function test_wp_authenticate_spam_check_returns_wp_error_when_flagged() { if (!is_multisite()) { $this->markTestSkipped('This test applies to multisite only.'); } $user_id = self::factory()->user->create(array('role' => 'contributor')); update_user_status($user_id, 'spam', 1); $user = new WP_User($user_id); $actual_user = wp_authenticate_spam_check($user); wpmu_delete_user($user_id); $this->assertInstanceOf('WP_Error', $actual_user); }
function logout() { $userid = isset($_SESSION['userid']) ? $_SESSION['userid'] : 0; $ip = client_ip(); update_user_status($_SESSION['userid'], 0, $ip, $_SERVER['HTTP_USER_AGENT']); update_confid($userid, md5(mt_rand())); $dir = $_SERVER['DOCUMENT_ROOT'] . "/Contacts/views/user/temp/" . md5($userid); if (file_exists($dir)) { removeDir($dir); } unset($_SESSION['userid']); unset($_SESSION['timeout']); unset($_SESSION['username']); unset($_SESSION['isLoggedIn']); unset($_SESSION['becomeLogin']); }
/** * Processes a spammed or unspammed user * * This function is called in three ways: * - in bp_settings_action_capabilities() (from the front-end) * - by bp_core_mark_user_spam_admin() (from wp-admin) * - bp_core_mark_user_ham_admin() (from wp-admin) * * @since BuddyPress (1.6) * * @param int $user_id The user being spammed/hammed * @param string $status 'spam' if being marked as spam, 'ham' otherwise */ function bp_core_process_spammer_status($user_id, $status) { global $wpdb; // Only super admins can currently spam users if (!is_super_admin() || bp_is_my_profile()) { return; } // Bail if no user ID if (empty($user_id)) { return; } // Bail if user ID is super admin if (is_super_admin($user_id)) { return; } // Get the functions file if (is_multisite()) { require_once ABSPATH . 'wp-admin/includes/ms.php'; } $is_spam = 'spam' == $status; // Only you can prevent infinite loops remove_action('make_spam_user', 'bp_core_mark_user_spam_admin'); remove_action('make_ham_user', 'bp_core_mark_user_ham_admin'); // When marking as spam in the Dashboard, these actions are handled by WordPress if (!is_admin()) { // Get the blogs for the user $blogs = get_blogs_of_user($user_id, true); foreach ((array) $blogs as $key => $details) { // Do not mark the main or current root blog as spam if (1 == $details->userblog_id || bp_get_root_blog_id() == $details->userblog_id) { continue; } // Update the blog status update_blog_status($details->userblog_id, 'spam', $is_spam); } // Finally, mark this user as a spammer if (is_multisite()) { update_user_status($user_id, 'spam', $is_spam); } // Always set single site status $wpdb->update($wpdb->users, array('user_status' => $is_spam), array('ID' => $user_id)); // Call multisite actions in single site mode for good measure if (!is_multisite()) { $wp_action = true === $is_spam ? 'make_spam_user' : 'make_ham_user'; do_action($wp_action, bp_displayed_user_id()); } } // Hide this user's activity if (true === $is_spam && bp_is_active('activity')) { bp_activity_hide_user_activity($user_id); } // We need a special hook for is_spam so that components can delete data at spam time $bp_action = true === $is_spam ? 'bp_make_spam_user' : 'bp_make_ham_user'; do_action($bp_action, $user_id); // Allow plugins to do neat things do_action('bp_core_process_spammer_status', $user_id, $is_spam); return true; }
foreach ((array) $blogs as $key => $details) { if ($details->userblog_id == 1) { continue; } // main blog not a spam ! update_blog_status($details->userblog_id, "spam", '1'); do_action("make_spam_blog", $details->userblog_id); } update_user_status($val, "spam", '1', 1); } elseif (isset($_POST['alluser_notspam'])) { $userfunction = 'all_notspam'; $blogs = get_blogs_of_user($val, true); foreach ((array) $blogs as $key => $details) { update_blog_status($details->userblog_id, "spam", '0'); } update_user_status($val, "spam", '0', 1); } } } wp_redirect(add_query_arg(array('updated' => 'true', 'action' => $userfunction), $_SERVER['HTTP_REFERER'])); } exit; break; case "adduser": check_admin_referer('add-user'); $user = $_POST['user']; if (empty($user['username']) && empty($user['email'])) { wp_die(__('Missing username and email.')); } elseif (empty($user['username'])) { wp_die(__('Missing username.')); } elseif (empty($user['email'])) {
/** * set spammeer status * * @param <int|array> $user_ids member ids * @param <bool> $is_spam mark spammer (true) or unmark (false) * @param <callback> $end_callback function to execute after marking/unmarking, after this bpcore will redirect back & die */ function set_spammer_status($user_ids, $is_spam, $end_callback) { global $wpdb; $user_ids = (array) $user_ids; $successes = array(); foreach ($user_ids as $user_id) { // Bail if user ID is super admin if (is_super_admin($user_id)) { continue; } // Get the blogs for the user $blogs = get_blogs_of_user($user_id, true); foreach ((array) $blogs as $key => $details) { // Do not mark the main or current root blog as spam if (1 == $details->userblog_id || bp_get_root_blog_id() == $details->userblog_id) { continue; } // Update the blog status update_blog_status($details->userblog_id, 'spam', $is_spam); } // Finally, mark this user as a spammer if (is_multisite()) { update_user_status($user_id, 'spam', $is_spam); } // Always set single site status $wpdb->update($wpdb->users, array('user_status' => (int) $is_spam), array('ID' => $user_id)); // Hide this user's activity if ($is_spam && bp_is_active('activity')) { bp_activity_hide_user_activity($user_id); } // We need a special hook for is_spam so that components can delete data at spam time $bp_action = $is_spam ? 'bp_make_spam_user' : 'bp_make_ham_user'; do_action($bp_action, $user_id); // Call multisite actions in single site mode for good measure if (!is_multisite()) { $wp_action = $is_spam ? 'make_spam_user' : 'make_ham_user'; do_action($wp_action, $user_id); } // Allow plugins to do neat things do_action('bp_core_action_set_spammer_status', $user_id, $is_spam); $successes[] = $user_id; } $errors = array_diff($user_ids, $successes); call_user_func($end_callback, $successes, $errors, $is_spam); }
//Post to facebook token URL $access_token = file_get_contents($fb_token_URL . "&code={$code}"); //Get AccessToken from facebook $res_auth = file_get_contents($fb_info_URL . "&" . $access_token); //Get the user infomation using AccessToken, and parse the result $user = json_decode($res_auth); // facebook の user_id + name(表示名)をセット if (isset($user->id)) { $fb_user_id = $user->id; $fb_user_name = $user->name; $fb_user_email = $user->email; } $http_ref = $_SERVER['HTTP_REFERER']; if ($http_ref = $fb_auth_ref && isset($fb_user_id)) { //Update User Status update_user_status($fb_user_id, "facebook", $fb_user_name, $fb_user_email); $_SESSION["auth_name"] = $ggl_user_name; $_SESSION["auth_type"] = "facebook"; $_SESSION["auth_icon"] = "./img/fb_icon.png"; header("Location: {$top_page}"); } else { $showMsg = "Notice: Invalid authentication<br>"; } echo <<<EOF <html> \t<head> \t\t<title> \t\t\tfb test login \t\t</title> \t</head> \t<body>
$res_auth = file_get_contents($ggl_token_URL, false, stream_context_create($options), -1, 40000); // Decode the result from google token URL $token = json_decode($res_auth, true); if (isset($token['error'])) { echo 'An error occurs on Google OAuth2\\n'; exit; } $access_token = $token['access_token']; //-------------------------------------- // Get User information //-------------------------------------- $params = array('access_token' => $access_token); $user_json = file_get_contents($ggl_info_URL . '?' . http_build_query($params)); $user = json_decode($user_json); $ggl_user_id = $user->id; $ggl_user_name = $user->name; $ggl_user_email = $user->email; //-------------------------------------- // Register user on DB //-------------------------------------- if (isset($ggl_user_id)) { //Update User Status update_user_status($ggl_user_id, "google", $ggl_user_name, $ggl_user_email); $_SESSION["auth_name"] = $ggl_user_name; $_SESSION["auth_type"] = "google"; $_SESSION["auth_icon"] = "./img/ggl_icon.png"; header("Location: {$top_page}"); exit; } else { $showMsg = "Notice: Invalid authentication.<br>"; }
include_once $_SERVER['DOCUMENT_ROOT'] . '/Contacts/models/user/logout.php'; break; case "settings": /*Account Management code*/ if (!$isLoggedIn) { header("Location: index.php"); $_SESSION['error'] = ($debug ? "<b>pages.php:</b><br />" : "") . "The page you are looking was not found!"; die; } break; default: $_SESSION['error'] = ($debug ? "<b>pages.php:</b><br />" : "") . "The page you are looking was not found!"; header("Location: index.php"); die; } } else { if (!$isLoggedIn) { include_once $_SERVER['DOCUMENT_ROOT'] . '/Contacts/views/welcome.php'; } } if ($isLoggedIn) { /*Here is content who view logged in users!*/ /*Update the database relating to the user about the current status for synchronization at Session variables and db Fields*/ update_user_status($userid, $isLoggedIn, $ip, $_SERVER['HTTP_USER_AGENT']); if ($page == "settings") { include_once $_SERVER['DOCUMENT_ROOT'] . '/Contacts/views/content/settings.php'; } else { include_once $_SERVER['DOCUMENT_ROOT'] . '/Contacts/views/content/tabs.php'; } }
/** * Process a spammed or unspammed user. * * This function is called from three places: * * - in bp_settings_action_capabilities() (from the front-end) * - by bp_core_mark_user_spam_admin() (from wp-admin) * - bp_core_mark_user_ham_admin() (from wp-admin) * * @since 1.6.0 * * @param int $user_id The ID of the user being spammed/hammed. * @param string $status 'spam' if being marked as spam, 'ham' otherwise. * @param bool $do_wp_cleanup True to force the cleanup of WordPress content * and status, otherwise false. Generally, this should * only be false if WordPress is expected to have * performed this cleanup independently, as when hooked * to 'make_spam_user'. * @return bool True on success, false on failure. */ function bp_core_process_spammer_status($user_id, $status, $do_wp_cleanup = true) { global $wpdb; // Bail if no user ID. if (empty($user_id)) { return; } // Bail if user ID is super admin. if (is_super_admin($user_id)) { return; } // Get the functions file. if (is_multisite()) { require_once ABSPATH . 'wp-admin/includes/ms.php'; } $is_spam = 'spam' == $status; // Only you can prevent infinite loops. remove_action('make_spam_user', 'bp_core_mark_user_spam_admin'); remove_action('make_ham_user', 'bp_core_mark_user_ham_admin'); // Force the cleanup of WordPress content and status for multisite configs. if ($do_wp_cleanup) { // Get the blogs for the user. $blogs = get_blogs_of_user($user_id, true); foreach ((array) array_values($blogs) as $details) { // Do not mark the main or current root blog as spam. if (1 == $details->userblog_id || bp_get_root_blog_id() == $details->userblog_id) { continue; } // Update the blog status. update_blog_status($details->userblog_id, 'spam', $is_spam); } // Finally, mark this user as a spammer. if (is_multisite()) { update_user_status($user_id, 'spam', $is_spam); } } // Update the user status. $wpdb->update($wpdb->users, array('user_status' => $is_spam), array('ID' => $user_id)); // Clean user cache. clean_user_cache($user_id); if (!is_multisite()) { // Call multisite actions in single site mode for good measure. if (true === $is_spam) { /** * Fires at end of processing spammer in Dashboard if not multisite and user is spam. * * @since 1.5.0 * * @param int $value user ID. */ do_action('make_spam_user', $user_id); } else { /** * Fires at end of processing spammer in Dashboard if not multisite and user is not spam. * * @since 1.5.0 * * @param int $value user ID. */ do_action('make_ham_user', $user_id); } } // Hide this user's activity. if (true === $is_spam && bp_is_active('activity')) { bp_activity_hide_user_activity($user_id); } // We need a special hook for is_spam so that components can delete data at spam time. if (true === $is_spam) { /** * Fires at the end of the process spammer process if the user is spam. * * @since 1.5.0 * * @param int $value Displayed user ID. */ do_action('bp_make_spam_user', $user_id); } else { /** * Fires at the end of the process spammer process if the user is not spam. * * @since 1.5.0 * * @param int $value Displayed user ID. */ do_action('bp_make_ham_user', $user_id); } /** * Fires at the end of the process for hanlding spammer status. * * @since 1.5.5 * * @param int $user_id ID of the processed user. * @param bool $is_spam The determined spam status of processed user. */ do_action('bp_core_process_spammer_status', $user_id, $is_spam); // Put things back how we found them. add_action('make_spam_user', 'bp_core_mark_user_spam_admin'); add_action('make_ham_user', 'bp_core_mark_user_ham_admin'); return true; }
/** * When a site admin selects "Mark as Spammer/Not Spammer" from the admin menu * this action will fire and mark or unmark the user and their blogs as spam. * Must be a site admin for this function to run. * * @package BuddyPress Core * @param int $user_id Optional user ID to mark as spam * @global object $wpdb Global WordPress Database object */ function bp_core_action_set_spammer_status($user_id = 0) { global $wpdb; // Only super admins can currently spam users if (!is_super_admin() || bp_is_my_profile()) { return; } // Use displayed user if it's not yourself if (empty($user_id) && bp_is_user()) { $user_id = bp_displayed_user_id(); } // Bail if no user ID if (empty($user_id)) { return; } // Bail if user ID is super admin if (is_super_admin($user_id)) { return; } if (bp_is_current_component('admin') && in_array(bp_current_action(), array('mark-spammer', 'unmark-spammer'))) { // Check the nonce check_admin_referer('mark-unmark-spammer'); // Get the functions file if (is_multisite()) { require ABSPATH . 'wp-admin/includes/ms.php'; } // To spam or not to spam $is_spam = bp_is_current_action('mark-spammer') ? 1 : 0; // Get the blogs for the user $blogs = get_blogs_of_user($user_id, true); foreach ((array) $blogs as $key => $details) { // Do not mark the main or current root blog as spam if (1 == $details->userblog_id || bp_get_root_blog_id() == $details->userblog_id) { continue; } // Update the blog status update_blog_status($details->userblog_id, 'spam', $is_spam); } // Finally, mark this user as a spammer if (is_multisite()) { update_user_status($user_id, 'spam', $is_spam); } // Always set single site status $wpdb->update($wpdb->users, array('user_status' => $is_spam), array('ID' => $user_id)); // Add feedback message if ($is_spam) { bp_core_add_message(__('User marked as spammer. Spam users are visible only to site admins.', 'buddypress')); } else { bp_core_add_message(__('User removed as spammer.', 'buddypress')); } // Hide this user's activity if ($is_spam && bp_is_active('activity')) { bp_activity_hide_user_activity($user_id); } // We need a special hook for is_spam so that components can delete data at spam time $bp_action = $is_spam ? 'bp_make_spam_user' : 'bp_make_ham_user'; do_action($bp_action, bp_displayed_user_id()); // Call multisite actions in single site mode for good measure if (!is_multisite()) { $wp_action = $is_spam ? 'make_spam_user' : 'make_ham_user'; do_action($wp_action, bp_displayed_user_id()); } // Allow plugins to do neat things do_action('bp_core_action_set_spammer_status', bp_displayed_user_id(), $is_spam); // Redirect back to where we came from bp_core_redirect(wp_get_referer()); } }
require_once "${_CLASS_PATH}clsConnection.php"; require_once "${_CLASS_PATH}clsDB.php"; require_once "${_UMS_PATH}clsUser.php"; setnocache(); session_start(); if (logged_in()) { $oU = &$_SESSION["oU"]; $oU->Lang = (isset($_GET["lang"]) && $_GET["lang"] == "") ? "th" : $_GET["lang"]; if (isset($_GET["StID"]) && $_GET["StID"] != "") $oU->StID = $_GET["StID"]; if (isset($_GET["GpID"]) && $_GET["GpID"] != "") $oU->GpID = $_GET["GpID"]; if (isset($_GET["MnID"]) && $_GET["MnID"] != "") $oU->MnID = $_GET["MnID"]; if (isset($_GET["MmnID"]) && $_GET["MmnID"] != "") $oU->MmnID = $_GET["MmnID"]; update_user_status(); $oU->GetRightsByMenu(); include_once "${_UMS_PATH}clsUmMenu.php"; include_once "${_UMS_PATH}clsUmPermission.php"; include_once "${_UMS_PATH}clsUmGPermission.php"; include_once "${_UMS_PATH}clsUmUserGroup.php"; include_once "${_UMS_PATH}clsUmGroup.php"; if (isset($_GET["mm"])) ob_start("incsubmenuTpl"); else ob_start("nonsubmenuTpl"); } else { $full_url = $GLOBALS["_PROTOCOL"] . $GLOBALS["_INFO_INDEX"]; header("Location: $full_url"); }
function wangguard_users() { global $wpdb, $wangguard_is_network_admin, $wangguard_nonce, $wangguard_g_splog_users_count; if (!current_user_can('level_10')) { die(__('Cheatin’ uh?', 'wangguard')); } include 'wangguard-class-wp-users.php'; $wp_list_table = new WangGuard_Users_Table(); $pagenum = $wp_list_table->get_pagenum(); $messages = array(); switch ($wp_list_table->current_action()) { case 'delete': if (!wp_verify_nonce($_REQUEST['_wpnonce'], "bulk-users")) { die("bad nonce"); } //report selected users $reportedUsers = 0; $users = (array) @$_REQUEST['users']; if (wangguard_is_multisite() && function_exists("wpmu_delete_user")) { $delFunc = 'wpmu_delete_user'; } else { if (!function_exists('wp_delete_user')) { @(include_once ABSPATH . 'wp-admin/includes/user.php'); } $delFunc = 'wp_delete_user'; } $deletedUsers = 0; foreach ($users as $spuserID) { $user_object = new WP_User($spuserID); if (!wangguard_is_admin($user_object)) { $delFunc($spuserID); $deletedUsers++; } } if ($deletedUsers) { $messages[] = '<div id="message" class="updated fade"><p><strong>' . sprintf(__("%d user(s) were deleted", "wangguard"), $deletedUsers) . '</strong></p></div>'; } break; case 'reportassplog': if (!wp_verify_nonce($_REQUEST['_wpnonce'], "bulk-users")) { die("bad nonce"); } //report selected users $reportedUsers = 0; $users = (array) $_REQUEST['users']; $res = wangguard_report_users($users); $resArr = explode(",", $res); $reportedUsers = count($users) == 0 ? 0 : count($resArr); if ($reportedUsers) { if (wangguard_get_option("wangguard-delete-users-on-report") == '1') { $messages[] = '<div id="message" class="updated fade"><p><strong>' . sprintf(__("%d user(s) were reported as Splogger(s) and deleted", "wangguard"), $reportedUsers) . '</strong></p></div>'; } else { $messages[] = '<div id="message" class="updated fade"><p><strong>' . sprintf(__("%d user(s) were reported as Splogger(s)", "wangguard"), $reportedUsers) . '</strong></p></div>'; } } break; case 'spam': $spamUsers = 0; $users = (array) $_REQUEST['users']; foreach ($users as $spuserID) { $user = new WP_User($spuserID); if (in_array($user->user_login, get_super_admins())) { continue; } if (function_exists('get_blogs_of_user') && function_exists('update_blog_status')) { $blogs = get_blogs_of_user($spuserID, true); foreach ((array) $blogs as $key => $details) { // if ( $details->userblog_id != $current_site->blog_id ) // main blog not a spam ! // update_blog_status( $details->userblog_id, 'spam', '1' ); $isMainBlog = false; if (isset($current_site)) { $isMainBlog = $details->userblog_id != $current_site->blog_id; // main blog not a spam ! } elseif (defined("BP_ROOT_BLOG")) { $isMainBlog = 1 == $details->userblog_id || BP_ROOT_BLOG == $details->userblog_id; } else { $isMainBlog = $details->userblog_id == 1; } $userIsAuthor = false; if (!$isMainBlog) { //Only works on WP 3+ $blog_prefix = $wpdb->get_blog_prefix($details->userblog_id); $authorcaps = $wpdb->get_var(sprintf("SELECT meta_value as caps FROM {$wpdb->users} u, {$wpdb->usermeta} um WHERE u.ID = %d and u.ID = um.user_id AND meta_key = '{$blog_prefix}capabilities'", $spuserID)); $caps = maybe_unserialize($authorcaps); $userIsAuthor = isset($caps['administrator']); } //Update blog to spam if the user is the author and its not the main blog if (!$isMainBlog && $userIsAuthor) { @update_blog_status($details->userblog_id, 'spam', '1'); //remove blog from queue $table_name = $wpdb->base_prefix . "wangguardreportqueue"; $wpdb->query($wpdb->prepare("delete from {$table_name} where blog_id = '%d'", $details->userblog_id)); } } } if (function_exists('update_user_status')) { update_user_status($spuserID, 'spam', '1'); } $wpdb->update($wpdb->users, array('user_status' => 1), array('ID' => $spuserID)); $spamUsers++; } if ($spamUsers) { $messages[] = '<div id="message" class="updated fade"><p><strong>' . sprintf(__("%d user(s) were marked as Spam", "wangguard"), $spamUsers) . '</strong></p></div>'; } break; case 'notspam': $spamUsers = 0; $users = (array) $_REQUEST['users']; foreach ($users as $spuserID) { if (function_exists('get_blogs_of_user') && function_exists('update_blog_status')) { $blogs = get_blogs_of_user($spuserID, true); foreach ((array) $blogs as $key => $details) { update_blog_status($details->userblog_id, 'spam', '0'); } } if (function_exists('update_user_status')) { update_user_status($spuserID, 'spam', '0'); } $wpdb->update($wpdb->users, array('user_status' => 0), array('ID' => $spuserID)); $spamUsers++; } if ($spamUsers) { $messages[] = '<div id="message" class="updated fade"><p><strong>' . sprintf(__("%d user(s) were marked as Safe", "wangguard"), $spamUsers) . '</strong></p></div>'; } break; } if (count($messages)) { foreach ($messages as $msg) { echo $msg; } } ?> <div class="wrap" id="wangguard-users-cont"> <div class="wangguard-confico"><img src="<?php echo WP_PLUGIN_URL; ?> /wangguard/img/users.png" alt="<?php echo htmlentities(__('WangGuard Users', 'wangguard')); ?> " /></div> <div class="icon32" id="icon-wangguard"><br></div> <h2><?php _e('WangGuard Users', 'wangguard'); ?> </h2> <?php $wp_list_table->prepare_items(); ?> <form action="" method="get"> <input type="hidden" name="page" value="wangguard_users" /> <?php $wp_list_table->search_box(__('Search Users'), 'user'); ?> </form> <form action="admin.php" method="get" id="wangguard-users-form"> <input type="hidden" name="page" value="wangguard_users" /> <?php $total_pages = $wp_list_table->get_pagination_arg('total_pages'); if ($pagenum > $total_pages && $total_pages > 0) { wp_redirect(add_query_arg('paged', $total_pages)); exit; } $wp_list_table->views(); ?> <?php $requestType = ""; if (isset($_REQUEST['type'])) { $requestType = $_REQUEST['type']; } if ($requestType == 'spl') { ?> <div id="wangguard-deleteallsplcont" class="subsubsub"><a class="button-primary" id="wangguard-deleteallspl" href="javascript:void(0)"><?php echo __('Delete All Sploggers', 'wangguard'); ?> </a></div> <script type="text/javascript"> <?php $urlFunc = "admin_url"; if ($wangguard_is_network_admin && function_exists("network_admin_url")) { $urlFunc = "network_admin_url"; } $deleteSPURL = $urlFunc('admin.php?page=wangguard_wizard&wangguard_delete_splogguers=1&wangguard_splogcnt=' . $wangguard_g_splog_users_count . '&wangguard_step=3&_wpnonce=' . wp_create_nonce($wangguard_nonce)); ?> jQuery("a#wangguard-deleteallspl").click(function() { if (confirm('<?php echo __('Do you confirm to delete ALL Sploggers?', 'wangguard'); ?> ')) { document.location = '<?php echo $deleteSPURL; ?> '; } }); </script> <?php } ?> <?php $wp_list_table->display(); ?> </form> <br class="clear" /> </div> <?php }
function ust_do_ajax() { global $wpdb, $current_site; //make sure we have permission! if (!current_user_can('manage_sites')) { die; } if (isset($_POST['url'])) { $query = parse_url($_POST['url']); parse_str($query['query'], $_GET); } //process any actions and messages if (isset($_GET['spam_user'])) { //spam a user and all blogs they are associated with //don't spam site admin $user_info = get_userdata((int) $_GET['spam_user']); if (!is_super_admin($user_info->user_login)) { $blogs = get_blogs_of_user((int) $_GET['spam_user'], true); foreach ((array) $blogs as $key => $details) { if ($details->userblog_id == $current_site->blog_id) { continue; } // main blog not a spam ! update_blog_status($details->userblog_id, "spam", '1'); set_time_limit(60); } update_user_status((int) $_GET['spam_user'], "spam", '1'); } } else { if (isset($_POST['check_ip'])) { //count all blogs created or modified with the IP address $ip_query = parse_url($_POST['check_ip']); parse_str($ip_query['query'], $ip_data); $spam_ip = addslashes($ip_data['spam_ip']); $query = "SELECT COUNT(b.blog_id)\r\n \t\t\t\tFROM {$wpdb->blogs} b, {$wpdb->registration_log} r, {$wpdb->base_prefix}ust u\r\n \t\t\t\tWHERE b.site_id = '{$wpdb->siteid}'\r\n \t\t\t\tAND b.blog_id = r.blog_id\r\n \t\t\t\tAND b.blog_id = u.blog_id\r\n \t\t\t\tAND b.spam = 0\r\n \t\t\t\tAND (r.IP = '{$spam_ip}' OR u.last_ip = '{$spam_ip}')"; $query2 = "SELECT COUNT(b.blog_id)\r\n \t\t\t\tFROM {$wpdb->blogs} b, {$wpdb->registration_log} r, {$wpdb->base_prefix}ust u\r\n \t\t\t\tWHERE b.site_id = '{$wpdb->siteid}'\r\n \t\t\t\tAND b.blog_id = r.blog_id\r\n \t\t\t\tAND b.blog_id = u.blog_id\r\n \t\t\t\tAND b.spam = 1\r\n \t\t\t\tAND (r.IP = '{$spam_ip}' OR u.last_ip = '{$spam_ip}')"; //return json response echo '{"num":"' . $wpdb->get_var($query) . '", "numspam":"' . $wpdb->get_var($query2) . '", "bid":"' . $ip_data['id'] . '", "ip":"' . $ip_data['spam_ip'] . '"}'; } else { if (isset($_GET['spam_ip'])) { //spam all blogs created or modified with the IP address $spam_ip = addslashes($_GET['spam_ip']); $query = "SELECT b.blog_id\r\n \t\t\t\tFROM {$wpdb->blogs} b, {$wpdb->registration_log} r, {$wpdb->base_prefix}ust u\r\n \t\t\t\tWHERE b.site_id = '{$wpdb->siteid}'\r\n \t\t\t\tAND b.blog_id = r.blog_id\r\n \t\t\t\tAND b.blog_id = u.blog_id\r\n \t\t\t\tAND b.spam = 0\r\n \t\t\t\tAND (r.IP = '{$spam_ip}' OR u.last_ip = '{$spam_ip}')"; $blogs = $wpdb->get_results($query, ARRAY_A); foreach ((array) $blogs as $blog) { if ($blog['blog_id'] == $current_site->blog_id) { continue; } // main blog not a spam ! update_blog_status($blog['blog_id'], "spam", '1'); set_time_limit(60); } } else { if (isset($_GET['ignore_blog'])) { //ignore a single blog so it doesn't show up on the possible spam list ust_blog_ignore((int) $_GET['id']); echo $_GET['id']; } else { if (isset($_GET['unignore_blog'])) { //unignore a single blog so it can show up on the possible spam list ust_blog_unignore((int) $_GET['id']); echo $_GET['id']; } else { if (isset($_GET['spam_blog'])) { //spam a single blog update_blog_status((int) $_GET['id'], "spam", '1'); echo $_GET['id']; } else { if (isset($_GET['unspam_blog'])) { update_blog_status((int) $_GET['id'], "spam", '0'); ust_blog_ignore((int) $_GET['id'], false); echo $_GET['id']; } else { if (isset($_POST['allblogs'])) { parse_str($_POST['allblogs'], $blog_list); foreach ((array) $blog_list['allblogs'] as $key => $val) { if ($val != '0' && $val != $current_site->blog_id) { if (isset($_POST['allblog_ignore'])) { ust_blog_ignore($val); set_time_limit(60); } else { if (isset($_POST['allblog_unignore'])) { ust_blog_unignore($val); set_time_limit(60); } else { if (isset($_POST['allblog_spam'])) { update_blog_status($val, "spam", '1'); set_time_limit(60); } else { if (isset($_POST['allblog_notspam'])) { update_blog_status($val, "spam", '0'); ust_blog_ignore($val, false); set_time_limit(60); } } } } } } _e("Selected blogs processed", 'ust'); } } } } } } } } die; }
//process any actions and messages if (isset($_GET['spam_user'])) { //spam a user and all blogs they are associated with //don't spam site admin $user_info = get_userdata((int) $_GET['spam_user']); if (!is_super_admin($user_info->user_login)) { $blogs = get_blogs_of_user((int) $_GET['spam_user'], true); foreach ((array) $blogs as $key => $details) { if ($details->userblog_id == $current_site->blog_id) { continue; } // main blog not a spam ! update_blog_status($details->userblog_id, "spam", '1'); set_time_limit(60); } update_user_status((int) $_GET['spam_user'], "spam", '1'); $_GET['updatedmsg'] = sprintf(__('%s blog(s) spammed for user!', 'ust'), count($blogs)); } } else { if (isset($_GET['spam_ip'])) { //spam all blogs created or modified with the IP address $spam_ip = addslashes($_GET['spam_ip']); $query = "SELECT b.blog_id\n\t\t\t\t\t\t\tFROM {$wpdb->blogs} b, {$wpdb->registration_log} r, {$wpdb->base_prefix}ust u\n\t\t\t\t\t\t\tWHERE b.site_id = '{$wpdb->siteid}'\n\t\t\t\t\t\t\tAND b.blog_id = r.blog_id\n\t\t\t\t\t\t\tAND b.blog_id = u.blog_id\n\t\t\t\t\t\t\tAND b.spam = 0\n\t\t\t\t\t\t\tAND (r.IP = '{$spam_ip}' OR u.last_ip = '{$spam_ip}')"; $blogs = $wpdb->get_results($query, ARRAY_A); foreach ((array) $blogs as $blog) { if ($blog['blog_id'] == $current_site->blog_id) { continue; } // main blog not a spam ! update_blog_status($blog['blog_id'], "spam", '1'); set_time_limit(60);
$blogs = get_blogs_of_user($user_id, true); foreach ((array) $blogs as $details) { if ($details->userblog_id != get_network()->site_id) { // main blog not a spam ! update_blog_status($details->userblog_id, 'spam', '1'); } } update_user_status($user_id, 'spam', '1'); break; case 'notspam': $userfunction = 'all_notspam'; $blogs = get_blogs_of_user($user_id, true); foreach ((array) $blogs as $details) { update_blog_status($details->userblog_id, 'spam', '0'); } update_user_status($user_id, 'spam', '0'); break; } } } if (!in_array($doaction, array('delete', 'spam', 'notspam'), true)) { $sendback = wp_get_referer(); $user_ids = (array) $_POST['allusers']; /** This action is documented in wp-admin/network/site-themes.php */ $sendback = apply_filters('handle_network_bulk_actions-' . get_current_screen()->id, $sendback, $doaction, $user_ids); wp_safe_redirect($sendback); exit; } wp_safe_redirect(add_query_arg(array('updated' => 'true', 'action' => $userfunction), wp_get_referer())); } else { $location = network_admin_url('users.php');
/** * Executes an scheduled job * @param int $cronid */ function wangguard_cronjob_runner($cronid) { global $wpdb, $wangguard_api_key, $wangguard_cronjob_actions_options, $wangguard_is_network_admin; if (wangguard_is_multisite()) { $spamFieldName = "spam"; } else { $spamFieldName = "user_status"; } //get job ID $cronid = (int) $cronid; $cronjobs_table_name = $wpdb->base_prefix . "wangguardcronjobs"; $wgcron = $wpdb->get_results("select * from {$cronjobs_table_name} where id = {$cronid}"); if (!isset($wgcron[0])) { return; } //init vars $cronjob = $wgcron[0]; $checkedUsers = $detectedSploggers = 0; $cleanUsers = array(); $sploggersUsers = array(); $message = 'WangGuard Cron Job # ' . $cronid . "\n\n"; //setup cron args $args = array((int) $cronjob->id); //delete the job, prevents being locked and runned again, WP should re schedule it $timestamp = wp_next_scheduled('wangguard_cronjob_runner', $args); wp_unschedule_event($timestamp, 'wangguard_cronjob_runner', $args); //store last run time $wpdb->query("update {$cronjobs_table_name} set LastRun = CURRENT_TIMESTAMP where id = {$cronid}"); //re schedule the job at the configured time $timestampNextRun = wangguard_get_next_schedule($cronjob->RunOn, $cronjob->RunAt); wp_schedule_single_event($timestampNextRun, 'wangguard_cronjob_runner', $args); $humanizedNextRun = date(get_option('date_format') . ' ' . get_option('time_format'), $timestampNextRun); //api key is valid? $valid = wangguard_verify_key($wangguard_api_key); if ($valid == 'failed' || $valid == 'invalid') { $message .= __('Your WangGuard API KEY is invalid.', 'wangguard'); } else { $userStatusTable = $wpdb->base_prefix . "wangguarduserstatus"; $message .= __("Action", 'wangguard') . ": " . $wangguard_cronjob_actions_options[$cronjob->Action] . "\n\n"; $timeFrom = mktime(0, 0, 0, date('n'), date('j'), date('Y')) - $cronjob->UsersTF * 86400; set_time_limit(300); $goodUsers = $wpdb->get_col("select ID from {$wpdb->users} where user_registered >= FROM_UNIXTIME( {$timeFrom} )"); if (count($goodUsers)) { $message .= sprintf(__("Verifying %d new users since", 'wangguard'), count($goodUsers)) . ' ' . date(get_option('date_format'), $timeFrom) . "\n\n"; foreach ($goodUsers as $userid) { $user_check_status = "-"; set_time_limit(120); $user_object = new WP_User($userid); //get the WangGuard user status, if status is force-checked then ignore the user $user_status = $wpdb->get_var($wpdb->prepare("select user_status from {$userStatusTable} where ID = %d", $userid)); if ($user_status == 'force-checked' || $user_status == 'buyer') { $user_check_status = "force-checked"; } else { //verify the user only if it's not already flagged $user_check_status = $user_status != "reported" ? wangguard_verify_user($user_object) : "reported"; } $checkedUsers++; if ($user_check_status == "reported") { //user was detected as splogger $detectedSploggers++; $sploggersUsers[] = $user_object->display_name . " (" . $user_object->user_email . ")"; //what to do with this user switch ($cronjob->Action) { case "f": // Now we mark a user as spam, there is a problem related to BuddyPress permissions, so the splogger activity will not removed. http://buddypress.trac.wordpress.org/ticket/5233 if (function_exists('update_user_status')) { update_user_status($userid, 'spam', '1'); } else { $wpdb->query($wpdb->prepare("update {$wpdb->users} set {$spamFieldName} = 1 where ID = %d", $userid)); } break; case "d": //Delete detected Sploggers---------------------------------------------------------------------------------------------------------- wangguard_delete_user_and_blogs($userid); break; } } else { $cleanUsers[] = $user_object->display_name . " (" . $user_object->user_email . ")"; } } if (count($cleanUsers)) { $message .= __("--- Verified Users ---", 'wangguard') . "\n" . implode("\n", $cleanUsers) . "\n\n"; } if (count($sploggersUsers)) { $message .= __("--- Detected Sploggers ---", 'wangguard') . "\n" . implode("\n", $sploggersUsers) . "\n\n"; } } else { $message .= __("No new users to verify since ", 'wangguard') . date(get_option('date_format'), $timeFrom); } } //bottom link $urlFunc = "admin_url"; if ($wangguard_is_network_admin && function_exists("network_admin_url")) { $urlFunc = "network_admin_url"; } $site_url = $urlFunc("admin.php?page=wangguard_users"); $message .= "\n\n" . __("Next run ", "wangguard") . $humanizedNextRun; $message .= "\n\n" . __("Click here to manage users: ", "wangguard") . "\n" . $site_url; $message .= "\n\nWangGuard - www.wangguard.com"; //Notify admin $admin_email = get_site_option('admin_email'); if ($admin_email == '') { $admin_email = 'support@' . $_SERVER['SERVER_NAME']; } $from_name = get_site_option('site_name') == '' ? 'WordPress' : esc_html(get_site_option('site_name')); $message_headers = "From: \"{$from_name}\" <{$admin_email}>\n" . "Content-Type: text/plain; charset=\"" . get_option('blog_charset') . "\"\n"; if (is_multisite()) { $current_site = new stdClass(); $current_site = get_current_site(); } else { $current_site = new stdClass(); } if (empty($current_site->site_name)) { $current_site->site_name = 'WordPress'; } $subject = sprintf('WangGuard Cron Job # ' . $cronid . ' - ' . __('Verified: %d - Sploggers: %d'), $checkedUsers, $detectedSploggers); @wp_mail($admin_email, $subject, $message, $message_headers); }
function wangguard_wizard() { global $wpdb, $wangguard_nonce, $wangguard_api_key, $wangguard_is_network_admin; $urlFunc = "admin_url"; if ($wangguard_is_network_admin && function_exists("network_admin_url")) { $urlFunc = "network_admin_url"; } if (wangguard_is_multisite()) { $spamFieldName = "spam"; $sqlSpamWhere = "spam = 1"; $sqlNoSpamWhere = "spam = 0"; } else { $spamFieldName = "user_status"; $sqlSpamWhere = "user_status = 1"; $sqlNoSpamWhere = "user_status <> 1"; } if (!current_user_can('level_10')) { die(__('Cheatin’ uh?', 'wangguard')); } $step = 0; if (isset($_REQUEST['wangguard_step'])) { $step = (int) $_REQUEST['wangguard_step']; } if (isset($_POST['submit']) || !empty($step)) { check_admin_referer($wangguard_nonce); } ?> <div class="wrap" id="wangguard-wizard-cont"> <div class="wangguard-confico"><img src="<?php echo WP_PLUGIN_URL; ?> /wangguard/img/wizard.png" alt="<?php echo htmlentities(__('WangGuard Wizard', 'wangguard')); ?> " /></div> <div class="icon32" id="icon-wangguard"><br></div> <h2><?php _e('WangGuard Wizard', 'wangguard'); ?> </h2> <script type="text/javascript"> function wangguard_progress() { jQuery("#wangguard-visible-step-status").hide(); jQuery("#wangguard-hidden-step-status").show(); return true; } jQuery(document).ready(function() { jQuery(".wangguard-hidewhendone").hide(); }); </script> <form action="admin.php" method="get" id="wangguardWizardForm" name="wangguardWizardForm" onsubmit="return wangguard_progress()"> <input type="hidden" name="page" value="wangguard_wizard" /> <?php echo wp_nonce_field($wangguard_nonce); ?> <?php switch ($step) { case "1": ?> <div id="wangguard-visible-step-status"> <h3><?php echo __("Reporting spam users to WangGuard...", "wangguard"); ?> </h3> <?php $usersPerStint = 50; //how many users to check on each iteration $fromUser = isset($_REQUEST['wangguard_wiz_from']) ? (int) $_REQUEST['wangguard_wiz_from'] : 0; if ($fromUser < 0) { $fromUser = 0; } $spamUsersTotal = $wpdb->get_col("select count(*) from {$wpdb->users} where {$sqlSpamWhere}"); $spamUsersTotal = $spamUsersTotal[0]; $step1Finished = $fromUser > 0 && $fromUser >= $spamUsersTotal; if (!$step1Finished) { $spamUsers = $wpdb->get_col("select ID from {$wpdb->users} where {$sqlSpamWhere} order by ID LIMIT {$fromUser} , {$usersPerStint}"); $userCount = count($spamUsers); $reportingUserFrom = $fromUser + $usersPerStint; $reportingUserFrom = $reportingUserFrom > $spamUsersTotal ? $spamUsersTotal : $reportingUserFrom; if ($userCount == 0) { ?> <p><?php echo __("No spam users were found on your site. Click the button below to check your users.", "wangguard"); ?> </p> <input type="hidden" name="wangguard_step" value="2" /> <p class="submit"><input type="submit" name="submit" class="button-primary" value="<?php _e('Continue', 'wangguard'); ?> " /></p> <?php } else { ?> <p><img id="wangguard-progress-wait" style="vertical-align: middle; margin-right: 8px;" src="<?php echo esc_url(admin_url('images/wpspin_light.gif')); ?> " alt="..." /><?php echo sprintf(__("The WangGuard wizard is reporting %d of %d spam users as Sploggers.", "wangguard"), $reportingUserFrom, $spamUsersTotal); ?> </p> <?php @flush(); ?> <?php @ob_flush(); ?> <?php $progress = 0; $reported = 0; $lastProgressSent = 0; foreach ($spamUsers as $userid) { //get the WangGuard user status, if status is force-checked then ignore the user $table_name = $wpdb->base_prefix . "wangguarduserstatus"; $user_status = $wpdb->get_var($wpdb->prepare("select user_status from {$table_name} where ID = %d", $userid)); if ($user_status == 'force-checked') { continue; } $dummyArr = array(); $dummyArr[] = $userid; set_time_limit(15); wangguard_report_users($dummyArr, "email", false); $reported++; } ?> <input type="hidden" name="wangguard_wiz_from" value="<?php echo $fromUser + $usersPerStint; ?> " /> <script type="text/javascript"> document.getElementById('wangguardWizardForm').onsubmit=''; jQuery(document).ready(function() { location.href='admin.php?page=wangguard_wizard&wangguard_step=1&wangguard_wiz_from=<?php echo $fromUser + $usersPerStint; ?> &_wpnonce=<?php echo wp_create_nonce($wangguard_nonce); ?> '; }); </script> <input type="hidden" name="wangguard_step" value="1" /> <?php } ?> <?php } else { ?> <p><?php echo __("The WangGuard wizard has finished reporting spam users. Click the button below to check the rest of your users.", "wangguard"); ?> </p> <input type="hidden" name="wangguard_step" value="2" /> <p class="submit"><input type="submit" name="submit" class="button-primary" value="<?php _e('Continue', 'wangguard'); ?> " /></p> <?php } ?> </div> <?php if ($step1Finished) { ?> <div id="wangguard-hidden-step-status" style="display: none"> <h3><?php echo __("Verifying users against the WangGuard service...", "wangguard"); ?> </h3> <?php $goodUsers = $wpdb->get_col("select ID from {$wpdb->users} where {$sqlNoSpamWhere}"); $userCount = count($goodUsers); if ($userCount == 0) { ?> <p><img id="wangguard-progress-wait" style="vertical-align: middle; margin-right: 8px;" src="<?php echo esc_url(admin_url('images/wpspin_light.gif')); ?> " alt="..." /></p> <?php } else { ?> <p><img id="wangguard-progress-wait" style="vertical-align: middle; margin-right: 8px;" src="<?php echo esc_url(admin_url('images/wpspin_light.gif')); ?> " alt="..." /><?php echo sprintf(__("The WangGuard wizard is verifying %d users against the WangGuard service.", "wangguard"), $userCount); ?> </p> <?php } ?> </div> <?php } ?> <?php break; case "2": ?> <div id="wangguard-visible-step-status"> <h3><?php echo __("Verifying users against the WangGuard service...", "wangguard"); ?> </h3> <?php $usersPerStint = 50; //how many users to check on each iteration $fromUser = isset($_REQUEST['wangguard_wiz_from']) ? (int) $_REQUEST['wangguard_wiz_from'] : 0; if ($fromUser < 0) { $fromUser = 0; } $goodUsersTotal = $wpdb->get_col("select count(*) from {$wpdb->users} where {$sqlNoSpamWhere}"); $goodUsersTotal = $goodUsersTotal[0]; $step2Finished = $fromUser > 0 && $fromUser >= $goodUsersTotal; $reported = isset($_REQUEST['reported']) ? (int) $_REQUEST['reported'] : 0; $noUsersToCheck = false; if (!$step2Finished) { $goodUsers = $wpdb->get_col("select ID from {$wpdb->users} where {$sqlNoSpamWhere} ORDER BY ID LIMIT {$fromUser} , {$usersPerStint}"); $userCount = count($goodUsers); $reportingUserFrom = $fromUser + $usersPerStint; $reportingUserFrom = $reportingUserFrom > $goodUsersTotal ? $goodUsersTotal : $reportingUserFrom; if ($userCount == 0) { $step2Finished = true; $noUsersToCheck = true; ?> <p><?php echo __("No users were found on your site.", "wangguard"); ?> </p> <?php } else { ?> <p><img id="wangguard-progress-wait" style="vertical-align: middle; margin-right: 8px;" src="<?php echo esc_url(admin_url('images/wpspin_light.gif')); ?> " alt="..." /><?php echo sprintf(__("The WangGuard wizard is verifying %d of %d users against the WangGuard service.", "wangguard"), $reportingUserFrom, $goodUsersTotal); ?> </p> <?php @flush(); ?> <?php @ob_flush(); ?> <?php $progress = 0; $verified = 0; $lastProgressSent = 0; foreach ($goodUsers as $userid) { //get the WangGuard user status, if status is force-checked then ignore the user $table_name = $wpdb->base_prefix . "wangguarduserstatus"; $user_status = $wpdb->get_var($wpdb->prepare("select user_status from {$table_name} where ID = %d", $userid)); if ($user_status == 'force-checked') { continue; } $dummyArr = array(); $dummyArr[] = $userid; $user_object = new WP_User($userid); set_time_limit(15); $user_check_status = wangguard_verify_user($user_object); if ($user_check_status == "reported") { $reported++; if (function_exists("update_user_status")) { update_user_status($userid, $spamFieldName, 1); } else { $wpdb->query($wpdb->prepare("update {$wpdb->users} set {$spamFieldName} = 1 where ID = %d", $userid)); } } $verified++; } ?> <input type="hidden" name="wangguard_wiz_from" value="<?php echo $fromUser + $usersPerStint; ?> " /> <script type="text/javascript"> document.getElementById('wangguardWizardForm').onsubmit=''; jQuery(document).ready(function() { location.href='admin.php?page=wangguard_wizard&wangguard_step=2&reported=<?php echo $reported; ?> &wangguard_wiz_from=<?php echo $fromUser + $usersPerStint; ?> &_wpnonce=<?php echo wp_create_nonce($wangguard_nonce); ?> '; }); </script> <input type="hidden" name="wangguard_step" value="2" /> <?php } } if ($step2Finished) { $table_name = $wpdb->base_prefix . "wangguarduserstatus"; $reportedUsers = $wpdb->get_col("select count(*) from {$table_name} where user_status IN ( 'reported', 'autorep' )"); $reportedUsersCount = $reportedUsers[0]; if (!$noUsersToCheck) { ?> <p><?php echo sprintf(__("The WangGuard wizard has finished verifying your users and found <strong>%d</strong> Sploggers.", "wangguard"), $reported); ?> </p> <?php } ?> <input type="hidden" name="wangguard_step" value="3" /> <input type="hidden" name="wangguard_splogcnt" value="<?php echo $reportedUsersCount; ?> " /> <?php if ($reportedUsersCount) { ?> <p><?php echo sprintf(__("There are <strong>%d</strong> users identified as Sploggers, you can delete them or manage them by clicking the buttons below.", "wangguard"), $reportedUsersCount); ?> </p> <?php } ?> <div id="wangguard-visible-step-status"> <input type="hidden" value="" name="wangguard_delete_splogguers" id="wangguard_delete_splogguers" /> <p class="submit"> <?php if ($reportedUsersCount) { ?> <input type="submit" name="do_wangguard_delete_splogguers" class="button-primary" id="do_wangguard_delete_splogguers" value="<?php _e('Delete all Sploggers', 'wangguard'); ?> " /> <input type="button" name="button" class="button-primary" onclick="document.location='admin.php?page=wangguard_users&type=spl'" value="<?php _e('Manage Sploggers', 'wangguard'); ?> " /> <?php } ?> <input type="submit" name="submit" class="button-primary" value="<?php _e('Finish', 'wangguard'); ?> " /> </p> </div> <script type="text/javascript"> jQuery(document).ready(function() { jQuery("#do_wangguard_delete_splogguers").click(function() { if (confirm('<?php echo addslashes(__('Do you confirm to delete all Sploggers?', 'wangguard')); ?> ')) { jQuery('#wangguard_delete_splogguers').val('1'); return true; } else return false; }); }); </script> <div id="wangguard-hidden-step-status" style="display: none"> <p><img id="wangguard-progress-wait" style="vertical-align: middle; margin-right: 8px;" src="<?php echo esc_url(admin_url('images/wpspin_light.gif')); ?> " alt="..." /></p> </div> <?php } ?> </div> <?php break; case "3": if (@$_REQUEST['wangguard_delete_splogguers'] == 1) { $usersPerStint = 10; //how many users to check on each iteration $table_name = $wpdb->base_prefix . "wangguarduserstatus"; $reportedUsers = $wpdb->get_col("select ID from {$table_name} where user_status IN ( 'reported', 'autorep' ) LIMIT 0 , {$usersPerStint}"); $reportedUsersCount = count($reportedUsers); $reportedUsersTotal = (int) @$_REQUEST['wangguard_splogcnt']; $reportingUserFrom = (int) @$_REQUEST['wangguard_wiz_from']; $reportingUserFrom = $reportingUserFrom > $reportedUsersTotal ? $reportedUsersTotal : $reportingUserFrom; $step3Finished = $reportedUsersCount == 0; if (!$step3Finished) { ?> <h3><?php echo __("Deleting Splogguers from your site...", "wangguard"); ?> </h3> <p><img id="wangguard-progress-wait" style="vertical-align: middle; margin-right: 8px;" src="<?php echo esc_url(admin_url('images/wpspin_light.gif')); ?> " alt="..." /><?php echo sprintf(__("The WangGuard wizard is deleting %d of %d Splogguers from your site.", "wangguard"), $reportingUserFrom, $reportedUsersTotal); ?> </p> <?php @flush(); ?> <?php @ob_flush(); ?> <?php foreach ($reportedUsers as $userid) { set_time_limit(15); wangguard_delete_user_and_blogs($userid); } ?> <script type="text/javascript"> document.getElementById('wangguardWizardForm').onsubmit=''; jQuery(document).ready(function() { location.href='admin.php?page=wangguard_wizard&wangguard_step=3&wangguard_delete_splogguers=1&wangguard_splogcnt=<?php echo $reportedUsersTotal; ?> &wangguard_wiz_from=<?php echo $reportingUserFrom + $usersPerStint; ?> &_wpnonce=<?php echo wp_create_nonce($wangguard_nonce); ?> '; }); </script> <?php } else { ?> <h3><?php echo __("The WangGuard Wizard has finished", "wangguard"); ?> </h3> <p><?php echo sprintf(__("%d sploggers users has been deleted from your site.", "wangguard"), $reportedUsersTotal); ?> </p> <p><a class="button-primary" href="<?php echo $urlFunc('admin.php?page=wangguard_users'); ?> "><?php echo __('Click here to manage your Users', 'wangguard'); ?> </a></p> <?php } } else { ?> <h3><?php echo __("The WangGuard Wizard has finished", "wangguard"); ?> </h3> <p><a class="button-primary" href="<?php echo $urlFunc('admin.php?page=wangguard_users'); ?> "><?php echo __('Click here to manage your Users', 'wangguard'); ?> </a></p> <?php } break; default: ?> <div id="wangguard-visible-step-status"> <h3><?php echo __("Welcome to the WangGuard Wizard", "wangguard"); ?> </h3> <p><?php echo __("This wizard will perform the following actions on your WordPress installation", "wangguard"); ?> </p> <ol> <li><?php echo __("It will report to WangGuard all users you have flagged as 'spam' on your site.", "wangguard"); ?> </li> <li><?php echo __("For the rest of the users, it will check against WangGuard service if any of them was reported as Splogger.", "wangguard"); ?> </li> <li><?php echo __("It will let you know how many Sploggers the wizard found (if any) and, optionally, will let you delete your spam users and Sploggers from your site.", "wangguard"); ?> </li> </ol> <p><?php echo sprintf(__("Note: The wizard will NOT verify the users flagged as %s, these are the users for which you've selected the "Not a Splogger" option from the Users admin or flagged as "Not Spam".", "wangguard"), "<span class='wangguard-status-checked'>" . __("Checked (forced)", "wangguard") . "</span>"); ?> </p> <?php $valid = wangguard_verify_key($wangguard_api_key); if ($valid == 'failed' || $valid == 'invalid') { ?> <p class="wangguard-info wangguard-error" style="margin-right: 20px;"><?php echo __('Your WangGuard API KEY is invalid.', 'wangguard'); ?> </p> <?php } else { ?> <p><?php echo __("Click the button below when you're ready to clean your site!.", "wangguard"); ?> </p> <input type="hidden" name="wangguard_step" value="1" /> <p class="submit"><input type="submit" name="submit" class="button-primary" value="<?php _e('Start cleaning my site!', 'wangguard'); ?> " /></p> <?php } ?> </div> <div id="wangguard-hidden-step-status" style="display: none"> <h3><?php echo __("Reporting spam users to WangGuard...", "wangguard"); ?> </h3> <?php $spamUsers = $wpdb->get_col("select ID from {$wpdb->users} where {$sqlSpamWhere}"); $userCount = count($spamUsers); if ($userCount == 0) { ?> <p><img id="wangguard-progress-wait" style="vertical-align: middle; margin-right: 8px;" src="<?php echo esc_url(admin_url('images/wpspin_light.gif')); ?> " alt="..." /></p> <?php } else { ?> <p><img id="wangguard-progress-wait" style="vertical-align: middle; margin-right: 8px;" src="<?php echo esc_url(admin_url('images/wpspin_light.gif')); ?> " alt="..." /><?php echo sprintf(__("The WangGuard wizard is reporting %d spam users as Sploggers.", "wangguard"), $userCount); ?> </p> <?php } ?> </div> <?php break; } ?> </form> </div> <?php }
/** * Process a spammed or unspammed user. * * This function is called from three places: * * - in bp_settings_action_capabilities() (from the front-end) * - by bp_core_mark_user_spam_admin() (from wp-admin) * - bp_core_mark_user_ham_admin() (from wp-admin) * * @since BuddyPress (1.6.0) * * @param int $user_id The ID of the user being spammed/hammed. * @param string $status 'spam' if being marked as spam, 'ham' otherwise. * @param bool $do_wp_cleanup True to force the cleanup of WordPress content * and status, otherwise false. Generally, this should only be false if * WordPress is expected to have performed this cleanup independently, * as when hooked to 'make_spam_user'. * @return bool True on success, false on failure. */ function bp_core_process_spammer_status($user_id, $status, $do_wp_cleanup = true) { global $wpdb; // Bail if no user ID if (empty($user_id)) { return; } // Bail if user ID is super admin if (is_super_admin($user_id)) { return; } // Get the functions file if (is_multisite()) { require_once ABSPATH . 'wp-admin/includes/ms.php'; } $is_spam = 'spam' == $status; // Only you can prevent infinite loops remove_action('make_spam_user', 'bp_core_mark_user_spam_admin'); remove_action('make_ham_user', 'bp_core_mark_user_ham_admin'); // Determine if we are on an admin page $is_admin = is_admin(); if ($is_admin && !defined('DOING_AJAX')) { $is_admin = (bool) (buddypress()->members->admin->user_page !== get_current_screen()->id); } // When marking as spam in the Dashboard, these actions are handled by WordPress if ($do_wp_cleanup) { // Get the blogs for the user $blogs = get_blogs_of_user($user_id, true); foreach ((array) array_values($blogs) as $details) { // Do not mark the main or current root blog as spam if (1 == $details->userblog_id || bp_get_root_blog_id() == $details->userblog_id) { continue; } // Update the blog status update_blog_status($details->userblog_id, 'spam', $is_spam); } // Finally, mark this user as a spammer if (is_multisite()) { update_user_status($user_id, 'spam', $is_spam); } // Always set single site status $wpdb->update($wpdb->users, array('user_status' => $is_spam), array('ID' => $user_id)); // Call multisite actions in single site mode for good measure if (!is_multisite()) { $wp_action = true === $is_spam ? 'make_spam_user' : 'make_ham_user'; do_action($wp_action, bp_displayed_user_id()); } } // Hide this user's activity if (true === $is_spam && bp_is_active('activity')) { bp_activity_hide_user_activity($user_id); } // We need a special hook for is_spam so that components can delete data at spam time $bp_action = true === $is_spam ? 'bp_make_spam_user' : 'bp_make_ham_user'; do_action($bp_action, $user_id); // Allow plugins to do neat things do_action('bp_core_process_spammer_status', $user_id, $is_spam); // Put things back how we found them add_action('make_spam_user', 'bp_core_mark_user_spam_admin'); add_action('make_ham_user', 'bp_core_mark_user_ham_admin'); return true; }
/** * @ticket 23192 */ function test_is_user_spammy() { $user_id = $this->factory->user->create( array( 'role' => 'author', 'user_login' => 'testuser1', ) ); $spam_username = (string) $user_id; $spam_user_id = $this->factory->user->create( array( 'role' => 'author', 'user_login' => $spam_username, ) ); update_user_status( $spam_user_id, 'spam', '1' ); $this->assertTrue( is_user_spammy( $spam_username ) ); $this->assertFalse( is_user_spammy( 'testuser1' ) ); }
/** * @group bp_core_process_spammer_status */ public function test_bp_core_process_spammer_status_ms_bulk_ham() { if (!is_multisite()) { return; } $bp = buddypress(); $displayed_user = $bp->displayed_user; $u1 = $this->factory->user->create(); $bp->displayed_user->id = $u1; // Spam the user bp_core_process_spammer_status($u1, 'spam'); $this->assertTrue(bp_is_user_spammer($u1)); // Bulk unspam in network admin uses update_user_status update_user_status($u1, 'spam', '0'); $this->assertFalse(bp_is_user_spammer($u1)); // Reset displayed user $bp->displayed_user = $displayed_user; }
$blogs = get_blogs_of_user($val, true); foreach ((array) $blogs as $key => $details) { if ($details->userblog_id != $current_site->blog_id) { // main blog not a spam ! update_blog_status($details->userblog_id, 'spam', '1'); } } update_user_status($val, 'spam', '1'); break; case 'notspam': $userfunction = 'all_notspam'; $blogs = get_blogs_of_user($val, true); foreach ((array) $blogs as $key => $details) { update_blog_status($details->userblog_id, 'spam', '0'); } update_user_status($val, 'spam', '0'); break; } } } wp_redirect(add_query_arg(array('updated' => 'true', 'action' => $userfunction), wp_get_referer())); } else { $location = network_admin_url('users.php'); if (!empty($_REQUEST['paged'])) { $location = add_query_arg('paged', (int) $_REQUEST['paged'], $location); } wp_redirect($location); } exit; break; case 'dodelete':
public function check_unverified_users($limit) { global $wpdb; // code forked from wangguard-wizard.php line 8 if (wangguard_is_multisite()) { $spamFieldName = "spam"; } else { $spamFieldName = "user_status"; } // code forked from wangguard-class-wp-users.php line 70 $table_name = $wpdb->base_prefix . "wangguarduserstatus"; $users_to_check = $wpdb->get_results("select ID from {$wpdb->users} where (not EXISTS (select user_status from {$table_name} where {$table_name}.ID = {$wpdb->users}.ID) OR EXISTS (select user_status from {$table_name} where {$table_name}.ID = {$wpdb->users}.ID and {$table_name}.user_status IN ( '', 'not-checked' ))) LIMIT {$limit}", ARRAY_A); $verified = 0; $reported = 0; // code forked from wangguard-wizard.php line 156 foreach ($users_to_check as $key => $user) { $userid = $user['ID']; //get the WangGuard user status, if status is force-checked or buyer then ignore the user $table_name = $wpdb->base_prefix . "wangguarduserstatus"; $user_status = $wpdb->get_var($wpdb->prepare("select user_status from {$table_name} where ID = %d", $userid)); if ($user_status == 'force-checked' || $user_status == 'buyer' || $user_status == 'whitelisted') { continue; } $user_object = new WP_User($userid); set_time_limit(300); $user_check_status = wangguard_verify_user($user_object); $checked_users[$userid] = $user_check_status; if ($user_check_status == "reported") { $reported++; do_action('wangguard_pre_mark_user_spam_wizard'); if (function_exists("update_user_status")) { update_user_status($userid, $spamFieldName, 1); } else { $wpdb->query($wpdb->prepare("update {$wpdb->users} set {$spamFieldName} = 1 where ID = %d", $userid)); } } $verified++; } $log = array('verified' => $verified, 'reported' => $reported, 'activity' => $checked_users); return $log; }