => $sender_email,
1930
  'sender_nickname' => $sender_nickname,
1931
- 'checkjs' => $checkjs,
1932
  'post_info' => array('comment_type' => 'contact_form_wordpress_cf7'),
1933
  'sender_info' => array(
1934
  'form_validation' => !isset($apbct->validation_error)
@@ -1948,7 +1946,7 @@ function apbct_form__contactForm7__testSpam($param) {
1948
  ($ct_result->fast_submit == 1 || $ct_result->blacklisted == 1 || $ct_result->js_disabled == 1)
1949
  ){
1950
  $apbct->sender_email = $sender_email;
1951
- $apbct->sender_ip = CleantalkHelper::ip_get(array('real'));
1952
  add_filter('wpcf7_mail_components', 'apbct_form__contactForm7__changeMailNotification');
1953
  }
1954
 
@@ -2049,7 +2047,7 @@ function apbct_form__ninjaForms__testSpam() {
2049
  'sender_email' => $sender_email,
2050
  'sender_nickname' => $sender_nickname,
2051
  'post_info' => array('comment_type' => 'contact_form_wordpress_ninja_froms'),
2052
- 'checkjs' => $checkjs,
2053
  )
2054
  );
2055
  $ct_result = $base_call_result['ct_result'];
@@ -2059,7 +2057,7 @@ function apbct_form__ninjaForms__testSpam() {
2059
  ($ct_result->fast_submit == 1 || $ct_result->blacklisted == 1 || $ct_result->js_disabled == 1)
2060
  ){
2061
  $apbct->sender_email = $sender_email;
2062
- $apbct->sender_ip = CleantalkHelper::ip_get(array('real'));
2063
  add_filter('ninja_forms_action_email_message', 'apbct_form__ninjaForms__changeMailNotification', 1, 3);
2064
  }
2065
 
@@ -2197,7 +2195,7 @@ function apbct_form__WPForms__testSpam() {
2197
  'sender_email' => $sender_email,
2198
  'sender_nickname' => $sender_nickname,
2199
  'post_info' => array('comment_type' => 'contact_form_wordpress_wp_forms'),
2200
- 'checkjs' => $checkjs,
2201
  )
2202
  );
2203
  $ct_result = $base_call_result['ct_result'];
@@ -2207,7 +2205,7 @@ function apbct_form__WPForms__testSpam() {
2207
  ($ct_result->fast_submit == 1 || $ct_result->blacklisted == 1 || $ct_result->js_disabled == 1)
2208
  ){
2209
  $apbct->sender_email = $sender_email;
2210
- $apbct->sender_ip = CleantalkHelper::ip_get(array('real'));
2211
  add_filter('wpforms_email_message', 'apbct_form__WPForms__changeMailNotification', 100, 2);
2212
  }
2213
 
@@ -2292,7 +2290,7 @@ function ct_si_contact_form_validate($form_errors = array(), $form_id_num = 0) {
2292
  'sender_email' => $sender_email,
2293
  'sender_nickname' => $sender_nickname,
2294
  'post_info' => array('comment_type' => 'contact_form_wordpress_fscf'),
2295
- 'checkjs' => apbct_js_test('ct_checkjs', $_POST, true),
2296
  )
2297
  );
2298
 
@@ -2461,7 +2459,7 @@ function apbct_form__gravityForms__testSpam($is_spam, $form, $entry) {
2461
  'sender_email' => $sender_email,
2462
  'sender_nickname' => $sender_nickname,
2463
  'post_info' => array('comment_type' => 'contact_form_wordpress_gravity_forms'),
2464
- 'checkjs' => $checkjs,
2465
  )
2466
  );
2467
 
@@ -2595,7 +2593,8 @@ function ct_contact_form_validate() {
2595
  if(strpos($_SERVER['REQUEST_URI'], 'wc-ajax=checkout') !== false ||
2596
  strpos($_SERVER['REQUEST_URI'], 'wc-ajax=update_order_review') !== false ||
2597
  (isset($_POST['_wp_http_referer']) && strpos($_SERVER['REQUEST_URI'], 'wc-ajax=update_order_review') !== false) ||
2598
- !empty($_POST['woocommerce_checkout_place_order'])
 
2599
  ){
2600
  $post_info['comment_type'] = 'order';
2601
  if($apbct->settings['wc_checkout_test'] == 0){
341
  'sender_email' => $sender_email,
342
  'sender_nickname' => $sender_nickname,
343
  'post_info' => $post_info,
344
+ 'js_on' => $checkjs,
345
  'sender_info' => array('sender_url' => null),
346
  )
347
  );
389
  'sender_email' => $email,
390
  'sender_nickname' => $nickname,
391
  'post_info' => $post_info,
392
+ 'js_on' => $checkjs,
393
  'sender_info' => array('sender_url' => null),
394
  )
395
  );
435
  'post_url' => 'buddypress_activitywall',
436
  'comment_type' => isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : null,
437
  ),
438
+ 'js_on' => apbct_js_test('ct_checkjs', $_COOKIE, true),
439
  'sender_info' => array('sender_url' => null),
440
  )
441
  );
528
  'comment_type' => 'buddypress_comment',
529
  'post_url' => isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : null,
530
  ),
531
+ 'js_on' => apbct_js_test('ct_checkjs', $_COOKIE, true)
532
  ? apbct_js_test('ct_checkjs', $_COOKIE, true)
533
  : apbct_js_test('ct_checkjs', $_POST, true),
534
  'sender_info' => array('sender_url' => null),
575
  'sender_email' => $sender_email,
576
  'sender_nickname' => $sender_nickname,
577
  'post_info' => $post_info,
578
+ 'js_on' => apbct_js_test('ct_checkjs', $_COOKIE, true),
579
  'sender_info' => array('sender_url' => null),
580
  )
581
  );
792
  'sender_email' => $sender_email,
793
  'sender_nickname' => $sender_nickname,
794
  'post_info' => array('comment_type' => 'contact_form_wordpress_formidable'),
795
+ 'js_on' => $checkjs
796
  )
797
  );
798
  $ct_result = $base_call_result['ct_result'];
853
  'sender_email' => isset($_POST['bbp_anonymous_email']) ? $_POST['bbp_anonymous_email'] : null,
854
  'sender_nickname' => isset($_POST['bbp_anonymous_name']) ? $_POST['bbp_anonymous_name'] : null,
855
  'post_info' => $post_info,
856
+ 'js_on' => $checkjs,
857
  'sender_info' => array('sender_url' => isset($_POST['bbp_anonymous_website']) ? $_POST['bbp_anonymous_website'] : null),
858
  )
859
  );
1049
  'sender_email' => $comment['comment_author_email'],
1050
  'sender_nickname' => $comment['comment_author'],
1051
  'post_info' => $post_info,
1052
+ 'js_on' => $checkjs,
1053
  'sender_info' => array(
1054
  'sender_url' => @$comment['comment_author_url'],
1055
  'form_validation' => !isset($apbct->validation_error)
1126
  ($ct_result->fast_submit == 1 || $ct_result->blacklisted == 1 || $ct_result->js_disabled == 1)
1127
  ){
1128
  $apbct->sender_email = $comment['comment_author_email'];
1129
+ $apbct->sender_ip = CleantalkHelper::ip__get(array('real'));
1130
  add_filter('comment_moderation_text', 'apbct_comment__Wordpress__changeMailNotification', 100, 2); // Comment sent to moderation
1131
  add_filter('comment_notification_text', 'apbct_comment__Wordpress__changeMailNotification', 100, 2); // Comment approved
1132
  }
1246
 
1247
  global $apbct;
1248
 
1249
+ $out = null;
 
1250
 
1251
+ if ($data){
 
 
 
 
 
1252
 
1253
+ if (isset($data[$field_name])) {
 
 
 
 
 
 
 
 
 
1254
 
1255
+ $js_key = $data[$field_name];
1256
+
1257
+ // Random key check
1258
+ if ($random_key) {
1259
+ $k = $apbct->js_keys;
1260
+ $out = array_key_exists($js_key, $apbct->js_keys) ? 1 : 0;
1261
+ } else {
1262
+ $ct_challenge = ct_get_checkjs_value();
1263
+ $out = preg_match("/$ct_challenge/", $js_key) ? 1 : 0;
1264
+ }
1265
+ }
1266
+ }
1267
+
1268
+ return $out;
1269
  }
1270
 
1271
  /**
1493
  'sender_email' => $email,
1494
  'sender_nickname' => $nickname,
1495
  'post_info' => array('comment_type' => 'feedback_plugin_check'),
1496
+ 'js_on' => apbct_js_test('ct_checkjs', $_COOKIE, true),
1497
  )
1498
  );
1499
 
1529
  'sender_email' => $email,
1530
  'sender_nickname' => $nickname,
1531
  'sender_info' => $sender_info,
1532
+ 'js_on' => $checkjs,
1533
  ),
1534
  true
1535
  );
1611
  'sender_email' => $user_email,
1612
  'sender_nickname' => $sanitized_user_login,
1613
  'sender_info' => $sender_info,
1614
+ 'js_on' => $checkjs,
1615
  ),
1616
  true
1617
  );
1622
  ($ct_result->fast_submit == 1 || $ct_result->blacklisted == 1 || $ct_result->js_disabled == 1)
1623
  ){
1624
  $apbct->sender_email = $user_email;
1625
+ $apbct->sender_ip = CleantalkHelper::ip__get(array('real'));
1626
  add_filter('wp_new_user_notification_email_admin', 'apbct_registration__Wordpress__changeMailNotification', 100, 3);
1627
  }
1628
 
1796
  'sender_nickname' => $sender_nickname,
1797
  'post_info' => array('comment_type' => 'contact_form_wordpress_grunion'),
1798
  'sender_info' => array('sender_url' => @$form['comment_author_url']),
1799
+ 'js_on' => apbct_js_test($js_field_name, $_POST, true),
1800
  )
1801
  );
1802
  $ct_result = $base_call_result['ct_result'];
1926
  'message' => $message,
1927
  'sender_email' => $sender_email,
1928
  'sender_nickname' => $sender_nickname,
1929
+ 'js_on' => $checkjs,
1930
  'post_info' => array('comment_type' => 'contact_form_wordpress_cf7'),
1931
  'sender_info' => array(
1932
  'form_validation' => !isset($apbct->validation_error)
1946
  ($ct_result->fast_submit == 1 || $ct_result->blacklisted == 1 || $ct_result->js_disabled == 1)
1947
  ){
1948
  $apbct->sender_email = $sender_email;
1949
+ $apbct->sender_ip = CleantalkHelper::ip__get(array('real'));
1950
  add_filter('wpcf7_mail_components', 'apbct_form__contactForm7__changeMailNotification');
1951
  }
1952
 
2047
  'sender_email' => $sender_email,
2048
  'sender_nickname' => $sender_nickname,
2049
  'post_info' => array('comment_type' => 'contact_form_wordpress_ninja_froms'),
2050
+ 'js_on' => $checkjs,
2051
  )
2052
  );
2053
  $ct_result = $base_call_result['ct_result'];
2057
  ($ct_result->fast_submit == 1 || $ct_result->blacklisted == 1 || $ct_result->js_disabled == 1)
2058
  ){
2059
  $apbct->sender_email = $sender_email;
2060
+ $apbct->sender_ip = CleantalkHelper::ip__get(array('real'));
2061
  add_filter('ninja_forms_action_email_message', 'apbct_form__ninjaForms__changeMailNotification', 1, 3);
2062
  }
2063
 
2195
  'sender_email' => $sender_email,
2196
  'sender_nickname' => $sender_nickname,
2197
  'post_info' => array('comment_type' => 'contact_form_wordpress_wp_forms'),
2198
+ 'js_on' => $checkjs,
2199
  )
2200
  );
2201
  $ct_result = $base_call_result['ct_result'];
2205
  ($ct_result->fast_submit == 1 || $ct_result->blacklisted == 1 || $ct_result->js_disabled == 1)
2206
  ){
2207
  $apbct->sender_email = $sender_email;
2208
+ $apbct->sender_ip = CleantalkHelper::ip__get(array('real'));
2209
  add_filter('wpforms_email_message', 'apbct_form__WPForms__changeMailNotification', 100, 2);
2210
  }
2211
 
2290
  'sender_email' => $sender_email,
2291
  'sender_nickname' => $sender_nickname,
2292
  'post_info' => array('comment_type' => 'contact_form_wordpress_fscf'),
2293
+ 'js_on' => apbct_js_test('ct_checkjs', $_POST, true),
2294
  )
2295
  );
2296
 
2459
  'sender_email' => $sender_email,
2460
  'sender_nickname' => $sender_nickname,
2461
  'post_info' => array('comment_type' => 'contact_form_wordpress_gravity_forms'),
2462
+ 'js_on' => $checkjs,
2463
  )
2464
  );
2465
 
2593
  if(strpos($_SERVER['REQUEST_URI'], 'wc-ajax=checkout') !== false ||
2594
  strpos($_SERVER['REQUEST_URI'], 'wc-ajax=update_order_review') !== false ||
2595
  (isset($_POST['_wp_http_referer']) && strpos($_SERVER['REQUEST_URI'], 'wc-ajax=update_order_review') !== false) ||
2596
+ !empty($_POST['woocommerce_checkout_place_order']) ||
2597
+ strpos($_SERVER['REQUEST_URI'], 'wc-ajax=wc_ppec_start_checkout') !== false
2598
  ){
2599
  $post_info['comment_type'] = 'order';
2600
  if($apbct->settings['wc_checkout_test'] == 0){
inc/cleantalk-settings.php CHANGED
@@ -210,6 +210,13 @@ function apbct_settings__add_page() {
210
  'set_cookies' => array(
211
  'title' => __("Set cookies", 'cleantalk'),
212
  'description' => __('Turn this option off to deny plugin generates any cookies on website front-end. This option is helpful if you use Varnish. But most of contact forms will not be protected if the option is turned off! <b>Warning: We strongly recommend you to enable this otherwise it could cause false positives spam detection.</b>', 'cleantalk'),
 
 
 
 
 
 
 
213
  ),
214
  'ssl_on' => array(
215
  'title' => __("Use SSL", 'cleantalk'),
@@ -297,7 +304,7 @@ function apbct_settings__add_page() {
297
  'store_urls__sessions' => array(
298
  'type' => 'checkbox',
299
  'title' => __('Use cookies less sessions', 'cleantalk'),
300
- 'description' => __('Doesn\'t use cookie or PHP sessions. Collect data for all type of bots.', 'cleantalk'),
301
  'parent' => 'store_urls',
302
  'class' => 'apbct_settings-field_wrapper--sub',
303
  ),
@@ -922,19 +929,26 @@ function apbct_settings__validate($settings) {
922
  // Auto getting key
923
  if (isset($_POST['submit']) && $_POST['submit'] == 'get_key_auto'){
924
 
925
- $website = parse_url(get_option('siteurl'), PHP_URL_HOST).parse_url(get_option('siteurl'), PHP_URL_PATH);
926
- $platform = 'wordpress';
927
- $timezone = isset($_POST['ct_admin_timezone']) ? $_POST['ct_admin_timezone'] : null;
928
- $language = !empty($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? $_SERVER['HTTP_ACCEPT_LANGUAGE'] : null;
929
- $ip = CleantalkHelper::ip_get(array('real'), false);
 
 
 
930
 
931
- if(!$apbct->white_label){
932
- $result = CleantalkAPI::method__get_api_key(ct_get_admin_email(), $website, $platform, $timezone, $language, $ip);
933
- }else{
934
- $white_label = 1;
935
- $hoster_api_key = defined('APBCT_HOSTER_API_KEY') ? APBCT_HOSTER_API_KEY : '';
936
- $result = CleantalkAPI::method__get_api_key(ct_get_admin_email(), $website, $platform, $timezone, $language, $ip, $white_label, $hoster_api_key);
937
- }
 
 
 
 
938
 
939
  if(empty($result['error'])){
940
 
210
  'set_cookies' => array(
211
  'title' => __("Set cookies", 'cleantalk'),
212
  'description' => __('Turn this option off to deny plugin generates any cookies on website front-end. This option is helpful if you use Varnish. But most of contact forms will not be protected if the option is turned off! <b>Warning: We strongly recommend you to enable this otherwise it could cause false positives spam detection.</b>', 'cleantalk'),
213
+ 'childrens' => array('set_cookies__sessions'),
214
+ ),
215
+ 'set_cookies__sessions' => array(
216
+ 'title' => __('Use alternative mechanism for cookies.', 'cleantalk'),
217
+ 'description' => __('Doesn\'t use cookie or PHP sessions. Collect data for all types of bots.', 'cleantalk'),
218
+ 'parent' => 'set_cookies',
219
+ 'class' => 'apbct_settings-field_wrapper--sub',
220
  ),
221
  'ssl_on' => array(
222
  'title' => __("Use SSL", 'cleantalk'),
304
  'store_urls__sessions' => array(
305
  'type' => 'checkbox',
306
  'title' => __('Use cookies less sessions', 'cleantalk'),
307
+ 'description' => __('Doesn\'t use cookie or PHP sessions. Collect data for all types of bots.', 'cleantalk'),
308
  'parent' => 'store_urls',
309
  'class' => 'apbct_settings-field_wrapper--sub',
310
  ),
929
  // Auto getting key
930
  if (isset($_POST['submit']) && $_POST['submit'] == 'get_key_auto'){
931
 
932
+ $website = parse_url(get_option('siteurl'), PHP_URL_HOST).parse_url(get_option('siteurl'), PHP_URL_PATH);
933
+ $platform = 'wordpress';
934
+ $user_ip = CleantalkHelper::ip__get(array('real'), false);
935
+ $timezone = filter_input(INPUT_POST, 'ct_admin_timezone');
936
+ $language = filter_input(INPUT_SERVER, 'HTTP_ACCEPT_LANGUAGE');
937
+ $wpms = APBCT_WPMS && defined('SUBDOMAIN_INSTALL') && !SUBDOMAIN_INSTALL ? true : false;
938
+ $white_label = $apbct->white_label ? 1 : 0;
939
+ $hoster_api_key = $apbct->white_label&& defined('APBCT_HOSTER_API_KEY') ? APBCT_HOSTER_API_KEY : '';
940
 
941
+ $result = CleantalkAPI::method__get_api_key(
942
+ ct_get_admin_email(),
943
+ $website,
944
+ $platform,
945
+ $timezone,
946
+ $language,
947
+ $user_ip,
948
+ $wpms,
949
+ $white_label,
950
+ $hoster_api_key
951
+ );
952
 
953
  if(empty($result['error'])){
954
 
inc/cleantalk-updater.php CHANGED
@@ -204,4 +204,14 @@ function apbct_update_to_5_116_2(){
204
  PRIMARY KEY (`id`, `name`(10)))
205
  ENGINE = MYISAM;'
206
  );
 
 
 
 
 
 
 
 
 
 
207
  }
204
  PRIMARY KEY (`id`, `name`(10)))
205
  ENGINE = MYISAM;'
206
  );
207
+ }
208
+
209
+ function apbct_update_to_5_118_0(){
210
+ global $wpdb;
211
+ $wpdb->query(
212
+ 'DELETE
213
+ FROM `'. APBCT_TBL_SESSIONS .'`
214
+ WHERE last_update < NOW() - INTERVAL '. APBCT_SEESION__LIVE_TIME .' SECOND;'
215
+ );
216
+ delete_option('cleantalk_server');
217
  }
lib/Cleantalk.php CHANGED
@@ -100,7 +100,6 @@ class Cleantalk {
100
  * @return type
101
  */
102
  public function isAllowMessage(CleantalkRequest $request) {
103
- $request = $this->filterRequest($request);
104
  $msg = $this->createMsg('check_message', $request);
105
  return $this->httpRequest($msg);
106
  }
@@ -111,7 +110,6 @@ class Cleantalk {
111
  * @return type
112
  */
113
  public function isAllowUser(CleantalkRequest $request) {
114
- $request = $this->filterRequest($request);
115
  $msg = $this->createMsg('check_newuser', $request);
116
  return $this->httpRequest($msg);
117
  }
@@ -123,36 +121,83 @@ class Cleantalk {
123
  * @return type
124
  */
125
  public function sendFeedback(CleantalkRequest $request) {
126
- $request = $this->filterRequest($request);
127
  $msg = $this->createMsg('send_feedback', $request);
128
  return $this->httpRequest($msg);
129
  }
130
-
131
  /**
132
- * Filter request params
 
133
  * @param CleantalkRequest $request
134
- * @return type
135
  */
136
- private function filterRequest(CleantalkRequest $request) {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
137
 
138
- // general and optional
139
  foreach ($request as $param => $value) {
 
 
 
 
 
 
 
 
 
140
 
141
- if($param == 'js_on') { if(!is_int($value)) { $request->$param = null; }}
142
- if($param == 'submit_time') { if(!is_int($value)) { $request->$param = null; }}
143
- if($param == 'message') { if(!is_string($value)) { $request->$param = null; }} // Should be array, but servers understand only JSON
144
- if($param == 'example') { if(!is_string($value)) { $request->$param = null; }} // Should be array, but servers understand only JSON
145
- if($param == 'sender_info') { if(!is_string($value)) { $request->$param = null; }} // Should be array, but servers understand only JSON
146
- if($param == 'post_info') { if(!is_string($value)) { $request->$param = null; }} // Should be array, but servers understand only JSON
147
- if($param == 'agent') { if(!is_string($value)) { $request->$param = null; }}
148
- if($param == 'sender_nickname') { if(!is_string($value)) { $request->$param = null; }}
149
- if($param == 'phone') { if(!is_string($value)) { $request->$param = null; }}
150
- if($param == 'sender_email') { if(!is_string($value)) { $request->$param = null; }}
151
- if($param == 'sender_ip') { if(!is_string($value)) { $request->$param = null; }}
152
 
153
- }
154
-
155
- return $request;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
156
  }
157
 
158
  /**
@@ -179,56 +224,164 @@ class Cleantalk {
179
 
180
  return $data;
181
  }
182
-
183
  /**
184
- * Create msg for cleantalk server
185
- * @param type $method
186
- * @param CleantalkRequest $request
187
- * @return \xmlrpcmsg
188
  */
189
- private function createMsg($method, CleantalkRequest $request) {
190
 
191
- switch ($method) {
192
- case 'check_message':
193
- // Convert strings to UTF8
194
- $request->message = CleantalkHelper::arrayToUTF8( (array)$request->message, $this->data_codepage);
195
- $request->example = CleantalkHelper::arrayToUTF8( (array)$request->example, $this->data_codepage);
196
- $request->sender_email = CleantalkHelper::stringToUTF8($request->sender_email, $this->data_codepage);
197
- $request->sender_nickname = CleantalkHelper::stringToUTF8($request->sender_nickname, $this->data_codepage);
198
 
199
- // $request->message = $this->compressData($request->message);
200
- // $request->example = $this->compressData($request->example);
201
- break;
 
 
 
 
 
 
 
 
202
 
203
- case 'check_newuser':
204
- // Convert strings to UTF8
205
- $request->sender_email = CleantalkHelper::stringToUTF8($request->sender_email, $this->data_codepage);
206
- $request->sender_nickname = CleantalkHelper::stringToUTF8($request->sender_nickname, $this->data_codepage);
207
- break;
208
 
209
- case 'send_feedback':
210
- if (is_array($request->feedback)) {
211
- $request->feedback = implode(';', $request->feedback);
212
- }
213
- break;
 
 
 
 
 
214
  }
215
-
216
- $request->method_name = $method;
217
-
218
- // Removing non UTF8 characters from request, because non UTF8 or malformed characters break json_encode().
219
- foreach ($request as $param => $value) {
220
- if(is_array($request->$param))
221
- $request->$param = CleantalkHelper::removeNonUTF8FromArray($value);
222
- if(is_string($request->$param) || is_int($request->$param))
223
- $request->$param = CleantalkHelper::removeNonUTF8FromString($value);
 
224
  }
225
 
226
- $request->message = is_array($request->message) ? json_encode($request->message) : $request->message;
 
 
 
 
 
 
 
 
 
 
 
227
 
228
- return $request;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
229
  }
230
 
231
  /**
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
232
  * Send JSON request to servers
233
  * @param $msg
234
  * @return boolean|\CleantalkResponse
@@ -254,7 +407,6 @@ class Cleantalk {
254
  $url = $url . $this->api_version;
255
  }
256
 
257
-
258
  $result = false;
259
  $curl_error = null;
260
 
@@ -365,205 +517,4 @@ class Cleantalk {
365
 
366
  return $response;
367
  }
368
-
369
- /**
370
- * httpRequest
371
- * @param $msg
372
- * @return boolean|\CleantalkResponse
373
- */
374
- private function httpRequest($msg) {
375
-
376
- // Wiping cleantalk's headers but, not for send_feedback
377
- if($msg->method_name != 'send_feedback'){
378
-
379
- $ct_tmp = apache_request_headers();
380
-
381
- if(isset($ct_tmp['Cookie']))
382
- $cookie_name = 'Cookie';
383
- elseif(isset($ct_tmp['cookie']))
384
- $cookie_name = 'cookie';
385
- else
386
- $cookie_name = 'COOKIE';
387
-
388
- $ct_tmp[$cookie_name] = preg_replace(array(
389
- '/\s?ct_checkjs=[a-z0-9]*[^;]*;?/',
390
- '/\s?ct_timezone=.{0,1}\d{1,2}[^;]*;?/',
391
- '/\s?ct_pointer_data=.*5D[^;]*;?/',
392
- '/\s?apbct_timestamp=\d*[^;]*;?/',
393
- '/\s?apbct_site_landing_ts=\d*[^;]*;?/',
394
- '/\s?apbct_cookies_test=%7B.*%7D[^;]*;?/',
395
- '/\s?apbct_prev_referer=http.*?[^;]*;?/',
396
- '/\s?ct_cookies_test=.*?[^;]*;?/',
397
- '/\s?ct_ps_timestamp=.*?[^;]*;?/',
398
- '/\s?ct_fkp_timestamp=\d*?[^;]*;?/',
399
- '/\s?ct_sfw_pass_key=\d*?[^;]*;?/',
400
- '/\s?apbct_page_hits=\d*?[^;]*;?/',
401
- '/\s?apbct_visible_fields_count=\d*?[^;]*;?/',
402
- '/\s?apbct_visible_fields=%7B.*%7D[^;]*;?/',
403
- ), '', $ct_tmp[$cookie_name]);
404
- $msg->all_headers = $ct_tmp;
405
- }
406
-
407
- $msg->all_headers = json_encode($msg->all_headers);
408
-
409
- // Using current server without changing it
410
- if (!empty($this->work_url) && ($this->server_changed + $this->server_ttl > time())){
411
-
412
- $url = !empty($this->work_url) ? $this->work_url : $this->server_url;
413
- $result = $this->sendRequest($msg, $url, $this->server_timeout);
414
-
415
- }else{
416
- $result = false;
417
- }
418
-
419
- // Changing server
420
- if ($result === false || $result->errno != 0) {
421
-
422
- // Split server url to parts
423
- preg_match("@^(https?://)([^/:]+)(.*)@i", $this->server_url, $matches);
424
-
425
- $url_prefix = isset($matches[1]) ? $matches[1] : '';
426
- $url_host = isset($matches[2]) ? $matches[2] : '';
427
- $url_suffix = isset($matches[3]) ? $matches[3] : '';
428
-
429
- if (empty($url_host)){
430
-
431
- return false;
432
-
433
- } else {
434
-
435
- $servers = $this->get_servers_ip($url_host);
436
-
437
- // Loop until find work server
438
- foreach ($servers as $server) {
439
-
440
- $this->work_url = $url_prefix . $server['ip'] . $url_suffix;
441
- $this->server_ttl = $server['ttl'];
442
-
443
- $result = $this->sendRequest($msg, $this->work_url, $this->server_timeout);
444
-
445
- if ($result !== false && $result->errno === 0) {
446
- $this->server_change = true;
447
- break;
448
- }
449
- }
450
- }
451
- }
452
-
453
- $response = new CleantalkResponse(null, $result);
454
-
455
- if (!empty($this->data_codepage) && $this->data_codepage !== 'UTF-8') {
456
- if (!empty($response->comment))
457
- $response->comment = $this->stringFromUTF8($response->comment, $this->data_codepage);
458
- if (!empty($response->errstr))
459
- $response->errstr = $this->stringFromUTF8($response->errstr, $this->data_codepage);
460
- if (!empty($response->sms_error_text))
461
- $response->sms_error_text = $this->stringFromUTF8($response->sms_error_text, $this->data_codepage);
462
- }
463
-
464
- return $response;
465
- }
466
-
467
- /**
468
- * Function DNS request
469
- * @param $host
470
- * @return array
471
- */
472
- public function get_servers_ip($host)
473
- {
474
- if (!isset($host))
475
- return null;
476
-
477
- $servers = array();
478
-
479
- // Get DNS records about URL
480
- if (function_exists('dns_get_record')) {
481
- $records = dns_get_record($host, DNS_A);
482
- if ($records !== FALSE) {
483
- foreach ($records as $server) {
484
- $servers[] = $server;
485
- }
486
- }
487
- }
488
-
489
- // Another try if first failed
490
- if (count($servers) == 0 && function_exists('gethostbynamel')) {
491
- $records = gethostbynamel($host);
492
- if ($records !== FALSE) {
493
- foreach ($records as $server) {
494
- $servers[] = array(
495
- "ip" => $server,
496
- "host" => $host,
497
- "ttl" => $this->server_ttl
498
- );
499
- }
500
- }
501
- }
502
-
503
- // If couldn't get records
504
- if (count($servers) == 0){
505
-
506
- $servers[] = array(
507
- "ip" => null,
508
- "host" => $host,
509
- "ttl" => $this->server_ttl
510
- );
511
-
512
- // If records recieved
513
- } else {
514
-
515
- $tmp = null;
516
- $fast_server_found = false;
517
-
518
- foreach ($servers as $server) {
519
-
520
- if ($fast_server_found) {
521
- $ping = $this->max_server_timeout;
522
- } else {
523
- $ping = $this->httpPing($server['ip']);
524
- $ping = $ping * 1000;
525
- }
526
-
527
- $tmp[$ping] = $server;
528
-
529
- $fast_server_found = $ping < $this->min_server_timeout ? true : false;
530
-
531
- }
532
-
533
- if (count($tmp)){
534
- ksort($tmp);
535
- $response = $tmp;
536
- }
537
-
538
- }
539
-
540
- return empty($response) ? null : $response;
541
- }
542
-
543
- /**
544
- * Function to check response time
545
- * param string
546
- * @return int
547
- */
548
- function httpPing($host){
549
-
550
- // Skip localhost ping cause it raise error at fsockopen.
551
- // And return minimun value
552
- if ($host == 'localhost')
553
- return 0.001;
554
-
555
- $starttime = microtime(true);
556
- $file = @fsockopen ($host, 80, $errno, $errstr, $this->max_server_timeout/1000);
557
- $stoptime = microtime(true);
558
-
559
- if (!$file) {
560
- $status = $this->max_server_timeout/1000; // Site is down
561
- } else {
562
- fclose($file);
563
- $status = ($stoptime - $starttime);
564
- $status = round($status, 4);
565
- }
566
-
567
- return $status;
568
- }
569
  }
100
  * @return type
101
  */
102
  public function isAllowMessage(CleantalkRequest $request) {
 
103
  $msg = $this->createMsg('check_message', $request);
104
  return $this->httpRequest($msg);
105
  }
110
  * @return type
111
  */
112
  public function isAllowUser(CleantalkRequest $request) {
 
113
  $msg = $this->createMsg('check_newuser', $request);
114
  return $this->httpRequest($msg);
115
  }
121
  * @return type
122
  */
123
  public function sendFeedback(CleantalkRequest $request) {
 
124
  $msg = $this->createMsg('send_feedback', $request);
125
  return $this->httpRequest($msg);
126
  }
127
+
128
  /**
129
+ * Create msg for cleantalk server
130
+ * @param type $method
131
  * @param CleantalkRequest $request
132
+ * @return \xmlrpcmsg
133
  */
134
+ private function createMsg($method, CleantalkRequest $request) {
135
+
136
+ switch ($method) {
137
+ case 'check_message':
138
+ // Convert strings to UTF8
139
+ $request->message = CleantalkHelper::toUTF8($request->message, $this->data_codepage);
140
+ $request->example = CleantalkHelper::toUTF8($request->example, $this->data_codepage);
141
+ $request->sender_email = CleantalkHelper::toUTF8($request->sender_email, $this->data_codepage);
142
+ $request->sender_nickname = CleantalkHelper::toUTF8($request->sender_nickname, $this->data_codepage);
143
+ $request->message = $this->compressData($request->message);
144
+ $request->example = $this->compressData($request->example);
145
+ break;
146
+
147
+ case 'check_newuser':
148
+ // Convert strings to UTF8
149
+ $request->sender_email = CleantalkHelper::toUTF8($request->sender_email, $this->data_codepage);
150
+ $request->sender_nickname = CleantalkHelper::toUTF8($request->sender_nickname, $this->data_codepage);
151
+ break;
152
+
153
+ case 'send_feedback':
154
+ if (is_array($request->feedback)) {
155
+ $request->feedback = implode(';', $request->feedback);
156
+ }
157
+ break;
158
+ }
159
 
160
+ // Removing non UTF8 characters from request, because non UTF8 or malformed characters break json_encode().
161
  foreach ($request as $param => $value) {
162
+ if(is_array($request->$param) || is_string($request->$param))
163
+ $request->$param = CleantalkHelper::removeNonUTF8($value);
164
+ }
165
+
166
+ $request->method_name = $method;
167
+ $request->message = is_array($request->message) ? json_encode($request->message) : $request->message;
168
+
169
+ // Wiping cleantalk's headers but, not for send_feedback
170
+ if($request->method_name != 'send_feedback'){
171
 
172
+ $ct_tmp = apache_request_headers();
 
 
 
 
 
 
 
 
 
 
173
 
174
+ if(isset($ct_tmp['Cookie']))
175
+ $cookie_name = 'Cookie';
176
+ elseif(isset($ct_tmp['cookie']))
177
+ $cookie_name = 'cookie';
178
+ else
179
+ $cookie_name = 'COOKIE';
180
+
181
+ $ct_tmp[$cookie_name] = preg_replace(array(
182
+ '/\s?ct_checkjs=[a-z0-9]*[^;]*;?/',
183
+ '/\s?ct_timezone=.{0,1}\d{1,2}[^;]*;?/',
184
+ '/\s?ct_pointer_data=.*5D[^;]*;?/',
185
+ '/\s?apbct_timestamp=\d*[^;]*;?/',
186
+ '/\s?apbct_site_landing_ts=\d*[^;]*;?/',
187
+ '/\s?apbct_cookies_test=%7B.*%7D[^;]*;?/',
188
+ '/\s?apbct_prev_referer=http.*?[^;]*;?/',
189
+ '/\s?ct_cookies_test=.*?[^;]*;?/',
190
+ '/\s?ct_ps_timestamp=.*?[^;]*;?/',
191
+ '/\s?ct_fkp_timestamp=\d*?[^;]*;?/',
192
+ '/\s?ct_sfw_pass_key=\d*?[^;]*;?/',
193
+ '/\s?apbct_page_hits=\d*?[^;]*;?/',
194
+ '/\s?apbct_visible_fields_count=\d*?[^;]*;?/',
195
+ '/\s?apbct_visible_fields=%7B.*%7D[^;]*;?/',
196
+ ), '', $ct_tmp[$cookie_name]);
197
+ $request->all_headers = json_encode($ct_tmp);
198
+ }
199
+
200
+ return $request;
201
  }
202
 
203
  /**
224
 
225
  return $data;
226
  }
227
+
228
  /**
229
+ * httpRequest
230
+ * @param $msg
231
+ * @return boolean|\CleantalkResponse
 
232
  */
233
+ private function httpRequest($msg) {
234
 
235
+ // Using current server without changing it
236
+ $result = !empty($this->work_url) && ($this->server_changed + $this->server_ttl > time())
237
+ ? $this->sendRequest($msg, $this->work_url, $this->server_timeout)
238
+ : false;
 
 
 
239
 
240
+ // Changing server
241
+ if ($result === false || (is_object($result) && $result->errno != 0)) {
242
+
243
+ // Split server url to parts
244
+ preg_match("/^(https?:\/\/)([^\/:]+)(.*)/i", $this->server_url, $matches);
245
+
246
+ $url_protocol = isset($matches[1]) ? $matches[1] : '';
247
+ $url_host = isset($matches[2]) ? $matches[2] : '';
248
+ $url_suffix = isset($matches[3]) ? $matches[3] : '';
249
+
250
+ $servers = $this->get_servers_ip($url_host);
251
 
252
+ // Loop until find work server
253
+ foreach ($servers as $server) {
 
 
 
254
 
255
+ $this->work_url = $url_protocol . $server['ip'] . $url_suffix;
256
+ $this->server_ttl = $server['ttl'];
257
+
258
+ $result = $this->sendRequest($msg, $this->work_url, $this->server_timeout);
259
+
260
+ if ($result !== false && $result->errno === 0) {
261
+ $this->server_change = true;
262
+ break;
263
+ }
264
+ }
265
  }
266
+
267
+ $response = new CleantalkResponse(null, $result);
268
+
269
+ if (!empty($this->data_codepage) && $this->data_codepage !== 'UTF-8') {
270
+ if (!empty($response->comment))
271
+ $response->comment = $this->stringFromUTF8($response->comment, $this->data_codepage);
272
+ if (!empty($response->errstr))
273
+ $response->errstr = $this->stringFromUTF8($response->errstr, $this->data_codepage);
274
+ if (!empty($response->sms_error_text))
275
+ $response->sms_error_text = $this->stringFromUTF8($response->sms_error_text, $this->data_codepage);
276
  }
277
 
278
+ return $response;
279
+ }
280
+
281
+ /**
282
+ * Function DNS request
283
+ * @param $host
284
+ * @return array
285
+ */
286
+ public function get_servers_ip($host)
287
+ {
288
+ if (!isset($host))
289
+ return null;
290
 
291
+ $servers = array();
292
+
293
+ // Get DNS records about URL
294
+ if (function_exists('dns_get_record')) {
295
+ $records = dns_get_record($host, DNS_A);
296
+ if ($records !== FALSE) {
297
+ foreach ($records as $server) {
298
+ $servers[] = $server;
299
+ }
300
+ }
301
+ }
302
+
303
+ // Another try if first failed
304
+ if (count($servers) == 0 && function_exists('gethostbynamel')) {
305
+ $records = gethostbynamel($host);
306
+ if ($records !== FALSE) {
307
+ foreach ($records as $server) {
308
+ $servers[] = array(
309
+ "ip" => $server,
310
+ "host" => $host,
311
+ "ttl" => $this->server_ttl
312
+ );
313
+ }
314
+ }
315
+ }
316
+
317
+ // If couldn't get records
318
+ if (count($servers) == 0){
319
+
320
+ $servers[] = array(
321
+ "ip" => null,
322
+ "host" => $host,
323
+ "ttl" => $this->server_ttl
324
+ );
325
+
326
+ // If records recieved
327
+ } else {
328
+
329
+ $tmp = null;
330
+ $fast_server_found = false;
331
+
332
+ foreach ($servers as $server) {
333
+
334
+ if ($fast_server_found) {
335
+ $ping = $this->max_server_timeout;
336
+ } else {
337
+ $ping = $this->httpPing($server['ip']);
338
+ $ping = $ping * 1000;
339
+ }
340
+
341
+ $tmp[$ping] = $server;
342
+
343
+ $fast_server_found = $ping < $this->min_server_timeout ? true : false;
344
+
345
+ }
346
+
347
+ if (count($tmp)){
348
+ ksort($tmp);
349
+ $response = $tmp;
350
+ }
351
+
352
+ }
353
+
354
+ return empty($response) ? null : $response;
355
  }
356
 
357
  /**
358
+ * Function to check response time
359
+ * param string
360
+ * @return int
361
+ */
362
+ function httpPing($host){
363
+
364
+ // Skip localhost ping cause it raise error at fsockopen.
365
+ // And return minimun value
366
+ if ($host == 'localhost')
367
+ return 0.001;
368
+
369
+ $starttime = microtime(true);
370
+ $file = @fsockopen ($host, 80, $errno, $errstr, $this->max_server_timeout/1000);
371
+ $stoptime = microtime(true);
372
+
373
+ if (!$file) {
374
+ $status = $this->max_server_timeout/1000; // Site is down
375
+ } else {
376
+ fclose($file);
377
+ $status = ($stoptime - $starttime);
378
+ $status = round($status, 4);
379
+ }
380
+
381
+ return $status;
382
+ }
383
+
384
+ /**
385
  * Send JSON request to servers
386
  * @param $msg
387
  * @return boolean|\CleantalkResponse
407
  $url = $url . $this->api_version;
408
  }
409
 
 
410
  $result = false;
411
  $curl_error = null;
412
 
517
 
518
  return $response;
519
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
520
  }
lib/CleantalkAPI.php CHANGED
@@ -1,363 +1,7 @@
1
  <?php
2
 
3
- class CleantalkAPI
4
- {
5
- const URL = 'https://api.cleantalk.org';
6
-
7
- /**
8
- * Wrapper for sfw_logs API method
9
- * @param integer connect timeout
10
- * @return type
11
- * returns mixed STRING || array('error' => true, 'error_string' => STRING)
12
- */
13
- static public function method__sfw_logs($api_key, $data, $do_check = true){
14
-
15
- $request = array(
16
- 'auth_key' => $api_key,
17
- 'method_name' => 'sfw_logs',
18
- 'data' => json_encode($data),
19
- 'rows' => count($data),
20
- 'timestamp' => time()
21
- );
22
-
23
- $result = self::send_request($request);
24
- $result = $do_check ? self::check_response($result, 'sfw_logs') : $result;
25
-
26
- return $result;
27
- }
28
-
29
- /**
30
- * Function gets spam report
31
- *
32
- * @param string website host
33
- * @param integer report days
34
- * @return type
35
- */
36
- static public function method__spam_check_cms($api_key, $data, $date = null, $do_check = true)
37
- {
38
- $request=Array(
39
- 'method_name' => 'spam_check_cms',
40
- 'auth_key' => $api_key,
41
- 'data' => is_array($data) ? implode(',',$data) : $data,
42
- );
43
-
44
- if($date) $request['date'] = $date;
45
-
46
- $result = self::send_request($request, self::URL, 15);
47
- $result = $do_check ? self::check_response($result, 'spam_check_cms') : $result;
48
-
49
- return $result;
50
- }
51
-
52
- /**
53
- * Function gets spam report
54
- *
55
- * @param string website host
56
- * @param integer report days
57
- * @return type
58
- */
59
- static public function method__spam_check($api_key, $data, $date = null, $do_check = true)
60
- {
61
- $request=Array(
62
- 'method_name' => 'spam_check',
63
- 'auth_key' => $api_key,
64
- 'data' => is_array($data) ? implode(',',$data) : $data,
65
- );
66
-
67
- if($date) $request['date'] = $date;
68
-
69
- $result = self::send_request($request, self::URL, 15);
70
- $result = $do_check ? self::check_response($result, 'spam_check') : $result;
71
-
72
- return $result;
73
- }
74
-
75
- /**
76
- * Wrapper for 2s_blacklists_db API method
77
- *
78
- * @param type $api_key
79
- * @param type $out Data output type (JSON or file URL)
80
- * @param type $do_check
81
- * @returns mixed STRING || array('error' => true, 'error_string' => STRING)
82
- */
83
- static public function method__get_2s_blacklists_db($api_key, $out = null, $do_check = true){
84
-
85
- $request = array(
86
- 'method_name' => '2s_blacklists_db',
87
- 'auth_key' => $api_key,
88
- 'out' => $out,
89
- );
90
-
91
- $result = self::send_request($request);
92
- $result = $do_check ? self::check_response($result, '2s_blacklists_db') : $result;
93
-
94
- return $result;
95
- }
96
-
97
- /**
98
- * Function gets access key automatically
99
- *
100
- * @param string website admin email
101
- * @param string website host
102
- * @param string website platform
103
- * @return type
104
- */
105
- static public function method__get_api_key($email, $host, $platform, $timezone = null, $language = null, $ip = null, $white_label = 0, $hoster_api_key = '', $do_check = true)
106
- {
107
- $request = array(
108
- 'method_name' => 'get_api_key',
109
- 'product_name' => 'antispam',
110
- 'email' => $email,
111
- 'website' => $host,
112
- 'platform' => $platform,
113
- 'timezone' => $timezone,
114
- 'http_accept_language' => $language,
115
- 'user_ip' => $ip,
116
- 'hoster_whitelabel' => $white_label,
117
- 'hoster_api_key' => $hoster_api_key,
118
- );
119
-
120
- $result = self::send_request($request);
121
- $result = $do_check ? self::check_response($result, 'get_api_key') : $result;
122
-
123
- return $result;
124
- }
125
-
126
- /**
127
- * Function gets spam report
128
- *
129
- * @param string website host
130
- * @param integer report days
131
- * @return type
132
- */
133
- static public function method__get_antispam_report($host, $period = 1)
134
- {
135
- $request=Array(
136
- 'method_name' => 'get_antispam_report',
137
- 'hostname' => $host,
138
- 'period' => $period
139
- );
140
-
141
- $result = self::send_request($request);
142
- $result = $do_check ? self::check_response($result, 'get_antispam_report') : $result;
143
-
144
- return $result;
145
- }
146
-
147
- /**
148
- * Function gets spam statistics
149
- *
150
- * @param string website host
151
- * @param integer report days
152
- * @return type
153
- */
154
- static public function method__get_antispam_report_breif($api_key, $do_check = true)
155
- {
156
- $request = array(
157
- 'method_name' => 'get_antispam_report_breif',
158
- 'auth_key' => $api_key,
159
- );
160
-
161
- $result = self::send_request($request);
162
- $result = $do_check ? self::check_response($result, 'get_antispam_report_breif') : $result;
163
-
164
- return $result;
165
- }
166
-
167
- /**
168
- * Function gets information about renew notice
169
- *
170
- * @param string api_key
171
- * @return type
172
- */
173
- static public function method__notice_validate_key($api_key, $path_to_cms, $do_check = true)
174
- {
175
- $request = array(
176
- 'method_name' => 'notice_validate_key',
177
- 'auth_key' => $api_key,
178
- 'path_to_cms' => $path_to_cms
179
- );
180
-
181
- $result = self::send_request($request);
182
- $result = $do_check ? self::check_response($result, 'notice_validate_key') : $result;
183
-
184
- return $result;
185
- }
186
-
187
- /**
188
- * Function gets information about renew notice
189
- *
190
- * @param string api_key
191
- * @return type
192
- */
193
- static public function method__notice_paid_till($api_key, $do_check = true)
194
- {
195
- $request = array(
196
- 'method_name' => 'notice_paid_till',
197
- 'auth_key' => $api_key
198
- );
199
-
200
- $result = self::send_request($request);
201
- $result = $do_check ? self::check_response($result, 'notice_paid_till') : $result;
202
-
203
- return $result;
204
- }
205
-
206
- static public function method__security_logs($api_key, $data, $do_check = true)
207
- {
208
- $request = array(
209
- 'auth_key' => $api_key,
210
- 'method_name' => 'security_logs',
211
- 'timestamp' => current_time('timestamp'),
212
- 'data' => json_encode($data),
213
- 'rows' => count($data),
214
- );
215
-
216
- $result = self::send_request($request);
217
- $result = $do_check ? self::check_response($result) : $result;
218
-
219
- return $result;
220
- }
221
-
222
- static public function method__security_logs__sendFWData($api_key, $data, $do_check = true){
223
-
224
- $request = array(
225
- 'auth_key' => $api_key,
226
- 'method_name' => 'security_logs',
227
- 'timestamp' => current_time('timestamp'),
228
- 'data_fw' => json_encode($data),
229
- 'rows_fw' => count($data),
230
- );
231
-
232
- $result = self::send_request($request);
233
- $result = $do_check ? self::check_response($result) : $result;
234
-
235
- return $result;
236
- }
237
-
238
- static public function method__security_logs__feedback($api_key, $do_check = true)
239
- {
240
- $request = array(
241
- 'auth_key' => $api_key,
242
- 'method_name' => 'security_logs',
243
- 'data' => '0',
244
- );
245
-
246
- $result = self::send_request($request);
247
- $result = $do_check ? self::check_response($result) : $result;
248
-
249
- return $result;
250
- }
251
-
252
- static public function method__security_firewall_data($api_key, $do_check = true){
253
-
254
- $request = array(
255
- 'auth_key' => $api_key,
256
- 'method_name' => 'security_firewall_data',
257
- );
258
-
259
- $result = self::send_request($request);
260
- $result = $do_check ? self::check_response($result) : $result;
261
-
262
- return $result;
263
- }
264
-
265
- static public function method__security_firewall_data_file($api_key, $do_check = true){
266
-
267
- $request = array(
268
- 'auth_key' => $api_key,
269
- 'method_name' => 'security_firewall_data_file',
270
- );
271
-
272
- $result = self::send_request($request);
273
- $result = $do_check ? self::check_response($result) : $result;
274
-
275
- return $result;
276
- }
277
-
278
- static public function method__security_linksscan_logs($api_key, $scan_time, $scan_result, $links_total, $links_list, $do_check = true)
279
- {
280
- $request = array(
281
- 'auth_key' => $api_key,
282
- 'method_name' => 'security_linksscan_logs',
283
- 'started' => $scan_time,
284
- 'result' => $scan_result,
285
- 'total_links_found' => $links_total,
286
- 'links_list' => $links_list,
287
- );
288
-
289
- $result = self::send_request($request);
290
- $result = $do_check ? self::check_response($result) : $result;
291
-
292
- return $result;
293
- }
294
-
295
- static public function method__security_mscan_logs($api_key, $service_id, $scan_time, $scan_result, $scanned_total, $modified, $unknown, $do_check = true)
296
- {
297
- $request = array(
298
- 'method_name' => 'security_mscan_logs',
299
- 'auth_key' => $api_key,
300
- 'service_id' => $service_id,
301
- 'started' => $scan_time,
302
- 'result' => $scan_result,
303
- 'total_core_files' => $scanned_total,
304
- );
305
-
306
- if(!empty($modified)){
307
- $request['failed_files'] = json_encode($modified);
308
- $request['failed_files_rows'] = count($modified);
309
- }
310
- if(!empty($unknown)){
311
- $request['unknown_files'] = json_encode($unknown);
312
- $request['unknown_files_rows'] = count($unknown);
313
- }
314
-
315
- $result = self::send_request($request);
316
- $result = $do_check ? self::check_response($result) : $result;
317
-
318
- return $result;
319
- }
320
-
321
- static public function method__security_mscan_files($api_key, $file_path, $file, $file_md5, $weak_spots, $do_check = true)
322
- {
323
- $request = array(
324
- 'method_name' => 'security_mscan_files',
325
- 'auth_key' => $api_key,
326
- 'path_to_sfile' => $file_path,
327
- 'attached_sfile' => $file,
328
- 'md5sum_sfile' => $file_md5,
329
- 'dangerous_code' => $weak_spots,
330
- );
331
-
332
- $result = self::send_request($request);
333
- $result = $do_check ? self::check_response($result) : $result;
334
-
335
- return $result;
336
- }
337
-
338
- /**
339
- * Function gets spam domains report
340
- *
341
- * @param string api key
342
- * @param integer report days
343
- * @return type
344
- */
345
- static public function method__backlinks_check_cms($api_key, $data, $date = null, $do_check = true)
346
- {
347
- $request = array(
348
- 'method_name' => 'backlinks_check_cms',
349
- 'auth_key' => $api_key,
350
- 'data' => is_array($data) ? implode(',',$data) : $data,
351
- );
352
-
353
- if($date) $request['date'] = $date;
354
-
355
- $result = self::send_request($request);
356
- $result = $do_check ? self::check_response($result, 'backlinks_check_cms') : $result;
357
-
358
- return $result;
359
- }
360
-
361
  /**
362
  * Function sends raw request to API server
363
  *
@@ -375,12 +19,10 @@ class CleantalkAPI
375
  $url = defined('CLEANTALK_API_URL') ? CLEANTALK_API_URL : $url;
376
 
377
  // Adding agent version to data
378
- if(defined('CLEANTALK_AGENT'))
379
- $data['agent'] = CLEANTALK_AGENT;
380
 
381
  if($apbct->settings['use_buitin_http_api']){
382
 
383
-
384
  $args = array(
385
  'body' => $data,
386
  'timeout' => $timeout,
@@ -395,155 +37,14 @@ class CleantalkAPI
395
  }else{
396
  $result = wp_remote_retrieve_body($result);
397
  }
398
-
399
- }else{
400
-
401
- // Make URL string
402
- $data_string = http_build_query($data);
403
- $data_string = str_replace("&amp;", "&", $data_string);
404
-
405
- // For debug purposes
406
- global $apbct_debug;
407
- $apbct_debug['sent_data'] = $data;
408
- $apbct_debug['request_string'] = $data_string;
409
-
410
- if (function_exists('curl_init')){
411
-
412
- $ch = curl_init();
413
-
414
- // Set diff options
415
- curl_setopt($ch, CURLOPT_URL, $url);
416
- curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);
417
- curl_setopt($ch, CURLOPT_POST, true);
418
- curl_setopt($ch, CURLOPT_POSTFIELDS, $data_string);
419
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
420
- curl_setopt($ch, CURLOPT_HTTPHEADER, array('Expect:'));
421
-
422
- // Switch on/off SSL
423
- if ($ssl === true) {
424
- curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
425
- curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
426
- curl_setopt($ch, CURLOPT_CAINFO, APBCT_CASERT_PATH);
427
- }else{
428
- curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
429
- curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
430
- }
431
-
432
- // Make a request
433
- $result = curl_exec($ch);
434
- $errors = curl_error($ch);
435
- curl_close($ch);
436
-
437
- // Get cURL error if result failed
438
- if($result === false){
439
-
440
- // And retry with SSL enabled
441
- if($ssl === false)
442
- return self::send_request($data, $url, $timeout, true);
443
-
444
- }
445
-
446
- }else
447
- $errors = 'CURL_NOT_INSTALLED';
448
- }
449
-
450
- // Trying to use file_get_contents() to make a API call
451
- if(!empty($errors) && ini_get('allow_url_fopen')){
452
-
453
- $opts = array(
454
- 'http'=>array(
455
- 'method' => "POST",
456
- 'timeout' => $timeout,
457
- 'content' => $data_string,
458
- )
459
- );
460
- $context = stream_context_create($opts);
461
- $result = @file_get_contents($url, 0, $context);
462
-
463
- }elseif(!ini_get('allow_url_fopen'))
464
- $errors .= '_AND_ALLOW_URL_FOPEN_IS_DISABLED';
465
-
466
- if(empty($result) && !empty($errors))
467
- return json_encode(array('error' => true, 'error_string' => $errors));
468
-
469
- return $result;
470
- }
471
-
472
- /**
473
- * Function checks server response
474
- *
475
- * @param string result
476
- * @param string request_method
477
- * @return mixed (array || array('error' => true))
478
- */
479
- static public function check_response($result, $method_name = null)
480
- {
481
-
482
- $out = array();
483
-
484
- // Errors handling
485
-
486
- // Bad connection
487
- if(empty($result)){
488
- $out = array(
489
- 'error' => true,
490
- 'error_string' => 'CONNECTION_ERROR'
491
- );
492
- }
493
-
494
- // JSON decode errors
495
- $result = json_decode($result, true);
496
- if(empty($result)){
497
- $out = array(
498
- 'error' => true,
499
- 'error_string' => 'JSON_DECODE_ERROR'
500
- );
501
- }
502
-
503
- // cURL error
504
- if(!empty($result['error'])){
505
- $out = array(
506
- 'error' => true,
507
- 'error_string' => 'CONNECTION_ERROR: ' . $result['error_string'],
508
- );
509
- }
510
-
511
- // Server errors
512
- if($result && (isset($result['error_no']) || isset($result['error_message']))){
513
- $out = array(
514
- 'error' => true,
515
- 'error_string' => "SERVER_ERROR NO: {$result['error_no']} MSG: {$result['error_message']}",
516
- 'error_no' => $result['error_no'],
517
- 'error_message' => $result['error_message']
518
- );
519
- }
520
-
521
- // Pathces for different methods
522
- if(empty($out['error'])){
523
-
524
- // mehod_name = notice_validate_key
525
- if($method_name == 'notice_validate_key' && isset($result['valid']))
526
- $out = $result;
527
-
528
- // Other methods
529
- if(isset($result['data']) && is_array($result['data'])){
530
- $out = $result['data'];
531
- }
532
- }
533
-
534
- // mehod_name = get_antispam_report_breif
535
- if($method_name == 'get_antispam_report_breif'){
536
-
537
- for($tmp = array(), $i = 0; $i < 7; $i++){
538
- $tmp[date('Y-m-d', time() - 86400 * 7 + 86400 * $i)] = 0;
539
- }
540
-
541
- $out['spam_stat'] = (array) array_merge( $tmp, isset($out['spam_stat']) ? $out['spam_stat'] : array() );
542
- $out['top5_spam_ip'] = isset($out['top5_spam_ip']) ? $out['top5_spam_ip'] : array();
543
-
544
- }
545
-
546
- return $out;
547
-
548
  }
549
- }
1
  <?php
2
 
3
+ class CleantalkAPI extends CleantalkAPI_base
4
+ {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
5
  /**
6
  * Function sends raw request to API server
7
  *
19
  $url = defined('CLEANTALK_API_URL') ? CLEANTALK_API_URL : $url;
20
 
21
  // Adding agent version to data
22
+ $data['agent'] = defined('CLEANTALK_AGENT') ? CLEANTALK_AGENT : self::AGENT;
 
23
 
24
  if($apbct->settings['use_buitin_http_api']){
25
 
 
26
  $args = array(
27
  'body' => $data,
28
  'timeout' => $timeout,
37
  }else{
38
  $result = wp_remote_retrieve_body($result);
39
  }
40
+
41
+ // Call CURL version if disabled
42
+ }else
43
+ $result = parent::send_request($data, $url, $timeout, $ssl);
44
+
45
+ if(empty($result) || !empty($errors))
46
+ return array('error' => true, 'error_string' => $errors);
47
+ else
48
+ return $result;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
49
  }
50
+ }
lib/CleantalkAPI_base.php ADDED
@@ -0,0 +1,602 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ class CleantalkAPI_base
4
+ {
5
+ const URL = 'https://api.cleantalk.org';
6
+ const AGENT = 'apbct-api-2.0';
7
+
8
+ /**
9
+ * Wrapper for 2s_blacklists_db API method
10
+ *
11
+ * @param type $api_key
12
+ * @param type $out Data output type (JSON or file URL)
13
+ * @param type $do_check
14
+ * @returns mixed STRING || array('error' => true, 'error_string' => STRING)
15
+ */
16
+ static public function method__get_2s_blacklists_db($api_key, $out = null, $do_check = true){
17
+
18
+ $request = array(
19
+ 'method_name' => '2s_blacklists_db',
20
+ 'auth_key' => $api_key,
21
+ 'out' => $out,
22
+ );
23
+
24
+ $result = self::send_request($request);
25
+ $result = $do_check ? self::check_response($result, '2s_blacklists_db') : $result;
26
+
27
+ return $result;
28
+ }
29
+
30
+ /**
31
+ * Function gets access key automatically
32
+ *
33
+ * @param string website admin email
34
+ * @param string website host
35
+ * @param string website platform
36
+ * @return type
37
+ */
38
+ static public function method__get_api_key($email, $website, $platform, $timezone = null, $language = null, $user_ip = null, $wpms = false, $white_label = 0, $hoster_api_key = '', $do_check = true)
39
+ {
40
+ $request = array(
41
+ 'method_name' => 'get_api_key',
42
+ 'product_name' => 'antispam',
43
+ 'email' => $email,
44
+ 'website' => $website,
45
+ 'platform' => $platform,
46
+ 'timezone' => $timezone,
47
+ 'http_accept_language' => $language,
48
+ 'user_ip' => $user_ip,
49
+ 'wpms_setup' => $wpms,
50
+ 'hoster_whitelabel' => $white_label,
51
+ 'hoster_api_key' => $hoster_api_key,
52
+ );
53
+
54
+ $result = self::send_request($request);
55
+ $result = $do_check ? self::check_response($result, 'get_api_key') : $result;
56
+
57
+ return $result;
58
+ }
59
+
60
+ /**
61
+ * Function gets spam report
62
+ *
63
+ * @param string website host
64
+ * @param integer report days
65
+ * @return type
66
+ */
67
+ static public function method__get_antispam_report($host, $period = 1)
68
+ {
69
+ $request=Array(
70
+ 'method_name' => 'get_antispam_report',
71
+ 'hostname' => $host,
72
+ 'period' => $period
73
+ );
74
+
75
+ $result = self::send_request($request);
76
+ $result = $do_check ? self::check_response($result, 'get_antispam_report') : $result;
77
+
78
+ return $result;
79
+ }
80
+
81
+ /**
82
+ * Function gets spam statistics
83
+ *
84
+ * @param string website host
85
+ * @param integer report days
86
+ * @return type
87
+ */
88
+ static public function method__get_antispam_report_breif($api_key, $do_check = true)
89
+ {
90
+ $request = array(
91
+ 'method_name' => 'get_antispam_report_breif',
92
+ 'auth_key' => $api_key,
93
+ );
94
+
95
+ $result = self::send_request($request);
96
+ $result = $do_check ? self::check_response($result, 'get_antispam_report_breif') : $result;
97
+
98
+ return $result;
99
+ }
100
+
101
+ /**
102
+ * Function gets information about renew notice
103
+ *
104
+ * @param string api_key
105
+ * @return type
106
+ */
107
+ static public function method__notice_validate_key($api_key, $path_to_cms, $do_check = true)
108
+ {
109
+ $request = array(
110
+ 'method_name' => 'notice_validate_key',
111
+ 'auth_key' => $api_key,
112
+ 'path_to_cms' => $path_to_cms
113
+ );
114
+
115
+ $result = self::send_request($request);
116
+ $result = $do_check ? self::check_response($result, 'notice_validate_key') : $result;
117
+
118
+ return $result;
119
+ }
120
+
121
+ /**
122
+ * Function gets information about renew notice
123
+ *
124
+ * @param string api_key
125
+ * @return type
126
+ */
127
+ static public function method__notice_paid_till($api_key, $do_check = true)
128
+ {
129
+ $request = array(
130
+ 'method_name' => 'notice_paid_till',
131
+ 'auth_key' => $api_key
132
+ );
133
+
134
+ $result = self::send_request($request);
135
+ $result = $do_check ? self::check_response($result, 'notice_paid_till') : $result;
136
+
137
+ return $result;
138
+ }
139
+
140
+ static public function method__ip_info($data, $do_check = true)
141
+ {
142
+ $request = array(
143
+ 'method_name' => 'ip_info',
144
+ 'data' => $data
145
+ );
146
+
147
+ $result = self::send_request($request);
148
+ $result = $do_check ? self::check_response($result, 'ip_info') : $result;
149
+ return $result;
150
+ }
151
+
152
+ /**
153
+ * Function gets spam report
154
+ *
155
+ * @param string website host
156
+ * @param integer report days
157
+ * @return type
158
+ */
159
+ static public function method__spam_check_cms($api_key, $data, $date = null, $do_check = true)
160
+ {
161
+ $request=Array(
162
+ 'method_name' => 'spam_check_cms',
163
+ 'auth_key' => $api_key,
164
+ 'data' => is_array($data) ? implode(',',$data) : $data,
165
+ );
166
+
167
+ if($date) $request['date'] = $date;
168
+
169
+ $result = self::send_request($request, self::URL, 10);
170
+ $result = $do_check ? self::check_response($result, 'spam_check_cms') : $result;
171
+
172
+ return $result;
173
+ }
174
+
175
+ /**
176
+ * Function gets spam report
177
+ *
178
+ * @param string website host
179
+ * @param integer report days
180
+ * @return type
181
+ */
182
+ static public function method__spam_check($api_key, $data, $date = null, $do_check = true)
183
+ {
184
+ $request=Array(
185
+ 'method_name' => 'spam_check',
186
+ 'auth_key' => $api_key,
187
+ 'data' => is_array($data) ? implode(',',$data) : $data,
188
+ );
189
+
190
+ if($date) $request['date'] = $date;
191
+
192
+ $result = self::send_request($request, self::URL, 10);
193
+ $result = $do_check ? self::check_response($result, 'spam_check') : $result;
194
+
195
+ return $result;
196
+ }
197
+
198
+ /**
199
+ * Wrapper for sfw_logs API method
200
+ * @param integer connect timeout
201
+ * @return type
202
+ * returns mixed STRING || array('error' => true, 'error_string' => STRING)
203
+ */
204
+ static public function method__sfw_logs($api_key, $data, $do_check = true){
205
+
206
+ $request = array(
207
+ 'auth_key' => $api_key,
208
+ 'method_name' => 'sfw_logs',
209
+ 'data' => json_encode($data),
210
+ 'rows' => count($data),
211
+ 'timestamp' => time()
212
+ );
213
+
214
+ $result = self::send_request($request);
215
+ $result = $do_check ? self::check_response($result, 'sfw_logs') : $result;
216
+
217
+ return $result;
218
+ }
219
+
220
+ static public function method__security_logs($api_key, $data, $do_check = true)
221
+ {
222
+ $request = array(
223
+ 'auth_key' => $api_key,
224
+ 'method_name' => 'security_logs',
225
+ 'timestamp' => current_time('timestamp'),
226
+ 'data' => json_encode($data),
227
+ 'rows' => count($data),
228
+ );
229
+
230
+ $result = self::send_request($request);
231
+ $result = $do_check ? self::check_response($result, 'security_logs') : $result;
232
+
233
+ return $result;
234
+ }
235
+
236
+ static public function method__security_logs__sendFWData($api_key, $data, $do_check = true){
237
+
238
+ $request = array(
239
+ 'auth_key' => $api_key,
240
+ 'method_name' => 'security_logs',
241
+ 'timestamp' => current_time('timestamp'),
242
+ 'data_fw' => json_encode($data),
243
+ 'rows_fw' => count($data),
244
+ );
245
+
246
+ $result = self::send_request($request);
247
+ $result = $do_check ? self::check_response($result, 'security_logs') : $result;
248
+
249
+ return $result;
250
+ }
251
+
252
+ static public function method__security_logs__feedback($api_key, $do_check = true)
253
+ {
254
+ $request = array(
255
+ 'auth_key' => $api_key,
256
+ 'method_name' => 'security_logs',
257
+ 'data' => '0',
258
+ );
259
+
260
+ $result = self::send_request($request);
261
+ $result = $do_check ? self::check_response($result, 'security_logs') : $result;
262
+
263
+ return $result;
264
+ }
265
+
266
+ static public function method__security_firewall_data($api_key, $do_check = true){
267
+
268
+ $request = array(
269
+ 'auth_key' => $api_key,
270
+ 'method_name' => 'security_firewall_data',
271
+ );
272
+
273
+ $result = self::send_request($request);
274
+ $result = $do_check ? self::check_response($result, 'security_firewall_data') : $result;
275
+
276
+ return $result;
277
+ }
278
+
279
+ static public function method__security_firewall_data_file($api_key, $do_check = true){
280
+
281
+ $request = array(
282
+ 'auth_key' => $api_key,
283
+ 'method_name' => 'security_firewall_data_file',
284
+ );
285
+
286
+ $result = self::send_request($request);
287
+ $result = $do_check ? self::check_response($result, 'security_firewall_data_file') : $result;
288
+
289
+ return $result;
290
+ }
291
+
292
+ static public function method__security_linksscan_logs($api_key, $scan_time, $scan_result, $links_total, $links_list, $do_check = true)
293
+ {
294
+ $request = array(
295
+ 'auth_key' => $api_key,
296
+ 'method_name' => 'security_linksscan_logs',
297
+ 'started' => $scan_time,
298
+ 'result' => $scan_result,
299
+ 'total_links_found' => $links_total,
300
+ 'links_list' => $links_list,
301
+ );
302
+
303
+ $result = self::send_request($request);
304
+ $result = $do_check ? self::check_response($result, 'security_linksscan_logs') : $result;
305
+
306
+ return $result;
307
+ }
308
+
309
+ static public function method__security_mscan_logs($api_key, $service_id, $scan_time, $scan_result, $scanned_total, $modified, $unknown, $do_check = true)
310
+ {
311
+ $request = array(
312
+ 'method_name' => 'security_mscan_logs',
313
+ 'auth_key' => $api_key,
314
+ 'service_id' => $service_id,
315
+ 'started' => $scan_time,
316
+ 'result' => $scan_result,
317
+ 'total_core_files' => $scanned_total,
318
+ );
319
+
320
+ if(!empty($modified)){
321
+ $request['failed_files'] = json_encode($modified);
322
+ $request['failed_files_rows'] = count($modified);
323
+ }
324
+ if(!empty($unknown)){
325
+ $request['unknown_files'] = json_encode($unknown);
326
+ $request['unknown_files_rows'] = count($unknown);
327
+ }
328
+
329
+ $result = self::send_request($request);
330
+ $result = $do_check ? self::check_response($result, 'security_mscan_logs') : $result;
331
+
332
+ return $result;
333
+ }
334
+
335
+ static public function method__security_mscan_files($api_key, $file_path, $file, $file_md5, $weak_spots, $do_check = true)
336
+ {
337
+ $request = array(
338
+ 'method_name' => 'security_mscan_files',
339
+ 'auth_key' => $api_key,
340
+ 'path_to_sfile' => $file_path,
341
+ 'attached_sfile' => $file,
342
+ 'md5sum_sfile' => $file_md5,
343
+ 'dangerous_code' => $weak_spots,
344
+ );
345
+
346
+ $result = self::send_request($request);
347
+ $result = $do_check ? self::check_response($result, 'security_mscan_files') : $result;
348
+
349
+ return $result;
350
+ }
351
+
352
+ /**
353
+ * Function gets spam domains report
354
+ *
355
+ * @param string api key
356
+ * @param integer report days
357
+ * @return type
358
+ */
359
+ static public function method__backlinks_check_cms($api_key, $data, $date = null, $do_check = true)
360
+ {
361
+ $request = array(
362
+ 'method_name' => 'backlinks_check_cms',
363
+ 'auth_key' => $api_key,
364
+ 'data' => is_array($data) ? implode(',',$data) : $data,
365
+ );
366
+
367
+ if($date) $request['date'] = $date;
368
+
369
+ $result = self::send_request($request);
370
+ $result = $do_check ? self::check_response($result, 'backlinks_check_cms') : $result;
371
+
372
+ return $result;
373
+ }
374
+
375
+ /**
376
+ * Function gets spam domains report
377
+ *
378
+ * @param string api_key
379
+ * @param array logs
380
+ * @param bool do_check
381
+ * @return type
382
+ */
383
+ static public function method__security_backend_logs($api_key, $logs, $do_check = true)
384
+ {
385
+ $request = array(
386
+ 'method_name' => 'security_backend_logs',
387
+ 'auth_key' => $api_key,
388
+ 'logs' => json_encode($logs),
389
+ 'total_logs' => count($logs),
390
+ );
391
+
392
+ $result = self::send_request($request);
393
+ $result = $do_check ? self::check_response($result, 'security_backend_logs') : $result;
394
+
395
+ return $result;
396
+ }
397
+
398
+ /**
399
+ * Sends data about auto repairs
400
+ *
401
+ * @param type $api_key
402
+ * @param type $repair_result
403
+ * @param type $repair_comment
404
+ * @param type $repaired_processed_files
405
+ * @param type $repaired_total_files_proccessed
406
+ * @param type $backup_id
407
+ * @param type $do_check
408
+ * @return type
409
+ */
410
+ static public function method__security_mscan_repairs($api_key, $repair_result, $repair_comment, $repaired_processed_files, $repaired_total_files_proccessed, $backup_id, $do_check = true)
411
+ {
412
+ $request = array(
413
+ 'method_name' => 'security_mscan_repairs',
414
+ 'auth_key' => $api_key,
415
+ 'repair_result' => $repair_result,
416
+ 'repair_comment' => $repair_comment,
417
+ 'repair_proccessed_files' => json_encode($repaired_processed_files),
418
+ 'repair_total_files_proccessed' => $repaired_total_files_proccessed,
419
+ 'backup_id' => $backup_id
420
+ );
421
+
422
+ $result = self::send_request($request);
423
+ $result = $do_check ? self::check_response($result, 'security_mscan_repairs') : $result;
424
+
425
+ return $result;
426
+ }
427
+
428
+ /**
429
+ * Force server to update checksums for specific plugin\theme
430
+ *
431
+ * @param type $api_key
432
+ * @param type $plugins_and_themes_to_refresh
433
+ * @param type $do_check
434
+ * @return type
435
+ */
436
+ static public function method__request_checksums($api_key, $plugins_and_themes_to_refresh, $do_check = true)
437
+ {
438
+ $request = array(
439
+ 'method_name' => 'request_checksums',
440
+ 'auth_key' => $api_key,
441
+ 'data' => $plugins_and_themes_to_refresh
442
+ );
443
+
444
+ $result = self::send_request($request);
445
+ $result = $do_check ? self::check_response($result, 'request_checksums') : $result;
446
+
447
+ return $result;
448
+ }
449
+
450
+ /**
451
+ * Function sends raw request to API server
452
+ *
453
+ * @param string url of API server
454
+ * @param array data to send
455
+ * @param boolean is data have to be JSON encoded or not
456
+ * @param integer connect timeout
457
+ * @return type
458
+ */
459
+ static public function send_request($data, $url = self::URL, $timeout = 5, $ssl = false)
460
+ {
461
+ // Possibility to switch API url
462
+ $url = defined('CLEANTALK_API_URL') ? CLEANTALK_API_URL : $url;
463
+
464
+ // Adding agent version to data
465
+ $data['agent'] = defined('CLEANTALK_AGENT') ? CLEANTALK_AGENT : self::AGENT;
466
+
467
+ // Make URL string
468
+ $data_string = http_build_query($data);
469
+ $data_string = str_replace("&amp;", "&", $data_string);
470
+
471
+ // For debug purposes
472
+ if(defined('CLEANTALK_DEBUG') && CLEANTALK_DEBUG){
473
+ global $apbct_debug;
474
+ $apbct_debug['sent_data'] = $data;
475
+ $apbct_debug['request_string'] = $data_string;
476
+ }
477
+
478
+ if (function_exists('curl_init')){
479
+
480
+ $ch = curl_init();
481
+
482
+ // Set diff options
483
+ curl_setopt($ch, CURLOPT_URL, $url);
484
+ curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);
485
+ curl_setopt($ch, CURLOPT_POST, true);
486
+ curl_setopt($ch, CURLOPT_POSTFIELDS, $data_string);
487
+ curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
488
+ curl_setopt($ch, CURLOPT_HTTPHEADER, array('Expect:'));
489
+
490
+ // Switch on/off SSL
491
+ if ($ssl === true) {
492
+ curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
493
+ curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
494
+ curl_setopt($ch, CURLOPT_CAINFO, APBCT_CASERT_PATH);
495
+ }else{
496
+ curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
497
+ curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
498
+ }
499
+
500
+ // Make a request
501
+ $result = curl_exec($ch);
502
+ $errors = curl_error($ch);
503
+ curl_close($ch);
504
+
505
+ // Retry with SSL enabled if failed
506
+ if($result === false)
507
+ if($ssl === false)
508
+ return self::send_request($data, $url, $timeout, true);
509
+
510
+ }else
511
+ $errors = 'CURL_NOT_INSTALLED';
512
+
513
+ // Trying to use file_get_contents() to make a API call
514
+ if(!empty($errors)){
515
+ if(ini_get('allow_url_fopen')){
516
+ $opts = array(
517
+ 'http'=>array(
518
+ 'method' => "POST",
519
+ 'timeout' => $timeout,
520
+ 'content' => $data_string,
521
+ )
522
+ );
523
+ $context = stream_context_create($opts);
524
+ $result = @file_get_contents($url, 0, $context);
525
+ if($result === false)
526
+ $errors .= '_FAILED_TO_USE_FILE_GET_CONTENTS';
527
+ }else
528
+ $errors .= '_AND_ALLOW_URL_FOPEN_IS_DISABLED';
529
+ }
530
+
531
+ if(empty($result) || !empty($errors))
532
+ return array('error' => true, 'error_string' => $errors);
533
+ else
534
+ return $result;
535
+ }
536
+
537
+ /**
538
+ * Function checks server response
539
+ *
540
+ * @param string result
541
+ * @param string request_method
542
+ * @return mixed (array || array('error' => true))
543
+ */
544
+ static public function check_response($result, $method_name = null)
545
+ {
546
+ // Errors handling
547
+ // Bad connection
548
+ if(is_array($result) && isset($result['error'])){
549
+ return array(
550
+ 'error' => true,
551
+ 'error_string' => 'CONNECTION_ERROR: ' . (isset($result['error_string']) ? ' '.$result['error_string'] : ''),
552
+ );
553
+ }
554
+
555
+ // JSON decode errors
556
+ $result = json_decode($result, true);
557
+ if(empty($result)){
558
+ return array(
559
+ 'error' => true,
560
+ 'error_string' => 'JSON_DECODE_ERROR'
561
+ );
562
+ }
563
+
564
+ // Server errors
565
+ if($result && (isset($result['error_no']) || isset($result['error_message']))){
566
+ return array(
567
+ 'error' => true,
568
+ 'error_string' => "SERVER_ERROR NO: {$result['error_no']} MSG: {$result['error_message']}",
569
+ 'error_no' => $result['error_no'],
570
+ 'error_message' => $result['error_message']
571
+ );
572
+ }
573
+
574
+ $out = array();
575
+ // Pathces for different methods
576
+ switch ($method_name) {
577
+
578
+ // notice_validate_key
579
+ case 'notice_validate_key':
580
+ $out = isset($result['valid']) ? $result : 'NO_VALID_VALUE';
581
+ break;
582
+
583
+ // get_antispam_report_breif
584
+ case 'get_antispam_report_breif':
585
+ for($tmp = array(), $i = 0; $i < 7; $i++){
586
+ $tmp[date('Y-m-d', time() - 86400 * 7 + 86400 * $i)] = 0;
587
+ }
588
+ $out['spam_stat'] = (array) array_merge( $tmp, isset($out['spam_stat']) ? $out['spam_stat'] : array() );
589
+ $out['top5_spam_ip'] = isset($out['top5_spam_ip']) ? $out['top5_spam_ip'] : array();
590
+ break;
591
+
592
+ default:
593
+ $out = isset($result['data']) && is_array($result['data'])
594
+ ? $result['data']
595
+ : array('error' => true, 'error_string' => 'NO_DATA');
596
+ break;
597
+ }
598
+
599
+ return $out;
600
+
601
+ }
602
+ }
lib/CleantalkHelper.php CHANGED
@@ -1,140 +1,220 @@
1
  <?php
2
 
 
 
 
 
 
 
 
 
 
 
 
 
 
3
  class CleantalkHelper
4
  {
5
- private static $private_networks = array(
6
- '10.0.0.0/8',
7
- '100.64.0.0/10',
8
- '172.16.0.0/12',
9
- '192.168.0.0/16',
10
- '127.0.0.1/32',
 
 
 
 
 
 
11
  );
12
 
13
  /*
14
  * Getting arrays of IP (REMOTE_ADDR, X-Forwarded-For, X-Real-Ip, Cf_Connecting_Ip)
15
  * reutrns array('remote_addr' => 'val', ['x_forwarded_for' => 'val', ['x_real_ip' => 'val', ['cloud_flare' => 'val']]])
16
  */
17
- static public function ip_get($ips_input = array('real', 'remote_addr', 'x_forwarded_for', 'x_real_ip', 'cloud_flare'), $v4_only = true)
18
  {
19
- $ips = array();
20
- foreach($ips_input as $ip_type){
21
- $ips[$ip_type] = '';
22
- } unset($ip_type);
23
-
24
  $headers = apache_request_headers();
25
 
26
  // REMOTE_ADDR
27
  if(isset($ips['remote_addr'])){
28
- $ips['remote_addr'] = $_SERVER['REMOTE_ADDR'];
 
 
 
29
  }
30
 
31
  // X-Forwarded-For
32
  if(isset($ips['x_forwarded_for'])){
33
  if(isset($headers['X-Forwarded-For'])){
34
  $tmp = explode(",", trim($headers['X-Forwarded-For']));
35
- $ips['x_forwarded_for']= trim($tmp[0]);
 
 
 
 
36
  }
37
  }
38
 
39
  // X-Real-Ip
40
  if(isset($ips['x_real_ip'])){
41
  if(isset($headers['X-Real-Ip'])){
42
- $tmp = explode(",", trim($headers['X-Real-Ip']));
43
- $ips['x_real_ip']= trim($tmp[0]);
 
 
 
 
44
  }
45
  }
46
 
47
  // Cloud Flare
48
  if(isset($ips['cloud_flare'])){
49
  if(isset($headers['Cf-Connecting-Ip'], $headers['Cf-Ipcountry'], $headers['Cf-Ray'])){
50
- // if(self::ip_mask_match($ips['remote_addr'], self::$cdn_pool['cloud_flare']['ipv4'])){
51
- $ips['cloud_flare'] = $headers['Cf-Connecting-Ip'];
 
 
 
52
  }
53
  }
54
 
55
  // Getting real IP from REMOTE_ADDR or Cf_Connecting_Ip if set or from (X-Forwarded-For, X-Real-Ip) if REMOTE_ADDR is local.
56
  if(isset($ips['real'])){
57
 
58
- $ips['real'] = $_SERVER['REMOTE_ADDR'];
 
 
 
59
 
60
  // Cloud Flare
61
  if(isset($headers['Cf-Connecting-Ip'], $headers['Cf-Ipcountry'], $headers['Cf-Ray'])){
62
- // if(self::ip_mask_match($ips['real'], self::$cdn_pool['cloud_flare']['ipv4'])){
63
- $ips['real'] = $headers['Cf-Connecting-Ip'];
64
-
 
65
  // Sucury
66
  }elseif(isset($headers['X-Sucuri-Clientip'], $headers['X-Sucuri-Country'])){
67
- $ips['real'] = $headers['X-Sucuri-Clientip'];
 
 
68
 
69
  // OVH
70
  }elseif(isset($headers['X-Cdn-Any-Ip'], $headers['Remote-Ip'])){
71
- $ips['real'] = $headers['Remote-Ip'];
 
 
72
 
73
  // Incapsula proxy
74
  }elseif(isset($headers['Incap-Client-Ip'])){
75
- $ips['real'] = $headers['Incap-Client-Ip'];
76
-
 
77
  }
78
 
79
  // Is private network
80
- if(self::ip__is_private_network($ips['real']) || isset($headers['X-Gt-Clientip']) || (isset($_SERVER['SERVER_ADDR']) && $ips['real'] == $_SERVER['SERVER_ADDR'])){
81
 
82
  // X-Forwarded-For
83
  if(isset($headers['X-Forwarded-For'])){
84
  $tmp = explode(",", trim($headers['X-Forwarded-For']));
85
- $ips['real']= trim($tmp[0]);
 
 
 
86
 
87
  // X-Real-Ip
88
  }elseif(isset($headers['X-Real-Ip'])){
89
  $tmp = explode(",", trim($headers['X-Real-Ip']));
90
- $ips['real']= trim($tmp[0]);
91
- }
 
 
 
92
  }
93
  }
94
 
95
  // Validating IPs
96
  $result = array();
97
  foreach($ips as $key => $ip){
98
- if($v4_only){
99
- if(self::ip_validate($ip) == 'v4')
100
- $result[$key] = $ip;
101
- }else{
102
- if(self::ip_validate($ip))
103
- $result[$key] = $ip;
104
  }
105
  }
106
 
107
  $result = array_unique($result);
108
-
109
- return count($ips_input) > 1
110
- ? $result
111
  : (reset($result) !== false
112
  ? reset($result)
113
  : null);
114
  }
115
 
116
- static function ip__is_private_network($ip){
117
- return self::ip_mask_match($ip, self::$private_networks);
118
  }
119
 
120
  /*
121
- * Check if the IP belong to mask. Recursivly if array given
 
 
122
  * @param ip string
123
  * @param cird mixed (string|array of strings)
 
 
124
  */
125
- static public function ip_mask_match($ip, $cidr){
 
126
  if(is_array($cidr)){
127
  foreach($cidr as $curr_mask){
128
- if(self::ip_mask_match($ip, $curr_mask)){
129
  return true;
130
  }
131
  } unset($curr_mask);
132
  return false;
133
  }
134
- $exploded = explode ('/', $cidr);
135
- $net = $exploded[0];
136
- $mask = 4294967295 << (32 - $exploded[1]);
137
- return (ip2long($ip) & $mask) == (ip2long($net) & $mask);
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
138
  }
139
 
140
  /*
@@ -142,12 +222,52 @@ class CleantalkHelper
142
  * param (string) $ip
143
  * returns (string) 'v4' || (string) 'v6' || (bool) false
144
  */
145
- static public function ip_validate($ip)
146
  {
147
- if(!$ip) return false; // NULL || FALSE || '' || so on...
148
- if(filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) && $ip != '0.0.0.0') return 'v4'; // IPv4
149
- if(filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) return 'v6'; // IPv6
150
- return false; // Unknown
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
151
  }
152
 
153
  /**
@@ -159,9 +279,12 @@ class CleantalkHelper
159
  * get - GET-request
160
  * ssl - use SSL
161
  *
162
- * @param string result
163
- * @param string request_method
164
- * @return mixed (array || array('error' => true))
 
 
 
165
  */
166
  static public function http__request($url, $data = array(), $presets = null, $opts = array())
167
  {
@@ -259,108 +382,127 @@ class CleantalkHelper
259
  }
260
 
261
  /**
262
- * Checks if the string is JSON type
263
- * @param string
264
- * @return bool
265
- */
266
- static public function is_json($string)
267
- {
268
- return is_string($string) && is_array(json_decode($string, true)) ? true : false;
 
 
 
 
269
  }
270
-
271
  /**
272
- * Function removing non UTF8 characters from array||string
273
- * @param mixed(array||string)
274
- * @return mixed(array||string)
275
- */
276
- static public function removeNonUTF8FromArray($data)
277
- {
278
- foreach($data as $key => $val){
279
- if(is_array($val)){
280
- $data[$key] = self::removeNonUTF8FromArray($val);
 
 
 
 
 
 
 
 
 
 
 
281
  }else{
282
- $data[$key] = self::removeNonUTF8FromString($val);
283
  }
284
  }
285
- return $data;
286
  }
287
-
288
  /**
289
- * Function removing non UTF8 characters from array||string
290
- * param mixed(array||string)
291
- * return mixed(array||string)
292
- */
293
- public static function removeNonUTF8FromString($data)
 
 
294
  {
295
- if(!preg_match('//u', $data))
296
- $data = 'Nulled. Not UTF8 encoded or malformed.';
 
 
 
 
 
 
 
 
 
297
  return $data;
298
  }
299
-
300
  /**
301
- * Function convert array to UTF8 and removes non UTF8 characters
302
- * param array
303
- * param string
304
- * @return array
305
- */
306
- public static function arrayToUTF8($array, $data_codepage = null)
 
307
  {
308
- foreach($array as $key => $val){
 
 
 
 
309
 
310
- if(is_array($val))
311
- $array[$key] = self::arrayToUTF8($val, $data_codepage);
312
- else
313
- $array[$key] = self::stringToUTF8($val, $data_codepage);
 
 
 
 
314
  }
315
- return $array;
316
  }
317
-
318
- /**
319
- * Merging arrays without reseting numeric keys
320
  *
321
- * @param array $arr1 One-dimentional array
322
- * @param array $arr2 One-dimentional array
323
- * @return array Merged array
324
- */
325
- public static function array_merge__save_numeric_keys($arr1, $arr2){
326
- foreach ($arr2 as $key => $val){
327
- $arr1[$key] = $val;
 
 
 
 
 
 
 
 
 
328
  }
329
- return $arr1;
330
  }
331
 
332
- /**
333
- * Function convert string to UTF8 and removes non UTF8 characters
334
- * param string
335
- * param string
336
- * @return string
337
- */
338
- public static function stringToUTF8($str, $data_codepage = null)
339
- {
340
- if (!preg_match('//u', $str) && function_exists('mb_detect_encoding') && function_exists('mb_convert_encoding')){
341
-
342
- if ($data_codepage !== null)
343
- return mb_convert_encoding($str, 'UTF-8', $data_codepage);
344
-
345
- $encoding = mb_detect_encoding($str);
346
-
347
- if ($encoding)
348
- return mb_convert_encoding($str, 'UTF-8', $encoding);
349
- }
350
- return $str;
351
- }
352
-
353
- /**
354
- * Function convert string from UTF8
355
- * param string
356
- * param string
357
- * @return string
358
- */
359
- public static function stringFromUTF8($str, $data_codepage = null)
360
  {
361
- if(preg_match('u', $str) && function_exists('mb_convert_encoding') && $data_codepage !== null)
362
- return mb_convert_encoding($str, $data_codepage, 'UTF-8');
363
-
364
- return $str;
365
  }
366
  }
1
  <?php
2
 
3
+ /*
4
+ *
5
+ * CleanTalk Cleantalk Antispam Helper class
6
+ *
7
+ * @package Antispam Plugin by CleanTalk
8
+ * @subpackage Helper
9
+ * @Version 2.0
10
+ * @author Cleantalk team (welcome@cleantalk.org)
11
+ * @copyright (C) 2014 CleanTalk team (http://cleantalk.org)
12
+ * @license GNU/GPL: http://www.gnu.org/copyleft/gpl.html
13
+ *
14
+ */
15
+
16
  class CleantalkHelper
17
  {
18
+ public static $private_networks = array(
19
+ 'v4' => array(
20
+ '10.0.0.0/8',
21
+ '100.64.0.0/10',
22
+ '172.16.0.0/12',
23
+ '192.168.0.0/16',
24
+ '127.0.0.1/32',
25
+ ),
26
+ 'v6' => array(
27
+ '0:0:0:0:0:0:0:1/128', // localhost
28
+ '0:0:0:0:0:0:a:1/128', // ::ffff:127.0.0.1
29
+ ),
30
  );
31
 
32
  /*
33
  * Getting arrays of IP (REMOTE_ADDR, X-Forwarded-For, X-Real-Ip, Cf_Connecting_Ip)
34
  * reutrns array('remote_addr' => 'val', ['x_forwarded_for' => 'val', ['x_real_ip' => 'val', ['cloud_flare' => 'val']]])
35
  */
36
+ static public function ip__get($ip_types = array('real', 'remote_addr', 'x_forwarded_for', 'x_real_ip', 'cloud_flare'), $v4_only = true)
37
  {
38
+ $ips = array_flip($ip_types); // Result array with IPs
 
 
 
 
39
  $headers = apache_request_headers();
40
 
41
  // REMOTE_ADDR
42
  if(isset($ips['remote_addr'])){
43
+ $ip_type = self::ip__validate($_SERVER['REMOTE_ADDR']);
44
+ if($ip_type){
45
+ $ips['remote_addr'] = $ip_type == 'v6' ? self::ip__v6_normalize($_SERVER['REMOTE_ADDR']) : $_SERVER['REMOTE_ADDR'];
46
+ }
47
  }
48
 
49
  // X-Forwarded-For
50
  if(isset($ips['x_forwarded_for'])){
51
  if(isset($headers['X-Forwarded-For'])){
52
  $tmp = explode(",", trim($headers['X-Forwarded-For']));
53
+ $tmp = trim($tmp[0]);
54
+ $ip_type = self::ip__validate($tmp);
55
+ if($ip_type){
56
+ $ips['x_forwarded_for'] = $ip_type == 'v6' ? self::ip__v6_normalize($tmp) : $tmp;
57
+ }
58
  }
59
  }
60
 
61
  // X-Real-Ip
62
  if(isset($ips['x_real_ip'])){
63
  if(isset($headers['X-Real-Ip'])){
64
+ $tmp = explode(",", trim($headers['X-Forwarded-For']));
65
+ $tmp = trim($tmp[0]);
66
+ $ip_type = self::ip__validate($tmp);
67
+ if($ip_type){
68
+ $ips['x_forwarded_for'] = $ip_type == 'v6' ? self::ip__v6_normalize($tmp) : $tmp;
69
+ }
70
  }
71
  }
72
 
73
  // Cloud Flare
74
  if(isset($ips['cloud_flare'])){
75
  if(isset($headers['Cf-Connecting-Ip'], $headers['Cf-Ipcountry'], $headers['Cf-Ray'])){
76
+ $ip_type = self::ip__validate($_SERVER['REMOTE_ADDR']);
77
+ if($ip_type){
78
+ // if(self::ip__mask_match($ips['remote_addr'], self::$cdn_pool['cloud_flare']['ipv4'])){
79
+ $ips['cloud_flare'] = $headers['Cf-Connecting-Ip'];
80
+ }
81
  }
82
  }
83
 
84
  // Getting real IP from REMOTE_ADDR or Cf_Connecting_Ip if set or from (X-Forwarded-For, X-Real-Ip) if REMOTE_ADDR is local.
85
  if(isset($ips['real'])){
86
 
87
+ // Detect IP type
88
+ $ip_type = self::ip__validate($_SERVER['REMOTE_ADDR']);
89
+ if($ip_type)
90
+ $ips['real'] = $ip_type == 'v6' ? self::ip__v6_normalize($_SERVER['REMOTE_ADDR']) : $_SERVER['REMOTE_ADDR'];
91
 
92
  // Cloud Flare
93
  if(isset($headers['Cf-Connecting-Ip'], $headers['Cf-Ipcountry'], $headers['Cf-Ray'])){
94
+ $ip_type = self::ip__validate($headers['Cf-Connecting-Ip']);
95
+ if($ip_type)
96
+ $ips['real'] = $ip_type == 'v6' ? self::ip__v6_normalizе($headers['Cf-Connecting-Ip']) : $headers['Cf-Connecting-Ip'];
97
+
98
  // Sucury
99
  }elseif(isset($headers['X-Sucuri-Clientip'], $headers['X-Sucuri-Country'])){
100
+ $ip_type = self::ip__validate($headers['X-Sucuri-Clientip']);
101
+ if($ip_type)
102
+ $ips['real'] = $ip_type == 'v6' ? self::ip__v6_normalizе($headers['X-Sucuri-Clientip']) : $headers['X-Sucuri-Clientip'];
103
 
104
  // OVH
105
  }elseif(isset($headers['X-Cdn-Any-Ip'], $headers['Remote-Ip'])){
106
+ $ip_type = self::ip__validate($headers['X-Cdn-Any-Ip']);
107
+ if($ip_type)
108
+ $ips['real'] = $ip_type == 'v6' ? self::ip__v6_normalizе($headers['X-Cdn-Any-Ip']) : $headers['X-Cdn-Any-Ip'];
109
 
110
  // Incapsula proxy
111
  }elseif(isset($headers['Incap-Client-Ip'])){
112
+ $ip_type = self::ip__validate($headers['Incap-Client-Ip']);
113
+ if($ip_type)
114
+ $ips['real'] = $ip_type == 'v6' ? self::ip__v6_normalizе($headers['Incap-Client-Ip']) : $headers['Incap-Client-Ip'];
115
  }
116
 
117
  // Is private network
118
+ if($ip_type === false || ($ip_type && (self::ip__is_private_network($ips['real'], $ip_type)) || (self::ip__mask_match($ips['real'], filter_input(INPUT_SERVER, 'SERVER_ADDR').'/24', $ip_type)))){
119
 
120
  // X-Forwarded-For
121
  if(isset($headers['X-Forwarded-For'])){
122
  $tmp = explode(",", trim($headers['X-Forwarded-For']));
123
+ $tmp = trim($tmp[0]);
124
+ $ip_type = self::ip__validate($tmp);
125
+ if($ip_type)
126
+ $ips['real'] = $ip_type == 'v6' ? self::ip__v6_normalizе($tmp) : $tmp;
127
 
128
  // X-Real-Ip
129
  }elseif(isset($headers['X-Real-Ip'])){
130
  $tmp = explode(",", trim($headers['X-Real-Ip']));
131
+ $tmp = trim($tmp[0]);
132
+ $ip_type = self::ip__validate($tmp);
133
+ if($ip_type)
134
+ $ips['real'] = $ip_type == 'v6' ? self::ip__v6_normalizе($tmp) : $tmp;
135
+ }
136
  }
137
  }
138
 
139
  // Validating IPs
140
  $result = array();
141
  foreach($ips as $key => $ip){
142
+ $ip_version = self::ip__validate($ip);
143
+ if($ip && (($v4_only && $ip_version == 'v4') || !$v4_only)){
144
+ $result[$key] = $ip;
 
 
 
145
  }
146
  }
147
 
148
  $result = array_unique($result);
149
+ return count($result) > 1
150
+ ? $result
 
151
  : (reset($result) !== false
152
  ? reset($result)
153
  : null);
154
  }
155
 
156
+ static function ip__is_private_network($ip, $ip_type = 'v4'){
157
+ return self::ip__mask_match($ip, self::$private_networks[$ip_type]);
158
  }
159
 
160
  /*
161
+ * Check if the IP belong to mask. Recursive.
162
+ * Octet by octet for IPv4
163
+ * Hextet by hextet for IPv6
164
  * @param ip string
165
  * @param cird mixed (string|array of strings)
166
+ * @param ip_type string
167
+ * @param cird mixed (string|array of strings)
168
  */
169
+ static public function ip__mask_match($ip, $cidr, $ip_type = 'v4', $xtet_count = 0)
170
+ {
171
  if(is_array($cidr)){
172
  foreach($cidr as $curr_mask){
173
+ if(self::ip__mask_match($ip, $curr_mask, $ip_type)){
174
  return true;
175
  }
176
  } unset($curr_mask);
177
  return false;
178
  }
179
+
180
+ if($ip_type == 'v4') $xtet_base = 8;
181
+ if($ip_type == 'v6') $xtet_base = 16;
182
+
183
+ // Calculate mask
184
+ $exploded = explode('/', $cidr);
185
+ $net_ip = $exploded[0];
186
+ $mask = $exploded[1];
187
+
188
+ // Exit condition
189
+ $xtet_end = ceil($mask / $xtet_base);
190
+ if($xtet_count == $xtet_end)
191
+ return true;
192
+
193
+ // Lenght of bits for comparsion
194
+ $mask = $mask - $xtet_base * $xtet_count >= $xtet_base ? $xtet_base : $mask - $xtet_base * $xtet_count;
195
+
196
+ // Explode by octets/hextets from IP and Net
197
+ $net_ip_xtets = explode($ip_type == 'v4' ? '.' : ':', $net_ip);
198
+ $ip_xtets = explode($ip_type == 'v4' ? '.' : ':', $ip);
199
+
200
+ // Standartizing. Getting current octets/hextets. Adding leading zeros.
201
+ $net_xtet = str_pad(decbin($ip_type == 'v4' ? $net_ip_xtets[$xtet_count] : hexdec($net_ip_xtets[$xtet_count])), $xtet_base, 0, STR_PAD_LEFT);
202
+ $ip_xtet = str_pad(decbin($ip_type == 'v4' ? $ip_xtets[$xtet_count] : hexdec($ip_xtets[$xtet_count])), $xtet_base, 0, STR_PAD_LEFT);
203
+
204
+ // Comparing bit by bit
205
+ for($i = 0, $result = true; $mask != 0; $mask--, $i++ ){
206
+ if($ip_xtet[$i] != $net_xtet[$i]){
207
+ $result = false;
208
+ break;
209
+ }
210
+ }
211
+
212
+ // Recursing. Moving to next octet/hextet.
213
+ if($result)
214
+ $result = self::ip__mask_match($ip, $cidr, $ip_type, $xtet_count + 1);
215
+
216
+ return $result;
217
+
218
  }
219
 
220
  /*
222
  * param (string) $ip
223
  * returns (string) 'v4' || (string) 'v6' || (bool) false
224
  */
225
+ static public function ip__validate($ip)
226
  {
227
+ if(!$ip) return false; // NULL || FALSE || '' || so on...
228
+ if(filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) && $ip != '0.0.0.0') return 'v4'; // IPv4
229
+ if(filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) && self::ip__v6_reduce($ip) != '0::0') return 'v6'; // IPv6
230
+ return false; // Unknown
231
+ }
232
+
233
+ /**
234
+ * Expand IPv6
235
+ * param (string) $ip
236
+ * returns (string) IPv6
237
+ */
238
+ static public function ip__v6_normalizе($ip)
239
+ {
240
+ $ip = trim($ip);
241
+ // Searching for ::ffff:xx.xx.xx.xx patterns and turn it to IPv6
242
+ if(preg_match('/^::ffff:([0-9]{1,3}\.?){4}$/', $ip)){
243
+ $ip = dechex(sprintf("%u", ip2long(substr($ip, 7))));
244
+ $ip = '0:0:0:0:0:0:'.(strlen($ip) > 4 ? substr('abcde', 0, -4) : '0').':'.substr($ip, -4, 4);
245
+ // Normalizing hextets number
246
+ }elseif(strpos($ip, '::') !== false){
247
+ $ip = str_replace('::', str_repeat(':0', 8 - substr_count($ip, ':')).':', $ip);
248
+ $ip = strpos($ip, ':') === 0 ? '0'.$ip : $ip;
249
+ $ip = strpos(strrev($ip), ':') === 0 ? $ip.'0' : $ip;
250
+ }
251
+ // Simplifyng hextets
252
+ if(preg_match('/:0(?=[a-z0-9]+)/', $ip)){
253
+ $ip = preg_replace('/:0(?=[a-z0-9]+)/', ':', strtolower($ip));
254
+ $ip = self::ip__v6_normalizе($ip);
255
+ }
256
+ return $ip;
257
+ }
258
+
259
+ /**
260
+ * Reduce IPv6
261
+ * param (string) $ip
262
+ * returns (string) IPv6
263
+ */
264
+ static public function ip__v6_reduce($ip){
265
+ if(strpos($ip, ':') !== false){
266
+ $ip = preg_replace('/:0{1,4}/', ':', $ip);
267
+ $ip = preg_replace('/:{2,}/', '::', $ip);
268
+ $ip = strpos($ip, '0') === 0 ? substr($ip, 1) : $ip;
269
+ }
270
+ return $ip;
271
  }
272
 
273
  /**
279
  * get - GET-request
280
  * ssl - use SSL
281
  *
282
+ * @param string $url URL
283
+ * @param array $data POST|GET indexed array with data to send
284
+ * @param string|array $presets String or Array with presets: get_code, dont_wait_for_answer, get, ssl, dont_split_to_array
285
+ * @param array $opts Optional option for CURL connection
286
+ *
287
+ * @return array (array || array('error' => true))
288
  */
289
  static public function http__request($url, $data = array(), $presets = null, $opts = array())
290
  {
382
  }
383
 
384
  /**
385
+ * Merging arrays without reseting numeric keys
386
+ *
387
+ * @param array $arr1 One-dimentional array
388
+ * @param array $arr2 One-dimentional array
389
+ * @return array Merged array
390
+ */
391
+ public static function array_merge__save_numeric_keys($arr1, $arr2){
392
+ foreach ($arr2 as $key => $val){
393
+ $arr1[$key] = $val;
394
+ }
395
+ return $arr1;
396
  }
397
+
398
  /**
399
+ * Merging arrays without reseting numeric keys recursive
400
+ *
401
+ * @param array $arr1 One-dimentional array
402
+ * @param array $arr2 One-dimentional array
403
+ * @return array Merged array
404
+ */
405
+ public static function array_merge__save_numeric_keys__recursive($arr1, $arr2){
406
+ foreach ($arr2 as $key => $val){
407
+ // Array | array => array
408
+ if(isset($arr1[$key]) && is_array($arr1[$key]) && is_array($val)){
409
+ $arr1[$key] = self::array_merge__save_numeric_keys__recursive($arr1[$key], $val);
410
+ // Scalar | array => array
411
+ }elseif(isset($arr1[$key]) && !is_array($arr1[$key]) && is_array($val)){
412
+ $tmp = $arr1[$key] =
413
+ $arr1[$key] = $val;
414
+ $arr1[$key][] = $tmp;
415
+ // array | scalar => array
416
+ }elseif(isset($arr1[$key]) && is_array($arr1[$key]) && !is_array($val)){
417
+ $arr1[$key][] = $val;
418
+ // scalar | scalar => scalar
419
  }else{
420
+ $arr1[$key] = $val;
421
  }
422
  }
423
+ return $arr1;
424
  }
425
+
426
  /**
427
+ * Function removing non UTF8 characters from array|string|object
428
+ *
429
+ * @param mixed(array|object|string) $data
430
+ * @param type $data_codepage
431
+ * @return mixed(array|object|string)
432
+ */
433
+ public static function removeNonUTF8($data, $data_codepage = null)
434
  {
435
+ // Array || object
436
+ if(is_array($data) || is_object($data)){
437
+ foreach ($data as $key => &$val) {
438
+ $val = self::removeNonUTF8($val, $data_codepage);
439
+ }unset($key, $val);
440
+
441
+ //String
442
+ }else{
443
+ if(!preg_match('//u', $data))
444
+ $data = 'Nulled. Not UTF8 encoded or malformed.';
445
+ }
446
  return $data;
447
  }
448
+
449
  /**
450
+ * Function convert anything to UTF8 and removes non UTF8 characters
451
+ *
452
+ * @param mixed(array|object|string) $obj
453
+ * @param type $data_codepage
454
+ * @return mixed(array|object|string)
455
+ */
456
+ public static function toUTF8($obj, $data_codepage = null)
457
  {
458
+ // Array || object
459
+ if(is_array($obj) || is_object($obj)){
460
+ foreach ($obj as $key => &$val) {
461
+ $val = self::toUTF8($val, $data_codepage);
462
+ }unset($key, $val);
463
 
464
+ //String
465
+ }else{
466
+ if (!preg_match('//u', $obj) && function_exists('mb_detect_encoding') && function_exists('mb_convert_encoding')){
467
+ $encoding = mb_detect_encoding($obj);
468
+ $encoding = $encoding ? $encoding : $data_codepage;
469
+ if ($encoding)
470
+ $obj = mb_convert_encoding($str, 'UTF-8', $encoding);
471
+ }
472
  }
473
+ return $obj;
474
  }
475
+
476
+ /**
477
+ * Function convert from UTF8
478
  *
479
+ * @param mixed (array|object|string)
480
+ * @param string
481
+ * @return mixed (array|object|string)
482
+ */
483
+ public static function fromUTF8($obj, $data_codepage = null)
484
+ {
485
+ // Array || object
486
+ if(is_array($obj) || is_object($obj)){
487
+ foreach ($obj as $key => &$val) {
488
+ $val = self::fromUTF8($val, $data_codepage);
489
+ }unset($key, $val);
490
+
491
+ //String
492
+ }else{
493
+ if(preg_match('u', $obj) && function_exists('mb_convert_encoding') && $data_codepage !== null)
494
+ $obj = mb_convert_encoding($obj, $data_codepage, 'UTF-8');
495
  }
496
+ return $obj;
497
  }
498
 
499
+ /**
500
+ * Checks if the string is JSON type
501
+ * @param string
502
+ * @return bool
503
+ */
504
+ static public function is_json($string)
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
505
  {
506
+ return is_string($string) && is_array(json_decode($string, true)) ? true : false;
 
 
 
507
  }
508
  }
lib/CleantalkRequest.php CHANGED
@@ -160,11 +160,30 @@ class CleantalkRequest {
160
  * @param type $params
161
  */
162
  public function __construct($params = null) {
163
- if (is_array($params) && count($params) > 0) {
164
- foreach ($params as $param => $value) {
165
- $this->{$param} = $value;
166
- }
167
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
168
  }
169
 
170
  }
160
  * @param type $params
161
  */
162
  public function __construct($params = null) {
163
+
164
+ // IPs
165
+ $this->sender_ip = isset($params['sender_ip']) ? (string)$params['sender_ip'] : null;
166
+ $this->x_forwarded_for = isset($params['x_forwarded_for']) ? (string)$params['x_forwarded_for'] : null;
167
+ $this->x_real_ip = isset($params['x_real_ip']) ? (string)$params['x_real_ip'] : null;
168
+
169
+ // Misc
170
+ $this->agent = isset($params['agent']) ? (string)$params['agent'] : null;
171
+ $this->auth_key = isset($params['auth_key']) ? (string)$params['auth_key'] : null;
172
+ $this->sender_email = isset($params['sender_email']) ? (string)$params['sender_email'] : null;
173
+ $this->sender_nickname = !empty($params['sender_nickname']) ? (string)$params['sender_nickname'] : null;
174
+ $this->phone = !empty($params['phone']) ? (string)$params['phone'] : null;
175
+ $this->js_on = isset($params['js_on']) ? (int)$params['js_on'] : null;
176
+ $this->submit_time = isset($params['submit_time']) ? (int)$params['submit_time'] : null;
177
+ $this->post_info = isset($params['post_info']) ? (string)json_encode($params['post_info']) : null;
178
+ $this->sender_info = isset($params['sender_info']) ? (string)json_encode($params['sender_info']) : null;
179
+
180
+ // Message
181
+ $this->message = !empty($params['message']) ? serialize($params['message']) : null;
182
+ $this->example = !empty($params['example']) ? serialize($params['example']) : null;
183
+
184
+ // Feedback
185
+ $this->feedback = !empty($params['feedback']) ? $params['feedback'] : null;
186
+
187
  }
188
 
189
  }
lib/CleantalkResponse.php CHANGED
@@ -138,7 +138,7 @@ class CleantalkResponse {
138
  $this->stop_words = isset($obj->stop_words) ? utf8_decode($obj->stop_words) : null;
139
  $this->comment = isset($obj->comment) ? utf8_decode($obj->comment) : null;
140
  $this->blacklisted = (isset($obj->blacklisted)) ? $obj->blacklisted : null;
141
- $this->allow = (isset($obj->allow)) ? $obj->allow : 0;
142
  $this->id = (isset($obj->id)) ? $obj->id : null;
143
  $this->fast_submit = (isset($obj->fast_submit)) ? $obj->fast_submit : 0;
144
  $this->spam = (isset($obj->spam)) ? $obj->spam : 0;
138
  $this->stop_words = isset($obj->stop_words) ? utf8_decode($obj->stop_words) : null;
139
  $this->comment = isset($obj->comment) ? utf8_decode($obj->comment) : null;
140
  $this->blacklisted = (isset($obj->blacklisted)) ? $obj->blacklisted : null;
141
+ $this->allow = (isset($obj->allow)) ? $obj->allow : 1;
142
  $this->id = (isset($obj->id)) ? $obj->id : null;
143
  $this->fast_submit = (isset($obj->fast_submit)) ? $obj->fast_submit : 0;
144
  $this->spam = (isset($obj->spam)) ? $obj->spam : 0;
lib/CleantalkSFW.php CHANGED
@@ -63,7 +63,15 @@ class CleantalkSFW extends CleantalkSFW_Base
63
  $debug = '<h1>Networks</h1>'
64
  . var_export($this->debug_networks, true)
65
  . '<h1>Headers</h1>'
66
- . var_export(apache_request_headers(), true);
 
 
 
 
 
 
 
 
67
  }else
68
  $debug = '';
69
 
63
  $debug = '<h1>Networks</h1>'
64
  . var_export($this->debug_networks, true)
65
  . '<h1>Headers</h1>'
66
+ . var_export(apache_request_headers(), true)
67
+ . '<h1>REMOTE_ADDR</h1>'
68
+ . var_export($_SERVER['REMOTE_ADDR'], true)
69
+ . '<h1>SERVER_ADDR</h1>'
70
+ . var_export($_SERVER['SERVER_ADDR'], true)
71
+ . '<h1>IP_ARRAY</h1>'
72
+ . var_export($this->ip_array, true)
73
+ . '<h1>ADDITIONAL</h1>'
74
+ . var_export($this->debug_data, true);
75
  }else
76
  $debug = '';
77
 
lib/CleantalkSFW_Base.php CHANGED
@@ -29,6 +29,7 @@ class CleantalkSFW_Base
29
  protected $log_table;
30
 
31
  public $debug;
 
32
  public $debug_networks = array();
33
 
34
  /**
@@ -41,7 +42,7 @@ class CleantalkSFW_Base
41
  *
42
  * @return void
43
  */
44
- public function __construct($params, $username, $password)
45
  {
46
  // Creating database object
47
  $this->db = new ClentalkDB();
@@ -55,14 +56,14 @@ class CleantalkSFW_Base
55
  * Getting arrays of IP (REMOTE_ADDR, X-Forwarded-For, X-Real-Ip, Cf_Connecting_Ip)
56
  * reutrns array('remote_addr' => 'val', ['x_forwarded_for' => 'val', ['x_real_ip' => 'val', ['cloud_flare' => 'val']]])
57
  */
58
- public function ip_get($ips_input = array('real', 'remote_addr', 'x_forwarded_for', 'x_real_ip', 'cloud_flare'), $v4_only = true){
59
 
60
- $result = (array)CleantalkHelper::ip_get($ips_input, $v4_only);
61
 
62
  $result = !empty($result) ? $result : array();
63
 
64
  if(isset($_GET['sfw_test_ip'])){
65
- if(CleantalkHelper::ip_validate($_GET['sfw_test_ip']) !== false){
66
  $result['sfw_test'] = $_GET['sfw_test_ip'];
67
  $this->is_test = true;
68
  }
29
  protected $log_table;
30
 
31
  public $debug;
32
+ public $debug_data = '';
33
  public $debug_networks = array();
34
 
35
  /**
42
  *
43
  * @return void
44
  */
45
+ public function __construct()
46
  {
47
  // Creating database object
48
  $this->db = new ClentalkDB();
56
  * Getting arrays of IP (REMOTE_ADDR, X-Forwarded-For, X-Real-Ip, Cf_Connecting_Ip)
57
  * reutrns array('remote_addr' => 'val', ['x_forwarded_for' => 'val', ['x_real_ip' => 'val', ['cloud_flare' => 'val']]])
58
  */
59
+ public function ip__get($ips_input = array('real', 'remote_addr', 'x_forwarded_for', 'x_real_ip', 'cloud_flare'), $v4_only = true){
60
 
61
+ $result = (array)CleantalkHelper::ip__get($ips_input, $v4_only);
62
 
63
  $result = !empty($result) ? $result : array();
64
 
65
  if(isset($_GET['sfw_test_ip'])){
66
+ if(CleantalkHelper::ip__validate($_GET['sfw_test_ip']) !== false){
67
  $result['sfw_test'] = $_GET['sfw_test_ip'];
68
  $this->is_test = true;
69
  }
lib/CleantalkState.php CHANGED
@@ -21,7 +21,6 @@ class CleantalkState
21
  public $def_settings = array(
22
 
23
  'spam_firewall' => 1,
24
- 'server' => 'http://moderate.cleantalk.org',
25
  'apikey' => '',
26
  'custom_key' => 0,
27
  'autoPubRevelantMess' => 0,
@@ -48,6 +47,7 @@ class CleantalkState
48
  'use_ajax' => 1,
49
  'general_postdata_test' => 0, //CAPD
50
  'set_cookies'=> 1, // Disable cookies generatation to be compatible with Varnish.
 
51
  'alternative_sessions'=> 0, // AJAX Sessions.
52
  'ssl_on' => 0, // Secure connection to servers
53
  'use_buitin_http_api' => 0, // Using Wordpress HTTP built in API
@@ -217,11 +217,9 @@ class CleantalkState
217
  private function getOption($option_name)
218
  {
219
  $option = get_option('cleantalk_'.$option_name, null);
220
-
221
- if(gettype($option) === 'array')
222
- $this->$option_name = new ArrayObject($option);
223
- else
224
- $this->$option_name = $option;
225
  }
226
 
227
  public function save($option_name, $use_perfix = true, $autoload = true)
21
  public $def_settings = array(
22
 
23
  'spam_firewall' => 1,
 
24
  'apikey' => '',
25
  'custom_key' => 0,
26
  'autoPubRevelantMess' => 0,
47
  'use_ajax' => 1,
48
  'general_postdata_test' => 0, //CAPD
49
  'set_cookies'=> 1, // Disable cookies generatation to be compatible with Varnish.
50
+ 'set_cookies__sessions'=> 0, // Use alt sessions for cookies.
51
  'alternative_sessions'=> 0, // AJAX Sessions.
52
  'ssl_on' => 0, // Secure connection to servers
53
  'use_buitin_http_api' => 0, // Using Wordpress HTTP built in API
217
  private function getOption($option_name)
218
  {
219
  $option = get_option('cleantalk_'.$option_name, null);
220
+ $this->$option_name = gettype($option) === 'array'
221
+ ? new ArrayObject($option)
222
+ : $option;
 
 
223
  }
224
 
225
  public function save($option_name, $use_perfix = true, $autoload = true)
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: safronik
3
  Tags: spam, antispam, protection, comments, firewall
4
  Requires at least: 3.0
5
  Tested up to: 5.2
6
- Stable tag: 5.117.1
7
  License: GPLv2
8
 
9
  Spam protection, antispam, all-in-one, premium plugin. No spam comments & users, no spam contact form & WooCommerce anti-spam.
@@ -558,6 +558,23 @@ If your website has forms that send data to external sources, you can enable opt
558
  10. Website's options.
559
 
560
  == Changelog ==
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
561
  = 5.117.1 April 5 2019 =
562
  * Fix: GDPR notice.
563
  * Fix: noCacheJS localization.
@@ -1838,6 +1855,23 @@ If your website has forms that send data to external sources, you can enable opt
1838
  * First version
1839
 
1840
  == Upgrade Notice ==
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1841
  = 5.117.1 April 5 2019 =
1842
  * Fix: GDPR notice.
1843
  * Fix: noCacheJS localization.
3
  Tags: spam, antispam, protection, comments, firewall
4
  Requires at least: 3.0
5
  Tested up to: 5.2
6
+ Stable tag: 5.118
7
  License: GPLv2
8
 
9
  Spam protection, antispam, all-in-one, premium plugin. No spam comments & users, no spam contact form & WooCommerce anti-spam.
558
  10. Website's options.
559
 
560
  == Changelog ==
561
+ = 5.118 April 19 2019 =
562
+ * Fix: Cookies on registration page.
563
+ * Fix: Update fix.
564
+ * Fix: Wordpress built-in API.
565
+ * Fix: WooCommerce checkout form.
566
+ * Fix: UpdraftPlus. Saving settings.
567
+ * Fix: Convert Pro saving settings.
568
+ * Fix: UTF-8 Converting.
569
+ * Fix: GDPR notice.
570
+ * Fix: cleantalk_sessions table size reduced.
571
+ * Mod: Localization.
572
+ * Mod: Performance improved.
573
+ * Mod: SpamFierWall improvments.
574
+ * Mod: IP detection improved.
575
+ * Mod: JavaScript check rewised.
576
+ * New: Setting "Use alternative mechanism for cookies".
577
+
578
  = 5.117.1 April 5 2019 =
579
  * Fix: GDPR notice.
580
  * Fix: noCacheJS localization.
1855
  * First version
1856
 
1857
  == Upgrade Notice ==
1858
+ = 5.118 April 19 2019 =
1859
+ * Fix: Cookies on registration page.
1860
+ * Fix: Update fix.
1861
+ * Fix: Wordpress built-in API.
1862
+ * Fix: WooCommerce checkout form.
1863
+ * Fix: UpdraftPlus. Saving settings.
1864
+ * Fix: Convert Pro saving settings.
1865
+ * Fix: UTF-8 Converting.
1866
+ * Fix: GDPR notice.
1867
+ * Fix: cleantalk_sessions table size reduced.
1868
+ * Mod: Localization.
1869
+ * Mod: Performance improved.
1870
+ * Mod: SpamFierWall improvments.
1871
+ * Mod: IP detection improved.
1872
+ * Mod: JavaScript check rewised.
1873
+ * New: Setting "Use alternative mechanism for cookies".
1874
+
1875
  = 5.117.1 April 5 2019 =
1876
  * Fix: GDPR notice.
1877
  * Fix: noCacheJS localization.