PHP Cross Reference of WordPress Subversion HEAD |
| [ Index ] [ Classes ] [ Functions ] [ Variables ] [ Constants ] |
[Summary view] [Print] [Text view]
1 <?php 2 /* 3 Plugin Name: Akismet 4 Plugin URI: http://akismet.com/ 5 Description: Akismet checks your comments against the Akismet web service to see if they look like spam or not. You need a <a href="http://wordpress.com/api-keys/">WordPress.com API key</a> to use it. You can review the spam it catches under "Comments." To show off your Akismet stats just put <code><?php akismet_counter(); ?></code> in your template. 6 Version: 2.0.2 7 Author: Matt Mullenweg 8 Author URI: http://photomatt.net/ 9 */ 10 11 // If you hardcode a WP.com API key here, all key config screens will be hidden 12 $wpcom_api_key = ''; 13 14 function akismet_init() { 15 global $wpcom_api_key, $akismet_api_host, $akismet_api_port; 16 17 if ( $wpcom_api_key ) 18 $akismet_api_host = $wpcom_api_key . '.rest.akismet.com'; 19 else 20 $akismet_api_host = get_option('wordpress_api_key') . '.rest.akismet.com'; 21 22 $akismet_api_port = 80; 23 add_action('admin_menu', 'akismet_config_page'); 24 } 25 add_action('init', 'akismet_init'); 26 27 if ( !function_exists('wp_nonce_field') ) { 28 function akismet_nonce_field($action = -1) { return; } 29 $akismet_nonce = -1; 30 } else { 31 function akismet_nonce_field($action = -1) { return wp_nonce_field($action); } 32 $akismet_nonce = 'akismet-update-key'; 33 } 34 35 function akismet_config_page() { 36 if ( function_exists('add_submenu_page') ) 37 add_submenu_page('plugins.php', __('Akismet Configuration'), __('Akismet Configuration'), 'manage_options', 'akismet-key-config', 'akismet_conf'); 38 } 39 40 function akismet_conf() { 41 global $akismet_nonce, $wpcom_api_key; 42 43 if ( isset($_POST['submit']) ) { 44 if ( function_exists('current_user_can') && !current_user_can('manage_options') ) 45 die(__('Cheatin’ uh?')); 46 47 check_admin_referer( $akismet_nonce ); 48 $key = preg_replace( '/[^a-h0-9]/i', '', $_POST['key'] ); 49 50 if ( empty($key) ) { 51 $key_status = 'empty'; 52 $ms[] = 'new_key_empty'; 53 delete_option('wordpress_api_key'); 54 } else { 55 $key_status = akismet_verify_key( $key ); 56 } 57 58 if ( $key_status == 'valid' ) { 59 update_option('wordpress_api_key', $key); 60 $ms[] = 'new_key_valid'; 61 } else if ( $key_status == 'invalid' ) { 62 $ms[] = 'new_key_invalid'; 63 } else if ( $key_status == 'failed' ) { 64 $ms[] = 'new_key_failed'; 65 } 66 67 if ( isset( $_POST['akismet_discard_month'] ) ) 68 update_option( 'akismet_discard_month', 'true' ); 69 else 70 update_option( 'akismet_discard_month', 'false' ); 71 } 72 73 if ( $key_status != 'valid' ) { 74 $key = get_option('wordpress_api_key'); 75 if ( empty( $key ) ) { 76 if ( $key_status != 'failed' ) { 77 if ( akismet_verify_key( '1234567890ab' ) == 'failed' ) 78 $ms[] = 'no_connection'; 79 else 80 $ms[] = 'key_empty'; 81 } 82 $key_status = 'empty'; 83 } else { 84 $key_status = akismet_verify_key( $key ); 85 } 86 if ( $key_status == 'valid' ) { 87 $ms[] = 'key_valid'; 88 } else if ( $key_status == 'invalid' ) { 89 delete_option('wordpress_api_key'); 90 $ms[] = 'key_empty'; 91 } else if ( !empty($key) && $key_status == 'failed' ) { 92 $ms[] = 'key_failed'; 93 } 94 } 95 96 $messages = array( 97 'new_key_empty' => array('color' => 'aa0', 'text' => __('Your key has been cleared.')), 98 'new_key_valid' => array('color' => '2d2', 'text' => __('Your key has been verified. Happy blogging!')), 99 'new_key_invalid' => array('color' => 'd22', 'text' => __('The key you entered is invalid. Please double-check it.')), 100 'new_key_failed' => array('color' => 'd22', 'text' => __('The key you entered could not be verified because a connection to akismet.com could not be established. Please check your server configuration.')), 101 'no_connection' => array('color' => 'd22', 'text' => __('There was a problem connecting to the Akismet server. Please check your server configuration.')), 102 'key_empty' => array('color' => 'aa0', 'text' => sprintf(__('Please enter an API key. (<a href="%s" style="color:#fff">Get your key.</a>)'), 'http://wordpress.com/profile/')), 103 'key_valid' => array('color' => '2d2', 'text' => __('This key is valid.')), 104 'key_failed' => array('color' => 'aa0', 'text' => __('The key below was previously validated but a connection to akismet.com can not be established at this time. Please check your server configuration.'))); 105 ?> 106 <?php if ( !empty($_POST ) ) : ?> 107 <div id="message" class="updated fade"><p><strong><?php _e('Options saved.') ?></strong></p></div> 108 <?php endif; ?> 109 <div class="wrap"> 110 <h2><?php _e('Akismet Configuration'); ?></h2> 111 <div class="narrow"> 112 <form action="" method="post" id="akismet-conf" style="margin: auto; width: 400px; "> 113 <?php if ( !$wpcom_api_key ) { ?> 114 <p><?php printf(__('For many people, <a href="%1$s">Akismet</a> will greatly reduce or even completely eliminate the comment and trackback spam you get on your site. If one does happen to get through, simply mark it as "spam" on the moderation screen and Akismet will learn from the mistakes. If you don\'t have a WordPress.com account yet, you can get one at <a href="%2$s">WordPress.com</a>.'), 'http://akismet.com/', 'http://wordpress.com/api-keys/'); ?></p> 115 116 <?php akismet_nonce_field($akismet_nonce) ?> 117 <h3><label for="key"><?php _e('WordPress.com API Key'); ?></label></h3> 118 <?php foreach ( $ms as $m ) : ?> 119 <p style="padding: .5em; background-color: #<?php echo $messages[$m]['color']; ?>; color: #fff; font-weight: bold;"><?php echo $messages[$m]['text']; ?></p> 120 <?php endforeach; ?> 121 <p><input id="key" name="key" type="text" size="15" maxlength="12" value="<?php echo get_option('wordpress_api_key'); ?>" style="font-family: 'Courier New', Courier, mono; font-size: 1.5em;" /> (<?php _e('<a href="http://faq.wordpress.com/2005/10/19/api-key/">What is this?</a>'); ?>)</p> 122 <?php if ( $invalid_key ) { ?> 123 <h3><?php _e('Why might my key be invalid?'); ?></h3> 124 <p><?php _e('This can mean one of two things, either you copied the key wrong or that the plugin is unable to reach the Akismet servers, which is most often caused by an issue with your web host around firewalls or similar.'); ?></p> 125 <?php } ?> 126 <?php } ?> 127 <p><label><input name="akismet_discard_month" id="akismet_discard_month" value="true" type="checkbox" <?php if ( get_option('akismet_discard_month') == 'true' ) echo ' checked="checked" '; ?> /> <?php _e('Automatically discard spam comments on posts older than a month.'); ?></label></p> 128 <p class="submit"><input type="submit" name="submit" value="<?php _e('Update options »'); ?>" /></p> 129 </form> 130 </div> 131 </div> 132 <?php 133 } 134 135 function akismet_verify_key( $key ) { 136 global $akismet_api_host, $akismet_api_port, $wpcom_api_key; 137 $blog = urlencode( get_option('home') ); 138 if ( $wpcom_api_key ) 139 $key = $wpcom_api_key; 140 $response = akismet_http_post("key=$key&blog=$blog", 'rest.akismet.com', '/1.1/verify-key', $akismet_api_port); 141 if ( !is_array($response) || !isset($response[1]) || $response[1] != 'valid' && $response[1] != 'invalid' ) 142 return 'failed'; 143 return $response[1]; 144 } 145 146 if ( !get_option('wordpress_api_key') && !$wpcom_api_key && !isset($_POST['submit']) ) { 147 function akismet_warning() { 148 echo " 149 <div id='akismet-warning' class='updated fade-ff0000'><p><strong>".__('Akismet is not active.')."</strong> ".sprintf(__('You must <a href="%1$s">enter your WordPress.com API key</a> for it to work.'), "plugins.php?page=akismet-key-config")."</p></div> 150 <style type='text/css'> 151 #adminmenu { margin-bottom: 5em; } 152 #akismet-warning { position: absolute; top: 7em; } 153 </style> 154 "; 155 } 156 add_action('admin_footer', 'akismet_warning'); 157 return; 158 } 159 160 // Returns array with headers in $response[0] and body in $response[1] 161 function akismet_http_post($request, $host, $path, $port = 80) { 162 global $wp_version; 163 164 $http_request = "POST $path HTTP/1.0\r\n"; 165 $http_request .= "Host: $host\r\n"; 166 $http_request .= "Content-Type: application/x-www-form-urlencoded; charset=" . get_option('blog_charset') . "\r\n"; 167 $http_request .= "Content-Length: " . strlen($request) . "\r\n"; 168 $http_request .= "User-Agent: WordPress/$wp_version | Akismet/2.0\r\n"; 169 $http_request .= "\r\n"; 170 $http_request .= $request; 171 172 $response = ''; 173 if( false != ( $fs = @fsockopen($host, $port, $errno, $errstr, 10) ) ) { 174 fwrite($fs, $http_request); 175 176 while ( !feof($fs) ) 177 $response .= fgets($fs, 1160); // One TCP-IP packet 178 fclose($fs); 179 $response = explode("\r\n\r\n", $response, 2); 180 } 181 return $response; 182 } 183 184 function akismet_auto_check_comment( $comment ) { 185 global $akismet_api_host, $akismet_api_port; 186 187 $comment['user_ip'] = preg_replace( '/[^0-9., ]/', '', $_SERVER['REMOTE_ADDR'] ); 188 $comment['user_agent'] = $_SERVER['HTTP_USER_AGENT']; 189 $comment['referrer'] = $_SERVER['HTTP_REFERER']; 190 $comment['blog'] = get_option('home'); 191 192 $ignore = array( 'HTTP_COOKIE' ); 193 194 foreach ( $_SERVER as $key => $value ) 195 if ( !in_array( $key, $ignore ) ) 196 $comment["$key"] = $value; 197 198 $query_string = ''; 199 foreach ( $comment as $key => $data ) 200 $query_string .= $key . '=' . urlencode( stripslashes($data) ) . '&'; 201 202 $response = akismet_http_post($query_string, $akismet_api_host, '/1.1/comment-check', $akismet_api_port); 203 if ( 'true' == $response[1] ) { 204 add_filter('pre_comment_approved', create_function('$a', 'return \'spam\';')); 205 update_option( 'akismet_spam_count', get_option('akismet_spam_count') + 1 ); 206 207 $post = get_post( $comment['comment_post_ID'] ); 208 $last_updated = strtotime( $post->post_modified_gmt ); 209 $diff = time() - $last_updated; 210 $diff = $diff / 86400; 211 212 if ( $post->post_type == 'post' && $diff > 30 && get_option( 'akismet_discard_month' ) == 'true' ) 213 die; 214 } 215 akismet_delete_old(); 216 return $comment; 217 } 218 219 function akismet_delete_old() { 220 global $wpdb; 221 $now_gmt = current_time('mysql', 1); 222 $wpdb->query("DELETE FROM $wpdb->comments WHERE DATE_SUB('$now_gmt', INTERVAL 15 DAY) > comment_date_gmt AND comment_approved = 'spam'"); 223 $n = mt_rand(1, 5000); 224 if ( $n == 11 ) // lucky number 225 $wpdb->query("OPTIMIZE TABLE $wpdb->comments"); 226 } 227 228 function akismet_submit_nonspam_comment ( $comment_id ) { 229 global $wpdb, $akismet_api_host, $akismet_api_port; 230 231 $comment = $wpdb->get_row("SELECT * FROM $wpdb->comments WHERE comment_ID = '$comment_id'"); 232 if ( !$comment ) // it was deleted 233 return; 234 $comment->blog = get_option('home'); 235 $query_string = ''; 236 foreach ( $comment as $key => $data ) 237 $query_string .= $key . '=' . urlencode( stripslashes($data) ) . '&'; 238 $response = akismet_http_post($query_string, $akismet_api_host, "/1.1/submit-ham", $akismet_api_port); 239 } 240 241 function akismet_submit_spam_comment ( $comment_id ) { 242 global $wpdb, $akismet_api_host, $akismet_api_port; 243 244 $comment = $wpdb->get_row("SELECT * FROM $wpdb->comments WHERE comment_ID = '$comment_id'"); 245 if ( !$comment ) // it was deleted 246 return; 247 if ( 'spam' != $comment->comment_approved ) 248 return; 249 $comment->blog = get_option('home'); 250 $query_string = ''; 251 foreach ( $comment as $key => $data ) 252 $query_string .= $key . '=' . urlencode( stripslashes($data) ) . '&'; 253 254 $response = akismet_http_post($query_string, $akismet_api_host, "/1.1/submit-spam", $akismet_api_port); 255 } 256 257 add_action('wp_set_comment_status', 'akismet_submit_spam_comment'); 258 add_action('edit_comment', 'akismet_submit_spam_comment'); 259 add_action('preprocess_comment', 'akismet_auto_check_comment', 1); 260 261 function akismet_spam_count() { 262 global $wpdb, $comments; 263 $count = wp_cache_get( 'akismet_spam_count', 'widget' ); 264 if ( false === $count ) { 265 $count = $wpdb->get_var("SELECT COUNT(comment_ID) FROM $wpdb->comments WHERE comment_approved = 'spam'"); 266 wp_cache_set( 'akismet_spam_count', $count, 'widget', 3600 ); 267 } 268 return $count; 269 } 270 271 function akismet_manage_page() { 272 global $wpdb, $submenu; 273 $count = sprintf(__('Akismet Spam (%s)'), akismet_spam_count()); 274 if ( isset( $submenu['edit-comments.php'] ) ) 275 add_submenu_page('edit-comments.php', __('Akismet Spam'), $count, 'moderate_comments', 'akismet-admin', 'akismet_caught' ); 276 elseif ( function_exists('add_management_page') ) 277 add_management_page(__('Akismet Spam'), $count, 'moderate_comments', 'akismet-admin', 'akismet_caught'); 278 } 279 280 function akismet_caught() { 281 global $wpdb, $comment, $akismet_caught, $akismet_nonce; 282 akismet_recheck_queue(); 283 if (isset($_POST['submit']) && 'recover' == $_POST['action'] && ! empty($_POST['not_spam'])) { 284 check_admin_referer( $akismet_nonce ); 285 if ( function_exists('current_user_can') && !current_user_can('moderate_comments') ) 286 die(__('You do not have sufficient permission to moderate comments.')); 287 288 $i = 0; 289 foreach ($_POST['not_spam'] as $comment): 290 $comment = (int) $comment; 291 if ( function_exists('wp_set_comment_status') ) 292 wp_set_comment_status($comment, 'approve'); 293 else 294 $wpdb->query("UPDATE $wpdb->comments SET comment_approved = '1' WHERE comment_ID = '$comment'"); 295 akismet_submit_nonspam_comment($comment); 296 ++$i; 297 endforeach; 298 $to = add_query_arg( 'recovered', $i, $_SERVER['HTTP_REFERER'] ); 299 wp_redirect( $to ); 300 exit; 301 } 302 if ('delete' == $_POST['action']) { 303 check_admin_referer( $akismet_nonce ); 304 if ( function_exists('current_user_can') && !current_user_can('moderate_comments') ) 305 die(__('You do not have sufficient permission to moderate comments.')); 306 307 $delete_time = addslashes( $_POST['display_time'] ); 308 $nuked = $wpdb->query( "DELETE FROM $wpdb->comments WHERE comment_approved = 'spam' AND '$delete_time' > comment_date_gmt" ); 309 wp_cache_delete( 'akismet_spam_count', 'widget' ); 310 $to = add_query_arg( 'deleted', 'all', $_SERVER['HTTP_REFERER'] ); 311 wp_redirect( $to ); 312 exit; 313 } 314 315 if ( isset( $_GET['recovered'] ) ) { 316 $i = (int) $_GET['recovered']; 317 echo '<div class="updated"><p>' . sprintf(__('%1$s comments recovered.'), $i) . "</p></div>"; 318 } 319 320 if (isset( $_GET['deleted'] ) ) 321 echo '<div class="updated"><p>' . __('All spam deleted.') . '</p></div>'; 322 323 if ( isset( $GLOBALS['submenu']['edit-comments.php'] ) ) 324 $link = 'edit-comments.php'; 325 else 326 $link = 'edit.php'; 327 ?> 328 <div class="wrap"> 329 <h2><?php _e('Caught Spam') ?></h2> 330 <?php 331 $count = get_option('akismet_spam_count'); 332 if ( $count ) { 333 ?> 334 <p><?php printf(__('Akismet has caught <strong>%1$s spam</strong> for you since you first installed it.'), number_format($count) ); ?></p> 335 <?php 336 } 337 $spam_count = akismet_spam_count(); 338 if (0 == $spam_count) { 339 echo '<p>'.__('You have no spam currently in the queue. Must be your lucky day. :)').'</p>'; 340 echo '</div>'; 341 } else { 342 echo '<p>'.__('You can delete all of the spam from your database with a single click. This operation cannot be undone, so you may wish to check to ensure that no legitimate comments got through first. Spam is automatically deleted after 15 days, so don’t sweat it.').'</p>'; 343 ?> 344 <?php if ( !isset( $_POST['s'] ) ) { ?> 345 <form method="post" action="<?php echo attribute_escape( add_query_arg( 'noheader', 'true' ) ); ?>"> 346 <?php akismet_nonce_field($akismet_nonce) ?> 347 <input type="hidden" name="action" value="delete" /> 348 <?php printf(__('There are currently %1$s comments identified as spam.'), $spam_count); ?> <input type="submit" name="Submit" value="<?php _e('Delete all'); ?>" /> 349 <input type="hidden" name="display_time" value="<?php echo current_time('mysql', 1); ?>" /> 350 </form> 351 <?php } ?> 352 </div> 353 <div class="wrap"> 354 <?php if ( isset( $_POST['s'] ) ) { ?> 355 <h2><?php _e('Search'); ?></h2> 356 <?php } else { ?> 357 <h2><?php _e('Latest Spam'); ?></h2> 358 <?php echo '<p>'.__('These are the latest comments identified as spam by Akismet. If you see any mistakes, simply mark the comment as "not spam" and Akismet will learn from the submission. If you wish to recover a comment from spam, simply select the comment, and click Not Spam. After 15 days we clean out the junk for you.').'</p>'; ?> 359 <?php } ?> 360 <?php 361 if ( isset( $_POST['s'] ) ) { 362 $s = $wpdb->escape($_POST['s']); 363 $comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE 364 (comment_author LIKE '%$s%' OR 365 comment_author_email LIKE '%$s%' OR 366 comment_author_url LIKE ('%$s%') OR 367 comment_author_IP LIKE ('%$s%') OR 368 comment_content LIKE ('%$s%') ) AND 369 comment_approved = 'spam' 370 ORDER BY comment_date DESC"); 371 } else { 372 if ( isset( $_GET['apage'] ) ) 373 $page = (int) $_GET['apage']; 374 else 375 $page = 1; 376 377 if ( $page < 2 ) 378 $page = 1; 379 380 $start = ( $page - 1 ) * 50; 381 $end = $start + 50; 382 383 $comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_approved = 'spam' ORDER BY comment_date DESC LIMIT $start, $end"); 384 $total = $wpdb->get_var( "SELECT COUNT(*) FROM $wpdb->comments WHERE comment_approved = 'spam'" ); 385 } 386 387 if ($comments) { 388 ?> 389 390 <?php if ( $total > 50 ) { 391 $total_pages = ceil( $total / 50 ); 392 $r = ''; 393 if ( 1 < $page ) { 394 $args['apage'] = ( 1 == $page - 1 ) ? '' : $page - 1; 395 $r .= '<a class="prev" href="' . clean_url(add_query_arg( $args )) . '">« '. __('Previous Page') .'</a>' . "\n"; 396 } 397 if ( ( $total_pages = ceil( $total / 50 ) ) > 1 ) { 398 for ( $page_num = 1; $page_num <= $total_pages; $page_num++ ) : 399 if ( $page == $page_num ) : 400 $r .= "<strong>$page_num</strong>\n"; 401 else : 402 $p = false; 403 if ( $page_num < 3 || ( $page_num >= $page - 3 && $page_num <= $page + 3 ) || $page_num > $total_pages - 3 ) : 404 $args['apage'] = ( 1 == $page_num ) ? '' : $page_num; 405 $r .= '<a class="page-numbers" href="' . clean_url(add_query_arg($args)) . '">' . ( $page_num ) . "</a>\n"; 406 $in = true; 407 elseif ( $in == true ) : 408 $r .= "...\n"; 409 $in = false; 410 endif; 411 endif; 412 endfor; 413 } 414 if ( ( $page ) * 50 < $total || -1 == $total ) { 415 $args['apage'] = $page + 1; 416 $r .= '<a class="next" href="' . clean_url(add_query_arg($args)) . '">'. __('Next Page') .' »</a>' . "\n"; 417 } 418 echo "<p>$r</p>"; 419 ?> 420 421 <?php } ?> 422 <form method="post" action="<?php echo attribute_escape("$link?page=akismet-admin"); ?>" id="akismetsearch"> 423 <p> <input type="text" name="s" value="<?php if (isset($_POST['s'])) echo attribute_escape($_POST['s']); ?>" size="17" /> 424 <input type="submit" name="submit" value="<?php echo attribute_escape(__('Search')) ?>" /> </p> 425 </form> 426 <form method="post" action="<?php echo attribute_escape( add_query_arg( 'noheader', 'true' ) ); ?>"> 427 <?php akismet_nonce_field($akismet_nonce) ?> 428 <input type="hidden" name="action" value="recover" /> 429 <ul id="spam-list" class="commentlist" style="list-style: none; margin: 0; padding: 0;"> 430 <?php 431 $i = 0; 432 foreach($comments as