Block-Spam-By-Math plugin created by Alexander Grau. Author: James Pegram Version: 2.2.3 Author URI: http://www.jamespegram.com */ /* Copyright 2009 James Pegram (email : jwpegram [make-an-at] gmail [make-a-dot] com) Alexander Grau (email : alex [make-an-at] grauonline [make-a-dot] de) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ define('BSBM_VERSION', '2.2.3'); // Current version of the Plugin define('BSBM_NAME', 'Block Spam By Math Reloaded'); // Name of the Plugin // Define default value for plugin options define ('BSBM_ANSWER_ERROR','Oops! Looks like you answered the security question incorrectly.'); define ('BSBM_EMPTY_ERROR','Oops! It appears you forgot to answer the security question.'); define ('BSBM_LOGIN_FORM',true); define ('BSBM_SIGNUP_FORM',true); define ('BSBM_COMMENT_FORM',true); define ('BSBM_REGISTER_FORM',true); define ('BSBM_MATHVALUE0','2'); define ('BSBM_MATHVALUE1','15'); define ('BSBM_NOTICE_MESSAGE','IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)'); define ('BSBM_HOOK_LOCATION','1'); define ('BSBM_CUSTOMHOOK',''); define ('BSBM_OVERRIDE_CSS',false); define ('BSBM_TABINDEX','5'); define ('BSBM_EXCLUDE_ADMIN',false); define ('BSBM_WP_ROLE','manage_options'); // Establish a few variables we may want to use later. $bsbm_siteurl = get_bloginfo('wpurl'); $bsbm_siteurl = (strpos($bsbm_siteurl,'http://') === false) ? get_bloginfo('siteurl') : $bsbm_siteurl; $bsbm_path = preg_replace('/^.*wp-content[\\\\\/]plugins[\\\\\/]/', '', __FILE__); $bsbm_path = str_replace('\\','/',$bsbm_path); $bsbm_fullpath = $bsbm_siteurl.'/wp-content/plugins/'.substr($bsbm_path,0,strrpos($bsbm_path,'/')).'/'; register_activation_hook( __FILE__, 'bsbm_activate' ); register_uninstall_hook(__FILE__, 'bsbm_uninstall' ); if ( isset( $_POST['bsbm_uninstall'], $_POST['bsbm_uninstall_confirm'] ) ) { bsbm_uninstall(); } add_action( 'init', 'bsbm_init' ); add_action('admin_menu', 'bsbm_admin_options'); add_action('init', 'bsbm_doit', 11, 1); //bsbm_admin_warnings(); if ($_GET['page'] == 'bsbm') { wp_register_style('bsbm.css', $bsbm_fullpath . 'bsbm.css'); wp_enqueue_style('bsbm.css'); } // Initialize plugin function bsbm_init() { if ( function_exists( 'load_plugin_textdomain' ) ) { load_plugin_textdomain( 'block-spam-by-math-reloaded', PLUGINDIR.'/'.dirname(plugin_basename(__FILE__)) ); } } // Add the appropriate security forms function bsbm_doit() { $options = get_option('bsbm_options'); // Are we dealing with a network version of Wordpress // or standalone if (is_multisite() == true) { $n=1; } else { $n=0; } switch ($n) { case 0: if ( !is_user_logged_in()) { $skip=false; } elseif ( current_user_can($options['bsbm_wp_role']) ) { $skip = true; } else { $skip = false; } break; case 1: if ( !is_user_logged_in()) { $skip=false; } elseif ( is_super_admin( $user_id ) ) { $skip = true; } elseif ( current_user_can_for_blog($blog_id,$options['bsbm_wp_role'])) { $skip = true; } else { $skip = false; } break; default: $skip = false; break; } // Run the security checks if ($skip==false) { if ($options['bsbm_override_css'] == false) { add_action('wp_head', 'bsbm_stylesheet'); } if ($options['bsbm_login_form'] == true) { add_action( 'login_form', 'bsbm_add_hidden_fields' ); add_action( 'bp_sidebar_login_form', 'bsbm_add_hidden_fields' ); add_action( 'wp_authenticate', 'bsbm_authenticate', 10, 2 ); } if ($options['bsbm_hook_location'] == '1' && $options['bsbm_comment_form'] == true) { add_action( 'comment_form', 'bsbm_add_hidden_fields' ); add_filter( 'preprocess_comment', 'bsbm_preprocess_comment' ); } elseif ($options['bsbm_hook_location'] == '2' && $options['bsbm_comment_form'] == true) { add_action($options['bsbm_customhook'], 'bsbm_add_hidden_fields' ); add_filter( 'preprocess_comment', 'bsbm_preprocess_comment' ); } elseif ($options['bsbm_hook_location'] == '3' && $options['bsbm_comment_form'] == true) { add_action( 'after_comment_box', 'bsbm_add_hidden_fields' ); add_filter( 'preprocess_comment', 'bsbm_preprocess_comment' ); } if ($options['bsbm_signup_form'] == true) { add_action( 'signup_extra_fields', 'bsbm_add_hidden_fields' ); add_action( 'bp_before_registration_submit_buttons', 'bsbm_add_hidden_fields' ); add_action( 'wpmu_validate_user_signup', 'bsbm_validate_user_signup'); } if ($options['bsbm_register_form'] == true) { add_action( 'register_form', 'bsbm_add_hidden_fields' ); add_action( 'register_post', 'bsbm_registration',10,2 ); add_filter('signup_blogform', 'bsbm_add_hidden_signup' ); } } } // Default stylesheet used to display security question function bsbm_stylesheet() { ?> "; echo ""; echo ""; } } // Add hidden fields to the various forms function bsbm_add_hidden_fields($errors = '') { $options = get_option('bsbm_options'); if (is_numeric($options['bsbm_mathvalue0'])) { $mathvalue0 = rand($options['bsbm_mathvalue0'], $options['bsbm_mathvalue1']); } else { $mathvalue0 = rand(2, 15); } if (is_numeric($options['bsbm_mathvalue1'])) { $mathvalue1 = rand($options['bsbm_mathvalue0'], $options['bsbm_mathvalue1']); } else { $mathvalue1 = rand(2, 15); } echo '
'; // Only used during the new user/new blog sign up process if ( false !== strpos( $_SERVER['SCRIPT_NAME'], 'wp-signup.php')) { if ( $errmsg = $errors->get_error_message('bsbm_question') ) { echo '

'. $errmsg .'

'; } } echo '
What is '. $mathvalue0 .' + '. $mathvalue1 .' ?
Please leave these two fields as-is:
'; echo $options['bsbm_notice_message']; echo '
'; } // Protection function for submitted login form function bsbm_authenticate( $user_login, $user_password ) { if ( ( $user_login != '' ) && ( $user_password != '' ) ) { bsbm_check_hidden_fields(); } } // Protection function for submitted comment form function bsbm_preprocess_comment( $commentdata ) { bsbm_check_hidden_fields(); return $commentdata; } // Protection function for submitted login form function bsbm_registration( $user_login, $user_email ) { if ( ( $user_login != '' ) && ( $user_email != '' ) ) { bsbm_check_hidden_fields(); } } // Check the hidden fields and process the answer function bsbm_validate_user_signup($content) { $answer = bsbm_check_hidden_fields(); $options = get_option('bsbm_options'); if ($answer == 1) { $error = $options['bsbm_empty_error']; $errors = new WP_Error(); $errors->add('bsbm_question', $error); return array('bsbm_question' => $val2, 'errors' => $errors); } elseif ($answer == 2) { $error = $options['bsbm_answer_error']; $errors = new WP_Error(); $errors->add('bsbm_question', $error); return array('bsbm_question' => $val2, 'errors' => $errors); } else { return $content; } } // Check for hidden fields and wp_die() in case of error function bsbm_check_hidden_fields() { $options = get_option('bsbm_options'); // Get values from POST data $val0 = ''; $val1 = ''; $val2 = ''; if ( isset( $_POST['mathvalue0'] ) ) { $val0 = $_POST['mathvalue0']; } if ( isset( $_POST['mathvalue1'] ) ) { $val1 = $_POST['mathvalue1']; } if ( isset( $_POST['mathvalue2'] ) ) { $val2 = $_POST['mathvalue2']; } // Handle checks for forms other than new user/new blog signups. if ( false === strpos( $_SERVER['SCRIPT_NAME'], 'wp-signup.php') ) { if ( $val2 == '') { $error = $options['bsbm_empty_error']; wp_die( $error, '403 Forbidden', array( 'response' => 403 ) ); } elseif ( ( $val0 == '' ) || ( $val1 == '' ) || ( intval($val2) != (intval($val0) + intval($val1)) ) ) { $error = $options['bsbm_answer_error']; wp_die( $error, '403 Forbidden', array( 'response' => 403 ) ); } } // Passes an error condition in the var $answer back to the function called by add_action // This allows us to insert the error message in the template, compensating for the fact get_header() is called // before execution ever gets this far. // Note: If Wordpress ever alters the wp-signup.php or get_header() funtion to allow for a break condition // this can be handled a little cleaner. if ( $val2 == '') { return $answer=1; } elseif ( ( $val0 == '' ) || ( $val1 == '' ) || ( intval($val2) != (intval($val0) + intval($val1)) ) ) { return $answer=2; } else { return $answer=3; } } /* ============================================ ADMIN ============================================ */ function bsbm_activate() { $default_options = array( 'bsbm_empty_error' => BSBM_ANSWER_ERROR, 'bsbm_answer_error' => BSBM_EMPTY_ERROR, 'bsbm_login_form' => BSBM_LOGIN_FORM, 'bsbm_signup_form' => BSBM_SIGNUP_FORM, 'bsbm_comment_form' => BSBM_COMMENT_FORM, 'bsbm_register_form' => BSBM_REGISTER_FORM, 'bsbm_mathvalue0' => BSBM_MATHVALUE0, 'bsbm_mathvalue1' => BSBM_MATHVALUE1, 'bsbm_notice_message' => BSBM_NOTICE_MESSAGE, 'bsbm_hook_location' => BSBM_HOOK_LOCATION, 'bsbm_customhook' => BSBM_CUSTOMHOOK, 'bsbm_override_css' => BSBM_OVERRIDE_CSS, 'bsbm_tabindex' => BSBM_TABINDEX, 'bsbm_wp_role' => BSBM_WP_ROLE ); add_option('bsbm_options', $default_options); update_option('bsbm_version', BSBM_VERSION); return true; } function bsbm_admin_options() { if ( function_exists('add_management_page') ) { add_options_page('Block Spam By Math', 'Block Spam By Math', 'manage_options', 'bsbm', 'bsbm_admin_settings'); //call register settings function add_action( 'admin_init', 'bsbm_register_settings' ); } } // Let's do a bit of validation on the submitted values, just in case something strange got submitted function bsbm_options_validate($input) { $options = get_option('bsbm_options'); $options['bsbm_empty_error'] = wp_filter_kses($input['bsbm_empty_error']); $options['bsbm_answer_error'] = wp_filter_kses($input['bsbm_answer_error']); $options['bsbm_login_form'] = ( $input['bsbm_login_form'] == true ? 1 : 0 ); $options['bsbm_signup_form'] = ( $input['bsbm_signup_form'] == true ? 1 : 0 ); $options['bsbm_comment_form'] = ( $input['bsbm_comment_form'] == true ? 1 : 0 ); $options['bsbm_register_form'] = ( $input['bsbm_register_form'] == true ? 1 : 0 ); $options['bsbm_mathvalue0'] = intval($input['bsbm_mathvalue0']); $options['bsbm_mathvalue1'] = intval($input['bsbm_mathvalue1']); $options['bsbm_notice_message'] = wp_filter_kses($input['bsbm_notice_message']); $options['bsbm_hook_location'] = wp_filter_kses($input['bsbm_hook_location']); $options['bsbm_customhook'] = wp_filter_kses($input['bsbm_customhook']); $options['bsbm_override_css'] = ( $input['bsbm_override_css'] == true ? 1 : 0 ); $options['bsbm_tabindex'] = intval($input['bsbm_tabindex']); $options['bsbm_wp_role'] = wp_filter_kses($input['bsbm_wp_role']); return $options; } // Administration menu function bsbm_admin_settings() { global $bsbm_fullpath; // Check that the user has the required permission level if (!current_user_can('manage_options')) { wp_die( __('You do not have sufficient permissions to access this page.') ); } $options = get_option('bsbm_options'); ?>

Select the various forms the security question will appear on.

'; echo '
'; echo '

Display security check on all login forms.

Yes No
'; echo '

Display security check on the new user/new blog singup forms (network mode).

Yes No
'; echo '

Display security check on user registration forms (single user mode).

Yes No
'; echo '

Display security check on all comment forms.

Yes No
'; echo '

Check this box if you wish to use your own css styling.

Yes No
'; echo '

Default value is 2

'; echo '

Default value is 15

'; echo '

Assigns a tabindex value to the security form field. The default value is 5.

'; echo '

Minimum role a WP user must have to be exluded from having to answer the security check.

Administrator

Editor

Author

Contributor

Subscriber

'; echo '
'; if (get_bloginfo('version') >= '3.1') { submit_button('Save Changes'); } else { echo ''; } echo ''; } function bsbm_main_settings() { $options = get_option('bsbm_options'); echo '

Customize the error/notice messages displayed.

'; echo '
'; echo '

This is the text that will be displayed if the security question field is left empty.
You can use html here.

'; echo '

Display security check on the new user/new blog singup forms (network mode).
You can use html here.

'; echo '

Notice message displayed below security field.
You can use html here.

'; echo '
'; if (get_bloginfo('version') >= '3.1') { submit_button('Save Changes','secondary'); } else { echo ''; } echo '
'; } function bsbm_beta_settings() { $options = get_option('bsbm_options'); echo '

The settings below are considered beta and may or may not work for you.

'; echo '
'; echo '

Use the default Wordpress hook placement

'; echo '

Use this option if your theme already has a custom hook location (ie. Thesis theme has do_action( \'thesis_hook_after_comment_box\' ); You would place thesis_hook_after_comment_box in the field above.

    (ex: thesis_hook_after_comment_box )

'; echo '

Allows you to manually add a hook location.

IMPORTANT!!! In order to use this option you must add a do_action to a core file.

    Assuming you are using the default Wordpress theme (twentyten) open your wp-includes/comment-template.php file. You may also have to locate the appropriate file based on the theme you are using.

    Find: (approx. line 1573)'; $mycode = ''; $mycode = htmlentities($mycode); echo '

    '.$mycode.'

    Add After That:'; $mycode2 = ''; $mycode2 = htmlentities($mycode2); echo '

    '.$mycode2.'

'; echo '
'; if (get_bloginfo('version') >= '3.1') { submit_button('Save Changes','secondary'); } else { echo ''; } echo '
'; } function bsbm_admin_message() { global $bsbm_fullpath; $options = get_option('bsbm_options'); // Check to see if the CSS override is true if ($options['bsbm_override_css'] == true) { ?>
Add the following CSS to your themes style sheet and customize to your liking:

#bsbm_form { clear:both; margin:20px 0; }
#bsbm_form label { font-size: 16px; font-weight:bold; color: #999; margin:0; padding:10px 0;}
#bsbm_form .question { font-size: 14px; font-weight:normal; margin:0; padding:5px 0;}
#bsbm_form .answer { font-size: 12px; }
#bsbm_form .notice { font-size: 11px; }

'; $output .= '

'; $output .= '

' . $title . '

'; $output .= '
'; $output .= $content; $output .= '
'; if ( $ech === TRUE ) echo $output; else return $output; } function bsbm_postbox_support() { $output = '

' . __( 'If you require support, or would like to contribute to the further development of this plugin, please choose one of the following;', 'bsbm' ) . '

'; $output .= ''; bsbm_build_postbox( 'display_options', __( 'Support', 'bsbm' ), $output ); } function bsbm_postbox_uninstall() { $output = '
'; $output .= ''; if ( isset( $_POST['bsbm_uninstall'] ) && ! isset( $_POST['bsbm_uninstall_confirm'] ) ) { $output .= '

' . __( 'You must check the confirm box before continuing.', 'bsbm' ) . '

'; } $output .= '

' . __( 'The options for this plugin are not removed on deactivation to ensure that no data is lost unintentionally.', 'bsbm' ) . '

'; $output .= '

' . __( 'If you wish to remove all plugin information for your database be sure to run this uninstall utility first.', 'bsbm' ) . '

'; $output .= '

' . __( 'Please confirm before proceeding.', 'bsbm' ) . '

'; $output .= '

'; $output .= '
'; bsbm_build_postbox( 'display_options', __( 'Uninstall Plugin', 'bsbm' ), $output ); } function bsbm_postbox_sponsor() { global $bsbm_fullpath; $output .= '

Run a Killer Website with the Thesis WordPress Theme

'; $output .= '

Thesis 1.x changed the world of WordPress themes. Instead of focusing on design, like countless other themes, Thesis 1.x focused on building a rock-solid framework.

'; $output .= '

It wasn\'t about the design...

'; $output .= '

...It was about a solid foundation that gave you "point-and-click" design controls, lightning-fast load times, and SUPERB SEO functionality.

'; $output .= '

However, the time is coming, and Thesis is about to change the theme space once again. Thesis 2.0 is currently in development, and you should expect to hear more soon.

'; $output .= '

We\'ve been keeping Thesis 2.0 a closely guarded secret--similar to how Apple keeps their products a secret--because we have some truly remarkable, game-changing features planned.

'; $output .= '

Talk soon,
Chris Pearson, and the DIYthemes Team

'; $output .= '

'; bsbm_build_postbox( 'display_options', __( 'Thesis Theme Framework', 'bsbm' ), $output ); } ?>