} else { showmyerror('userdoesntexist'); } } if (sanitize($_GET["mode"], 3) == "killspam") { // killspam user // code to prevent CSRF // doesn't matter if a token exists. if we're viewing this page, just // create a new one or replace the existing. $CSRF->create('admin_users_killspam', true, true); // code to prevent CSRF if (sanitize($_GET["user"], 3) == "god") { echo "You can't killspam this user"; } else { $user = $db->get_row('SELECT * FROM ' . table_users . ' where user_login="******"user"], 3) . '"'); canIChangeUser($user->user_level); if ($user) { // breadcrumbs and page titles $navwhere['text1'] = $main_smarty->get_config_vars('PLIGG_Visual_Header_AdminPanel'); $navwhere['link1'] = getmyurl('admin', ''); $navwhere['text2'] = $main_smarty->get_config_vars('PLIGG_Visual_Header_AdminPanel_1'); $navwhere['link2'] = my_pligg_base . "/admin/admin_users.php"; $navwhere['text3'] = $main_smarty->get_config_vars('PLIGG_Visual_Breadcrumb_User_Killspam'); $main_smarty->assign('navbar_where', $navwhere); $main_smarty->assign('posttitle', " / " . $main_smarty->get_config_vars('PLIGG_Visual_Header_AdminPanel')); // misc smarty $main_smarty->assign('pagename', pagename); $main_smarty->assign('user', sanitize($_GET["user"], 3)); $main_smarty->assign('id', sanitize($_GET["id"], 3)); // pagename define('pagename', 'admin_users');
function killspam($id) { global $db; require_once mnminclude . 'link.php'; require_once mnminclude . 'votes.php'; require_once mnminclude . 'tags.php'; $user = $db->get_row('SELECT * FROM ' . table_users . " where user_id={$id}"); if (!$user->user_id) { return; } canIChangeUser($user->user_level); $db->query('UPDATE `' . table_users . "` SET user_enabled=0, `user_pass` = '63205e60098a9758101eeff9df0912ccaaca6fca3e50cdce3', user_level = 'Spammer' WHERE `user_id` = {$id}"); $results = $db->get_results($sql = "SELECT comment_id, comment_link_id FROM `" . table_comments . "` WHERE `comment_user_id` = {$id}"); if ($results) { foreach ($results as $result) { $db->query($sql = 'UPDATE `' . table_comments . '` SET `comment_status` = "spam" WHERE `comment_id` = "' . $result->comment_id . '"'); $vars = array('comment_id' => $result->comment_id); check_actions('comment_spam', $vars); $link = new Link(); $link->id = $result->comment_link_id; $link->read(); $link->recalc_comments(); $link->store(); } } ban_ip($user->user_ip, $user->user_lastip); $results = $db->get_results("SELECT * FROM `" . table_groups . "` WHERE group_creator = '{$id}'"); if ($results) { foreach ($results as $result) { $db->query('DELETE FROM `' . table_group_member . '` WHERE member_group_id = ' . $result->group_id); $db->query('DELETE FROM `' . table_group_shared . '` WHERE share_group_id = ' . $result->group_id); } } $db->query("DELETE FROM `" . table_groups . "` WHERE group_creator = '{$id}'"); $results = $db->get_results("SELECT vote_id,vote_link_id FROM `" . table_votes . "` WHERE `vote_user_id` = {$id}"); if ($results) { foreach ($results as $result) { $db->query('DELETE FROM `' . table_votes . '` WHERE `vote_id` = "' . $result->vote_id . '"'); $link = new Link(); $link->id = $result->vote_link_id; $link->read(); $vote = new Vote(); $vote->type = 'links'; $vote->link = $result->vote_link_id; if (Voting_Method == 1) { $link->votes = $vote->count(); $link->reports = $link->count_all_votes("<0"); } elseif (Voting_Method == 2) { $link->votes = $vote->rating(); $link->votecount = $vote->count(); $link->reports = $link->count_all_votes("<0"); } elseif (Voting_Method == 3) { $link->votes = $vote->count(); $link->karma = $vote->karma(); $link->reports = $link->count_all_votes("<0"); } $link->store_basic(); $link->check_should_publish(); } } $results = $db->get_results($sql = "SELECT link_id, link_url FROM `" . table_links . "` WHERE `link_author` = {$id}"); global $USER_SPAM_RULESET, $FRIENDLY_DOMAINS; $filename = mnmpath . $USER_SPAM_RULESET; $lines = file($filename, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); $approved = file(mnmpath . $FRIENDLY_DOMAINS, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); if ($results) { foreach ($results as $result) { if (preg_match('/:\\/\\/(www\\.)?([^\\/]+)(\\/|$)/', $result->link_url, $m)) { $domain = strtoupper($m[2]) . "\n"; if (!in_array($domain, $lines) && !in_array($domain, $approved)) { $lines[] = $domain; $changed = 1; } } $vars = array('link_id' => $result->link_id); check_actions('story_spam', $vars); } } if ($changed) { if (is_writable($filename)) { if ($handle = fopen($filename, 'w')) { fwrite($handle, join("\n", $lines)); fclose($handle); } } } $db->query($sql = 'UPDATE `' . table_links . '` SET `link_status` = "spam" WHERE `link_author` = "' . $id . '"'); $db->query('DELETE FROM `' . table_saved_links . '` WHERE `saved_user_id` = "' . $id . '"'); $db->query('DELETE FROM `' . table_trackbacks . '` WHERE `trackback_user_id` = "' . $id . '"'); $db->query('DELETE FROM `' . table_friends . '` WHERE `friend_id` = "' . $id . '"'); $db->query('DELETE FROM `' . table_messages . "` WHERE `sender`={$id} OR `receiver`={$id}"); }