/** * Called on the login user event * Checks for spammers * * @param type $event * @param type $type * @param type $user * @return boolean */ function login_event($event, $type, $user) { $check_login = elgg_get_plugin_setting('event_login', PLUGIN_ID); $ip = get_ip(); $user->ip_address = $ip; if ($check_login != 'no' || !$user->last_login) { // do it by default if (!check_spammer($user->email, $ip, true) && !$user->isAdmin()) { register_error(elgg_echo('spam_login_filter:access_denied_mail_blacklist')); notify_admin($user->email, $ip, "Existing member identified as spammer has tried to login, check this account"); return false; } } // check user metadata for banned words/phrases $banned = get_banned_strings(); $metadata = get_metadata_names(); if ($banned && $metadata) { foreach ($metadata as $m) { foreach ($banned as $str) { if (strpos($user->{$m}, $str) !== false) { return false; } } } } }
function invite_me() { $result = array(); if ($_POST) { if ($this->_validate()) { $fn = explode(' ', trim($_POST['full_name']), 2); unset($_POST['captcha']); $_POST['first_name'] = trim($fn[0]); if (!empty($fn[1])) { $_POST['last_name'] = trim($fn[1]); } unset($_POST['full_name']); $this->_model()->save($_POST); $this->load->library('xmailer'); $this->xmailer->send('invite_me', $_POST, $_POST['email']); notify_admin('admin/new_request_invitation', $_POST); $result = 1; } else { $result['error'] = array('code' => -2, 'message' => $this->_data['errors']); } } else { $result['error'] = array('code' => -1, 'message' => 'No form sent'); } echo json_encode($result); exit; }
?> </font>", pending confirmation by Nilesh Shukla.</p> <p>Good Luck and enjoy the game.</p> <p>Nilesh Shukla</p> <!-- <p>You may make your payment thru Paypal if you preferred. <br/>There will be an additional $1 for each payment up to $20 to cover the charges by Paypal.</p> --> <br/><br/> </td> </tr> </table> <p style="font-family: verdana, arial; font-size: 12px"> <a href="/" title="Online Superbowl Squares">Home</a> </p> <?php $bodyMessage = "\nREMINDER\r\n"; $bodyMessage .= "Square(s) {$selectedSQUARES} is(are) temporary reserved in your name \"{$name}\", pending confirmation by Nilesh Shukla.\r\n"; $bodyMessage .= "Good Luck and enjoy the game.\r\n"; $bodyMessage .= "Nilesh Shukla\r\n"; $bodyMessage .= "{$superbowlURL}\r\n\n"; //$bodyMessage .= "You may make your payment thru Paypal if you like. \rThere will be an additional $1 for each payment up to $20 to cover the charges by Paypal.\r\n"; $bodyMessage .= "\r\n\nNOTES TO ADMIN:\r\n"; $bodyMessage .= $notes . "\r\n\n"; notify_admin($email, $bodyMessage, $headers); ?> <?php } else { echo "<p align='center'><font color='#ff0000', size='3'><b>{$square}</b> is NOT available! Someone must have just selected that same square.<br/></font><br/>Please go <a href='javascript:onClick=history.go(-2);'>back</a> and select another square.</p>"; exit; }
echo "<p>Must select ONLY one 'Confirm' or 'Release' !!!</p>"; echo "<p><a href='javascript:onClick=history.go(-1);'>Back</a></p>"; exit; } } } //echo $query."</br>"; $result = mysql_query($query); if (!$result) { echo mysql_error(); } else { $bodyMessage .= $NOTES . "\r\n\n"; $bodyMessage .= "Good Luck and enjoy the game.\r\n"; $bodyMessage .= "The Commissioner\r\n"; $bodyMessage .= "{$superbowlURL}\r\n"; notify_admin($USER_EMAIL_LIST, $bodyMessage, $headers); echo "<p>Square(s) <b>" . $square_list . "</b> updated successful</p>"; echo "<p>Emailed to: " . $USER_EMAIL_LIST . "</p>"; echo "\r\n\t\t\t\t\t<p>\r\n\t\t\t\t\t <table width=\"50%\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\" style=\"font-family: verdana, arial; font-size: 12px\">\r\n\t\t\t\t\t\t<tr>\r\n\t\t\t\t\t\t<td width=\"33%\"><a href=\"{$superbowlURL}\" title=\"Administrator\">Home</a></td>\r\n\t\t\t\t\t\t<td width=\"34%\" align=\"center\"><a href=\"./admin.php\" title=\"Administrator\">Admin</a></td>\r\n\t\t\t\t\t\t<td width=\"33%\" align=\"right\"><a href=\"adminlogout.php\" title=\"Admin logout\">Logout</a></td>\r\n\t\t\t\t\t\t</tr>\r\n\t\t\t\t\t </table>\r\n\t\t\t\t\t</p>"; unset($confirmation, $SQUARE, $CONFIRM, $RELEASE, $NOTES, $ADM_EMAIL, $ADM_PASSWORD); } } else { echo "<p>Must select at least one Square to Confirm or Release' !!!</p>"; echo "<p><a href='javascript:onClick=history.go(-1);'>Back</a></p>"; exit; } } ?> <p align="center" style=""> <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank"> <input type="hidden" name="cmd" value="_xclick">
/** * checks email/ip for spammer status * * @param type $register_email * @param type $register_ip * @param type $checkemail * @return boolean */ function check_spammer($register_email, $register_ip, $checkemail = true) { $spammer = false; if ($checkemail) { $email_whitelisted = is_email_whitelisted($register_email); } else { $email_whitelisted = true; } $ip_whitelisted = is_ip_whitelisted($register_ip); if ($email_whitelisted && $ip_whitelisted) { // short circuit return true; } //Mail domain blacklist if (elgg_get_plugin_setting('use_mail_domain_blacklist', PLUGIN_ID) == "yes" && !$email_whitelisted) { $blacklistedMailDomains = preg_split('/\\s+/', strip_spaces(strip_tags(elgg_get_plugin_setting('blacklisted_mail_domains', PLUGIN_ID))), -1, PREG_SPLIT_NO_EMPTY); $mailDomain = explode("@", $register_email); foreach ($blacklistedMailDomains as $domain) { if ($mailDomain[1] == $domain) { register_error(elgg_echo('spam_login_filter:access_denied_domain_blacklist')); notify_admin($register_email, $register_ip, "Internal domain blacklist"); $spammer = true; break; } } } if (!$spammer) { //Mail blacklist if (elgg_get_plugin_setting('use_mail_blacklist', PLUGIN_ID) == "yes" && !$email_whitelisted) { $blacklistedMails = preg_split('/\\s+/', strip_spaces(strip_tags(elgg_get_plugin_setting('blacklisted_mails', PLUGIN_ID))), -1, PREG_SPLIT_NO_EMPTY); foreach ($blacklistedMails as $blacklistedMail) { if ($blacklistedMail == $register_email) { register_error(elgg_echo('spam_login_filter:access_denied_mail_blacklist')); notify_admin($register_email, $register_ip, "Internal e-mail blacklist"); $spammer = true; break; } } } } if (!$spammer) { //StopForumSpam if (elgg_get_plugin_setting('use_stopforumspam', PLUGIN_ID) == "yes") { //check the e-mail adress $url = "http://www.stopforumspam.com/api?email=" . $register_email . "&f=json"; $return = call_url($url); if ($return != false) { $data = json_decode($return); $email_frequency = $data->email->frequency; if ($email_frequency != '0' && !$email_whitelisted) { register_error(elgg_echo('spam_login_filter:access_denied_mail_blacklist')); notify_admin($register_email, $register_ip, "Stopforumspam e-mail blacklist"); $spammer = true; } } if (!$spammer && !$ip_whitelisted) { //e-mail not found in the database, now check the ip $url = "http://www.stopforumspam.com/api?ip=" . $register_ip . "&f=json"; $return = call_url($url); if ($return != false) { $data = json_decode($return); $ip_frequency = $data->ip->frequency; if ($ip_frequency != '0') { register_error(elgg_echo('spam_login_filter:access_denied_ip_blacklist')); notify_admin($register_email, $register_ip, "Stopforumspam IP blacklist"); $spammer = true; } } } } } return $spammer ? false : true; }
<?php echo $LINKS; } else { echo "<p>Emails send to:</p>"; $bodyMessage = "\r\nNOTIFICATION\r\n"; $bodyMessage .= "All squares have been selected and all numbers have been picked and assigned.\r\n"; $bodyMessage .= "You can view and print your own sheet at {$superbowlURL}.\r\n\n"; $bodyMessage .= "Good Luck and enjoy the game.\r\n"; $bodyMessage .= "The Commissioner\r\n"; $headers = "From: {$ADMIN_EMAIL}\r\n"; $query = "SELECT * FROM VNSB_squares ORDER BY EMAIL"; $result = mysql_query($query); if (!$result) { echo mysql_error(); exit; } while ($record = mysql_fetch_assoc($result)) { if ($USER_EMAIL != $record["EMAIL"]) { $USER_NAME = $record["NAME"]; $USER_EMAIL = $record["EMAIL"]; notify_admin($USER_EMAIL, $bodyMessage, $headers); echo "<p><b>" . $USER_NAME . "</b>: " . $USER_EMAIL . "</p>"; } } echo $LINKS; unset($sendemails); $headers = "From: {$ADMIN_EMAIL}\r\n"; notify_admin($ADMIN_EMAIL, $bodyMessage, $headers); } require "footer.inc"; }
/** * checks email/ip for spammer status * * @param type $register_email * @param type $register_ip * @param type $checkemail * @return boolean */ function check_spammer($register_email, $register_ip, $checkemail = true) { if ($checkemail) { $email_whitelisted = is_email_whitelisted($register_email); if ($email_whitelisted) { return true; // not a spammer, no need for any further checks } } $ip_whitelisted = is_ip_whitelisted($register_ip); if ($ip_whitelisted) { // not a spammer, no need for any further checks return true; } // check ip cache $blacklisted = elgg_get_annotations(array('guid' => elgg_get_site_entity()->guid, 'annotation_names' => array('spam_login_filter_ip'), 'annotation_values' => array($register_ip))); if ($blacklisted) { register_error(elgg_echo('spam_login_filter:access_denied_ip_blacklist')); notify_admin($register_email, $register_ip, "Internal IP blacklist"); return false; } //Mail domain blacklist if (elgg_get_plugin_setting('use_mail_domain_blacklist', PLUGIN_ID) == "yes") { $blacklistedMailDomains = preg_split('/\\s+/', strip_spaces(strip_tags(elgg_get_plugin_setting('blacklisted_mail_domains', PLUGIN_ID))), -1, PREG_SPLIT_NO_EMPTY); $mailDomain = explode("@", $register_email); foreach ($blacklistedMailDomains as $domain) { if ($mailDomain[1] == $domain) { register_error(elgg_echo('spam_login_filter:access_denied_domain_blacklist')); notify_admin($register_email, $register_ip, "Internal domain blacklist"); return false; break; } } } //Mail blacklist if (elgg_get_plugin_setting('use_mail_blacklist', PLUGIN_ID) == "yes") { $blacklistedMails = preg_split('/\\s+/', strip_spaces(strip_tags(elgg_get_plugin_setting('blacklisted_mails', PLUGIN_ID))), -1, PREG_SPLIT_NO_EMPTY); foreach ($blacklistedMails as $blacklistedMail) { if ($blacklistedMail == $register_email) { register_error(elgg_echo('spam_login_filter:access_denied_mail_blacklist')); notify_admin($register_email, $register_ip, "Internal e-mail blacklist"); return false; break; } } } //StopForumSpam if (elgg_get_plugin_setting('use_stopforumspam', PLUGIN_ID) == "yes") { //check the e-mail adress $url = "http://www.stopforumspam.com/api?email=" . $register_email . "&f=json"; $return = call_url($url); if ($return != false) { $data = json_decode($return); $email_frequency = $data->email->frequency; if ($email_frequency != '0') { register_error(elgg_echo('spam_login_filter:access_denied_mail_blacklist')); notify_admin($register_email, $register_ip, "Stopforumspam e-mail blacklist"); return false; } } //e-mail not found in the database, now check the ip $url = "http://www.stopforumspam.com/api?ip=" . $register_ip . "&f=json"; $return = call_url($url); if ($return != false) { $data = json_decode($return); $ip_frequency = $data->ip->frequency; if ($ip_frequency != '0') { register_error(elgg_echo('spam_login_filter:access_denied_ip_blacklist')); notify_admin($register_email, $register_ip, "Stopforumspam IP blacklist"); // cache this ip elgg_get_site_entity()->annotate('spam_login_filter_ip', $register_ip, ACCESS_PUBLIC); return false; } } } // passed all the tests return true; }
function do_desc_add($object, $class, $param) { global $gbl, $sgbl, $login, $ghtml; $quotaclass = exec_class_method($class, "getquotaclass", $class); $numvar = "{$quotaclass}_num"; $qobject = $object->getClientParentO(); dprint($qobject->getClname()); if ($qobject->isQuotaVariable($numvar)) { if (isQuotaGreaterThanOrEq($qobject->used->{$numvar}, $qobject->priv->{$numvar})) { throw new lxException("Quota Exceeded for {$class}", 'nname', $numvar); } } /* $list = $qobject->getQuotaVariableList(); foreach((array) $list as $l => $v) { if (csb($l, "{$class}_m_")) { $license = strtil(strfrom($l, "_n_"), "_num"); $licvar = strtil(strfrom($l, "_m_"), "_n_"); if (isset($param[$licvar]) && $param[$licvar] === $license) { if (isQuotaGreaterThanOrEq($qobject->used->$l, $qobject->priv->$l)) { throw new lxException("Quota Exceeded for $class $licvar.$license", 'nname', $numvar); } } } } */ // Setting it here itself so that the add can override if necessary. This is done in tickets, where the parent is always the admin. $param['parent_clname'] = $object->getClName(); // In the case of mailaccount, the real parent is mmail, while the object is added to client. if (isset($param['real_clparent_f'])) { $parent_class = exec_class_method($class, 'defaultParentClass', $object); $param['parent_clname'] = createParentName($parent_class, $param['real_clparent_f']); } $param = exec_class_method($class, 'Add', $object, $class, $param); // First loop to create a unique nname if applicable.... FOr the 'unique-nname-creation' to work in the second loop, the variables must be resolved before that... So this extra looping... foreach ($param as $k => $v) { if (csb($k, "__v_") || csb($k, "__m_")) { continue; } $object->resolve_class_differences($class, $k, $dclass, $dk); } foreach ($param as $k => $v) { if (csb($k, "__v_") || csb($k, "__m_")) { continue; } $object->resolve_class_heirarchy($class, $k, $dclass, $dk); $object->resolve_class_differences($class, $k, $ddclass, $ddk); $nnamevar = get_real_class_variable($ddclass, "__rewrite_nname_const"); if ($nnamevar) { $nnamelist = null; foreach ($nnamevar as $n) { $nnamelist[] = $param[$n]; } $nparam[$dclass]['nname'] = implode($sgbl->__var_nname_impstr, $nnamelist); } $nparam[$dclass][$dk] = $v; } // First Pass foreach ($nparam as $k => $v) { if (csa($k, "_s_")) { continue; } if ($k === 'priv') { $olist[$k] = new priv(null, null, $nparam[$class]['nname']); check_priv($object, $class, $olist[$k], $v); continue; } if ($k === 'used') { $olist[$k] = new Used(null, null, $nparam[$class]['nname']); $olist[$k]->create($v); continue; } if ($k === 'listpriv') { //$olist[$k] = new listpriv($object->__masterserver, null, $class . "_s_vv_p_" . $nparam[$class]['nname']); $olist[$k] = new listpriv($object->__masterserver, null, $class . "-" . $nparam[$class]['nname']); check_listpriv($object, $class, $olist[$k], $v); continue; } if (csa($k, "_b")) { $olist[$k] = new $k($object->__masterserver, null, $nparam[$class]['nname']); } else { $olist[$k] = new $k($object->__masterserver, null, $v['nname']); } $olist[$k]->inheritSyncServer($object); $olist[$k]->initThisDef(); $olist[$k]->create($v); // The createsyncclass needs the syncserver variable to be set. Which may not be available. So we have to run this again. if ($olist[$k]->hasDriverClass()) { $olist[$k]->createSyncClass(); } } // The main object has to inherit the masterserver here itself, so that its children will inherit it later when they are added through addobject. if (!cse($class, "_a") && exec_class_method($class, "isDatabase") && exists_in_db($object->__masterserver, $class, $olist[$class]->nname)) { // If the parent is getting added too, then that means we are in the client add page, and thus the variable is vps_name, domain_name rather than nname. if ($object->dbaction === 'add') { $vname = "{$class}_name"; } else { $vname = "nname"; } throw new lxException("{$olist[$class]->nname}+already+exists+in+{$class}.", $vname, $class); } //Second Pass... foreach ($nparam as $k => $v) { if (!csa($k, "_s_") && !csa($k, "-")) { continue; } $clist = explode("_s_", $k); $k = $clist[1]; $cl = $clist[0]; $nolist[$k] = new $k($object->__masterserver, null, $v['nname']); $nolist[$k]->inheritSyncServer($olist[$cl]); $nolist[$k]->initThisDef(); $nolist[$k]->create($v); // The createsyncclass needs the syncserver variable to be set. Which may not be available. So we have to run this again. if ($nolist[$k]->hasDriverClass()) { $nolist[$k]->createSyncClass(); } $olist[$cl]->addObject($k, $nolist[$k]); } foreach ($olist as $k => $v) { if (cse($k, "_b") || $k === 'used' || $k === 'priv' || $k === 'listpriv') { $olist[$class]->{$k} = $v; continue; } if ($k != $class) { $olist[$class]->addObject($k, $v); continue; } } if (isset($param['__v_priv'])) { $olist[$class]->priv = $param['__v_priv']; } if (isset($param['__v_listpriv'])) { $olist[$class]->listpriv = $param['__v_listpriv']; } //$olist[$class]->parent_clname = $object->getClName(); $rparent = $object; $olist[$class]->__parent_o = $rparent; $olist[$class]->postAdd(); $rparent->addToList($class, $olist[$class]); $olist[$class]->superPostAdd(); //dprintr($object); notify_admin("add", $object, $olist[$class]); do_actionlog($login, $olist[$class], "add", ""); //This shouldn't happen here. This should be done only after the synctosystem since, the sync can fail and the write may not happen at all. //$olist[$class]->changeUsedFromParentAll(); dprint($olist[$class]->getParentO()); }