/**
* Admin side AJAX handler
*
* @global type $wpdb
*/
function wangguard_ajax_callback()
{
global $wpdb;
if (!current_user_can('level_10')) {
die;
}
$userid = intval($_POST['userid']);
$scope = $_POST['scope'];
switch ($scope) {
case "queue_blog_remove":
//remove blog from queue
$blogid = intval($_POST['blogid']);
$table_name = $wpdb->base_prefix . "wangguardreportqueue";
$wpdb->query($wpdb->prepare("delete from {$table_name} where blog_id = '%d'", $blogid));
echo "0";
break;
case "queue_user_remove":
//remove user from queue
$table_name = $wpdb->base_prefix . "wangguardreportqueue";
$wpdb->query($wpdb->prepare("delete from {$table_name} where ID = '%d'", $userid));
echo "0";
break;
case "domain":
//flag domain
$userDomain = new WP_User($userid);
$domain = wangguard_extract_domain($userDomain->user_email);
$domain = '%@' . str_replace(array("%", "_"), array("\\%", "\\_"), $domain);
//get the recordset of the users to flag
$wpusersRs = $wpdb->get_col($wpdb->prepare("select ID from {$wpdb->users} where user_email LIKE '%s'", $domain));
echo wangguard_report_users($wpusersRs, $scope);
break;
case "blog":
//flag domain
$blogid = intval($_POST['blogid']);
$blog_prefix = $wpdb->get_blog_prefix($blogid);
$authors = $wpdb->get_results("SELECT user_id, meta_value as caps FROM {$wpdb->users} u, {$wpdb->usermeta} um WHERE u.ID = um.user_id AND meta_key = '{$blog_prefix}capabilities'");
$authorsArray = array();
foreach ((array) $authors as $author) {
$caps = maybe_unserialize($author->caps);
if (!isset($caps['administrator'])) {
continue;
}
$authorsArray[] = $author->user_id;
}
echo wangguard_report_users($authorsArray, "email");
break;
case "rollback-email":
$wpusersRs = $wpdb->get_col($wpdb->prepare("select ID from {$wpdb->users} where ID = %d", $userid));
echo wangguard_rollback_report($wpusersRs);
break;
default:
//flag a user
//get the recordset of the user to flag
if (wangguard_is_multisite()) {
$spamFieldName = "spam";
} else {
$spamFieldName = "user_status";
}
if (function_exists("update_user_status")) {
update_user_status($userid, $spamFieldName, 1);
//when flagging the user as spam, the wangguard hook is called to report the user
} else {
$wpdb->query($wpdb->prepare("update {$wpdb->users} set {$spamFieldName} = 1 where ID = %d", $userid));
}
$wpusersRs = $wpdb->get_col($wpdb->prepare("select ID from {$wpdb->users} where ID = %d", $userid));
wangguard_make_spam_user($userid);
echo wangguard_report_users($wpusersRs, $scope);
break;
}
die;
}
function wangguard_report_users($wpusersRs, $scope = "email", $deleteUser = true)
{
global $wangguard_api_key;
global $wpdb;
$valid = wangguard_verify_key($wangguard_api_key);
if ($valid == 'failed') {
echo "-2";
die;
} else {
if ($valid == 'invalid') {
echo "-1";
die;
}
}
if (!$wpusersRs) {
return "0";
}
$deleteUser = get_site_option("wangguard-delete-users-on-report") == '1';
$usersFlagged = array();
foreach ($wpusersRs as $spuserID) {
$user_object = new WP_User($spuserID);
if (!wangguard_is_admin($user_object)) {
if (!empty($user_object->user_email)) {
//Get the user's client IP from which he signed up
$table_name = $wpdb->base_prefix . "wangguarduserstatus";
$clientIP = $wpdb->get_var($wpdb->prepare("select user_ip from {$table_name} where ID = %d", $user_object->ID));
$ProxyIP = $wpdb->get_var($wpdb->prepare("select user_proxy_ip from {$table_name} where ID = %d", $user_object->ID));
if ($scope == 'domain') {
$response = wangguard_http_post("wg=<in><apikey>{$wangguard_api_key}</apikey><domain>" . wangguard_extract_domain($user_object->user_email) . "</domain><ip>" . $clientIP . "</ip><proxyip>" . $ProxyIP . "</proxyip></in>", 'add-domain.php');
} elseif ($scope == 'email') {
$response = wangguard_http_post("wg=<in><apikey>{$wangguard_api_key}</apikey><email>" . $user_object->user_email . "</email><ip>" . $clientIP . "</ip><proxyip>" . $ProxyIP . "</proxyip></in>", 'add-email.php');
}
}
if ($deleteUser && current_user_can('delete_users')) {
wangguard_delete_user_and_blogs($spuserID);
} else {
global $wpdb;
$table_name = $wpdb->base_prefix . "wangguarduserstatus";
$recordExists = $wpdb->get_var($wpdb->prepare("select ID from {$table_name} where ID = %d", $spuserID));
if ($recordExists) {
//Update the new status
$table_name = $wpdb->base_prefix . "wangguarduserstatus";
$wpdb->query($wpdb->prepare("update {$table_name} set user_status = 'reported' where ID = '%d'", $spuserID));
} else {
//if for some reason user status record doesn't exists, create it
//Try to get the user's client IP from which he signed up
$table_name = $wpdb->base_prefix . "wangguardsignupsstatus";
$clientIP = $wpdb->get_var($wpdb->prepare("select user_ip from {$table_name} where signup_username = %s", $user_object->user_login));
$clientIP = is_null($clientIP) ? '' : $clientIP;
$ProxyIP = $wpdb->get_var($wpdb->prepare("select user_proxy_ip from {$table_name} where signup_username = %s", $user_object->user_login));
$ProxyIP = is_null($ProxyIP) ? '' : $ProxyIP;
//create the record
$table_name = $wpdb->base_prefix . "wangguarduserstatus";
$wpdb->query($wpdb->prepare("insert into {$table_name}(ID , user_status , user_ip , user_proxy_ip) values (%d , 'reported' , '%s' , '%s')", $spuserID, $clientIP, $ProxyIP));
}
}
$usersFlagged[] = $spuserID;
} else {
//-Admin user-
//do nothing
}
}
if (count($usersFlagged)) {
return implode(",", $usersFlagged);
} else {
return "0";
}
}
