function test_wp_authenticate_spam_check_returns_wp_error_when_flagged()
{
if (!is_multisite()) {
$this->markTestSkipped('This test applies to multisite only.');
}
$user_id = self::factory()->user->create(array('role' => 'contributor'));
update_user_status($user_id, 'spam', 1);
$user = new WP_User($user_id);
$actual_user = wp_authenticate_spam_check($user);
wpmu_delete_user($user_id);
$this->assertInstanceOf('WP_Error', $actual_user);
}
function logout()
{
$userid = isset($_SESSION['userid']) ? $_SESSION['userid'] : 0;
$ip = client_ip();
update_user_status($_SESSION['userid'], 0, $ip, $_SERVER['HTTP_USER_AGENT']);
update_confid($userid, md5(mt_rand()));
$dir = $_SERVER['DOCUMENT_ROOT'] . "/Contacts/views/user/temp/" . md5($userid);
if (file_exists($dir)) {
removeDir($dir);
}
unset($_SESSION['userid']);
unset($_SESSION['timeout']);
unset($_SESSION['username']);
unset($_SESSION['isLoggedIn']);
unset($_SESSION['becomeLogin']);
}
/**
* Processes a spammed or unspammed user
*
* This function is called in three ways:
* - in bp_settings_action_capabilities() (from the front-end)
* - by bp_core_mark_user_spam_admin() (from wp-admin)
* - bp_core_mark_user_ham_admin() (from wp-admin)
*
* @since BuddyPress (1.6)
*
* @param int $user_id The user being spammed/hammed
* @param string $status 'spam' if being marked as spam, 'ham' otherwise
*/
function bp_core_process_spammer_status($user_id, $status)
{
global $wpdb;
// Only super admins can currently spam users
if (!is_super_admin() || bp_is_my_profile()) {
return;
}
// Bail if no user ID
if (empty($user_id)) {
return;
}
// Bail if user ID is super admin
if (is_super_admin($user_id)) {
return;
}
// Get the functions file
if (is_multisite()) {
require_once ABSPATH . 'wp-admin/includes/ms.php';
}
$is_spam = 'spam' == $status;
// Only you can prevent infinite loops
remove_action('make_spam_user', 'bp_core_mark_user_spam_admin');
remove_action('make_ham_user', 'bp_core_mark_user_ham_admin');
// When marking as spam in the Dashboard, these actions are handled by WordPress
if (!is_admin()) {
// Get the blogs for the user
$blogs = get_blogs_of_user($user_id, true);
foreach ((array) $blogs as $key => $details) {
// Do not mark the main or current root blog as spam
if (1 == $details->userblog_id || bp_get_root_blog_id() == $details->userblog_id) {
continue;
}
// Update the blog status
update_blog_status($details->userblog_id, 'spam', $is_spam);
}
// Finally, mark this user as a spammer
if (is_multisite()) {
update_user_status($user_id, 'spam', $is_spam);
}
// Always set single site status
$wpdb->update($wpdb->users, array('user_status' => $is_spam), array('ID' => $user_id));
// Call multisite actions in single site mode for good measure
if (!is_multisite()) {
$wp_action = true === $is_spam ? 'make_spam_user' : 'make_ham_user';
do_action($wp_action, bp_displayed_user_id());
}
}
// Hide this user's activity
if (true === $is_spam && bp_is_active('activity')) {
bp_activity_hide_user_activity($user_id);
}
// We need a special hook for is_spam so that components can delete data at spam time
$bp_action = true === $is_spam ? 'bp_make_spam_user' : 'bp_make_ham_user';
do_action($bp_action, $user_id);
// Allow plugins to do neat things
do_action('bp_core_process_spammer_status', $user_id, $is_spam);
return true;
}
foreach ((array) $blogs as $key => $details) {
if ($details->userblog_id == 1) {
continue;
}
// main blog not a spam !
update_blog_status($details->userblog_id, "spam", '1');
do_action("make_spam_blog", $details->userblog_id);
}
update_user_status($val, "spam", '1', 1);
} elseif (isset($_POST['alluser_notspam'])) {
$userfunction = 'all_notspam';
$blogs = get_blogs_of_user($val, true);
foreach ((array) $blogs as $key => $details) {
update_blog_status($details->userblog_id, "spam", '0');
}
update_user_status($val, "spam", '0', 1);
}
}
}
wp_redirect(add_query_arg(array('updated' => 'true', 'action' => $userfunction), $_SERVER['HTTP_REFERER']));
}
exit;
break;
case "adduser":
check_admin_referer('add-user');
$user = $_POST['user'];
if (empty($user['username']) && empty($user['email'])) {
wp_die(__('Missing username and email.'));
} elseif (empty($user['username'])) {
wp_die(__('Missing username.'));
} elseif (empty($user['email'])) {
/**
* set spammeer status
*
* @param <int|array> $user_ids member ids
* @param <bool> $is_spam mark spammer (true) or unmark (false)
* @param <callback> $end_callback function to execute after marking/unmarking, after this bpcore will redirect back & die
*/
function set_spammer_status($user_ids, $is_spam, $end_callback)
{
global $wpdb;
$user_ids = (array) $user_ids;
$successes = array();
foreach ($user_ids as $user_id) {
// Bail if user ID is super admin
if (is_super_admin($user_id)) {
continue;
}
// Get the blogs for the user
$blogs = get_blogs_of_user($user_id, true);
foreach ((array) $blogs as $key => $details) {
// Do not mark the main or current root blog as spam
if (1 == $details->userblog_id || bp_get_root_blog_id() == $details->userblog_id) {
continue;
}
// Update the blog status
update_blog_status($details->userblog_id, 'spam', $is_spam);
}
// Finally, mark this user as a spammer
if (is_multisite()) {
update_user_status($user_id, 'spam', $is_spam);
}
// Always set single site status
$wpdb->update($wpdb->users, array('user_status' => (int) $is_spam), array('ID' => $user_id));
// Hide this user's activity
if ($is_spam && bp_is_active('activity')) {
bp_activity_hide_user_activity($user_id);
}
// We need a special hook for is_spam so that components can delete data at spam time
$bp_action = $is_spam ? 'bp_make_spam_user' : 'bp_make_ham_user';
do_action($bp_action, $user_id);
// Call multisite actions in single site mode for good measure
if (!is_multisite()) {
$wp_action = $is_spam ? 'make_spam_user' : 'make_ham_user';
do_action($wp_action, $user_id);
}
// Allow plugins to do neat things
do_action('bp_core_action_set_spammer_status', $user_id, $is_spam);
$successes[] = $user_id;
}
$errors = array_diff($user_ids, $successes);
call_user_func($end_callback, $successes, $errors, $is_spam);
}
//Post to facebook token URL
$access_token = file_get_contents($fb_token_URL . "&code={$code}");
//Get AccessToken from facebook
$res_auth = file_get_contents($fb_info_URL . "&" . $access_token);
//Get the user infomation using AccessToken, and parse the result
$user = json_decode($res_auth);
// facebook の user_id + name(表示名)をセット
if (isset($user->id)) {
$fb_user_id = $user->id;
$fb_user_name = $user->name;
$fb_user_email = $user->email;
}
$http_ref = $_SERVER['HTTP_REFERER'];
if ($http_ref = $fb_auth_ref && isset($fb_user_id)) {
//Update User Status
update_user_status($fb_user_id, "facebook", $fb_user_name, $fb_user_email);
$_SESSION["auth_name"] = $ggl_user_name;
$_SESSION["auth_type"] = "facebook";
$_SESSION["auth_icon"] = "./img/fb_icon.png";
header("Location: {$top_page}");
} else {
$showMsg = "Notice: Invalid authentication<br>";
}
echo <<<EOF
<html>
\t<head>
\t\t<title>
\t\t\tfb test login
\t\t</title>
\t</head>
\t<body>
$res_auth = file_get_contents($ggl_token_URL, false, stream_context_create($options), -1, 40000);
// Decode the result from google token URL
$token = json_decode($res_auth, true);
if (isset($token['error'])) {
echo 'An error occurs on Google OAuth2\\n';
exit;
}
$access_token = $token['access_token'];
//--------------------------------------
// Get User information
//--------------------------------------
$params = array('access_token' => $access_token);
$user_json = file_get_contents($ggl_info_URL . '?' . http_build_query($params));
$user = json_decode($user_json);
$ggl_user_id = $user->id;
$ggl_user_name = $user->name;
$ggl_user_email = $user->email;
//--------------------------------------
// Register user on DB
//--------------------------------------
if (isset($ggl_user_id)) {
//Update User Status
update_user_status($ggl_user_id, "google", $ggl_user_name, $ggl_user_email);
$_SESSION["auth_name"] = $ggl_user_name;
$_SESSION["auth_type"] = "google";
$_SESSION["auth_icon"] = "./img/ggl_icon.png";
header("Location: {$top_page}");
exit;
} else {
$showMsg = "Notice: Invalid authentication.<br>";
}
include_once $_SERVER['DOCUMENT_ROOT'] . '/Contacts/models/user/logout.php';
break;
case "settings":
/*Account Management code*/
if (!$isLoggedIn) {
header("Location: index.php");
$_SESSION['error'] = ($debug ? "<b>pages.php:</b><br />" : "") . "The page you are looking was not found!";
die;
}
break;
default:
$_SESSION['error'] = ($debug ? "<b>pages.php:</b><br />" : "") . "The page you are looking was not found!";
header("Location: index.php");
die;
}
} else {
if (!$isLoggedIn) {
include_once $_SERVER['DOCUMENT_ROOT'] . '/Contacts/views/welcome.php';
}
}
if ($isLoggedIn) {
/*Here is content who view logged in users!*/
/*Update the database relating to the user about the current status
for synchronization at Session variables and db Fields*/
update_user_status($userid, $isLoggedIn, $ip, $_SERVER['HTTP_USER_AGENT']);
if ($page == "settings") {
include_once $_SERVER['DOCUMENT_ROOT'] . '/Contacts/views/content/settings.php';
} else {
include_once $_SERVER['DOCUMENT_ROOT'] . '/Contacts/views/content/tabs.php';
}
}
/**
* Process a spammed or unspammed user.
*
* This function is called from three places:
*
* - in bp_settings_action_capabilities() (from the front-end)
* - by bp_core_mark_user_spam_admin() (from wp-admin)
* - bp_core_mark_user_ham_admin() (from wp-admin)
*
* @since 1.6.0
*
* @param int $user_id The ID of the user being spammed/hammed.
* @param string $status 'spam' if being marked as spam, 'ham' otherwise.
* @param bool $do_wp_cleanup True to force the cleanup of WordPress content
* and status, otherwise false. Generally, this should
* only be false if WordPress is expected to have
* performed this cleanup independently, as when hooked
* to 'make_spam_user'.
* @return bool True on success, false on failure.
*/
function bp_core_process_spammer_status($user_id, $status, $do_wp_cleanup = true)
{
global $wpdb;
// Bail if no user ID.
if (empty($user_id)) {
return;
}
// Bail if user ID is super admin.
if (is_super_admin($user_id)) {
return;
}
// Get the functions file.
if (is_multisite()) {
require_once ABSPATH . 'wp-admin/includes/ms.php';
}
$is_spam = 'spam' == $status;
// Only you can prevent infinite loops.
remove_action('make_spam_user', 'bp_core_mark_user_spam_admin');
remove_action('make_ham_user', 'bp_core_mark_user_ham_admin');
// Force the cleanup of WordPress content and status for multisite configs.
if ($do_wp_cleanup) {
// Get the blogs for the user.
$blogs = get_blogs_of_user($user_id, true);
foreach ((array) array_values($blogs) as $details) {
// Do not mark the main or current root blog as spam.
if (1 == $details->userblog_id || bp_get_root_blog_id() == $details->userblog_id) {
continue;
}
// Update the blog status.
update_blog_status($details->userblog_id, 'spam', $is_spam);
}
// Finally, mark this user as a spammer.
if (is_multisite()) {
update_user_status($user_id, 'spam', $is_spam);
}
}
// Update the user status.
$wpdb->update($wpdb->users, array('user_status' => $is_spam), array('ID' => $user_id));
// Clean user cache.
clean_user_cache($user_id);
if (!is_multisite()) {
// Call multisite actions in single site mode for good measure.
if (true === $is_spam) {
/**
* Fires at end of processing spammer in Dashboard if not multisite and user is spam.
*
* @since 1.5.0
*
* @param int $value user ID.
*/
do_action('make_spam_user', $user_id);
} else {
/**
* Fires at end of processing spammer in Dashboard if not multisite and user is not spam.
*
* @since 1.5.0
*
* @param int $value user ID.
*/
do_action('make_ham_user', $user_id);
}
}
// Hide this user's activity.
if (true === $is_spam && bp_is_active('activity')) {
bp_activity_hide_user_activity($user_id);
}
// We need a special hook for is_spam so that components can delete data at spam time.
if (true === $is_spam) {
/**
* Fires at the end of the process spammer process if the user is spam.
*
* @since 1.5.0
*
* @param int $value Displayed user ID.
*/
do_action('bp_make_spam_user', $user_id);
} else {
/**
* Fires at the end of the process spammer process if the user is not spam.
*
* @since 1.5.0
*
* @param int $value Displayed user ID.
*/
do_action('bp_make_ham_user', $user_id);
}
/**
* Fires at the end of the process for hanlding spammer status.
*
* @since 1.5.5
*
* @param int $user_id ID of the processed user.
* @param bool $is_spam The determined spam status of processed user.
*/
do_action('bp_core_process_spammer_status', $user_id, $is_spam);
// Put things back how we found them.
add_action('make_spam_user', 'bp_core_mark_user_spam_admin');
add_action('make_ham_user', 'bp_core_mark_user_ham_admin');
return true;
}
/**
* When a site admin selects "Mark as Spammer/Not Spammer" from the admin menu
* this action will fire and mark or unmark the user and their blogs as spam.
* Must be a site admin for this function to run.
*
* @package BuddyPress Core
* @param int $user_id Optional user ID to mark as spam
* @global object $wpdb Global WordPress Database object
*/
function bp_core_action_set_spammer_status($user_id = 0)
{
global $wpdb;
// Only super admins can currently spam users
if (!is_super_admin() || bp_is_my_profile()) {
return;
}
// Use displayed user if it's not yourself
if (empty($user_id) && bp_is_user()) {
$user_id = bp_displayed_user_id();
}
// Bail if no user ID
if (empty($user_id)) {
return;
}
// Bail if user ID is super admin
if (is_super_admin($user_id)) {
return;
}
if (bp_is_current_component('admin') && in_array(bp_current_action(), array('mark-spammer', 'unmark-spammer'))) {
// Check the nonce
check_admin_referer('mark-unmark-spammer');
// Get the functions file
if (is_multisite()) {
require ABSPATH . 'wp-admin/includes/ms.php';
}
// To spam or not to spam
$is_spam = bp_is_current_action('mark-spammer') ? 1 : 0;
// Get the blogs for the user
$blogs = get_blogs_of_user($user_id, true);
foreach ((array) $blogs as $key => $details) {
// Do not mark the main or current root blog as spam
if (1 == $details->userblog_id || bp_get_root_blog_id() == $details->userblog_id) {
continue;
}
// Update the blog status
update_blog_status($details->userblog_id, 'spam', $is_spam);
}
// Finally, mark this user as a spammer
if (is_multisite()) {
update_user_status($user_id, 'spam', $is_spam);
}
// Always set single site status
$wpdb->update($wpdb->users, array('user_status' => $is_spam), array('ID' => $user_id));
// Add feedback message
if ($is_spam) {
bp_core_add_message(__('User marked as spammer. Spam users are visible only to site admins.', 'buddypress'));
} else {
bp_core_add_message(__('User removed as spammer.', 'buddypress'));
}
// Hide this user's activity
if ($is_spam && bp_is_active('activity')) {
bp_activity_hide_user_activity($user_id);
}
// We need a special hook for is_spam so that components can delete data at spam time
$bp_action = $is_spam ? 'bp_make_spam_user' : 'bp_make_ham_user';
do_action($bp_action, bp_displayed_user_id());
// Call multisite actions in single site mode for good measure
if (!is_multisite()) {
$wp_action = $is_spam ? 'make_spam_user' : 'make_ham_user';
do_action($wp_action, bp_displayed_user_id());
}
// Allow plugins to do neat things
do_action('bp_core_action_set_spammer_status', bp_displayed_user_id(), $is_spam);
// Redirect back to where we came from
bp_core_redirect(wp_get_referer());
}
}
require_once "${_CLASS_PATH}clsConnection.php";
require_once "${_CLASS_PATH}clsDB.php";
require_once "${_UMS_PATH}clsUser.php";
setnocache();
session_start();
if (logged_in()) {
$oU = &$_SESSION["oU"];
$oU->Lang = (isset($_GET["lang"]) && $_GET["lang"] == "") ? "th" : $_GET["lang"];
if (isset($_GET["StID"]) && $_GET["StID"] != "") $oU->StID = $_GET["StID"];
if (isset($_GET["GpID"]) && $_GET["GpID"] != "") $oU->GpID = $_GET["GpID"];
if (isset($_GET["MnID"]) && $_GET["MnID"] != "") $oU->MnID = $_GET["MnID"];
if (isset($_GET["MmnID"]) && $_GET["MmnID"] != "") $oU->MmnID = $_GET["MmnID"];
update_user_status();
$oU->GetRightsByMenu();
include_once "${_UMS_PATH}clsUmMenu.php";
include_once "${_UMS_PATH}clsUmPermission.php";
include_once "${_UMS_PATH}clsUmGPermission.php";
include_once "${_UMS_PATH}clsUmUserGroup.php";
include_once "${_UMS_PATH}clsUmGroup.php";
if (isset($_GET["mm"]))
ob_start("incsubmenuTpl");
else
ob_start("nonsubmenuTpl");
} else {
$full_url = $GLOBALS["_PROTOCOL"] . $GLOBALS["_INFO_INDEX"];
header("Location: $full_url");
}
function wangguard_users()
{
global $wpdb, $wangguard_is_network_admin, $wangguard_nonce, $wangguard_g_splog_users_count;
if (!current_user_can('level_10')) {
die(__('Cheatin’ uh?', 'wangguard'));
}
include 'wangguard-class-wp-users.php';
$wp_list_table = new WangGuard_Users_Table();
$pagenum = $wp_list_table->get_pagenum();
$messages = array();
switch ($wp_list_table->current_action()) {
case 'delete':
if (!wp_verify_nonce($_REQUEST['_wpnonce'], "bulk-users")) {
die("bad nonce");
}
//report selected users
$reportedUsers = 0;
$users = (array) @$_REQUEST['users'];
if (wangguard_is_multisite() && function_exists("wpmu_delete_user")) {
$delFunc = 'wpmu_delete_user';
} else {
if (!function_exists('wp_delete_user')) {
@(include_once ABSPATH . 'wp-admin/includes/user.php');
}
$delFunc = 'wp_delete_user';
}
$deletedUsers = 0;
foreach ($users as $spuserID) {
$user_object = new WP_User($spuserID);
if (!wangguard_is_admin($user_object)) {
$delFunc($spuserID);
$deletedUsers++;
}
}
if ($deletedUsers) {
$messages[] = '<div id="message" class="updated fade"><p><strong>' . sprintf(__("%d user(s) were deleted", "wangguard"), $deletedUsers) . '</strong></p></div>';
}
break;
case 'reportassplog':
if (!wp_verify_nonce($_REQUEST['_wpnonce'], "bulk-users")) {
die("bad nonce");
}
//report selected users
$reportedUsers = 0;
$users = (array) $_REQUEST['users'];
$res = wangguard_report_users($users);
$resArr = explode(",", $res);
$reportedUsers = count($users) == 0 ? 0 : count($resArr);
if ($reportedUsers) {
if (wangguard_get_option("wangguard-delete-users-on-report") == '1') {
$messages[] = '<div id="message" class="updated fade"><p><strong>' . sprintf(__("%d user(s) were reported as Splogger(s) and deleted", "wangguard"), $reportedUsers) . '</strong></p></div>';
} else {
$messages[] = '<div id="message" class="updated fade"><p><strong>' . sprintf(__("%d user(s) were reported as Splogger(s)", "wangguard"), $reportedUsers) . '</strong></p></div>';
}
}
break;
case 'spam':
$spamUsers = 0;
$users = (array) $_REQUEST['users'];
foreach ($users as $spuserID) {
$user = new WP_User($spuserID);
if (in_array($user->user_login, get_super_admins())) {
continue;
}
if (function_exists('get_blogs_of_user') && function_exists('update_blog_status')) {
$blogs = get_blogs_of_user($spuserID, true);
foreach ((array) $blogs as $key => $details) {
// if ( $details->userblog_id != $current_site->blog_id ) // main blog not a spam !
// update_blog_status( $details->userblog_id, 'spam', '1' );
$isMainBlog = false;
if (isset($current_site)) {
$isMainBlog = $details->userblog_id != $current_site->blog_id;
// main blog not a spam !
} elseif (defined("BP_ROOT_BLOG")) {
$isMainBlog = 1 == $details->userblog_id || BP_ROOT_BLOG == $details->userblog_id;
} else {
$isMainBlog = $details->userblog_id == 1;
}
$userIsAuthor = false;
if (!$isMainBlog) {
//Only works on WP 3+
$blog_prefix = $wpdb->get_blog_prefix($details->userblog_id);
$authorcaps = $wpdb->get_var(sprintf("SELECT meta_value as caps FROM {$wpdb->users} u, {$wpdb->usermeta} um WHERE u.ID = %d and u.ID = um.user_id AND meta_key = '{$blog_prefix}capabilities'", $spuserID));
$caps = maybe_unserialize($authorcaps);
$userIsAuthor = isset($caps['administrator']);
}
//Update blog to spam if the user is the author and its not the main blog
if (!$isMainBlog && $userIsAuthor) {
@update_blog_status($details->userblog_id, 'spam', '1');
//remove blog from queue
$table_name = $wpdb->base_prefix . "wangguardreportqueue";
$wpdb->query($wpdb->prepare("delete from {$table_name} where blog_id = '%d'", $details->userblog_id));
}
}
}
if (function_exists('update_user_status')) {
update_user_status($spuserID, 'spam', '1');
}
$wpdb->update($wpdb->users, array('user_status' => 1), array('ID' => $spuserID));
$spamUsers++;
}
if ($spamUsers) {
$messages[] = '<div id="message" class="updated fade"><p><strong>' . sprintf(__("%d user(s) were marked as Spam", "wangguard"), $spamUsers) . '</strong></p></div>';
}
break;
case 'notspam':
$spamUsers = 0;
$users = (array) $_REQUEST['users'];
foreach ($users as $spuserID) {
if (function_exists('get_blogs_of_user') && function_exists('update_blog_status')) {
$blogs = get_blogs_of_user($spuserID, true);
foreach ((array) $blogs as $key => $details) {
update_blog_status($details->userblog_id, 'spam', '0');
}
}
if (function_exists('update_user_status')) {
update_user_status($spuserID, 'spam', '0');
}
$wpdb->update($wpdb->users, array('user_status' => 0), array('ID' => $spuserID));
$spamUsers++;
}
if ($spamUsers) {
$messages[] = '<div id="message" class="updated fade"><p><strong>' . sprintf(__("%d user(s) were marked as Safe", "wangguard"), $spamUsers) . '</strong></p></div>';
}
break;
}
if (count($messages)) {
foreach ($messages as $msg) {
echo $msg;
}
}
?>
<div class="wrap" id="wangguard-users-cont">
<div class="wangguard-confico"><img src="<?php
echo WP_PLUGIN_URL;
?>
/wangguard/img/users.png" alt="<?php
echo htmlentities(__('WangGuard Users', 'wangguard'));
?>
" /></div>
<div class="icon32" id="icon-wangguard"><br></div>
<h2><?php
_e('WangGuard Users', 'wangguard');
?>
</h2>
<?php
$wp_list_table->prepare_items();
?>
<form action="" method="get">
<input type="hidden" name="page" value="wangguard_users" />
<?php
$wp_list_table->search_box(__('Search Users'), 'user');
?>
</form>
<form action="admin.php" method="get" id="wangguard-users-form">
<input type="hidden" name="page" value="wangguard_users" />
<?php
$total_pages = $wp_list_table->get_pagination_arg('total_pages');
if ($pagenum > $total_pages && $total_pages > 0) {
wp_redirect(add_query_arg('paged', $total_pages));
exit;
}
$wp_list_table->views();
?>
<?php
$requestType = "";
if (isset($_REQUEST['type'])) {
$requestType = $_REQUEST['type'];
}
if ($requestType == 'spl') {
?>
<div id="wangguard-deleteallsplcont" class="subsubsub"><a class="button-primary" id="wangguard-deleteallspl" href="javascript:void(0)"><?php
echo __('Delete All Sploggers', 'wangguard');
?>
</a></div>
<script type="text/javascript">
<?php
$urlFunc = "admin_url";
if ($wangguard_is_network_admin && function_exists("network_admin_url")) {
$urlFunc = "network_admin_url";
}
$deleteSPURL = $urlFunc('admin.php?page=wangguard_wizard&wangguard_delete_splogguers=1&wangguard_splogcnt=' . $wangguard_g_splog_users_count . '&wangguard_step=3&_wpnonce=' . wp_create_nonce($wangguard_nonce));
?>
jQuery("a#wangguard-deleteallspl").click(function() {
if (confirm('<?php
echo __('Do you confirm to delete ALL Sploggers?', 'wangguard');
?>
')) {
document.location = '<?php
echo $deleteSPURL;
?>
';
}
});
</script>
<?php
}
?>
<?php
$wp_list_table->display();
?>
</form>
<br class="clear" />
</div>
<?php
}
function ust_do_ajax()
{
global $wpdb, $current_site;
//make sure we have permission!
if (!current_user_can('manage_sites')) {
die;
}
if (isset($_POST['url'])) {
$query = parse_url($_POST['url']);
parse_str($query['query'], $_GET);
}
//process any actions and messages
if (isset($_GET['spam_user'])) {
//spam a user and all blogs they are associated with
//don't spam site admin
$user_info = get_userdata((int) $_GET['spam_user']);
if (!is_super_admin($user_info->user_login)) {
$blogs = get_blogs_of_user((int) $_GET['spam_user'], true);
foreach ((array) $blogs as $key => $details) {
if ($details->userblog_id == $current_site->blog_id) {
continue;
}
// main blog not a spam !
update_blog_status($details->userblog_id, "spam", '1');
set_time_limit(60);
}
update_user_status((int) $_GET['spam_user'], "spam", '1');
}
} else {
if (isset($_POST['check_ip'])) {
//count all blogs created or modified with the IP address
$ip_query = parse_url($_POST['check_ip']);
parse_str($ip_query['query'], $ip_data);
$spam_ip = addslashes($ip_data['spam_ip']);
$query = "SELECT COUNT(b.blog_id)\r\n \t\t\t\tFROM {$wpdb->blogs} b, {$wpdb->registration_log} r, {$wpdb->base_prefix}ust u\r\n \t\t\t\tWHERE b.site_id = '{$wpdb->siteid}'\r\n \t\t\t\tAND b.blog_id = r.blog_id\r\n \t\t\t\tAND b.blog_id = u.blog_id\r\n \t\t\t\tAND b.spam = 0\r\n \t\t\t\tAND (r.IP = '{$spam_ip}' OR u.last_ip = '{$spam_ip}')";
$query2 = "SELECT COUNT(b.blog_id)\r\n \t\t\t\tFROM {$wpdb->blogs} b, {$wpdb->registration_log} r, {$wpdb->base_prefix}ust u\r\n \t\t\t\tWHERE b.site_id = '{$wpdb->siteid}'\r\n \t\t\t\tAND b.blog_id = r.blog_id\r\n \t\t\t\tAND b.blog_id = u.blog_id\r\n \t\t\t\tAND b.spam = 1\r\n \t\t\t\tAND (r.IP = '{$spam_ip}' OR u.last_ip = '{$spam_ip}')";
//return json response
echo '{"num":"' . $wpdb->get_var($query) . '", "numspam":"' . $wpdb->get_var($query2) . '", "bid":"' . $ip_data['id'] . '", "ip":"' . $ip_data['spam_ip'] . '"}';
} else {
if (isset($_GET['spam_ip'])) {
//spam all blogs created or modified with the IP address
$spam_ip = addslashes($_GET['spam_ip']);
$query = "SELECT b.blog_id\r\n \t\t\t\tFROM {$wpdb->blogs} b, {$wpdb->registration_log} r, {$wpdb->base_prefix}ust u\r\n \t\t\t\tWHERE b.site_id = '{$wpdb->siteid}'\r\n \t\t\t\tAND b.blog_id = r.blog_id\r\n \t\t\t\tAND b.blog_id = u.blog_id\r\n \t\t\t\tAND b.spam = 0\r\n \t\t\t\tAND (r.IP = '{$spam_ip}' OR u.last_ip = '{$spam_ip}')";
$blogs = $wpdb->get_results($query, ARRAY_A);
foreach ((array) $blogs as $blog) {
if ($blog['blog_id'] == $current_site->blog_id) {
continue;
}
// main blog not a spam !
update_blog_status($blog['blog_id'], "spam", '1');
set_time_limit(60);
}
} else {
if (isset($_GET['ignore_blog'])) {
//ignore a single blog so it doesn't show up on the possible spam list
ust_blog_ignore((int) $_GET['id']);
echo $_GET['id'];
} else {
if (isset($_GET['unignore_blog'])) {
//unignore a single blog so it can show up on the possible spam list
ust_blog_unignore((int) $_GET['id']);
echo $_GET['id'];
} else {
if (isset($_GET['spam_blog'])) {
//spam a single blog
update_blog_status((int) $_GET['id'], "spam", '1');
echo $_GET['id'];
} else {
if (isset($_GET['unspam_blog'])) {
update_blog_status((int) $_GET['id'], "spam", '0');
ust_blog_ignore((int) $_GET['id'], false);
echo $_GET['id'];
} else {
if (isset($_POST['allblogs'])) {
parse_str($_POST['allblogs'], $blog_list);
foreach ((array) $blog_list['allblogs'] as $key => $val) {
if ($val != '0' && $val != $current_site->blog_id) {
if (isset($_POST['allblog_ignore'])) {
ust_blog_ignore($val);
set_time_limit(60);
} else {
if (isset($_POST['allblog_unignore'])) {
ust_blog_unignore($val);
set_time_limit(60);
} else {
if (isset($_POST['allblog_spam'])) {
update_blog_status($val, "spam", '1');
set_time_limit(60);
} else {
if (isset($_POST['allblog_notspam'])) {
update_blog_status($val, "spam", '0');
ust_blog_ignore($val, false);
set_time_limit(60);
}
}
}
}
}
}
_e("Selected blogs processed", 'ust');
}
}
}
}
}
}
}
}
die;
}
//process any actions and messages
if (isset($_GET['spam_user'])) {
//spam a user and all blogs they are associated with
//don't spam site admin
$user_info = get_userdata((int) $_GET['spam_user']);
if (!is_super_admin($user_info->user_login)) {
$blogs = get_blogs_of_user((int) $_GET['spam_user'], true);
foreach ((array) $blogs as $key => $details) {
if ($details->userblog_id == $current_site->blog_id) {
continue;
}
// main blog not a spam !
update_blog_status($details->userblog_id, "spam", '1');
set_time_limit(60);
}
update_user_status((int) $_GET['spam_user'], "spam", '1');
$_GET['updatedmsg'] = sprintf(__('%s blog(s) spammed for user!', 'ust'), count($blogs));
}
} else {
if (isset($_GET['spam_ip'])) {
//spam all blogs created or modified with the IP address
$spam_ip = addslashes($_GET['spam_ip']);
$query = "SELECT b.blog_id\n\t\t\t\t\t\t\tFROM {$wpdb->blogs} b, {$wpdb->registration_log} r, {$wpdb->base_prefix}ust u\n\t\t\t\t\t\t\tWHERE b.site_id = '{$wpdb->siteid}'\n\t\t\t\t\t\t\tAND b.blog_id = r.blog_id\n\t\t\t\t\t\t\tAND b.blog_id = u.blog_id\n\t\t\t\t\t\t\tAND b.spam = 0\n\t\t\t\t\t\t\tAND (r.IP = '{$spam_ip}' OR u.last_ip = '{$spam_ip}')";
$blogs = $wpdb->get_results($query, ARRAY_A);
foreach ((array) $blogs as $blog) {
if ($blog['blog_id'] == $current_site->blog_id) {
continue;
}
// main blog not a spam !
update_blog_status($blog['blog_id'], "spam", '1');
set_time_limit(60);
$blogs = get_blogs_of_user($user_id, true);
foreach ((array) $blogs as $details) {
if ($details->userblog_id != get_network()->site_id) {
// main blog not a spam !
update_blog_status($details->userblog_id, 'spam', '1');
}
}
update_user_status($user_id, 'spam', '1');
break;
case 'notspam':
$userfunction = 'all_notspam';
$blogs = get_blogs_of_user($user_id, true);
foreach ((array) $blogs as $details) {
update_blog_status($details->userblog_id, 'spam', '0');
}
update_user_status($user_id, 'spam', '0');
break;
}
}
}
if (!in_array($doaction, array('delete', 'spam', 'notspam'), true)) {
$sendback = wp_get_referer();
$user_ids = (array) $_POST['allusers'];
/** This action is documented in wp-admin/network/site-themes.php */
$sendback = apply_filters('handle_network_bulk_actions-' . get_current_screen()->id, $sendback, $doaction, $user_ids);
wp_safe_redirect($sendback);
exit;
}
wp_safe_redirect(add_query_arg(array('updated' => 'true', 'action' => $userfunction), wp_get_referer()));
} else {
$location = network_admin_url('users.php');
/**
* Executes an scheduled job
* @param int $cronid
*/
function wangguard_cronjob_runner($cronid)
{
global $wpdb, $wangguard_api_key, $wangguard_cronjob_actions_options, $wangguard_is_network_admin;
if (wangguard_is_multisite()) {
$spamFieldName = "spam";
} else {
$spamFieldName = "user_status";
}
//get job ID
$cronid = (int) $cronid;
$cronjobs_table_name = $wpdb->base_prefix . "wangguardcronjobs";
$wgcron = $wpdb->get_results("select * from {$cronjobs_table_name} where id = {$cronid}");
if (!isset($wgcron[0])) {
return;
}
//init vars
$cronjob = $wgcron[0];
$checkedUsers = $detectedSploggers = 0;
$cleanUsers = array();
$sploggersUsers = array();
$message = 'WangGuard Cron Job # ' . $cronid . "\n\n";
//setup cron args
$args = array((int) $cronjob->id);
//delete the job, prevents being locked and runned again, WP should re schedule it
$timestamp = wp_next_scheduled('wangguard_cronjob_runner', $args);
wp_unschedule_event($timestamp, 'wangguard_cronjob_runner', $args);
//store last run time
$wpdb->query("update {$cronjobs_table_name} set LastRun = CURRENT_TIMESTAMP where id = {$cronid}");
//re schedule the job at the configured time
$timestampNextRun = wangguard_get_next_schedule($cronjob->RunOn, $cronjob->RunAt);
wp_schedule_single_event($timestampNextRun, 'wangguard_cronjob_runner', $args);
$humanizedNextRun = date(get_option('date_format') . ' ' . get_option('time_format'), $timestampNextRun);
//api key is valid?
$valid = wangguard_verify_key($wangguard_api_key);
if ($valid == 'failed' || $valid == 'invalid') {
$message .= __('Your WangGuard API KEY is invalid.', 'wangguard');
} else {
$userStatusTable = $wpdb->base_prefix . "wangguarduserstatus";
$message .= __("Action", 'wangguard') . ": " . $wangguard_cronjob_actions_options[$cronjob->Action] . "\n\n";
$timeFrom = mktime(0, 0, 0, date('n'), date('j'), date('Y')) - $cronjob->UsersTF * 86400;
set_time_limit(300);
$goodUsers = $wpdb->get_col("select ID from {$wpdb->users} where user_registered >= FROM_UNIXTIME( {$timeFrom} )");
if (count($goodUsers)) {
$message .= sprintf(__("Verifying %d new users since", 'wangguard'), count($goodUsers)) . ' ' . date(get_option('date_format'), $timeFrom) . "\n\n";
foreach ($goodUsers as $userid) {
$user_check_status = "-";
set_time_limit(120);
$user_object = new WP_User($userid);
//get the WangGuard user status, if status is force-checked then ignore the user
$user_status = $wpdb->get_var($wpdb->prepare("select user_status from {$userStatusTable} where ID = %d", $userid));
if ($user_status == 'force-checked' || $user_status == 'buyer') {
$user_check_status = "force-checked";
} else {
//verify the user only if it's not already flagged
$user_check_status = $user_status != "reported" ? wangguard_verify_user($user_object) : "reported";
}
$checkedUsers++;
if ($user_check_status == "reported") {
//user was detected as splogger
$detectedSploggers++;
$sploggersUsers[] = $user_object->display_name . " (" . $user_object->user_email . ")";
//what to do with this user
switch ($cronjob->Action) {
case "f":
// Now we mark a user as spam, there is a problem related to BuddyPress permissions, so the splogger activity will not removed. http://buddypress.trac.wordpress.org/ticket/5233
if (function_exists('update_user_status')) {
update_user_status($userid, 'spam', '1');
} else {
$wpdb->query($wpdb->prepare("update {$wpdb->users} set {$spamFieldName} = 1 where ID = %d", $userid));
}
break;
case "d":
//Delete detected Sploggers----------------------------------------------------------------------------------------------------------
wangguard_delete_user_and_blogs($userid);
break;
}
} else {
$cleanUsers[] = $user_object->display_name . " (" . $user_object->user_email . ")";
}
}
if (count($cleanUsers)) {
$message .= __("--- Verified Users ---", 'wangguard') . "\n" . implode("\n", $cleanUsers) . "\n\n";
}
if (count($sploggersUsers)) {
$message .= __("--- Detected Sploggers ---", 'wangguard') . "\n" . implode("\n", $sploggersUsers) . "\n\n";
}
} else {
$message .= __("No new users to verify since ", 'wangguard') . date(get_option('date_format'), $timeFrom);
}
}
//bottom link
$urlFunc = "admin_url";
if ($wangguard_is_network_admin && function_exists("network_admin_url")) {
$urlFunc = "network_admin_url";
}
$site_url = $urlFunc("admin.php?page=wangguard_users");
$message .= "\n\n" . __("Next run ", "wangguard") . $humanizedNextRun;
$message .= "\n\n" . __("Click here to manage users: ", "wangguard") . "\n" . $site_url;
$message .= "\n\nWangGuard - www.wangguard.com";
//Notify admin
$admin_email = get_site_option('admin_email');
if ($admin_email == '') {
$admin_email = 'support@' . $_SERVER['SERVER_NAME'];
}
$from_name = get_site_option('site_name') == '' ? 'WordPress' : esc_html(get_site_option('site_name'));
$message_headers = "From: \"{$from_name}\" <{$admin_email}>\n" . "Content-Type: text/plain; charset=\"" . get_option('blog_charset') . "\"\n";
if (is_multisite()) {
$current_site = new stdClass();
$current_site = get_current_site();
} else {
$current_site = new stdClass();
}
if (empty($current_site->site_name)) {
$current_site->site_name = 'WordPress';
}
$subject = sprintf('WangGuard Cron Job # ' . $cronid . ' - ' . __('Verified: %d - Sploggers: %d'), $checkedUsers, $detectedSploggers);
@wp_mail($admin_email, $subject, $message, $message_headers);
}
function wangguard_wizard()
{
global $wpdb, $wangguard_nonce, $wangguard_api_key, $wangguard_is_network_admin;
$urlFunc = "admin_url";
if ($wangguard_is_network_admin && function_exists("network_admin_url")) {
$urlFunc = "network_admin_url";
}
if (wangguard_is_multisite()) {
$spamFieldName = "spam";
$sqlSpamWhere = "spam = 1";
$sqlNoSpamWhere = "spam = 0";
} else {
$spamFieldName = "user_status";
$sqlSpamWhere = "user_status = 1";
$sqlNoSpamWhere = "user_status <> 1";
}
if (!current_user_can('level_10')) {
die(__('Cheatin’ uh?', 'wangguard'));
}
$step = 0;
if (isset($_REQUEST['wangguard_step'])) {
$step = (int) $_REQUEST['wangguard_step'];
}
if (isset($_POST['submit']) || !empty($step)) {
check_admin_referer($wangguard_nonce);
}
?>
<div class="wrap" id="wangguard-wizard-cont">
<div class="wangguard-confico"><img src="<?php
echo WP_PLUGIN_URL;
?>
/wangguard/img/wizard.png" alt="<?php
echo htmlentities(__('WangGuard Wizard', 'wangguard'));
?>
" /></div>
<div class="icon32" id="icon-wangguard"><br></div>
<h2><?php
_e('WangGuard Wizard', 'wangguard');
?>
</h2>
<script type="text/javascript">
function wangguard_progress() {
jQuery("#wangguard-visible-step-status").hide();
jQuery("#wangguard-hidden-step-status").show();
return true;
}
jQuery(document).ready(function() {
jQuery(".wangguard-hidewhendone").hide();
});
</script>
<form action="admin.php" method="get" id="wangguardWizardForm" name="wangguardWizardForm" onsubmit="return wangguard_progress()">
<input type="hidden" name="page" value="wangguard_wizard" />
<?php
echo wp_nonce_field($wangguard_nonce);
?>
<?php
switch ($step) {
case "1":
?>
<div id="wangguard-visible-step-status">
<h3><?php
echo __("Reporting spam users to WangGuard...", "wangguard");
?>
</h3>
<?php
$usersPerStint = 50;
//how many users to check on each iteration
$fromUser = isset($_REQUEST['wangguard_wiz_from']) ? (int) $_REQUEST['wangguard_wiz_from'] : 0;
if ($fromUser < 0) {
$fromUser = 0;
}
$spamUsersTotal = $wpdb->get_col("select count(*) from {$wpdb->users} where {$sqlSpamWhere}");
$spamUsersTotal = $spamUsersTotal[0];
$step1Finished = $fromUser > 0 && $fromUser >= $spamUsersTotal;
if (!$step1Finished) {
$spamUsers = $wpdb->get_col("select ID from {$wpdb->users} where {$sqlSpamWhere} order by ID LIMIT {$fromUser} , {$usersPerStint}");
$userCount = count($spamUsers);
$reportingUserFrom = $fromUser + $usersPerStint;
$reportingUserFrom = $reportingUserFrom > $spamUsersTotal ? $spamUsersTotal : $reportingUserFrom;
if ($userCount == 0) {
?>
<p><?php
echo __("No spam users were found on your site. Click the button below to check your users.", "wangguard");
?>
</p>
<input type="hidden" name="wangguard_step" value="2" />
<p class="submit"><input type="submit" name="submit" class="button-primary" value="<?php
_e('Continue', 'wangguard');
?>
" /></p>
<?php
} else {
?>
<p><img id="wangguard-progress-wait" style="vertical-align: middle; margin-right: 8px;" src="<?php
echo esc_url(admin_url('images/wpspin_light.gif'));
?>
" alt="..." /><?php
echo sprintf(__("The WangGuard wizard is reporting %d of %d spam users as Sploggers.", "wangguard"), $reportingUserFrom, $spamUsersTotal);
?>
</p>
<?php
@flush();
?>
<?php
@ob_flush();
?>
<?php
$progress = 0;
$reported = 0;
$lastProgressSent = 0;
foreach ($spamUsers as $userid) {
//get the WangGuard user status, if status is force-checked then ignore the user
$table_name = $wpdb->base_prefix . "wangguarduserstatus";
$user_status = $wpdb->get_var($wpdb->prepare("select user_status from {$table_name} where ID = %d", $userid));
if ($user_status == 'force-checked') {
continue;
}
$dummyArr = array();
$dummyArr[] = $userid;
set_time_limit(15);
wangguard_report_users($dummyArr, "email", false);
$reported++;
}
?>
<input type="hidden" name="wangguard_wiz_from" value="<?php
echo $fromUser + $usersPerStint;
?>
" />
<script type="text/javascript">
document.getElementById('wangguardWizardForm').onsubmit='';
jQuery(document).ready(function() {
location.href='admin.php?page=wangguard_wizard&wangguard_step=1&wangguard_wiz_from=<?php
echo $fromUser + $usersPerStint;
?>
&_wpnonce=<?php
echo wp_create_nonce($wangguard_nonce);
?>
';
});
</script>
<input type="hidden" name="wangguard_step" value="1" />
<?php
}
?>
<?php
} else {
?>
<p><?php
echo __("The WangGuard wizard has finished reporting spam users. Click the button below to check the rest of your users.", "wangguard");
?>
</p>
<input type="hidden" name="wangguard_step" value="2" />
<p class="submit"><input type="submit" name="submit" class="button-primary" value="<?php
_e('Continue', 'wangguard');
?>
" /></p>
<?php
}
?>
</div>
<?php
if ($step1Finished) {
?>
<div id="wangguard-hidden-step-status" style="display: none">
<h3><?php
echo __("Verifying users against the WangGuard service...", "wangguard");
?>
</h3>
<?php
$goodUsers = $wpdb->get_col("select ID from {$wpdb->users} where {$sqlNoSpamWhere}");
$userCount = count($goodUsers);
if ($userCount == 0) {
?>
<p><img id="wangguard-progress-wait" style="vertical-align: middle; margin-right: 8px;" src="<?php
echo esc_url(admin_url('images/wpspin_light.gif'));
?>
" alt="..." /></p>
<?php
} else {
?>
<p><img id="wangguard-progress-wait" style="vertical-align: middle; margin-right: 8px;" src="<?php
echo esc_url(admin_url('images/wpspin_light.gif'));
?>
" alt="..." /><?php
echo sprintf(__("The WangGuard wizard is verifying %d users against the WangGuard service.", "wangguard"), $userCount);
?>
</p>
<?php
}
?>
</div>
<?php
}
?>
<?php
break;
case "2":
?>
<div id="wangguard-visible-step-status">
<h3><?php
echo __("Verifying users against the WangGuard service...", "wangguard");
?>
</h3>
<?php
$usersPerStint = 50;
//how many users to check on each iteration
$fromUser = isset($_REQUEST['wangguard_wiz_from']) ? (int) $_REQUEST['wangguard_wiz_from'] : 0;
if ($fromUser < 0) {
$fromUser = 0;
}
$goodUsersTotal = $wpdb->get_col("select count(*) from {$wpdb->users} where {$sqlNoSpamWhere}");
$goodUsersTotal = $goodUsersTotal[0];
$step2Finished = $fromUser > 0 && $fromUser >= $goodUsersTotal;
$reported = isset($_REQUEST['reported']) ? (int) $_REQUEST['reported'] : 0;
$noUsersToCheck = false;
if (!$step2Finished) {
$goodUsers = $wpdb->get_col("select ID from {$wpdb->users} where {$sqlNoSpamWhere} ORDER BY ID LIMIT {$fromUser} , {$usersPerStint}");
$userCount = count($goodUsers);
$reportingUserFrom = $fromUser + $usersPerStint;
$reportingUserFrom = $reportingUserFrom > $goodUsersTotal ? $goodUsersTotal : $reportingUserFrom;
if ($userCount == 0) {
$step2Finished = true;
$noUsersToCheck = true;
?>
<p><?php
echo __("No users were found on your site.", "wangguard");
?>
</p>
<?php
} else {
?>
<p><img id="wangguard-progress-wait" style="vertical-align: middle; margin-right: 8px;" src="<?php
echo esc_url(admin_url('images/wpspin_light.gif'));
?>
" alt="..." /><?php
echo sprintf(__("The WangGuard wizard is verifying %d of %d users against the WangGuard service.", "wangguard"), $reportingUserFrom, $goodUsersTotal);
?>
</p>
<?php
@flush();
?>
<?php
@ob_flush();
?>
<?php
$progress = 0;
$verified = 0;
$lastProgressSent = 0;
foreach ($goodUsers as $userid) {
//get the WangGuard user status, if status is force-checked then ignore the user
$table_name = $wpdb->base_prefix . "wangguarduserstatus";
$user_status = $wpdb->get_var($wpdb->prepare("select user_status from {$table_name} where ID = %d", $userid));
if ($user_status == 'force-checked') {
continue;
}
$dummyArr = array();
$dummyArr[] = $userid;
$user_object = new WP_User($userid);
set_time_limit(15);
$user_check_status = wangguard_verify_user($user_object);
if ($user_check_status == "reported") {
$reported++;
if (function_exists("update_user_status")) {
update_user_status($userid, $spamFieldName, 1);
} else {
$wpdb->query($wpdb->prepare("update {$wpdb->users} set {$spamFieldName} = 1 where ID = %d", $userid));
}
}
$verified++;
}
?>
<input type="hidden" name="wangguard_wiz_from" value="<?php
echo $fromUser + $usersPerStint;
?>
" />
<script type="text/javascript">
document.getElementById('wangguardWizardForm').onsubmit='';
jQuery(document).ready(function() {
location.href='admin.php?page=wangguard_wizard&wangguard_step=2&reported=<?php
echo $reported;
?>
&wangguard_wiz_from=<?php
echo $fromUser + $usersPerStint;
?>
&_wpnonce=<?php
echo wp_create_nonce($wangguard_nonce);
?>
';
});
</script>
<input type="hidden" name="wangguard_step" value="2" />
<?php
}
}
if ($step2Finished) {
$table_name = $wpdb->base_prefix . "wangguarduserstatus";
$reportedUsers = $wpdb->get_col("select count(*) from {$table_name} where user_status IN ( 'reported', 'autorep' )");
$reportedUsersCount = $reportedUsers[0];
if (!$noUsersToCheck) {
?>
<p><?php
echo sprintf(__("The WangGuard wizard has finished verifying your users and found <strong>%d</strong> Sploggers.", "wangguard"), $reported);
?>
</p>
<?php
}
?>
<input type="hidden" name="wangguard_step" value="3" />
<input type="hidden" name="wangguard_splogcnt" value="<?php
echo $reportedUsersCount;
?>
" />
<?php
if ($reportedUsersCount) {
?>
<p><?php
echo sprintf(__("There are <strong>%d</strong> users identified as Sploggers, you can delete them or manage them by clicking the buttons below.", "wangguard"), $reportedUsersCount);
?>
</p>
<?php
}
?>
<div id="wangguard-visible-step-status">
<input type="hidden" value="" name="wangguard_delete_splogguers" id="wangguard_delete_splogguers" />
<p class="submit">
<?php
if ($reportedUsersCount) {
?>
<input type="submit" name="do_wangguard_delete_splogguers" class="button-primary" id="do_wangguard_delete_splogguers" value="<?php
_e('Delete all Sploggers', 'wangguard');
?>
" />
<input type="button" name="button" class="button-primary" onclick="document.location='admin.php?page=wangguard_users&type=spl'" value="<?php
_e('Manage Sploggers', 'wangguard');
?>
" />
<?php
}
?>
<input type="submit" name="submit" class="button-primary" value="<?php
_e('Finish', 'wangguard');
?>
" />
</p>
</div>
<script type="text/javascript">
jQuery(document).ready(function() {
jQuery("#do_wangguard_delete_splogguers").click(function() {
if (confirm('<?php
echo addslashes(__('Do you confirm to delete all Sploggers?', 'wangguard'));
?>
')) {
jQuery('#wangguard_delete_splogguers').val('1');
return true;
}
else
return false;
});
});
</script>
<div id="wangguard-hidden-step-status" style="display: none">
<p><img id="wangguard-progress-wait" style="vertical-align: middle; margin-right: 8px;" src="<?php
echo esc_url(admin_url('images/wpspin_light.gif'));
?>
" alt="..." /></p>
</div>
<?php
}
?>
</div>
<?php
break;
case "3":
if (@$_REQUEST['wangguard_delete_splogguers'] == 1) {
$usersPerStint = 10;
//how many users to check on each iteration
$table_name = $wpdb->base_prefix . "wangguarduserstatus";
$reportedUsers = $wpdb->get_col("select ID from {$table_name} where user_status IN ( 'reported', 'autorep' ) LIMIT 0 , {$usersPerStint}");
$reportedUsersCount = count($reportedUsers);
$reportedUsersTotal = (int) @$_REQUEST['wangguard_splogcnt'];
$reportingUserFrom = (int) @$_REQUEST['wangguard_wiz_from'];
$reportingUserFrom = $reportingUserFrom > $reportedUsersTotal ? $reportedUsersTotal : $reportingUserFrom;
$step3Finished = $reportedUsersCount == 0;
if (!$step3Finished) {
?>
<h3><?php
echo __("Deleting Splogguers from your site...", "wangguard");
?>
</h3>
<p><img id="wangguard-progress-wait" style="vertical-align: middle; margin-right: 8px;" src="<?php
echo esc_url(admin_url('images/wpspin_light.gif'));
?>
" alt="..." /><?php
echo sprintf(__("The WangGuard wizard is deleting %d of %d Splogguers from your site.", "wangguard"), $reportingUserFrom, $reportedUsersTotal);
?>
</p>
<?php
@flush();
?>
<?php
@ob_flush();
?>
<?php
foreach ($reportedUsers as $userid) {
set_time_limit(15);
wangguard_delete_user_and_blogs($userid);
}
?>
<script type="text/javascript">
document.getElementById('wangguardWizardForm').onsubmit='';
jQuery(document).ready(function() {
location.href='admin.php?page=wangguard_wizard&wangguard_step=3&wangguard_delete_splogguers=1&wangguard_splogcnt=<?php
echo $reportedUsersTotal;
?>
&wangguard_wiz_from=<?php
echo $reportingUserFrom + $usersPerStint;
?>
&_wpnonce=<?php
echo wp_create_nonce($wangguard_nonce);
?>
';
});
</script>
<?php
} else {
?>
<h3><?php
echo __("The WangGuard Wizard has finished", "wangguard");
?>
</h3>
<p><?php
echo sprintf(__("%d sploggers users has been deleted from your site.", "wangguard"), $reportedUsersTotal);
?>
</p>
<p><a class="button-primary" href="<?php
echo $urlFunc('admin.php?page=wangguard_users');
?>
"><?php
echo __('Click here to manage your Users', 'wangguard');
?>
</a></p>
<?php
}
} else {
?>
<h3><?php
echo __("The WangGuard Wizard has finished", "wangguard");
?>
</h3>
<p><a class="button-primary" href="<?php
echo $urlFunc('admin.php?page=wangguard_users');
?>
"><?php
echo __('Click here to manage your Users', 'wangguard');
?>
</a></p>
<?php
}
break;
default:
?>
<div id="wangguard-visible-step-status">
<h3><?php
echo __("Welcome to the WangGuard Wizard", "wangguard");
?>
</h3>
<p><?php
echo __("This wizard will perform the following actions on your WordPress installation", "wangguard");
?>
</p>
<ol>
<li><?php
echo __("It will report to WangGuard all users you have flagged as 'spam' on your site.", "wangguard");
?>
</li>
<li><?php
echo __("For the rest of the users, it will check against WangGuard service if any of them was reported as Splogger.", "wangguard");
?>
</li>
<li><?php
echo __("It will let you know how many Sploggers the wizard found (if any) and, optionally, will let you delete your spam users and Sploggers from your site.", "wangguard");
?>
</li>
</ol>
<p><?php
echo sprintf(__("Note: The wizard will NOT verify the users flagged as %s, these are the users for which you've selected the "Not a Splogger" option from the Users admin or flagged as "Not Spam".", "wangguard"), "<span class='wangguard-status-checked'>" . __("Checked (forced)", "wangguard") . "</span>");
?>
</p>
<?php
$valid = wangguard_verify_key($wangguard_api_key);
if ($valid == 'failed' || $valid == 'invalid') {
?>
<p class="wangguard-info wangguard-error" style="margin-right: 20px;"><?php
echo __('Your WangGuard API KEY is invalid.', 'wangguard');
?>
</p>
<?php
} else {
?>
<p><?php
echo __("Click the button below when you're ready to clean your site!.", "wangguard");
?>
</p>
<input type="hidden" name="wangguard_step" value="1" />
<p class="submit"><input type="submit" name="submit" class="button-primary" value="<?php
_e('Start cleaning my site!', 'wangguard');
?>
" /></p>
<?php
}
?>
</div>
<div id="wangguard-hidden-step-status" style="display: none">
<h3><?php
echo __("Reporting spam users to WangGuard...", "wangguard");
?>
</h3>
<?php
$spamUsers = $wpdb->get_col("select ID from {$wpdb->users} where {$sqlSpamWhere}");
$userCount = count($spamUsers);
if ($userCount == 0) {
?>
<p><img id="wangguard-progress-wait" style="vertical-align: middle; margin-right: 8px;" src="<?php
echo esc_url(admin_url('images/wpspin_light.gif'));
?>
" alt="..." /></p>
<?php
} else {
?>
<p><img id="wangguard-progress-wait" style="vertical-align: middle; margin-right: 8px;" src="<?php
echo esc_url(admin_url('images/wpspin_light.gif'));
?>
" alt="..." /><?php
echo sprintf(__("The WangGuard wizard is reporting %d spam users as Sploggers.", "wangguard"), $userCount);
?>
</p>
<?php
}
?>
</div>
<?php
break;
}
?>
</form>
</div>
<?php
}
/**
* Process a spammed or unspammed user.
*
* This function is called from three places:
*
* - in bp_settings_action_capabilities() (from the front-end)
* - by bp_core_mark_user_spam_admin() (from wp-admin)
* - bp_core_mark_user_ham_admin() (from wp-admin)
*
* @since BuddyPress (1.6.0)
*
* @param int $user_id The ID of the user being spammed/hammed.
* @param string $status 'spam' if being marked as spam, 'ham' otherwise.
* @param bool $do_wp_cleanup True to force the cleanup of WordPress content
* and status, otherwise false. Generally, this should only be false if
* WordPress is expected to have performed this cleanup independently,
* as when hooked to 'make_spam_user'.
* @return bool True on success, false on failure.
*/
function bp_core_process_spammer_status($user_id, $status, $do_wp_cleanup = true)
{
global $wpdb;
// Bail if no user ID
if (empty($user_id)) {
return;
}
// Bail if user ID is super admin
if (is_super_admin($user_id)) {
return;
}
// Get the functions file
if (is_multisite()) {
require_once ABSPATH . 'wp-admin/includes/ms.php';
}
$is_spam = 'spam' == $status;
// Only you can prevent infinite loops
remove_action('make_spam_user', 'bp_core_mark_user_spam_admin');
remove_action('make_ham_user', 'bp_core_mark_user_ham_admin');
// Determine if we are on an admin page
$is_admin = is_admin();
if ($is_admin && !defined('DOING_AJAX')) {
$is_admin = (bool) (buddypress()->members->admin->user_page !== get_current_screen()->id);
}
// When marking as spam in the Dashboard, these actions are handled by WordPress
if ($do_wp_cleanup) {
// Get the blogs for the user
$blogs = get_blogs_of_user($user_id, true);
foreach ((array) array_values($blogs) as $details) {
// Do not mark the main or current root blog as spam
if (1 == $details->userblog_id || bp_get_root_blog_id() == $details->userblog_id) {
continue;
}
// Update the blog status
update_blog_status($details->userblog_id, 'spam', $is_spam);
}
// Finally, mark this user as a spammer
if (is_multisite()) {
update_user_status($user_id, 'spam', $is_spam);
}
// Always set single site status
$wpdb->update($wpdb->users, array('user_status' => $is_spam), array('ID' => $user_id));
// Call multisite actions in single site mode for good measure
if (!is_multisite()) {
$wp_action = true === $is_spam ? 'make_spam_user' : 'make_ham_user';
do_action($wp_action, bp_displayed_user_id());
}
}
// Hide this user's activity
if (true === $is_spam && bp_is_active('activity')) {
bp_activity_hide_user_activity($user_id);
}
// We need a special hook for is_spam so that components can delete data at spam time
$bp_action = true === $is_spam ? 'bp_make_spam_user' : 'bp_make_ham_user';
do_action($bp_action, $user_id);
// Allow plugins to do neat things
do_action('bp_core_process_spammer_status', $user_id, $is_spam);
// Put things back how we found them
add_action('make_spam_user', 'bp_core_mark_user_spam_admin');
add_action('make_ham_user', 'bp_core_mark_user_ham_admin');
return true;
}
/**
* @ticket 23192
*/
function test_is_user_spammy() {
$user_id = $this->factory->user->create( array(
'role' => 'author',
'user_login' => 'testuser1',
) );
$spam_username = (string) $user_id;
$spam_user_id = $this->factory->user->create( array(
'role' => 'author',
'user_login' => $spam_username,
) );
update_user_status( $spam_user_id, 'spam', '1' );
$this->assertTrue( is_user_spammy( $spam_username ) );
$this->assertFalse( is_user_spammy( 'testuser1' ) );
}
/**
* @group bp_core_process_spammer_status
*/
public function test_bp_core_process_spammer_status_ms_bulk_ham()
{
if (!is_multisite()) {
return;
}
$bp = buddypress();
$displayed_user = $bp->displayed_user;
$u1 = $this->factory->user->create();
$bp->displayed_user->id = $u1;
// Spam the user
bp_core_process_spammer_status($u1, 'spam');
$this->assertTrue(bp_is_user_spammer($u1));
// Bulk unspam in network admin uses update_user_status
update_user_status($u1, 'spam', '0');
$this->assertFalse(bp_is_user_spammer($u1));
// Reset displayed user
$bp->displayed_user = $displayed_user;
}
$blogs = get_blogs_of_user($val, true);
foreach ((array) $blogs as $key => $details) {
if ($details->userblog_id != $current_site->blog_id) {
// main blog not a spam !
update_blog_status($details->userblog_id, 'spam', '1');
}
}
update_user_status($val, 'spam', '1');
break;
case 'notspam':
$userfunction = 'all_notspam';
$blogs = get_blogs_of_user($val, true);
foreach ((array) $blogs as $key => $details) {
update_blog_status($details->userblog_id, 'spam', '0');
}
update_user_status($val, 'spam', '0');
break;
}
}
}
wp_redirect(add_query_arg(array('updated' => 'true', 'action' => $userfunction), wp_get_referer()));
} else {
$location = network_admin_url('users.php');
if (!empty($_REQUEST['paged'])) {
$location = add_query_arg('paged', (int) $_REQUEST['paged'], $location);
}
wp_redirect($location);
}
exit;
break;
case 'dodelete':
public function check_unverified_users($limit)
{
global $wpdb;
// code forked from wangguard-wizard.php line 8
if (wangguard_is_multisite()) {
$spamFieldName = "spam";
} else {
$spamFieldName = "user_status";
}
// code forked from wangguard-class-wp-users.php line 70
$table_name = $wpdb->base_prefix . "wangguarduserstatus";
$users_to_check = $wpdb->get_results("select ID from {$wpdb->users} where (not EXISTS (select user_status from {$table_name} where {$table_name}.ID = {$wpdb->users}.ID) OR EXISTS (select user_status from {$table_name} where {$table_name}.ID = {$wpdb->users}.ID and {$table_name}.user_status IN ( '', 'not-checked' ))) LIMIT {$limit}", ARRAY_A);
$verified = 0;
$reported = 0;
// code forked from wangguard-wizard.php line 156
foreach ($users_to_check as $key => $user) {
$userid = $user['ID'];
//get the WangGuard user status, if status is force-checked or buyer then ignore the user
$table_name = $wpdb->base_prefix . "wangguarduserstatus";
$user_status = $wpdb->get_var($wpdb->prepare("select user_status from {$table_name} where ID = %d", $userid));
if ($user_status == 'force-checked' || $user_status == 'buyer' || $user_status == 'whitelisted') {
continue;
}
$user_object = new WP_User($userid);
set_time_limit(300);
$user_check_status = wangguard_verify_user($user_object);
$checked_users[$userid] = $user_check_status;
if ($user_check_status == "reported") {
$reported++;
do_action('wangguard_pre_mark_user_spam_wizard');
if (function_exists("update_user_status")) {
update_user_status($userid, $spamFieldName, 1);
} else {
$wpdb->query($wpdb->prepare("update {$wpdb->users} set {$spamFieldName} = 1 where ID = %d", $userid));
}
}
$verified++;
}
$log = array('verified' => $verified, 'reported' => $reported, 'activity' => $checked_users);
return $log;
}
