Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- diff -urN -x .git -x style fluxbb/header.php fluxbb-site/forums/header.php
- --- fluxbb/header.php 2010-08-09 13:01:57.339258007 +0100
- +++ fluxbb-site/forums/header.php 2010-07-03 11:10:45.300836244 +0100
- @@ -118,7 +118,7 @@
- for (var i = 0; i < the_form.length; ++i)
- {
- var elem = the_form.elements[i]
- - if (elem.name && elem.name.substring(0, 4) == "req_")
- + if (elem.name && elem.name != "req_username" && elem.name.substring(0, 4) == "req_")
- {
- if (elem.type && (elem.type=="text" || elem.type=="textarea" || elem.type=="password" || elem.type=="file") && elem.value=='')
- {
- diff -urN -x .git -x style fluxbb/include/nospam.php fluxbb-site/forums/include/nospam.php
- --- fluxbb/include/nospam.php 1970-01-01 01:00:00.000000000 +0100
- +++ fluxbb-site/forums/include/nospam.php 2010-07-03 11:10:45.304836262 +0100
- @@ -0,0 +1,48 @@
- +<?php
- +
- +define('SPAM_NOT', 0);
- +define('SPAM_HONEYPOT', 1);
- +define('SPAM_BLACKLIST', 2);
- +
- +//
- +// Check a given IP and email against the stopforumspam API
- +//
- +function stopforumspam_check($ip, $email, $username)
- +{
- + $response = @simplexml_load_file('http://www.stopforumspam.com/api?'.http_build_query(array(
- + 'ip' => $ip,
- + 'email' => $email,
- +// 'username' => $username, // I'm not sure checking by username is a good idea...
- + )));
- + if ($response === false)
- + return false;
- +
- + foreach ($response->appears as $appears)
- + if ($appears == 'yes')
- + return true;
- +
- + return false;
- +}
- +
- +//
- +// Report a spammer to stopforumspam database
- +//
- +function stopforumspam_report($ip, $email, $username)
- +{
- + global $pun_config;
- +
- + $pun_config['o_stopforumspam_api'] = ''; // Hack, this shouldn't be hardcoded here!
- +
- + $context = stream_context_create(array('http' => array(
- + 'method' => 'POST',
- + 'header' => 'Content-type: application/x-www-form-urlencoded',
- + 'content' => http_build_query(array(
- + 'ip_addr' => $ip,
- + 'email' => $email,
- + 'username' => $username,
- + 'api_key' => $pun_config['o_stopforumspam_api'],
- + )),
- + )));
- +
- + return @file_get_contents('http://www.stopforumspam.com/add', false, $context) ? true : false;
- +}
- diff -urN -x .git -x style fluxbb/lang/English/profile.php fluxbb-site/forums/lang/English/profile.php
- --- fluxbb/lang/English/profile.php 2010-08-09 13:01:57.351754971 +0100
- +++ fluxbb-site/forums/lang/English/profile.php 2010-07-03 11:10:45.312835524 +0100
- @@ -121,6 +121,9 @@
- 'Update forums' => 'Update forums',
- 'Delete ban legend' => 'Delete (administrators only) or ban user',
- 'Delete user' => 'Delete user',
- +'Delete spammer' => 'Delete user & report spam',
- +'Delete spammer note' => 'After deletion this user will be reported as a spammer. This is intended for reporting spam bots, <strong>not</strong> annoying users!',
- +'Spammer delete redirect' => 'User deleted and reported. Redirecting …',
- 'Ban user' => 'Ban user',
- 'Confirm delete legend' => 'Important: read before deleting user',
- 'Confirm delete user' => 'Confirm delete user',
- diff -urN -x .git -x style fluxbb/lang/English/register.php fluxbb-site/forums/lang/English/register.php
- --- fluxbb/lang/English/register.php 2010-08-09 13:01:57.351754971 +0100
- +++ fluxbb-site/forums/lang/English/register.php 2010-07-03 11:10:45.312835524 +0100
- @@ -33,5 +33,7 @@
- 'Pass info' => 'Passwords must be at least 4 characters long. Passwords are case sensitive.',
- 'Email info' => 'You must enter a valid email address as your randomly generated password will be sent to that address.',
- 'Confirm email' => 'Confirm email address',
- +'If human' => 'If you are human please leave this field blank!',
- +'Spam catch' => 'Unfortunately it looks like your request is spam. If you feel this is a mistake, please direct any inquiries to the forum administrator at',
- );
- diff -urN -x .git -x style fluxbb/profile.php fluxbb-site/forums/profile.php
- --- fluxbb/profile.php 2010-08-09 13:01:57.355755438 +0100
- +++ fluxbb-site/forums/profile.php 2010-07-03 11:10:45.312835524 +0100
- @@ -522,7 +522,7 @@
- }
- -else if (isset($_POST['delete_user']) || isset($_POST['delete_user_comply']))
- +else if (isset($_POST['delete_user']) || isset($_POST['delete_spammer']) || isset($_POST['delete_user_comply']) || isset($_POST['delete_spammer_comply']))
- {
- if ($pun_user['g_id'] > PUN_ADMIN)
- message($lang_common['No permission']);
- @@ -530,19 +530,28 @@
- confirm_referrer('profile.php');
- // Get the username and group of the user we are deleting
- - $result = $db->query('SELECT group_id, username FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
- - list($group_id, $username) = $db->fetch_row($result);
- + $result = $db->query('SELECT group_id, username, email, registration_ip FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
- + $cur_user = $db->fetch_assoc($result);
- - if ($group_id == PUN_ADMIN)
- + if ($cur_user['group_id'] == PUN_ADMIN)
- message($lang_profile['No delete admin message']);
- - if (isset($_POST['delete_user_comply']))
- + if (isset($_POST['delete_user_comply']) || isset($_POST['delete_spammer_comply']))
- {
- + if (isset($_POST['delete_spammer_comply']))
- + {
- + // Include the antispam library
- + require PUN_ROOT.'include/nospam.php';
- +
- + // Lets report the bastard!
- + stopforumspam_report($cur_user['registration_ip'], $cur_user['email'], $cur_user['username']);
- + }
- +
- // If the user is a moderator or an administrator, we remove him/her from the moderator list in all forums as well
- - $result = $db->query('SELECT g_moderator FROM '.$db->prefix.'groups WHERE g_id='.$group_id) or error('Unable to fetch group', __FILE__, __LINE__, $db->error());
- + $result = $db->query('SELECT g_moderator FROM '.$db->prefix.'groups WHERE g_id='.$cur_user['group_id']) or error('Unable to fetch group', __FILE__, __LINE__, $db->error());
- $group_mod = $db->result($result);
- - if ($group_id == PUN_ADMIN || $group_mod == '1')
- + if ($cur_user['group_id'] == PUN_ADMIN || $group_mod == '1')
- {
- $result = $db->query('SELECT id, moderators FROM '.$db->prefix.'forums') or error('Unable to fetch forum list', __FILE__, __LINE__, $db->error());
- @@ -552,7 +561,7 @@
- if (in_array($id, $cur_moderators))
- {
- - unset($cur_moderators[$username]);
- + unset($cur_moderators[$cur_user['username']]);
- $cur_moderators = (!empty($cur_moderators)) ? '\''.$db->escape(serialize($cur_moderators)).'\'' : 'NULL';
- $db->query('UPDATE '.$db->prefix.'forums SET moderators='.$cur_moderators.' WHERE id='.$cur_forum['id']) or error('Unable to update forum', __FILE__, __LINE__, $db->error());
- @@ -600,7 +609,7 @@
- // Delete user avatar
- delete_avatar($id);
- - redirect('index.php', $lang_profile['User delete redirect']);
- + redirect('index.php', isset($_POST['delete_spammer_comply']) ? $lang_profile['Spammer delete redirect'] : $lang_profile['User delete redirect']);
- }
- $page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_common['Profile'], $lang_profile['Confirm delete user']);
- @@ -616,15 +625,16 @@
- <fieldset>
- <legend><?php echo $lang_profile['Confirm delete legend'] ?></legend>
- <div class="infldset">
- - <p><?php echo $lang_profile['Confirmation info'].' <strong>'.pun_htmlspecialchars($username).'</strong>.' ?></p>
- + <p><?php echo $lang_profile['Confirmation info'].' <strong>'.pun_htmlspecialchars($cur_user['username']).'</strong>.' ?></p>
- <div class="rbox">
- <label><input type="checkbox" name="delete_posts" value="1" checked="checked" /><?php echo $lang_profile['Delete posts'] ?><br /></label>
- </div>
- - <p class="warntext"><strong><?php echo $lang_profile['Delete warning'] ?></strong></p>
- +<?php if (isset($_POST['delete_spammer'])): ?> <p><?php echo $lang_profile['Delete spammer note'] ?></p>
- +<?php endif; ?> <p class="warntext"><strong><?php echo $lang_profile['Delete warning'] ?></strong></p>
- </div>
- </fieldset>
- </div>
- - <p class="buttons"><input type="submit" name="delete_user_comply" value="<?php echo $lang_profile['Delete'] ?>" /> <a href="javascript:history.go(-1)"><?php echo $lang_common['Go back'] ?></a></p>
- + <p class="buttons"><input type="submit" name="<?php echo (isset($_POST['delete_spammer']) ? 'delete_spammer_comply' : 'delete_user_comply'); ?>" value="<?php echo $lang_profile['Delete'] ?>" /> <a href="javascript:history.go(-1)"><?php echo $lang_common['Go back'] ?></a></p>
- </form>
- </div>
- </div>
- @@ -641,7 +651,7 @@
- if (!$db->num_rows($result))
- message($lang_common['Bad request']);
- - list($group_id, $is_moderator) = $db->fetch_row($result);
- + list($cur_user['group_id'], $is_moderator) = $db->fetch_row($result);
- if ($pun_user['id'] != $id &&
- (!$pun_user['is_admmod'] ||
- @@ -1648,7 +1658,7 @@
- ?>
- <legend><?php echo $lang_profile['Delete ban legend'] ?></legend>
- <div class="infldset">
- - <input type="submit" name="delete_user" value="<?php echo $lang_profile['Delete user'] ?>" /> <input type="submit" name="ban" value="<?php echo $lang_profile['Ban user'] ?>" />
- + <input type="submit" name="delete_user" value="<?php echo $lang_profile['Delete user'] ?>" /> <input type="submit" name="delete_spammer" value="<?php echo $lang_profile['Delete spammer'] ?>" /> <input type="submit" name="ban" value="<?php echo $lang_profile['Ban user'] ?>" />
- </div>
- </fieldset>
- </div>
- diff -urN -x .git -x style fluxbb/register.php fluxbb-site/forums/register.php
- --- fluxbb/register.php 2010-08-09 13:01:57.355755438 +0100
- +++ fluxbb-site/forums/register.php 2010-07-03 11:10:45.316835450 +0100
- @@ -71,8 +71,7 @@
- if ($db->num_rows($result))
- message($lang_register['Registration flood']);
- -
- - $username = pun_trim($_POST['req_user']);
- + $username = pun_trim($_POST['req_honeypot']);
- $email1 = strtolower(trim($_POST['req_email1']));
- if ($pun_config['o_regs_verify'] == '1')
- @@ -146,6 +145,28 @@
- if ($email_setting < 0 || $email_setting > 2)
- $email_setting = $pun_config['o_default_email_setting'];
- + // Include the antispam library
- + require PUN_ROOT.'include/nospam.php';
- +
- + $req_username = empty($username) ? pun_trim($_POST['req_username']) : $username;
- + if (!empty($_POST['req_username']))
- + $spam = SPAM_HONEYPOT;
- + else if (stopforumspam_check(get_remote_address(), $email1, $req_username))
- + $spam = SPAM_BLACKLIST;
- + else
- + $spam = SPAM_NOT;
- +
- + // Log the register attempt
- + $db->query('INSERT INTO test_registrations (username, email, email_setting, timezone, dst, ip, referer, user_agent, date, spam, errors) VALUES(\''.$db->escape($req_username).'\', \''.$db->escape($email1).'\', '.$email_setting.', '.$timezone.', '.$dst.', \''.get_remote_address().'\', \''.$db->escape($_SERVER['HTTP_REFERER']).'\', \''.$db->escape($_SERVER['HTTP_USER_AGENT']).'\', '.time().', '.$spam.', '.count($errors).')') or error('Unable to log user registration', __FILE__, __LINE__, $db->error());
- +
- + if ($spam != SPAM_NOT)
- + {
- + // Since we found a spammer, lets report the bastard!
- + stopforumspam_report(get_remote_address(), $email1, $req_username);
- +
- + message($lang_register['Spam catch'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.');
- + }
- +
- // Did everything go according to plan?
- if (empty($errors))
- {
- @@ -227,8 +248,10 @@
- $page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_register['Register']);
- -$required_fields = array('req_user' => $lang_common['Username'], 'req_password1' => $lang_common['Password'], 'req_password2' => $lang_prof_reg['Confirm pass'], 'req_email1' => $lang_common['Email'], 'req_email2' => $lang_common['Email'].' 2');
- -$focus_element = array('register', 'req_user');
- +$required_fields = array('req_honeypot' => $lang_common['Username'], 'req_password1' => $lang_common['Password'], 'req_password2' => $lang_prof_reg['Confirm pass'], 'req_email1' => $lang_common['Email'], 'req_email2' => $lang_common['Email'].' 2');
- +$focus_element = array('register', 'req_honeypot');
- +$page_head = array('<style type="text/css">#register label.usernamefield { display: none }</style>');
- +
- define('PUN_ACTIVE_PAGE', 'register');
- require PUN_ROOT.'header.php';
- @@ -280,7 +303,8 @@
- <legend><?php echo $lang_register['Username legend'] ?></legend>
- <div class="infldset">
- <input type="hidden" name="form_sent" value="1" />
- - <label class="required"><strong><?php echo $lang_common['Username'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br /><input type="text" name="req_user" value="<?php if (isset($_POST['req_user'])) echo pun_htmlspecialchars($_POST['req_user']); ?>" size="25" maxlength="25" /><br /></label>
- + <label class="required usernamefield"><strong><?php echo $lang_register['If human'] ?></strong><br /><input type="text" name="req_username" value="" size="25" maxlength="25" /><br /></label>
- + <label class="required"><strong><?php echo $lang_common['Username'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br /><input type="text" name="req_honeypot" value="<?php if (isset($_POST['req_honeypot'])) echo pun_htmlspecialchars($_POST['req_honeypot']); ?>" size="25" maxlength="25" /><br /></label>
- </div>
- </fieldset>
- </div>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement