didform)
return;
$this->didform = true;
$num = rand(1000, 9999);
$hash = md5(uniqid(rand(), true));
$_SESSION['jsspamblock'][$hash] = $num;
?>
header();
$log = false;
if(JSSPAMBLOCK_LOGFILE != ''){
$log = fopen(JSSPAMBLOCK_LOGFILE, 'a');
}
$comments_table = $wpdb->prefix . "comments";
// It is unlikely that bots do have a login - so we don't need to check logged in users
// which is a workaround for the admin-reply-to-comment stuff
if (!is_user_logged_in()) {
if(!isset($_POST['jsspamblock_hidden'])){
wp_die(__('It appears that JS SpamBlock is not installed properly. Please check the documentation for instructions on installation for WordPress templates without a comment form hook.'));
}
$hash = $_POST['jsspamblock_hidden'];
$code = $wpdb->escape(isset($_POST['jsspamblock_input'])?$_POST['jsspamblock_input']:'');
if(isset($_SESSION['jsspamblock'][$hash]) && $code == $_SESSION['jsspamblock'][$hash]) {
unset($_SESSION['jsspamblock'][$hash]);
// comment is ok, do nothing
if($log){
fwrite($log, "Comment approved from ".$_SERVER['REMOTE_ADDR']." at ".date('M j, Y - G:i:s')." ($code, $hash)".PHP_EOL);
}
} else {
if(!preg_match('/^\d+$/', $id)){
// ID given is not a valid number
return;
} else {
if($log){
fwrite($log, "Comment REJECTED from ".$_SERVER['REMOTE_ADDR']." at ".date('M j, Y - G:i:s')." ($code, $hash)".PHP_EOL);
}
if(JSSPAMBLOCK_DELETECOMMENTS){
$sql = "DELETE FROM $comments_table WHERE comment_id = $id";
} else {
$sql = "UPDATE $comments_table SET comment_approved = 'spam' WHERE comment_id = $id";
}
$wpdb->query($sql);
wp_die( __('In order to prevent spam, you must manually copy the given number if you do not have JavaScript enabled. Please go back and try again.'));
}
}
return $id;
}
}
}
if(!function_exists('wp_die')){
function wp_die($message){
?>
WordPress › Error