Changeset 194
- Timestamp:
- 14/09/06 14:40:29 (2 years ago)
- Files:
-
- blog.lib.php (modified) (6 diffs)
- miscfunctions.lib.php (modified) (7 diffs)
- two-level-tlds (added)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
blog.lib.php
r188 r194 28 28 echo("<p class=\"errorinfo\">"._("Level ").$level._(" error - ").$error."</p>"); 29 29 } 30 30 //whats this? where is it used? 31 31 function error_exc($e) { 32 32 if (!isset($e->error) || !isset($e->errormsg)) { … … 39 39 //Our Blogs Class 40 40 class blogs { 41 var $id; //Blog ID 42 var $userName; //Blogger's User Name 43 var $realName; //Blogger's Real Name 44 var $title; //Blog Title 45 var $description; //Blog Blurb 46 var $cssFile; //Blog CSS 47 var $shortDateFormat; //Short date format 48 var $longDateFormat; //Long date format 49 var $httpPath; //http Path for files 50 var $blogPath; //path to blog 51 var $basePath; //path to the display blog bits 52 var $adminPath; //path to blog admin page 53 var $commentError; //new comment errors 54 var $entryError; //new entry errors 55 var $currentEntry; // the shortsubject of the current entry (where applicable) 56 var $svnRevision; // the SVN revision number of the currently running blog 57 41 //Blog ID 42 var $id; 43 //Blogger's Details 44 var $userName; 45 var $realName; 46 //Blog Details 47 var $title; 48 var $description; 49 var $cssFile; 50 //Date formats 51 var $shortDateFormat; 52 var $longDateFormat; 53 //Paths 54 var $httpPath; 55 var $blogPath; 56 var $basePath; 57 var $adminPath; 58 //Errors 59 var $error; 60 //SVN Revision... the closest thing we've got to a version number 61 var $svnRevision; 62 58 63 //Constructor - checks we've been given a valid username, and pulls in generic blog info 59 function blogs($user) 60 { 64 function blogs($user) { 65 //set the error string first, so we dont wipe out any errors 66 $this->error = ''; 67 //set the locale 61 68 setlocale(LC_ALL, 'en_GB'); 69 //check the username 62 70 if(!safeuname($user)) { 63 $this->error = 1;64 $this->errormsg = "Bad username";71 error(1,_("No such user")); 72 return false; 65 73 } else { 66 74 $sql = db_query("SELECT id, name, title, description, css, moderate, editor from users where username = '".$user."' and enabled = true;"); 67 75 $sqlNum = db_num_rows($sql); 68 76 if ($sqlNum != 1) { 69 $this->error = 1; 70 $this->errormsg = "No such user"; 71 } 72 else { 77 error(1,_("No such user")); 78 return false; 79 } else { 73 80 $sqlRow = db_getrow($sql); 74 81 $this->id = $sqlRow['id']; … … 95 102 $this->entryError = ''; 96 103 $this->comment_moderation = ($sqlRow['moderate']=='t') ? TRUE : FALSE; 97 $this->editor = ($sqlRow['editor']=='t') ? TRUE : FALSE; 104 $this->editor = ($sqlRow['editor']=='t') ? TRUE : FALSE; 98 105 $this->currentEntry = ""; 99 106 $this->svnRevision = getSVNRevision(); 100 101 107 // setup the session 102 108 session_name("BlogSession"); … … 105 111 } 106 112 } 107 108 113 // print a blog entry 109 114 function printEntry($row, $commentLink = true, $titleLink = true) … … 557 562 $sqlNum = db_num_rows($sql); 558 563 if ($sqlNum != 1) { 559 $this->commenterror = _("Invalid blog entry, This entry may have been removed..?"); //why oh why do we need a global error string for this specific function?560 //it seems silly to continue at this point and for that matter most cases where we spew an error.. but that will be left for another day/person564 error(1,_("Invalid blog entry, This entry may have been removed..?")); 565 return; 561 566 } 562 567 //pull in the unadulterated subject for later on … … 579 584 $element = "comment"; 580 585 } 581 582 586 //decided if the comment is likly to be spam 583 if (check RBL($host) or checkBody($comment)) {584 $spam = TRUE;587 if (checkSpam($host,$_POST['comment'])) { 588 $spam = true; 585 589 //force this comment though moderation 586 $this->comment_moderation = TRUE;587 } 588 else { 589 $spam = FALSE;590 $this->comment_moderation = true; 591 } 592 else { 593 $spam = false; 590 594 } 591 595 miscfunctions.lib.php
r177 r194 67 67 } 68 68 69 //feeds a message body though LinkSleeve (http://www.linksleeve.org/) which at the time of testing seems realy rather good. 70 function checkBody ($comment) { 69 /* 70 * 71 * Spam Checks 72 * 73 */ 74 //Check the Spam URI Realtime Blocklist 75 function checkSpamURLs($text) { 76 $spam = false; 77 //find urls, ugly but works 78 while (ereg("http://[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}",$text,$match)) { 79 $matches[] = $match[0]; 80 $text = ereg_replace($match[0],"",$text); 81 } 82 //pull in list of two level tlds, make an array from them. from http://spamcheck.freeapp.net/two-level-tlds 83 $twoLevelTLD = file("./two-level-tlds"); 84 foreach($twoLevelTLD as $TLD) { 85 $two_level_tlds[trim($TLD)] = true; 86 } 87 //for each url 88 foreach ($matches as $url) { 89 //break it down 90 $urlBits = explode(".",substr($url, 7)); 91 //reverse the oder 92 $bitsURL = array_reverse($urlBits); 93 //if its a two level tld, we want the first 3 bits of the url.. if not just the first 2 94 if ($two_level_tlds[($bitsURL[1].".".$bitsURL[0])]) { 95 $URLstoTest[] = ($bitsURL[2].".".$bitsURL[1].".".$bitsURL[0]); 96 } else { 97 $URLstoTest[] = ($bitsURL[1].".".$bitsURL[0]); 98 } 99 } 100 //actualy test each of he domains against the surbl 101 foreach($URLstoTest as $url) { 102 $result = gethostbyname($url.'.multi.surbl.org'); 103 if ($result != $url.'.multi.surbl.org') { 104 $spam = true; 105 } 106 } 107 return $spam; 108 } 109 //feeds a message body though LinkSleeve (http://www.linksleeve.org/) which at the time of testing seems quite good. 110 function checkSpamLinkSleeve ($text) { 71 111 // Include the Pear XML-RPC Client Package 72 112 require_once 'XML/RPC.php'; 73 113 // Build the XML-RPC message 74 $params = array(new XML_RPC_Value($ comment, 'string'));114 $params = array(new XML_RPC_Value($text, 'string')); 75 115 $msg = new XML_RPC_Message('slv', $params); 76 116 //Send the XML-RPC message … … 80 120 if (!$resp) { 81 121 echo 'Communication error: ' . $cli->errstr; 82 exit;122 return false; 83 123 } 84 124 //spam? … … 101 141 102 142 //checks an ip in several blacklists returns true if its present 103 function check RBL($ip) {143 function checkSpamIP($ip) { 104 144 $spam = false; 105 145 //reverse the ip … … 116 156 //CBL 117 157 if ($cbl) { 118 158 $spam = true; 119 159 } 120 160 … … 159 199 //SpamCop 160 200 if ($scbl) { 161 201 $spam = true; 162 202 } 163 203 … … 230 270 //SBL 231 271 if($sbl) { 232 272 $spam = true; 233 273 } 234 274 return $spam; … … 236 276 237 277 # General spam function combining all checks 238 function checkSpam($ip, $message) { 239 $spam=checkRBL($ip); 240 if (preg_match_all("#http#", $message, $out)>5) $spam=true; 241 return $spam; 242 } 278 function checkSpam($ip, $text) { 279 //Check LinkSleeve first, its a collaborative statistical thing, and will benefit from seeing all messages, spam or not 280 if (checkSpamLinkSleeve($text)) { 281 $spam = true; 282 //Check any URL's the Spam URL Black List 283 } elseif (checkSpamURLs($text)) { 284 $spam = true; 285 //If all else fails lookup the posting IP in all the normal IP Black Lists 286 } elseif (checkSpamIP($ip)) { 287 $spam = true; 288 //Decide its probably not spam 289 } else { 290 $spam = false; 291 } 292 return $spam; 293 }
