goodforms.php

<?php
/*
 * Plugin Name: GoodForms
 * Description: GoodForms validates emails and can help reduce spam comments.
 * Version: 1.0.0
 * License: GPLv2
 */

if ( ! defined( 'ABSPATH' ) ) {
    die();
}

//when plugin is marked 'ACTIVE'?
register_activation_hook( __FILE__, function () {
    //add_option('goodforms_settings',[]); //no, I think we want a _setting_ now?
    print "plugin IS ACTIVATED!!!!";
});

// when plugin is marked 'INACTIVE'
register_deactivation_hook( __FILE__, function () {
    print "plugin _deactivated_";
});

// what to do when the plugin is actually *REMOVED*
register_uninstall_hook( __FILE__, 'goodforms_uninstall_hook' );

/*****************************************/
/**
 * @internal never define functions inside callbacks.
 * these functions could be run multiple times; this would result in a fatal error.
 */

/**
 * custom option and settings
 */
function goodforms_settings_init() {
    // Register a new setting for "goodforms" page.
    register_setting( 'goodforms', 'goodforms_options' );

    // Register a new section in the "goodforms" page.
    add_settings_section(
        'goodforms_section_developers',
        __( 'GoodForms Settings', 'goodforms' ), 'goodforms_section_developers_callback',
        'goodforms'
    );

    add_settings_field(
        'goodforms_field_api_key', // As of WP 4.6 this value is used only internally.
        // Use $args' label_for to populate the id inside the callback.
        __( 'Private API Key', 'goodforms' ),
        'goodforms_field_text_cb',
        'goodforms',
        'goodforms_section_developers',
        array(
            'label_for'         => 'api_key',
            'class'             => 'goodforms_row',
            'goodforms_custom_data' => 'custom',
        )
    );

    add_settings_field(
        'goodforms_field_form_key', // As of WP 4.6 this value is used only internally.
        // Use $args' label_for to populate the id inside the callback.
        __( 'Form Key', 'goodforms' ),
        'goodforms_field_text_cb',
        'goodforms',
        'goodforms_section_developers',
        array(
            'label_for'         => 'form_key',
            'class'             => 'goodforms_row',
            'goodforms_custom_data' => 'custom',
        )
    );

    add_settings_field(
        'goodforms_field_max_certs', // As of WP 4.6 this value is used only internally.
        // Use $args' label_for to populate the id inside the callback.
        __( 'Max Certification Count', 'goodforms' ),
        'goodforms_field_text_cb',
        'goodforms',
        'goodforms_section_developers',
        array(
            'label_for'         => 'max_certs',
            'class'             => 'goodforms_row',
            'goodforms_custom_data' => 'custom', //TODO - use it or lose it
            'goodforms_default_value' => 1
        )
    );
    add_settings_field(
        'goodforms_field_max_age', // As of WP 4.6 this value is used only internally.
        // Use $args' label_for to populate the id inside the callback.
        __( 'Max Verification age (hours)', 'goodforms' ),
        'goodforms_field_text_cb',
        'goodforms',
        'goodforms_section_developers',
        array(
            'label_for'         => 'max_age',
            'class'             => 'goodforms_row',
            'goodforms_default_value' => 24,
            'goodforms_custom_data' => 'custom',
        )
    );
    add_settings_field(
        'goodforms_field_debug_mode',
        __('Debug Mode','goodforms'),
        'goodforms_field_checkbox_cb',
        'goodforms',
        'goodforms_section_developers',
        [
            'label_for'         => 'debug_mode',
            'class' => 'goodforms_row',
            'goodforms_custom_data' => 'custom',
        ]
    );
}

/**
 * Register our goodforms_settings_init to the admin_init action hook.
 */
add_action( 'admin_init', 'goodforms_settings_init' );

/**
 * Developers section callback function.
 *
 * @param array $args  The settings array, defining title, id, callback.
 */
function goodforms_section_developers_callback( $args ) {
    ?><a href="https://goodforms.com">
    <img src="/wp-content/plugins/goodforms/good-forms-logo.png" /></a>
    <?php
}

function goodforms_field_text_cb( $args ) {
    $options = get_option( 'goodforms_options' );
    goodforms_log("I got the options?");
    $field =  $args['label_for'] ;
    $value = @$options[$field];
    goodforms_log("And it's value is: $value");
    if(!isset($value) && array_key_exists('goodforms_default_value',$args)) {
        goodforms_log("Setting default value!");
        $value = $args['goodforms_default_value'];
    } else {
        goodforms_log("okay then - not setting default value...");
    }
    goodforms_log("ABout to rendner....");
    ?>
    <input name="goodforms_options[<?php echo esc_attr( $field ) ?>]" value="<?php echo esc_attr($value) ?>" size="40" />
    <?php
}

function goodforms_field_checkbox_cb( $args ) {
    $options = get_option( 'goodforms_options' );
    ?><select
        id="<?php echo esc_attr( $args['label_for'] ); ?>"
        data-custom="<?php echo esc_attr( $args['goodforms_custom_data'] ); ?>"
        name="goodforms_options[<?php echo esc_attr( $args['label_for'] ); ?>]">
        <option value="false" <?php echo isset( $options[ $args['label_for'] ] ) ? ( selected( $options[ $args['label_for'] ], 'false', false ) ) : ( '' ); ?>>
    <?php esc_html_e( 'Debug Mode Disabled', 'goodforms' ); ?>
    </option>
    <option value="true" <?php echo isset( $options[ $args['label_for'] ] ) ? ( selected( $options[ $args['label_for'] ], 'true', false ) ) : ( '' ); ?>>
        <?php esc_html_e( 'Debug Mode Enabled', 'goodforms' ); ?>
    </option>
    <option value="verbose"  <?php echo isset( $options[ $args['label_for'] ] ) ? ( selected( $options[ $args['label_for'] ], 'verbose', false ) ) : ( '' ); ?>>
        <?php esc_html_e( 'VERBOSE MODE', 'goodforms' ); ?>
    </option>
    </select><?php

}

/**
 * Add the top level menu page.
 */
function goodforms_options_page() {
    add_menu_page(
        'goodforms',
        'GoodForms',
        'manage_options',
        'goodforms',
        'goodforms_options_page_html'
    );
}


/**
 * Register our goodforms_options_page to the admin_menu action hook.
 */
add_action( 'admin_menu', 'goodforms_options_page' );


/**
 * Top level menu callback function
 */
function goodforms_options_page_html() {
    // check user capabilities
    if ( ! current_user_can( 'manage_options' ) ) {
        return;
    }

    // add error/update messages

    // check if the user have submitted the settings
    // WordPress will add the "settings-updated" $_GET parameter to the url
    if ( isset( $_GET['settings-updated'] ) ) {
        // add settings saved message with the class of "updated"
        add_settings_error( 'goodforms_messages', 'goodforms_message', __( 'Settings Saved', 'goodforms' ), 'updated' );
    }

    // show error/update messages
    settings_errors( 'goodforms_messages' );
    ?>
    <div class="wrap">
        <!--<h1>PHUUURRRT--><?php //echo esc_html( get_admin_page_title() ); ?><!--</h1>-->
        <form action="options.php" method="post">
            <?php
            // output security fields for the registered setting "goodforms"
            settings_fields( 'goodforms' );
            // output setting sections and their fields
            // (sections are registered for "goodforms", each field is registered to a specific section)
            do_settings_sections( 'goodforms' );
            // output save settings button
            submit_button( 'Save Settings' );
            ?>
        </form>
    </div>
    <?php
}

function goodforms_uninstall_hook() {
    //delete_option('goodforms_settings'); FIXME :(
    print "Uhm, hello? You uninstalled me now?!";
}

add_action( 'wp_enqueue_scripts',function () {
    wp_enqueue_script('goodforms-js','https://cdn.goodforms.com/verify.js',[],"1.0.0",false); //FIXME - this is appending a weird version
});

add_action( 'wp_footer',function () {
    //print "<p>HI THERE!</p>";
    $options = get_option( 'goodforms_options' );
    $debug_mode = $options['debug_mode'];
    if($debug_mode == "verbose") {
        $debug_mode = '"verbose"'; //string, needs escaping
    }
    if(!$debug_mode) { //in case of 'null'
        $debug_mode = 'false';
    }
    print "<script>Goodforms('".esc_js($options['form_key'])."',{debug: ".esc_js($debug_mode)."})</script>";
});

/**
 * So, what I need now are a few settings, right?
 *
 * The API key (private one) so that we can certify the results, right?
 *
 * The Form Key so we can actually, like, do the thing? Like, the thing that actually *does* the thing, the verifying.
 *
 * We need maybe an integer count for 'how many certifications will you accept'?
 *
 * We need a day-count for 'how old a verification will you accept?'
 *
 * Let's see, let's see - what else....
 *
 * We need to inject the JS into the page whenever there's a form field with an email.
 *
 * We need to, on submit, intercept the submission and (possibly) do something with it.
 *
 * Pre-comment approve which can spam or trash things:
 * https://developer.wordpress.org/reference/hooks/pre_comment_approved/
 *
 *
 */

function goodforms_log($msg)
{
    return error_log($msg."\n",3,ABSPATH. "wp-content/stupid.log");
}

add_action('wp_loaded',function () {
    $results = goodforms_log("Can we even log anything?!");
    if(!$results) {
        die("Cannot log!");
    }
});
goodforms_log("Uhm, here is a thing?");

$goodforms_has_fired = null;

add_filter('pre_comment_approved', function ($approved /*, $comment*/) {
    global $goodforms_has_fired;
    if(isset($goodforms_has_fired)) {
        return $goodforms_has_fired;
    }
    $options = get_option( 'goodforms_options' );
    goodforms_log("Pre comment approved firing!!!!!");
    //first off, do we even *have* a checksum? If not, then
    if(!array_key_exists('goodforms_checksum',$_REQUEST)) {
        // no checksum passed at all, didn't go through verification properly
        goodforms_log("no checksum found!");
        $goodforms_has_fired = 'trash';
        return 'trash';
    }
    goodforms_log("REquest is: ".print_r($_REQUEST,true));
    // FIXME - add user-agent
    // FIXME - switch to WP-native HTTP get: wp_remote_get()
    $raw_results = file_get_contents("https://api.goodforms.com/certify?apikey=".$options['api_key']."&email=".urlencode($_REQUEST['email'])."&goodforms_checksum=".urlencode($_REQUEST['goodforms_checksum']), false);
    if(!$raw_results) {
        //failed to grab a certification at all. Mark as spam.
        goodforms_log("No raw results");
        $goodforms_has_fired = 'spam';
        return 'spam';
    }
    $answer = json_decode($raw_results, true);
    //first, confirm that certification worked at all
    // {"status":"success","date":"2026-04-17T12:08:33.757683","count":1}
    if(!$answer || @$answer['status'] != "success") {
        //not a successful certification
        goodforms_log("Invalid JSON or non-successful status?");
        goodforms_log("Raw: ".$raw_results);
        goodforms_log("Here's the answer: ".print_r($answer,true));
        return 'spam';
    }
    //"oversold"
    if($answer['count'] > $options['max_certs'] ) {
        goodforms_log("oversold!");
        $goodforms_has_fired = 'spam';
        return 'spam';
    }

    //"old"
    if(@$options['max_age'] && (time() - strtotime(@$answer['date']) > $options['max_age']*3600)) {
        goodforms_log("OLD!");
        $goodforms_has_fired = 'spam';
        return 'spam';
    }
    goodforms_log("it's good!");
    //"good"
    $goodforms_has_fired = 0;
    return 0; // pending
    /* for _return_ values, we're allowed:

        0 (int) comment is marked for moderation as "Pending" <- Unknown/Catchall here?
        1 (int) comment is marked for immediate publication as "Approved" <- GOOD certs within limits go here
        'spam' (string) comment is marked as "Spam" <- no-checksum goes here?
        'trash' (string) comment is to be put in the Trash <- BAD certs go here?

    I mean all that is well and good, I guess? But can't we just stop the comment completely in its tracks? I mean, that'd be nice?

    */
}/* optional additional parameters: priority, number of arguments */);