/**
* Called on the login user event
* Checks for spammers
*
* @param type $event
* @param type $type
* @param type $user
* @return boolean
*/
function login_event($event, $type, $user)
{
$check_login = elgg_get_plugin_setting('event_login', PLUGIN_ID);
$ip = get_ip();
$user->ip_address = $ip;
if ($check_login != 'no' || !$user->last_login) {
// do it by default
if (!check_spammer($user->email, $ip, true) && !$user->isAdmin()) {
register_error(elgg_echo('spam_login_filter:access_denied_mail_blacklist'));
notify_admin($user->email, $ip, "Existing member identified as spammer has tried to login, check this account");
return false;
}
}
// check user metadata for banned words/phrases
$banned = get_banned_strings();
$metadata = get_metadata_names();
if ($banned && $metadata) {
foreach ($metadata as $m) {
foreach ($banned as $str) {
if (strpos($user->{$m}, $str) !== false) {
return false;
}
}
}
}
}
function display_meta_sign()
{
echo '<h1>RULES LIST</h1>';
if (isset($_GET['remove_trigger'])) {
if (!check_csrf(TRUE)) {
error('[display_meta_sign] REMOVE TRIGGER CSRF ATTEMPT', 'SECURITY');
}
remove_trigger($_GET['remove_trigger']);
}
if (isset($_POST['CREATE']) && isset($_POST['field']) && isset($_POST['description']) && isset($_POST['label']) && isset($_POST['criticity']) && isset($_POST['type']) && ($_POST['type'] == 'std' && isset($_POST['field']) && isset($_POST['match']) || $_POST['type'] == 'meta' && isset($_POST['meta_field']) && isset($_POST['meta_match']))) {
$table = "";
$description = $_POST['description'];
$label = $_POST['label'];
$criticity = $_POST['criticity'];
$field = '';
$type = $_POST['type'];
$match = '';
if ($type == "std" && isset($_POST['field'])) {
$field = $_POST['field'];
$match = $_POST['match'];
}
if ($type == "meta" && isset($_POST['meta_field'])) {
$match = $_POST['meta_match'];
$field = $_POST['meta_field'];
}
create_trigger($description, $label, $criticity, $field, $match, $type);
}
$triggerz = get_triggerz();
echo '<table>';
while ($res = $triggerz->fetchArray()) {
$disp = '<a href="' . $_SERVER['PHP_SELF'] . '?meta_sign&view_trigger=' . secure_display($res['name']) . '">VIEW SQL TRIGGER</a>';
if (isset($_GET['view_trigger']) && $_GET['view_trigger'] == $res['name']) {
$disp = secure_display($res['sql']);
}
echo '<tr><th class="std">' . secure_display($res['name']) . '</th><td>' . $disp . '</td><td><a href="' . $_SERVER['PHP_SELF'] . '?meta_sign&crt=' . gen_csrf(TRUE) . '&remove_trigger=' . secure_display($res['name']) . '" onclick="return confirm(\'Are you sure?\');">REMOVE</a></td></tr>';
}
echo '</table>';
$meta_fields_list = '';
$meta_fields = get_metadata_names();
while ($field = $meta_fields->fetchArray()) {
$meta_fields_list .= '<option value="' . $field['name'] . '">' . secure_display($field['name']) . '</option>';
}
echo '<h1>CREATE RULE</h1>
<form action="' . $_SERVER['PHP_SELF'] . '?meta_sign" method="POST">
' . gen_csrf() . '
<table>
<tr><th class="std">LABEL</th><td class="std"><input type="text" name="label" value=""></td></tr>
<tr><th class="std">DESCRIPTION</th><td class="std"><input type="text" name="description" value=""></td></tr>
<tr><th class="std">CRITICITY</th><td class="std"><select name="criticity"><option value="1">High</option><option value="2">Medium</option><option value="3">Low</option></select></td></tr>
<tr><th class="std">
<select name="field">
<option value="md5">MD5</option>
<option value="sign">SIGNATURE</option>
</select>
matches</th><td class="std"><input type="text" name="match" /> (input data is in LIKE SQL statements, use "%" as wildcards)</td><td><input type="radio" name="type" value="std" checked /></td></tr>
<tr><th class="std">
<select name="meta_field">
' . $meta_fields_list . '
</select>
matches</th><td class="std"><input type="text" name="meta_match" /> (input data is in LIKE SQL statements, use "%" as wildcards)</td><td><input type="radio" name="type" value="meta" /></td></tr>
<tr><th colspan="2"><input type="submit" name="CREATE" value="CREATE"/></th></tr>
</table>
</form>';
}
