/** * @ticket 23192 */ function test_is_user_spammy() { $user_id = $this->factory->user->create( array( 'role' => 'author', 'user_login' => 'testuser1', ) ); $spam_username = (string) $user_id; $spam_user_id = $this->factory->user->create( array( 'role' => 'author', 'user_login' => $spam_username, ) ); update_user_status( $spam_user_id, 'spam', '1' ); $this->assertTrue( is_user_spammy( $spam_username ) ); $this->assertFalse( is_user_spammy( 'testuser1' ) ); }
/** * For Multisite blogs, check if the authenticated user has been marked as a * spammer, or if the user's primary blog has been marked as spam. * * @since 3.7.0 * * @param WP_User|WP_Error|null $user WP_User or WP_Error object from a previous callback. Default null. * @return WP_User|WP_Error WP_User on success, WP_Error if the user is considered a spammer. */ function wp_authenticate_spam_check($user) { if ($user instanceof WP_User && is_multisite()) { /** * Filter whether the user has been marked as a spammer. * * @since 3.7.0 * * @param bool $spammed Whether the user is considered a spammer. * @param WP_User $user User to check against. */ $spammed = apply_filters('check_is_user_spammed', is_user_spammy(), $user); if ($spammed) { return new WP_Error('spammer_account', __('<strong>ERROR</strong>: Your account has been marked as a spammer.')); } } return $user; }
/** * For multisite blogs, check if the authenticated user has been marked as a * spammer, or if the user's primary blog has been marked as spam. * * @since 3.7.0 */ function wp_authenticate_spam_check($user) { if ($user && is_a($user, 'WP_User') && is_multisite()) { $spammed = apply_filters('check_is_user_spammed', is_user_spammy(), $user); if ($spammed) { return new WP_Error('spammer_account', __('<strong>ERROR</strong>: Your account has been marked as a spammer.')); } } return $user; }
/** * Creates, stores, then returns a password reset key for user. * * @since 4.4.0 * * @global wpdb $wpdb WordPress database abstraction object. * @global PasswordHash $wp_hasher Portable PHP password hashing framework. * * @param WP_User $user User to retrieve password reset key for. * * @return string|WP_Error Password reset key on success. WP_Error on error. */ function get_password_reset_key($user) { global $wpdb, $wp_hasher; /** * Fires before a new password is retrieved. * * Use the {@see 'retrieve_password'} hook instead. * * @since 1.5.0 * @deprecated 1.5.1 Misspelled. Use 'retrieve_password' hook instead. * * @param string $user_login The user login name. */ do_action('retreive_password', $user->user_login); /** * Fires before a new password is retrieved. * * @since 1.5.1 * * @param string $user_login The user login name. */ do_action('retrieve_password', $user->user_login); $allow = true; if (is_multisite() && is_user_spammy($user)) { $allow = false; } /** * Filters whether to allow a password to be reset. * * @since 2.7.0 * * @param bool $allow Whether to allow the password to be reset. Default true. * @param int $user_data->ID The ID of the user attempting to reset a password. */ $allow = apply_filters('allow_password_reset', $allow, $user->ID); if (!$allow) { return new WP_Error('no_password_reset', __('Password reset is not allowed for this user')); } elseif (is_wp_error($allow)) { return $allow; } // Generate something random for a password reset key. $key = wp_generate_password(20, false); /** * Fires when a password reset key is generated. * * @since 2.5.0 * * @param string $user_login The username for the user. * @param string $key The generated password reset key. */ do_action('retrieve_password_key', $user->user_login, $key); // Now insert the key, hashed, into the DB. if (empty($wp_hasher)) { $wp_hasher = new PasswordHash(8, true); } $hashed = time() . ':' . $wp_hasher->HashPassword($key); $key_saved = $wpdb->update($wpdb->users, array('user_activation_key' => $hashed), array('user_login' => $user->user_login)); if (false === $key_saved) { return new WP_Error('no_password_key_update', __('Could not save password reset key to database.')); } return $key; }
/** * Check the main WordPress query to match WP Idea Stream conditions * Eventually Override query vars and set global template conditions / vars * * This the key function of the plugin, it is definining the templates * to load and is setting the displayed user. * * Inspired by bbPress 's bbp_parse_query() * * @package WP Idea Stream * @subpackage core/template-functions * * @since 2.0.0 * * @param WP_Query $posts_query The WP_Query instance * @uses WP_Query->is_main_query() to check it's the main query * @uses WP_Query->get() to get a query var * @uses wp_idea_stream_is_admin() to check if in IdeaStream's Admin territory * @uses wp_idea_stream_is_sticky_enabled() to check if sticky feature is available * @uses WP_Query->set() to set a query var * @uses wp_idea_stream_is_rating_disabled() to check if ratings feature are available * @uses wp_idea_stream_set_idea_var() to globalize a var * @uses is_admin() to check for WordPress administration * @uses wp_idea_stream_get_post_type() to get the ideas post type identifier * @uses wp_idea_stream_user_rewrite_id() to get the user rewrite id * @uses wp_idea_stream_users_get_user_data() to get a specific user's data * @uses WP_Query->set_404() to set a 404 * @uses wp_idea_stream_user_rates_rewrite_id() to get the user rates rewrite id * @uses wp_idea_stream_user_comments_rewrite_id() to get the user comments rewrite id * @uses wp_idea_stream_action_rewrite_id() to get the action rewrite id * @uses wp_idea_stream_addnew_slug() to get the add new slug * @uses wp_idea_stream_edit_slug() to get the edit slug * @uses has_action() to check if the action 'wp_idea_stream_custom_action' is used by any plugins * @uses do_action() Calls 'wp_idea_stream_custom_action' to perform actions relative to ideas * @uses wp_idea_stream_get_category() to get the ideas category identifier * @uses wp_idea_stream_get_tag() to get the ideas tag identifier * @uses wp_idea_stream_search_rewrite_id() to get the search rewrite id */ function wp_idea_stream_parse_query($posts_query = null) { // Bail if $posts_query is not the main loop if (!$posts_query->is_main_query()) { return; } // Bail if filters are suppressed on this query if (true === $posts_query->get('suppress_filters')) { return; } // Handle the specific queries in IdeaStream Admin if (wp_idea_stream_is_admin()) { // Display sticky ideas if requested if (wp_idea_stream_is_sticky_enabled() && !empty($_GET['sticky_ideas'])) { $posts_query->set('post__in', wp_idea_stream_ideas_get_stickies()); } // Build meta_query if orderby rates is set if (!wp_idea_stream_is_rating_disabled() && !empty($_GET['orderby']) && 'rates_count' == $_GET['orderby']) { $posts_query->set('meta_query', array(array('key' => '_ideastream_average_rate', 'compare' => 'EXISTS'))); // Set the orderby idea var wp_idea_stream_set_idea_var('orderby', 'rates_count'); } do_action('wp_idea_stream_admin_request', $posts_query); return; } // Bail if else where in admin if (is_admin()) { return; } // Ideas post type for a later use $idea_post_type = wp_idea_stream_get_post_type(); /** User's profile ************************************************************/ // Are we requesting the user-profile template ? $user = $posts_query->get(wp_idea_stream_user_rewrite_id()); $embed_page = wp_idea_stream_is_embed_profile(); if (!empty($user)) { if (!is_numeric($user)) { // Get user by his username $user = wp_idea_stream_users_get_user_data('slug', $user); } else { // Get user by his id $user = wp_idea_stream_users_get_user_data('id', $user); } // No user id: no profile! if (empty($user->ID) || true === apply_filters('wp_idea_stream_users_is_spammy', is_multisite() && is_user_spammy($user), $user)) { $posts_query->set_404(); // Make sure the WordPress Embed Template will be used if ('true' === get_query_var('embed') || true === get_query_var('embed')) { $posts_query->is_embed = true; $posts_query->set('p', -1); } return; } // Set the displayed user id wp_idea_stream_set_idea_var('is_user', absint($user->ID)); // Make sure the post_type is set to ideas. $posts_query->set('post_type', $idea_post_type); // Are we requesting user rates $user_rates = $posts_query->get(wp_idea_stream_user_rates_rewrite_id()); // Or user comments ? $user_comments = $posts_query->get(wp_idea_stream_user_comments_rewrite_id()); if (!empty($user_rates) && !wp_idea_stream_is_rating_disabled()) { // We are viewing user's rates wp_idea_stream_set_idea_var('is_user_rates', true); // Define the Meta Query to get his rates $posts_query->set('meta_query', array(array('key' => '_ideastream_rates', 'value' => ';i:' . $user->ID . ';', 'compare' => 'LIKE'))); } else { if (!empty($user_comments)) { // We are viewing user's comments wp_idea_stream_set_idea_var('is_user_comments', true); /** * Make sure no result. * Query will be built later in user comments loop */ $posts_query->set('p', -1); } else { if ('true' === get_query_var('embed') || true === get_query_var('embed')) { $posts_query->is_embed = true; $posts_query->set('p', -1); if ($embed_page) { wp_idea_stream_set_idea_var('is_user_embed', true); } else { $posts_query->set_404(); return; } } // Default to the ideas the user submitted $posts_query->set('author', $user->ID); } } // No stickies on user's profile $posts_query->set('ignore_sticky_posts', true); // Make sure no 404 $posts_query->is_404 = false; // Set the displayed user. wp_idea_stream_set_idea_var('displayed_user', $user); } /** Actions (New Idea) ********************************************************/ $action = $posts_query->get(wp_idea_stream_action_rewrite_id()); if (!empty($action)) { // Make sure the post type is set to ideas $posts_query->set('post_type', $idea_post_type); // Define a global to inform we're dealing with an action wp_idea_stream_set_idea_var('is_action', true); // Is the new idea form requested ? if (wp_idea_stream_addnew_slug() == $action) { // Yes so set the corresponding var wp_idea_stream_set_idea_var('is_new', true); /** * Make sure no result. * We are not querying any content, but creating one */ $posts_query->set('p', -1); // Edit action ? } else { if (wp_idea_stream_edit_slug() == $action) { // Yes so set the corresponding var wp_idea_stream_set_idea_var('is_edit', true); // Signup support } else { if (wp_idea_stream_signup_slug() == $action && wp_idea_stream_is_signup_allowed_for_current_blog()) { // Set the signup global var wp_idea_stream_set_idea_var('is_signup', true); /** * Make sure no result. * We are not querying any content, but creating one */ $posts_query->set('p', -1); } else { if (has_action('wp_idea_stream_custom_action')) { /** * Allow plugins to other custom idea actions * * @param string $action The requested action * @param WP_Query $posts_query The WP_Query instance */ do_action('wp_idea_stream_custom_action', $action, $posts_query); } else { $posts_query->set_404(); return; } } } } } /** Ideas by category *********************************************************/ $category = $posts_query->get(wp_idea_stream_get_category()); if (!empty($category)) { // Make sure the post type is set to ideas $posts_query->set('post_type', $idea_post_type); // Define the current category wp_idea_stream_set_idea_var('is_category', $category); } /** Ideas by tag **************************************************************/ $tag = $posts_query->get(wp_idea_stream_get_tag()); if (!empty($tag)) { // Make sure the post type is set to ideas $posts_query->set('post_type', $idea_post_type); // Define the current tag wp_idea_stream_set_idea_var('is_tag', $tag); } /** Searching ideas ***********************************************************/ $search = $posts_query->get(wp_idea_stream_search_rewrite_id()); if (!empty($search)) { // Make sure the post type is set to ideas $posts_query->set('post_type', $idea_post_type); // Define the query as a search one $posts_query->set('is_search', true); /** * Temporarly set the 's' parameter of WP Query * This will be reset while building ideas main_query args * @see wp_idea_stream_set_template() */ $posts_query->set('s', $search); // Set the search conditionnal var wp_idea_stream_set_idea_var('is_search', true); } /** Changing order ************************************************************/ // Here we're using built-in var $orderby = $posts_query->get('orderby'); // Make sure we are ordering ideas if (!empty($orderby) && $idea_post_type == $posts_query->get('post_type')) { if (!wp_idea_stream_is_rating_disabled() && 'rates_count' == $orderby) { /** * It's an order by rates request, set the meta query to achieve this. * Here we're not ordering yet, we simply make sure to get ideas that * have been rated. * Order will happen thanks to wp_idea_stream_set_rates_count_orderby() * filter. */ $posts_query->set('meta_query', array(array('key' => '_ideastream_average_rate', 'compare' => 'EXISTS'))); } // Set the order by var wp_idea_stream_set_idea_var('orderby', $orderby); } // Set the idea archive var if viewing ideas archive if ($posts_query->is_post_type_archive()) { wp_idea_stream_set_idea_var('is_idea_archive', true); } /** * Finally if post_type is ideas, then we're in IdeaStream's * territory so set this */ if ($idea_post_type === $posts_query->get('post_type')) { wp_idea_stream_set_idea_var('is_ideastream', true); // Reset the pagination if (-1 !== $posts_query->get('p')) { $posts_query->set('posts_per_page', wp_idea_stream_ideas_per_page()); } } }
function login_spam_check($user, $password) { if (is_user_spammy($user->id)) { return new WP_Error('invalid_username', __('<strong>ERROR</strong>: your account has been marked as a spammer.')); } return $user; }
/** * WordPress requires a post id to allow content to be Embed, As our users are not organized * into a post type, we need to use an utility page to get a post ID, and then filter its permalink * and title so that the ones of the user's profile will be used instead * * @since 2.3.0 * * @global WP_Rewrite $wp_rewrite * @param int $post_id the requested post id (should be empty for our users profiles) * @param string $url the requested url which can contain an IdeaStream user's profile */ function wp_idea_stream_users_oembed_request_post_id($post_id = 0, $url = '') { // The post is not empty leave WordPress deal with it! if (!empty($post_id)) { return $post_id; } $utility_page = wp_idea_stream_is_embed_profile(); // No utility page, stop! if (!$utility_page) { return $post_id; } // Get the WP Rewrites global $wp_rewrite; $extra_rules = $wp_rewrite->extra_rules_top; if (empty($extra_rules)) { return $post_id; } // Parse the url $parse_url = parse_url($url); // Pretty permalinks: Loop through each extra rules to find the username or user id if ($wp_rewrite->using_permalinks() && isset($parse_url['path']) && false !== strpos($parse_url['path'], wp_idea_stream_user_slug())) { // Loop through each extra rules to find the username or user id foreach ((array) $extra_rules as $match => $query) { if (preg_match("#^{$match}#", str_replace(trailingslashit(home_url()), '', $url), $matches)) { if (isset($matches[1])) { $user = $matches[1]; break; } } } // Default permalinks: find the query var containing the user_id } elseif (isset($parse_url['query'])) { // Parse the query string parse_str($parse_url['query'], $query_vars); if (!empty($query_vars[wp_idea_stream_user_rewrite_id()])) { $user = (int) $query_vars[wp_idea_stream_user_rewrite_id()]; } } // No username or user id found stop if (empty($user)) { return $post_id; } if (!is_numeric($user)) { // Get user by his username $user = wp_idea_stream_users_get_user_data('slug', $user); } else { // Get user by his id $user = wp_idea_stream_users_get_user_data('id', $user); } // A user was found globalize it for a latter use and init some filters if (is_a($user, 'WP_User')) { // If the user is a spammer, do not allow his profile to be embed if (true === apply_filters('wp_idea_stream_users_is_spammy', is_multisite() && is_user_spammy($user), $user)) { return $post_id; } // Set the utility page as the post id $post_id = $utility_page; wp_idea_stream_set_idea_var('embed_user_data', $user); // Temporarly only! add_filter('post_type_link', 'wp_idea_stream_users_oembed_link', 10, 2); add_filter('the_title', 'wp_idea_stream_users_oembed_title', 10, 2); } return $post_id; }