wordyeah/stop-spammers-classic
1
0
Fork 0
mirror of https://gh.wpcy.net/https://github.com/webguyio/stop-spammers-classic.git synced 2026-05-26 02:02:57 +08:00
Code Issues Projects Packages Activity Actions
stop-spammers-classic/modules/chksession.php
Web Guy 4b76c597fb Ver 2026
2026-01-09 18:58:47 -07:00

56 lines
No EOL
2.1 KiB
PHP
Raw Permalink Blame History

<?php
// this checks the generated Allow List cidrs that I have been collecting
// this list includes good hosting and ISPs
if ( !defined( 'ABSPATH' ) ) {
status_header( 404 );
exit;
}
class chksession {
public function process( $ip, &$stats = array(), &$options = array(), &$post = array() ) {
// this uses cookies - it may break programs that need to get to cookies first
// move this to main line
// phpcs:ignore WordPress.Security.NonceVerification.Missing -- Only checking if POST exists for timing validation, not processing data
if ( !isset( $_POST ) || empty( $_POST ) ) { // no post defined
if ( !isset( $_COOKIE['ss_protection_time'] ) ) { // if previous set do not reset
setcookie( 'ss_protection_time', strtotime( "now" ), strtotime( '+1 min' ) );
}
return false;
}
// post is set - check the timeout
// need to get sname
$sname = '';
if ( array_key_exists( "REQUEST_URI", $_SERVER ) ) {
$sname = sanitize_url( wp_unslash( $_SERVER["REQUEST_URI"] ) );
} else if ( array_key_exists( "SCRIPT_URI", $_SERVER ) ) {
$sname = sanitize_url( wp_unslash( $_SERVER["SCRIPT_URI"] ) );
if ( strpos( $sname, '?' ) !== false ) {
$sname = substr( $sname, 0, strpos( $sname, '?' ) );
}
$sname = $sname;
} else if ( array_key_exists( "PHP_SELF", $_SERVER ) ) {
$sname = substr( sanitize_text_field( wp_unslash( $_SERVER['PHP_SELF'] ) ), 1 );
}
// echo "Testing Session '$sname'<br>";
if ( empty( $sname ) ) {
return false;
}
$sesstime = 2; // nobody can do it in 3 seconds
if ( !defined( "WP_CACHE" ) || ( !WP_CACHE ) ) {
if ( strpos( $sname, 'wp-login.php' ) === false ) { // don't check for logins - too many failures
if ( isset( $_COOKIE['ss_stop_spammers_time'] ) ) {
$stime = sanitize_text_field( wp_unslash( $_COOKIE['ss_stop_spammers_time'] ) );
$tm = strtotime( "now" ) - $stime;
if ( $tm > 0 && $tm <= $sesstime ) { // zero seconds is wrong, too - it means that session was set somewhere
// takes longer than 2 seconds to really type a comment
return 'Session Speed — ' . $tm . ' seconds';
}
}
}
}
return false;
}
}
?>
Reference in a new issue View git blame Copy permalink