API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 9th, 2010
338
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Diff 13.31 KB | None | 0 0
raw download clone embed print report
  1. diff -urN -x .git -x style fluxbb/header.php fluxbb-site/forums/header.php
  2. --- fluxbb/header.php   2010-08-09 13:01:57.339258007 +0100
  3. +++ fluxbb-site/forums/header.php   2010-07-03 11:10:45.300836244 +0100
  4. @@ -118,7 +118,7 @@
  5.         for (var i = 0; i < the_form.length; ++i)
  6.         {
  7.             var elem = the_form.elements[i]
  8. -           if (elem.name && elem.name.substring(0, 4) == "req_")
  9. +           if (elem.name && elem.name != "req_username" && elem.name.substring(0, 4) == "req_")
  10.             {
  11.                 if (elem.type && (elem.type=="text" || elem.type=="textarea" || elem.type=="password" || elem.type=="file") && elem.value=='')
  12.                 {
  13. diff -urN -x .git -x style fluxbb/include/nospam.php fluxbb-site/forums/include/nospam.php
  14. --- fluxbb/include/nospam.php   1970-01-01 01:00:00.000000000 +0100
  15. +++ fluxbb-site/forums/include/nospam.php   2010-07-03 11:10:45.304836262 +0100
  16. @@ -0,0 +1,48 @@
  17. +<?php
  18. +
  19. +define('SPAM_NOT', 0);
  20. +define('SPAM_HONEYPOT', 1);
  21. +define('SPAM_BLACKLIST', 2);
  22. +
  23. +//
  24. +// Check a given IP and email against the stopforumspam API
  25. +//
  26. +function stopforumspam_check($ip, $email, $username)
  27. +{
  28. +   $response = @simplexml_load_file('http://www.stopforumspam.com/api?'.http_build_query(array(
  29. +       'ip'        => $ip,
  30. +       'email'     => $email,
  31. +//     'username'  => $username,   // I'm not sure checking by username is a good idea...
  32. +   )));
  33. +   if ($response === false)
  34. +       return false;
  35. +
  36. +   foreach ($response->appears as $appears)
  37. +       if ($appears == 'yes')
  38. +           return true;
  39. +
  40. +   return false;
  41. +}
  42. +
  43. +//
  44. +// Report a spammer to stopforumspam database
  45. +//
  46. +function stopforumspam_report($ip, $email, $username)
  47. +{
  48. +   global $pun_config;
  49. +
  50. +   $pun_config['o_stopforumspam_api'] = ''; // Hack, this shouldn't be hardcoded here!
  51. +
  52. +   $context = stream_context_create(array('http' => array(
  53. +       'method'    => 'POST',
  54. +       'header'    => 'Content-type: application/x-www-form-urlencoded',
  55. +       'content'   => http_build_query(array(
  56. +           'ip_addr'   => $ip,
  57. +           'email'     => $email,
  58. +           'username'  => $username,
  59. +           'api_key'   => $pun_config['o_stopforumspam_api'],
  60. +       )),
  61. +   )));
  62. +
  63. +   return @file_get_contents('http://www.stopforumspam.com/add', false, $context) ? true : false;
  64. +}
  65. diff -urN -x .git -x style fluxbb/lang/English/profile.php fluxbb-site/forums/lang/English/profile.php
  66. --- fluxbb/lang/English/profile.php 2010-08-09 13:01:57.351754971 +0100
  67. +++ fluxbb-site/forums/lang/English/profile.php 2010-07-03 11:10:45.312835524 +0100
  68. @@ -121,6 +121,9 @@
  69.  'Update forums'                    =>  'Update forums',
  70.  'Delete ban legend'                =>  'Delete (administrators only) or ban user',
  71.  'Delete user'                  =>  'Delete user',
  72. +'Delete spammer'               =>  'Delete user &amp; report spam',
  73. +'Delete spammer note'          =>  'After deletion this user will be reported as a spammer. This is intended for reporting spam bots, <strong>not</strong> annoying users!',
  74. +'Spammer delete redirect'      =>  'User deleted and reported. Redirecting …',
  75.  'Ban user'                     =>  'Ban user',
  76.  'Confirm delete legend'            =>  'Important: read before deleting user',
  77.  'Confirm delete user'          =>  'Confirm delete user',
  78. diff -urN -x .git -x style fluxbb/lang/English/register.php fluxbb-site/forums/lang/English/register.php
  79. --- fluxbb/lang/English/register.php    2010-08-09 13:01:57.351754971 +0100
  80. +++ fluxbb-site/forums/lang/English/register.php    2010-07-03 11:10:45.312835524 +0100
  81. @@ -33,5 +33,7 @@
  82.  'Pass info'                    =>  'Passwords must be at least 4 characters long. Passwords are case sensitive.',
  83.  'Email info'               =>  'You must enter a valid email address as your randomly generated password will be sent to that address.',
  84.  'Confirm email'                =>  'Confirm email address',
  85. +'If human'                 =>  'If you are human please leave this field blank!',
  86. +'Spam catch'               =>  'Unfortunately it looks like your request is spam. If you feel this is a mistake, please direct any inquiries to the forum administrator at',
  87.  
  88.  );
  89. diff -urN -x .git -x style fluxbb/profile.php fluxbb-site/forums/profile.php
  90. --- fluxbb/profile.php  2010-08-09 13:01:57.355755438 +0100
  91. +++ fluxbb-site/forums/profile.php  2010-07-03 11:10:45.312835524 +0100
  92. @@ -522,7 +522,7 @@
  93.  }
  94.  
  95.  
  96. -else if (isset($_POST['delete_user']) || isset($_POST['delete_user_comply']))
  97. +else if (isset($_POST['delete_user']) || isset($_POST['delete_spammer']) || isset($_POST['delete_user_comply']) || isset($_POST['delete_spammer_comply']))
  98.  {
  99.     if ($pun_user['g_id'] > PUN_ADMIN)
  100.         message($lang_common['No permission']);
  101. @@ -530,19 +530,28 @@
  102.     confirm_referrer('profile.php');
  103.  
  104.     // Get the username and group of the user we are deleting
  105. -   $result = $db->query('SELECT group_id, username FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
  106. -   list($group_id, $username) = $db->fetch_row($result);
  107. +   $result = $db->query('SELECT group_id, username, email, registration_ip FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
  108. +   $cur_user = $db->fetch_assoc($result);
  109.  
  110. -   if ($group_id == PUN_ADMIN)
  111. +   if ($cur_user['group_id'] == PUN_ADMIN)
  112.         message($lang_profile['No delete admin message']);
  113.  
  114. -   if (isset($_POST['delete_user_comply']))
  115. +   if (isset($_POST['delete_user_comply']) || isset($_POST['delete_spammer_comply']))
  116.     {
  117. +       if (isset($_POST['delete_spammer_comply']))
  118. +       {
  119. +           // Include the antispam library
  120. +           require PUN_ROOT.'include/nospam.php';
  121. +
  122. +           // Lets report the bastard!
  123. +           stopforumspam_report($cur_user['registration_ip'], $cur_user['email'], $cur_user['username']);
  124. +       }
  125. +
  126.         // If the user is a moderator or an administrator, we remove him/her from the moderator list in all forums as well
  127. -       $result = $db->query('SELECT g_moderator FROM '.$db->prefix.'groups WHERE g_id='.$group_id) or error('Unable to fetch group', __FILE__, __LINE__, $db->error());
  128. +       $result = $db->query('SELECT g_moderator FROM '.$db->prefix.'groups WHERE g_id='.$cur_user['group_id']) or error('Unable to fetch group', __FILE__, __LINE__, $db->error());
  129.         $group_mod = $db->result($result);
  130.  
  131. -       if ($group_id == PUN_ADMIN || $group_mod == '1')
  132. +       if ($cur_user['group_id'] == PUN_ADMIN || $group_mod == '1')
  133.         {
  134.             $result = $db->query('SELECT id, moderators FROM '.$db->prefix.'forums') or error('Unable to fetch forum list', __FILE__, __LINE__, $db->error());
  135.  
  136. @@ -552,7 +561,7 @@
  137.  
  138.                 if (in_array($id, $cur_moderators))
  139.                 {
  140. -                   unset($cur_moderators[$username]);
  141. +                   unset($cur_moderators[$cur_user['username']]);
  142.                     $cur_moderators = (!empty($cur_moderators)) ? '\''.$db->escape(serialize($cur_moderators)).'\'' : 'NULL';
  143.  
  144.                     $db->query('UPDATE '.$db->prefix.'forums SET moderators='.$cur_moderators.' WHERE id='.$cur_forum['id']) or error('Unable to update forum', __FILE__, __LINE__, $db->error());
  145. @@ -600,7 +609,7 @@
  146.         // Delete user avatar
  147.         delete_avatar($id);
  148.  
  149. -       redirect('index.php', $lang_profile['User delete redirect']);
  150. +       redirect('index.php', isset($_POST['delete_spammer_comply']) ? $lang_profile['Spammer delete redirect'] : $lang_profile['User delete redirect']);
  151.     }
  152.  
  153.     $page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_common['Profile'], $lang_profile['Confirm delete user']);
  154. @@ -616,15 +625,16 @@
  155.                 <fieldset>
  156.                     <legend><?php echo $lang_profile['Confirm delete legend'] ?></legend>
  157.                     <div class="infldset">
  158. -                       <p><?php echo $lang_profile['Confirmation info'].' <strong>'.pun_htmlspecialchars($username).'</strong>.' ?></p>
  159. +                       <p><?php echo $lang_profile['Confirmation info'].' <strong>'.pun_htmlspecialchars($cur_user['username']).'</strong>.' ?></p>
  160.                         <div class="rbox">
  161.                             <label><input type="checkbox" name="delete_posts" value="1" checked="checked" /><?php echo $lang_profile['Delete posts'] ?><br /></label>
  162.                         </div>
  163. -                       <p class="warntext"><strong><?php echo $lang_profile['Delete warning'] ?></strong></p>
  164. +<?php if (isset($_POST['delete_spammer'])): ?>                     <p><?php echo $lang_profile['Delete spammer note'] ?></p>
  165. +<?php endif; ?>                        <p class="warntext"><strong><?php echo $lang_profile['Delete warning'] ?></strong></p>
  166.                     </div>
  167.                 </fieldset>
  168.             </div>
  169. -           <p class="buttons"><input type="submit" name="delete_user_comply" value="<?php echo $lang_profile['Delete'] ?>" /> <a href="javascript:history.go(-1)"><?php echo $lang_common['Go back'] ?></a></p>
  170. +           <p class="buttons"><input type="submit" name="<?php echo (isset($_POST['delete_spammer']) ? 'delete_spammer_comply' : 'delete_user_comply'); ?>" value="<?php echo $lang_profile['Delete'] ?>" /> <a href="javascript:history.go(-1)"><?php echo $lang_common['Go back'] ?></a></p>
  171.         </form>
  172.     </div>
  173.  </div>
  174. @@ -641,7 +651,7 @@
  175.     if (!$db->num_rows($result))
  176.         message($lang_common['Bad request']);
  177.  
  178. -   list($group_id, $is_moderator) = $db->fetch_row($result);
  179. +   list($cur_user['group_id'], $is_moderator) = $db->fetch_row($result);
  180.  
  181.     if ($pun_user['id'] != $id &&
  182.         (!$pun_user['is_admmod'] ||
  183. @@ -1648,7 +1658,7 @@
  184.  ?>
  185.                         <legend><?php echo $lang_profile['Delete ban legend'] ?></legend>
  186.                         <div class="infldset">
  187. -                           <input type="submit" name="delete_user" value="<?php echo $lang_profile['Delete user'] ?>" /> <input type="submit" name="ban" value="<?php echo $lang_profile['Ban user'] ?>" />
  188. +                           <input type="submit" name="delete_user" value="<?php echo $lang_profile['Delete user'] ?>" /> <input type="submit" name="delete_spammer" value="<?php echo $lang_profile['Delete spammer'] ?>" /> <input type="submit" name="ban" value="<?php echo $lang_profile['Ban user'] ?>" />
  189.                         </div>
  190.                     </fieldset>
  191.                 </div>
  192. diff -urN -x .git -x style fluxbb/register.php fluxbb-site/forums/register.php
  193. --- fluxbb/register.php 2010-08-09 13:01:57.355755438 +0100
  194. +++ fluxbb-site/forums/register.php 2010-07-03 11:10:45.316835450 +0100
  195. @@ -71,8 +71,7 @@
  196.     if ($db->num_rows($result))
  197.         message($lang_register['Registration flood']);
  198.  
  199. -
  200. -   $username = pun_trim($_POST['req_user']);
  201. +   $username = pun_trim($_POST['req_honeypot']);
  202.     $email1 = strtolower(trim($_POST['req_email1']));
  203.  
  204.     if ($pun_config['o_regs_verify'] == '1')
  205. @@ -146,6 +145,28 @@
  206.     if ($email_setting < 0 || $email_setting > 2)
  207.         $email_setting = $pun_config['o_default_email_setting'];
  208.  
  209. +   // Include the antispam library
  210. +   require PUN_ROOT.'include/nospam.php';
  211. +
  212. +   $req_username = empty($username) ? pun_trim($_POST['req_username']) : $username;
  213. +   if (!empty($_POST['req_username']))
  214. +       $spam = SPAM_HONEYPOT;
  215. +   else if (stopforumspam_check(get_remote_address(), $email1, $req_username))
  216. +       $spam = SPAM_BLACKLIST;
  217. +   else
  218. +       $spam = SPAM_NOT;
  219. +
  220. +   // Log the register attempt
  221. +   $db->query('INSERT INTO test_registrations (username, email, email_setting, timezone, dst, ip, referer, user_agent, date, spam, errors) VALUES(\''.$db->escape($req_username).'\', \''.$db->escape($email1).'\', '.$email_setting.', '.$timezone.', '.$dst.', \''.get_remote_address().'\', \''.$db->escape($_SERVER['HTTP_REFERER']).'\', \''.$db->escape($_SERVER['HTTP_USER_AGENT']).'\', '.time().', '.$spam.', '.count($errors).')') or error('Unable to log user registration', __FILE__, __LINE__, $db->error());
  222. +
  223. +   if ($spam != SPAM_NOT)
  224. +   {
  225. +       // Since we found a spammer, lets report the bastard!
  226. +       stopforumspam_report(get_remote_address(), $email1, $req_username);
  227. +
  228. +       message($lang_register['Spam catch'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.');
  229. +   }
  230. +
  231.     // Did everything go according to plan?
  232.     if (empty($errors))
  233.     {
  234. @@ -227,8 +248,10 @@
  235.  
  236.  
  237.  $page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_register['Register']);
  238. -$required_fields = array('req_user' => $lang_common['Username'], 'req_password1' => $lang_common['Password'], 'req_password2' => $lang_prof_reg['Confirm pass'], 'req_email1' => $lang_common['Email'], 'req_email2' => $lang_common['Email'].' 2');
  239. -$focus_element = array('register', 'req_user');
  240. +$required_fields = array('req_honeypot' => $lang_common['Username'], 'req_password1' => $lang_common['Password'], 'req_password2' => $lang_prof_reg['Confirm pass'], 'req_email1' => $lang_common['Email'], 'req_email2' => $lang_common['Email'].' 2');
  241. +$focus_element = array('register', 'req_honeypot');
  242. +$page_head = array('<style type="text/css">#register label.usernamefield { display: none }</style>');
  243. +
  244.  define('PUN_ACTIVE_PAGE', 'register');
  245.  require PUN_ROOT.'header.php';
  246.  
  247. @@ -280,7 +303,8 @@
  248.                     <legend><?php echo $lang_register['Username legend'] ?></legend>
  249.                     <div class="infldset">
  250.                         <input type="hidden" name="form_sent" value="1" />
  251. -                       <label class="required"><strong><?php echo $lang_common['Username'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br /><input type="text" name="req_user" value="<?php if (isset($_POST['req_user'])) echo pun_htmlspecialchars($_POST['req_user']); ?>" size="25" maxlength="25" /><br /></label>
  252. +                       <label class="required usernamefield"><strong><?php echo $lang_register['If human'] ?></strong><br /><input type="text" name="req_username" value="" size="25" maxlength="25" /><br /></label>
  253. +                       <label class="required"><strong><?php echo $lang_common['Username'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br /><input type="text" name="req_honeypot" value="<?php if (isset($_POST['req_honeypot'])) echo pun_htmlspecialchars($_POST['req_honeypot']); ?>" size="25" maxlength="25" /><br /></label>
  254.                     </div>
  255.                 </fieldset>
  256.             </div>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!