Guest User

Untitled

a guest
Aug 9th, 2010
249
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. diff -urN -x .git -x style fluxbb/header.php fluxbb-site/forums/header.php
  2. --- fluxbb/header.php   2010-08-09 13:01:57.339258007 +0100
  3. +++ fluxbb-site/forums/header.php   2010-07-03 11:10:45.300836244 +0100
  4. @@ -118,7 +118,7 @@
  5.         for (var i = 0; i < the_form.length; ++i)
  6.         {
  7.             var elem = the_form.elements[i]
  8. -           if (elem.name && elem.name.substring(0, 4) == "req_")
  9. +           if (elem.name && elem.name != "req_username" && elem.name.substring(0, 4) == "req_")
  10.             {
  11.                 if (elem.type && (elem.type=="text" || elem.type=="textarea" || elem.type=="password" || elem.type=="file") && elem.value=='')
  12.                 {
  13. diff -urN -x .git -x style fluxbb/include/nospam.php fluxbb-site/forums/include/nospam.php
  14. --- fluxbb/include/nospam.php   1970-01-01 01:00:00.000000000 +0100
  15. +++ fluxbb-site/forums/include/nospam.php   2010-07-03 11:10:45.304836262 +0100
  16. @@ -0,0 +1,48 @@
  17. +<?php
  18. +
  19. +define('SPAM_NOT', 0);
  20. +define('SPAM_HONEYPOT', 1);
  21. +define('SPAM_BLACKLIST', 2);
  22. +
  23. +//
  24. +// Check a given IP and email against the stopforumspam API
  25. +//
  26. +function stopforumspam_check($ip, $email, $username)
  27. +{
  28. +   $response = @simplexml_load_file('http://www.stopforumspam.com/api?'.http_build_query(array(
  29. +       'ip'        => $ip,
  30. +       'email'     => $email,
  31. +//     'username'  => $username,   // I'm not sure checking by username is a good idea...
  32. +   )));
  33. +   if ($response === false)
  34. +       return false;
  35. +
  36. +   foreach ($response->appears as $appears)
  37. +       if ($appears == 'yes')
  38. +           return true;
  39. +
  40. +   return false;
  41. +}
  42. +
  43. +//
  44. +// Report a spammer to stopforumspam database
  45. +//
  46. +function stopforumspam_report($ip, $email, $username)
  47. +{
  48. +   global $pun_config;
  49. +
  50. +   $pun_config['o_stopforumspam_api'] = ''; // Hack, this shouldn't be hardcoded here!
  51. +
  52. +   $context = stream_context_create(array('http' => array(
  53. +       'method'    => 'POST',
  54. +       'header'    => 'Content-type: application/x-www-form-urlencoded',
  55. +       'content'   => http_build_query(array(
  56. +           'ip_addr'   => $ip,
  57. +           'email'     => $email,
  58. +           'username'  => $username,
  59. +           'api_key'   => $pun_config['o_stopforumspam_api'],
  60. +       )),
  61. +   )));
  62. +
  63. +   return @file_get_contents('http://www.stopforumspam.com/add', false, $context) ? true : false;
  64. +}
  65. diff -urN -x .git -x style fluxbb/lang/English/profile.php fluxbb-site/forums/lang/English/profile.php
  66. --- fluxbb/lang/English/profile.php 2010-08-09 13:01:57.351754971 +0100
  67. +++ fluxbb-site/forums/lang/English/profile.php 2010-07-03 11:10:45.312835524 +0100
  68. @@ -121,6 +121,9 @@
  69.  'Update forums'                    =>  'Update forums',
  70.  'Delete ban legend'                =>  'Delete (administrators only) or ban user',
  71.  'Delete user'                  =>  'Delete user',
  72. +'Delete spammer'               =>  'Delete user &amp; report spam',
  73. +'Delete spammer note'          =>  'After deletion this user will be reported as a spammer. This is intended for reporting spam bots, <strong>not</strong> annoying users!',
  74. +'Spammer delete redirect'      =>  'User deleted and reported. Redirecting …',
  75.  'Ban user'                     =>  'Ban user',
  76.  'Confirm delete legend'            =>  'Important: read before deleting user',
  77.  'Confirm delete user'          =>  'Confirm delete user',
  78. diff -urN -x .git -x style fluxbb/lang/English/register.php fluxbb-site/forums/lang/English/register.php
  79. --- fluxbb/lang/English/register.php    2010-08-09 13:01:57.351754971 +0100
  80. +++ fluxbb-site/forums/lang/English/register.php    2010-07-03 11:10:45.312835524 +0100
  81. @@ -33,5 +33,7 @@
  82.  'Pass info'                    =>  'Passwords must be at least 4 characters long. Passwords are case sensitive.',
  83.  'Email info'               =>  'You must enter a valid email address as your randomly generated password will be sent to that address.',
  84.  'Confirm email'                =>  'Confirm email address',
  85. +'If human'                 =>  'If you are human please leave this field blank!',
  86. +'Spam catch'               =>  'Unfortunately it looks like your request is spam. If you feel this is a mistake, please direct any inquiries to the forum administrator at',
  87.  
  88.  );
  89. diff -urN -x .git -x style fluxbb/profile.php fluxbb-site/forums/profile.php
  90. --- fluxbb/profile.php  2010-08-09 13:01:57.355755438 +0100
  91. +++ fluxbb-site/forums/profile.php  2010-07-03 11:10:45.312835524 +0100
  92. @@ -522,7 +522,7 @@
  93.  }
  94.  
  95.  
  96. -else if (isset($_POST['delete_user']) || isset($_POST['delete_user_comply']))
  97. +else if (isset($_POST['delete_user']) || isset($_POST['delete_spammer']) || isset($_POST['delete_user_comply']) || isset($_POST['delete_spammer_comply']))
  98.  {
  99.     if ($pun_user['g_id'] > PUN_ADMIN)
  100.         message($lang_common['No permission']);
  101. @@ -530,19 +530,28 @@
  102.     confirm_referrer('profile.php');
  103.  
  104.     // Get the username and group of the user we are deleting
  105. -   $result = $db->query('SELECT group_id, username FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
  106. -   list($group_id, $username) = $db->fetch_row($result);
  107. +   $result = $db->query('SELECT group_id, username, email, registration_ip FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
  108. +   $cur_user = $db->fetch_assoc($result);
  109.  
  110. -   if ($group_id == PUN_ADMIN)
  111. +   if ($cur_user['group_id'] == PUN_ADMIN)
  112.         message($lang_profile['No delete admin message']);
  113.  
  114. -   if (isset($_POST['delete_user_comply']))
  115. +   if (isset($_POST['delete_user_comply']) || isset($_POST['delete_spammer_comply']))
  116.     {
  117. +       if (isset($_POST['delete_spammer_comply']))
  118. +       {
  119. +           // Include the antispam library
  120. +           require PUN_ROOT.'include/nospam.php';
  121. +
  122. +           // Lets report the bastard!
  123. +           stopforumspam_report($cur_user['registration_ip'], $cur_user['email'], $cur_user['username']);
  124. +       }
  125. +
  126.         // If the user is a moderator or an administrator, we remove him/her from the moderator list in all forums as well
  127. -       $result = $db->query('SELECT g_moderator FROM '.$db->prefix.'groups WHERE g_id='.$group_id) or error('Unable to fetch group', __FILE__, __LINE__, $db->error());
  128. +       $result = $db->query('SELECT g_moderator FROM '.$db->prefix.'groups WHERE g_id='.$cur_user['group_id']) or error('Unable to fetch group', __FILE__, __LINE__, $db->error());
  129.         $group_mod = $db->result($result);
  130.  
  131. -       if ($group_id == PUN_ADMIN || $group_mod == '1')
  132. +       if ($cur_user['group_id'] == PUN_ADMIN || $group_mod == '1')
  133.         {
  134.             $result = $db->query('SELECT id, moderators FROM '.$db->prefix.'forums') or error('Unable to fetch forum list', __FILE__, __LINE__, $db->error());
  135.  
  136. @@ -552,7 +561,7 @@
  137.  
  138.                 if (in_array($id, $cur_moderators))
  139.                 {
  140. -                   unset($cur_moderators[$username]);
  141. +                   unset($cur_moderators[$cur_user['username']]);
  142.                     $cur_moderators = (!empty($cur_moderators)) ? '\''.$db->escape(serialize($cur_moderators)).'\'' : 'NULL';
  143.  
  144.                     $db->query('UPDATE '.$db->prefix.'forums SET moderators='.$cur_moderators.' WHERE id='.$cur_forum['id']) or error('Unable to update forum', __FILE__, __LINE__, $db->error());
  145. @@ -600,7 +609,7 @@
  146.         // Delete user avatar
  147.         delete_avatar($id);
  148.  
  149. -       redirect('index.php', $lang_profile['User delete redirect']);
  150. +       redirect('index.php', isset($_POST['delete_spammer_comply']) ? $lang_profile['Spammer delete redirect'] : $lang_profile['User delete redirect']);
  151.     }
  152.  
  153.     $page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_common['Profile'], $lang_profile['Confirm delete user']);
  154. @@ -616,15 +625,16 @@
  155.                 <fieldset>
  156.                     <legend><?php echo $lang_profile['Confirm delete legend'] ?></legend>
  157.                     <div class="infldset">
  158. -                       <p><?php echo $lang_profile['Confirmation info'].' <strong>'.pun_htmlspecialchars($username).'</strong>.' ?></p>
  159. +                       <p><?php echo $lang_profile['Confirmation info'].' <strong>'.pun_htmlspecialchars($cur_user['username']).'</strong>.' ?></p>
  160.                         <div class="rbox">
  161.                             <label><input type="checkbox" name="delete_posts" value="1" checked="checked" /><?php echo $lang_profile['Delete posts'] ?><br /></label>
  162.                         </div>
  163. -                       <p class="warntext"><strong><?php echo $lang_profile['Delete warning'] ?></strong></p>
  164. +<?php if (isset($_POST['delete_spammer'])): ?>                     <p><?php echo $lang_profile['Delete spammer note'] ?></p>
  165. +<?php endif; ?>                        <p class="warntext"><strong><?php echo $lang_profile['Delete warning'] ?></strong></p>
  166.                     </div>
  167.                 </fieldset>
  168.             </div>
  169. -           <p class="buttons"><input type="submit" name="delete_user_comply" value="<?php echo $lang_profile['Delete'] ?>" /> <a href="javascript:history.go(-1)"><?php echo $lang_common['Go back'] ?></a></p>
  170. +           <p class="buttons"><input type="submit" name="<?php echo (isset($_POST['delete_spammer']) ? 'delete_spammer_comply' : 'delete_user_comply'); ?>" value="<?php echo $lang_profile['Delete'] ?>" /> <a href="javascript:history.go(-1)"><?php echo $lang_common['Go back'] ?></a></p>
  171.         </form>
  172.     </div>
  173.  </div>
  174. @@ -641,7 +651,7 @@
  175.     if (!$db->num_rows($result))
  176.         message($lang_common['Bad request']);
  177.  
  178. -   list($group_id, $is_moderator) = $db->fetch_row($result);
  179. +   list($cur_user['group_id'], $is_moderator) = $db->fetch_row($result);
  180.  
  181.     if ($pun_user['id'] != $id &&
  182.         (!$pun_user['is_admmod'] ||
  183. @@ -1648,7 +1658,7 @@
  184.  ?>
  185.                         <legend><?php echo $lang_profile['Delete ban legend'] ?></legend>
  186.                         <div class="infldset">
  187. -                           <input type="submit" name="delete_user" value="<?php echo $lang_profile['Delete user'] ?>" /> <input type="submit" name="ban" value="<?php echo $lang_profile['Ban user'] ?>" />
  188. +                           <input type="submit" name="delete_user" value="<?php echo $lang_profile['Delete user'] ?>" /> <input type="submit" name="delete_spammer" value="<?php echo $lang_profile['Delete spammer'] ?>" /> <input type="submit" name="ban" value="<?php echo $lang_profile['Ban user'] ?>" />
  189.                         </div>
  190.                     </fieldset>
  191.                 </div>
  192. diff -urN -x .git -x style fluxbb/register.php fluxbb-site/forums/register.php
  193. --- fluxbb/register.php 2010-08-09 13:01:57.355755438 +0100
  194. +++ fluxbb-site/forums/register.php 2010-07-03 11:10:45.316835450 +0100
  195. @@ -71,8 +71,7 @@
  196.     if ($db->num_rows($result))
  197.         message($lang_register['Registration flood']);
  198.  
  199. -
  200. -   $username = pun_trim($_POST['req_user']);
  201. +   $username = pun_trim($_POST['req_honeypot']);
  202.     $email1 = strtolower(trim($_POST['req_email1']));
  203.  
  204.     if ($pun_config['o_regs_verify'] == '1')
  205. @@ -146,6 +145,28 @@
  206.     if ($email_setting < 0 || $email_setting > 2)
  207.         $email_setting = $pun_config['o_default_email_setting'];
  208.  
  209. +   // Include the antispam library
  210. +   require PUN_ROOT.'include/nospam.php';
  211. +
  212. +   $req_username = empty($username) ? pun_trim($_POST['req_username']) : $username;
  213. +   if (!empty($_POST['req_username']))
  214. +       $spam = SPAM_HONEYPOT;
  215. +   else if (stopforumspam_check(get_remote_address(), $email1, $req_username))
  216. +       $spam = SPAM_BLACKLIST;
  217. +   else
  218. +       $spam = SPAM_NOT;
  219. +
  220. +   // Log the register attempt
  221. +   $db->query('INSERT INTO test_registrations (username, email, email_setting, timezone, dst, ip, referer, user_agent, date, spam, errors) VALUES(\''.$db->escape($req_username).'\', \''.$db->escape($email1).'\', '.$email_setting.', '.$timezone.', '.$dst.', \''.get_remote_address().'\', \''.$db->escape($_SERVER['HTTP_REFERER']).'\', \''.$db->escape($_SERVER['HTTP_USER_AGENT']).'\', '.time().', '.$spam.', '.count($errors).')') or error('Unable to log user registration', __FILE__, __LINE__, $db->error());
  222. +
  223. +   if ($spam != SPAM_NOT)
  224. +   {
  225. +       // Since we found a spammer, lets report the bastard!
  226. +       stopforumspam_report(get_remote_address(), $email1, $req_username);
  227. +
  228. +       message($lang_register['Spam catch'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.');
  229. +   }
  230. +
  231.     // Did everything go according to plan?
  232.     if (empty($errors))
  233.     {
  234. @@ -227,8 +248,10 @@
  235.  
  236.  
  237.  $page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_register['Register']);
  238. -$required_fields = array('req_user' => $lang_common['Username'], 'req_password1' => $lang_common['Password'], 'req_password2' => $lang_prof_reg['Confirm pass'], 'req_email1' => $lang_common['Email'], 'req_email2' => $lang_common['Email'].' 2');
  239. -$focus_element = array('register', 'req_user');
  240. +$required_fields = array('req_honeypot' => $lang_common['Username'], 'req_password1' => $lang_common['Password'], 'req_password2' => $lang_prof_reg['Confirm pass'], 'req_email1' => $lang_common['Email'], 'req_email2' => $lang_common['Email'].' 2');
  241. +$focus_element = array('register', 'req_honeypot');
  242. +$page_head = array('<style type="text/css">#register label.usernamefield { display: none }</style>');
  243. +
  244.  define('PUN_ACTIVE_PAGE', 'register');
  245.  require PUN_ROOT.'header.php';
  246.  
  247. @@ -280,7 +303,8 @@
  248.                     <legend><?php echo $lang_register['Username legend'] ?></legend>
  249.                     <div class="infldset">
  250.                         <input type="hidden" name="form_sent" value="1" />
  251. -                       <label class="required"><strong><?php echo $lang_common['Username'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br /><input type="text" name="req_user" value="<?php if (isset($_POST['req_user'])) echo pun_htmlspecialchars($_POST['req_user']); ?>" size="25" maxlength="25" /><br /></label>
  252. +                       <label class="required usernamefield"><strong><?php echo $lang_register['If human'] ?></strong><br /><input type="text" name="req_username" value="" size="25" maxlength="25" /><br /></label>
  253. +                       <label class="required"><strong><?php echo $lang_common['Username'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br /><input type="text" name="req_honeypot" value="<?php if (isset($_POST['req_honeypot'])) echo pun_htmlspecialchars($_POST['req_honeypot']); ?>" size="25" maxlength="25" /><br /></label>
  254.                     </div>
  255.                 </fieldset>
  256.             </div>
RAW Paste Data