protected function addAdditionalElements()
{
// Init info
$this->addElement('Select', 'type', array('label' => '*Type of ban', 'multiOptions' => array('0' => 'Email', '1' => 'Username', '2' => 'Ip'), 'onchange' => "updateTextFields()", 'value' => $this->_type));
$user = Engine_Api::_()->user()->getViewer();
//ADD AUTH STUFF HERE
// Init Email
$this->addElement('Textarea', 'email', array('label' => '*Email Address Ban', 'description' => 'YNBANMEM_FORM_EMAILBANS_DESCRIPTION'));
$this->email->getDecorator("Description")->setOption("placement", "append");
// Init Username
// Init Email
$this->addElement('Textarea', 'username', array('label' => '*Username Address Ban', 'description' => 'YNBANMEM_FORM_USERNAMEBANS_DESCRIPTION'));
$this->username->getDecorator("Description")->setOption("placement", "append");
$translator = $this->getTranslator();
if ($translator) {
$description = sprintf($translator->translate('YNBANMEM_FORM_IPBANS_DESCRIPTION'), Engine_IP::normalizeAddress(Engine_IP::getRealRemoteAddress()));
} else {
$description = 'YNBANMEM_FORM_IPBANS_DESCRIPTION';
}
// Init Ip
$this->addElement('Textarea', 'ip', array('label' => '*IP Address Ban', 'description' => $description));
$this->ip->getDecorator("Description")->setOption("placement", "append");
// init Email Message
$value = "Your account has been banned.";
$this->addElement('textarea', 'email_message', array('label' => '*Message', 'style' => 'width: 430px; height: 200px', 'value' => $value));
$this->email_message->getDecorator("Description")->setOption("placement", "append");
}
public function init()
{
$maindescription = $this->getTranslator()->translate('Social networks are often the target of aggressive spam tactics. This most often comes in the form of fake user accounts and spam in comments. On this page, you can manage various anti-spam and censorship features. Note: To turn on the signup image verification feature (a popular anti-spam tool), see the Signup Progress page. <br>');
$settings = Engine_Api::_()->getApi('settings', 'core');
if ($settings->getSetting('user.support.links', 0) == 1) {
$moreinfo = $this->getTranslator()->translate('More Info: <a href="%1$s" target="_blank"> KB Article</a>');
} else {
$moreinfo = $this->getTranslator()->translate('');
}
$maindescription = vsprintf($maindescription . $moreinfo, array('http://support.socialengine.com/questions/183/Admin-Panel-Settings-Spam-and-Banning-Tools'));
// Decorators
$this->loadDefaultDecorators();
$this->getDecorator('Description')->setOption('escape', false);
// Set form attributes
//$this->setTitle('Spam & Banning Tools');
$this->setDescription($maindescription);
// init ip-range ban
$translator = $this->getTranslator();
if ($translator) {
$description = sprintf($translator->translate('CORE_FORM_ADMIN_SETTINGS_SPAM_IPBANS_DESCRIPTION'), Engine_IP::normalizeAddress(Engine_IP::getRealRemoteAddress()));
} else {
$description = 'CORE_FORM_ADMIN_SETTINGS_SPAM_IPBANS_DESCRIPTION';
}
$this->addElement('Textarea', 'bannedips', array('label' => 'IP Address Ban', 'description' => $description));
// init email bans
$this->addElement('Textarea', 'bannedemails', array('label' => 'Email Address Ban', 'description' => 'CORE_FORM_ADMIN_SETTINGS_SPAM_EMAILBANS_DESCRIPTION'));
// init username bans
$this->addElement('Textarea', 'bannedusernames', array('label' => 'Profile Address Ban', 'description' => 'CORE_FORM_ADMIN_SETTINGS_SPAM_USERNAMEBANS_DESCRIPTION'));
// init censored words
$this->addElement('Textarea', 'bannedwords', array('label' => 'Censored Words', 'description' => 'CORE_FORM_ADMIN_SETTINGS_SPAM_CENSOR_DESCRIPTION'));
$this->addElement('Radio', 'signup', array('label' => 'Require new users to enter validation code when signing up?', 'multiOptions' => $this->_captcha_options, 'value' => 0));
$this->addElement('Radio', 'invite', array('label' => 'Require users to enter validation code when inviting others?', 'multiOptions' => $this->_captcha_options, 'value' => 0));
$this->addElement('Radio', 'login', array('label' => 'Require users to enter validation code when signing in?', 'multiOptions' => $this->_captcha_options, 'value' => 0));
$this->addElement('Radio', 'contact', array('label' => 'Require users to enter validation code when using the contact form?', 'multiOptions' => array(2 => 'Yes, make everyone complete the CAPTCHA form.', 1 => 'Yes, make visitors complete CAPTCHA, but members are exempt.', 0 => 'No, do not show a CAPTCHA form to anyone.'), 'value' => 0));
// init profile
$this->addElement('Radio', 'comment', array('label' => 'Require users to enter validation code when commenting?', 'multiOptions' => $this->_captcha_options, 'value' => 0));
// recaptcha
if ($translator) {
$description = sprintf($translator->translate('You can obtain API credentials at: %1$s'), $this->getView()->htmlLink('https://www.google.com/recaptcha', 'https://www.google.com/recaptcha'));
} else {
$description = null;
}
$this->addElement('Text', 'recaptchapublic', array('label' => 'ReCaptcha Public Key', 'description' => $description, 'filters' => array('StringTrim')));
$this->getElement('recaptchapublic')->getDecorator('Description')->setOption('escape', false);
$this->addElement('Text', 'recaptchaprivate', array('label' => 'ReCaptcha Private Key', 'description' => $description, 'filters' => array('StringTrim')));
$this->getElement('recaptchaprivate')->getDecorator('Description')->setOption('escape', false);
// tokens
// $this->addElement('Radio', 'tokens', array(
// 'label' => 'Use Tokens?',
// 'multiOptions' => array(
// 1 => 'Yes, use security tokens.',
// 0 => 'No, do not use security tokens.',
// ),
// ));
// comment html
$this->addElement('Text', 'commenthtml', array('label' => 'Allow HTML in Comments?', 'description' => 'CORE_ADMIN_FORM_SETTINGS_SPAM_COMMENTHTML_DESCRIPTION'));
// init submit
$this->addElement('Button', 'submit', array('label' => 'Save Changes', 'type' => 'submit', 'ignore' => true));
}
public function spamAction()
{
// Get navigation
$this->view->navigation = Engine_Api::_()->getApi('menus', 'core')->getNavigation('core_admin_banning', array(), 'core_admin_banning_general');
// Get form
$this->view->form = $form = new Core_Form_Admin_Settings_Spam();
// Get db
$db = Engine_Db_Table::getDefaultAdapter();
// Populate some settings
$settings = Engine_Api::_()->getApi('settings', 'core');
$config = (array) $settings->core_spam;
// Load all IPs
$bannedIpsTable = Engine_Api::_()->getDbtable('BannedIps', 'core');
$bannedIps = array();
foreach ($bannedIpsTable->getAddresses() as $bannedIp) {
if (is_array($bannedIp)) {
$bannedIps[] = join(' - ', $bannedIp);
} else {
if (is_string($bannedIp)) {
$bannedIps[] = $bannedIp;
}
}
}
$config['bannedips'] = join("\n", $bannedIps);
// Load all emails
$bannedEmailsTable = Engine_Api::_()->getDbtable('BannedEmails', 'core');
$bannedEmails = $bannedEmailsTable->getEmails();
$config['bannedemails'] = join("\n", $bannedEmails);
// Load all usernames
$bannedUsernamesTable = Engine_Api::_()->getDbtable('BannedUsernames', 'core');
$bannedUsernames = $bannedUsernamesTable->getUsernames();
$config['bannedusernames'] = join("\n", $bannedUsernames);
// Load all words
$bannedWordsTable = Engine_Api::_()->getDbtable('BannedWords', 'core');
$bannedWords = $bannedWordsTable->getWords();
$config['bannedwords'] = join("\n", $bannedWords);
// Populate
if (_ENGINE_ADMIN_NEUTER) {
$config['recaptchapublic'] = '**********';
$config['recaptchaprivate'] = '**********';
}
$form->populate($config);
if (!$this->getRequest()->isPost()) {
return;
}
if (!$form->isValid($this->getRequest()->getPost())) {
return;
}
// Process
$db = Engine_Api::_()->getDbtable('settings', 'core')->getAdapter();
$db->beginTransaction();
$values = $form->getValues();
// Build banned IPs
$bannedIpsNew = preg_split('/\\s*[,\\n]+\\s*/', $values['bannedips']);
foreach ($bannedIpsNew as &$bannedIpNew) {
if (false !== strpos($bannedIpNew, '-')) {
$bannedIpNew = preg_split('/\\s*-\\s*/', $bannedIpNew, 2);
} else {
if (false != strpos($bannedIpNew, '*')) {
$tmp = $bannedIpNew;
if (false != strpos($tmp, ':')) {
$bannedIpNew = array(str_replace('*', '0', $tmp), str_replace('*', 'ffff', $tmp));
} else {
$bannedIpNew = array(str_replace('*', '0', $tmp), str_replace('*', '255', $tmp));
}
}
}
}
// Check if they are banning their own address
if ($bannedIpsTable->isAddressBanned(Engine_IP::getRealRemoteAddress(), $bannedIpsTable->normalizeAddressArray($bannedIpsNew))) {
return $form->addError('One of the IP addresses or IP address ranges you entered contains your own IP address.');
}
if (!empty($values['recaptchapublic']) && !empty($values['recaptchaprivate'])) {
$recaptcha = new Zend_Service_ReCaptcha($values['recaptchapublic'], $values['recaptchaprivate']);
try {
$resp = $recaptcha->verify('test', 'test');
// if( false === stripos($resp, 'error') ) {
// return $form->addError('ReCaptcha Key Invalid: ' . $resp);
// }
if (in_array($err = $resp->getErrorCode(), array('invalid-site-private-key', 'invalid-site-public-key'))) {
return $form->addError('ReCaptcha Error: ' . $err);
}
// Validate public key
$httpClient = new Zend_Http_Client();
$httpClient->setUri('http://www.google.com/recaptcha/api/challenge');
$httpClient->setParameterGet('k', $values['recaptchapublic']);
$resp = $httpClient->request('GET');
if (false !== stripos($resp->getBody(), 'Input error')) {
return $form->addError('ReCaptcha Error: ' . str_replace(array("document.write('", "\\n');"), array('', ''), $resp->getBody()));
}
} catch (Exception $e) {
return $form->addError('ReCaptcha Key Invalid: ' . $e->getMessage());
}
$values['recaptchaenabled'] = true;
} else {
$values['recaptchaenabled'] = false;
}
try {
if (!empty($bannedIpNew)) {
// Save Banned IPs
$bannedIpsTable->setAddresses($bannedIpsNew);
unset($values['bannedips']);
}
// Save Banned Emails
$bannedEmailsNew = preg_split('/\\s*[,\\n]+\\s*/', $values['bannedemails']);
$bannedEmailsTable->setEmails($bannedEmailsNew);
unset($values['bannedemails']);
// Save Banned Usernames
$bannedUsernamesNew = preg_split('/\\s*[,\\n]+\\s*/', $values['bannedusernames']);
$bannedUsernamesTable->setUsernames($bannedUsernamesNew);
unset($values['bannedusernames']);
// Save Banned Words
$bannedWordsNew = preg_split('/\\s*[,\\n]+\\s*/', $values['bannedwords']);
$bannedWordsTable->setWords($bannedWordsNew);
unset($values['bannedwords']);
// Save other settings
$settings->core_spam = $values;
$db->commit();
$form->addNotice('Your changes have been saved.');
} catch (Exception $e) {
$db->rollback();
throw $e;
}
}
public function addAction()
{
// Get navigation
$this->view->navigation = $navigation = Engine_Api::_()->getApi('menus', 'core')->getNavigation('ynbanmem_main');
if (count($this->view->navigation) == 1) {
$this->view->navigation = null;
}
// Check auth
$viewer = Engine_Api::_()->user()->getViewer();
if (!$this->_helper->requireUser()->isValid()) {
return;
}
if (!$this->_helper->requireAuth()->setAuthParams('ynbanmem', null, 'add')->isValid()) {
return;
}
// Make params
$this->view->navigation = $navigation = Engine_Api::_()->getApi('menus', 'core')->getNavigation('ynbanmem_main', array(), 'ynbanmem_main_add');
// Make form
$this->view->form = $form = new Ynbanmem_Form_Add(array('type' => $this->_getParam('type', 0)));
// Get data if the request come from profile page
$id = $this->_getParam('id', null);
if ($id != "") {
$user = Engine_Api::_()->getItem('user', $id);
$form->populate(array('email' => $user->email));
}
if (!$this->getRequest()->isPost()) {
return;
}
$post = $this->getRequest()->getPost();
if (!$form->isValid($post)) {
return;
}
$db = Engine_Db_Table::getDefaultAdapter();
$db->beginTransaction();
$flag = true;
// Process
$bannedUsernamesTable = Engine_Api::_()->getDbTable('bannedusernames', 'ynbanmem');
$bannedIpsTable = Engine_Api::_()->getDbTable('bannedips', 'ynbanmem');
$bannedEmailsTable = Engine_Api::_()->getDbTable('bannedemails', 'ynbanmem');
$extraInfoTable = Engine_Api::_()->getDbTable('extrainfo', 'ynbanmem');
$userTable = Engine_Api::_()->getDbTable('users', 'user');
try {
$values = $form->getValues();
$values['admin'] = Engine_Api::_()->user()->getViewer()->getIdentity();
//Get expiry date
if (strtotime($values['expiry_date']) > 0) {
// Convert times
$oldTz = date_default_timezone_get();
date_default_timezone_set($viewer->timezone);
$expiry_date = strtotime($values['expiry_date']);
$now = strtotime(date('Y-m-d H:i:s'));
date_default_timezone_set($oldTz);
$values['expiry_date'] = date('Y-m-d H:i:s', $expiry_date);
if ($expiry_date <= $now) {
$form->getElement('expiry_date')->addError('Expiry Date should be greater than Current Time!');
return;
}
} else {
$values['expiry_date'] = "0000-00-00 00:00:00";
}
$info = $values;
$info['email_message'] = trim($values['email_message']);
switch ($values['type']) {
// Ban username
case 1:
if ($values['username'] == "") {
$form->getElement('username')->addError('Please complete this field - it is required.');
return;
}
$info['type'] = 0;
// Username
$bannedUsernamesNew = preg_split('/\\s*[,\\n]+\\s*/', $values['username']);
foreach ($bannedUsernamesNew as $newUsername) {
$user = $userTable->select()->where('username = ?', $newUsername)->query()->fetchAll();
if (count($user) == 0 || $user[0]['level_id'] == 1 || $viewer->username == $user[0]['username']) {
$form->getElement('username')->addError('There is not any users relate to this username or the usernames you entered contains your own username or admin username.');
return;
}
}
$bannedUsernamesTable->setBannedUsernames($bannedUsernamesNew, $info);
$form->addNotice('Your changes have been saved.');
unset($values['bannedusernames']);
break;
case 2:
if ($values['ip'] == "") {
$form->getElement('ip')->addError('Please complete this field - it is required.');
return;
}
$info['type'] = 1;
// Ip
// Build banned IPs
try {
$bannedIpsNew = preg_split('/\\s*[,\\n]+\\s*/', $values['ip']);
foreach ($bannedIpsNew as &$bannedIpNew) {
if (false !== strpos($bannedIpNew, '-')) {
$bannedIpNew = preg_split('/\\s*-\\s*/', $bannedIpNew, 2);
} else {
if (false != strpos($bannedIpNew, '*')) {
$tmp = $bannedIpNew;
if (false != strpos($tmp, ':')) {
$bannedIpNew = array(str_replace('*', '0', $tmp), str_replace('*', 'ffff', $tmp));
} else {
$bannedIpNew = array(str_replace('*', '0', $tmp), str_replace('*', '255', $tmp));
}
}
}
}
} catch (Exception $e) {
$db->rollBack();
return $form->addError('');
}
// Check if they are banning their own address
if ($bannedIpsTable->isAddressBanned(Engine_IP::getRealRemoteAddress(), $bannedIpsTable->normalizeAddressArray($bannedIpsNew))) {
return $form->addError('One of the IP addresses or IP address ranges you entered contains your own IP address.');
}
if (!empty($bannedIpNew)) {
// Save Banned IPs
$bannedIpsTable->setAddresses($bannedIpsNew, $info);
unset($values['bannedips']);
}
$form->addNotice('Your changes have been saved.');
break;
// Ban Emails
// Ban Emails
case 0:
if ($values['email'] == "") {
$form->getElement('email')->addError('Please complete this field - it is required.');
return;
}
$info['type'] = 2;
// Email
// Save Banned Emails
$bannedEmailsNew = preg_split('/\\s*[,\\n]+\\s*/', $values['email']);
foreach ($bannedEmailsNew as $newEmail) {
$user = $userTable->select()->where('email = ?', $newEmail)->query()->fetchAll();
if (count($user) == 0 || $user[0]['level_id'] == 1 || $viewer->email == $user[0]['email']) {
$form->getElement('email')->addError('There is not any users relate to the email(s) or the email(s) you entered contains your own email or admin email.');
return;
}
}
$bannedEmailsTable->setEmails($bannedEmailsNew, $info);
$form->addNotice('Your changes have been saved.');
unset($values['email']);
break;
default:
break;
}
$db->commit();
//$form->addNotice('There is not any user relate to this email.');
switch ($values['type']) {
// Ban username
case 1:
return $this->_helper->redirector->gotoRoute(array('action' => ''), 'ynbanmem_general', true);
break;
case 2:
return $this->_helper->redirector->gotoRoute(array('action' => 'view-ip'), 'ynbanmem_general', true);
break;
case 0:
return $this->_helper->redirector->gotoRoute(array('action' => 'view-email'), 'ynbanmem_general', true);
break;
}
//
// Engine_Api::_()->getApi('mail', 'core')->sendSystem($user, 'user_account_approved', array(
// 'host' => $_SERVER['HTTP_HOST'],
// 'email' => $user->email,
// 'date' => time(),
// 'recipient_title' => $user->getTitle(),
// 'recipient_link' => $user->getHref(),
// 'recipient_photo' => $user->getPhotoUrl('thumb.icon'),
// 'object_link' => Zend_Controller_Front::getInstance()->getRouter()->assemble(array(), 'user_login', true),
// ));
} catch (Exception $e) {
$db->rollBack();
throw $e;
}
}
