/** * Called on the login user event * Checks for spammers * * @param type $event * @param type $type * @param type $user * @return boolean */ function login_event($event, $type, $user) { $check_login = elgg_get_plugin_setting('event_login', PLUGIN_ID); $ip = get_ip(); $user->ip_address = $ip; if ($check_login != 'no' || !$user->last_login) { // do it by default if (!check_spammer($user->email, $ip, true) && !$user->isAdmin()) { register_error(elgg_echo('spam_login_filter:access_denied_mail_blacklist')); notify_admin($user->email, $ip, "Existing member identified as spammer has tried to login, check this account"); return false; } } // check user metadata for banned words/phrases $banned = get_banned_strings(); $metadata = get_metadata_names(); if ($banned && $metadata) { foreach ($metadata as $m) { foreach ($banned as $str) { if (strpos($user->{$m}, $str) !== false) { return false; } } } } }
function display_meta_sign() { echo '<h1>RULES LIST</h1>'; if (isset($_GET['remove_trigger'])) { if (!check_csrf(TRUE)) { error('[display_meta_sign] REMOVE TRIGGER CSRF ATTEMPT', 'SECURITY'); } remove_trigger($_GET['remove_trigger']); } if (isset($_POST['CREATE']) && isset($_POST['field']) && isset($_POST['description']) && isset($_POST['label']) && isset($_POST['criticity']) && isset($_POST['type']) && ($_POST['type'] == 'std' && isset($_POST['field']) && isset($_POST['match']) || $_POST['type'] == 'meta' && isset($_POST['meta_field']) && isset($_POST['meta_match']))) { $table = ""; $description = $_POST['description']; $label = $_POST['label']; $criticity = $_POST['criticity']; $field = ''; $type = $_POST['type']; $match = ''; if ($type == "std" && isset($_POST['field'])) { $field = $_POST['field']; $match = $_POST['match']; } if ($type == "meta" && isset($_POST['meta_field'])) { $match = $_POST['meta_match']; $field = $_POST['meta_field']; } create_trigger($description, $label, $criticity, $field, $match, $type); } $triggerz = get_triggerz(); echo '<table>'; while ($res = $triggerz->fetchArray()) { $disp = '<a href="' . $_SERVER['PHP_SELF'] . '?meta_sign&view_trigger=' . secure_display($res['name']) . '">VIEW SQL TRIGGER</a>'; if (isset($_GET['view_trigger']) && $_GET['view_trigger'] == $res['name']) { $disp = secure_display($res['sql']); } echo '<tr><th class="std">' . secure_display($res['name']) . '</th><td>' . $disp . '</td><td><a href="' . $_SERVER['PHP_SELF'] . '?meta_sign&crt=' . gen_csrf(TRUE) . '&remove_trigger=' . secure_display($res['name']) . '" onclick="return confirm(\'Are you sure?\');">REMOVE</a></td></tr>'; } echo '</table>'; $meta_fields_list = ''; $meta_fields = get_metadata_names(); while ($field = $meta_fields->fetchArray()) { $meta_fields_list .= '<option value="' . $field['name'] . '">' . secure_display($field['name']) . '</option>'; } echo '<h1>CREATE RULE</h1> <form action="' . $_SERVER['PHP_SELF'] . '?meta_sign" method="POST"> ' . gen_csrf() . ' <table> <tr><th class="std">LABEL</th><td class="std"><input type="text" name="label" value=""></td></tr> <tr><th class="std">DESCRIPTION</th><td class="std"><input type="text" name="description" value=""></td></tr> <tr><th class="std">CRITICITY</th><td class="std"><select name="criticity"><option value="1">High</option><option value="2">Medium</option><option value="3">Low</option></select></td></tr> <tr><th class="std"> <select name="field"> <option value="md5">MD5</option> <option value="sign">SIGNATURE</option> </select> matches</th><td class="std"><input type="text" name="match" /> (input data is in LIKE SQL statements, use "%" as wildcards)</td><td><input type="radio" name="type" value="std" checked /></td></tr> <tr><th class="std"> <select name="meta_field"> ' . $meta_fields_list . ' </select> matches</th><td class="std"><input type="text" name="meta_match" /> (input data is in LIKE SQL statements, use "%" as wildcards)</td><td><input type="radio" name="type" value="meta" /></td></tr> <tr><th colspan="2"><input type="submit" name="CREATE" value="CREATE"/></th></tr> </table> </form>'; }