<?php
/*
Plugin Name: WassUp Real Time Analytics
Plugin URI: http://www.wpwp.org
Description: Analyze your website traffic with accurate, real-time stats, live views, visitor counts, top stats, IP geolocation, customizable tracking, and more. For Wordpress 2.2+
Version: 1.9.4.5
Author: Michele Marcucci, Helene Duncker
Author URI: http://www.michelem.org/
Text Domain: wassup
Domain Path: /language
License: GPL2
Copyright (c) 2007-2020 Michele Marcucci
Released under the GNU General Public License GPLv2 or later
http://www.gnu.org/licenses/gpl-2.0.html
Disclaimer:
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU General Public License for more details.
*/
//-------------------------------------------------
//# No direct requests for plugin file "wassup.php"
$wassupfile=preg_replace('/\\\\/','/',__FILE__); //for windows
//abort if this is direct request for file
if((!empty($_SERVER['SCRIPT_FILENAME']) && realpath($_SERVER['SCRIPT_FILENAME'])===realpath($wassupfile)) ||
(!empty($_SERVER['PHP_SELF']) && preg_match('#'.str_replace('#','\#',preg_quote($_SERVER['PHP_SELF'])).'$#',$wassupfile)>0)){
//try track this uri request for "wassup.php"
if(!headers_sent()){
//can't track 403-forbidden, so use 404 instead
//location value triggers redirect to WordPress' 404 error page so Wassup can track this attempt to access itself (original uri request is lost)
header('Location: /?p=404page&werr=wassup403'.'&wf='.basename($wassupfile));
exit;
}else{
//'wp_die' is undefined here
die('<strong>Sorry. Unable to display requested page.</strong>');
}
//abort if no WordPress
}elseif(!defined('ABSPATH') || empty($GLOBALS['wp_version'])){
//'wp_die' is undefined here
die("Bad Request: ".htmlspecialchars(preg_replace('/(�*37;?|&?#0*37;?|�*38;?#0*37;?|%)(?:[01][0-9A-F]|7F)/i','',$_SERVER['REQUEST_URI'])));
}
//-------------------------------------------------
//### Setup and startup functions
/**
* Set up WassUp environment in Wordpress
* @since v1.9
*/
function wassup_init($init_settings=false){
global $wp_version,$wassup_options,$wdebug_mode;
//define wassup globals & constants
if(!defined('WASSUPVERSION')){
define('WASSUPVERSION','1.9.4.5');
define('WASSUPDIR',dirname(preg_replace('/\\\\/','/',__FILE__)));
}
//turn on debugging in Wassup (global)...Use cautiously! May display errors from other plugins, not just WassUp
$wdebug_mode=false;
if(defined('WP_DEBUG') && WP_DEBUG==true) $wdebug_mode=true;
if($wdebug_mode){
$active_plugins=maybe_serialize(get_option('active_plugins'));
//turn off debug mode if this is ajax action request @since v1.9.2
if((!empty($_REQUEST['action']) && isset($_REQUEST['wajax'])) || (defined('DOING_AJAX') && DOING_AJAX)){
$wdebug_mode=false;
@wassup_disable_errors();
}elseif(isset($_REQUEST['wc-ajax']) && preg_match('#/woocommerce\.php#',$active_plugins)>0){ //woocommerce ajax
$wdebug_mode=false;
@wassup_disable_errors();
}else{
//allow error_reporting when WP_DEBUG is not set @since v1.9.4.4
if(!defined("WP_DEBUG") || WP_DEBUG===false){
@wassup_enable_errors();
}
if(headers_sent()){
//an error was likely displayed to screen
echo "\n".'<!-- wassup_init start -->';
}
}
}
//load language translation
if(empty($GLOBALS['locale']) || strlen($GLOBALS['locale'])>5) $current_locale=get_locale();
else $current_locale=$GLOBALS['locale'];
if(!empty($current_locale) && $current_locale !="en_US"){
$moFile=WASSUPDIR."/language/".$current_locale.".mo";
if(@is_readable($moFile)){
load_textdomain('wassup',$moFile);
}elseif(strlen($current_locale)<6){
//try load translation file with language code x2 as locale @since v1.9.3
$lang_only=substr($current_locale,0,2).'_'.strtoupper(substr($current_locale,0,2));
if($lang_only != $current_locale && preg_match('/^[a-z]{2}_[A-Z]{2}$/',$lang_only)>0){
$moFile=WASSUPDIR."/language/".$lang_only."mo";
if(@is_readable($moFile))
load_textdomain('wassup',$moFile);
}
}
}
//check Wordpress and PHP compatibility and load compatibility modules before using 'plugins_url' function
$php_vers=phpversion();
$is_compatible=true;
if(version_compare($wp_version,'4.5','<') || version_compare($php_vers,'5.2','<')){
include_once(WASSUPDIR.'/lib/compatibility.php');
$is_compatible=wassup_check_compatibility();
}
//load required modules
if($is_compatible){
if(!class_exists('wassupOptions')) require_once(WASSUPDIR.'/lib/wassup.class.php');
define('WASSUPURL',plugins_url(basename(WASSUPDIR)));
//additional modules are loaded as needed
//require_once(WASSUPDIR.'/lib/wassupadmin.php');
//require_once(WASSUPDIR.'/lib/main.php');
//include_once(WASSUPDIR.'/lib/uadetector.class.php');
//initialize wassup settings for new multisite subsites
if($init_settings){
$wassup_options=new wassupOptions(true);
//save settings only if this is a network subsite
if(is_multisite() && !is_network_admin() && !is_main_site() && $wassup_options->network_activated_plugin()){
if(empty($wassup_options->wassup_version) || $wassup_options->wassup_version !=WASSUPVERSION){
$wassup_options->wassup_version=WASSUPVERSION;
$wassup_options->saveSettings();
}
}
}else{
//Load existing wassup wp_option settings, if any
$wassup_settings=get_option('wassup_settings');
if(count($wassup_settings)>1 && !empty($wassup_settings['wassup_version']) && $wassup_settings['wassup_version']==WASSUPVERSION){
$wassup_options=new wassupOptions;
}else{
//'else' shouldn't happen unless 'wassup_settings' wp_option record is corrupted or deleted/locked by another application
$wassup_options=new wassupOptions(true);
//corruption maybe caused by a 'wassup_install' interrupt or time out before update is done, so try re-save settings @since v1.9.2
//$wassup_options->wassup_version=WASSUPVERSION;
$wassup_options->saveSettings();
}
}
}else{
if(function_exists('is_network_admin') && is_network_admin()){
add_action('network_admin_notices','wassup_show_compat_message');
}else{
add_action('admin_notices','wassup_show_compat_message');
}
}
if($wdebug_mode && headers_sent()){
//an error message was likely displayed to screen
echo "\n"."<!-- is_compatible=$is_compatible \ncurrent_local=$current_locale \ninit_settings=$init_settings \nwassup_init end -->"."\n";
}
return $is_compatible;
} //end wassup_init
/**
* Install or upgrade Wassup plugin.
* - check wordpress compatibility
* - set initial plugin settings
* - check for multisite and set initial wassup network settings
* - create/upgrade Wassup tables.
* - save wassup settings and wassup network settings.
* @todo - enable network activation for subdomain networks
* @param boolean (for multisite network activation)
* @return void
*/
function wassup_install($network_wide=false) {
global $wpdb,$wp_version,$wassup_options,$wdebug_mode;
$wassup_settings=get_option('wassup_settings'); //save old settings
$wassup_network_settings=array();
//first check Wordpress compatibility via 'wassup_init'
if(!defined('WASSUPURL')){
if(!wassup_init(true)){
wassup_show_compat_message();
exit(1);
}
}
//additional install/upgrade functions in "upgrade.php" module
if (file_exists(WASSUPDIR.'/lib/upgrade.php')) {
require_once(WASSUPDIR.'/lib/upgrade.php');
} else {
echo sprintf(__("File %s does not exist!","wassup"),WASSUPDIR.'/lib/upgrade.php');
exit(1);
}
//initialize/update wassup_settings in wp_options
if(empty($wassup_options) || empty($wassup_options->wassup_version) || $wassup_options->wassup_version != WASSUPVERSION){
$wassup_options=new wassupOptions(true);
}
//network-wide settings for multisite @since v1.9
if(is_multisite()){
if(is_network_admin()){
$network_wide=true;
//no network activation in subdomain networks, subdomain sites must activate Wassup separately @TODO
if(is_subdomain_install()){
//long error message is NOT displaying for network activation error in WordPress 4.6.1, so use 'wp_die' instead of 'echo/exit' @since v1.9.1
$err = __("Sorry! \"Network Activation\" is DISABLED for subdomain networks.","wassup");
$err .= ' '.sprintf(__("%s must be activated on each subdomain site separately.","wassup"),'<strong>Wassup Plugin</strong>');
$err .=' <br/>'.__("Activate plugin on your parent domain (main site) to set default options for your network.","wassup");
$err .= '<br/><br/><a href="'.network_admin_url("plugins.php").'">'.__("Back to Plugins","wassup").'</a>';
wp_die($err);
}
$wassup_network_settings=wassup_network_install($network_wide);
}else{
$network_wide=false;
$wassup_network_settings=wassup_network_install($network_wide);
$subsite_settings=wassup_subsite_install($wassup_network_settings);
if(!empty($subsite_settings)) $wassup_options->loadSettings($subsite_settings);
}
}else{
$network_wide=false;
}
//set table names
//reset Wassup table name if wpdb prefix has changed @since v1.9
if(empty($wassup_options->wassup_table) || !wassupDb::table_exists($wassup_options->wassup_table)){
if($network_wide){
if(empty($wassup_network_settings['wassup_table']) || !wassupDb::table_exists($wassup_network_settings['wassup_table'])) $wassup_table=$wpdb->base_prefix . "wassup";
else $wassup_table= $wassup_network_settings['wassup_table'];
}else{
$wassup_table=$wpdb->prefix . "wassup";
}
}else{
$wassup_table=$wassup_options->wassup_table;
}
$wassup_meta_table=$wassup_table."_meta";
$wassup_options->wassup_table=$wassup_table;
//Important! Turn off 'wassup_active' setting during upgrade
$active_status=1;
if(!empty($wassup_settings)){
//save current 'wassup_active' setting prior to upgrade for later restore
$active_status=$wassup_settings['wassup_active'];
if($network_wide && !empty($wassup_network_settings['wassup_active'])){
$wassup_network_settings['wassup_active']="0";
update_site_option('wassup_network_settings',$wassup_network_settings);
}elseif(!empty($active_status)){
$wassup_options->wassup_active="0";
$wassup_options->saveSettings();
}
//cancel all scheduled Wassup wp-cron jobs in case Wassup wp-cron jobs not previously canceled
if(!empty($wassup_options->wassup_upgraded) || (!empty($wassup_options->wassup_version) && version_compare($wassup_options->wassup_version,"1.9",">="))){
wassup_cron_terminate();
}
}
//Do the table upgrade
$admin_message="";
$wsuccess=false;
//upgrade table for new version of WassUp, after reset-to-default, or when table structure is outdated
if(empty($wassup_options->wassup_version) || WASSUPVERSION != $wassup_options->wassup_version || $wassup_options->wassup_upgraded==0 || !wassup_upgradeCheck()){
//increase script timeout to 16 minutes to prevent activation failure due to script timeout (browser timeout can still occur)
$stimeout=ini_get("max_execution_time");
if(is_numeric($stimeout) && $stimeout>0 && $stimeout < 990){
//check for 'set_time_limit' in disabled functions before changing script timeout
$disabled_funcs=ini_get('disable_functions');
if((empty($disabled_funcs) || strpos($disabled_funcs,'set_time_limit')===false) && !ini_get('safe_mode')){
@set_time_limit(990);
}
}
//do the table upgrade
$wassup_options->wassup_upgraded=0;
$wsuccess=wassup_tableInstaller($wassup_table);
if($wsuccess){
$admin_message=__("Database created/upgraded successfully","wassup");
}else{
$admin_message=__("An error occurred during the upgrade. WassUp table structure may not have been updated properly.","wassup");
}
}else{
//separate message for re-activation without table upgrade @since v1.9
$admin_message=__("activation successful","wassup");
if(!empty($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'],'plugin-install.php')==false){
if(!is_multisite() || is_main_site() || is_network_admin()) $admin_message=__("activation successful. No upgrade necessary.","wassup");
}
}
//verify that main table is installed, then save settings
$wassup_table=$wassup_options->wassup_table; //in case changed
$wassup_meta_table=$wassup_table."_meta";
if(wassupDb::table_exists($wassup_options->wassup_table)){
$wassup_options->wassup_alert_message=$admin_message;
//update settings
if($wsuccess){
//update network settings
if($network_wide){
if(!is_subdomain_install()) $wassup_network_settings['wassup_table']=$wassup_table;
else unset($wassup_network_settings['wassup_table']);
$wassup_network_settings['wassup_active']=1;
update_site_option('wassup_network_settings',$wassup_network_settings);
}
//update site settings
//check the upgrade timestamp to prevent repeat of 'wassup_settings_install()' (runs in 'upgrade.php')
if(empty($wassup_options->wassup_upgraded) || ((int)time() - (int)$wassup_options->wassup_upgraded) >180){
wassup_settings_install($wassup_table);
}
$wassup_upgraded=time();
$wassup_options->wassup_version=WASSUPVERSION;
}elseif(!wassup_upgradeCheck($wassup_table)){
//table not upgraded - exit with error
if(!empty($admin_message)) $error_msg=$admin_message;
else $error_msg='<strong style="color:#c00;padding:5px;">'.sprintf(__("%s: database upgrade failed!","wassup"),"Wassup ".WASSUPVERSION).'</strong>';
if($wdebug_mode) $error_msg .=" <br/>wassup table: $wassup_table wassup_meta table: $wassup_meta_table";
echo $error_msg;
exit(1);
}
$wassup_options->wassup_active=$active_status;
$wassup_options->saveSettings();
//schedule regular cleanup of temp recs @since v1.9
if(!empty($active_status)) wassup_cron_startup();
}else{
//table not upgraded - exit with error
$error_msg='<strong style="color:#c00;padding:5px;">'.sprintf(__("%s: plugin install/upgrade failed!","wassup"),"Wassup ".WASSUPVERSION).'</strong>';
if($wdebug_mode) $error_msg .=" <br/>wassup table: $wassup_table wassup_meta table: $wassup_meta_table";
echo $error_msg;
exit(1); //exit with error
}
} //end wassup_install
/**
* Completely remove all wassup tables and options from Wordpress and deactivate plugin, if needed.
*
* NOTES:
* - no Wassup classes, globals, constants or functions are used during uninstall per Wordpress 'uninstall' hook requirement
* - no compatibility functions are loaded, so use 'function_exists' check for functions after Wordpress 2.2
* @param boolean (for multisite uninstall)
* @return void
*/
function wassup_uninstall($network_wide=false){
global $wpdb,$wp_version,$current_user;
$wassup_network_settings=array();
if(empty($current_user->ID)) wp_get_current_user();
//for multisite uninstall,
if(function_exists('is_multisite') && is_multisite()){
if($network_wide || is_network_admin()){
$network_wide=true;
$subsite_ids=$wpdb->get_col(sprintf("SELECT `blog_id` FROM `$wpdb->blogs` WHERE `site_id`='%d' ORDER BY `blog_id` DESC",$GLOBALS['current_blog']->site_id));
}
if(empty($subsite_ids) || is_wp_error($subsite_ids)){
$network_wide=false;
$subsite_ids = array("0"); //current site uninstall
}
}else{ //for single-site uninstall
$network_wide=false;
$subsite_ids = array("0");
}
//wassup should not be active during network uninstall
if($network_wide){
$wassup_network_settings=get_site_option('wassup_network_settings');
if(!empty($wassup_network_settings['wassup_active'])){
$wassup_network_settings['wassup_active']="0";
update_site_option('wassup_network_settings',$wassup_network_settings);
}
}
//remove tables and settings for each subsite (or single-site)
foreach($subsite_ids as $subsite_id){
if($network_wide) switch_to_blog($subsite_id);
$wassup_settings = get_option('wassup_settings');
//first, stop recording (when plugin is still running)
if(!$network_wide && !empty($wassup_settings['wassup_active'])){
$wassup_settings['wassup_active']="0";
update_option('wassup_settings',$wassup_settings);
}
//wp-ajax actions may persist, so remove it
remove_action('wp_ajax_wassup_action_handler','wassup_action_handler');
//wp-cron actions may persist, so remove them
remove_action('wassup_scheduled_cleanup','wassup_temp_cleanup');
remove_action('wassup_scheduled_purge','wassup_auto_cleanup');
remove_action('wassup_scheduled_dbtasks',array('wassupDb','scheduled_dbtask'));
//scheduled tasks in wp-cron persist, so remove them
if(version_compare($wp_version,'3.0','>')){
wp_clear_scheduled_hook('wassup_scheduled_cleanup');
wp_clear_scheduled_hook('wassup_scheduled_purge');
wp_clear_scheduled_hook('wassup_scheduled_dbtasks');
if(!is_multisite() || is_main_site() || empty($wassup_network_settings['wassup_table'])){
remove_action('wassup_scheduled_optimize',array('wassupDb','scheduled_dbtask'));
wp_clear_scheduled_hook('wassup_scheduled_optimize');
}
}
//aside widgets persist, so remove them
$wassup_widgets=array('wassup_online','wassup_topstats');
foreach ($wassup_widgets AS $wwidget){
if(function_exists('unregister_widget')){
unregister_widget($wwidget."Widget");
}else{
wp_unregister_sidebar_widget($wwidget);
}
//cleanup aside widget options from wp_option
$deleted=$wpdb->query(sprintf("DELETE FROM {$wpdb->prefix}options WHERE `option_name` LIKE 'widget_%s'",$wwidget.'%'));
}
//if plugin is still running, deactivate it
if(function_exists('is_plugin_active') && function_exists('deactivate_plugins')){
$wfile=preg_replace('/\\\\/','/',__FILE__);
$wassupplugin=plugin_basename($wfile);
if(is_plugin_active($wassupplugin)){
deactivate_plugins($wassupplugin);
}elseif(is_plugin_active(basename(dirname(__FILE__)))){
deactivate_plugins(basename(dirname(__FILE__)));
}
}
//remove wassup tables
//$wassup_table = $wassup_settings['wassup_table'];
$wassup_table = $wpdb->prefix."wassup";
$table_tmp_name = $wassup_table."_tmp";
$table_meta_name = $wassup_table."_meta";
//purge wassup tables- WARNING: this is a permanent erase!!
if(version_compare($wp_version,'3.1','>')){
$dropped=$wpdb->query("DROP TABLE IF EXISTS $table_meta_name");
$dropped=$wpdb->query("DROP TABLE IF EXISTS $table_tmp_name");
$dropped=$wpdb->query("DROP TABLE IF EXISTS $wassup_table");
}
//make sure tables were dropped (compatibility code) @since v1.9.2
if($wpdb->get_var(sprintf("SHOW TABLES LIKE '%s'",like_escape($wassup_table)))==$wassup_table){
//"if exists" in wpdb::query caused error in early versions of Wordpress
if($wpdb->get_var(sprintf("SHOW TABLES LIKE '%s'",like_escape($table_meta_name)))==$table_meta_name){
$dropped=$wpdb->query("DROP TABLE $table_meta_name");
}
if($wpdb->get_var(sprintf("SHOW TABLES LIKE '%s'",like_escape($table_tmp_name)))==$table_tmp_name){
$dropped=$wpdb->query("DROP TABLE $table_tmp_name");
}
$dropped=$wpdb->query("DROP TABLE $wassup_table");
}
//delete settings from wp_option and wp_usermeta tables
delete_option('wassup_settings');
//only current_user's settings are deleted here, all other users' wassup_settings are deleted outside foreach loop
if(function_exists('delete_user_option')) {
delete_user_option($current_user->ID,'_wassup_settings');
}else{
delete_usermeta($current_user->ID,$wpdb->prefix.'_wassup_settings');
}
} //end foreach
//lastly, delete network settings & users' settings
if($network_wide){
restore_current_blog();
delete_site_option('wassup_network_settings');
$deleted=$wpdb->query(sprintf("DELETE FROM `%s` WHERE `meta_key` LIKE '%%_wassup_settings'",$wpdb->base_prefix."usermeta"));
}elseif(!function_exists('is_multisite') || !is_multisite()){
//delete 'wassup_settings' from wp_usermeta for all users in single-site install
$deleted=$wpdb->query(sprintf("DELETE FROM `%s` WHERE `meta_key` LIKE '%%_wassup_settings'",$wpdb->prefix."usermeta"));
}
} //end wassup_uninstall
/** Stop Wassup wp-cron and wp-ajax on deactivation. @since v1.9 */
function wassup_deactivate(){
global $wp_version;
//wp-ajax action may persist, so remove it
remove_action('wp_ajax_wassup_action_handler','wassup_action_handler');
//wassup_cron_terminate();
//wp-cron actions may persist, so remove them
remove_action('wassup_scheduled_cleanup','wassup_temp_cleanup');
remove_action('wassup_scheduled_purge','wassup_auto_cleanup');
remove_action('wassup_scheduled_dbtasks',array('wassupDb','scheduled_dbtask'));
//scheduled tasks in wp-cron persist, so remove them
if(version_compare($wp_version,'3.0','>')){
wp_clear_scheduled_hook('wassup_scheduled_cleanup');
wp_clear_scheduled_hook('wassup_scheduled_purge');
wp_clear_scheduled_hook('wassup_scheduled_dbtasks');
if(!is_multisite() || is_main_site() || empty($wassup_network_settings['wassup_table'])){
remove_action('wassup_scheduled_optimize',array('wassupDb','scheduled_dbtask'));
wp_clear_scheduled_hook('wassup_scheduled_optimize');
}
}
}
/**
* Start Wassup plugin
* -assign plugin functions to Wordpress init (preload)
* @since v1.9
*/
function wassup_start(){
//startup wassup
add_action('init','wassup_preload',11);
add_action('login_init','wassup_preload',11); //separate action
add_action('admin_init','wassup_admin_preload',11);
add_action('plugins_loaded','wassup_load');
}
/**
* Perform plugin tasks for before http headers are sent.
* -block obvious xss and sql injection attempts on Wassup itself
* -initialize new network subsite settings (via 'wassup_init'), if any
* -setup maintenance tasks for wp-ajax/wp_cron/wp_login hook actions
* -start wassup tracking
*/
function wassup_preload(){
global $wp_version,$current_user,$wassup_options,$wdebug_mode;
//block any obvious sql injection attempts involving WassUp
$request_uri=$_SERVER['REQUEST_URI'];
if(!$request_uri) $request_uri=$_SERVER['SCRIPT_NAME']; // IIS
if(stristr($request_uri,'wassup')!==false && strstr($request_uri,'err=wassup403')===false){
$error_msg="";
//don't test logged-in user requests
if(!is_user_logged_in()){
if(preg_match('/(<|<?|�*60;?|%3C)scr(ipt|[^0-9a-z\-_])/i',$request_uri)>0){
$error_msg=__('Bad request!','wassup');
if($wdebug_mode) $error_msg .=" xss not allowed.";
}elseif(preg_match('/[&?][^=]+=\-[19]+|(select|update|delete|alter|drop|union|create)[ %&][^w]+wp_/i',str_replace(array('\\','\','"','%22','"','"',''','\'','`','`'),'',$request_uri))>0){
$error_msg=__('Bad request!','wassup');
if($wdebug_mode) $error_msg .=" special chars not allowed.";
}
}
//abort bad requests
if(!empty($error_msg)){
if($wdebug_mode){
wp_die($error_msg.' :'.esc_attr(preg_replace('/(�*37;?|&?#0*37;?|�*38;?#0*37;?|%)(?:[01][0-9A-F]|7F)/i','---',$_SERVER['REQUEST_URI'])));
}
//redirect bad requests to 404 error page
if(!headers_sent()) header('Location: /?p=404page&werr=wassup403');
else wp_die($error_msg);
exit;
}
}
//load Wassup settings and includes
if(!defined('WASSUPURL')){
//load Wassup settings for new network subsites
if(function_exists('is_network_admin') && !is_network_admin() && !is_main_site()) $is_compatible=wassup_init(true);
else $is_compatible=wassup_init();
if(!$is_compatible){ //do nothing
return;
}
}
if($wdebug_mode && headers_sent()){
//an error message was likely displayed to screen
echo "\n".'<!-- wassup_preload start -->';
}
//fix for object error seen in support forum, but redundant to fix already in 'wassup_init' @since v1.9.2
if(empty($wassup_options)){
if(!class_exists('wassupOptions')) require_once(WASSUPDIR.'/lib/wassup.class.php');
$wassup_options=new wassupOptions;
if(empty($wassup_options)) return; //nothing to do
}
//reset wassup user settings at login @since v1.9
add_action('wp_login',array($wassup_options,'resetUserSettings'),9,2);
//assign action handler for wp-ajax operations @since v1.9.1
if(!function_exists('wassup_action_handler')){
require_once(WASSUPDIR .'/lib/action.php');
}
add_action('wp_ajax_wassup_action_handler','wassup_action_handler');
//for backward compatibility with older versions of Wordpress
//..runs 'admin_init' hook functions for Wordpress 2.2 - 2.5
if(function_exists('wassup_compat_preload')){
wassup_compat_preload();
}
//Start maintenance tasks & visitor tracking
if(!empty($wassup_options) && $wassup_options->is_recording_active()){
//add actions for wp-cron scheduled tasks - @since v1.9
if(!has_action('wassup_scheduled_dbtasks')) add_action('wassup_scheduled_dbtasks',array('wassupDb','scheduled_dbtask'),10,1);
if(!is_multisite() || is_main_site() || !$wassup_options->network_activated_plugin()){
if (!has_action('wassup_scheduled_optimize')) add_action('wassup_scheduled_optimize',array('wassupDb','scheduled_dbtask'),10,1);
}
//add custom actions for cleanup of inactive wassup_tmp records and expired cache records, if needed
if(!has_action('wassup_scheduled_cleanup')) add_action('wassup_scheduled_cleanup','wassup_temp_cleanup');
if(!empty($wassup_options->delete_auto) && $wassup_options->delete_auto !="never"){
if(!has_action('wassup_scheduled_purge')) add_action('wassup_scheduled_purge','wassup_auto_cleanup');
}
//track visitors
wassupPrepend();
}
if($wdebug_mode && headers_sent()){
//an error message was likely displayed to screen
echo "\n".'<!-- wassup_preload end -->'."\n";
}
} // end wassup_preload
/**
* Perform plugin actions for before start of page rendering.
* - load Wassup widgets
* - load footer tag/javascripts
*/
function wassup_load() {
global $wassup_options;
if(!defined('WASSUPURL')){
if(!wassup_init()) return; //nothing to do
}
//load widgets and visitor tracking footer scripts
if(!empty($wassup_options)){
if($wassup_options->is_recording_active()){
add_action("widgets_init",'wassup_widget_init',9);
if(is_admin()) add_action('admin_footer','wassup_foot');
else add_action('wp_footer','wassup_foot');
}
//load admin interface
if(is_admin()){
if(!function_exists('wassup_admin_load')) require_once(WASSUPDIR.'/lib/wassupadmin.php');
wassup_admin_load();
}
}
} //end wassup_load
//-------------------------------------------------
//### Admin functions
// WassUp admin panels and menus display functions are in a separate module, "wassupadmin.php" @since v1.9.1
/**
* Perform plugin admin tasks for before http headers are sent.
* - run 'initialize settings' for new network subsites, if needed
* - hook function for plugin deactivation actions
* - run Wassup ajax requests manually, if needed
* - run export request, if any
* - hook function for javascript libraries and frameworks load
* @since v1.9
*/
function wassup_admin_preload() {
global $wpdb, $wp_version, $wassup_options, $wdebug_mode;
if(!defined('WASSUPURL')){
//initializes new network subsites settings, if needed
if(function_exists('is_network_admin') && !is_network_admin() && !is_main_site()) $is_compatible=wassup_init(true);
else $is_compatible=wassup_init();
if(!$is_compatible) return; //nothing to do
}
//uninstall on deactivation when 'wassup_uninstall' option is set...applies to multisite subdomains and Wordpress 2.x setups only
if(!empty($wassup_options->wassup_uninstall)){
register_deactivation_hook(__FILE__,'wassup_uninstall');
}else{
register_deactivation_hook(__FILE__,'wassup_deactivate');
}
if(!empty($_GET['page']) && stristr($_GET['page'],"wassup")!==false){
//manually run ajax action handler for Wassup ajax only
if(!empty($_REQUEST['action']) && isset($_REQUEST['wajax'])){
if(!defined('DOING_AJAX') || !DOING_AJAX){ //superfluous test..applies to 'admin-ajax.php' requests only
do_action('wp_ajax_wassup_action_handler',$_REQUEST['action']);
}
exit;
}
//do export early
if(isset($_REQUEST['export'])){
export_wassup();
}
}
//wassup scripts and css
add_action('admin_enqueue_scripts','wassup_add_scripts',12);
} //end wassup_admin_preload
/**
* Loads javascript and css files for Wassup admin pages.
* - Enqueues "spia.js", "jquery-ui.js" (various), "jquery-migrate.js" (also queues "jquery.js")
* - adds "thickbox.js"
* - Enqueues "wassup.js" and "wassup.css" for Wassup panels
*/
function wassup_add_scripts(){
global $wp_version,$wdebug_mode;
$vers=WASSUPVERSION;
if($wdebug_mode) $vers.='b'.rand(0,9999);
if(!empty($_GET['page']) && stristr($_GET['page'],'wassup') !== FALSE){
$wassuppage=wassupURI::get_menu_arg();
wp_register_script('wassup',WASSUPURL.'/js/wassup.js',array(),$vers);
if($wassuppage == "wassup-spia" || $wassuppage=="wassup-spy"){
wp_enqueue_script('spia', WASSUPURL.'/js/spia.js', array('jquery','wassup'), $vers);
}elseif($wassuppage == "wassup-options" || $wassuppage == "wassup-donate"){
//use Wordpress' jquery-ui.js only when current
if(version_compare($wp_version,'4.5','>=') || !function_exists('wassup_compat_add_scripts')){
wp_enqueue_script('jquery-ui-dialog');
wp_enqueue_script('jquery-ui-tabs');
}
//never use Wordpress' jquery-ui.css
wp_dequeue_style('jquery-ui-tabs.css');
wp_dequeue_style('jquery-ui-theme.css');
wp_dequeue_style('jquery-ui-dialog.css');
wp_dequeue_style('jquery-ui-core.css');
wp_dequeue_style('jquery-ui.css');
}
//use Wordpress' copy of Thickbox @since v1.9.4.4
add_thickbox(); //Wordpress 2.5+ function
//enqueue jquery-migrate.js (and 'jquery.js')
wp_enqueue_script('jquery-migrate');
wp_enqueue_script('wassup');
//queue wassup stylesheet
wp_enqueue_style('wassup', WASSUPURL.'/css/wassup.css',array(),$vers);
}elseif(strpos($_SERVER['REQUEST_URI'],'/widgets.php')!==false || strpos($_SERVER['REQUEST_URI'],'/customize.php')!==false){
//customizer css for wassup-widget control style
wp_enqueue_style('wassup',WASSUPURL.'/css/wassup.css',array(),$vers);
} //end if GET['page']
} //end wassup_add_scripts
/**
* Check validity of export request then run 'wassupDb::backup_table' to export WassUp main table data into SQL format
* @param integer
* @return void
*/
function export_wassup(){
global $wpdb, $current_user, $wassup_options, $wdebug_mode;
//#1st verify that export request is valid
if(!isset($_REQUEST['export'])) return;
$exportdata=false;
$badrequest=false;
$err_msg="";
$wassup_user_settings=array();
//user must be logged in to export @since v1.9
if(!is_object($current_user) || empty($current_user->ID)){
$user=wp_get_current_user();
}
if(!empty($current_user->ID)){
$wassup_user_settings=get_user_option('_wassup_settings',$current_user->ID);
//wp_nonce validation of export request @since v1.9
if(empty($_REQUEST['_wpnonce']) || !wp_verify_nonce($_REQUEST['_wpnonce'],'wassupexport-'.$current_user->ID)) {
$err_msg=__("Export ERROR: nonce failure!","wassup");
}
}else{
$err_msg=__("Export ERROR: login required!","wassup");
}
//abort invalid export requests
if($err_msg){
if(empty($current_user->ID)){
wp_die($err_msg);
}else{
wassup_log_message($err_msg);
wp_safe_redirect(wassupURI::get_admin_url('admin.php?page=wassup-options&tab=3'));
}
exit;
}
$err_msg="";
$wassup_table=$wassup_options->wassup_table;
$wherecondition="";
//omit spam records from export @since v1.9.1
if(empty($wassup_options->export_spam)){
$wherecondition =" AND `spam`='0'";
}
//for multisite compatibility
if($wassup_options->network_activated_plugin()){
if(!is_network_admin() && !empty($GLOBALS['current_blog']->blog_id)) $wherecondition .= sprintf(" AND `subsite_id`=%d",(int)$GLOBALS['current_blog']->blog_id);
}
//sorted by record id field
$wherecondition .= ' ORDER BY `id`';
$start_id=0;
if(isset($_REQUEST['startid']) && is_numeric($_REQUEST['startid'])){
$start_id=(int)$_REQUEST['startid'];
}
//# check for records before exporting...
$numrecords=0;
$exportdata=false;
$numrecords=$wpdb->get_var(sprintf("SELECT COUNT(`wassup_id`) FROM `%s` WHERE `id` > %d %s",esc_attr($wassup_table),$start_id,$wherecondition));
if(!is_numeric($numrecords)) $numrecords=0;
if($numrecords > 0){
//too big for export, abort @TODO
if($numrecords > 9999999){
$err_msg=__("Too much data for Wassup export! Use a separate MySQL Db tool instead.","wassup");
}else{
//Could take a long time, so increase script execution time-limit to 11 min
$stimeout=ini_get('max_execution_time');
if(is_numeric($stimeout) && $stimeout>0 && $stimeout < 660){
$disabled_funcs=ini_get('disable_functions');
if((empty($disabled_funcs) || strpos($disabled_funcs,'set_time_limit')===false) && !ini_get('safe_mode')){
$stimeout=11*60;
@set_time_limit($stimeout);
}
}
//do the export
if($_REQUEST['export']=="csv"){
wassupDb::export_records($wassup_table,$start_id,"$wherecondition","csv");
}else{
wassupDb::export_records($wassup_table,$start_id,"$wherecondition","sql");
}
}
}else{
//failed export message
$err_msg=__("ERROR: Nothing to Export.","wassup");
} //end if numrecords > 0
//if get here, something went wrong with export
if(!empty($err_msg)){
wassup_log_message($err_msg);
}
//reload screen to show error message
$reload_uri=remove_query_arg(array('export','whash','type','_wpnonce'));
wp_safe_redirect($reload_uri);
exit;
} //end export_wassup
/** Save summary message from export or other action in either wassup_meta or user_metadata @since v1.9.4 */
function wassup_log_message($msg,$msgtype="",$msgkey="0"){
global $current_user;
//msgtype,msgkey parameters for wassup_meta msg
if(!empty($msgtype)){
$expire=time()+86401; //24-hour expire
if(empty($msgkey) && !empty($_REQUEST['mid'])){
$msgkey=$_REQUEST['mid'];
}
$saved=wassupDb::update_wassupmeta($msgkey,$msgtype,$msg,$expire);
}else{
if(!is_object($current_user) || empty($current_user->ID)){
$user=wp_get_current_user();
}
$wassup_user_settings=get_user_option('_wassup_settings',$current_user->ID);
$wassup_user_settings['ualert_message']=$msg;
update_user_option($current_user->ID,'_wassup_settings',$wassup_user_settings);
}
}
/** Turns off all error notices except fatal errors. */
function wassup_disable_errors(){
error_reporting(E_ERROR);
ini_set('display_errors','Off');
}
/** Turns on all error notices */
function wassup_enable_errors(){
global $wp_version, $wdebug_mode;
//don't use 'strict standards' in old Wordpress versions (part of E_ALL since PHP 5.4)
$php_vers=phpversion();
if(version_compare($php_vers,'5.4','>=')){
//turn off deprecated notices in PHP7
if(version_compare($php_vers,'7.0','>=')){
error_reporting(E_ALL & ~E_DEPRECATED & ~E_USER_DEPRECATED );
}elseif(version_compare($wp_version,'4.0','<')){
error_reporting(E_ALL & ~E_STRICT);
}else{
error_reporting(E_ALL);
}
}elseif(version_compare($wp_version,'4.0','<')){
error_reporting(E_ALL & ~E_STRICT);
}else{
error_reporting(E_ALL);
}
if(!empty($wdebug_mode)){
//don't set display_errors unless WP_DEBUG is not set @since v1.9.4.4
if(!defined('WP_DEBUG') || !defined("WP_DEBUG_DISPLAY")){
ini_set('display_errors','On');
}
}
} //end wassup_enable_errors
if (!function_exists('microtime_float')) {
function microtime_float() { //replicates microtime(true) from PHP5
list($usec, $sec) = explode(" ", microtime());
return ((float)$usec + (float)$sec);
}
}
//-------------------------------------------------
//### Tracking functions
/** Start tracking: check for cookie, assign 'wassupappend' to action hook to record tracking */
function wassupPrepend() {
global $wpdb,$wp_version,$wassup_options,$current_user,$wscreen_res,$wdebug_mode;
if(empty($wassup_options)) $wassup_options=new wassupOptions;
//wassup must be active for recording to begin
if(empty($wassup_options) || !$wassup_options->is_recording_active()){ //do nothing
return;
}
//don't track ajax requests from some plugins @since v1.9.4
$active_plugins=maybe_serialize(get_option('active_plugins'));
//don't track Woocommerce ajax requests
if(isset($_REQUEST['wc-ajax']) && preg_match('#/woocommerce\.php#',$active_plugins)>0){
return;
}
//suppress php7 deprecated notices @since v1.9.4.4
if(!$wdebug_mode){
$errmode_reset=error_reporting();
$errdisplay_reset=ini_get('display_errors');
wassup_disable_errors();
}
$wassup_table=$wassup_options->wassup_table;
$wassup_tmp_table=$wassup_table."_tmp";
$wscreen_res="";
//session tracking with cookie
$session_timeout=false;
$wassup_timer=0;
$wassup_id="";
$subsite_id=(!empty($GLOBALS['current_blog']->blog_id)?$GLOBALS['current_blog']->blog_id:0);
$cookie_subsite=0;
$cookieUser="";
$sessionhash=$wassup_options->whash;
//in case whash was reset
if(!isset($_COOKIE['wassup'.$sessionhash])) $sessionhash=wassup_get_sessionhash();
if(isset($_COOKIE['wassup'.$sessionhash])){
//use cookie separator '##' instead of '::' to avoid conflict with ipv6 address notation @since v1.9
$cookie_data = explode('##',esc_attr(base64_decode(urldecode($_COOKIE['wassup'.$sessionhash]))));
if(count($cookie_data)>3){
$wassup_id = $cookie_data[0];
$wassup_timer=(int)$cookie_data[1] - time();
if(!empty($cookie_data[2])){
$wscreen_res = $cookie_data[2];
}
//username in wassup cookie @since v1.8.3
if(!empty($cookie_data[5])) $cookieUser=$cookie_data[5];
if($wassup_timer <= 0 || $wassup_timer > 86400){
$session_timeout=true;
}
//don't reuse wassup_id when subsite changed
if(is_multisite()){
if(preg_match('/^([0-9]+)b_/',$wassup_id,$pcs)>0) $cookie_subsite=$pcs[1];
if($subsite_id != $cookie_subsite) $wassup_id="";
}
}
}
//for tracking 404 hits when it is 1st visit record
$urlRequested=$_SERVER['REQUEST_URI'];
$req_code=200;
if(is_404()){
$req_code=404;
}elseif(function_exists('http_response_code')){
$req_code=http_response_code(); //PHP 5.4+ function
}elseif(isset($_SERVER['REDIRECT_STATUS'])){
$req_code=(int)$_SERVER['REDIRECT_STATUS'];
}
//get screen resolution from cookie or browser header data, if any
if (empty($wscreen_res) && isset($_COOKIE['wassup_screen_res'.$sessionhash])) {
$wscreen_res = esc_attr(trim($_COOKIE['wassup_screen_res'.$sessionhash]));
if ($wscreen_res == "x") $wscreen_res="";
}
if (empty($wscreen_res) && isset($_SERVER['HTTP_UA_PIXELS'])) {
//resolution in IE/IEMobile header sometimes
$wscreen_res = str_replace('X',' x ',$_SERVER['HTTP_UA_PIXELS']);
}
if (empty($wscreen_res) || preg_match('/(\d+\sx\s\d+)/i',$wscreen_res)==0){
$wscreen_res = "";
$ua=(!empty($_SERVER['HTTP_USER_AGENT'])?$_SERVER['HTTP_USER_AGENT']:"");
if(stristr($urlRequested,'login.php')!==false){
add_action('login_footer','wassup_foot');
}elseif(strstr($ua,'MSIE')===false && strstr($ua,'rv:11')===false && strstr($ua,'Edge/')===false){
//place wassup tag and javascript in document head
if(is_admin()){
add_action('admin_head','wassup_head');
}else{
add_action('wp_head','wassup_head');
}
}
}
$timenow=current_time('timestamp');
//check if user is logged-in
$logged_user="";
if(empty($current_user->user_login)) $user=wp_get_current_user();
if(!empty($current_user->user_login)){
$logged_user=$current_user->user_login;
//for recent successful login.. undo hack attempt label
//wassup timer is additional check in case this is successful hack
if(!empty($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'],'wp-login.php')>0 && $wassup_timer >=0 && $wassup_timer < 5401){
if(empty($wassup_id)) $wsession_id=wassup_get_sessionid();
else $wsession_id=$wassup_id;
//retroactively undo "hack attempt" label
$wassup_dbtask[]=sprintf("UPDATE `$wassup_table` SET `username`='%s', `spam`='0' WHERE `wassup_id`='%s' AND `spam`!='0' AND `timestamp`>'%d'",$logged_user,$wsession_id,$timenow-90);
}
//timeout logged-in users after 10 mins to trigger save into temp for online counts @since v1.9.2
if($wassup_timer > 5361){ //for 1st save/cookie reset
$session_timeout=true;
}elseif($wassup_timer < 4801){ //timeout after ~10 mins
$session_timeout=true; //...for save to temp
}
}
//Track visitor
//Exclude for logged-in user in admin area (unless session_timeout is set)
if(!is_admin() || empty($logged_user) || $session_timeout || $req_code !=200 || empty($wassup_id)){
//use 'send_headers' hook for feed, media, and files except when request is wp-admin which doesn't run this hook
if(is_feed() || preg_match('#[=/\?&](feed|atom)#',$urlRequested)>0){
if(is_feed() && !headers_sent()){
add_action('send_headers','wassupAppend');
}else{
wassupAppend($req_code);
}
}elseif(preg_match('/(\.(3gp|7z|f4[pv]|mp[34])(?:[\?#]|$))/i',$urlRequested)>0){
//this is audio, video, or archive file request
if(!is_admin() && !headers_sent()){
add_action('send_headers','wassupAppend');
}else{
wassupAppend($req_code);
}
}elseif(preg_match('/([^\?#&]+\.([a-z]{1,4}))(?:[\?#]|$)/i',$urlRequested)>0 && basename($urlRequested)!="robots.txt"){
//this is multimedia or specific file request
if(!is_admin() && !headers_sent()){
add_action('send_headers','wassupAppend');
}else{
wassupAppend($req_code);
}
}elseif(!is_admin()){
//use 'send_headers' hook for cookie write or 404 and shutdown hook for all others
if(empty($wassup_id) || $req_code!=200){
if(!headers_sent()){
add_action('send_headers','wassupAppend',15);
}else{
add_action('shutdown','wassupAppend',1);
}
}elseif($session_timeout && ($wassup_timer <=0 || $wassup_timer >86400) && !headers_sent()){
//for cookie re-write
add_action('send_headers','wassupAppend',15);
}else{
add_action('shutdown','wassupAppend',1);
}
}else{
//use 'admin_footer' hook for admin area hits @since v1.9.1
add_action('admin_footer','wassupAppend',15);
}
//add tracking for login page separately since 'shutdown' hook doesn't seem to run on login page @since v1.9.1
if(empty($logged_user) && stristr($urlRequested,'login.php')!==FALSE){
add_action('login_footer','wassupAppend',15);
}
} //end if !is_admin
//do retroactive update, if any
if(!empty($wassup_dbtask)){
$args=array('dbtasks'=>$wassup_dbtask);
wassupDb::scheduled_dbtask($args);
}
//restore default error_reporting @since v1.9.4.4
if(!$wdebug_mode && isset($errmode_reset)){
error_reporting($errmode_reset);
@ini_set('display_errors',$errdisplay_reset);
}
} //end wassupPrepend
/**
* Track visitors: collect browser/visitor data and save record in wassup table
* @param string (http request code)
*/
function wassupAppend($req_code=0) {
global $wpdb,$wp_version,$current_user,$wassup_options,$wscreen_res,$wdebug_mode;
if(!defined('WASSUPURL')){
if(!wassup_init()) return; //nothing to do
}
//wassup must be active for recording to begin
if(empty($wassup_options) || !$wassup_options->is_recording_active()){ //nothing to do
return;
}
//load additional wassup modules as needed
if(!class_exists('wDetector')) require_once(WASSUPDIR.'/lib/main.php');
if(!class_exists('UADetector')) include_once(WASSUPDIR.'/lib/uadetector.class.php');
$wpurl=wassupURI::get_wphome();
$blogurl=wassupURI::get_sitehome();
//path to wordpress install, when different from home
$wppath="";
if($wpurl !== $blogurl){
$url=parse_url($wpurl);
if(!empty($url['path'])) $wppath=rtrim($url['path'],'/');
}
$network_settings=array();
if(is_multisite()){
$network_settings=get_site_option('wassup_network_settings');
}
//identify media requests
$is_media=false;
$fileRequested="";
if(preg_match('#^(/(?:[0-9a-z.\-\/_]+\.(?:3gp|avi|bmp|flv|gif|gifv|ico|img|jpe?g|mkv|mov|mpa|mpe?g|mp[234]|ogg|oma|omg|png|pdf|pp[st]x?|psd|svg|swf|tiff|vob|wav|webm|wma|wmv))|(?:[0-9a-z.\-\/_]+(?:zoom(?:in|out)\.cur)))(?:[\?\#&]|$)#i',$_SERVER['REQUEST_URI'],$pcs)>0){
$is_media=true;
if(ini_get('allow_url_fopen')) $fileRequested=$blogurl.$pcs[1];
}
$debug_output="";
if($wdebug_mode){
if($is_media || is_feed() || (!is_page() && !is_home() && !is_single() && !is_archive())){
//turn off error display for media, feed, and any non-html requests
$wdebug_mode=false;
}else{
if(is_admin() || headers_sent()){
echo "\n".'<!-- *WassUp DEBUG On '."\n"; //hide errors
echo 'time: '.date('H:i:s').' locale: '.$GLOBALS['locale'];
}else{
$debug_output="\n".'<!-- *WassUp DEBUG On '."\n"; //hide errors
$debug_output .='time: '.date('H:i:s').' locale: '.$GLOBALS['locale'];
}
wassup_enable_errors();
}
}else{
//suppress PHP7 deprecated notices @since v1.9.4.4
$errmode_reset=error_reporting();
$errdisplay_reset=ini_get('display_errors');
@wassup_disable_errors();
} //end if $wdebug_mode
$error_msg="";
$wassup_table = $wassup_options->wassup_table;
$wassup_tmp_table = $wassup_table . "_tmp";
$wassup_meta_table = $wassup_table."_meta";
$wassup_recid=0;
$temp_recid=0;
$dup_urlrequest=0;
$wassup_dbtask=array(); //for scheduled db operations
$wassup_rec=array();
$recent_hit=false;
//init wassup table fields...
$wassup_id = "";
$timenow = current_time("timestamp");
$ipAddress = "";
$IP="";
$hostname = "";
$urlRequested = $_SERVER['REQUEST_URI'];
if(empty($urlRequested) && !empty($_SERVER['SCRIPT_NAME'])){
$urlRequested=$_SERVER['SCRIPT_NAME']; // IIS
}
$referrer = (isset($_SERVER['HTTP_REFERER'])? $_SERVER['HTTP_REFERER']: '');
$userAgent = (isset($_SERVER['HTTP_USER_AGENT']) ? rtrim($_SERVER['HTTP_USER_AGENT']) : '');
if(strlen($userAgent) >255){
$userAgent=substr(str_replace(array(' ','%20%20','++'),array(' ','%20','+'),$userAgent),0,255);
}
$search_phrase="";
$searchpage="0";
$searchengine="";
$os="";
$browser="";
$language = (isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? esc_attr($_SERVER['HTTP_ACCEPT_LANGUAGE']) : '');
//fields and vars for spam detection...
$spider="";
$feed="";
$logged_user="";
$comment_user = (isset($_COOKIE['comment_author_'.COOKIEHASH]) ? utf8_encode($_COOKIE['comment_author_'.COOKIEHASH]) : '');
$spam=0;
$article_id=0;
if(empty($article_id) && preg_match('#(/wp-admin|/wp-content|/wp-includes|wp-login|/feed/|/category/|/tag/)#',$urlRequested)==0){
$page_obj=get_page_by_path($urlRequested);
if(!empty($page_obj->ID)) $article_id=$page_obj->ID;
}
if(empty($article_id) && (is_single() || is_page())){
if(!empty($GLOBALS['post']->ID)){
$article_id=$GLOBALS['post']->ID;
}
}
$subsite_id=(!empty($GLOBALS['current_blog']->blog_id)?$GLOBALS['current_blog']->blog_id:0);
$multisite_whereis="";
if($wassup_options->network_activated_plugin() && !empty($GLOBALS['current_blog']->blog_id)){
$multisite_whereis = sprintf(" AND `subsite_id`=%d",(int)$GLOBALS['current_blog']->blog_id);
}
//Set more table fields from http_header and other visit data
$unknown_spider=__("Unknown Spider","wassup");
$unknown_browser=__("Unknown Browser","wassup");
$ua = new UADetector();
if(!empty($ua->name)){
if($ua->agenttype == "B"){
$browser = $ua->name;
if(!empty($ua->version)){
$browser .= " ".wMajorVersion($ua->version);
if (strstr($ua->version,"Mobile")!==false){
$browser .= " Mobile";
}
}
}else{
$spider = $ua->name;
if ($ua->agenttype == "F") {
if(!empty($ua->subscribers)){
$feed=$ua->subscribers;
}else{
$feed=$spider;
}
} elseif ($ua->agenttype == "H" || $ua->agenttype == "S") {
//it's a script injection bot|spammer
if ($spam == "0") $spam = 3;
}
} //end else agenttype
$os=$ua->os;
//check for screen resolution
if(empty($wscreen_res) && !empty($ua->resolution)){
if(preg_match('/^\d+x\d+$/',$ua->resolution)>0){
$wscreen_res=str_replace('x',' x ',$ua->resolution);
}else{
$ua->resolution;
}
}
if(empty($language) && !empty($ua->language)){
$language=$ua->language;
}
if($wdebug_mode){
if(is_admin() || headers_sent()){
if(!empty($debug_output)){
echo $debug_output;
echo "\nwassupappend-debug#1";
$debug_output="";
}
echo "\nUAdetecter results: \$ua=".serialize($ua);
}else{
$debug_output .="\nUAdetecter results: \$ua=".serialize($ua);
}
}
} //end if $ua->name
//Set visitor identifier fields: username, wassup_id, ipAddress, hostname
//re-lookup username in case login was not detected in 'init'
$is_admin_login = false;
if(empty($current_user->user_login)) $user=wp_get_current_user();
if(!empty($current_user->user_login)) {
$logged_user = $current_user->user_login;
$is_admin_login = $wassup_options->is_admin_login($current_user);
}
$session_timeout = false;
$wassup_timer=0;
$cookieIP = "";
$cookieHost = "";
$cookieUser = "";
$sessionhash=$wassup_options->whash;
//in case hash was reset
if(!isset($_COOKIE['wassup'.$sessionhash])){
$sessionhash=wassup_get_sessionhash();
}
//# Check for cookies in case this is an ongoing visit
if(isset($_COOKIE['wassup'.$sessionhash])){
$cookie_data = explode('##',esc_attr(base64_decode(urldecode($_COOKIE['wassup'.$sessionhash]))));
if(count($cookie_data)>3){
$wassup_id = $cookie_data[0];
$wassup_timer = $cookie_data[1];
if(!empty($cookie_data[2])) $wscreen_res = $cookie_data[2];
$cookieIP = $cookie_data[3];
if(!empty($cookie_data[4])) $cookieHost = $cookie_data[4];
//username in wassup cookie @since v1.8.3
if(!empty($cookie_data[5])) $cookieUser = $cookie_data[5];
}
}
//Get visitor ip/hostname from http_header
if(!empty($cookieIP)){
$ipAddress = $_SERVER['REMOTE_ADDR'];
$IP=wassup_clientIP($ipAddress);
if($cookieIP==$IP){
$hostname=$cookieHost;
}elseif(strpos($_SERVER['REMOTE_ADDR'],$cookieIP)!==false){
$IP=$cookieIP;
$hostname=$cookieHost;
}elseif(!empty($_SERVER['HTTP_X_FORWARDED_FOR']) && strpos($_SERVER['HTTP_X_FORWARDED_FOR'],$cookieIP)!==false){
$ipAddress=$_SERVER['HTTP_X_FORWARDED_FOR'];
$IP=$cookieIP;
$hostname=$cookieHost;
}else{
$ipAddress=wassup_get_clientAddr();
$IP=wassup_clientIP($ipAddress);
if($cookieIP==$IP) $hostname=$cookieHost;
else $hostname=wassup_get_hostname($IP);
}
}else{
$ipAddress=wassup_get_clientAddr();
$IP=wassup_clientIP($ipAddress);
$hostname=wassup_get_hostname($IP);
}
if (empty($ipAddress)) $ipAddress = $_SERVER['REMOTE_ADDR'];
if (empty($IP)) $IP = wassup_clientIP($ipAddress);
if (empty($hostname)) $hostname = "unknown";
if(empty($logged_user)){
//only one use for username in cookie...to omit admin logout information
//$logged_user=$cookieUser;
if(!empty($cookieUser) && strpos($urlRequested,'loggedout')>0){
$logged_user=$cookieUser;
$is_admin_login=$wassup_options->is_admin_login($logged_user);
}
}
//get screen resolution value from cookie or browser header data, if any...before new cookie is written
if(empty($wscreen_res)){
if(isset($_COOKIE['wassup_screen_res'.$sessionhash])) {
$wscreen_res=esc_attr(trim($_COOKIE['wassup_screen_res'.$sessionhash]));
if($wscreen_res == "x") $wscreen_res = "";
}
if(empty($wscreen_res) && isset($_SERVER['HTTP_UA_PIXELS'])) {
//resolution in IE/IEMobile header sometimes
$wscreen_res=str_replace('X',' x ',esc_attr($_SERVER['HTTP_UA_PIXELS']));
}
}
//check for session timeout and wassup_id in temp-only record
if(!empty($wassup_id)){
if((int)$wassup_timer - time() < 1){
$session_timeout=true;
}
$pcs=array();
//don't share wassup_id across multisite subsites
if(preg_match('/^([0-9]+)b_/',$wassup_id,$pcs)>0){
if($pcs[1]!=$subsite_id) $session_timeout=true;
}
}
//assign a wassup_id for visit and write cookie
if(empty($wassup_id) || $session_timeout || (!empty($wscreen_res) && empty($cookie_data[2]))){
//reset wassup_id for timeout/new visit only
if(empty($wassup_id) || $session_timeout){
$args=array('ipAddress'=>$ipAddress,
'hostname'=>$hostname,
'logged_user'=>$logged_user,
'timestamp'=>$timenow,
'userAgent'=>$userAgent,
'subsite_id'=>$subsite_id,
);
if(empty($logged_user) && !empty($cookieUser)){
$args['logged_user']=$cookieUser;
}
$wassup_id=wassup_get_sessionid($args);
$wassup_timer=((int)time() + 2700); //use 45 minutes timer
//longer session time for logged-in users @since v1.9
if(!empty($logged_user)){
$wassup_timer=(int)time()+5400;
}
}
//put the cookie in the oven and set the timer...
//this must be done before headers sent
if(!headers_sent()){
if (defined('COOKIE_DOMAIN')) {
$cookiedomain = preg_replace('#^(https?\://)?(www\d?\.)?#','',strtolower(COOKIE_DOMAIN));
if(defined('COOKIEPATH')){
$cookiepath=COOKIEPATH;
}else{
$cookiepath = "/";
}
} else {
$cookieurl = parse_url(get_option('home'));
$cookiedomain = preg_replace('/^www\d?\./i','',$cookieurl['host']);
$cookiepath = $cookieurl['path'];
}
if(!empty($logged_user)) $cookieUser=$logged_user;
$expire = 0; //expire on browser close - based on utc timestamp, not on Wordpress time
$wassup_cookie_value = urlencode(base64_encode($wassup_id.'##'.$wassup_timer.'##'.$wscreen_res.'##'.$IP.'##'.$hostname.'##'.$cookieUser));
setcookie("wassup".$sessionhash, "$wassup_cookie_value", $expire, $cookiepath, $cookiedomain);
}
unset($temp_id, $tempUA, $templen);
} //end if empty(wassup_id)
//Retrieve request response code
if(!is_numeric($req_code) || empty($req_code)){
$req_code=200;
if(is_404()){
$req_code=404;
}elseif(function_exists('http_response_code')){
$req_code=http_response_code(); //PHP 5.4+ function
}elseif(isset($_SERVER['REDIRECT_STATUS'])){
$req_code=(int)$_SERVER['REDIRECT_STATUS'];
}
}
//sometimes missing media can show as 200, so if request is a media file, also check that file exist
if($is_media){
if($req_code==200 && !empty($fileRequested) && !file_exists($fileRequested)){
$req_code=404;
}
}elseif(preg_match('#(^/[0-9a-z\-/\._]+\.([a-z]{1,4}))(?:[\?&\#]|$)#i',$urlRequested,$pcs)>0 && basename($urlRequested)!="robots.txt"){
//identify file requests
if(ini_get('allow_url_fopen')) $fileRequested=$blogurl.$pcs[1];
}
if($wdebug_mode){
if(is_admin() || headers_sent()){
if(!empty($debug_output)){
echo $debug_output;
echo "\nwassupappend-debug#2";
$debug_output="";
}
echo "\n\$req_code=$req_code";
}
}
$hackercheck=true; //for malware checking
//do an early quick-check for xss code on url and label as spam/malware for temp record, even if spam detection is disabled @since v1.9.1
if(preg_match('/(document\.write(?:ln)?|(?:<|<|�*60;?|%3C)scr(?:ipt|[^0-9a-z\-_])|[0t;];script|[ +;0]src=|[ +;]href=|%20href=)([^0-9a-z]|http[:s]|ftp[:s])/',$urlRequested)>0){
$spam=3;
$hackercheck=false;
//no malware checks on logged-in users unless 404 activity
}elseif(empty($wassup_options->wassup_hack) || (!empty($logged_user) && (int)$req_code!=404)){
$hackercheck=false;
//no malware checks on feed, multimedia, or simple file/archive requests
}elseif(is_feed() || $is_media || preg_match('#^/[0-9a-z\-\._]+\.(css|gz|jar|pdf|rdf|rtf|txt|xls|xlt|xml|Z|zip)$#i',$_SERVER['REQUEST_URI'])>0){
$hackercheck=false;
}
@ignore_user_abort(1); // finish script in background if visitor aborts
//## Start Exclusion controls:
//#1 First exclusion control is for admin user
if($wassup_options->wassup_admin=="1" || !$is_admin_login || (strpos($urlRequested,'wp-login.php')>0 && strpos($urlRequested,'loggedout')===false)){ //typo bugfix @since v1.9.4.5
//#2 Exclude wp-cron utility hits...unless external host
if (stristr($urlRequested,"/wp-cron.php?doing_wp_cron")===false || empty($_SERVER['SERVER_ADDR']) || $IP!=$_SERVER['SERVER_ADDR']){
//#3 Exclude wp-admin visits unless possible malware attempt
if ((!is_admin() && stristr($urlRequested,"/wp-admin/")===false && stristr($urlRequested,"/wp-includes/")===false) || $req_code!=200 || $hackercheck){
//Get single post/page id, if archive has only 1 post
if(empty($article_id) && isset($GLOBALS['posts'])){
if((is_archive() || is_search()) && count($GLOBALS['posts'])==1 && !empty($GLOBALS['posts'][0]->ID)){
$article_id=$GLOBALS['posts'][0]->ID;
}
}
//#4 Exclude users on exclusion list
if (empty($wassup_options->wassup_exclude_user) || empty($logged_user) || preg_match('/(?:^|\s*,)\s*('.preg_quote($logged_user).')\s*(?:,|$)/',$wassup_options->wassup_exclude_user)==0){
//'preg_match' replaces 'explode' for faster matching of users, url requests, and ip addresses @since v1.9
//@TODO: exclude page requests by post_id
//#5 Exclude urls on exclusion list
if (empty($wassup_options->wassup_exclude_url) || preg_match('#(?:^|\s*,)\s*((?:'.str_replace('#','\#',preg_quote($blogurl)).')?'.str_replace('#','\#',preg_quote($urlRequested)).')\s*(?:,|$)#i',$wassup_options->wassup_exclude_url)==0){
//url matching may be affected by html-encoding, url-encoding, query parameters, and labels on the url - so do those exclusions separately
$exclude_visit = false;
if (!empty($wassup_options->wassup_exclude_url)) {
$exclude_list = explode(',',str_replace(', ',',',$wassup_options->wassup_exclude_url));
//reverse the pattern/item checked in regex
foreach ($exclude_list as $exclude_url) {
$xurl=str_replace($blogurl,'',rtrim(trim($exclude_url),'/'));
if(!empty($xurl)){
$regex='#^('.str_replace('#','\#',preg_quote($xurl)).')([&?\#/].+|$)#i';
if(preg_match($regex,$urlRequested)>0){
$exclude_visit=true;
break;
}elseif(preg_match($regex,esc_attr($urlRequested))>0){
$exclude_visit=true;
break;
}elseif(preg_match($regex,urlencode($urlRequested))>0){
$exclude_visit=true;
break;
}
}
}//end foreach
}
//#6 Exclude IPs on exclusion list...
if ((empty($wassup_options->wassup_exclude) || preg_match('#(?:^|\s*,)\s*('.preg_quote($IP).')\s*(?:,|$)#',$wassup_options->wassup_exclude)==0) && !$exclude_visit){
//match for wildcards in exclude list @since v1.9
if(strpos($wassup_options->wassup_exclude,'*')!= 0){
$exclude_list = explode(',',str_replace(', ',',',$wassup_options->wassup_exclude));
//reverse the pattern/item_checked in regex
foreach ($exclude_list as $xip) {
if(!empty($xip) && strpos($xip,'*')!=0){
$regex='/^'.str_replace('\*','([0-9a-f\.:]+)',preg_quote($xip)).'$/i';
if(preg_match($regex,$IP)>0){
$exclude_visit=true;
break;
}
}
}//end foreach
}
//#7 Exclude hostnames on exclusion list @since v1.9
if ((empty($wassup_options->wassup_exclude_host) || preg_match('#(?:^|\s*,)\s*('.preg_quote($hostname).')\s*(?:,|$)#',$wassup_options->wassup_exclude_host)==0) && !$exclude_visit){
//match for wildcards in exclude list
if(strpos($wassup_options->wassup_exclude_host,'*')!==false){
$exclude_list = explode(',',str_replace(', ',',',$wassup_options->wassup_exclude_host));
//reverse the pattern/item_checked in regex
foreach ($exclude_list as $xhost) {
if(!empty($xhost) && strpos($xhost,'*')!==false){
$regex='/^'.str_replace('\*','([0-9a-z\-_]+)',preg_quote($xhost)).'$/i';
if(preg_match($regex,$hostname)>0){
$exclude_visit=true;
break;
}
}
}//end foreach
}
//#8 Exclude requests for plugins files from recordings
if ((stristr($urlRequested,"/".PLUGINDIR) === FALSE || stristr($urlRequested,"forum") !== FALSE || $hackercheck) && !$exclude_visit) {
//#9 Exclude requests for themes files from recordings
if (stristr($urlRequested,"/wp-content/themes") === FALSE || stristr($urlRequested,"comment") !== FALSE || $req_code==404) {
//#10 Exclude for logged-in users
if ($wassup_options->wassup_loggedin == 1 || !is_user_logged_in()) {
//check user agent string for attack code
if($spam==0 && wassupURI::is_xss($userAgent)){
$spam=3;
}
//#11 Exclude for wassup_attack (via libwww-perl or xss in user agent)
if ($wassup_options->wassup_attack==1 || (stristr($userAgent,"libwww-perl")===FALSE && $spam==0)) {
// Check for duplicates, previous spam check, and screen resolution and get previous settings to prevent redundant checks on same visitor.
// Dup==same wassup_id and URL, and timestamp<180 secs
$wpageviews=0;
$spamresult=0;
$recent_hit=array();
//don't wait for slow responses...set mysql wait timeout to 7 seconds
$mtimeout=$wpdb->get_var("SELECT @@session.wait_timeout AS mtimeout FROM DUAL");
if(!is_numeric($mtimeout) || is_wp_error($mtimeout)){
$mtimeout=0;
}
$wpdb->query("SET wait_timeout=7");
if($wdebug_mode){
if(is_admin() || headers_sent()){
if(!empty($debug_output)){
echo $debug_output;
echo "\nwassupappend-debug#3";
$debug_output="";
}
echo "\nSet MySQL wait_timeout=7 from ".$mtimeout;
}else{
$debug_output .="\nSet MySQL wait_timeout=7 from ".$mtimeout;
}
}
//get recent hits with same wassup_id
$recent_hit=$wpdb->get_results(sprintf("SELECT SQL_NO_CACHE `wassup_id`, `ip`, `timestamp`, `urlrequested`, `screen_res`, `username`, `browser`, `os`, `spider`, `feed`, `spam`, `language`, `agent`, `referrer` FROM `$wassup_tmp_table` WHERE `wassup_id`='%s' AND `timestamp` >'%d' %s ORDER BY `timestamp` DESC",esc_sql($wassup_id),$timenow-183,$multisite_whereis));
//check for duplicate hit
if(!empty($recent_hit) && !is_wp_error($recent_hit)){
$wpageviews=count($recent_hit);
//check 1st record only
//record is dup if same url and same user-agent
if($recent_hit[0]->agent == $userAgent || empty($recent_hit[0]->agent)){
if($recent_hit[0]->urlrequested == $urlRequested || $recent_hit[0]->urlrequested == '[404] '.$urlRequested){
$dup_urlrequest=1;
}elseif($is_media && $req_code == 200 && preg_match('/\.(gif|ico|jpe?g|png|tiff)$/i',$fileRequested) >0){
//exclude images/photos only after confirmation of other valid page hit by visitor
$dup_urlrequest=1;
}
}
//retrieve previous spam check results
$spamresult=$recent_hit[0]->spam;
//don't use hack-attempt label from recent hit when user is logged-in
if((int)$spamresult==3 && !empty($logged_user)){
$spamresult=0;
}
//retroactively update screen_res
//...queue the update because of "delayed insert"
if (empty($recent_hit[0]->screen_res) && !empty($wscreen_res)) {
$wassup_dbtask[]=sprintf("UPDATE `$wassup_table` SET `screen_res`='%s' WHERE `wassup_id`='%s'",$wscreen_res,$recent_hit[0]->wassup_id);
}
}else{
$recent_hit=array();
} //end if recent_hit
//done duplicate check...restore normal timeout
if(!empty($mtimeout)){
$wpdb->query("SET wait_timeout=$mtimeout");
}else{
$wpdb->query("SET wait_timeout=90");
}
//#12 Exclude duplicates
if($dup_urlrequest == 0){
//get previously recorded settings for this visitor to avoid redundant tests
if($spam==0 && (int)$spamresult >0) $spam=$spamresult;
if(!empty($recent_hit)){
if(empty($wscreen_res)){
if(!empty($recent_hit[0]->screen_res)){
$wscreen_res=$recent_hit[0]->screen_res;
}
}
if($recent_hit[0]->agent == $userAgent || empty($userAgent)){
$os=$recent_hit[0]->os;
$browser=$recent_hit[0]->browser;
$spider=$recent_hit[0]->spider;
//feed reader only if this page is feed
if(!empty($recent_hit[0]->feed) && is_feed()){
$feed=$recent_hit[0]->feed;
}
}
}
//#13 Exclude admin/admin-ajax requests with same session cookie as recent hit but does not show as a logged user request (ex: /wp-admin/post.php hit from edit link in website page?)
if((!is_admin() && stristr($urlRequested,"/wp-admin/")===false) || $urlRequested != $wppath.'/wp-admin/admin-ajax.php' || empty($recent_hit) || ((empty($recent_hit[0]->username) || $recent_hit[0]->username != $cookieUser) && stristr($recent_hit[0]->urlrequested,"/wp-admin/")===false)){
//check for xss attempts on referrer
if($spam==0 && $hackercheck && empty($logged_user)){
//...skip if referrer is own blog
if(!empty($referrer) && !$is_admin_login && stristr($referrer,$wpurl)!=$referrer && stristr($referrer,$blogurl)!=$referrer && $referrer!=$blogurl.$urlRequested){
if(wassupURI::is_xss($referrer)){
$spam=3;
}elseif(wIsAttack($referrer)){
$spam=3;
}
}
}
//#14 Exclude 404 hits unless 1st visit or malware attempt
if($req_code == 200 || empty($recent_hit) || ($hackercheck && ($spam!=0 || stristr($urlRequested,"/wp-")!==FALSE || preg_match('#\.(php\d?|aspx?|bat|cgi|dll|exe|ini|js|jsp|msi|sh)([^0-9a-z.\-_]|$)|([\\\.]{2}|\/\.|root[^a-z0-9\-_]|[^a-z0-9\-_]passw|\=admin[^a-z0-9\-_]|\=\-\d+|(bin|etc)\/)|[\*\,\'"\:\(\)$`]|[^0-9a-z](src|href|style)[ +]?=|&\#?([0-9]{2,4}|lt|gt|quot);|(?:<|%3c|<?|&\#0*60;?|&\#x0*3c;?)[jpsv]|(?:user|author|admin|id)\=\-?\d+|(administrator|base64|bin|code|config|cookie|delete|document|drop|drupal|eval|exec|exit|function|iframe|insert|install|java|joomla|load|null|repair|script|select|setting|setup|shell|system|table|union|upgrade|update|upload|where|window|wordpress)#i',$urlRequested)>0))){
//Malware url check exceptions:
//..omit 'admin-ajax.php', 'ads.txt','assetslinks.json',index.php','license.php','robots.txt','security.txt','sitemap.xml', and 'wp-login.php', from malware checks
$good_urls_regex='#^(/|/index\.php|/license\.php|/ads\.txt|/robots\.txt|/security\.txt|/sitemap\.xml|/\.well\-known/(?:assetlinks\.json|security\.txt)|'.$wppath.'/wp\-admin/admin\-ajax\.php|'.$wppath.'/wp\-login\.php)$#i';
if ($hackercheck && preg_match($good_urls_regex,$urlRequested)>0){
$hackercheck=false;
}
//Identify malware on url
if($hackercheck && $spam==0 && $urlRequested != '/'){
$pcs=array();
//xss attempt
if(wassupURI::is_xss($urlRequested)){
$spam=3;
//non-admin users trying to access root files, password or ids or upgrade script are up to no good
}elseif(!$is_admin_login){
$pcs=array();
if(preg_match('#\.\./\.\./(etc/passwd|\.\./\.\./)#i',$urlRequested)>0){
$spam=3;
}elseif(preg_match('#[\[&\?/\-_](code|dir|document_root\]?|id|page|thisdir)\=([a-t]+tp\://.+|[/\\\\\'"\-&\#%]|0+[e\+\-\*x]|[a-z]:)#i',$urlRequested,$pcs)>0){
if(!empty($pcs[2])) $spam=3;
elseif($req_code==404) $spam=3;
}elseif(preg_match('#\/wp\-admin.*[^0-9a-z_](install(\-helper)?|update(\-core)?|upgrade)\.php([^0-9a-z\-_]|$)#i',$urlRequested)>0){
$spam=3;
}
}
//visitors requesting non-existent server-side scripts are up to no good
$pcs=array();
if($spam==0 && preg_match('#(?:(^\/\.[0-9a-z]{3,})|(\.(?:cgi|aspx?|jsp?))|([\*\,\'"\:\(\)$`].*)|(.+\=\-1)|(\/[a-z0-9\-_]+\.php[457]?))(?:[^0-9a-z]|$)#i',$urlRequested,$pcs)>0){
if(!empty($pcs[3]) && preg_match('/([0-9\.\-=;]+)/',$urlRequested)>0){
$spam=3;
}elseif(empty($logged_user) && empty($cookieUser)){
if(!empty($pcs[1]) || !empty($pcs[3]) || !empty($pcs[4])){
$spam=3;
}elseif(!empty($pcs[2])){
if($req_code==404){
$spam=3;
}elseif(!empty($fileRequested) && !file_exists($fileRequested)){
$req_code=404;
$spam=3;
}elseif(empty($recent_hit)){
$spam=3;
}
}elseif(!empty($pcs[5])){
if($req_code==404){
$spam=3;
}elseif($pcs[5]!='/index.php' && $pcs[5]!='/wp-login.php'){
if(empty($recent_hit)){
$spam=3;
}elseif(strpos($urlRequested,'wp-admin/')>0){
$spam=3;
}elseif(!empty($fileRequested) && !file_exists($fileRequested)){
$req_code=404;
$spam=3;
}elseif(strpos($urlRequested,'wp-includes/')>0){
$spam=3;
}
}
}
//check for admin/execution attempts on url
if($spam==0 && preg_match('#[^a-z\-_](admin|adminer(?:[\.\-][0-9a-z\-_]+)|administrator|base64|bin|code|config|cookie|delete|dev/|dll|document|drop|etc|eval|exec|exit|function|href|ini|insert|install|login|mysql\.(?:[a-z]{3})|passw|portal/|root|script|select|setting|setup|table|tmp/|update|upgrade|upload|wp/|wp\-|where|window)([^0-9a-z\.\-_]|$)#',$urlRequested)>0){
if($req_code==404){
$spam=3;
}elseif(!empty($pcs[2])){
$spam=3;
}elseif(!empty($pcs[5])){
if(strpos($urlRequested,'/wp-')>0) $spam=3;
elseif($pcs[5]!='/index.php') $spam=3;
}
}
} //elseif empty(logged_user)
}
//regular visitors trying to access admin area are up to no good
if(empty($spam) && empty($logged_user) && empty($cookieUser)){
$pcs=array();
if(preg_match('#[^0-9a-z_](wp\-)?admin(/\.?[0-9a-z_\-%]+)*\.[a-z]{3,4}\d?([^a-z0-9_]|$)#i',$urlRequested)>0){
$spam=3;
}elseif(preg_match('#\/wp\-(config|load|settings)\.php#',$urlRequested)>0){
//regular visitor trying to access setup files is up to no good
$spam=3;
}elseif(preg_match('/[\\\.]{2,}/',$urlRequested)>0){
$spam=3;
}elseif(preg_match('#(?:[\/\\.]([^\/\\.]+\.php[456]?)|([^\/\\.]+\.(?:cgi|aspx?i|bat|dll|exe|ini|msi|sh)))(?:[^0-9a-z.\-_]|$)#i',$urlRequested,$pcs)>0) {
//regular visitor requesting server-side scripts is likely malware
if(!empty($pcs[2])) $spam=3;
elseif(wIsAttack($urlRequested)) $spam=3;
//regular visitor querying userid/author or other non-page item by id number is likely malware
}elseif(preg_match('#[?&]([0-9a-z\-_]+)\=(\-)?\d+$#i',$urlRequested,$pcs)>0){
if(!empty($pcs[2])){
$spam=3;
}elseif($req_code == 404){
if(preg_match('#(code|dir|document_root|path|thisdir)#',$pcs[1])>0){
$spam=3;
}elseif(wIsAttack($urlRequested)){
$spam=3;
}
}
//regular visitor attempts to access "upload" page is likely malware
}elseif(preg_match('#[\?&][0-9a-z\-_]*(page\=upload)(?:[^0-9a-z\-_]|$)#i',$urlRequested)>0){
$spam=3;
}elseif($req_code==404 && wIsAttack($urlRequested)){
$spam=3;
}
} //end if empty logged_user
//retroactively update recent visitor records as spam/malware
if($spam == "3" && $spamresult == "0" && !empty($recent_hit) && empty($logged_user)){
$wassup_dbtask[] = sprintf("UPDATE `$wassup_table` SET `spam`='3' WHERE `wassup_id`='%s' AND `spam`='0' AND `username`=''",$wassup_id);
}
} //end if hackercheck && spam==0
//#15 Exclude for hack/malware attempts
if($wassup_options->wassup_hack==1 || $spam!=3){
//#Identify user-agent...
$agent=(!empty($browser)?$browser:$spider);
//identify agent with wGetBrowser
if(empty($agent) || stristr($agent,'unknown')!==false || $agent==$unknown_browser || $agent==$unknown_spider || stristr($agent,"mozilla")==$agent || stristr($agent,"netscape")==$agent || stristr($agent,"default")!==false){
if(!empty($userAgent)){
list($browser,$os)=wGetBrowser($userAgent);
if(!empty($browser)) $agent=$browser;
if ($wdebug_mode){
if(is_admin() || headers_sent()){
if(!empty($debug_output)){
echo $debug_output;
echo "\nwassupappend-debug#4";
$debug_output="";
}
echo "\n".date('H:i:s.u').' wGetBrowser results: $browser='.$browser.' $os='.$os;
}else{
$debug_output .= "\n".date('H:i:s.u').' wGetBrowser results: $browser='.$browser.' $os='.$os;
}
}
}
}
//# Some spiders, such as Yahoo and MSN, don't always give a unique useragent, so test against known hostnames/IP to identify these spiders
$spider_hosts='/^((65\.55|207\.46)\.\d{3}.\d{1,3}|.*\.(crawl|yse)\.yahoo\.net|ycar\d+\.mobile\.[a-z0-9]{3}\.yahoo\.com|msnbot.*\.search\.msn\.com|crawl[0-9\-]+\.googlebot\.com|baiduspider[0-9\-]+\.crawl\.baidu\.com|\.domaintools\.com|(crawl(?:er)?|spider|robot)\-?\d*\..*)$/';
//#Identify spiders from known spider domains
if(empty($agent) || preg_match($spider_hosts,$hostname)>0 || stristr($agent,'unknown')!==false){
list($spider,$spidertype,$feed) = wGetSpider($userAgent,$hostname,$browser);
if($wdebug_mode){
if(is_admin() || headers_sent()){
if(!empty($debug_output)){
echo $debug_output;
echo "\nwassupappend-debug#5";
$debug_output="";
}
echo "\n".date('H:i:s.u').' wGetSpider results: $spider='.$spider.' $spidertype='.$spidertype.' $feed='.$feed;
}else{
$debug_output .= "\n".date('H:i:s.u').' wGetSpider results: $spider='.$spider.' $spidertype='.$spidertype.' $feed='.$feed;
}
}
//it's a browser
if($spidertype == "B" && $urlRequested != "/robots.txt"){
if (empty($browser)) $browser = $spider;
$spider = "";
$feed = "";
//it's a script injection bot|spammer
}elseif($spidertype == "H" || $spidertype == "S"){
if ($spam == "0") $spam = 3;
}
}
//#Identify spiders and feeds with wGetSpider...
if(empty($spider) && empty($logged_user)){
if(empty($userAgent) && empty($agent)){
//no userAgent == spider
$spider=$unknown_spider;
}else{
if(strlen($agent)<5 || empty($os) || preg_match('#\s?([a-z]+(?:bot|crawler|google|spider|reader|agent))[^a-z]#i',$userAgent)>0 || strstr($urlRequested,"robots.txt")!==FALSE || is_feed()){
list($spider,$spidertype,$feed) = wGetSpider($userAgent,$hostname,$browser);
if($wdebug_mode){
if(is_admin() || headers_sent()){
if(!empty($debug_output)){
echo $debug_output;
echo "\nwassupappend-debug#6";
$debug_output="";
}
echo "\n".date('H:i:s.u').' wGetSpider results: $spider='.$spider.' $spidertype='.$spidertype.' $feed='.$feed;
}else{
$debug_output .="\n".date('H:i:s.u').' wGetSpider results: $spider='.$spider.' $spidertype='.$spidertype.' $feed='.$feed;
}
}
}elseif(!empty($browser) && preg_match('#^(Google Chrome|Netscape|Mozilla|Mozilla Firefox)([0-9./ ]|$)#i',$browser)>0){
//old browser name is likely spider
list($spider,$spidertype,$feed)=wGetSpider($userAgent,$hostname,$browser);
}elseif(preg_match('#(msie|firefox|chrome)[\/ ](\d+)#i',$userAgent,$pcs)>0){
//obsolete browser is likely a spider
if($pcs[2]<8 || ($pcs[2]<30 && $pcs[1]!="msie")){
list($spider,$spidertype,$feed)=wGetSpider($userAgent,$hostname,$browser);
}
}
//it's a spider
if(!empty($spider)){
if($spidertype == "B" && $urlRequested != "/robots.txt"){
if(empty($browser)) $browser=$spider;
$spider="";
$feed="";
}elseif($spidertype == "H" || $spidertype == "S"){
if($spam == "0") $spam=3;
}else{
$browser="";
}
}
}
//if 1st request is "robots.txt" this is a bot
//if empty user-agent, this is a bot
if(empty($spider)){
if(strstr($urlRequested,"/robots.txt")!==FALSE && empty($recent_hit)) $spider=$unknown_spider;
elseif(empty($browser) && empty($userAgent)) $spider=$unknown_spider;
}
//Finally, check for disguised spiders via excessive pageviews activity (threshold: 8+ views in < 16 secs)
if($wpageviews >7 && empty($spider)){
$pageurls=array();
$visitstart=$recent_hit[7]->timestamp;
if(($timenow - $recent_hit[$wpageviews-1]->timestamp < 16 && $wpageviews >9)|| $timenow - $visitstart < 12){
$is_spider=true;
$pageurls[]="$urlRequested";
$n_404=0;
//spider won't hit same page 2+ times
foreach($recent_hit AS $w_pgview){
if(stristr($w_pgview->urlrequested,"robots.txt")!==false){
$is_spider=true;
break;
}elseif(in_array($w_pgview->urlrequested,$pageurls)){
$is_spider=false;
break;
//spider won't have multiple 404's
}elseif(preg_match('/^\[\d{3}\]\s/',$w_pgview->urlrequested)>0){
if($n_404 >2){
$is_spider=false;
break;
}
$n_404=$n_404+1;
}else{
$pageurls[]=$w_pgview->urlrequested;
}
} //end foreach
if($is_spider) $spider=$unknown_spider;
} //end if timestamp
} //end if wpageviews >7
} //end if empty($spider)
//identify spoofers of Google/Yahoo
if(!empty($spider)){
if(!empty($hostname) && preg_match('/^(googlebot|yahoo\!\sslurp)/i',$spider)>0 && preg_match('/\.(googlebot|yahoo)\./i',$hostname)==0){
$spider= __("Spoofer bot","wassup");
}
//for late spider identification, update previous records
if($wpageviews >1 && empty($recent_hit[0]->spider)){
$wassup_dbtask[]=sprintf("UPDATE `$wassup_table` SET `spider`='%s' WHERE `wassup_id`='%s' AND `spider`='' ",esc_attr($spider),$recent_hit[0]->wassup_id);
}
}
//#16 Spider exclusion control
if ($wassup_options->wassup_spider == 1 || $spider == '') {
$goodbot = false;
//some valid spiders to exclude from spam/hack checks
if($hostname!="" && !empty($spider) && preg_match('#^(googlebot|bingbot|msnbot|yahoo\!\sslurp)#i',$spider)>0 && preg_match('#\.(googlebot|live|msn|yahoo)\.(com|net)$#i',$hostname)>0){
$goodbot = true;
}
//do spam exclusion controls, unless disabled in wassup_spamcheck
//## Check for referrer spam...
if($wassup_options->wassup_spamcheck == 1 && $spam == 0 && !$goodbot){
$spamComment = New wassup_checkComment;
//skip referrer check if from own blog
if($wassup_options->wassup_refspam == 1 && !empty($referrer) && !$is_admin_login && stristr($referrer,$wpurl)!=$referrer && stristr($referrer,$blogurl)!=$referrer && $referrer!=$blogurl.$urlRequested){
$refdomain=wassupURI::get_urldomain($referrer);
$sitedomain=wassupURI::get_urldomain();
//skip referrer check if from own domain @since v1.9.4
if($refdomain != $sitedomain || strpos($referrer,'=')!==false){
//skip referrer check if on whitelist @since v1.9.4
if(empty($wassup_options->refspam_whitelist) || preg_match('#(?:^|\s*,)\s*('.preg_quote($refdomain).')\s*(?:,|$)#',$wassup_options->refspam_whitelist)==0){
//check if referrer is a previous comment spammer
if($spamComment->isRefSpam($referrer)>0){
$spam=2;
}else{
//check for known referer spammer
$isspam=wGetSpamRef($referrer,$hostname);
if ($isspam) $spam = 2;
}
} //end if refspam_whitelist
} //end if refdomain
} //end if wassup_refspam
//## Check for comment spammer...
// No spam check on spiders unless there is a comment or forum page request...
if ($spam == 0 && (empty($spider) || stristr($urlRequested,"comment")!== FALSE || stristr($urlRequested,"forum")!== FALSE || !empty($comment_user))) {
//check for previous spammer detected by anti-spam plugin
$spammerIP = $spamComment->isSpammer($IP);
if($spammerIP > 0) $spam=1;
//set as spam if both URL and referrer are "comment" and browser is obsolete or Opera
if ($spam== 0 && $wassup_options->wassup_spam==1 && stristr($urlRequested,"comment")!== FALSE && stristr($referrer,"#comment")!==FALSE && (stristr($browser,"opera")!==FALSE || preg_match('/^(AOL|Netscape|IE)\s[1-6]$/',$browser)>0)) {
$spam=1;
}
//#lastly check for comment spammers using Akismet API
if ($spam == 0 && $wassup_options->wassup_spam == 1 && stristr($urlRequested,"comment")!== FALSE && stristr($urlRequested,"/comments/feed/")== FALSE && !$is_media) {
$akismet_key = get_option('wordpress_api_key');
$akismet_class = WASSUPDIR.'/lib/akismet.class.php';
if (!empty($akismet_key) && is_readable($akismet_class)) {
include_once($akismet_class);
// load array with comment data
$comment_user_email = (!empty($_COOKIE['comment_author_email_'.COOKIEHASH])? utf8_encode($_COOKIE['comment_author_email_'.COOKIEHASH]):"");
$comment_user_url = (!empty($_COOKIE['comment_author_url_'.COOKIEHASH])? utf8_encode($_COOKIE['comment_author_url_'.COOKIEHASH]):"");
$Acomment = array(
'author' => $comment_user,
'email' => $comment_user_email,
'website' => $comment_user_url,
'body' => (isset($_POST["comment"])? $_POST["comment"]:""),
'permalink' => $urlRequested,
'user_ip' => $ipAddress,
'user_agent' => $userAgent);
//'Akismet' class renamed 'wassup_Akismet' due to a conflict with Akismet 3.0+ @since v1.9
$akismet=new wassup_Akismet($wpurl,$akismet_key,$Acomment);
// Check if it's spam
if($akismet->isSpam() && !$akismet->errorsExist()) $spam=1;
} //end if !empty(akismet_key)
} //end if wassup_spam
} //end if spam == 0
//retroactively update record for spam/malware attempt
if(!empty($spam) && $spamresult == "0" && !empty($recent_hit)){
//queue the update...
$wassup_dbtask[] = sprintf("UPDATE `$wassup_table` SET `spam`='%d' WHERE `wassup_id`='%s' AND `spam`='0' ",$spam,$wassup_id);
}
} //end if wassup_spamcheck == 1
//#17 Exclusion control for spam and malware
if ($spam == 0 || ($wassup_options->wassup_spam == 1 && $spam == 1) || ($wassup_options->wassup_refspam == 1 && $spam == 2) || ($wassup_options->wassup_hack == 1 && $spam == 3)) {
//#18 exclusion for wp-content/plugins (after 404/hackcheck)
if (stristr($urlRequested,"/".PLUGINDIR)===FALSE || stristr($urlRequested,"forum") !== FALSE || $spam==3) {
//## More user/referrer details for recording
//get language/locale
if(empty($language) && !empty($recent_hit[0]->language)) $language=$recent_hit[0]->language;
if($wdebug_mode){
if(headers_sent()) echo "\n language=$language";
else $debug_output .= "\n language=$language";
}
if(preg_match('/\.[a-z]{2,3}$/i',$hostname) >0 || preg_match('/[a-z\-_]+\.[a-z]{2,3}[^a-z]/i',$referrer) >0 || strlen($language)>2){
//get language/locale info from hostname or referrer data
$language=wGetLocale($language,$hostname,$referrer);
}
if($wdebug_mode){
if(headers_sent()) echo "\n...language=$language (after geoip/wgetlocale)";
else $debug_output .= " ...language=$language (after geoip/wgetlocale)";
}
// get search engine and search keywords from referrer
$searchengine="";
$search_phrase="";
$searchpage="0";
$searchlocale="";
//don't check own blog for search engine data
if (!empty($referrer) && $spam == "0" && stristr($referrer,$blogurl)!=$referrer && !$wdebug_mode) {
$ref=(is_string($referrer)?$referrer:mb_convert_encoding(strip_tags($_SERVER['HTTP_REFERER']),"HTML-ENTITIES","auto"));
//test for Google secure search and use generic "_notprovided_" for missing keyword @since v1.9
//TODO: Yahoo now has secure searching since 4/2014
$pcs=array();
$pcs2=array();
if (preg_match('#^https\://(www\.google(?:\.com?)?\.([a-z]{2,3}))/(url\?(?:.+[^q]+q=([^&]*)(?:&|$)))?#',$ref,$pcs)>0){
$searchdomain=$pcs[1];
$searchengine="Google";
if($pcs[2]!="com" && $pcs[2]!="co"){
$searchlocale=$pcs[2];
$searchengine .=" ".strtoupper($searchlocale);
}
//get the query keywords - will always be empty, until Google changes its policy
if(empty($pcs[4])) $search_phrase="_notprovided_";
else $search_phrase=$pcs[4];
if(!empty($pcs[3]) && preg_match('/&cd\=(\d+)(?:&|$)/',$ref,$pcs2)>0){
$searchpage=$pcs2[1];
}
unset($pcs,$pcs2);
//get GET type search results, ex: search=x
}elseif (strpos($ref,'=')!==false) {
$se=wGetSE($ref);
if(is_array($se) && !empty($se['searchengine'])){
$searchengine=$se['searchengine'];
$search_phrase=$se['keywords'];
$searchpage=(int)$se['page'];
$searchlang=$se['language'];
$searchlocale=$se['locale'];
}
if ($search_phrase != '') {
$sedomain = parse_url($referrer);
$searchdomain = $sedomain['host'];
}
}
//get other search results type, ex: search/x
if ($search_phrase == '') {
$se=wSeReferer($ref);
if (!empty($se['Query'])) {
$search_phrase = $se['Query'];
$searchpage = (int)$se['Pos'];
$searchdomain = $se['Se'];
//check for empty secure searches
} elseif(strpos($ref,'https://www.bing.')!==false || strpos($ref,'https://www.yahoo.')!==false || strpos($ref,'https://www.google.')!==false) {
$search_phrase = "_notprovided_";
$searchpage = 1;
$searchdomain = substr($ref,8);
} else {
$searchengine = "";
}
}
if ($search_phrase != '') {
if (!empty($searchengine)) {
if (stristr($searchengine,"images")===FALSE && stristr($referrer,'&imgurl=')===FALSE) {
// 2011-04-18: "page" parameter is now used on referrer string for Google Images et al.
if (preg_match('#page[=/](\d+)#i',$referrer,$pcs)>0) {
if ($searchpage != $pcs[1]) {
$searchpage = $pcs[1];
}
} elseif(!empty($searchpage)) {
// NOTE: Position retrieved in Google Images is the position number of image NOT page rank position like web search
$searchpage=(int)($searchpage/10)+1;
}else{
$searchpage=1;
}
}
//append country code to search engine name
if (preg_match('/(\.([a-z]{2})$|^([a-z]{2})\.)/i',$searchdomain,$match)) {
$searchcountry="";
if(!empty($match[2])){
$searchcountry=$match[2];
}elseif(!empty($match[3])){
$searchcountry=$match[3];
}
if(!empty($searchcountry) && $searchcountry!="us"){
//avoid duplicate country code in searchengine name @since v1.9.3
if(stristr($searchengine," $searchcountry")===false) $searchengine .=" ".strtoupper($searchcountry);
if($language == "us" || empty($language) || $language=="en"){
//make tld consistent with language
if($searchcountry=="uk") $searchcountry="gb";
elseif($searchcountry=="su") $searchcountry="ru";
$language=$searchcountry;
}
}
}
} else {
$searchengine = $searchdomain;
}
//use search engine country code as locale
$searchlocale = trim($searchlocale);
if(!empty($searchlocale)){
if($language == "us" || empty($language) || $language=="en"){
$language=$searchlocale;
}
}
} //end if search_phrase
} //end if (!empty($referrer)
if ($searchpage == "") $searchpage = 0;
//Prepare to save to table...
//make sure language is 2-digits and lowercase
$pcs=array();
if(!empty($language) && preg_match('/^(?:[a-z]{2}\-)?([a-z]{2})(?:$|,)/i',$language,$pcs)>0){
$language=strtolower($pcs[1]);
}else{
$language="";
}
//tag 404 requests in table
if($req_code==404) $urlRequested="[404] ".$_SERVER['REQUEST_URI'];
// #Record visit in wassup tables...
// #create record to add to wassup tables...
$wassup_rec = array('wassup_id'=>$wassup_id,
'timestamp'=>$timenow,
'ip'=>$ipAddress,
'hostname'=>$hostname,
'urlrequested'=>wassupDb::xescape($urlRequested),
'agent'=>wassupDb::xescape($userAgent),
'referrer'=>wassupDb::xescape($referrer),
'search'=>$search_phrase,
'searchpage'=>$searchpage,
'searchengine'=>$searchengine,
'os'=>$os,
'browser'=>$browser,
'language'=>$language,
'screen_res'=>$wscreen_res,
'spider'=>$spider,
'feed'=>$feed,
'username'=>$logged_user,
'comment_author'=>$comment_user,
'spam'=>$spam,
'url_wpid'=>$article_id,
'subsite_id'=>$subsite_id,
);
// Insert the visit record into wassup temp table
$temp_recid = wassup_insert_rec($wassup_tmp_table,$wassup_rec);
//Omit link prefetch and preview requests from main table but add them to wassup_tmp for visitor counts only @since v1.9
if((!isset($_SERVER['HTTP_X_MOZ']) || (strtolower($_SERVER['HTTP_X_MOZ'])!='prefetch')) && (!isset($_SERVER["HTTP_X_PURPOSE"]) || strtolower($_SERVER['HTTP_X_PURPOSE'])!='preview')){
$error_msg="";
// Insert the visit record into wassup table
$wassup_recid=wassup_insert_rec($wassup_table,$wassup_rec);
if(!empty($wassup_recid) && is_wp_error($wassup_recid)){
$errno=$wassup_recid->get_error_code();
if(!empty($errno)) $error_msg="\nError saving record: $errno: ".$wassup_recid->get_error_message()."\n";
$wassup_recid=false;
}elseif(empty($wassup_recid) || !is_numeric($wassup_recid)){
if(!empty($wpdb->insert_id)){
$wassup_recid=$wpdb->insert_id;
}elseif(!empty($wassup_options->delayed_insert) && is_numeric($temp_recid)){
$wassup_recid=$temp_recid; //positive val for delayed insert
}else{
$error_msg="an unknown error occurred during save";
}
}
if($wdebug_mode){
if(headers_sent()){
if(!empty($wassup_recid)){
echo "\nWassUp record data:";
print_r($wassup_rec);
echo "*** Visit recorded ***";
}else{
echo "\n *** Visit was NOT recorded! ".$error_msg." *** -->";
}
}else{
if(!empty($wassup_recid)){
$debug_output .= "\n WassUp record data:\n";
$debug_output .=print_r($wassup_rec,true); //debug
$debug_output .= "\n *** Visit recorded ***"; //debug
}else{
$debug_output .= "\n *** Visit was NOT recorded ".$error_msg." ***"; //debug
}
}
}
} //end if prefetch
}elseif($wdebug_mode){
if(headers_sent()) echo "\n #18 Excluded by: wp-content/plugins (after 404)";
else $debug_output .="\n #18 Excluded by: wp-content/plugins (after 404)";
} //end if !wp-content/plugins
}elseif($wdebug_mode){
if(headers_sent()) echo "\n #17 Excluded by: wassup_spam";
else $debug_output .="\n #17 Excluded by: wassup_spam";
} //end if $spam == 0
}elseif($wdebug_mode){
if(headers_sent()) echo "\n #16 Excluded by: wassup_spider";
else $debug_output .="\n #16 Excluded by: wassup_spider";
} //end if wassup_spider
}elseif($wdebug_mode){
if(headers_sent()) echo "\n #15 Excluded by: wassup_hack";
else $debug_output .="\n #15 Excluded by: wassup_hack";
} //end if wassup_hack
}elseif($wdebug_mode){
if(headers_sent()) echo "\n #14 Excluded by: is_404";
else $debug_output .="\n #14 Excluded by: is_404";
} //end if !is_404
}elseif($wdebug_mode){
if(headers_sent()) echo "\n #13 Excluded by: !wp-admin (ajax)";
else $debug_output .="\n #13 Excluded by: !wp_admin (ajax)";
} //end if !wp_admin (ajax) && recent_hit
}elseif($wdebug_mode){
if(headers_sent()) echo "\n #12 Excluded by: dup_urlrequest";
else $debug_output .="\n #12 Excluded by: dup_urlrequest";
} //end if dup_urlrequest == 0
}elseif($wdebug_mode){
if(headers_sent()) echo "\n #11 Excluded by: wassup_attack";
else $debug_output .="\n #11 Excluded by: wassup_attack";
} //end if wassup_attack
}elseif($wdebug_mode){
if(headers_sent()) echo "\n #10 Excluded by: wassup_loggedin";
else $debug_output .="\n #10 Excluded by: wassup_loggedin";
} //end if wassup_loggedin
}elseif($wdebug_mode){
if(headers_sent()) echo "\n #9 Excluded by: wp-content/themes";
else $debug_output .="\n #9 Excluded by: wp-content/themes";
} //end if !themes
}elseif($wdebug_mode){
if(headers_sent()) echo "\n #8 Excluded by: wp-content/plugins (or hostname wildcard)";
else $debug_output .="\n #8 Excluded by: wp-content/plugins (or hostname wildcard)";
} //end if !plugins
}elseif($wdebug_mode){
if(headers_sent()) echo "\n #7 Excluded by: exclude_host (or IP wilcard)";
else $debug_output .="\n #7 Excluded by: exclude_host (or IP wildcard)";
} //end if wassup_exclude_host
}elseif($wdebug_mode){
if(headers_sent()) echo "\n #6 Excluded by: wassup_exclude";
else $debug_output .="\n #6 Excluded by: wassup_exclude";
} //end if wassup_exclude
}elseif($wdebug_mode){
if(headers_sent()) echo "\n #5 Excluded by: exclude_url";
else $debug_output .="\n #5 Excluded by: exclude_url";
} //end if wassup_exclude_url
}elseif($wdebug_mode){
if(headers_sent()) echo "\n #4 Excluded by: exclude_user";
else $debug_output .="\n #4 Excluded by: exclude_user";
} //end if wassup_exclude_user
}elseif($wdebug_mode){
if(headers_sent()) echo "\n #3 Excluded by: is_admin";
else $debug_output .="\n #3 Excluded by: is_admin";
} //end if !is_admin
} //end if wp-cron.php?doing_wp_cron===FALSE //#2
}elseif($wdebug_mode){
if(headers_sent()) echo "\n #1 Excluded by: is_admin_login";
else $debug_output .="\n #1 Excluded by: is_admin_login";
} //end if !is_admin_login
//add excluded visitors to wassup_tmp table for accurate online counts @since v1.9
if(empty($temp_recid) && $dup_urlrequest==0){
$in_temp=0;
//check that visitor is not already in temp
if(!empty($logged_user)){
//check for username
$result=$wpdb->get_var(sprintf("SELECT COUNT(`wassup_id`) AS in_temp FROM `$wassup_tmp_table` WHERE `wassup_id`='%s' AND `timestamp`>'%d' AND `username`!=''",$wassup_id,$timenow - 540));
}else{
$result=$wpdb->get_var(sprintf("SELECT COUNT(`wassup_id`) AS in_temp FROM `$wassup_tmp_table` WHERE `wassup_id`='%s' AND `timestamp`>'%d' AND `spider`=''",$wassup_id,$timenow-160));
}
if(is_numeric($result)) $in_temp=(int)$result;
if($wdebug_mode){
if(headers_sent()) echo "\nin_temp=".$result;
else $debug_output .="\nin_temp=".$result;
}
//add new temp record
if($in_temp==0){
if(empty($wassup_rec)){
$pcs=array();
if(!empty($language) && preg_match('/^(?:[a-z]{2}\-)?([a-z]{2})(?:$|,)/i',$language,$pcs)>0){
$language=strtolower($pcs[1]);
}else{
$language="";
}
//tag 404 requests in table
if($req_code=="404"){
$urlRequested="[404] ".$_SERVER['REQUEST_URI'];
}
// #Record visit in wassup tables...
$wassup_rec = array('wassup_id'=>$wassup_id,
'timestamp'=>$timenow,
'ip'=>$ipAddress,
'hostname'=>$hostname,
'urlrequested'=>wassupDb::xescape($urlRequested),
'agent'=>wassupDb::xescape($userAgent),
'referrer'=>wassupDb::xescape($referrer),
'search'=>$search_phrase,
'searchpage'=>$searchpage,
'searchengine'=>$searchengine,
'os'=>$os,
'browser'=>$browser,
'language'=>$language,
'screen_res'=>$wscreen_res,
'spider'=>$spider,
'feed'=>$feed,
'username'=>$logged_user,
'comment_author'=>$comment_user,
'spam'=>$spam,
'url_wpid'=>$article_id,
'subsite_id'=>$subsite_id,
);
}
//insert the record into the wassup_tmp table
$temp_recid=wassup_insert_rec($wassup_tmp_table,$wassup_rec);
}
} //end if temp_recid
$timestamp=$timenow;
$now=time();
//## Automatic database monitoring and cleanup tasks...check every few visits
//# Notify admin if alert is set and wassup table > alert
if((int)$timestamp%139 == 0){
if($wassup_options->wassup_remind_flag == 1 && (int)$wassup_options->wassup_remind_mb>0){
$tusage=0;
$fstatus = wassupDb::table_status($wassup_table);
$data_lenght = 0;
if (!empty($fstatus) && is_object($fstatus)) {
//db size = db records + db index
$data_lenght=$fstatus->Data_length+$fstatus->Index_length;
$tusage = ($data_lenght/1024/1024);
}
if($tusage >0 && $tusage > $wassup_options->wassup_remind_mb){
if(!empty($network_settings['wassup_table']) && $network_settings['wassup_table']==$wassup_table){
$recipient = get_site_option('admin_email');
}else{
$recipient = get_bloginfo('admin_email');
}
$sender = 'From: '.get_bloginfo('name').' <wassup_noreply@'.parse_url($blogurl,PHP_URL_HOST).'>';
$subject=sprintf(__("%s WassUp Plugin table has reached maximum size!","wassup"),'['.__("ALERT","wassup").']');
$message = __('Hi','wassup').",\n".__('you have received this email because your WassUp Database table at your Wordpress blog','wassup')." ($wpurl) ".__('has reached the maximum value set in the options menu','wassup')." (".$wassup_options->wassup_remind_mb." Mb).\n\n";
$message .= __('This is only a reminder, please take the actions you want in the WassUp options menu','wassup')." (".admin_url("admin.php?page=wassup-options").")\n\n".__('This alert now will be removed and you will be able to set a new one','wassup').".\n\n";
$message .= __('Thank you for using WassUp plugin. Check if there is a new version available here:','wassup')." http://wordpress.org/extend/plugins/wassup/\n\n".__('Have a nice day!','wassup')."\n";
wp_mail($recipient, $subject, $message, $sender);
$wassup_options->wassup_remind_flag = 2;
$wassup_options->saveSettings();
}
} //if wassup_remind_flag
} //if timestamp%139
//# schedule purge of temporary records - also done hourly in wp-cron
if(((int)$timestamp)%11 == 0){
$starttime=0;
if(version_compare($wp_version,'3.0','>')) $starttime=wp_next_scheduled('wassup_scheduled_cleanup');
if(empty($starttime) || ($starttime - $now) >660){
//keep logged-in user records in temp for up to 10 minutes, anonymous user records for up to 3 minutes, and spider records for only 1 minute @since v1.9
$wassup_dbtask[]=sprintf("DELETE FROM `$wassup_tmp_table` WHERE `timestamp`<'%d' OR (`timestamp`<'%d' AND `username`='') OR (`timestamp`<'%d' AND `spider`!='')",(int)($timestamp - 10*60),(int)($timestamp - 3*60),(int)($timestamp - 60));
if(((int)$timestamp)%5 == 0){
//Purge expired cache data from wassup_meta
$result=$wpdb->query(sprintf("DELETE FROM `$wassup_meta_table` WHERE `meta_expire`>'0' AND `meta_expire`<'%d'",$now - 3600));
}
}
}
//# schedule table optimization ...check every few visits
if(((int)$timestamp)%141 == 0 && (!is_multisite() || is_main_site() || !$wassup_options->network_activated_plugin())){
//Optimize table when optimize timestamp is older than current time
if(!empty($wassup_options->wassup_optimize) && is_numeric($wassup_options->wassup_optimize) && $now >(int)$wassup_options->wassup_optimize){
$optimize_sql=sprintf("OPTIMIZE TABLE `%s`",$wassup_table);
if(version_compare($wp_version,'3.0','<')){
$wassup_dbtask[]=$optimize_sql;
}else{
$args=array('dbtasks'=>array("$optimize_sql"));
wp_schedule_single_event(time()+620,'wassup_scheduled_optimize',$args);
}
//save new optimize timestamp
$wassup_options->wassup_optimize = $wassup_options->defaultSettings('wassup_optimize');
$wassup_options->saveSettings();
}
}
//# Lastly, perform scheduled database tasks
if(count($wassup_dbtask)>0){
$args=array('dbtasks'=>$wassup_dbtask);
if(is_admin() || version_compare($wp_version,'3.0','<')){
wassupDb::scheduled_dbtask($args);
}else{
wp_schedule_single_event(time()+40,'wassup_scheduled_dbtasks',$args);
}
if($wdebug_mode){
if(headers_sent()){
echo "\nWassup scheduled tasks:";
print_r($wassup_dbtask);
}
}
}
if($wdebug_mode){ //close comment tag to hide debug data from visitors
if(headers_sent()){
echo "\n--> \n";
}else{
$debug_output .= "<br />\n--> \n";
//add debug output to wp_footer output - @TODO
$expire=time()+180;
$wassup_key=wassup_clientIP($_SERVER['REMOTE_ADDR']);
wassupDb::update_wassupmeta($wassup_key,'_debug_output',$expire,$debug_output);
}
}elseif(isset($errmode_reset)){
//restore normal error mode
error_reporting($errmode_reset);
@ini_set('display_errors',$errdisplay_reset);
} //end if wdebug_mode
} //end wassupAppend
/** Insert a new record into Wassup table */
function wassup_insert_rec($wTable,$wassup_rec,$delayed=false){
global $wpdb,$wassup_options;
$wassup_table=$wassup_options->wassup_table;
$wassup_tmp_table=$wassup_table."_tmp";
$insert_id=false;
$delayed=false;
//check that wassup_rec is valid associative array
if(is_array($wassup_rec)){
if(($wTable==$wassup_table || $wTable==$wassup_tmp_table) && !empty($wassup_rec['wassup_id'])){
//check for 'subsite_id' column in single site setups and remove if missing
if(!is_multisite()){
$col=$wpdb->get_var(sprintf("SHOW COLUMNS FROM `%s` LIKE 'subsite_id'",$wassup_table));
if(empty($col)) unset($wassup_rec['subsite_id']);
}
//insert temp record
if($wTable==$wassup_tmp_table){
//if plugin update was interrupted, temp table could be missing
if(!wassupDb::table_exists($wassup_tmp_table)){
$result=$wpdb->query(sprintf("CREATE TABLE `%s` LIKE `$wassup_table`",$wassup_tmp_table));
}
$insert_id=wassupDb::table_insert($wassup_tmp_table,$wassup_rec);
}else{
if(!empty($wassup_options->delayed_insert)) $delayed=true;
$insert_id=wassupDb::table_insert($wTable,$wassup_rec,$delayed);
//try regular insert when delayed insert fails on MySql server
if(!empty($insert_id) && is_wp_error($insert_id) && $delayed){
$insert_id=wassupDb::table_insert($wTable,$wassup_rec,false);
//always bypass delayed insert
$wassup_options->delayed_insert=0;
$wassup_options->saveSettings();
}
}
}elseif(strpos($wTable,'wassup')!==false){
$insert_id=wassupDb::table_insert($wTable,$wassup_rec);
}
}
return $insert_id;
}//end wassup_insert_rec
/**
* Assign an id for current visitor session from a combination of date/hour/min/ip/loggeduser/useragent/hostname.
* This is not unique so that multiple visits from the same ip/userAgent within a 30 minute-period, can be tracked, even when session/cookies are disabled.
* @since v1.9
* @param args (array)
* @return string
*/
function wassup_get_sessionid($args=array()){
global $wpdb,$current_user,$wassup_options;
if(!empty($args) && is_array($args)) extract($args);
if(empty($timestamp)) $timestamp=current_time('timestamp');
if(empty($ipAddress)) $ipAddress=$_SERVER['REMOTE_ADDR'];
if(empty($IP)) $IP=wassup_clientIP($ipAddress);
if(empty($subsite_id)) $subsite_id=(!empty($GLOBALS['current_blog']->blog_id)?$GLOBALS['current_blog']->blog_id:0);
if(empty($sessionhash)) $sessionhash=$wassup_options->whash;
$session_id="";
//check for a recent visit from this ip address when no cookie
if(!isset($_COOKIE['wassup'.$sessionhash])){
$wassup_table=$wassup_options->wassup_table;
$wassup_tmp_table=$wassup_table."_tmp";
$multisite_whereis="";
if($wassup_options->network_activated_plugin() && !empty($subsite_id)){
$multisite_whereis=sprintf(" AND `subsite_id`=%d",subsite_id);
}
if(!isset($userAgent)){
$userAgent=(isset($_SERVER['HTTP_USER_AGENT'])?rtrim($_SERVER['HTTP_USER_AGENT']):'');
if(strlen($userAgent) >255){
$userAgent=substr(str_replace(array(' ','%20%20','++'),array(' ','%20','+'),$userAgent),0,255);
}
}
//reuse wassup_id from very recent hit from this ip (within 45 secs)
$result=$wpdb->get_results(sprintf("SELECT SQL_NO_CACHE `wassup_id`, `ip`, `timestamp`, `username`, `spam`, `agent`, `referrer` FROM `$wassup_tmp_table` WHERE `ip`='%s' AND `timestamp` >'%d' AND `agent`='%s' %s ORDER BY `timestamp` LIMIT 1",esc_attr($IP),$timestamp-45,esc_attr($userAgent),$multisite_whereis));
if (!empty($result) && !is_wp_error($result)){
$session_id=$result[0]->wassup_id;
}
}
if(empty($session_id)){
if(!isset($logged_user) && !empty($current_user->user_login)){
$logged_user=$current_user->user_login;
}else{
$logged_user="";
}
if(empty($hostname)) $hostname=wassup_get_hostname($IP);
$tempUA="";
if(isset($_SERVER['HTTP_USER_AGENT'])){
$tempUA=str_replace(array(' ',' ','http://','www.','%20','+','%','&','#','.','$',';',':','-','>','<','`','*','/','\\','"','\'','!','@','=','_',')','('),'',preg_replace('/(�?37;|&#0?37;|�?38;#0?37;|%)(?:[01][0-9A-F]|7F)/i','',$_SERVER['HTTP_USER_AGENT']));
}
$templen=strlen($tempUA);
if($templen==0) $tempUA="UnknownSpider";
elseif($templen<10) $tempUA .=$templen."isTooSmall";
if(!empty($logged_user)){
$sessiontime=intval(gmdate('i',$timestamp)/90);
$temp_id=sprintf("%-040.40s",gmdate('Ymd',$timestamp).$sessiontime.str_replace(array('.',':','-'),'',substr(strrev($ipAddress),2).strrev($logged_user).strrev($tempUA).$sessiontime.gmdate('dmY',$timestamp).strrev($hostname)).$templen.rand());
}else{
$sessiontime=intval(gmdate('i',$timestamp)/30);
$temp_id=sprintf("%-040.40s",gmdate('YmdH',$timestamp).$sessiontime.str_replace(array('.',':','-'),'',substr(strrev($ipAddress),2).strrev($tempUA).$sessiontime.gmdate('HdmY',$timestamp).strrev($hostname)).$templen.rand());
}
//#assign new wassup id from "temp_id"
$session_id= (int)$subsite_id.'b_'.md5($temp_id);
}
return $session_id;
} //end wassup_get_sessionid
/**
* Retrieve a hash value to assign to a session cookie
* - replaces 'COOKIEHASH' which breaks up a continuous session with user login/reauthorization
*/
function wassup_get_sessionhash($ip=0){
global $wassup_options;
if(empty($ip)) $ip=wassup_clientIP($_SERVER['REMOTE_ADDR']);
$sessionhash=wassupDb::get_wassupmeta($ip,'_sessionhash');
if(empty($sessionhash)){
$sessionhash=$wassup_options->whash;
//keep this hash value for 2 hours so still works even if wassup_options (and whash) is reset
$expire=time()+2*3600;
$cacheid=wassupDb::update_wassupmeta($ip,'_sessionhash',$sessionhash,$expire);
}
return $sessionhash;
}
/**
* search url string for key=value pairs and assign to assoc array
* note: php's "parse_str" and Wordpress' "wp_parse_args" does the same thing
* @access public
* @return array
*/
function wGetQueryVars($urlstring){
$qvar = array();
if (!empty($urlstring)) {
$wtab=parse_url($urlstring);
if(key_exists("query",$wtab)){
//use 'parse_str' when possible
parse_str($wtab["query"],$qvar);
}else{ //for partial urls
//remove any anchor links from end of url
if(preg_match('/([^#]+)#.*/',$urlstring,$pcs)>0) $query=$pcs[1];
else $query=$urlstring;
$i=0;
while($query){
$pcs=array();
//exclude 1st part of url up to and including the "?"
if(preg_match('/(?:[^?]*\?)?([^=&]+)(=[^&]+)?/',$query,$pcs)>0){
$name=$pcs[1];
if(empty($pcs[2])) $qvar[$name]=true;
else $qvar[$name]=substr($pcs[2],1);
$newquery=substr($query,strlen($pcs[0])+1);
$query=$newquery;
}else{
$name=$query;
$qvar[$name]=true;
$query="";
}
$i++;
if($i >=20) break; //bad query, end loop
} //end while
}
}
return $qvar;
} //end wGetQueryVars
/**
* Find search engine referrals from lesser-known search engines or from engines that use a url-format (versus GET) for search query
* @param boolean
* @return array
*/
function wSeReferer($ref = false) {
$SeReferer = (is_string($ref) ? $ref : mb_convert_encoding(strip_tags($_SERVER['HTTP_REFERER']), "HTML-ENTITIES", "auto"));
if ($SeReferer == "") { //nothing to do;
return false;
}
//Check against Google, Yahoo, MSN, Ask and others
if(preg_match('#^https?://([^/]+).*[&\?](prev|q|p|s|search|searchfor|as_q|as_epq|query|keywords|term|encquery)=([^&]+)#i',$SeReferer,$pcs) > 0){
$SeDomain = trim(strtolower($pcs[1]));
if ($pcs[2] == "encquery") {
$SeQuery = " *".__("encrypted search","wassup")."* ";
} else {
$SeQuery = $pcs[3];
}
//Check for search engines that show query as a url with 'search' and keywords in path (ex: Dogpile.com)
}elseif(preg_match('#^https?://([^/]+).*/(results|search)/web/([^/]+)/(\d+)?#i',$SeReferer,$pcs)>0){
$SeDomain = trim(strtolower($pcs[1]));
$SeQuery = $pcs[3];
if (!empty($pcs[4])) {
$SePos=(int)$pcs[4];
}
//Check for search engines that show query as a url with 'search' in domain and keywords in path (ex: twitnitsearch.appspot.com)
}elseif(preg_match('#^https?://([a-z0-9_\-\.]*(search)(?:[a-z0-9_\-\.]*\.(?:[a-z]{2,4})))/([^/]+)(?:[a-z_\-=/]+)?/(\d+)?#i',$SeReferer."/",$pcs)>0){
$SeDomain = trim(strtolower($pcs[1]));
$SeQuery = $pcs[3];
if (!empty($pcs[4])) {
$SePos=(int)$pcs[4];
}
}
unset ($pcs);
//-- We have a query
if(isset($SeQuery)){
// Multiple URLDecode Trick to fix DogPile %XXXX Encodes
if (strstr($SeQuery,'%')) {
$OldQ=$SeQuery;
$SeQuery=urldecode($SeQuery);
while($SeQuery != $OldQ){
$OldQ=$SeQuery;
$SeQuery=urldecode($SeQuery);
}
}
if (!isset($SePos)) {
if(preg_match('#[&\?](start|startpage|b|cd|first|stq|pi|page)[=/](\d+)#i',$SeReferer,$pcs)) {
$SePos = $pcs[2];
} else {
$SePos = 1;
}
unset ($pcs);
}
$searchdata=array("Se"=>$SeDomain, "Query"=>$SeQuery,
"Pos"=>$SePos, "Referer"=>$SeReferer);
} else {
$searchdata=false;
}
return $searchdata;
} //end function wSeReferrer
/**
* Parse referrer string for match from a list of known search engines and, if found, return an array containing engine name, search keywords, results page#, and language.
* Notes:
* -To distinguish "images", "mobile", or other types of searches that uses subdomains, the "images" and "mobile" subdomains must be entered above the main search domain in the search engines array list.
* - New or obscure search engines, search engines with a URL-formatted referrer string, and any search engine not listed here, are identified by another function, "wSeReferer()".
*
* @param string
* @return array
*/
function wGetSE($referrer = null){
$key = null;
$search_phrase="";
$searchpage="";
$searchengine="";
$searchlang="";
$selocale="";
$blogurl = preg_replace('#(https?\://)?(www\.)?#','',strtolower(get_option('home')));
//list of well known search engines.
// Structure: "SE Name|SE Domain(partial+unique)|query_key|page_key|language_key|locale|charset|"
$lines = array(
"360search|so.360.com|q|||cn|utf8|",
"360search|www.so.com|q|||cn|utf8|",
"Abacho|.abacho.|q|||||",
"ABC Sok|verden.abcsok.no|q|||no||",
"Aguea|chercherfr.aguea.com|q|||fr||",
"Alexa|.alexa.com|q|||||",
"Alice Adsl|rechercher.aliceadsl.fr|qs|||fr||",
"Allesklar|www.allesklar.|words|||de||",
"AllTheWeb|.alltheweb.com|q|||||",
"All.by|.all.by|query|||||",
"Altavista|.altavista.|q|||||",
"Altavista|.altavista.|aqa|||||", //advanced query
"Apollo Lv|apollo.lv|q|||lv||",
"Apollo7|apollo7.de|query|||de||",
"AOL|recherche.aol.|query|||||",
"AOL|search.aol.|query|||||",
"AOL|.aol.|query|||||",
"AOL|.aol.|q|||||",
"Aport|sm.aport.ru|r|||ru||",
"Arama|.arama.com|q|||de||",
"Arcor|.arcor.de|Keywords|||de||",
"Arianna|arianna.libero.it|query|||it||",
"Arianna|.arianna.com|query|||it|",
"Ask|.ask.com|ask|||||",
"Ask|.ask.com|q|||||",
"Ask|.ask.com|searchfor|||||",
"Ask|.askkids.com|ask|||||",
"Atlas|search.atlas.cz|q|||cz||",
"Atlas|searchatlas.centrum.cz|q|||cz||",
"auone Images|image.search.auone.jp|q|||jp||",
"auone|search.auone.jp|q|||jp||",
"Austronaut|.austronaut.at|q|||at||",
"avg.com|search.avg.com|q|cd|hl|||",
"Babylon|search.babylon.com|q|||||",
"Baidu|.baidu.com|wd|||cn|utf8|",
"Baidu|.baidu.com|word|||cn|utf8|",
"Baidu|.baidu.com|kw|||cn|utf8|",
"Biglobe Images|images.search.biglobe.ne.jp|q|||jp||",
"Biglobe|.search.biglobe.ne.jp|q|||jp||",
"Bing Images|.bing.com/images/|q|first||||",
"Bing Images|.bing.com/images/|Q|first||||",
"Bing|.bing.com|q|first||||",
"Bing|.bing.com|Q|first||||",
"Bing|search.msn.|q|first|||",
"Bing|.it.msn.com|q|first||it||",
"Bing|msnbc.msn.com|q|first||||",
"Bing Cache|cc.bingj.com|q|first||||",
"Bing Cache|cc.bingj.com|Q|first||||",
"Blogdigger|.blogdigger.com|q|||||",
"Blogpulse|.blogpulse.com|query|||||",
"Bluewin|.bluewin.ch|q|||ch||",
"Bluewin|.bluewin.ch|searchTerm|||ch||",
"Centrum|.centrum.cz|q|||cz||",
"chedot.com|search.chedot.com|text|||||",
"Claro Search|claro-search.com|q|||||",
"Clix|pesquisa.clix.pt|question|||pt||",
"Conduit Images|images.search.conduit.com|q|||||",
"Conduit|search.conduit.com|q|||||",
"Comcast|search.comcast.net|q|||||",
"Crawler|www.crawler.com|q|||||",
"Compuserve|websearch.cs.com|query|||||",
"Darkoogle|.darkoogle.com|q|cd|hl|||",
"DasTelefonbuch|.dastelefonbuch.de|kw|||de||",
"Daum|search.daum.net|q|||||",
"Delfi Lv|smart.delfi.lv|q|||lv||",
"Delfi EE|otsing.delfi.ee|q|||ee||",
"Digg|digg.com|s|||||",
"dir.com|fr.dir.com|req|||fr||",
"DMOZ|.dmoz.org|search|||||",
"DuckDuckGo|duckduckgo.com|q|||||",
"Earthlink|.earthlink.net|q|||||",
"Eniro|.eniro.se|q|||se||",
"Euroseek|.euroseek.com|string|||||",
"Everyclick|.everyclick.com|keyword|||||",
"Excite|search.excite.|q|||||",
"Excite|.excite.co.jp|search|||jp||",
"Exalead|.exalead.fr|q|||fr||",
"Exalead|.exalead.com|q|||fr||",
"eo|eo.st|x_query|||st||",
"Facebook|.facebook.com|q|||||",
"Facemoods|start.facemoods.com|s|||||",
"Fast Browser Search|.fastbrowsersearch.com|q|||||",
"Francite|recherche.francite.com|name|||fr||",
"Findhurtig|.findhurtig.dk|q|||dk||",
"Fireball|.fireball.de|q|||de||",
"Firstfind|.firstsfind.com|qry|||||",
"Fixsuche|.fixsuche.de|q|||de||",
"Flix.de|.flix.de|keyword|||de||",
"Fooooo|search.fooooo.com|q|||||",
"Free|.free.fr|q|||fr||",
"Free|.free.fr|qs|||fr||",
"Freecause|search.freecause.com|p|||||",
"Freenet|suche.freenet.de|query|||de||",
"Freenet|suche.freenet.de|Keywords|||de||",
"Gnadenmeer|.gnadenmeer.de|keyword|||de||",
"Godago|.godago.com|keywords||||", //check
"Gomeo|.gomeo.com|Keywords|||||",
"goo|.goo.ne.jp|MT|||jp||",
"Good Search|goodsearch.com|Keywords|||||",
"Google|.googel.com|q|cd|hl|||",
"Google|www.googel.|q|cd|hl|||",
"Google|wwwgoogle.com|q|cd|hl|||",
"Google|gogole.com|q|cd|hl|||",
"Google|gppgle.com|q|cd|hl|||",
"Google Blogsearch|blogsearch.google.|q|start||||",
"Google Custom Search|google.com/cse|q|cd|hl|||",
"Google Custom Search|google.com/custom|q|cd|hl|||",
"Google Groups|groups.google.|q|start||||",
"Google Images|.google.com/images?|q|cd|hl|||",
"Google Images|images.google.|q|cd|hl|||",
"Google Images|/imgres?imgurl=|prev|start|hl|||", //obsolete
"Google Images JP|image.search.smt.docomo.ne.jp|MT|cd|hl|jp||",
"Google JP|search.smt.docomo.ne.jp|MT|cd|hl|jp||",
"Google JP|.nintendo.co.jp|gsc.q|cd|hl|jp||",
"Google Maps|maps.google.|q||hl|||",
"Google News|news.google.|q|cd|hl|||",
"Google Scholar|scholar.google.|q|cd|hl|||",
"Google Shopping|google.com/products|q|cd|hl|||",
"Google syndicated search|googlesyndicatedsearch.com|q|cd|hl|||",
"Google Translate|translate.google.|prev|start|hl|||",
"Google Translate|translate.google.|q|cd|hl|||",
"Google Translate|translate.googleusercontent.com|prev|start|hl|||",
"Google Translate|translate.googleusercontent.com|q|cd|hl|||",
"Google Video|video.google.com|q|cd|hl|||",
"Google Cache|.googleusercontent.com|q|cd|hl|||",
"Google Cache|http://64.233.1|q|cd|hl|||",
"Google Cache|http://72.14.|q|cd|hl|||",
"Google Cache|http://74.125.|q|cd|hl|||",
"Google Cache|http://209.85.|q|cd|hl|||",
"Google|www.google.|q|cd|hl|||",
"Google|www.google.|as_q|start|hl|||",
"Google|.google.com|q|cd|hl|||",
"Google|.google.com|as_q|start|hl|||",
"Gooofullsearch|.gooofullsearch.com|q|cd|hl|||",
"Goyellow.de|.goyellow.de|MDN|||de||",
"Hit-Parade|.hit-parade.com|p7|||||",
"Hooseek.com|.hooseek.com|recherche|||||",
"HotBot|hotbot.|query|||||",
"ICQ Search|.icq.com|q|||||",
"Ilse NL|.ilse.nl|search_for|||nl||",
"Incredimail|.incredimail.com|q|||||",
"InfoSpace|infospace.com|q|||||",
"InfoSpace|dogpile.com|q|||||",
"InfoSpace|search.fbdownloader.com|q|||||",
"InfoSpace|searches3.globososo.com|q|||||",
"InfoSpace|search.kiwee.com|q|||||",
"InfoSpace|metacrawler.com|q|||||",
"InfoSpace|tattoodle.com|q|||||",
"InfoSpace|searches.vi-view.com|q|||||",
"InfoSpace|webcrawler.com|q|||||",
"InfoSpace|webfetch.com|q|||||",
"InfoSpace|search.webssearches.com|q|||||",
"Ixquick|ixquick.com|query|||||",
"Ixquick|ixquick.de|query|||de||",
"Jyxo|jyxo.1188.cz|q|||cz||",
"Jumpy|.mediaset.it|searchWord|||it||",
"Kataweb|kataweb.it|q|||it||",
"Kvasir|kvasir.no|q|||no||",
"Kvasir|kvasir.no|searchExpr|||no||",
"Latne|.latne.lv|q|||lv||",
"Looksmart|.looksmart.com|key|||||",
"Lo.st|.lo.st|x_query|||||",
"Lycos|.lycos.com|query|||||",
"Lycos|.lycos.it|query|||it||",
"Lycos|.lycos.|query||||",
"Lycos|.lycos.|q|||||",
"maailm.com|.maailm.com|tekst|||||",
"Mail.ru|.mail.ru|q|||ru|utf8|",
"MetaCrawler DE|.metacrawler.de|qry|||de||",
"Metager|meta.rrzn.uni-hannover.de|eingabe|||de||",
"Metager|metager.de|eingabe|||de||",
"Metager2|.metager2.de|q|||de||",
"Meinestadt|.meinestadt.de|words|||||",
"Mister Wong|.mister-wong.com|keywords|||||",
"Mister Wong|.mister-wong.de|keywords|||||",
"Monstercrawler|.monstercrawler.com|qry|||||",
"Mozbot|.mozbot.fr|q|||fr||",
"Mozbot|.mozbot.co.uk|q|||gb||",
"Mozbot|.mozbot.com|q|||||",
"El Mundo|.elmundo.es|q|||es||",
"MySpace|.myspace.com|qry|||||",
"MyWebSearch|.mywebsearch.com|searchfor||||||",
"MyWebSearch|.mywebsearch.com|searchFor||||||",
"MyWebSearch|.mysearch.com|searchfor||||||",
"MyWebSearch|.mysearch.com|searchFor||||||",
"MyWebSearch|search.myway.com|searchfor||||||",
"MyWebSearch|search.myway.com|searchFor||||||",
"Najdi|.najdi.si|q|||si||",
"Nate|.nate.com|q|||kr|EUC-KR|", //check charset
"Naver|.naver.com|query|||kr||",
"Needtofind|search.need2find.com|searchfor|||||",
"Neti|.neti.ee|query|||ee|iso-8859-1|",
"Nifty Videos|videosearch.nifty.com|kw|||||",
"Nifty|.nifty.com|q|||||",
"Nifty|.nifty.com|Text|||||",
"Nifty|search.azby.fmworld.net|q|||||",
"Nifty|search.azby.fmworld.net|Text|||||",
"Nigma|nigma.ru|s|||ru||",
"Onet.pl|szukaj.onet.pl|qt|||pl||",
"OpenDir.cz|.opendir.cz|cohledas|||cz||",
"Opplysningen 1881|.1881.no|Query|||no||",
"Orange|busca.orange.es|q|||es||",
"Orange|lemoteur.ke.voila.fr|kw|||fr||",
"PagineGialle|paginegialle.it|qs|||it||",
"Picsearch|.picsearch.com|q|||||",
"Poisk.Ru|poisk.ru|text|||ru|windows-1251|",
"qip.ru|search.qip.ru|query|||ru||",
"Qualigo|www.qualigo.|q|||||",
"Rakuten|.rakuten.co.jp|qt|||jp||",
"Rambler|nova.rambler.ru|query|||ru||",
"Rambler|nova.rambler.ru|words|||ru||",
"RPMFind|rpmfind.net|query|||||",
"Road Runner|search.rr.com|q|||||",
"Sapo|pesquisa.sapo.pt|q|||pt||",
"Search.com|.search.com|q|||||",
"Search.ch|.search.ch|q|||ch||",
"Searchy|.searchy.co.uk|q|||gb||",
"Setooz|.setooz.com|query|||||",
"Seznam Videa|videa.seznam.cz|q|||cz||",
"Seznam|.seznam.cz|q|||cz||",
"Sharelook|.sharelook.fr|keyword|||fr||",
"Skynet|.skynet.be|q|||be||",
"sm.cn|.sm.cn|q|||cn||",
"sm.de|.sm.de|q|||de||",
"SmartAdressbar|.smartaddressbar.com|s|||||",
"So-net Videos|video.so-net.ne.jp|kw|||jp||",
"So-net|.so-net.ne.jp|query|||jp||",
"Sogou|.sogou.com|query|||cn|gb2312|",
"Sogou|.sogou.com|keyword|||cn|gb2312|",
"Soso|.soso.com|q|||cn|gb2312|",
"Sputnik|.sputnik.ru|q|||ru||",
"Start.no|start.no|q|||||",
"Startpagina|.startpagina.nl|q|cd|hl|nl||",
"Suche.info|suche.info|Keywords|||||",
"Suchmaschine.com|.suchmaschine.com|suchstr|||||",
"Suchnase|.suchnase.de|q|||de||",
"Supereva|supereva.it|q|||it||",
"T-Online|.t-online.de|q|||de|",
"TalkTalk|.talktalk.co.uk|query|||gb||",
"Teoma|.teoma.com|q|||||",
"Terra|buscador.terra.|query|||||",
"Tiscali|.tiscali.it|query|||it||",
"Tiscali|.tiscali.it|key|||it||",
"Tiscali|.tiscali.cz|query|||cz||",
"Tixuma|.tixuma.de|sc|||de||",
"La Toile Du Quebec|.toile.com|q|||ca||",
"Toppreise.ch|.toppreise.ch|search|||ch|ISO-8859-1|",
"TrovaRapido|.trovarapido.com|q|||||",
"Trusted-Search|.trusted-search.com|w|||||",
"URL.ORGanzier|www.url.org|q||l|||",
"Vinden|.vinden.nl|q|||nl||",
"Vindex|.vindex.nl|search_for|||nl||",
"Virgilio|mobile.virgilio.it|qrs|||it||",
"Virgilio|.virgilio.it|qs|||it||",
"Voila|.voila.fr|rdata|||fr||",
"Voila|.lemoteur.fr|rdata|||fr||",
"Volny|.volny.cz|search|||cz||",
"Walhello|.walhello.info|key|||||",
"Walhello|www.walhello.|key|||||",
"Web.de|suche.web.de|su|||de||",
"Web.de|suche.web.de|q|||de||",
"Web.nl|.web.nl|zoekwoord|||nl||",
"Weborama|.weborama.fr|QUERY|||fr||",
"WebSearch|.websearch.com|qkw|||||",
"WebSearch|.websearch.com|q|||||",
"Wedoo|.wedoo.com|keyword|||||",
"Winamp|search.winamp.com|q|||||",
"Witch|www.witch.de|search|||de||",
"Wirtualna Polska|szukaj.wp.pl|szukaj|||pl||",
"Woopie|www.woopie.jp|kw|||jp||",
"wwW.ee|search.www.ee|query|||ee||",
"X-recherche|.x-recherche.com|MOTS|||||",
"Yahoo! Directory|search.yahoo.com/search/dir|p|||||",
"Yahoo! Videos|video.search.yahoo.co.jp|p|||jp||",
"Yahoo! Images|image.search.yahoo.co.jp|p|||jp||",
"Yahoo! Images|images.search.yahoo.com|p|||||",
"Yahoo! Images|images.search.yahoo.com|va|||||",
"Yahoo! Images|images.yahoo.com|p|||||",
"Yahoo! Images|images.yahoo.com|va|||||",
"Yahoo!|search.yahoo.co.jp|p|||jp||",
"Yahoo!|search.yahoo.co.jp|vp|||jp||",
"Yahoo!|jp.hao123.com|query|||jp||",
"Yahoo!|home.kingsoft.jp|keyword|||jp||",
"Yahoo!|search.yahoo.com|p|||||",
"Yahoo!|search.yahoo.com|q|||||",
"Yahoo!|search.yahoo.|p|||||",
"Yahoo!|search.yahoo.|q|||||",
"Yahoo!|answers.yahoo.com|p|||||",
"Yahoo!|.yahoo.com|p|||||",
"Yahoo!|.yahoo.com|q|||||",
"Yam|search.yam.com|k|||||",
"Yandex Images|images.yandex.ru|text|||ru||",
"Yandex Images|images.yandex.com|text|||ru||",
"Yandex Images|images.yandex.|text|||||",
"Yandex|yandex.ru|text|||ru||",
"Yandex|yandex.com|text|||ru||",
"Yandex|.yandex.|text|||||",
"Yasni|.yasni.com|query|||||",
"Yasni|www.yasni.|query|||||",
"Yatedo|.yatedo.com|q|||||",
"Yatedo|.yatedo.fr|q|||fr||",
"Yippy|search.yippy.com|query|||||",
"YouGoo|www.yougoo.fr|q|||fr||",
"Zapmeta|.zapmeta.com|q|||||",
"Zapmeta|.zapmeta.com|query|||||",
"Zapmeta|www.zapmeta.|q|||||",
"Zapmeta|www.zapmeta.|query|||||",
"Zhongsou|p.zhongsou.com|w|||||",
"Zoohoo|zoohoo.cz|q|||cz|windows-1250|",
"Zoznam|.zoznam.sk|s|||sk||",
"Zxuso|.zxuso.com|wd|||||",
);
foreach($lines as $line_num => $serec) {
list($nome,$domain,$key,$page,$lang,$selocale,$charset)=explode("|",$serec);
//match on both domain and key..
if (strpos($domain,'http') === false) {
$se_regex='/^https?\:\/\/[a-z0-9\.\-]*'.preg_quote($domain,'/').'.*[&\?]'.$key.'\=([^&]+)/i';
} else {
$se_regex='/^'.preg_quote($domain,'/').'.*[&\?]'.$key.'\=([^&]+)/i';
}
$se = preg_match($se_regex,$referrer,$match);
if (!$se && strpos($referrer,$domain)!==false && strpos(urldecode($referrer),$key.'=')!==false) {
$se=preg_match($se_regex,urldecode($referrer),$match);
}
if ($se) { // found it!
$searchengine = $nome;
$search_phrase = "";
$svariables=array();
// Google Images or Google Translate needs additional processing of search phrase after 'prev='
if ($nome == "Google Images" || $nome == "Google Translate") {
//'prev' is an encoded substring containing actual "q" query, so use html_entity_decode to show [&?] in url substring
$svariables = wGetQueryVars(html_entity_decode(preg_replace('#/\w+\?#i','', urldecode($match[1]))));
$key='q'; //q is actual search key
} elseif ($nome == "Google Cache") {
$n = strpos($match[1],$blogurl);
if ($n !== false) {
//blogurl in search phrase: cache of own site
$search_phrase = esc_attr(urldecode(substr($match[1],$n+strlen($blogurl))));
$svariables = wGetQueryVars($referrer);
} elseif (strpos($referrer,$blogurl)!==false && preg_match('/\&prev\=([^&]+)/',$referrer,$match)!==false) {
//NOTE: 'prev=' requires html_entity_decode to show [&?] in url substring
$svariables = wGetQueryVars(html_entity_decode(preg_replace('#/\w+\?#i','', urldecode($match[1]))));
} else {
//no blogurl in search phrase: cache of an external site with referrer link
$searchengine = "";
$referrer = "";
}
} else {
$search_phrase = esc_attr(urldecode($match[1]));
$svariables = wGetQueryVars($referrer);
}
//retrieve search engine parameters
if(!empty($svariables[$key]) && empty($search_phrase)){
$search_phrase=esc_attr($svariables[$key]);
}
if(!empty($page) && !empty($svariables[$page]) && is_numeric($svariables[$page])){
$searchpage=(int)$svariables[$page];
}
if(!empty($lang) && !empty($svariables[$lang]) && strlen($svariables[$lang])>1){
$searchlang=esc_attr($svariables[$lang]);
}
//Indentify locale via Google search's parameter, 'gl'
if(strstr($nome,'Google')!==false && !empty($svariables['gl'])){
$selocale=esc_attr($svariables['gl']);
}
break 1;
} elseif (strstr($referrer,$domain)!==false) {
$searchengine = $nome;
} //end if se
} //end foreach
//search engine or key is not in list, so check for search phrase instead
if (empty($search_phrase) && !empty($referrer)) {
$pcs=array();
//Check for general search phrases
if(preg_match('#^https?://([^/]+).*[&?](q|search|searchfor|as_q|as_epq|query|keywords?|term|text|encquery)=([^&]+)#i',$referrer,$pcs) > 0){
if (empty($searchengine)) $searchengine=trim(strtolower($pcs[1]));
if ($pcs[2] =="encquery"){
$search_phrase=" *".__("encrypted search","wassup")."* ";
}else{
$search_phrase = $pcs[3];
}
//Check separately for queries that use nonstandard search variable to avoid retrieving values like "p=parameter" when "q=query" exists
}elseif(preg_match('#^https?://([^/]+).*(?:results|search|query).*[&?](aq|as|p|su|s|kw|k|qo|qp|qs|string)=([^&]+)#i',$referrer,$pcs) > 0){
if (empty($searchengine)) $searchengine = trim(strtolower($pcs[1]));
$search_phrase = $pcs[3];
}
} //end if search_phrase
//do a separate check for page number, if not found above
if (!empty($search_phrase)) {
if(empty($searchpage) && preg_match('#[&\?](start|startpage|b|cd|first|stq|p|pi|page)[=/](\d+)#i',$referrer,$pcs)>0){
$searchpage = $pcs[2];
}
}
return array('keywords'=>$search_phrase,'page'=>$searchpage,'searchengine'=>$searchengine,'language'=>$searchlang,'locale'=>$selocale);
} //end wGetSE
/**
* Extract browser and platform info from a user agent string and return the values
* @param string
* @return array (browser, os)
*/
function wGetBrowser($agent="") {
global $wassup_options,$wdebug_mode;
if(empty($agent)) $agent=$_SERVER['HTTP_USER_AGENT'];
$browsercap=array();
$browscapbrowser="";
$browser="";
$os="";
//check PHP browscap data for browser and platform
//'browscap' must be set in "php.ini", 'ini_set' doesn't work
if(ini_get("browscap")!=""){
$browsercap = get_browser($agent,true);
if(!empty($browsercap['platform'])){
if(stristr($browsercap['platform'],"unknown") === false){
$os=$browsercap['platform'];
if(!empty($browsercap['browser'])){
$browser=$browsercap['browser'];
}elseif(!empty($browsercap['parent'])){
$browser=$browsercap['parent'];
}
if(!empty($browser) && !empty($browsercap['version'])){
$browser=$browser." ".wMajorVersion($browsercap['version']);
}
}
}
//reject generic browscap browsers (ex: mozilla, default)
if(preg_match('/^(mozilla|default|unknown)/i',$browser) >0){
$browscapbrowser="$browser"; //save just in case
$browser="";
}
$os=trim($os);
$browser=trim($browser);
if($wdebug_mode){
if(headers_sent()){
echo "\nPHP Browscap data from get_browser: \c";
if(is_array($browsercap)|| is_object($browsercap)) print_r($browsercap);
else echo $browsercap;
}
}
}
//use wDetector class when browscap browser is empty/unknown
if ( $os == "" || $browser == "") {
$dip=@new wDetector("",$agent);
if(!empty($dip)){
$browser=trim($dip->browser." ".wMajorVersion($dip->browser_version));
if($dip->os!="") $os=trim($dip->os." ".$dip->os_version);
}
//use saved browscap info when Detector has no result
if(!empty($browscapbrowser) && $browser == "") $browser=$browscapbrowser;
}
return array($browser,$os);
} //end function wGetBrowser
//return a major version # from a version string argument
function wMajorVersion($versionstring) {
$version=0;
if (!empty($versionstring)) {
$n = strpos($versionstring,'.');
if ($n >0) {
$version= (int) substr($versionstring,0,$n);
}
if ($n == 0 || $version == 0) {
$p = strpos($versionstring,'.',$n+1);
if ($p) $version= substr($versionstring,0,$p);
}
}
if ($version > 0) return $version;
else return $versionstring;
}
/**
* Extract spider information from a user agent string and return an array.
* Return values: (name, type=[R|B|F|H|L|S|V], feed subscribers) where types are: R=robot, B=browser/downloader, F=feed reader, H=hacker/spoofer/injection bot, L=Link checker/sitemap generator, S=Spammer/email harvester, V=css/html Validator
* @param string(3)
* @return array
*/
function wGetSpider($agent="",$hostname="", $browser=""){
if(empty($agent) && !empty($_SERVER['HTTP_USER_AGENT'])){
$agent=$_SERVER['HTTP_USER_AGENT'];
}
$ua=rtrim($agent);
//if(empty($ua)) return false; //nothing to do
$spiderdata=false;
$crawler="";
$feed="";
$os="";
$pcs=array();
//identify obvious script injection bots
if(!empty($ua)){
//check for more variations of <script> and <a> tags embedded in user agent string @since v1.9.3.1
if(stristr($ua,'location.href')!==FALSE){
$crawlertype="H";
$crawler="Script Injection bot";
}elseif(preg_match('/(<|<?|�*60;?|%3C)a(\s|%20| |\+)href/i',$ua)>0){
$crawlertype="H";
$crawler="Script Injection bot";
}elseif(preg_match('/(<|<?|�*60;?|%3C)scr(ipt|[^0-9a-z\-_])/i',$ua)>0){
$crawlertype="H";
$crawler="Script Injection bot";
}elseif(preg_match('/select.*(\s|%20|\+|%#32;)from(\s|%20|\+|%#32;)wp_/i',$ua)>0){
$crawlertype = "H";
$crawler = "Script Injection bot";
}
}
//check for crawlers that mis-identify themselves as a browser but come from a known crawler domain - the most common of these are MSN (ie6,win2k3), and Yahoo!
if(substr($_SERVER["REMOTE_ADDR"],0,6) == "65.55." || substr($_SERVER["REMOTE_ADDR"],0,7) == "207.46." || substr($_SERVER["REMOTE_ADDR"],0,7)=="157.55."){
$crawler = "BingBot";
$crawlertype="R";
}elseif(!empty($hostname) && preg_match('/([a-z0-9\-\.]+){1,}\.(?:[a-z]+){2,4}$/',$hostname)>0){
if(substr($hostname,-14)==".yse.yahoo.net" || substr($hostname,-16)==".crawl.yahoo.net" || (substr($hostname,-10)==".yahoo.com" && substr($hostname,0,3)=="ycar")){
if(!empty($ua) && stristr($ua,"Slurp")){
$crawler = "Yahoo! Slurp";
$crawlertype="R";
}else{
$crawler = "Yahoo!";
$crawlertype="R";
}
}elseif(substr($hostname,-8) == ".msn.com" && strpos($hostname,"msnbot")!== FALSE){
$crawler = "BingBot";
$crawlertype="R";
}elseif(substr($hostname,-14) == ".googlebot.com"){
//googlebot mobile can show as browser, sometimes
if(!empty($ua) && stristr($ua,"mobile")){
$crawler="Googlebot-Mobile";
$crawlertype="R";
}else{
$crawler="Googlebot";
$crawlertype="R";
}
}elseif(substr($hostname,0,11)=="baiduspider"){
$crawler="Baiduspider";
$crawlertype="R";
}elseif(substr($hostname,-16)==".domaintools.com"){
$crawler="Whois.domaintools.com";
$crawlertype="R";
}
} //end if $hostname
$pcs=array();
$pcs2=array();
if(empty($crawler)){
// check for crawlers that identify themselves clearly in their user agent string with words like bot, spider, and crawler
if ((!empty($ua) && preg_match('#(\w+[ \-_]?(bot|crawl|google|reader|seeker|spider|feed|indexer|parser))[0-9/ -:_.;\)]#',$ua,$pcs) >0) || preg_match('#(crawl|feed|google|indexer|parser|reader|robot|seeker|spider)#',$hostname,$pcs2) >0){
if(!empty($pcs[1])) $crawler=$pcs[1];
elseif(!empty($pcs2[1])) $crawler="unknown_spider";
$crawlertype="R";
}
// check browscap data for crawler if available
if(empty($crawler) && !empty($ua) && ini_get("browscap")!=""){
$browsercap = get_browser($ua,true);
//if no platform(os), assume crawler...
if(!empty($browsercap['platform'])) {
if($browsercap['platform'] != "unknown") $os=$browsercap['platform'];
}
if(!empty($browsercap['crawler']) || !empty($browsercap['stripper']) || $os == ""){
if(!empty($browsercap['browser'])){
$crawler=$browsercap['browser'];
}elseif(!empty($browsercap['parent'])){
$crawler=$browsercap['parent'];
}
if (!empty($crawler) && !empty($browsercap['version'])){
$crawler=$crawler." ".$browsercap['version'];
}
}
//reject unknown browscap crawlers (ex: default)
if(preg_match('/^(default|unknown|robot)/i',$crawler) > 0){
$crawler="";
}
}
}
//get crawler info. from a known list of bots and feedreaders that don't list their names first in UA string.
//Note: spaces removed from UA string for this bot comparison
$crawler=trim($crawler);
if(empty($crawler) || $crawler=="unknown_spider"){
$uagent=str_replace(" ","",$ua);
$key=null;
// array format: "Spider Name|UserAgent keywords (no spaces)| Spider type (R=robot, B=Browser/downloader, F=feedreader, H=hacker, L=Link checker, M=siteMap generator, S=Spammer/email harvester, V=CSS/Html validator)
$lines=array(
"Internet Archive|archive.org_bot|R|",
"Internet Archive|.archive.org|R|",
"Baiduspider|Baiduspider/|R|",
"Baiduspider|.crawl.baidu.com|R|",
"BingBot|MSNBOT/|R|","BingBot|msnbot.|R|",
"Exabot|Exabot/|R|",
"Exabot|.exabot.com|R|",
"Googlebot|Googlebot/|R|",
"Googlebot|.googlebot.com|R|",
"Google|.google.com||",
"SurveyBot|SurveyBot/||",
"WebCrawler.link|.webcrawler.link|R|",
"Yahoo! Slurp|Yahoo!Slurp|R|",
"Yahoo!|.yse.yahoo.net|R|",
"Yahoo!|.crawl.yahoo.net|R|",
"YandexBot|YandexBot/|R|",
"AboutUsBot|AboutUsBot/|R|",
"80bot|80legs.com|R|",
"Aggrevator|Aggrevator/|F|",
"AlestiFeedBot|AlestiFeedBot||",
"Alexa|ia_archiver|R|", "AltaVista|Scooter-|R|",
"AltaVista|Scooter/|R|", "AltaVista|Scooter_|R|",
"AMZNKAssocBot|AMZNKAssocBot/|R|",
"AppleSyndication|AppleSyndication/|F|",
"Apple-PubSub|Apple-PubSub/|F|",
"Ask.com/Teoma|AskJeeves/Teoma)|R|",
"Ask Jeeves/Teoma|ask.com|R|",
"AskJeeves|AskJeeves|R|",
"BlogBot|BlogBot/|F|","Bloglines|Bloglines/|F|",
"Blogslive|Blogslive|F|",
"BlogsNowBot|BlogsNowBot|F|",
"BlogPulseLive|BlogPulseLive|F|",
"IceRocket BlogSearch|icerocket.com|F|",
"Charlotte|Charlotte/|R|",
"Xyleme|cosmos/0.|R|", "cURL|curl/|R|",
"Daumoa|Daumoa-feedfetcher|F|",
"Daumoa|DAUMOA|R|",
"Daumoa|.daum.net|R|",
"Die|die-kraehe.de|R|",
"Diggit!|Digger/|R|",
"disco/Nutch|disco/Nutch|R|",
"DotBot|DotBot/|R|",
"Emacs-w3|Emacs-w3/v||",
"ananzi|EMC||",
"EnaBot|EnaBot||",
"esculapio|esculapio/||", "Esther|esther||",
"everyfeed-spider|everyfeed-spider|F|",
"Evliya|Evliya||", "nzexplorer|explorersearch||",
"eZ publish Validator|eZpublishLinkValidator||",
"FacebookExternalHit|facebook.com/externalhit|R|",
"FastCrawler|FastCrawler|R|",
"FDSE|FDSErobot|R|",
"Feed::Find|Feed::Find||",
"FeedBurner|FeedBurner|F|",
"FeedDemon|FeedDemon/|F|",
"FeedHub FeedFetcher|FeedHub|F|",
"Feedreader|Feedreader|F|",
"Feedshow|Feedshow|F|",
"Feedster|Feedster|F|",
"FeedTools|feedtools|F|",
"Feedfetcher-Google|Feedfetcher-google|F|",
"Felix|FelixIDE/||",
"FetchRover|ESIRover||",
"fido|fido/||",
"Fish|Fish-Search-Robot||", "Fouineur|Fouineur||",
"Freecrawl|Freecrawl|R|",
"FriendFeedBot|FriendFeedBot/|F|",
"FunnelWeb|FunnelWeb-||",
"gammaSpider|gammaSpider||","gazz|gazz/||",
"GCreep|gcreep/||",
"GetRight|GetRight|R|",
"GetURL|GetURL.re||","Golem|Golem/||",
"Google Favicon|GoogleFavicon|R|",
"GreatNews|GreatNews|F|",
"Gregarius|Gregarius/|F|",
"Gromit|Gromit/||",
"gsinfobot|gsinfobot||",
"Gulliver|Gulliver/||", "Gulper|Gulper||",
"GurujiBot|GurujiBot||",
"havIndex|havIndex/||",
"heritrix|heritrix/||", "HI|AITCSRobot/||",
"HKU|HKU||", "Hometown|Hometown||",
"HostTracker|host-tracker.com/|R|",
"ht://Dig|htdig/|R|","HTMLgobble|HTMLgobble||",
"Hyper-Decontextualizer|Hyper||",
"iajaBot|iajaBot/||",
"IBM_Planetwide|IBM_Planetwide,||",
"ichiro|ichiro||",
"Popular|gestaltIconoclast/||",
"Ingrid|INGRID/||","Imagelock|Imagelock||",
"IncyWincy|IncyWincy/||",
"Informant|Informant||",
"InfoSeek|InfoSeek||",
"InfoSpiders|InfoSpiders/||",
"Inspector|inspectorwww/||",
"IntelliAgent|IAGENT/||",
"ISC Systems iRc Search|ISCSystemsiRcSearch||",
"Israeli-search|IsraeliSearch/||",
"IRLIRLbot/|IRLIRLbot||",
"Italian Blog Rankings|blogbabel|F|",
"Jakarta|Jakarta||", "Java|Java/||",
"JBot|JBot||",
"JCrawler|JCrawler/||",
"JoBo|JoBo||", "Jobot|Jobot/||",
"JoeBot|JoeBot/||",
"JumpStation|jumpstation||",
"image.kapsi.net|image.kapsi.net/|R|",
"kalooga/kalooga|kalooga/kalooga||",
"Katipo|Katipo/||",
"KDD-Explorer|KDD-Explorer/||",
"KIT-Fireball|KIT-Fireball/||",
"KindOpener|KindOpener||", "kinjabot|kinjabot||",
"KO_Yappo_Robot|yappo.com/info/robot.html||",
"Krugle|Krugle||",
"LabelGrabber|LabelGrab/||",
"Larbin|larbin_||",
"libwww-perl|libwww-perl||",
"lilina|Lilina||",
"Link|Linkidator/||","LinkWalker|LinkWalker|L|",
"LiteFinder|LiteFinder||",
"logo.gif|logo.gif||","LookSmart|grub-client||",
"Lsearch/sondeur|Lsearch/sondeur||",
"Lycos|Lycos/||",
"Magpie|Magpie/||","MagpieRSS|MagpieRSS|F|",
"Mail.RU|Mail.RU_Bot/|R|",
"marvin/infoseek|marvin/infoseek||",
"Mattie|M/3.||","MediaFox|MediaFox/||",
"Megite2.0|Megite.com||",
"NEC-MeshExplorer|NEC-MeshExplorer||",
"MindCrawler|MindCrawler||",
"Missigua Locator|MissiguaLocator||",
"MJ12bot|MJ12bot|R|","mnoGoSearch|UdmSearch||",
"MOMspider|MOMspider/||","Monster|Monster/v||",
"Moreover|Moreoverbot||","Motor|Motor/||",
"MSNBot|MSNBOT/|R|","MSN|msnbot.|R|",
"MSRBOT|MSRBOT|R|","Muninn|Muninn/||",
"Muscat|MuscatFerret/||",
"Mwd.Search|MwdSearch/||",
"MyBlogLog|Yahoo!MyBlogLogAPIClient|F|",
"Naver|NaverBot||",
"Naver|Cowbot||",
"NDSpider|NDSpider/||",
"Nederland.zoek|Nederland.zoek||",
"NetCarta|NetCarta||",
"NetMechanic|NetMechanic||",
"NetScoop|NetScoop/||",
"NetNewsWire|NetNewsWire||",
"NewsAlloy|NewsAlloy||",
"newscan-online|newscan-online/||",
"NewsGatorOnline|NewsGatorOnline||",
"Exalead NG|NG/|R|",
"NHSE|NHSEWalker/||","Nomad|Nomad-V||",
"Nutch/Nutch|Nutch/Nutch||",
"ObjectsSearch|ObjectsSearch/||",
"Occam|Occam/||",
"Openfind|Openfind||",
"OpiDig|OpiDig||",
"Orb|Orbsearch/||",
"OSSE Scanner|OSSEScanner||",
"OWPBot|OWPBot||",
"Pack|PackRat/||","ParaSite|ParaSite/||",
"Patric|Patric/||",
"PECL::HTTP|PECL::HTTP||",
"PerlCrawler|PerlCrawler/||",
"Phantom|Duppies||","PhpDig|phpdig/||",
"PiltdownMan|PiltdownMan/||",
"Pimptrain.com's|Pimptrain||",
"Pioneer|Pioneer||",
"Portal|PortalJuice.com/||","PGP|PGP-KA/||",
"PlumtreeWebAccessor|PlumtreeWebAccessor/||",
"Poppi|Poppi/||","PortalB|PortalBSpider/||",
"psbot|psbot/|R|",
"Python-urllib|Python-urllib/|R|",
"R6_CommentReade|R6_CommentReade||",
"R6_FeedFetcher|R6_FeedFetcher|F|",
"radianrss|RadianRSS||",
"Raven|Raven-v||",
"relevantNOISE|relevantnoise.com||",
"Resume|Resume||", "RoadHouse|RHCS/||",
"RixBot|RixBot||",
"Robbie|Robbie/||", "RoboCrawl|RoboCrawl||",
"RoboFox|Robofox||",
"Robozilla|Robozilla/||",
"Rojo|rojo1|F|",
"Roverbot|Roverbot||",
"RssBandit|RssBandit||",
"RSSMicro|RSSMicro.com|F|",
"Ruby|Rfeedfinder||",
"RuLeS|RuLeS/||",
"Runnk RSS aggregator|Runnk||",
"SafetyNet|SafetyNet||",
"Sage|(Sage)|F|",
"SBIder|sitesell.com|R|",
"Scooter|Scooter/||",
"ScoutJet|ScoutJet||",
"Screaming Frog SEO Spider|ScreamingFrogSEOSpider/|L|",
"SearchProcess|searchprocess/||",
"Seekbot|seekbot.net|R|",
"SimplePie|SimplePie/|F|",
"Sitemap Generator|SitemapGenerator||",
"Senrigan|Senrigan/||",
"SeznamBot|SeznamBot/|R|",
"SeznamScreenshotator|SeznamScreenshotator/|R|",
"SG-Scout|SG-Scout||", "Shai'Hulud|Shai'Hulud||",
"Simmany|SimBot/||",
"SiteTech-Rover|SiteTech-Rover||",
"shelob|shelob||",
"Sleek|Sleek||",
"Slurp|.inktomi.com/slurp.html|R|",
"Snapbot|.snap.com|R|",
"SnapPreviewBot|SnapPreviewBot|R|",
"Smart|ESISmartSpider/||",
"Snooper|Snooper/b97_01||", "Solbot|Solbot/||",
"Sphere Scout|SphereScout|R|",
"Sphere|sphere.com|R|",
"spider_monkey|mouse.house/||",
"SpiderBot|SpiderBot/||",
"Spiderline|spiderline/||",
"SpiderView(tm)|SpiderView||",
"SragentRssCrawler|SragentRssCrawler|F|",
"Site|ssearcher100||",
"StackRambler|StackRambler||",
"Strategic Board Bot|StrategicBoardBot||",
"Suke|suke/||",
"SummizeFeedReader|SummizeFeedReader|F|",
"suntek|suntek/||",
"Sygol|.sygol.com||",
"Syndic8|Syndic8|F|",
"TACH|TACH||","Tarantula|Tarantula/||",
"tarspider|tarspider||","Tcl|dlw3robot/||",
"TechBOT|TechBOT||","Technorati|Technoratibot||",
"Teemer|Teemer||","Templeton|Templeton/||",
"TitIn|TitIn/||","TITAN|TITAN/||",
"Twiceler|.cuil.com/twiceler/|R|",
"Twiceler|.cuill.com/twiceler/|R|",
"Twingly|twingly.com|R|",
"UCSD|UCSD-Crawler||", "UdmSearch|UdmSearch/||",
"UniversalFeedParser|UniversalFeedParser|F|",
"UptimeBot|uptimebot||",
"URL_Spider|URL_Spider_Pro/|R|",
"VadixBot|VadixBot||", "Valkyrie|Valkyrie/||",
"Verticrawl|Verticrawlbot||",
"Victoria|Victoria/||",
"vision-search|vision-search/||",
"void-bot|void-bot/||", "Voila|VoilaBot||",
"Voyager|.kosmix.com/html/crawler|R|",
"VWbot|VWbot_K/||",
"W3C_Validator|W3C_Validator/|V|",
"w3m|w3m/|B|", "W3M2|W3M2/||", "w3mir|w3mir/||",
"w@pSpider|w@pSpider/||",
"WallPaper|CrawlPaper/||",
"WebCatcher|WebCatcher/||",
"webCollage|webcollage/|R|",
"webCollage|collage.cgi/|R|",
"WebCopier|WebCopierv|R|",
"WebFetch|WebFetch|R|", "WebFetch|webfetch/|R|",
"WebMirror|webmirror/||",
"webLyzard|webLyzard||", "Weblog|wlm-||",
"WebReaper|webreaper.net|R|",
"WebVac|webvac/||", "webwalk|webwalk||",
"WebWalker|WebWalker/||",
"WebWatch|WebWatch||",
"WebStolperer|WOLP/||",
"WebThumb|WebThumb/|R|",
"Wells Search II|WellsSearchII||",
"Wget|Wget/||",
"whatUseek|whatUseek_winona/||",
"whiteiexpres/Nutch|whiteiexpres/Nutch||",
"wikioblogs|wikioblogs||",
"WikioFeedBot|WikioFeedBot||",
"WikioPxyFeedBo|WikioPxyFeedBo||",
"Wild|Hazel's||",
"Wired|wired-digital-newsbot/||",
"Wordpress Pingback/Trackback|Wordpress/||",
"WWWC|WWWC/||",
"XGET|XGET/||",
"Xenu Link Sleuth|XenuLinkSleuth/|L|",
"yacybot|yacybot||",
"Yahoo FeedSeeker|YahooFeedSeeker|F|",
"Yahoo MMAudVid|Yahoo-MMAudVid/|R|",
"Yahoo MMCrawler|Yahoo-MMCrawler/|R|",
"Yahoo!SearchMonkey|Yahoo!SearchMonkey|R|",
"YahooSeeker|YahooSeeker/|R|",
"Yandex|.yandex.com|R|",
"YoudaoBot|YoudaoBot|R|",
"Tailrank|spinn3r.com/robot|R|",
"Tailrank|tailrank.com/robot|R|",
"Yesup|yesup||",
"Internet|User-Agent:||",
"Robot|Robot|R|", "Spider|spider|R|");
foreach($lines as $line_num => $spider) {
list($nome,$key,$crawlertype)=explode("|",$spider);
if($key !=""){
if(strpos($uagent,$key)!==false || (strpos($hostname,$key)!==false && strlen($key)>6)){
$crawler=trim($nome);
if(!empty($crawlertype) && $crawlertype == "F") $feed=$crawler;
break 1;
}
}
}
} // end if crawler
//If crawler not on list, use first word in useragent for crawler name
if(empty($crawler)){
$pcs=array();
//Assume first word in useragent is crawler name
if(preg_match('/^(\w+)[\/ \-\:_\.;]/',$ua,$pcs) > 0){
if(strlen($pcs[1])>1 && $pcs[1]!="Mozilla"){
$crawler=$pcs[1];
}
}
//Use browser name for crawler as last resort
//if (empty($crawler) && !empty($browser)) $crawler = $browser;
}
//#do a feed check and get feed subcribers, if available
if(preg_match('/([0-9]{1,10})\s?subscriber/i',$ua,$subscriber) > 0){
// It's a feedreader with some subscribers
$feed=$subscriber[1];
if(empty($crawler) && empty($browser)){
$crawler=__("Feed Reader","wassup");
$crawlertype="F";
}
}elseif(empty($feed) && (is_feed() || preg_match("/(feed|rss)/i",$ua)>0)){
if(!empty($crawler)){
$feed=$crawler;
}elseif(empty($browser)){
$crawler=__("Feed Reader","wassup");
$feed=__("feed reader","wassup");
}
$crawlertype="F";
}
if($crawler=="Spider" || $crawler=="unknown_spider" || $crawler=="robot"){
$crawler = __("Unknown Spider","wassup");
}
$spiderdata=array($crawler,$crawlertype,trim($feed));
return $spiderdata;
} //end function wGetSpider
//#get the visitor locale/language
function wGetLocale($language="",$hostname="",$referrer="") {
global $wdebug_mode;
$clocale="";
$country="";
$langcode=trim(strtolower($language));
$llen=strlen($langcode);
//change language code to 2-digits
if($llen >2 && preg_match('/([a-z]{2})(?:-([a-z]{2}))?(?:[^a-z]|$)/i',$langcode,$pcs)>0){
if(!empty($pcs[2])) $language=strtolower($pcs[2]);
elseif(!empty($pcs[1])) $language=strtolower($pcs[1]);
}elseif($llen >2){
$langarray=explode("-",$langcode);
$langarray=explode(",",$langarray[1]);
list($language)=explode(";",$langarray[0]);
}
//use 2-digit top-level domains (TLD) for country code, if any
if (strlen($hostname)>2 && preg_match('/\.[a-z]{2}$/i', $hostname)>0){
$country=strtolower(substr($hostname,-2));
//ignore domains commonly used for media
if($country == "tv" || $country == "fm") $country="";
}
$pcs=array();
if(empty($language) || $language=="us" || $language=="en"){
//major USA-only ISP hosts always have "us" as language code
if (empty($country) && strlen($hostname)>2 && preg_match('/(\.[a-z]{2}\.comcast\.net|\.verizon\.net|\.windstream\.net)$/',$hostname,$pcs)>0) {
$country="us";
//retrieve TLD country code and language from search engine referer string
}elseif(!empty($referrer)){
$pcs=array();
//google search syntax: hl=host language
if (preg_match('/\.google\.(?:com?\.([a-z]{2})|([a-z]{2})|com)\/[a-z]+.*(?:[&\?]hl\=([a-z]{2})\-?(\w{2})?)/i',$referrer,$pcs)>0) {
if(!empty($pcs[1])){
$country=strtolower($pcs[1]);
}elseif(!empty($pcs[2])){
$country=strtolower($pcs[2]);
}elseif(!empty($pcs[3]) || !empty($pcs[4])){
if(!empty($pcs[4])) $language=strtolower($pcs[4]);
else $language=strtolower($pcs[3]);
}
}
}
}
//Make tld code consistent with locale code
if(!empty($country)){
if($country=="uk"){ //United kingdom
$country="gb";
}elseif($country=="su"){ //Soviet Union
$country="ru";
}
}
//Make language code consistent with locale code
if($language == "en"){ //"en" default is US
if(empty($country)) $language="us";
else $language=$country;
}elseif($language == "uk"){ //change UK to UA (Ukranian)
$language="ua";
}elseif($language == "ja"){ //change JA to JP
$language="jp";
}elseif($language == "ko"){ //change KO to KR
$language="kr";
}elseif($language == "da"){ //change DA to DK
$language="dk";
}elseif($language == "ur"){ //Urdu = India or Pakistan
if($country=="pk") $language=$country;
else $language="in";
}elseif($language == "he" || $language == "iw"){
if(empty($country)) $language="il"; //change Hebrew (iso) to IL
else $language=$country;
}
//Replace language with locale for widely spoken languages
if(!empty($country)){
if(empty($language) || $language=="us" || preg_match('/^([a-z]{2})$/',$language)==0){
$language=$country;
}elseif($language=="es"){
//for Central/South American locales
$language=$country;
}
}
if(!empty($language) && preg_match('/^[a-z]{2}$/',$language)>0){
$clocale=$language;
}
return $clocale;
} //end function wGetLocale
/**
* Check referrer string and referrer host (or hostname) for spam
* -checks referrer string for known spammer content (faked referrer).
* -checks referer host against know list of spammers
* @param string $referrer, string $hostname
* @return boolean
*/
function wGetSpamRef($referrer,$hostname="") {
global $wdebug_mode;
$ref=esc_attr(strip_tags(str_replace(" ","",html_entity_decode($referrer))));
$badhost=false;
$referrer_host = "";
$referrer_path = "";
if(empty($referrer) && !empty($hostname)){
$referrer_host=$hostname;
$hostname="";
}elseif(!empty($referrer)){
$rurl=parse_url(strtolower($ref));
if(isset($rurl['host'])){
$referrer_host=$rurl['host'];
$thissite=parse_url(get_option('home'));
$thisdomain=wassupURI::get_urldomain();
//exclude current site as referrer
if(isset($thissite['host']) && $referrer_host == $thissite['host']){
$referrer_host="";
//Since v1.8.3: check the path|query part of url for spammers
}else{
//rss.xml|sitemap.txt in referrer is faked
if(preg_match('#.+/(rss\.xml|sitemap\.txt)$#',$ref)>0) $badhost=true;
//membership|user id in referrer is faked
elseif(preg_match('#.+[^a-z0-9]((?:show)?user|u)\=\d+$#',$ref)>0) $badhost=true;
//youtu.be video in referrer is faked
elseif(preg_match('#(\.|/)youtu.be/[0-9a-z]+#i',$ref)>0) $badhost=true;
//some facebook links in referrer are faked
elseif(preg_match('#(\.|/)facebook\.com\/ASeaOfSins$#',$ref)>0) $badhost=true;
//domain lookup in referrer is faked
elseif(preg_match('#/[0-9a-z_\-]+(?:\.php|/)(\?[a-z]+\=(?:http://)?(?:[0-9a-z_\-\.]+)?)'.preg_quote($thisdomain).'(?:[^0-9a-z_\-.]|$)#i',$ref)>0) $badhost=true;
}
} else { //faked referrer string
$badhost=true;
}
if(!$badhost){
//shortened URL is likely FAKED referrer string!
if(!empty($referrer_host) && wassup_urlshortener_lookup($referrer_host)) $badhost=true;
//a referrer with domain in all caps is likely spam
elseif(preg_match('#https?\://[0-9A-Z\-\._]+\.([A-Z]{2,4})$#',$ref)>0) $badhost=true;
}
} //end elseif
//#Assume any referrer name similar to "viagra/zanax/.." is spam and mark as such...
if (!$badhost && !empty($referrer_host)) {
$lines = array("ambien","ativan","blackjack","bukakke",
"casino","cialis","ciallis", "celebrex","cumdripping",
"cumeating","cumfilled","cumpussy","cumsucking",
"cumswapping","diazepam","diflucan","drippingcum",
"eatingcum","enhancement","finasteride","fioricet",
"gabapentin","gangbang","highprofitclub","hydrocodone",
"krankenversicherung","lamisil","latinonakedgirl",
"levitra", "libido", "lipitor","lortab","melatonin",
"meridia","NetCaptor","orgy-","phentemine",
"phentermine","propecia","proscar","pussycum",
"sildenafil","snowballing","suckingcum","swappingcum",
"swingers","tadalafil","tigerspice","tramadol",
"ultram-","valium","valtrex","viagra","viagara",
"vicodin","xanax","xenical","xxx-","zoloft","zovirax",
"zanax"
);
foreach ($lines as $badreferrer) {
if (strstr($referrer_host,$badreferrer)!== FALSE){
$badhost=true;
break 1;
}elseif(preg_match('#([^a-z]|^)(free|orgy|penis|porn)([^a-z])#',$referrer)>0){
$badhost=true;
break 1;
}
}
}
//check against lists of known bad hosts (spammers)
if(!$badhost){
if($hostname != $referrer_host){
$badhost = wassup_badhost_lookup($referrer_host,$hostname);
}elseif(!empty($hostname)){
$badhost = wassup_badhost_lookup($hostname);
}
}
return $badhost;
} //end wGetSpamRef
/**
* Compare a hostname (and referrer host) arguments against a list of known spammers.
* @param string(2)
* @return boolean
* @since v1.9
*/
function wassup_badhost_lookup($referrer_host,$hostname="") {
global $wdebug_mode;
if ($wdebug_mode) echo "\$referrer_host = $referrer_host.\n";
$badhost=false;
//1st compare against a list of recent referer spammers
$lines = array( '209\.29\.25\.180',
'78\.185\.148\.185',
'93\.90\.243\.63',
'1\-free\-share\-buttons\.com',
'amazon\-seo\-service\.com',
'amsterjob\.com',
'anonymizeme\.pro',
'burger\-imperia\.com',
'buttons\-for\-website\.com',
'canadapharm\.atwebpages\.com',
'candy\.com',
'celebritydietdoctor\.com',
'celebrity\-?diets\.(com|org|net|info|biz)',
'chairrailmoldingideas\.com',
'[a-z0-9]+\.cheapchocolatesale\.com',
'cheapguccinow\.com',
'chocolate\.com',
'competmy24site\.com',
'couplesresortsonline\.com',
'creditcardsinformation\.info',
'.*\.css\-build\.info',
'.*dietplan\.com',
'Digifire\.net',
'disimplantlari\.(net|org)',
'disimplantlari\.gen\.tr',
'disteli\.org',
'disteli\.gen\.tr',
'diszirkonyum\.(net|org)',
'diszirkonyum\.gen\.tr',
'dogcareinsurancetips\.sosblog\.com',
'dollhouserugs\.com',
'dreamworksdentalcenter\.com',
'e\-gibis\.co\.kr',
'ebellybuttonrings\.blogspot\.com',
'epuppytrain\.blogspot\.com',
'estetik\.net\.tr',
'exactinsurance\.info',
'find1friend\.com',
'footballleagueworld\.co\.uk',
'freefarmvillesecrets\.info',
'frenchforbeginnerssite\.com',
'gameskillinggames\.net',
'gardenactivities\.webnode\.com',
'globalringtones\.net',
'gofirstrow\.eu',
'gossipchips\.com',
'gskstudio\.com',
'hearcam\.org',
'hearthealth\-hpe\.org',
'highheelsale\.com',
'homebasedaffiliatemarketingbusiness\.com',
'hosting37\d{2}\.com/',
'howgrowtall\.(com|info)',
'hundejo\.com',
'hvd\-store\.com',
'insurancebinder\.info',
'internetserviceteam\.com',
'intl\-alliance\.com',
'it\.n\-able\.com',
'justanimal\.com',
'justbazaar\.com',
'knowledgehubdata\.com',
'koreanracinggirls\.com',
'lacomunidad\.elpais\.com',
'lactoseintolerancesymptoms\.net',
'laminedis\.gen\.tr',
'leadingleaders\.net',
'lhzyy\.net',
'lifehacklane\.com',
'linkwheelseo\.net',
'liquiddiet[a-z\-]*\.com',
'locksmith[a-z\-]+\.org',
'lockyourpicz\.com',
'materterapia\.net',
'menshealtharts\.com',
'ip87\-97\.mwtv\.lv',
'mydirtyhobbycom\.de',
'myhealthcare\.com',
'myoweutthdf\.edu',
'odcadide\.iinaa\.net',
'onlinemarketpromo\.com',
'outletqueens\.com',
'pacificstore\.com',
'peter\-sun\-scams\.com',
'pharmondo\.com',
'pinky\-vs\-cherokee\.com',
'pinkyxxx\.org',
'[a-z]+\.pixnet\.net',
'pizza\-imperia\.com',
'pizza\-tycoon\.com',
'play\-mp3\.com',
'21[89]\-124\-182\-64\.cust\.propagation\.net',
'propertyjogja\.com',
'prosperent\-adsense\-alternative\.blogspot\.com',
'qweojidxz\.com',
'ragedownloads\.info',
'rankings\-analytics\.com',
'[a-z\-]*ringtone\.net',
'rufights\.com',
'scripted\.com',
'seoindiawizard\.com',
'share\-buttons\-for\-free\.com',
'singlesvacationspackages\.com',
'sitetalk\-revolution\.com',
'smartforexsignal\.com',
'springhouseboston\.org',
'stableincomeplan\.blogspot\.com',
'staphinfectionpictures\.org',
'static\.theplanet\.com',
'[a-z]+\-[a-z]+\-symptoms\.com',
'thebestweddingparty\.com',
'thik\-chik\.com',
'thisweekendsmovies\.com',
'top10\-way\.com',
'uggbootsnewest\.net',
'uggsmencheap\.com',
'uggsnewest\.com',
'unassigned\.psychz\.net',
'ultrabait\.biz',
'usedcellphonesforsales\.info',
'vietnamvisa\.co',
'[a-z\-\.]+vigra\-buy\.info',
'vitamin\-d\-deficiency\-symptoms\.com',
'vpn\-privacy\.org',
'w3data\.co',
'watchstock\.com',
'web\-promotion\-services\.net',
'wh\-tech\.com',
'wholesalelivelobster\.com',
'wineaccessories\-winegifts\.com',
'wizzed\.com',
'wordpressseo\-plugin\.info',
'writeagoodcoverletter\.com',
'writeagoodresume\.net',
'yeastinfectionsymptomstreatments\.com'
);
foreach($lines as $spammer) {
if(!empty($spammer)){
if(preg_match('#^'.$spammer.'$#',$referrer_host)>0){
// found it!
$badhost=true;
break 1;
}elseif(!empty($hostname) && preg_match('#(^|\.)'.$spammer.'$#i',$hostname)>0){
$badhost=true;
break 1;
}
}
}
//2nd check against a customized list of spammers in a file...removed in v1.9.1 because spammer lists are obsolete
return $badhost;
} //end wassup_badhost_lookup()
/**
* Returns true when hostname is from a known url shortener domain
* @since v1.9
* @param string
* @return boolean
*/
function wassup_urlshortener_lookup($urlhost){
$is_shortenedurl=false;
if(!empty($urlhost)){
if(strpos($urlhost,'/')!==false){
$hurl=parse_url($urlhost);
if(!empty($hurl['host'])) $urlhost=$hurl['host'];
else $urlhost="";
}
}
if(!empty($urlhost)){
//some urls from http://longurl.org/services and https://code.google.com/p/shortenurl/wiki/URLShorteningServices (up to "m")
$url_shorteners=array(
'0rz.tw','1url.com',
'2.gp','2big.at','2.ly','2tu.us',
'4ms.me','4sq.com','4url.cc',
'6url.com','7.ly',
'a.gg','adf.ly','adjix.com','alturl.com','amzn.to',
'b23.ru','bcool.bz','binged.it','bit.do','bit.ly','budurl.com',
'canurl.com','chilp.it','chzb.gr','cl.ly','clck.ru','cli.gs','coge.la','conta.cc','cort.as','cot.ag','crks.me','ctvr.us','cutt.us',
'dlvr.it','durl.me','doiop.com',
'fon.gs',
'gaw.sh','gkurl.us','goo.gl',
'hj.to','hurl.me','hurl.ws',
'ikr.me','is.gd',
'j.mp','jdem.cz','jijr.com',
'kore.us','krz.ch',
'l.pr','lin.io','linkee.com','ln-s.ru','lnk.by','lnk.gd','lnk.ly','lnk.ms','lnk.nu','lnkd.in','ly.my',
'migre.me','minilink.org','minu.me','minurl.fr','moourl.com','mysp.in','myurl.in',
'ow.ly',
'shorte.st','shorturl.com','shrt.st','shw.me','snurl.com','sot.ag','su.pr','sur.ly',
't.co','tinyurl.com','tr.im',
);
if(in_array($urlhost,$url_shorteners)){
$is_shortenedurl=true;
}elseif(preg_match('/(^|[^0-9a-z\-_])(tk|to)\.$/',$urlhost)>0){
$is_shortenedurl=true;
}
}
return $is_shortenedurl;
} //end wassup_urlshortener_lookup
/**
* return a validated ip address from http header
* @since v1.9
* @param string
* @return string
*/
function wassup_get_clientAddr($ipAddress=""){
return wassupIP::get_clientAddr($ipAddress);
} //end wassup_get_clientAddr
// lookup the hostname from an ip address via cache or via gethostbyaddr command @since v1.9
function wassup_get_hostname($IP=""){
return wassupIP::get_hostname($IP);
} //end wassup_get_hostname
// Return a single ip (the client IP) from a comma-separated IP address with no ip validation. @since v1.9
function wassup_clientIP($ipAddress){
if(!empty($ipAddress)) return wassupIP::clientIP($ipAddress);
return false;
}
//return 1st valid IP address in a comma-separated list of IP addresses -Helene D. 2009-03-01
function wValidIP($multiIP) {
if(!empty($multiIP)) return wassupIP::validIP($multiIP);
return false;
} //end function wValidIP
/**
* Add Wassup meta tag and javascripts to html document head
* -add javascript function to retrieve screen resolution
*/
function wassup_head() {
global $wassup_options, $wscreen_res;
//Since v.1.8: removed meta tag to reduce plugin bloat
//print '<meta name="wassup-version" content="'.WASSUPVERSION.'" />'."\n";
//add screen resolution javascript to blog header
$sessionhash=$wassup_options->whash;
if($wscreen_res == "" && isset($_COOKIE['wassup_screen_res'.$sessionhash])){
$wscreen_res=esc_attr(trim($_COOKIE['wassup_screen_res'.$sessionhash]));
if($wscreen_res == "x") $wscreen_res="";
}
if(empty($wscreen_res) && isset($_SERVER['HTTP_UA_PIXELS'])){
//resolution in IE/IEMobile header sometimes
$wscreen_res=str_replace('X',' x ',$_SERVER['HTTP_UA_PIXELS']);
}
//get visitor's screen resolution with javascript and a cookie
if(empty($wscreen_res) && !isset($_COOKIE['wassup_screen_res'.$sessionhash])){
echo "\n";?>
<script type="text/javascript">
//<![CDATA[
function wassup_get_screenres(){
var screen_res = screen.width + " x " + screen.height;
if(screen_res==" x ") screen_res=window.screen.width+" x "+window.screen.height;
if(screen_res==" x ") screen_res=screen.availWidth+" x "+screen.availHeight;
if (screen_res!=" x "){document.cookie = "wassup_screen_res<?php echo $sessionhash;?>=" + encodeURIComponent(screen_res)+ "; path=/; domain=" + document.domain;}
}
wassup_get_screenres();
//]]>
</script><?php
}
} //end function wassup_head
/**
* Output Wassup tag and javascripts in html document footer.
* -call screen resolution javascript function for IE users
* -put a timestamp in page footer as page caching test
* -output any stored debug data
*/
function wassup_foot() {
global $wassup_options, $wscreen_res, $wdebug_mode;
//'screen_res' javascript function called in footer because Microsoft browsers (IE/Edge) do not report screen height or width until after document body starts rendering. @since v1.8.2
$sessionhash=$wassup_options->whash;
if(empty($wscreen_res) && !isset($_COOKIE['wassup_screen_res'.$sessionhash])){
$ua=(!empty($_SERVER['HTTP_USER_AGENT'])?$_SERVER['HTTP_USER_AGENT']:"");
if(strpos($ua,'MSIE')>0 || strpos($ua,'rv:11')>0 || strpos($ua,'Edge/')>0 || stristr($_SERVER['REQUEST_URI'],'login.php')!==false){
echo "\n";?>
<script type="text/javascript">wassup_get_screenres();</script>
<?php
} //end if MSIE
} //end if 'wscreen_res'
//Output a comment with a current timestamp to verify that page is not cached (i.e. visit is being recorded).
echo "\n<!-- <p class=\"small\"> WassUp ".WASSUPVERSION." ".__("timestamp","wassup").": ".date('Y-m-d h:i:sA T')." (".gmdate('h:iA',time()+(get_option('gmt_offset')*3600)).")<br />\n";
echo __("If above timestamp is not current time, this page is cached","wassup").".</p> -->\n";
//output any debug_output stored in wassup_meta @since v1.9.1
if($wdebug_mode){
$wassup_key=wassup_clientIP($_SERVER['REMOTE_ADDR']);
$debug_output=wassupDb::get_wassupmeta($wassup_key,'_debug_output');
if(!empty($debug_output) && is_string($debug_output)){
echo $debug_output;
}
}
} //end wassup_foot
//-------------------------------------------------
//### Utility functions
/**
* Schedule wassup cleanup tasks in wp-cron.
* - called at plugin install/reactivation, settings reset-to-default, and when recording setting is changed to wassup_active=1
* @since v1.9.1
*/
function wassup_cron_startup(){
global $wp_version,$wassup_options;
if(version_compare($wp_version,'3.0','>=')){
if(!has_action('wassup_scheduled_cleanup')){
add_action('wassup_scheduled_cleanup','wassup_temp_cleanup');
}
wp_schedule_event(time()+1800,'hourly','wassup_scheduled_cleanup');
//do regular purge of old records
if(!empty($wassup_options->delete_auto) && $wassup_options->delete_auto!="never"){
if(!has_action('wassup_scheduled_purge')){
add_action('wassup_scheduled_purge','wassup_auto_cleanup');
}
//do purge at 2am
$starttime=strtotime("tomorrow 2:00am");
wp_schedule_event($starttime,'daily','wassup_scheduled_purge');
}
}
}
/**
* Delete all scheduled tasks from wp-cron.
* - called at plugin deactivation, settings reset-to-default, and when recording setting is changed to wassup_active=0
* @since v1.9.1
*/
function wassup_cron_terminate(){
global $wp_version;
//delete scheduled tasks from wp-cron
remove_action('wassup_scheduled_cleanup','wassup_temp_cleanup');
remove_action('wassup_scheduled_purge','wassup_auto_cleanup');
remove_action('wassup_scheduled_dbtasks',array('wassupDb','scheduled_dbtask'));
if(version_compare($wp_version,'3.0','>=')){
$wassup_network_settings=get_site_option('wassup_network_settings');
wp_clear_scheduled_hook('wassup_scheduled_cleanup');
wp_clear_scheduled_hook('wassup_scheduled_purge');
wp_clear_scheduled_hook('wassup_scheduled_dbtasks');
if(!is_multisite() || is_main_site() || empty($wassup_network_settings['wassup_table'])){
remove_action('wassup_scheduled_optimize',array('wassupDb','scheduled_dbtask'));
wp_clear_scheduled_hook('wassup_scheduled_optimize');
}
}
}
/** For cleanup of temp records via wp-cron. @since v1.9 */
function wassup_temp_cleanup($dbtasks=array()){
global $wassup_options;
if(!defined('WASSUPURL')){
if(!wassup_init()) return; //nothing to do
}
if(!empty($wassup_options) && $wassup_options->is_recording_active()){
//do scheduled cleanup
if(empty($dbtasks)){
wassupDb::temp_cleanup();
}else{
//do non-scheduled cleanup
wassupDb::scheduled_dbtask(array('dbtasks'=>$dbtasks));
}
}
}
/** For automatic delete of old records via wp-cron. @since v1.9 */
function wassup_auto_cleanup(){
global $wassup_options;
if(!defined('WASSUPURL')){
if(!wassup_init()) return; //nothing to do
}
//check that user can do auto delete
if(!empty($wassup_options) && $wassup_options->is_recording_active()){
if(!empty($wassup_options->delete_auto) && $wassup_options->delete_auto!="never"){
//check last auto delete timestamp to ensure purge occurs only once a day
$wassup_table=$wassup_options->wassup_table;
$now=time();
$delete_auto_time=wassupDb::get_wassupmeta($wassup_table,'_delete_auto');
if(empty($auto_delete_time) || $auto_delete_time < $now - 24*3600){
wassupDb::auto_cleanup();
}
}
}
}
/**
* Detect signs of script injection and hack attempts in http_headers: request_uri, http_referer
* @author Helene D. <http://helenesit.com>
* @since version 1.8, updated for HTTP_REFERER and parameter in v1.9
* @param string
* @return boolean
*/
function wIsAttack($http_target="") {
global $wdebug_mode;
$is_attack=false;
$targets=array();
if(!empty($http_target)){
if(is_array($http_target)) $targets=$http_target;
else $targets[]=$http_target;
}else{
$targets[]=$_SERVER['REQUEST_URI'];
if(!empty($_SERVER['HTTP_REFERER'])) $targets[]=$_SERVER['HTTP_REFERER'];
}
if(!empty($targets)){
foreach ($targets AS $target) {
//skip home page requests
if($target=="/" || $target=="/index.php" || $target=="/home.php" || $target=="/index.htm" || $target=="/home.htm" || $target=="/index.html" || $target=="/home.html"){
continue;
}
//do malware tests
if(preg_match('#["<>`^]|[^/]~|\.\*|\*\.#',str_replace(array('<','<','%3C','&rt;','>','%3E','"','%5E'),array("<","<","<",">",">",">","\"",'^'),$target))>0 || (preg_match('/[\\\\\']/',str_replace('%5C','\\',$target))>0 && preg_match('/((?:[pqs]|key|query|search|text|word)\=[^\\\\\'&=]+)([\\\\\']*\'[^\'&]*)&/i',str_replace('%5C','\\',$target))==0)){
$is_attack=true;break;
}elseif(preg_match('#(?:\.+[\\\\/]){3,}|[<>&\\\\\|:\?!]{2,}|[+\s]{5,}#',str_replace(array('%20','%21','%24','%26','%2E','%2F','%3C','%3D','%3F','%5C'),array(' ','!','$','&','+','.','/','<','>','?','\\'),$target))>0){
$is_attack=true;break;
}elseif(preg_match('/(?:^|[^a-z_\-])(select|update|delete|alter|drop|union|create)[ %&].*(?:from)?.*wp_\w+/i',str_replace(array('\\','\','"','%22','"','"',''','\'','`','`'),'',$target))>0){
$is_attack=true;break;
}elseif(preg_match('#([\<\;C](script|\?|\?php)[^a-z0-9])|(\.{1,2}/){3,}|\=\.\./#i',$target)>0 || preg_match('/[^a-z0-9_\/\-](function|script|window|cookie)[^a-z0-9_\- ]/i',$target)>0 || preg_match('/[^0-9A-Za-z]+(GET|POST)[^0-9A-Za-z]/',str_replace(array('%20','%2B'),array(' ','+'),$target))>0){
$is_attack=true;break;
}elseif(preg_match('/[^a-z_\-](dir|href|location|path|document_root.?|rootfolder)(\s|%20)?\=/i',$target)>0){
$is_attack=true;break;
}elseif(preg_match('/\.(bat|bin|cfm|cmd|exe|ini|msi||[cr]?sh)([^a-z0-9]+|$)/i',$target)>0 || (preg_match('/\.dll(^a-z0-9_\-]+|$)/',$target)>0 && strpos($target,'.att.net/')===false) || preg_match('/[^0-9a-z_]setup\.[a-z]{2,4}([^0-9a-z]+|$)/',$target)>0){
$is_attack=true;break;
}elseif(preg_match('#[\\\\/](dev|drivers?|etc|program\sfiles|root|system(?:32)?|windows)[/\\\\%&]#i',str_replace('%20',' ',$target))>0 || preg_match('#(c|file)\:[\\\\/]+.*install#i',$target)>0){
$is_attack=true;break;
}elseif(preg_match('/[^a-z0-9$%][$`%]?([a-km-rt-z_][a-z0-9_\-]+)[`%]?\s?\=\s?\-[190x]+/i',str_replace(array('&36;','%24','%20','`','%60','%3D','=','%2D','-'),array('$','$',' ','`','`','=','=','-','-'),$target))>0){
$is_attack=true;break;
}elseif(preg_match('/[^a-z0-9_](admin|administrator|superuser|root|uid|username|user_?id)\=[-&%]/i',$target)>0 || preg_match('/(admin|administrator|id|root|user)\=(-1|0[x&]|0$)/',$target)>0){
$is_attack=true;break;
}elseif(preg_match('/[^0-9a-z_][\$\[`]+/',$target)>0 || (preg_match('/[{}]/',$target)>0 && strpos($target,'.asp')===false) || preg_match('/(�?37;|&#0?37;|�?38;#0?37;|%)(?:[01][0-9A-F]|7F)/',$target)>0){
$is_attack=true;break;
}
} //end foreach
} //end if targets
return $is_attack;
} //end wIsAttack
//-------------------------------------------------
//### Website content functions
// START initializing Widget
function wassup_widget_init(){
global $wdebug_mode;
if(!defined('WASSUPURL')){
if(!wassup_init()) return; //nothing to do
}
$wassup_widget_classes=array(
'wassup_onlineWidget',
'wassup_topstatsWidget',
);
//turn off PHP7 deprecated warnings @since v1.9.4.4
if(!$wdebug_mode){
$errmode_reset=error_reporting();
$errdisplay_reset=ini_get('display_errors');
@wassup_disable_errors();
}
if(!class_exists('wassup_onlineWidget')) include_once(WASSUPDIR.'/widgets/widgets.php');
foreach($wassup_widget_classes as $wwidget){
if(!empty($wwidget) && class_exists($wwidget)){
if(function_exists('register_widget')) register_widget($wwidget);
elseif(function_exists('wassup_compat_register_widget')) wassup_compat_register_widget($wwidget); //compatibility function
}
}
if(!$wdebug_mode && isset($errmode_reset)){
error_reporting($errmode_reset);
@ini_set('display_errors',$errdisplay_reset);
}
}
/**
* TEMPLATE TAG: wassup_sidebar
* Displays Wassup Current Visitors Online widget directly from "sidebar.php" template or from a page template
* Usage: wassup_sidebar('1:before_widget_tag','2:after_widget_tag','3:before_title_tag','4:after_title_tag','5:title','6:list css-class','7:max-width in chars','8:top_searches_limit, 9:top_referrers_limit, 10:top_browsers_limit, 11:top_os_limit)
*/
function wassup_sidebar($before_widget='',$after_widget='',$before_title='',$after_title='',$wtitle='',$wulclass='',$wchars=0,$wsearchlimit=0,$wreflimit=0,$wtopbrlimit=0,$wtoposlimit=0){
global $wpdb,$wassup_options,$wdebug_mode;
if(!defined('WASSUPURL')){
if(!wassup_init()) return; //nothing to do
}
if(!function_exists('wassup_widget_get_cache')){
include_once(WASSUPDIR.'/widgets/widget_functions.php');
}
if(empty($before_widget) || empty($after_widget) || strpos($before_widget,'>')===false || strpos($after_widget,'</')===false){
$before_widget='<div id="wassup_sidebar" class="widget wassup-widget">';
$after_widget='</div>';
}
if(empty($before_title) || empty($after_title) || strpos($before_title,'>')===false || strpos($after_title,'</')===false){
$before_title='<h2 class="widget-title wassup-widget-title">';
$after_title='</h2>';
}
if($wtitle!="") $title=$wtitle;
else $title=__("Visitors Online","wassup");
if($wulclass!="" && preg_match('/([^a-z0-9\-_]+)/',$wulclass)>0) $wulclass=""; //no special chars allowed
if($wulclass!="") $ulclass=' class="'.$wulclass.'"';
else $ulclass="";
$chars=(int)$wchars;
$cache_key="_online";
//check for cached 'wassup_sidebar' html
$widget_html=wassup_widget_get_cache('wassup_sidebar',$cache_key);
if(empty($widget_html)){
//show widget stats only when WassUp is active
if(empty($wassup_options) || !$wassup_options->is_recording_active()){
return; //nothing to do
}
//base widget info
$widget_html="\n".$before_widget;
if(!empty($title)) $widget_html.='
'.$before_title.esc_attr($title).$after_title;
$widget_html .='
<p class="small">'.__("No Data","wassup").'</p>'.wassup_widget_foot_meta().$after_widget;
//calculate widget users online and top stats data
$online_html="";
$top_html="";
$instance=array(
'title'=>"",
'ulclass'=>$wulclass,
'chars'=>$chars,
'online_total'=>1,
'online_loggedin'=>1,
'online_comauth'=>1,
'online_anonymous'=>1,
'online_other'=>1,
'top_searches'=>(int)$wsearchlimit,
'top_referrers'=>(int)$wreflimit,
'top_browsers'=>(int)$wtopbrlimit,
'top_os'=>(int)$wtoposlimit,
);
//get online counts
$html=wassup_widget_get_online_counts($instance);
if(!empty($html)){
$online_html= "\n".$before_widget;
if(!empty($title)) $online_html.='
'.$before_title.esc_attr($title).$after_title;
$online_html .='
<ul'.$ulclass.'>
'.$html.'
</ul>'.wassup_widget_foot_meta().$after_widget;
}
//get top stats
if($instance['top_searches']>0 || $instance['top_referrers']>0 || $instance['top_browsers']>0 || $instance['top_os']>0){
$to_date=current_time('timestamp');
$from_date=$to_date-24*60*60;
$i=0;
foreach(array('searches','referrers','browsers','os') AS $item){
$html="";
$limit=$instance['top_'.$item];
if($limit >0) $html=wassup_widget_get_topstat($item,$limit,$chars,$from_date);
if(!empty($html)){
$title=$before_title.wassup_widget_stat_gettext($item).$after_title;
if($i>0) $top_html .="\n".$after_widget;
$top_html .="\n".$before_widget;
$top_html .='
'.$title.'
<ul'.$ulclass.'>'.$html.'
</ul>';
$i++;
}
} //end foreach
//append footer meta to end of widget
if(!empty($top_html)) $top_html .=wassup_widget_foot_meta().$after_widget;
} //end if top_searches>0
//cache the new sidebar widget data
if(!empty($top_html) || !empty($online_html)){
$widget_html=$top_html.$online_html;
$refresh=1;
$cacheid=wassup_widget_save_cache($widget_html,'wassup_sidebar',$cache_key,$refresh);
}
} //end if widget_html
echo "\n".'<div class="wassup_sidebar">'."\n";
echo wassup_widget_css(true); //true==embed widget style
echo $widget_html;
echo "\n".'</div>';
} //end wassup_sidebar
//-------------------------------------------------
//## Add essential hooks after functions have been defined
//uninstall hook for complete plugin removal from WordPress
register_activation_hook($wassupfile,'wassup_install');
if(function_exists('register_uninstall_hook')){
register_uninstall_hook($wassupfile,'wassup_uninstall');
}
unset($wassupfile); //to free memory
wassup_start(); //start WassUp
?>