WassUp Real Time Analytics - Version 1.7.1

Version Description

Download this release

Release Info

Developer michelem
Plugin Icon 128x128 WassUp Real Time Analytics
Version 1.7.1
Comparing to
See all releases

Code changes from version 1.7 to 1.7.1

Files changed (6) hide show
  1. lib/action.php +18 -7
  2. lib/main.php +11 -10
  3. lib/settings.php +1 -2
  4. lib/uadetector.class.php +107 -56
  5. readme.txt +1 -1
  6. wassup.php +226 -103
lib/action.php CHANGED
@@ -256,9 +256,11 @@ if (!$hashfail) {
256
  <ul class="charts">
257
  <li class="chartsT"><?php _e("TOP QUERY", "wassup"); ?></li>
258
  <?php
 
259
  foreach ($top_results as $top10) { ?>
260
  <li class="charts"><?php echo $top10->top_count.': <a href="'.$top10->top_link.'" target="_BLANK">'.stringShortener(preg_replace('/'.preg_quote($siteurl,'/').'/i', '', $top10->top_item),$char_len).'</a>'; ?></li>
261
- <?php } ?>
 
262
  </ul>
263
  </td>
264
  <?php
@@ -274,7 +276,7 @@ if (!$hashfail) {
274
  <td style="min-width:<?php echo ($char_len-5); ?>px;">
275
  <ul class="charts">
276
  <li class="chartsT"><?php _e("TOP REFERRER", "wassup"); ?></li>
277
- <?php if (!empty($top_results) && is_array($top_results)) {
278
  foreach ($top_results as $top10) { ?>
279
  <li class="charts"><?php echo $top10->top_count.': ';
280
  print '<a href="'.clean_url($top10->top_link,'','url').'" title="'.attribute_escape($top10->top_link).'" target="_BLANK">';
@@ -285,7 +287,8 @@ if (!$hashfail) {
285
  print '...';
286
  }
287
  print '</a>'; ?></li>
288
- <?php } } ?>
 
289
  </ul>
290
  </td>
291
  <?php
@@ -301,11 +304,13 @@ if (!$hashfail) {
301
  <ul class="charts">
302
  <li class="chartsT"><?php _e("TOP REQUEST", "wassup"); ?></li>
303
  <?php
 
304
  foreach ($top_results as $top10) { ?>
305
  <li class="charts"><?php echo $top10->top_urlrequested.': ';
306
  print '<a href="'.wAddSiteurl($top10->urlrequested).'" title="'.clean_url($top10->urlrequested).'" target="_BLANK">';
307
  print stringShortener($top10->urlrequested,$char_len).'</a>'; ?></li>
308
- <?php } ?>
 
309
  </ul>
310
  </td>
311
  <?php
@@ -322,11 +327,13 @@ if (!$hashfail) {
322
  <ul class="charts">
323
  <li class="chartsT"><?php _e("TOP BROWSER", "wassup") ?></li>
324
  <?php
 
325
  foreach ($top_results as $top10) { ?>
326
  <li class="charts"><?php echo $top10->top_count.': ';
327
  echo '<span class="top10" title="'.$top10->top_item.'">'.stringShortener($top10->top_item, $char_len).'</span>'; ?>
328
  </li>
329
- <?php } ?>
 
330
  </ul>
331
  </td>
332
  <?php } //end if topbrowser
@@ -342,11 +349,13 @@ if (!$hashfail) {
342
  <ul class="charts">
343
  <li class="chartsT"><?php _e("TOP OS", "wassup") ?></li>
344
  <?php
 
345
  foreach ($top_results as $top10) { ?>
346
  <li class="charts"><?php print $top10->top_count.': '; ?>
347
  <span class="top10" title="<?php echo $top10->top_item; ?>"><?php echo stringShortener($top10->top_item, $char_len); ?></span>
348
  </li>
349
- <?php } ?>
 
350
  </ul>
351
  </td>
352
  <?php } // end if topos
@@ -363,12 +372,14 @@ if (!$hashfail) {
363
  <ul class="charts">
364
  <li class="chartsT"><?php _e("TOP LOCALE", "wassup"); ?></li>
365
  <?php
 
366
  foreach ($top_results as $top10) { ?>
367
  <li class="charts"><?php echo $top10->top_count.': ';
368
  echo '<img src="'.WASSUPURL.'/img/flags/'.strtolower($top10->top_item).'.png" alt="" />'; ?>
369
  <span class="top10" title="<?php echo $top10->top_item; ?>"><?php echo $top10->top_item; ?></span>
370
  </li>
371
- <?php } ?>
 
372
  </ul>
373
  </td>
374
  <?php } // end if toplocale
256
  <ul class="charts">
257
  <li class="chartsT"><?php _e("TOP QUERY", "wassup"); ?></li>
258
  <?php
259
+ if (count($top_results) >0) {
260
  foreach ($top_results as $top10) { ?>
261
  <li class="charts"><?php echo $top10->top_count.': <a href="'.$top10->top_link.'" target="_BLANK">'.stringShortener(preg_replace('/'.preg_quote($siteurl,'/').'/i', '', $top10->top_item),$char_len).'</a>'; ?></li>
262
+ <?php }
263
+ } ?>
264
  </ul>
265
  </td>
266
  <?php
276
  <td style="min-width:<?php echo ($char_len-5); ?>px;">
277
  <ul class="charts">
278
  <li class="chartsT"><?php _e("TOP REFERRER", "wassup"); ?></li>
279
+ <?php if (count($top_results) >0) {
280
  foreach ($top_results as $top10) { ?>
281
  <li class="charts"><?php echo $top10->top_count.': ';
282
  print '<a href="'.clean_url($top10->top_link,'','url').'" title="'.attribute_escape($top10->top_link).'" target="_BLANK">';
287
  print '...';
288
  }
289
  print '</a>'; ?></li>
290
+ <?php }
291
+ } ?>
292
  </ul>
293
  </td>
294
  <?php
304
  <ul class="charts">
305
  <li class="chartsT"><?php _e("TOP REQUEST", "wassup"); ?></li>
306
  <?php
307
+ if (count($top_results) >0) {
308
  foreach ($top_results as $top10) { ?>
309
  <li class="charts"><?php echo $top10->top_urlrequested.': ';
310
  print '<a href="'.wAddSiteurl($top10->urlrequested).'" title="'.clean_url($top10->urlrequested).'" target="_BLANK">';
311
  print stringShortener($top10->urlrequested,$char_len).'</a>'; ?></li>
312
+ <?php }
313
+ } ?>
314
  </ul>
315
  </td>
316
  <?php
327
  <ul class="charts">
328
  <li class="chartsT"><?php _e("TOP BROWSER", "wassup") ?></li>
329
  <?php
330
+ if (count($top_results) >0) {
331
  foreach ($top_results as $top10) { ?>
332
  <li class="charts"><?php echo $top10->top_count.': ';
333
  echo '<span class="top10" title="'.$top10->top_item.'">'.stringShortener($top10->top_item, $char_len).'</span>'; ?>
334
  </li>
335
+ <?php }
336
+ } ?>
337
  </ul>
338
  </td>
339
  <?php } //end if topbrowser
349
  <ul class="charts">
350
  <li class="chartsT"><?php _e("TOP OS", "wassup") ?></li>
351
  <?php
352
+ if (count($top_results) >0) {
353
  foreach ($top_results as $top10) { ?>
354
  <li class="charts"><?php print $top10->top_count.': '; ?>
355
  <span class="top10" title="<?php echo $top10->top_item; ?>"><?php echo stringShortener($top10->top_item, $char_len); ?></span>
356
  </li>
357
+ <?php }
358
+ } ?>
359
  </ul>
360
  </td>
361
  <?php } // end if topos
372
  <ul class="charts">
373
  <li class="chartsT"><?php _e("TOP LOCALE", "wassup"); ?></li>
374
  <?php
375
+ if (count($top_results) >0) {
376
  foreach ($top_results as $top10) { ?>
377
  <li class="charts"><?php echo $top10->top_count.': ';
378
  echo '<img src="'.WASSUPURL.'/img/flags/'.strtolower($top10->top_item).'.png" alt="" />'; ?>
379
  <span class="top10" title="<?php echo $top10->top_item; ?>"><?php echo $top10->top_item; ?></span>
380
  </li>
381
+ <?php }
382
+ } ?>
383
  </ul>
384
  </td>
385
  <?php } // end if toplocale
lib/main.php CHANGED
@@ -571,6 +571,7 @@ function wAddSiteurl($inputurl) {
571
  function spyview ($from_date="",$to_date="",$rows="999",$spytype="",$spy_datasource="") {
572
  global $wpdb, $wp_version, $debug_mode;
573
 
 
574
  $whereis="";
575
  if ($spytype == 'spider') {
576
  $whereis = " AND spider!=''";
@@ -868,7 +869,7 @@ function wGetStats($stat_type="", $stat_limit=10, $stat_condition="") {
868
 
869
  //top url requests...
870
  } elseif ($stat_type == "urlrequested") {
871
- $stat_results = $wpdb->get_results("SELECT count(*) AS top_count, LOWER(REPLACE(urlrequested, '/', '')) AS top_item, urlrequested AS top_link FROM $table_name WHERE $stat_condition $spamselect GROUP BY top_item ORDER BY top_count DESC LIMIT $stat_limit");
872
 
873
  //top browser...
874
  } elseif ($stat_type == "browser") {
@@ -1131,21 +1132,21 @@ class MainItems {
1131
  return $qry;
1132
  mysql_close($unbuff_db);
1133
  */
1134
- break;
1135
- // These are the queries to count the items hits/pages/spam
1136
- case "count":
1137
- $qry = sprintf("SELECT COUNT(%s `wassup_id`) AS itemstot FROM %s WHERE `timestamp` >= %s %s %s",
1138
  $distinct_type,
1139
  $this->tableName,
1140
  $this->from_date,
1141
  $ss,
1142
  $this->whereis);
1143
- $itemstot = $wpdb->get_var($qry);
1144
- return $itemstot;
1145
- break;
1146
- }
1147
 
1148
- }
1149
 
1150
  // $Ctype = chart's type by time
1151
  // $Res = resolution
571
  function spyview ($from_date="",$to_date="",$rows="999",$spytype="",$spy_datasource="") {
572
  global $wpdb, $wp_version, $debug_mode;
573
 
574
+ //$debug_mode=true;
575
  $whereis="";
576
  if ($spytype == 'spider') {
577
  $whereis = " AND spider!=''";
869
 
870
  //top url requests...
871
  } elseif ($stat_type == "urlrequested") {
872
+ $stat_results = $wpdb->get_results("SELECT count(*) AS top_count, LOWER(REPLACE(urlrequested, '/', '')) AS top_item, urlrequested AS top_link FROM $table_name WHERE $stat_condition GROUP BY top_item ORDER BY top_count DESC LIMIT $stat_limit");
873
 
874
  //top browser...
875
  } elseif ($stat_type == "browser") {
1132
  return $qry;
1133
  mysql_close($unbuff_db);
1134
  */
1135
+ break;
1136
+ case "count":
1137
+ // These are the queries to count the items hits/pages/spam
1138
+ $qry = sprintf("SELECT COUNT(%s `wassup_id`) AS itemstot FROM %s WHERE `timestamp` >= %s %s %s",
1139
  $distinct_type,
1140
  $this->tableName,
1141
  $this->from_date,
1142
  $ss,
1143
  $this->whereis);
1144
+ $itemstot = $wpdb->get_var($qry);
1145
+ return $itemstot;
1146
+ break;
1147
+ } //end switch
1148
 
1149
+ } //end function calc_tot
1150
 
1151
  // $Ctype = chart's type by time
1152
  // $Res = resolution
lib/settings.php CHANGED
@@ -246,8 +246,7 @@
246
  <br /><p><input type="checkbox" name="wassup_remind_flag" value="1" <?php if ($wassup_options->wassup_remind_flag == 1) print "CHECKED"; ?>>
247
  <strong><?php _e('Alert me','wassup'); ?></strong> (<?php _e('email to','wassup'); ?>: <strong><?php print $adminemail; ?></strong>) <?php _e('when table reaches','wassup'); ?> <input type="text" name="wassup_remind_mb" size="3" value="<?php print $wassup_options->wassup_remind_mb; ?>"> Mb</p>
248
  <p><input type="checkbox" name="wassup_empty" value="1">
249
- <strong><?php _e('Empty table','wassup'); ?></strong> (<a href="<?php echo clean_url(WASSUPURL.'/lib/action.php?action=export'.$action_param.'&width='.$res.'&height=400','','url'); ?>" class="thickbox" title="WassUp Export">
250
- <?php //print $_SERVER['QUERY_STRING'].'&tab=2&export=1'; ?><?php _e('export table in SQL format','wassup'); ?></a>)
251
  <!--
252
  <a id="show-backup" href="#"><?php _e("backup table to server file", "wassup"); ?></a> -->
253
  </p>
246
  <br /><p><input type="checkbox" name="wassup_remind_flag" value="1" <?php if ($wassup_options->wassup_remind_flag == 1) print "CHECKED"; ?>>
247
  <strong><?php _e('Alert me','wassup'); ?></strong> (<?php _e('email to','wassup'); ?>: <strong><?php print $adminemail; ?></strong>) <?php _e('when table reaches','wassup'); ?> <input type="text" name="wassup_remind_mb" size="3" value="<?php print $wassup_options->wassup_remind_mb; ?>"> Mb</p>
248
  <p><input type="checkbox" name="wassup_empty" value="1">
249
+ <strong><?php _e('Empty table','wassup'); ?></strong> (<a href=?"<?php print $_SERVER['QUERY_STRING'].'&export=1&tab=2'; ?>"><?php _e('export table in SQL format','wassup'); ?></a>)
 
250
  <!--
251
  <a id="show-backup" href="#"><?php _e("backup table to server file", "wassup"); ?></a> -->
252
  </p>
lib/uadetector.class.php CHANGED
@@ -24,7 +24,8 @@ class UADetector {
24
  var $browscap;
25
  var $agenttype; //B=Browser, F=feed reader, H=harvester bot,
26
  //M=monitor/piracy checker bot, R=archiver/search engine robot,
27
- //S=Spammer, V=Validator (Link/CSS/Html)
 
28
  var $agent;
29
 
30
  /* constructor */
@@ -78,7 +79,7 @@ class UADetector {
78
  $os="";
79
  $top_ua = array('name'=>"",'version'=>"",'os'=>"",'platform'=>"",'language'=>"",'agenttype'=>"");
80
  // #1 Googlebot
81
- if (preg_match("#^Mozilla/\d\.\d\s\(compatible;\sGooglebot/(\d\.\d);\s\+?http\://www\.google\.com/bot\.html\)$#i",$agent,$match)>0) {
82
  $top_ua['name'] = "Googlebot";
83
  $top_ua['version']=$match[1];
84
  $top_ua['agenttype']= "R";
@@ -180,23 +181,6 @@ class UADetector {
180
  $top_ua['language']=$match[3];
181
  $top_ua['agenttype']= "B";
182
  }
183
- /*
184
- // #11 FriendFeedBot
185
- } elseif (preg_match("#^Mozilla/\d\.\d\s\(compatible;\sFriendFeedBot/([0-9.]+);\s\+Http\://friendfeed\.com/about/bot\)$#",$agent,$match)>0) {
186
- $top_ua['name'] = "FriendFeedBot";
187
- $top_ua['version']=$match[1];
188
- $top_ua['agenttype']= "F";
189
- // #12 FeedFetcher Google
190
- } elseif (preg_match("#$#",$agent,$match)>0) {
191
- $top_ua['name'] = "FeedFetcher Google";
192
- $top_ua['version']=$match[1];
193
- $top_ua['agenttype']= "F";
194
- // #13 Baidus Spider
195
- } elseif (preg_match("#$#",$agent,$match)>0) {
196
- $top_ua['name'] = "Baidus";
197
- $top_ua['version']=$match[1];
198
- $top_ua['agenttype']= "R";
199
- */
200
  if ($debug_mode) {
201
  echo "<br />\nuadetector: top_ua->name=".$top_ua['name']; //debug
202
  }
@@ -207,12 +191,11 @@ class UADetector {
207
  //##detect browsers
208
  $browser = array('name'=>"",'version'=>"",'os'=>"",'platform'=>"",'language'=>"",'agenttype'=>"B",'resolution'=>"");
209
  $wap = false;
210
- //Find MSIE browsers
211
  if (preg_match("/compatible(?:;|\s)+MSIE\s(\d+)(\.\d+)+(.*)/",$ua,$pcs)>0) {
212
  $browser['name'] = "IE";
213
  $browser['version'] = $pcs[1];
214
  $iestring = $pcs[3];
215
-
216
  //differentiate IE from IE-based/IE-masked browsers or spiders
217
  if (preg_match("/\s(AOL|America\sOnline\sBrowser)\s(\d+)(\.\d+)*/",$iestring,$pcs)>0) {
218
  $browser['name'] = "AOL";
@@ -231,15 +214,9 @@ class UADetector {
231
  $browser['version'] = $pcs[1];
232
  $browser['os'] = "WinCE";
233
  $browser['platform'] = "WAP";
234
-
235
- //Some spiders mask as IE browser
236
- } elseif (preg_match("#([a-z]+(?:-|_|\s)?(?:bot|crawler|spider|reader))[^a-z](\d+(?:\.\d+)*)?#i",$ua,$pcs)>0) {
237
- $browser['name'] = $pcs[1];
238
- $browser['version'] = $pcs[2];
239
- $browser['agenttype']= "R";
240
  }
241
 
242
- //Find Opera browsers
243
  } elseif (preg_match("#Opera\sMini[/ ]([0-9\.]+)#",$ua,$pcs)>0) {
244
  $browser['name'] = "Opera Mini";
245
  $browser['version'] = $pcs[1];
@@ -247,11 +224,11 @@ class UADetector {
247
  $browser['name'] = "Opera";
248
  $browser['version'] = $pcs[1];
249
 
250
- //Find firefox-based browsers (Camino, Flock) before Firefox
251
  } elseif (preg_match("#[^a-z](Flock|Camino)/(\d+[\.0-9a-z]*)#",$ua,$pcs)>0) {
252
  $browser['name'] = $pcs[1];
253
  $browser['version'] = $pcs[2];
254
- //Find other Gecko-type browsers (incl. Firefox)
255
  } elseif (preg_match("#Gecko/\d+\s([a-z0-9_\- ]+)/(\d+[\.0-9a-z]*)(?:$|;?\s([a-z0-9_\- ]+)/(\d+[\.0-9a-z]*))#i",$ua,$pcs)>0) {
256
  $browser['name'] = $pcs[1];
257
  $browser['version'] = $pcs[2];
@@ -261,15 +238,20 @@ class UADetector {
261
  } elseif (stristr($pcs[1],"Firefox")!==false) {
262
  $browser['name'] = "Firefox";
263
  }
264
- //Find Firefox browser
265
- } elseif (preg_match("#[^a-z]Firefox/(\d+[\.0-9a-z]*)#",$ua,$pcs)>0) {
266
- $browser['name'] = "Firefox";
267
- $browser['version'] = $pcs[1];
268
- //assume Firefox if user agent ends with Gecko only
269
- } elseif (preg_match("#[^a-z]Gecko/\d+$#",$ua,$pcs)>0) {
270
  $browser['name'] = "Firefox";
 
 
 
 
 
 
 
 
 
271
 
272
- //Find NetFront and other mobile/embedded browsers
273
  } elseif (preg_match("#(NetFront|NF-Browser)/([0-9\.]+)#i",$ua,$pcs)) {
274
  $browser['name'] = "NetFront";
275
  $browser['version'] = $pcs[2];
@@ -282,7 +264,7 @@ class UADetector {
282
  $browser['name'] = "UP.Browser";
283
  $browser['version'] = $pcs[2];
284
  $browser['platform'] = "WAP"; //mobile device
285
- //Find unknown browsers that use the word "browser" in agent
286
  } elseif (preg_match("#([a-z0-9]+)[\- _\.]Browser[/ v\.]*([0-9\.]+)?#i",$ua,$pcs)) {
287
  $browser['name'] = $pcs[1];
288
  if (!empty($pcs[2])) {
@@ -294,7 +276,7 @@ class UADetector {
294
 
295
  //##detect mobile/embedded devices
296
  //known mobile devices...
297
- if (preg_match('#(amoi|htc|ipaq|kindle|kwc|lge|mobilephone|motorola|nokia|PDA|Palm|Samsung|sanyo|smartphone|SonyEricsson|vodafone)[/-_ ]?([a-z]*\d+[a-z]*)*#i',$ua,$pcs)>0) {
298
  $browser['platform'] = "WAP";
299
  $browser['device'] = $pcs[1];
300
  if (!empty($pcs[2])) {
@@ -304,7 +286,15 @@ class UADetector {
304
  $browser['device'] == "Kyocera phone";
305
  $browser['model'] == $pcs[0];
306
  }
307
- //check if browser header has mobile user-agent profile
 
 
 
 
 
 
 
 
308
  } elseif ($ua == $_SERVER['HTTP_USER_AGENT']) {
309
  $header_profile =array('X_WAP_PROFILE','PROFILE','13_PROFILE','56_PROFILE');
310
  foreach ($header_profile AS $wap_profile) {
@@ -317,11 +307,26 @@ class UADetector {
317
  if ($wap && empty($browser['platform'])) { //is mobile device
318
  $browser['platform'] = "WAP";
319
  }
320
- } elseif (preg_match('#(J2ME/MIDP|Profile/MIDP|Danger\sHiptop)#i',$ua)>0) {
321
- $browser['platform'] = "WAP";
322
  }
323
 
324
- //get browser operating systems
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
325
  if (empty($browser['os']) && !empty($browser['name']) && $browser['agenttype']=="B") {
326
  list($browser['os'],$platform) = $this->OSversion($browser['os'],$browser['platform'],$ua);
327
  if (!empty($platform) && empty($browser['platform'])) {
@@ -329,29 +334,75 @@ class UADetector {
329
  }
330
  }
331
 
332
- //some mobile/embedded devices give screen dimensions in agent
333
  if (preg_match("#screen(?:res)?[ -/](\d{3,4}[x*]\d{3,4})#",$ua,$pcs)>0) {
334
  $browser['resolution'] = str_replace('*','x',$pcs[1]);
335
  } elseif (($browser['platform']=="WAP" || $browser['os']=="WAP") && preg_match("#[ ;](\d{3,4}x\d{3,4})([;)x ]|$)#",$ua,$pcs)>0) {
336
  $browser['resolution'] = $pcs[1];
337
  }
338
 
339
- if (!empty($browser['name']) && $browser['agenttype'] == "B" ) {
340
  $browser['language'] = $this->detectLanguage($ua);
341
  }
342
  return $browser;
343
  } //end function detectBrowser
344
 
345
  function detectSpider($ua) {
346
- $spider = array('name'=>"",'version'=>"",'os'=>"",'platform'=>"",'language'=>"",'agenttype'=>"R");
347
- // #FriendFeedBot
348
  if (preg_match("#^Mozilla/\d\.\d\s\(compatible;\sFriendFeedBot/([0-9.]+);\s\+Http\://friendfeed\.com/about/bot\)$#",$ua,$match)>0) {
349
  $spider['name'] = "FriendFeedBot";
350
  $spider['version']=$match[1];
351
  $spider['agenttype']= "F";
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
352
  }
353
- if (!empty($spider['name'])) { return $spider; }
354
- else { return false; }
355
  } //end function detectSpider
356
 
357
  /* determine operating system and platform from string, $os or $ua
@@ -504,16 +555,16 @@ class UADetector {
504
  $crawler="";
505
  //## Find obvious script injection bots
506
  if (stristr('location.href',$ua)!==FALSE) {
507
- $crawlertype = "spammer";
508
- $crawler = "Script Injection bot";
509
- } elseif (preg_match('/(<|&lt;|&#60;)a( |%20|&#32;|\+)href/i',$ua)>0) {
510
- $crawlertype = "spammer";
511
  $crawler = "Script Injection bot";
512
  } elseif (preg_match('/(<|&lt;|&#60;)script/i',$ua)>0) {
513
- $crawlertype = "spammer";
 
 
 
514
  $crawler = "Script Injection bot";
515
- } elseif (preg_match('/select*( |%20|+|%#32;)from( |%20|+|%#32;)wp_/i',$ua)>0) {
516
- $crawlertype = "hacker";
517
  $crawler = "Script Injection bot";
518
  }
519
 
24
  var $browscap;
25
  var $agenttype; //B=Browser, F=feed reader, H=harvester bot,
26
  //M=monitor/piracy checker bot, R=archiver/search engine robot,
27
+ //S=Spammer/Script injection bot, V=Validator (Link/CSS/Html)
28
+ var $subscribers; //feed subscribers, if given in user-agent
29
  var $agent;
30
 
31
  /* constructor */
79
  $os="";
80
  $top_ua = array('name'=>"",'version'=>"",'os'=>"",'platform'=>"",'language'=>"",'agenttype'=>"");
81
  // #1 Googlebot
82
+ if (preg_match("#^Mozilla/\d\.\d\s\(compatible;\sGooglebot/(\d\.\d);[\s\+]+http\://www\.google\.com/bot\.html\)$#i",$agent,$match)>0) {
83
  $top_ua['name'] = "Googlebot";
84
  $top_ua['version']=$match[1];
85
  $top_ua['agenttype']= "R";
181
  $top_ua['language']=$match[3];
182
  $top_ua['agenttype']= "B";
183
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
184
  if ($debug_mode) {
185
  echo "<br />\nuadetector: top_ua->name=".$top_ua['name']; //debug
186
  }
191
  //##detect browsers
192
  $browser = array('name'=>"",'version'=>"",'os'=>"",'platform'=>"",'language'=>"",'agenttype'=>"B",'resolution'=>"");
193
  $wap = false;
194
+ //MSIE browsers
195
  if (preg_match("/compatible(?:;|\s)+MSIE\s(\d+)(\.\d+)+(.*)/",$ua,$pcs)>0) {
196
  $browser['name'] = "IE";
197
  $browser['version'] = $pcs[1];
198
  $iestring = $pcs[3];
 
199
  //differentiate IE from IE-based/IE-masked browsers or spiders
200
  if (preg_match("/\s(AOL|America\sOnline\sBrowser)\s(\d+)(\.\d+)*/",$iestring,$pcs)>0) {
201
  $browser['name'] = "AOL";
214
  $browser['version'] = $pcs[1];
215
  $browser['os'] = "WinCE";
216
  $browser['platform'] = "WAP";
 
 
 
 
 
 
217
  }
218
 
219
+ //Opera browsers
220
  } elseif (preg_match("#Opera\sMini[/ ]([0-9\.]+)#",$ua,$pcs)>0) {
221
  $browser['name'] = "Opera Mini";
222
  $browser['version'] = $pcs[1];
224
  $browser['name'] = "Opera";
225
  $browser['version'] = $pcs[1];
226
 
227
+ //Firefox-based browsers (Camino, Flock) (find before FF)
228
  } elseif (preg_match("#[^a-z](Flock|Camino)/(\d+[\.0-9a-z]*)#",$ua,$pcs)>0) {
229
  $browser['name'] = $pcs[1];
230
  $browser['version'] = $pcs[2];
231
+ //other Gecko-type browsers (incl. Firefox)
232
  } elseif (preg_match("#Gecko/\d+\s([a-z0-9_\- ]+)/(\d+[\.0-9a-z]*)(?:$|;?\s([a-z0-9_\- ]+)/(\d+[\.0-9a-z]*))#i",$ua,$pcs)>0) {
233
  $browser['name'] = $pcs[1];
234
  $browser['version'] = $pcs[2];
238
  } elseif (stristr($pcs[1],"Firefox")!==false) {
239
  $browser['name'] = "Firefox";
240
  }
241
+ //Firefox browser
242
+ } elseif (preg_match("#[^a-z]Firefox/?(\d+[\.0-9a-z]*)?#",$ua,$pcs)>0) {
 
 
 
 
243
  $browser['name'] = "Firefox";
244
+ if (!empty($pcs[1])) {
245
+ $browser['version'] = $pcs[1];
246
+ }
247
+ //Mozilla browser (like FF, but user agent ends with Gecko)
248
+ } elseif (preg_match("#(?:rv\:(\d[\.0-9a-z]+))\)?[^a-z]Gecko/\d+$#",$ua,$pcs)>0) {
249
+ $browser['name'] = "Mozilla";
250
+ if (!empty($pcs[1])) {
251
+ $browser['version'] = $pcs[1];
252
+ }
253
 
254
+ //NetFront and other mobile/embedded browsers
255
  } elseif (preg_match("#(NetFront|NF-Browser)/([0-9\.]+)#i",$ua,$pcs)) {
256
  $browser['name'] = "NetFront";
257
  $browser['version'] = $pcs[2];
264
  $browser['name'] = "UP.Browser";
265
  $browser['version'] = $pcs[2];
266
  $browser['platform'] = "WAP"; //mobile device
267
+ //Any browser that use the word "browser" in agent
268
  } elseif (preg_match("#([a-z0-9]+)[\- _\.]Browser[/ v\.]*([0-9\.]+)?#i",$ua,$pcs)) {
269
  $browser['name'] = $pcs[1];
270
  if (!empty($pcs[2])) {
276
 
277
  //##detect mobile/embedded devices
278
  //known mobile devices...
279
+ if (preg_match('#(amoi|blackberry|htc|ipaq|kindle|kwc|lge|mobilephone|motorola|nokia|PDA|Palm|Samsung|sanyo|smartphone|SonyEricsson|vodafone)[/-_ ]?([a-z]*\d+[a-z]*)*#i',$ua,$pcs)>0) {
280
  $browser['platform'] = "WAP";
281
  $browser['device'] = $pcs[1];
282
  if (!empty($pcs[2])) {
286
  $browser['device'] == "Kyocera phone";
287
  $browser['model'] == $pcs[0];
288
  }
289
+ if (empty($browser['name'])) {
290
+ $browser['name'] = $pcs[1];
291
+ }
292
+
293
+ //check if user-agent has mobile profile
294
+ } elseif (preg_match('#(J2ME/MIDP|Profile/MIDP|Danger\sHiptop)#i',$ua)>0) {
295
+ $browser['platform'] = "WAP";
296
+
297
+ //check if browser header has mobile profile
298
  } elseif ($ua == $_SERVER['HTTP_USER_AGENT']) {
299
  $header_profile =array('X_WAP_PROFILE','PROFILE','13_PROFILE','56_PROFILE');
300
  foreach ($header_profile AS $wap_profile) {
307
  if ($wap && empty($browser['platform'])) { //is mobile device
308
  $browser['platform'] = "WAP";
309
  }
 
 
310
  }
311
 
312
+ //Some spiders mask as browsers
313
+ if (!empty($browser['name']) && preg_match("#([a-z]+(?:\-|_|\s)?(?:bot|crawler|spider|reader))[^a-z](\d+(?:\.\d+)*)?#i",$ua,$pcs)>0) {
314
+ $browser['name'] = $pcs[1];
315
+ if (!empty($pcs[2])) $browser['version'] = $pcs[2];
316
+ $browser['agenttype']= "R";
317
+
318
+ //simple alphanumeric strings are usually a crawler
319
+ } elseif (empty($browser['name']) && preg_match("#^([a-z]+[\s_]?[a-z]*)[\-/]?([0-9\.]+)*$#",$ua,$pcs)>0) {
320
+ $browser['name']=trim($pcs[1]);
321
+ if (!empty($pcs[2])) {
322
+ $browser['version']=$pcs[2];
323
+ }
324
+ if (empty($browser['os']) && $browser['platform'] != "WAP" ) {
325
+ $browser['agenttype']= "R";
326
+ }
327
+ }
328
+
329
+ //get operating systems
330
  if (empty($browser['os']) && !empty($browser['name']) && $browser['agenttype']=="B") {
331
  list($browser['os'],$platform) = $this->OSversion($browser['os'],$browser['platform'],$ua);
332
  if (!empty($platform) && empty($browser['platform'])) {
334
  }
335
  }
336
 
337
+ //mobile/embedded devices sometimes give screen res. in UA
338
  if (preg_match("#screen(?:res)?[ -/](\d{3,4}[x*]\d{3,4})#",$ua,$pcs)>0) {
339
  $browser['resolution'] = str_replace('*','x',$pcs[1]);
340
  } elseif (($browser['platform']=="WAP" || $browser['os']=="WAP") && preg_match("#[ ;](\d{3,4}x\d{3,4})([;)x ]|$)#",$ua,$pcs)>0) {
341
  $browser['resolution'] = $pcs[1];
342
  }
343
 
344
+ if ( $browser['agenttype'] == "B" ) {
345
  $browser['language'] = $this->detectLanguage($ua);
346
  }
347
  return $browser;
348
  } //end function detectBrowser
349
 
350
  function detectSpider($ua) {
351
+ $spider = array('name'=>"",'version'=>"",'os'=>"",'platform'=>"",'language'=>"",'agenttype'=>"R",'subscribers'=>"");
352
+ // #11 FriendFeedBot
353
  if (preg_match("#^Mozilla/\d\.\d\s\(compatible;\sFriendFeedBot/([0-9.]+);\s\+Http\://friendfeed\.com/about/bot\)$#",$ua,$match)>0) {
354
  $spider['name'] = "FriendFeedBot";
355
  $spider['version']=$match[1];
356
  $spider['agenttype']= "F";
357
+
358
+ // #12 FeedFetcher Google
359
+ } elseif (preg_match("#^Feedfetcher\-Google[;\s\(\+]+http://www.google.com/feedfetcher\.html[;\)\s]+(?:(\d)\ssubscriber)?#",$ua,$match)>0) {
360
+ $spider['name'] = "FeedFetcher-Google";
361
+ if (!empty($match[1])) {
362
+ $spider['subscribers']= $match[1];
363
+ }
364
+ $spider['agenttype']= "F";
365
+
366
+ // #Assume bot if user-agent 1st word and a contact domain are the same name, ex: Feedburner-feedburner.com, CazoodleBot,
367
+ //} elseif (preg_match('/^(([a-z]+)\s?(?:bot|crawler|robot|spider)?)[\/\-\s]([0-9\.]+)?.*http.*[^a-z](?:\1|\2)\.(?:com|net|org|html?)/i',$ua,$match)>0) {
368
+ //} elseif (preg_match('/^(([a-z]+)\s?(?:bot|crawler|robot|spider|parser|reader)?).*(?:[\/\-\sv]+([0-9\.]+))?[^a-z]*http.*[^a-z]+(?:\1|\2)(?:\.[a-z]+)?\.(?:com|net|org|html?|aspx?|[a-z]{2})/i',$ua,$match)>0) {
369
+ } elseif (preg_match('/^(?:Mozilla\/.*compatible[^a-z]*)?(([a-z]{3,})[\-\s_]?(?:bot|crawler|robot|spider|parser|reader)?[a-z]*)[^a-z^0-9]+v?\s?([0-9\.]+)?.*[^a-z]+http.*[^a-z]+(?:\2|\3)(?:\.[a-z]+)?\.(?:com|net|org|html?|aspx?|[a-z]{2})/i',$ua,$match)>0) {
370
+ $spider['name'] = $match[1];
371
+ if (!empty($match[3])) {
372
+ $spider['version'] = $match[3];
373
+ }
374
+ // #Assume bot if user-agent 1st word and contact email are the same, ex:
375
+ } elseif (preg_match('/^(([a-z]+)\s?(?:bot|crawler|robot|spider)?)[\/\-\s]([0-9\.]+)?[^a-z]+(?:\1|\2)\@[a-z\-_]+\.(?:com|net|org)/i',$ua,$match)>0) {
376
+ $spider['name'] = $match[1];
377
+ if (!empty($match[3])) {
378
+ $spider['version'] = $match[3];
379
+ }
380
+ // #Assume bot if one-word user-agent. ex:
381
+
382
+ /* // #Yahoo spiders
383
+ } elseif (preg_match("#$#",$ua,$match)>0) {
384
+ */
385
+ } else { //check for script injection bots
386
+ $spambot = $this->detectSpambot($ua);
387
+ if (!empty($spambot[0])) {
388
+ $spider['name'] = $spambot[0];
389
+ $spider['agenttype']= $spambot[1];
390
+ }
391
+ }
392
+ if (!empty($spider['name'])) {
393
+ //distinguish feed readers from other spiders
394
+ if (empty($spider['subscribers']) && preg_match("/([0-9]{1,10})\s?subscriber/i",$ua,$subscriber) > 0) {
395
+ // It's a feedreader with some subscribers
396
+ $spider['subscribers'] = $subscriber[1];
397
+ $spider['agenttype']= "F";
398
+ }
399
+ if ($spider['agenttype'] != "F" && preg_match("/(feed|rss)/i",$ua)>0) {
400
+ $spider['agenttype']= "F";
401
+ }
402
+ return $spider;
403
+ } else {
404
+ return false;
405
  }
 
 
406
  } //end function detectSpider
407
 
408
  /* determine operating system and platform from string, $os or $ua
555
  $crawler="";
556
  //## Find obvious script injection bots
557
  if (stristr('location.href',$ua)!==FALSE) {
558
+ $crawlertype = "S";
 
 
 
559
  $crawler = "Script Injection bot";
560
  } elseif (preg_match('/(<|&lt;|&#60;)script/i',$ua)>0) {
561
+ $crawlertype = "S";
562
+ $crawler = "Script Injection bot";
563
+ } elseif (preg_match('/(<|&lt;|&#60;)a(\s|%20|&#32;|\+)+href/i',$ua)>0) {
564
+ $crawlertype = "S";
565
  $crawler = "Script Injection bot";
566
+ } elseif (preg_match('/select.*( |%20|%#32;|\+)from( |%20|%#32;|\+)wp_/i',$ua)>0) {
567
+ $crawlertype = "S";
568
  $crawler = "Script Injection bot";
569
  }
570
 
readme.txt CHANGED
@@ -4,7 +4,7 @@ Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=michele%
4
  Tags: tracker, tracking, statistics, analyze, web, realtime, stats, ajax, visitors, visits, online users, details, seo, admin, spy, visitors, widgets, widget, sidebar
5
  Requires at least: 2.2
6
  Tested up to: 2.7 - 2.6.* - 2.5.* - 2.3.2 - 2.3.1 - 2.3 - 2.2
7
- Stable tag: 1.7
8
 
9
  Analyze your visitors traffic with real time statistics, chart, a lot of chronological information and a sidebar Widget.
10
 
4
  Tags: tracker, tracking, statistics, analyze, web, realtime, stats, ajax, visitors, visits, online users, details, seo, admin, spy, visitors, widgets, widget, sidebar
5
  Requires at least: 2.2
6
  Tested up to: 2.7 - 2.6.* - 2.5.* - 2.3.2 - 2.3.1 - 2.3 - 2.2
7
+ Stable tag: 1.7.1
8
 
9
  Analyze your visitors traffic with real time statistics, chart, a lot of chronological information and a sidebar Widget.
10
 
wassup.php CHANGED
@@ -3,8 +3,8 @@
3
  Plugin Name: WassUp
4
  Plugin URI: http://www.wpwp.org
5
  Description: Wordpress plugin to analyze your visitors traffic with real time stats, chart and a lot of chronological informations. It has sidebar Widget support to show current online visitors and other statistics.
6
- Version: 1.7
7
- Author: Michele Marcucci, Helene D
8
  Author URI: http://www.michelem.org/
9
 
10
  Copyright (c) 2007 Michele Marcucci
@@ -16,7 +16,7 @@ http://www.gnu.org/licenses/gpl.txt
16
  if (preg_match('#'.basename(__FILE__) .'#', $_SERVER['PHP_SELF'])) {
17
  die('Permission Denied! You are not allowed to call this page directly.');
18
  }
19
- $version = "1.7";
20
  $debug_mode=false; //turn on debugging (global)
21
  define('WASSUPFOLDER', dirname(plugin_basename(__FILE__)), TRUE);
22
  $wassupdir = dirname(__FILE__);
@@ -43,11 +43,6 @@ global $wp_version, $current_user;
43
  //#This works only in WP2.2 or higher
44
  if (version_compare($wp_version, '2.2', '<')) {
45
  wp_die( '<strong style="color:#c00;background-color:#dff;padding:5px;">'.__("Sorry, Wassup requires WordPress 2.2 or higher to work","wassup").'.</strong>');
46
- /* //commented out because could slow down Wordpress
47
- *} elseif (function_exists('wp_cache_flush')) {
48
- * //clear the WP cache
49
- * wp_cache_flush();
50
- */
51
  }
52
  //#add initial options and create table when Wassup activated
53
  // -Helene D. 2/26/08.
@@ -179,8 +174,9 @@ function wassup_uninstall() {
179
  } //#end function wassup_uninstall
180
 
181
  function wassup_meta_info() {
182
- global $version;
183
- print '<meta name="wassup-version" content="'.$version.'" />'."\n";
 
184
  //
185
  //Get visitor's screen resolution using javascript and a cookie.
186
  // - Added here so "wp_head" hook will insert the code to read this
@@ -225,6 +221,7 @@ function wassup_meta_info() {
225
  //]]>
226
  </script>
227
  <?php
 
228
  } //end function wassup_meta_info
229
 
230
  //# Wassup init hook actions performed before headers are sent:
@@ -234,14 +231,15 @@ function wassup_meta_info() {
234
  function wassup_init() {
235
  global $wpurl;
236
 
237
- //block any obvious sql injection attempts via WassUp -Helene D. 2009-04-04
238
- if (preg_match("#[&?].+=.*(select|delete|update|alter|drop|create)[ %&].*(?:from)?.*wp_\w+.*#i",str_replace(array('\\','&#92;','"','&#34;','&quot','&#39;','\'','`','&#96;'),'',$_SERVER['REQUEST_URI']))>0) {
239
- header("HTTP/1.1 403 Forbidden");
240
- wp_die('Illegal request - Permission Denied!');
241
- }
242
-
243
  //### Add wassup scripts to Wassup Admin pages...
244
  if (stristr($_GET['page'],'wassup') !== FALSE) {
 
 
 
 
 
 
 
245
  if ( function_exists('wp_deregister_script')) {
246
  //removes old jquery vers.
247
  wp_deregister_script('jquery');
@@ -278,31 +276,32 @@ function wassup_init() {
278
  function add_wassup_css() {
279
  global $wpurl, $wassup_options, $whash, $debug_mode;
280
 
281
- //assign a value to whash, if none
282
- if ($whash == "") {
283
- $whash = $wassup_options->get_wp_hash();
284
- $wassup_options->whash = $whash; //save new hash
285
- $wassup_options->saveSettings();
286
- }
287
- //preassign "GET" parameters for "action.php" in "action_param"
288
- $action_param='&whash='.$wassup_options->whash;
289
- if ($debug_mode) {
290
- $action_param .= '&debug_mode=true';
291
- }
292
- //Important Note: In WordPress 2.6+ "/wp-content/" can be located
293
- // outside of Wordpress' install directory (not in a subdirectory)
294
- // In this configuration, "action.php" will not run without the
295
- // additional GET parameter, "wpabspath=ABSPATH"
296
- if (defined('WP_CONTENT_DIR') && strpos(WP_CONTENT_DIR,ABSPATH)===FALSE) {
297
- // wpabspath is encoded to hide real directory path from
298
- // users and to improve security
299
- $action_param .= '&wpabspath='.urlencode(base64_encode(ABSPATH));
300
- }
301
-
302
  $plugin_page = attribute_escape($_GET['page']);
303
  if (stristr($plugin_page,'wassup') !== FALSE) { $plugin_page="wassup"; }
304
  //Add css and javascript to wassup menu pages only...
305
  if ($plugin_page == "wassup") {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
306
  echo "\n".'<script type="text/javascript">var tb_pathToImage = "'.WASSUPURL.'/thickbox/loadingAnimation.gif";</script>';
307
  echo "\n".'<link rel="stylesheet" href="'.WASSUPURL.'/thickbox/thickbox.css'.'" type="text/css" />';
308
  echo "\n".'<link rel="stylesheet" href="'.WASSUPURL.'/ui.tabs.css'.'" type="text/css" />';
@@ -491,7 +490,7 @@ if ($_GET['page'] == "wassup-options") {
491
  limit: 10,
492
  fadeLast: 5,
493
  ajax: '<?php echo WASSUPURL."/lib/action.php?action=spy&spytype=".$spytype.$action_param; ?>',
494
- timeout: 2000,
495
  'timestamp': myTimestamp,
496
  fadeInSpeed: 1100 });
497
  });
@@ -587,7 +586,6 @@ function WassUp() {
587
  if ((int)$_POST['wassup_chart_type'] == 0) { //no chart
588
  $wassup_options->wassup_chart = "0";
589
  }
590
- $wassup_options->wassup_debug_mode = $_POST['wassup_debug_mode'];
591
  $wassup_options->wassup_loggedin = $_POST['wassup_loggedin'];
592
  $wassup_options->wassup_admin = $_POST['wassup_admin'];
593
  $wassup_options->wassup_spider = $_POST['wassup_spider'];
@@ -914,9 +912,9 @@ function WassUp() {
914
 
915
  <?php // HERE IS THE OPTIONS VIEW
916
  } elseif($_GET['page'] == "wassup-options") { ?>
917
- <h2>Wassup - <?php _e('Options','wassup'); ?></h2>
918
  <p><?php _e('You can add a sidebar Widget with some useful statistics information by activating the','wassup'); ?>
919
- <a href="<?php echo get_option('siteurl'); ?>/wp-admin/widgets.php"><?php _e('Wassup Widget in the Widgets menu option','wassup'); ?></a>.</p>
920
  <?php //#moved content to external include file, "settings.php"
921
  //# to make "wassup" code easier to read and modify
922
  //# -Helene D. 1/15/08.
@@ -1283,7 +1281,7 @@ function WassUp() {
1283
  <li><?php echo __("IP","wassup").': <span class="raw">'.$rk->ip.'</span>'; ?></li>
1284
  <li><?php echo __("Hostname","wassup").': <span class="raw">'.$hostname.'</span>'; ?></li>
1285
  <li><?php echo __("Url Requested","wassup").': <span class="raw">'.attribute_escape(htmlspecialchars(html_entity_decode($rk->urlrequested))).'</span>'; ?></li>
1286
- <li><?php echo __("User Agent","wassup").': <span class="raw">'.attribute_escape($rk->agent).'</span>'; ?></li>
1287
  <li><?php echo __("Referrer","wassup").': <span class="raw">'.attribute_escape(urldecode($rk->referrer)).'</span>'; ?></li>
1288
  <?php if ($rk->search != "") { ?>
1289
  <li><?php echo __("Search Engine","wassup").': <span class="raw">'.$rk->searchengine.'</span> &nbsp; &nbsp; ';
@@ -1459,7 +1457,9 @@ function WassUp() {
1459
  <ul class="url">
1460
  <?php
1461
  if ($numurl > 1) {
1462
- $qryCD = $wpdb->get_results("SELECT `timestamp`, urlrequested FROM $table_name WHERE wassup_id='".$rk->wassup_id."' ORDER BY `timestamp`");
 
 
1463
  $i=1;
1464
  $char_len = round($max_char_len*.92,0);
1465
  foreach ($qryCD as $cd) {
@@ -1590,6 +1590,7 @@ function CreateTable($table_name="",$withcharset=true) {
1590
  INDEX (timestamp),
1591
  INDEX (username(20),ip)
1592
  ) $charset_collate;";
 
1593
  if (file_exists(ABSPATH . 'wp-admin/includes/upgrade.php')) {
1594
  require_once(ABSPATH . 'wp-admin/includes/upgrade.php');
1595
  } else { //deprecated since 2.5
@@ -1673,7 +1674,7 @@ function UpdateTable() {
1673
  //...could take a long time, so run in background if window times out
1674
  ignore_user_abort(1);
1675
  $wpdb->query("ALTER TABLE {$table_name} ADD INDEX idx_wassup (wassup_id(32),timestamp)");
1676
- echo "\n<!-- heartbeat -->"; //no output during install
1677
  $wpdb->query("ALTER TABLE {$table_name} ADD INDEX idx_w_os (os)");
1678
  $wpdb->query("ALTER TABLE {$table_name} ADD INDEX idx_w_browser (browser)");
1679
  echo "\n<!-- heartbeat -->";
@@ -1687,7 +1688,7 @@ function UpdateTable() {
1687
  //create wassuptmp table... (like wassup table)
1688
  mysql_query("DROP TABLE IF EXISTS {$table_tmp_name}");
1689
  if (!$wpdb->query("CREATE TABLE $table_tmp_name LIKE {$table_name}")) {
1690
- //"like" not understood by old versions of MySQL (pre 4.1)?
1691
  createTable($table_tmp_name);
1692
  }
1693
 
@@ -1854,11 +1855,6 @@ function wassupAppend() {
1854
  //Record non-admin page visits and or hack attempts
1855
  if ((!is_admin() && stristr($urlRequested,"/wp-admin/")===FALSE && stristr($urlRequested,"/wp-includes/")===FALSE) || $hackercheck) {
1856
  //TODO: store wordpress post-id/category-id/tag-id for page
1857
- if (isset($wp_query->post->ID)) {
1858
- $url_wpid = $wp_query->post->post_type."-".$wp_query->post->ID; //debug
1859
- //var_dump($url_wpid); //debug
1860
- }
1861
- //var_dump($wp_query); //debug
1862
 
1863
  //## Exclude users and urls on exclusion list...
1864
  $exclude_visit = false;
@@ -2028,11 +2024,10 @@ function wassupAppend() {
2028
  //retrieve previous spam check results
2029
  $spamresult = $recent[0]->spam;
2030
 
2031
- // check for screen resolution and update, if not recorded
2032
  if (empty($recent[0]->screen_res) && !empty($screen_res)) {
2033
  $wpdb->query("UPDATE $table_name SET screen_res = '$screen_res' WHERE wassup_id = '$wassup_id' AND screen_res = ''");
2034
- }
2035
-
2036
  //get previously recorded settings for this visitor to
2037
  // avoid redundant tests
2038
  if ($dup_urlrequest == 0) {
@@ -2080,7 +2075,13 @@ function wassupAppend() {
2080
  } else {
2081
  $spider = $ua->name;
2082
  if ($ua->agenttype == "F") {
2083
- $feed = $spider;
 
 
 
 
 
 
2084
  }
2085
  }
2086
  $os = $ua->os;
@@ -2098,7 +2099,7 @@ function wassupAppend() {
2098
  // spiders. -Helene D.
2099
  $spider_hosts='/^(65\.55\.\d{3}.\d{1,3}|.*\.crawl\.yahoo\.net|msnbot.*\.search\.msn\.com)$/';
2100
  if (empty($browser) || strstr($browser,'N/A') || empty($os) || preg_match($spider_hosts,$hostname)>0 || preg_match("#\s?([a-z]+(?:bot|crawler|spider|reader))[^a-z]#i",$userAgent)>0 || $urlRequested == "robots.txt" || is_feed()) {
2101
- list($spider,$spidertype,$feed) = wGetSpider($userAgent,$hostname,$browser);
2102
  //it's a browser
2103
  if ($spidertype == "B" && !strstr($urlRequested,"robots.txt") ) {
2104
  if (empty($browser)) {
@@ -2123,11 +2124,11 @@ function wassupAppend() {
2123
  if ( $wassup_options->wassup_refspam == 1 && !empty($referrer) ) {
2124
  //#...skip if referrer is own blog
2125
  if (stristr($referrer,$wpurl) === FALSE && stristr($referrer,$siteurl) === FALSE) {
2126
- // Do a control if it is Referrer Spam
2127
- if (wGetSpamRef($referrer) == 1) {
2128
- $spam = 2;
2129
- $spamresult = $spam;
2130
- }
2131
  }
2132
  }
2133
 
@@ -2150,6 +2151,8 @@ function wassupAppend() {
2150
  //# there is a comment or forum page request...
2151
  } elseif (empty($spider) || !$goodbot || stristr($urlRequested,"comment") !== FALSE || stristr($urlRequested,"forum") !== FALSE || !empty($comment_user) ) {
2152
 
 
 
2153
  // Try to search for previous spammer detected by akismet with same IP
2154
  $spammerIP = 0;
2155
  if (!empty($ipAddress)) {
@@ -2158,7 +2161,11 @@ function wassupAppend() {
2158
  $spammerIP = $checkauthor->isSpammer($ipAddress);
2159
  if ($spammerIP > 0) { //is previous comment spam
2160
  $spam = 1;
2161
- $spamresult = $spam;
 
 
 
 
2162
  }
2163
 
2164
  }
@@ -2166,15 +2173,16 @@ function wassupAppend() {
2166
  if ($spam == 0 && !empty($hostname) && $hostname != "unknown") {
2167
  if (wGetSpamRef($hostname) == 1) {
2168
  $spam = 1;
2169
- $spamresult = $spam;
2170
  }
2171
  }
2172
 
2173
  //#lastly check for comment spammers using Akismet API
2174
  //# Note: this may cause "header already sent" errors in some Wordpress configurations
2175
- $akismet_key = get_option('wordpress_api_key');
2176
- $akismet_class = dirname(__FILE__).'/lib/akismet.class.php';
2177
- if ($spam == 0 && !empty($akismet_key) && file_exists($akismet_class)) {
 
2178
  // load array with comment data
2179
  $comment_user_email = (!empty($_COOKIE['comment_author_email_'.COOKIEHASH])? utf8_encode($_COOKIE['comment_author_email_'.COOKIEHASH]):"");
2180
  $comment_user_url = (!empty($_COOKIE['comment_author_url_'.COOKIEHASH])? utf8_encode($_COOKIE['comment_author_url_'.COOKIEHASH]):"");
@@ -2196,13 +2204,16 @@ function wassupAppend() {
2196
  // Check if it's spam
2197
  if ( $akismet->isSpam() ) {
2198
  $spam = 1;
2199
- $spamresult = $spam;
2200
- }
2201
- //#error means don't save result in cookie
2202
- if($akismet->errorsExist()) {
2203
- unset($spamresult);
 
 
2204
  }
2205
  } //end if !empty(akismet_key)
 
2206
  } //end else empty($spider)
2207
 
2208
  } //end if wassup_spam == 1
@@ -2218,7 +2229,7 @@ function wassupAppend() {
2218
 
2219
  //## Final exclusion control is spam...
2220
  if ($spam == 0 OR ($wassup_options->wassup_spam == 1 AND $spam == 1) OR ($wassup_options->wassup_refspam == 1 AND $spam == 2) OR ($wassup_options->wassup_hack == 1 AND $spam == 3)) {
2221
- if (stristr($urlRequested,"wp-content/plugins") === FALSE) {
2222
  //###More user/referrer details for recording
2223
  //#get language/locale info from hostname or referrer data
2224
  $language = wGetLocale($language,$hostname,$referrer);
@@ -2286,12 +2297,12 @@ function wassupAppend() {
2286
  // Insert the record into the wassup_tmp table too
2287
  insert_into_wp($table_tmp_name, $wassup_rec);
2288
  // Delete records older then 3 minutes
2289
- if (((int)$timestamp)%11 == 0 ) {
2290
  $wpdb->query("DELETE FROM $table_tmp_name WHERE `timestamp`<'".strtotime("-3 minutes", $timestamp)."'");
2291
  }
2292
 
2293
  } //end if $spam == 0
2294
- }
2295
 
2296
  } //end if wassup_spider
2297
  } //end if dup_urlrequest == 0
@@ -2773,13 +2784,13 @@ function wGetSpider($agent="",$hostname="", $browser=""){
2773
  if (stristr('location.href',$ua)!==FALSE) {
2774
  $crawlertype = "H";
2775
  $crawler = "Script Injection bot";
2776
- } elseif (preg_match('/(<|&lt;|&#60;)a( |%20|&#32;|\+)href/i',$ua)>0) {
2777
  $crawlertype = "H";
2778
  $crawler = "Script Injection bot";
2779
  } elseif (preg_match('/(<|&lt;|&#60;)script/i',$ua)>0) {
2780
  $crawlertype = "H";
2781
  $crawler = "Script Injection bot";
2782
- } elseif (preg_match('/select*( |%20|+|%#32;)from( |%20|+|%#32;)wp_/i',$ua)>0) {
2783
  $crawlertype = "H";
2784
  $crawler = "Script Injection bot";
2785
  }
@@ -2818,7 +2829,7 @@ function wGetSpider($agent="",$hostname="", $browser=""){
2818
  }
2819
  }
2820
  //## check browscap data for crawler info., when available
2821
- /* if (empty($crawler) && ini_get("browscap") != "" ) {
2822
  $browsercap = get_browser($ua,true);
2823
  //if no platform(os), assume crawler...
2824
  if (!empty($browsercap['platform'])) {
@@ -2841,7 +2852,7 @@ function wGetSpider($agent="",$hostname="", $browser=""){
2841
  $crawler = "";
2842
  }
2843
  }
2844
- */
2845
  //get crawler info. from a known list of bots and feedreaders that
2846
  // don't list their names first in UA string.
2847
  //Note: spaces are removed from UA string for the bot comparison
@@ -3450,10 +3461,13 @@ function backup_table($table, $segment = 'none') {
3450
 
3451
  //Put a Wassup timestamp in page footer to check if page is cached
3452
  function cache_check() {
3453
- //Output a comment with a current timestamp to verify that page is not cached (i.e. visit is being recorded).
3454
- echo "<!--\n<p> WassUp $version timestamp: ".date('Y-m-d h:i:s T')." </p>\n";
3455
- echo "<small>".__("If above timestamp is not current time, this page is cached","wassup").".</small>\n";
3456
- echo "-->\n";
 
 
 
3457
  }
3458
 
3459
  // START initializing Widget
@@ -3768,27 +3782,31 @@ function wassup_sidebar($before_widget='', $after_widget='', $before_title='', $
3768
  }
3769
 
3770
  if ($wtopbr == 1) {
3771
- $query_topbr = $wpdb->get_results("SELECT count(browser) as top_browser, browser FROM $table_name WHERE browser!='' AND browser NOT LIKE 'N/A%' GROUP BY browser ORDER BY top_browser DESC LIMIT $topbrlimit");
3772
- if (count($query_topbr) > 0) {
3773
- print "$before_title Top Browsers $after_title";
3774
- print "<ul class='$ulclass'>";
3775
- foreach ($query_topbr as $etopbr) {
3776
- print "<li>- ".stringShortener(attribute_escape($etopbr->browser), $chars)."</li>";
 
 
 
 
3777
  }
3778
- print "</ul>";
3779
- }
3780
  }
3781
 
3782
  if ($wtopos == 1) {
3783
- $query_topos = $wpdb->get_results("SELECT count(os) as top_os, os FROM $table_name WHERE os!='' AND os NOT LIKE 'N/A%' GROUP BY os ORDER BY top_os DESC LIMIT $toposlimit");
3784
- if (count($query_topos) > 0) {
3785
- print "$before_title Top OS $after_title";
3786
- print "<ul class='$ulclass'>";
3787
- foreach ($query_topos as $etopos) {
3788
- print "<li>- ".stringShortener(attribute_escape($etopos->os), $chars)."</li>";
 
 
 
 
3789
  }
3790
- print "</ul>";
3791
- }
3792
  }
3793
 
3794
  // Visitors Online
@@ -3819,6 +3837,7 @@ function wassup_sidebar($before_widget='', $after_widget='', $before_title='', $
3819
  print $after_widget;
3820
  } //end function wassup_sidebar
3821
 
 
3822
  if (isset($wassup_options->wassup_dashboard_chart) && $wassup_options->wassup_dashboard_chart == 1) {
3823
 
3824
  if (version_compare($wp_version, '2.7', '<')) {
@@ -3826,19 +3845,123 @@ if (isset($wassup_options->wassup_dashboard_chart) && $wassup_options->wassup_da
3826
  } else {
3827
  // Create the function to output the contents of our Dashboard Widget
3828
  function wassup_dashboard_widget_function() {
3829
- global $wpdb, $wassup_options;
3830
  $table_name = $wpdb->prefix . "wassup";
 
3831
  $to_date = wassup_get_time();
3832
  $chart_type = ($wassup_options->wassup_chart_type >0)? $wassup_options->wassup_chart_type: "2";
3833
  $res = ((int)$wassup_options->wassup_screen_res-160)/2;
3834
  $Chart = New MainItems($table_name,"",$to_date);
3835
- $chart_url = $Chart->TheChart(1, $res, "180", "", $chart_type, "bg,s,00000000", "dashboard"); ?>
 
 
3836
 
3837
- <div class="placeholder" align="center" style="margin:0;">
3838
- <img src="<?php echo $chart_url; ?>" alt="WassUp <?php _e('visitor stats chart','wassup'); ?>"/>
3839
  <p><cite><a href="admin.php?page=<?php echo WASSUPFOLDER; ?>"><?php _e('More Stats','wassup'); ?> &raquo;</a></cite></p>
3840
- </div>
3841
- <?php }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
3842
  // Create the function use in the action hook
3843
  function wassup_add_dashboard_widgets() {
3844
  wp_add_dashboard_widget('wassup_dashboard_widget', 'WassUp Summary', 'wassup_dashboard_widget_function');
3
  Plugin Name: WassUp
4
  Plugin URI: http://www.wpwp.org
5
  Description: Wordpress plugin to analyze your visitors traffic with real time stats, chart and a lot of chronological informations. It has sidebar Widget support to show current online visitors and other statistics.
6
+ Version: 1.7.1
7
+ Author: Michele Marcucci, Helene D.
8
  Author URI: http://www.michelem.org/
9
 
10
  Copyright (c) 2007 Michele Marcucci
16
  if (preg_match('#'.basename(__FILE__) .'#', $_SERVER['PHP_SELF'])) {
17
  die('Permission Denied! You are not allowed to call this page directly.');
18
  }
19
+ $version = "1.7.1";
20
  $debug_mode=false; //turn on debugging (global)
21
  define('WASSUPFOLDER', dirname(plugin_basename(__FILE__)), TRUE);
22
  $wassupdir = dirname(__FILE__);
43
  //#This works only in WP2.2 or higher
44
  if (version_compare($wp_version, '2.2', '<')) {
45
  wp_die( '<strong style="color:#c00;background-color:#dff;padding:5px;">'.__("Sorry, Wassup requires WordPress 2.2 or higher to work","wassup").'.</strong>');
 
 
 
 
 
46
  }
47
  //#add initial options and create table when Wassup activated
48
  // -Helene D. 2/26/08.
174
  } //#end function wassup_uninstall
175
 
176
  function wassup_meta_info() {
177
+ global $wassup_options, $version;
178
+ if ($wassup_options->wassup_active == "1") {
179
+ print '<meta name="wassup-version" content="'.$version.'" />'."\n";
180
  //
181
  //Get visitor's screen resolution using javascript and a cookie.
182
  // - Added here so "wp_head" hook will insert the code to read this
221
  //]]>
222
  </script>
223
  <?php
224
+ } // end if wassup_active == "1"
225
  } //end function wassup_meta_info
226
 
227
  //# Wassup init hook actions performed before headers are sent:
231
  function wassup_init() {
232
  global $wpurl;
233
 
 
 
 
 
 
 
234
  //### Add wassup scripts to Wassup Admin pages...
235
  if (stristr($_GET['page'],'wassup') !== FALSE) {
236
+
237
+ //block any obvious sql injection attempts via WassUp -Helene D. 2009-04-04
238
+ if (preg_match("#[&?].+=.*(select|update|delete|alter|drop|union|create)[ %&].*(?:from)?.*wp_\w+.*#i",str_replace(array('\\','&#92;','"','&#34;','&quot','&#39;','\'','`','&#96;'),'',$_SERVER['REQUEST_URI']))>0) {
239
+ header("HTTP/1.1 403 Forbidden");
240
+ wp_die('Illegal request - Permission Denied!');
241
+ }
242
+
243
  if ( function_exists('wp_deregister_script')) {
244
  //removes old jquery vers.
245
  wp_deregister_script('jquery');
276
  function add_wassup_css() {
277
  global $wpurl, $wassup_options, $whash, $debug_mode;
278
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
279
  $plugin_page = attribute_escape($_GET['page']);
280
  if (stristr($plugin_page,'wassup') !== FALSE) { $plugin_page="wassup"; }
281
  //Add css and javascript to wassup menu pages only...
282
  if ($plugin_page == "wassup") {
283
+ //assign a value to whash, if none
284
+ if ($whash == "") {
285
+ $whash = $wassup_options->get_wp_hash();
286
+ $wassup_options->whash = $whash; //save new hash
287
+ $wassup_options->saveSettings();
288
+ }
289
+ //preassign "GET" parameters for "action.php" in "action_param"
290
+ $action_param='&whash='.$wassup_options->whash;
291
+ if ($debug_mode) {
292
+ $action_param .= '&debug_mode=true';
293
+ }
294
+ //Important Note: In WordPress 2.6+ "/wp-content/" can be
295
+ // located outside of Wordpress' install directory. In
296
+ // this configuration, "action.php" will not run without
297
+ // the additional GET parameter, "wpabspath=ABSPATH"
298
+ if (defined('WP_CONTENT_DIR') && strpos(WP_CONTENT_DIR,ABSPATH)===FALSE) {
299
+ // wpabspath is encoded to hide real directory
300
+ // path from users and to improve security
301
+ $action_param .= '&wpabspath='.urlencode(base64_encode(ABSPATH));
302
+ }
303
+
304
+ //print the css stylesheet and javascripts
305
  echo "\n".'<script type="text/javascript">var tb_pathToImage = "'.WASSUPURL.'/thickbox/loadingAnimation.gif";</script>';
306
  echo "\n".'<link rel="stylesheet" href="'.WASSUPURL.'/thickbox/thickbox.css'.'" type="text/css" />';
307
  echo "\n".'<link rel="stylesheet" href="'.WASSUPURL.'/ui.tabs.css'.'" type="text/css" />';
490
  limit: 10,
491
  fadeLast: 5,
492
  ajax: '<?php echo WASSUPURL."/lib/action.php?action=spy&spytype=".$spytype.$action_param; ?>',
493
+ timeout: 5000,
494
  'timestamp': myTimestamp,
495
  fadeInSpeed: 1100 });
496
  });
586
  if ((int)$_POST['wassup_chart_type'] == 0) { //no chart
587
  $wassup_options->wassup_chart = "0";
588
  }
 
589
  $wassup_options->wassup_loggedin = $_POST['wassup_loggedin'];
590
  $wassup_options->wassup_admin = $_POST['wassup_admin'];
591
  $wassup_options->wassup_spider = $_POST['wassup_spider'];
912
 
913
  <?php // HERE IS THE OPTIONS VIEW
914
  } elseif($_GET['page'] == "wassup-options") { ?>
915
+ <h2>WassUp - <?php _e('Options','wassup'); ?></h2>
916
  <p><?php _e('You can add a sidebar Widget with some useful statistics information by activating the','wassup'); ?>
917
+ <a href="<?php echo $wpurl.'/wp-admin/widgets.php'; ?>"><?php _e('Wassup Widget in the Widgets menu option','wassup'); ?></a>.</p>
918
  <?php //#moved content to external include file, "settings.php"
919
  //# to make "wassup" code easier to read and modify
920
  //# -Helene D. 1/15/08.
1281
  <li><?php echo __("IP","wassup").': <span class="raw">'.$rk->ip.'</span>'; ?></li>
1282
  <li><?php echo __("Hostname","wassup").': <span class="raw">'.$hostname.'</span>'; ?></li>
1283
  <li><?php echo __("Url Requested","wassup").': <span class="raw">'.attribute_escape(htmlspecialchars(html_entity_decode($rk->urlrequested))).'</span>'; ?></li>
1284
+ <li><?php echo __("User Agent","wassup").': <span class="raw">'.attribute_escape(htmlspecialchars(html_entity_decode($rk->agent))).'</span>'; ?></li>
1285
  <li><?php echo __("Referrer","wassup").': <span class="raw">'.attribute_escape(urldecode($rk->referrer)).'</span>'; ?></li>
1286
  <?php if ($rk->search != "") { ?>
1287
  <li><?php echo __("Search Engine","wassup").': <span class="raw">'.$rk->searchengine.'</span> &nbsp; &nbsp; ';
1457
  <ul class="url">
1458
  <?php
1459
  if ($numurl > 1) {
1460
+ //$qryCD = $wpdb->get_results("SELECT `timestamp`, urlrequested FROM $table_name WHERE wassup_id='".$rk->wassup_id."' ORDER BY `timestamp`");
1461
+ //$qryCD = $wpdb->get_results("SELECT DISTINCT `timestamp`, urlrequested FROM $table_name WHERE wassup_id='".$rk->wassup_id."' ORDER BY `timestamp`"); //no duplications
1462
+ $qryCD = $wpdb->get_results("SELECT `id`, `timestamp`, urlrequested FROM $table_name WHERE wassup_id='".$rk->wassup_id."' ORDER BY `id`"); //id is sequential, so sort order == visit order
1463
  $i=1;
1464
  $char_len = round($max_char_len*.92,0);
1465
  foreach ($qryCD as $cd) {
1590
  INDEX (timestamp),
1591
  INDEX (username(20),ip)
1592
  ) $charset_collate;";
1593
+ //UNIQUE KEY idx_wassup (wassup_id(32),timestamp,urlrequested,ip), //to prevent dup inserts
1594
  if (file_exists(ABSPATH . 'wp-admin/includes/upgrade.php')) {
1595
  require_once(ABSPATH . 'wp-admin/includes/upgrade.php');
1596
  } else { //deprecated since 2.5
1674
  //...could take a long time, so run in background if window times out
1675
  ignore_user_abort(1);
1676
  $wpdb->query("ALTER TABLE {$table_name} ADD INDEX idx_wassup (wassup_id(32),timestamp)");
1677
+ echo "\n<!-- heartbeat -->"; //ineffective because, no output to browser during install
1678
  $wpdb->query("ALTER TABLE {$table_name} ADD INDEX idx_w_os (os)");
1679
  $wpdb->query("ALTER TABLE {$table_name} ADD INDEX idx_w_browser (browser)");
1680
  echo "\n<!-- heartbeat -->";
1688
  //create wassuptmp table... (like wassup table)
1689
  mysql_query("DROP TABLE IF EXISTS {$table_tmp_name}");
1690
  if (!$wpdb->query("CREATE TABLE $table_tmp_name LIKE {$table_name}")) {
1691
+ //"like" not understood by old versions of MySQL (pre 4.1)
1692
  createTable($table_tmp_name);
1693
  }
1694
 
1855
  //Record non-admin page visits and or hack attempts
1856
  if ((!is_admin() && stristr($urlRequested,"/wp-admin/")===FALSE && stristr($urlRequested,"/wp-includes/")===FALSE) || $hackercheck) {
1857
  //TODO: store wordpress post-id/category-id/tag-id for page
 
 
 
 
 
1858
 
1859
  //## Exclude users and urls on exclusion list...
1860
  $exclude_visit = false;
2024
  //retrieve previous spam check results
2025
  $spamresult = $recent[0]->spam;
2026
 
2027
+ // check for screen resolution and update, if not previously recorded
2028
  if (empty($recent[0]->screen_res) && !empty($screen_res)) {
2029
  $wpdb->query("UPDATE $table_name SET screen_res = '$screen_res' WHERE wassup_id = '$wassup_id' AND screen_res = ''");
2030
+ }
 
2031
  //get previously recorded settings for this visitor to
2032
  // avoid redundant tests
2033
  if ($dup_urlrequest == 0) {
2075
  } else {
2076
  $spider = $ua->name;
2077
  if ($ua->agenttype == "F") {
2078
+ if (!empty($ua->subscribers)) {
2079
+ $feed = $ua->subscribers;
2080
+ } else {
2081
+ $feed = $spider;
2082
+ }
2083
+ } elseif ($ua->agenttype == "H" || $ua->agenttype == "S") { //it's a script injection bot|spammer
2084
+ if ($spam == "0") { $spam = 3; }
2085
  }
2086
  }
2087
  $os = $ua->os;
2099
  // spiders. -Helene D.
2100
  $spider_hosts='/^(65\.55\.\d{3}.\d{1,3}|.*\.crawl\.yahoo\.net|msnbot.*\.search\.msn\.com)$/';
2101
  if (empty($browser) || strstr($browser,'N/A') || empty($os) || preg_match($spider_hosts,$hostname)>0 || preg_match("#\s?([a-z]+(?:bot|crawler|spider|reader))[^a-z]#i",$userAgent)>0 || $urlRequested == "robots.txt" || is_feed()) {
2102
+ list($spider,$spidertype,$feed) = @wGetSpider($userAgent,$hostname,$browser);
2103
  //it's a browser
2104
  if ($spidertype == "B" && !strstr($urlRequested,"robots.txt") ) {
2105
  if (empty($browser)) {
2124
  if ( $wassup_options->wassup_refspam == 1 && !empty($referrer) ) {
2125
  //#...skip if referrer is own blog
2126
  if (stristr($referrer,$wpurl) === FALSE && stristr($referrer,$siteurl) === FALSE) {
2127
+ // Do a control if it is Referrer Spam
2128
+ if (wGetSpamRef($referrer) == 1) {
2129
+ $spam = 2;
2130
+ //$spamresult = $spam;
2131
+ }
2132
  }
2133
  }
2134
 
2151
  //# there is a comment or forum page request...
2152
  } elseif (empty($spider) || !$goodbot || stristr($urlRequested,"comment") !== FALSE || stristr($urlRequested,"forum") !== FALSE || !empty($comment_user) ) {
2153
 
2154
+
2155
+
2156
  // Try to search for previous spammer detected by akismet with same IP
2157
  $spammerIP = 0;
2158
  if (!empty($ipAddress)) {
2161
  $spammerIP = $checkauthor->isSpammer($ipAddress);
2162
  if ($spammerIP > 0) { //is previous comment spam
2163
  $spam = 1;
2164
+ //$spamresult = $spam;
2165
+ //update previous visits as spam, in case Akismet recently identified this spammer
2166
+ if (!empty($recent) && $spamresult==0) {
2167
+ $wpdb->query("UPDATE $table_name SET spam='".$spam."' WHERE wassup_id='".$wassup_id."' AND spam='0'");
2168
+ }
2169
  }
2170
 
2171
  }
2173
  if ($spam == 0 && !empty($hostname) && $hostname != "unknown") {
2174
  if (wGetSpamRef($hostname) == 1) {
2175
  $spam = 1;
2176
+ //$spamresult = $spam;
2177
  }
2178
  }
2179
 
2180
  //#lastly check for comment spammers using Akismet API
2181
  //# Note: this may cause "header already sent" errors in some Wordpress configurations
2182
+ if (stristr($urlRequested,"comment") !== FALSE && $spam == 0) {
2183
+ $akismet_key = get_option('wordpress_api_key');
2184
+ $akismet_class = dirname(__FILE__).'/lib/akismet.class.php';
2185
+ if (!empty($akismet_key) && file_exists($akismet_class)) {
2186
  // load array with comment data
2187
  $comment_user_email = (!empty($_COOKIE['comment_author_email_'.COOKIEHASH])? utf8_encode($_COOKIE['comment_author_email_'.COOKIEHASH]):"");
2188
  $comment_user_url = (!empty($_COOKIE['comment_author_url_'.COOKIEHASH])? utf8_encode($_COOKIE['comment_author_url_'.COOKIEHASH]):"");
2204
  // Check if it's spam
2205
  if ( $akismet->isSpam() ) {
2206
  $spam = 1;
2207
+ //retroactively update visitor's recent hits as spam
2208
+ //Note: this may cause spam to be recorded when spam recording is disabled because visitor was not identified as spammer until comment attempt
2209
+ if(!$akismet->errorsExist()) {
2210
+ if (!empty($recent) && $spamresult==0) {
2211
+ $wpdb->query("UPDATE $table_name SET spam='".$spam."' WHERE wassup_id='".$wassup_id."' AND spam='0'");
2212
+ }
2213
+ }
2214
  }
2215
  } //end if !empty(akismet_key)
2216
+ } //end if comment
2217
  } //end else empty($spider)
2218
 
2219
  } //end if wassup_spam == 1
2229
 
2230
  //## Final exclusion control is spam...
2231
  if ($spam == 0 OR ($wassup_options->wassup_spam == 1 AND $spam == 1) OR ($wassup_options->wassup_refspam == 1 AND $spam == 2) OR ($wassup_options->wassup_hack == 1 AND $spam == 3)) {
2232
+ if (stristr($urlRequested,"wp-content/plugins")===FALSE) {
2233
  //###More user/referrer details for recording
2234
  //#get language/locale info from hostname or referrer data
2235
  $language = wGetLocale($language,$hostname,$referrer);
2297
  // Insert the record into the wassup_tmp table too
2298
  insert_into_wp($table_tmp_name, $wassup_rec);
2299
  // Delete records older then 3 minutes
2300
+ if (((int)$timestamp)%17 == 0 ) {
2301
  $wpdb->query("DELETE FROM $table_tmp_name WHERE `timestamp`<'".strtotime("-3 minutes", $timestamp)."'");
2302
  }
2303
 
2304
  } //end if $spam == 0
2305
+ } //end if !wp-content/plugins
2306
 
2307
  } //end if wassup_spider
2308
  } //end if dup_urlrequest == 0
2784
  if (stristr('location.href',$ua)!==FALSE) {
2785
  $crawlertype = "H";
2786
  $crawler = "Script Injection bot";
2787
+ } elseif (preg_match('/(<|&lt;|&#60;)a(\s|%20|&#32;|\+)href/i',$ua)>0) {
2788
  $crawlertype = "H";
2789
  $crawler = "Script Injection bot";
2790
  } elseif (preg_match('/(<|&lt;|&#60;)script/i',$ua)>0) {
2791
  $crawlertype = "H";
2792
  $crawler = "Script Injection bot";
2793
+ } elseif (preg_match('/select.*(\s|%20|\+|%#32;)from(\s|%20|\+|%#32;)wp_/i',$ua)>0) {
2794
  $crawlertype = "H";
2795
  $crawler = "Script Injection bot";
2796
  }
2829
  }
2830
  }
2831
  //## check browscap data for crawler info., when available
2832
+ if (empty($crawler) && ini_get("browscap") != "" ) {
2833
  $browsercap = get_browser($ua,true);
2834
  //if no platform(os), assume crawler...
2835
  if (!empty($browsercap['platform'])) {
2852
  $crawler = "";
2853
  }
2854
  }
2855
+
2856
  //get crawler info. from a known list of bots and feedreaders that
2857
  // don't list their names first in UA string.
2858
  //Note: spaces are removed from UA string for the bot comparison
3461
 
3462
  //Put a Wassup timestamp in page footer to check if page is cached
3463
  function cache_check() {
3464
+ global $wassup_options, $version;
3465
+ if ($wassup_options->wassup_active == "1") {
3466
+ //Output a comment with a current timestamp to verify that page is not cached (i.e. visit is being recorded).
3467
+ echo "<!--\n<p> WassUp $version timestamp: ".date('Y-m-d h:i:sA T')." </p>\n";
3468
+ echo "<small>".__("If above timestamp is not current time, this page is cached","wassup").".</small>\n";
3469
+ echo "-->\n";
3470
+ }
3471
  }
3472
 
3473
  // START initializing Widget
3782
  }
3783
 
3784
  if ($wtopbr == 1) {
3785
+ $time_range = '`timestamp` > 0'; //all time
3786
+ $top_limit = attribute_escape($topbrlimit);
3787
+ $top_results = wGetStats("browser",$top_limit,$time_range);
3788
+ if (count($top_results) > 0) {
3789
+ print "$before_title ".__('Top Browsers','wassup')." $after_title";
3790
+ print "<ul class='$ulclass'>";
3791
+ foreach ($top_results as $wtop) {
3792
+ print "<li>- ".stringShortener($wtop->top_item, $chars)."</li>";
3793
+ }
3794
+ print "</ul>";
3795
  }
 
 
3796
  }
3797
 
3798
  if ($wtopos == 1) {
3799
+ $time_range = '`timestamp` > 0'; //all time
3800
+ $top_limit = attribute_escape($toposlimit);
3801
+ $top_results = wGetStats("os",$top_limit,$time_range);
3802
+ if (count($top_results) > 0) {
3803
+ print "$before_title ".__('Top OS','wassup')." $after_title";
3804
+ print "<ul class='$ulclass'>";
3805
+ foreach ($top_results as $wtop) {
3806
+ print "<li>- ".stringShortener($wtop->top_item, $chars)."</li>";
3807
+ }
3808
+ print "</ul>";
3809
  }
 
 
3810
  }
3811
 
3812
  // Visitors Online
3837
  print $after_widget;
3838
  } //end function wassup_sidebar
3839
 
3840
+ // Initialing the dashboard widget
3841
  if (isset($wassup_options->wassup_dashboard_chart) && $wassup_options->wassup_dashboard_chart == 1) {
3842
 
3843
  if (version_compare($wp_version, '2.7', '<')) {
3845
  } else {
3846
  // Create the function to output the contents of our Dashboard Widget
3847
  function wassup_dashboard_widget_function() {
3848
+ global $wpdb, $wassup_options, $wpurl;
3849
  $table_name = $wpdb->prefix . "wassup";
3850
+ $table_tmp_name = $wpdb->prefix . "wassup_tmp";
3851
  $to_date = wassup_get_time();
3852
  $chart_type = ($wassup_options->wassup_chart_type >0)? $wassup_options->wassup_chart_type: "2";
3853
  $res = ((int)$wassup_options->wassup_screen_res-160)/2;
3854
  $Chart = New MainItems($table_name,"",$to_date);
3855
+ $chart_url = $Chart->TheChart(1, $res, "180", "", $chart_type, "bg,s,00000000", "dashboard");
3856
+ $max_char_len= 40;
3857
+ ?>
3858
 
3859
+ <div class="placeholder" style="margin:0;">
3860
+ <p style="text-align:center"><img src="<?php echo $chart_url; ?>" alt="WassUp <?php _e('visitor stats chart','wassup'); ?>"/></p>
3861
  <p><cite><a href="admin.php?page=<?php echo WASSUPFOLDER; ?>"><?php _e('More Stats','wassup'); ?> &raquo;</a></cite></p>
3862
+ <style>
3863
+ #wassup_dashboard_widget .wassup_dash_box {
3864
+ margin: 0px auto 10px auto;
3865
+ padding: 10px;
3866
+ width:90%;
3867
+ font-size:11px;
3868
+ }
3869
+ #wassup_dashboard_widget .wassup_dash_box p {
3870
+ margin: 4px 0 8px 0;
3871
+ font-weight: normal;
3872
+ font-size:11px;
3873
+ border-bottom: 1px solid #dfdfdf;
3874
+ padding: 0px 0 8px 0;
3875
+ }
3876
+ #wassup_dashboard_widget h5 {
3877
+ border-top: 3px solid #dfdfdf;
3878
+ width:90%;
3879
+ margin: 10px auto 0 auto;
3880
+ padding: 20px 10px 10px 10px;
3881
+ font-size:12px;
3882
+ }
3883
+ #wassup_dashboard_widget h5 strong {
3884
+ font-size:24px;
3885
+ margin: 0 10px 0 0;
3886
+ padding:2px 10px 2px 10px;
3887
+ background:#BBD8E7;
3888
+ border:1px solid #dfdfdf;
3889
+ }
3890
+ </style>
3891
+ <?php
3892
+ $from_date = strtotime('-3 minutes', $to_date);
3893
+ $currenttot = $wpdb->get_var("SELECT COUNT(DISTINCT wassup_id) as currenttot FROM $table_tmp_name WHERE `timestamp` BETWEEN $from_date AND $to_date");
3894
+ $currenttot = $currenttot+0; //set to integer
3895
+ if ($currenttot > 0) {
3896
+ $qryC = $wpdb->get_results("SELECT id, wassup_id, max(timestamp) as max_timestamp, ip, hostname, searchengine, urlrequested, agent, referrer, spider, username, comment_author FROM $table_tmp_name WHERE `timestamp` BETWEEN $from_date AND $to_date GROUP BY ip ORDER BY max_timestamp DESC");
3897
+ print "<h5><strong>".$currenttot."</strong>".__("Visitors online", "wassup")."</h5>";
3898
+ print "<div class='wassup_dash_box'>";
3899
+ foreach ($qryC as $cv) {
3900
+ if ($wassup_options->wassup_time_format == 24) {
3901
+ $timed = gmdate("H:i:s", $cv->max_timestamp);
3902
+ } else {
3903
+ $timed = gmdate("h:i:s a", $cv->max_timestamp);
3904
+ }
3905
+ $ip_proxy = strpos($cv->ip,",");
3906
+ //if proxy, get 2nd ip...
3907
+ if ($ip_proxy !== false) {
3908
+ $ip = substr($cv->ip,(int)$ip_proxy+1);
3909
+ } else {
3910
+ $ip = $cv->ip;
3911
+ }
3912
+ if ($cv->referrer != '') {
3913
+ if (!eregi($wpurl, $cv->referrer) OR $cv->searchengine != "") {
3914
+ if ($cv->searchengine == "") {
3915
+ $referrer = '<a href="'.clean_url("{$cv->referrer}","","url").'" target=_"BLANK"><span style="font-weight: bold;">'.stringShortener("{$cv->referrer}", round($max_char_len*.8,0)).'</span></a>';
3916
+ } else {
3917
+ $referrer = '<a href="'.clean_url("{$cv->referrer}","","url").'" target=_"BLANK">'.stringShortener("{$cv->referrer}", round($max_char_len*.9,0)).'</a>';
3918
+ }
3919
+ } else {
3920
+ $referrer = __("From your blog", "wassup");
3921
+ }
3922
+ } else {
3923
+ $referrer = __("Direct hit", "wassup");
3924
+ }
3925
+ // User is logged in or is a comment's author
3926
+ if ($cv->username != "" OR $cv->comment_author != "") {
3927
+ if ($cv->username != "") {
3928
+ $Ousername[] = $cv->username;
3929
+ $Ocomment_author[] = $cv->comment_author;
3930
+ } elseif ($cv->comment_author != "") {
3931
+ $Ocomment_author[] = $cv->comment_author;
3932
+ }
3933
+ }
3934
+ ?>
3935
+
3936
+ <?php
3937
+ if (strstr($cv->urlrequested,"[404]")) { //no link for 404 page
3938
+ $requrl = stringShortener($cv->urlrequested, round($max_char_len*.9,0)+5);
3939
+ } else {
3940
+ $requrl = '<a href="'.wAddSiteurl("{$cv->urlrequested}").'" target="_BLANK">';
3941
+ $requrl .= stringShortener("{$cv->urlrequested}", round($max_char_len*.9,0)).'</a>';
3942
+ }
3943
+ ?>
3944
+ <p><strong><?php print $timed; ?></strong> - <?php echo $ip; ?> - <?php print $requrl ?><br /><?php echo __("Referrer", "wassup"); ?>: <?php echo $referrer; ?></p>
3945
+ <?php
3946
+ } //end foreach qryC ?>
3947
+ </div>
3948
+ <?php
3949
+ if (count($Ousername) > 0) {
3950
+ echo "<div class='wassup_dash_box'>";
3951
+ echo "<p>Registered users: ".implode(",", $Ousername)."</p>";
3952
+ echo "</div>";
3953
+ }
3954
+ if (count($Ocomment_author) > 0) {
3955
+ echo "<div class='wassup_dash_box'>";
3956
+ echo "<p>Comment authors: ".implode(",", $Ocomment_author)."</p>";
3957
+ echo "</div>";
3958
+ }
3959
+ ?>
3960
+ <?php
3961
+ } //end if currenttot ?>
3962
+
3963
+ </div>
3964
+ <?php }
3965
  // Create the function use in the action hook
3966
  function wassup_add_dashboard_widgets() {
3967
  wp_add_dashboard_widget('wassup_dashboard_widget', 'WassUp Summary', 'wassup_dashboard_widget_function');