/** * Admin side AJAX handler * * @global type $wpdb */ function wangguard_ajax_callback() { global $wpdb; if (!current_user_can('level_10')) { die; } $userid = intval($_POST['userid']); $scope = $_POST['scope']; switch ($scope) { case "queue_blog_remove": //remove blog from queue $blogid = intval($_POST['blogid']); $table_name = $wpdb->base_prefix . "wangguardreportqueue"; $wpdb->query($wpdb->prepare("delete from {$table_name} where blog_id = '%d'", $blogid)); echo "0"; break; case "queue_user_remove": //remove user from queue $table_name = $wpdb->base_prefix . "wangguardreportqueue"; $wpdb->query($wpdb->prepare("delete from {$table_name} where ID = '%d'", $userid)); echo "0"; break; case "domain": //flag domain $userDomain = new WP_User($userid); $domain = wangguard_extract_domain($userDomain->user_email); $domain = '%@' . str_replace(array("%", "_"), array("\\%", "\\_"), $domain); //get the recordset of the users to flag $wpusersRs = $wpdb->get_col($wpdb->prepare("select ID from {$wpdb->users} where user_email LIKE '%s'", $domain)); echo wangguard_report_users($wpusersRs, $scope); break; case "blog": //flag domain $blogid = intval($_POST['blogid']); $blog_prefix = $wpdb->get_blog_prefix($blogid); $authors = $wpdb->get_results("SELECT user_id, meta_value as caps FROM {$wpdb->users} u, {$wpdb->usermeta} um WHERE u.ID = um.user_id AND meta_key = '{$blog_prefix}capabilities'"); $authorsArray = array(); foreach ((array) $authors as $author) { $caps = maybe_unserialize($author->caps); if (!isset($caps['administrator'])) { continue; } $authorsArray[] = $author->user_id; } echo wangguard_report_users($authorsArray, "email"); break; case "rollback-email": $wpusersRs = $wpdb->get_col($wpdb->prepare("select ID from {$wpdb->users} where ID = %d", $userid)); echo wangguard_rollback_report($wpusersRs); break; default: //flag a user //get the recordset of the user to flag if (wangguard_is_multisite()) { $spamFieldName = "spam"; } else { $spamFieldName = "user_status"; } if (function_exists("update_user_status")) { update_user_status($userid, $spamFieldName, 1); //when flagging the user as spam, the wangguard hook is called to report the user } else { $wpdb->query($wpdb->prepare("update {$wpdb->users} set {$spamFieldName} = 1 where ID = %d", $userid)); } $wpusersRs = $wpdb->get_col($wpdb->prepare("select ID from {$wpdb->users} where ID = %d", $userid)); wangguard_make_spam_user($userid); echo wangguard_report_users($wpusersRs, $scope); break; } die; }
function wangguard_report_users($wpusersRs, $scope = "email", $deleteUser = true) { global $wangguard_api_key; global $wpdb; $valid = wangguard_verify_key($wangguard_api_key); if ($valid == 'failed') { echo "-2"; die; } else { if ($valid == 'invalid') { echo "-1"; die; } } if (!$wpusersRs) { return "0"; } $deleteUser = get_site_option("wangguard-delete-users-on-report") == '1'; $usersFlagged = array(); foreach ($wpusersRs as $spuserID) { $user_object = new WP_User($spuserID); if (!wangguard_is_admin($user_object)) { if (!empty($user_object->user_email)) { //Get the user's client IP from which he signed up $table_name = $wpdb->base_prefix . "wangguarduserstatus"; $clientIP = $wpdb->get_var($wpdb->prepare("select user_ip from {$table_name} where ID = %d", $user_object->ID)); $ProxyIP = $wpdb->get_var($wpdb->prepare("select user_proxy_ip from {$table_name} where ID = %d", $user_object->ID)); if ($scope == 'domain') { $response = wangguard_http_post("wg=<in><apikey>{$wangguard_api_key}</apikey><domain>" . wangguard_extract_domain($user_object->user_email) . "</domain><ip>" . $clientIP . "</ip><proxyip>" . $ProxyIP . "</proxyip></in>", 'add-domain.php'); } elseif ($scope == 'email') { $response = wangguard_http_post("wg=<in><apikey>{$wangguard_api_key}</apikey><email>" . $user_object->user_email . "</email><ip>" . $clientIP . "</ip><proxyip>" . $ProxyIP . "</proxyip></in>", 'add-email.php'); } } if ($deleteUser && current_user_can('delete_users')) { wangguard_delete_user_and_blogs($spuserID); } else { global $wpdb; $table_name = $wpdb->base_prefix . "wangguarduserstatus"; $recordExists = $wpdb->get_var($wpdb->prepare("select ID from {$table_name} where ID = %d", $spuserID)); if ($recordExists) { //Update the new status $table_name = $wpdb->base_prefix . "wangguarduserstatus"; $wpdb->query($wpdb->prepare("update {$table_name} set user_status = 'reported' where ID = '%d'", $spuserID)); } else { //if for some reason user status record doesn't exists, create it //Try to get the user's client IP from which he signed up $table_name = $wpdb->base_prefix . "wangguardsignupsstatus"; $clientIP = $wpdb->get_var($wpdb->prepare("select user_ip from {$table_name} where signup_username = %s", $user_object->user_login)); $clientIP = is_null($clientIP) ? '' : $clientIP; $ProxyIP = $wpdb->get_var($wpdb->prepare("select user_proxy_ip from {$table_name} where signup_username = %s", $user_object->user_login)); $ProxyIP = is_null($ProxyIP) ? '' : $ProxyIP; //create the record $table_name = $wpdb->base_prefix . "wangguarduserstatus"; $wpdb->query($wpdb->prepare("insert into {$table_name}(ID , user_status , user_ip , user_proxy_ip) values (%d , 'reported' , '%s' , '%s')", $spuserID, $clientIP, $ProxyIP)); } } $usersFlagged[] = $spuserID; } else { //-Admin user- //do nothing } } if (count($usersFlagged)) { return implode(",", $usersFlagged); } else { return "0"; } }