'; } // deploy some anti-spam measures $antispam_text = ''; if ( 'true' !== strtolower( $args['noantispam'] ) ) { $antispam_text = ''; } // get remote IP address $remote_ip = $this->get_remote_ip(); // form name if ( 'true' === $args['widget'] ) { $form_name = 's2formwidget'; } else { $form_name = 's2form'; } // build default form if ( 'true' === strtolower( $args['nojs'] ) ) { $this->form = '
'; } else { $this->form = '' . "\r\n"; } $this->s2form = apply_filters( 's2_form', $this->form, $args ); if ( isset( $_POST['subscribe'] ) || isset( $_POST['unsubscribe'] ) ) { // anti spam sign up measure if ( ( isset( $_POST['firstname'] ) && '' !== $_POST['firstname'] ) || ( isset( $_POST['lastname'] ) && '' !== $_POST['lastname'] ) || ( isset( $_POST['uri'] ) && 'http://' !== $_POST['uri'] ) ) { // looks like some invisible-to-user fields were changed; falsely report success return $this->confirmation_sent; } $validation = apply_filters( 's2_form_submission', true ); if ( true !== $validation ) { return apply_filters( 's2_form_failed_validation', $this->s2form ); } global $wpdb; $this->email = $this->sanitize_email( $_POST['email'] ); if ( false === $this->validate_email( $this->email ) ) { $this->s2form = $this->s2form . $this->not_an_email; } elseif ( $this->is_barred( $this->email ) ) { $this->s2form = $this->s2form . $this->barred_domain; } else { $this->ip = $_POST['ip']; if ( is_int( $this->lockout ) && $this->lockout > 0 ) { $date = gmdate( 'H:i:s.u', $this->lockout ); $ips = $wpdb->get_col( $wpdb->prepare( "SELECT ip FROM $wpdb->subscribe2 WHERE date = CURDATE() AND time > SUBTIME(CURTIME(), %s)", $date ) ); if ( in_array( $this->ip, $ips, true ) ) { return __( 'Slow down, you move too fast.', 'subscribe2' ); } } // does the supplied email belong to a registered user? $check = $wpdb->get_var( $wpdb->prepare( "SELECT user_email FROM $wpdb->users WHERE user_email = %s", $this->email ) ); if ( null !== $check ) { // this is a registered email $this->s2form = $this->please_log_in; } else { // this is not a registered email // what should we do? if ( isset( $_POST['subscribe'] ) ) { // someone is trying to subscribe // lets see if they've tried to subscribe previously if ( '1' !== $this->is_public( $this->email ) ) { // the user is unknown or inactive $this->add( $this->email ); $status = $this->send_confirm( 'add' ); // set a variable to denote that we've already run, and shouldn't run again $this->filtered = 1; if ( $status ) { $this->s2form = $this->confirmation_sent; } else { $this->s2form = $this->error; } } else { // they're already subscribed $this->s2form = $this->already_subscribed; } $this->action = 'subscribe'; } elseif ( isset( $_POST['unsubscribe'] ) ) { // is this email a subscriber? if ( false === $this->is_public( $this->email ) ) { $this->s2form = $this->s2form . $this->not_subscribed; } else { $status = $this->send_confirm( 'del' ); // set a variable to denote that we've already run, and shouldn't run again $this->filtered = 1; if ( $status ) { $this->s2form = $this->confirmation_sent; } else { $this->s2form = $this->error; } } $this->action = 'unsubscribe'; } } } } return $this->s2form; } /** * Collect and return the IP address of the remote client machine */ public function get_remote_ip() { $remote_ip = false; // In order of preference, with the best ones for this purpose first $address_headers = array( 'HTTP_CLIENT_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED', 'REMOTE_ADDR', ); foreach ( $address_headers as $header ) { if ( array_key_exists( $header, $_SERVER ) ) { // HTTP_X_FORWARDED_FOR can contain a chain of comma-separated // addresses. The first one is the original client. It can't be // trusted for authenticity, but we don't need to for this purpose. $address_chain = explode( ',', $_SERVER[ $header ] ); $remote_ip = trim( $address_chain[0] ); break; } } return $remote_ip; } }