') ) { $ust_admin_url = network_admin_url('settings.php?page=ust'); } else { $ust_admin_url = network_admin_url('ms-admin.php?page=ust'); } } function ust_install_notice() { if ( !is_super_admin() ) return; if ( !file_exists( WP_CONTENT_DIR . '/blog-suspended.php' ) ) { ?>

blog_id == $blog_id) add_action('widgets_init', create_function('', 'return register_widget("UST_Widget");') ); } function ust_localization() { // Load up the localization file if we're using WordPress in a different language // Place it in this plugin's "languages" folder and name it "ust-[locale].mo" load_plugin_textdomain( 'ust', false, '/anti-splog/languages' ); } function ust_make_current() { global $wpdb, $ust_current_version; if (get_site_option( "ust_version" ) == '') { add_site_option( 'ust_version', '0.0.0' ); } if (get_site_option( "ust_version" ) == $ust_current_version) { // do nothing } else { //update to current version update_site_option( "ust_version", $ust_current_version ); } ust_global_install(); } function ust_global_install() { global $wpdb, $ust_current_version; if (get_site_option( "ust_installed" ) == '') { add_site_option( 'ust_installed', 'no' ); } if (get_site_option( "ust_installed" ) == "yes") { // do nothing } else { //create table $ust_table1 = "CREATE TABLE IF NOT EXISTS `" . $wpdb->base_prefix . "ust` ( `blog_id` bigint(20) unsigned NOT NULL, `last_user_id` bigint(20) NULL DEFAULT NULL, `last_ip` varchar(30), `last_user_agent` varchar(255), `spammed` DATETIME default '0000-00-00 00:00:00', `certainty` int(3) NOT NULL default '0', `ignore` int(1) NOT NULL default '0', PRIMARY KEY (`blog_id`) ) ENGINE=MyISAM CHARACTER SET utf8 COLLATE utf8_general_ci;"; $wpdb->query( $ust_table1 ); //insert every blog_id $ust_query1 = "INSERT INTO `" . $wpdb->base_prefix . "ust` (`blog_id`) SELECT blog_id FROM `" . $wpdb->blogs . "` WHERE 1"; $wpdb->query( $ust_query1 ); //best guess estimate of spammed time by last updated $ust_query2 = "UPDATE ".$wpdb->base_prefix."ust u, ".$wpdb->blogs." b SET u.spammed = b.last_updated WHERE u.blog_id = b.blog_id AND b.spam = 1"; $wpdb->query( $ust_query2 ); //default options $ust_settings['api_key'] = ''; $ust_settings['certainty'] = 80; $ust_settings['post_certainty'] = 90; $ust_settings['num_signups'] = ''; $ust_settings['strip'] = 0; $ust_settings['paged_blogs'] = 15; $ust_settings['paged_posts'] = 3; $ust_settings['keywords'] = array('ugg', 'pharma', 'erecti'); $ust_settings['signup_protect'] = 'none'; update_site_option("ust_settings", $ust_settings); update_site_option( "ust_installed", "yes" ); } } function ust_wpsignup_init() { global $blog_id, $current_site; //if on main blog if ($current_site->blog_id == $blog_id) { $ust_signup = get_site_option('ust_signup'); if (!$ust_signup['active']) return; add_filter('root_rewrite_rules', 'ust_wpsignup_rewrite'); add_filter('query_vars', 'ust_wpsignup_queryvars'); add_action('pre_get_posts', 'ust_wpsignup_page'); add_action('init', 'ust_wpsignup_flush_rewrite'); add_action('init', 'ust_wpsignup_change', 99); //run after the flush in case link has expired on already open page add_action('init', 'ust_wpsignup_kill'); } } function ust_wpsignup_rewrite($rules){ $ust_signup = get_site_option('ust_signup'); $rules[$ust_signup['slug'] . '/?$'] = 'index.php?namespace=ust&newblog=$matches[1]'; return $rules; } function ust_wpsignup_change(){ $ust_signup = get_site_option('ust_signup'); //change url every 24 hours if ($ust_signup['expire'] < time()) { $ust_signup['expire'] = time() + 86400; //extend 24 hours $ust_signup['slug'] = 'signup-'.substr(md5(time()), rand(0,30), 3); //create new random signup url update_site_option('ust_signup', $ust_signup); //clear cache if WP Super Cache is enabled if (function_exists('wp_cache_clear_cache')) wp_cache_clear_cache(); } } function ust_wpsignup_flush_rewrite() { // This function clears the rewrite rules and forces them to be regenerated global $wp_rewrite; $wp_rewrite->flush_rules(); } function ust_wpsignup_queryvars($vars) { // This function add the namespace (if it hasn't already been added) and the // eventperiod queryvars to the list that WordPress is looking for. // Note: Namespace provides a means to do a quick check to see if we should be doing anything if(!in_array('namespace',$vars)) $vars[] = 'namespace'; $vars[] = 'newblog'; return $vars; } function ust_wpsignup_page($wp_query) { if(isset($wp_query->query_vars['namespace']) && $wp_query->query_vars['namespace'] == 'ust') { // Set up the property query variables if(isset($wp_query->query_vars['newblog'])) $_GET['new'] = $wp_query->query_vars['newblog']; //include the signup page $wp_query->is_home = false; $wp_query->is_page = 1; //allow for a custom signup page to override this by placing in wp-content dir if ( file_exists( WP_CONTENT_DIR . '/custom-wpsignup.php' ) ) { require_once( WP_CONTENT_DIR . '/custom-wpsignup.php' ); } else { require_once('includes/ust-wp-signup.php'); } die(); } } /* Kill the wp-signup.php if custom registration signup templates are present */ function ust_wpsignup_kill() { global $current_site; if ( false === strpos( $_SERVER['SCRIPT_NAME'], 'wp-signup.php') ) return false; /* could make it easy for sploggers to get current url from location header by setting the new variable if (isset($_GET['new'])) { $ust_signup = get_site_option('ust_signup'); header( "Location: http://" . $current_site->domain . $current_site->path . $ust_signup['slug'] . "/?new=" . $_GET['new']; } */ header("HTTP/1.0 404 Not Found"); die(__('The signup page location has been changed.', 'ust')); } function ust_wpsignup_filter() { // filters redirect in wp-login.php return ust_wpsignup_url(false); } function ust_wpsignup_shortcode($content) { //replace shortcodes in content $content = str_replace( '[ust_wpsignup_url]', ust_wpsignup_url(false), $content ); //replace unchanged wp-signup.php calls too $ust_signup = get_site_option('ust_signup'); if ($ust_signup['active']) $content = str_replace( 'wp-signup.php', $ust_signup['slug'].'/', $content ); return $content; } function ust_blog_spammed($blog_id) { global $wpdb, $current_site; //prevent the spamming of supporters if free trial is not enabled $free_trial = get_site_option("supporter_free_days"); if (function_exists('is_supporter') && is_supporter($blog_id) && $free_trial === 0) { update_blog_status( $blog_id, "spam", '0' ); return; } //spam blog's users if preference is set $ust_settings = get_site_option("ust_settings"); if ($ust_settings['spam_blog_users']) { $blogusers = get_users_of_blog($blog_id); if ($blogusers) { foreach ($blogusers as $bloguser) { if (!is_super_admin($bloguser->user_login)) update_user_status($bloguser->user_id, "spam", '1'); } } } $wpdb->query("UPDATE `" . $wpdb->base_prefix . "ust` SET spammed = '".current_time('mysql', true)."' WHERE blog_id = '$blog_id' LIMIT 1"); //update spam stat $num = get_site_option('ust_spam_count'); if (!$num) $num = 0; update_site_option('ust_spam_count', ($num+1)); //don't send splog data if it was spammed automatically $auto_spammed = get_blog_option($blog_id, 'ust_auto_spammed'); $post_auto_spammed = get_blog_option($blog_id, 'ust_post_auto_spammed'); if (!$auto_spammed && !$post_auto_spammed) { //collect info $api_data = get_blog_option($blog_id, 'ust_signup_data'); if (!$api_data) { $blog = $wpdb->get_row("SELECT * FROM {$wpdb->blogs} WHERE blog_id = '$blog_id'", ARRAY_A); $api_data['activate_user_ip'] = $wpdb->get_var("SELECT `IP` FROM {$wpdb->registration_log} WHERE blog_id = '$blog_id'"); $api_data['user_email'] = $wpdb->get_var("SELECT `email` FROM {$wpdb->registration_log} WHERE blog_id = '$blog_id'"); $api_data['blog_registered'] = $blog['registered']; $api_data['blog_domain'] = ( constant( "VHOST" ) == 'yes' ) ? str_replace('.'.$current_site->domain, '', $blog['domain']) : $blog['path']; $api_data['blog_title'] = get_blog_option($blog_id, 'blogname'); } $last = $wpdb->get_row("SELECT * FROM {$wpdb->base_prefix}ust WHERE blog_id = '$blog_id'"); $api_data['last_user_id'] = $last->last_user_id; $api_data['last_ip'] = $last->last_ip; $api_data['last_user_agent'] = $last->last_user_agent; //latest post $post = $wpdb->get_row("SELECT post_title, post_content FROM `{$wpdb->base_prefix}{$blog_id}_posts` WHERE post_status = 'publish' AND post_type = 'post' AND ID != '1' ORDER BY post_date DESC LIMIT 1"); if ($post) $api_data['post_content'] = $post->post_title . "\n" . $post->post_content; //send blog info to API ust_http_post('spam_blog', $api_data); } } function ust_blog_unspammed($blog_id, $ignored=false) { global $wpdb, $current_site; if (!$ignored) { //update spam stat $num = get_site_option('ust_spam_count'); if (!$num || $num = 0) $num = 0; else $num = $num-1; update_site_option('ust_spam_count', $num); //remove auto spammed status in case it is manually spammed again later update_blog_option($blog_id, 'ust_auto_spammed', 0); update_blog_option($blog_id, 'ust_post_auto_spammed', 0); } //unspam blog's users if preference is set $ust_settings = get_site_option("ust_settings"); if ($ust_settings['spam_blog_users']) { $blogusers = get_users_of_blog($blog_id); if ($blogusers) { foreach ($blogusers as $bloguser) { update_user_status($bloguser->user_id, "spam", '0'); } } } //collect info $api_data = get_blog_option($blog_id, 'ust_signup_data'); if (!$api_data) { $blog = $wpdb->get_row("SELECT * FROM {$wpdb->blogs} WHERE blog_id = '$blog_id'", ARRAY_A); $api_data['activate_user_ip'] = $wpdb->get_var("SELECT `IP` FROM {$wpdb->registration_log} WHERE blog_id = '$blog_id'"); $api_data['user_email'] = $wpdb->get_var("SELECT `email` FROM {$wpdb->registration_log} WHERE blog_id = '$blog_id'"); $api_data['blog_registered'] = $blog['registered']; $api_data['blog_domain'] = ( constant( "VHOST" ) == 'yes' ) ? str_replace('.'.$current_site->domain, '', $blog['domain']) : $blog['path']; $api_data['blog_title'] = get_blog_option($blog_id, 'blogname'); } $last = $wpdb->get_row("SELECT * FROM {$wpdb->base_prefix}ust WHERE blog_id = '$blog_id'"); $api_data['last_user_id'] = $last->last_user_id; $api_data['last_ip'] = $last->last_ip; $api_data['last_user_agent'] = $last->last_user_agent; //latest post $post = $wpdb->get_row("SELECT post_title, post_content FROM `{$wpdb->base_prefix}{$blog_id}_posts` WHERE post_status = 'publish' AND post_type = 'post' AND ID != '1' ORDER BY post_date DESC LIMIT 1"); if ($post) $api_data['post_content'] = $post->post_title . "\n" . $post->post_content; //send blog info to API ust_http_post('unspam_blog', $api_data); } function ust_blog_created($blog_id, $user_id) { global $wpdb, $current_site; $ust_signup_data = get_blog_option($blog_id, 'ust_signup_data'); $user = new WP_User( (int) $user_id ); $ip = preg_replace('/[^0-9., ]/', '', $_SERVER['REMOTE_ADDR']); $blog = $wpdb->get_row("SELECT * FROM {$wpdb->blogs} WHERE blog_id = '$blog_id'", ARRAY_A); //collect signup info $api_data = $ust_signup_data; $api_data['activate_user_agent'] = $_SERVER['HTTP_USER_AGENT']; $api_data['activate_user_ip'] = $ip; $api_data['activate_user_referer'] = $_SERVER['HTTP_REFERER']; $api_data['user_login'] = $user->user_login; $api_data['user_email'] = $user->user_email; $api_data['user_registered'] = $user->user_registered; $api_data['blog_domain'] = ( constant( "VHOST" ) == 'yes' ) ? str_replace('.'.$current_site->domain, '', $blog['domain']) : $blog['path']; $api_data['blog_title'] = get_blog_option($blog_id, 'blogname'); $api_data['blog_registered'] = $blog['registered']; //don't test if a site admin or supporter or blog-user-creator plugin is creating the blog if (is_super_admin() || strpos($_SERVER['REQUEST_URI'], 'blog-user-creator')) { $certainty = 0; } else { //send blog info to API $result = ust_http_post('check_blog', $api_data); if ($result) { $certainty = (int)$result; } else { $certainty = 0; } } //create new record in ust table $wpdb->query( $wpdb->prepare("INSERT INTO `" . $wpdb->base_prefix . "ust` (blog_id, last_user_id, last_ip, last_user_agent, certainty) VALUES (%d, %d, %s, %s, %d)", $blog_id, $user->ID, $ip, $_SERVER['HTTP_USER_AGENT'], $certainty) ); //save data to blog for retrieval in case it's spammed later update_blog_option($blog_id, 'ust_signup_data', $api_data); //spam blog if certainty is met $ust_settings = get_site_option("ust_settings"); if ($certainty >= $ust_settings['certainty']) { update_blog_option($blog_id, 'ust_auto_spammed', 1); update_blog_status($blog_id, "spam", '1'); } } function ust_check_post($tmp_post_ID) { global $wpdb, $current_site, $blog_id; if (!$blog_id) $blog_id = $wpdb->blogid; $tmp_post = get_post($tmp_post_ID); $api_data = get_option('ust_signup_data'); //only check the first valid post for blogs that were created after plugin installed if (get_option('ust_first_post') || !$api_data || $tmp_post->post_status != 'publish' || $tmp_post->post_type != 'post' || $tmp_post->post_content == '') return; //collect info if (!$api_data) { $blog = $wpdb->get_row("SELECT * FROM {$wpdb->blogs} WHERE blog_id = '$blog_id'", ARRAY_A); $api_data['activate_user_ip'] = $wpdb->get_var("SELECT `IP` FROM {$wpdb->registration_log} WHERE blog_id = '$blog_id'"); $api_data['user_email'] = $wpdb->get_var("SELECT `email` FROM {$wpdb->registration_log} WHERE blog_id = '$blog_id'"); $api_data['blog_registered'] = $blog['registered']; $api_data['blog_domain'] = ( constant( "VHOST" ) == 'yes' ) ? str_replace('.'.$current_site->domain, '', $blog['domain']) : $blog['path']; $api_data['blog_title'] = get_blog_option($blog_id, 'blogname'); } $last = $wpdb->get_row("SELECT * FROM {$wpdb->base_prefix}ust WHERE blog_id = '$blog_id'"); $api_data['last_user_id'] = $last->last_user_id; $api_data['last_ip'] = $last->last_ip; $api_data['last_user_agent'] = $last->last_user_agent; //add post title/content $api_data['post_content'] = $tmp_post->post_title . "\n" . $tmp_post->post_content; //send blog info to API $result = ust_http_post('check_post', $api_data); if ($result) { $certainty = (int)$result; } else { $certainty = 0; } //update certainty in table if greater $last_certainty = $wpdb->get_var("SELECT certainty FROM {$wpdb->base_prefix}ust WHERE blog_id = '$blog_id'"); if ($certainty > $last_certainty && $certainty > 60) $wpdb->query("UPDATE `" . $wpdb->base_prefix . "ust` SET `certainty` = $certainty WHERE blog_id = '$blog_id' LIMIT 1"); //save action so we don't check this blog again if ($result >= 0) update_option('ust_first_post', 1); //spam blog if certainty is met $ust_settings = get_site_option("ust_settings"); if ($certainty >= $ust_settings['post_certainty']) { update_blog_option($blog_id, 'ust_post_auto_spammed', 1); update_blog_status($blog_id, "spam", '1'); } } function ust_blog_ignore($blog_id, $report=true) { global $wpdb; $wpdb->query("UPDATE `" . $wpdb->base_prefix . "ust` SET `ignore` = '1' WHERE blog_id = '$blog_id' LIMIT 1"); //send info to API for learning if ($report) ust_blog_unspammed($blog_id, true); } function ust_blog_unignore($blog_id) { global $wpdb; $wpdb->query("UPDATE `" . $wpdb->base_prefix . "ust` SET `ignore` = '0' WHERE blog_id = '$blog_id' LIMIT 1"); } function ust_blog_deleted($blog_id, $drop) { global $wpdb; if ($drop) $wpdb->query("DELETE FROM `" . $wpdb->base_prefix . "ust` WHERE blog_id = '$blog_id' LIMIT 1"); } function ust_user_deleted($user_id) { global $wpdb; $wpdb->query("UPDATE `" . $wpdb->base_prefix . "ust` SET last_user_id = NULL WHERE last_user_id = '$user_id'"); } function ust_blog_updated($blog_id) { global $wpdb, $current_user; $wpdb->query("UPDATE `" . $wpdb->base_prefix . "ust` SET last_user_id = '".$current_user->ID."', last_ip = '".$_SERVER['REMOTE_ADDR']."', last_user_agent = '".addslashes($_SERVER['HTTP_USER_AGENT'])."' WHERE blog_id = '$blog_id' LIMIT 1"); } function ust_plug_pages() { global $ust_admin_url, $wp_version; if ( is_super_admin() ) { if ( version_compare($wp_version, '3.0.9', '>') ) { $page = add_submenu_page('settings.php', __('Anti-Splog', 'ust'), __('Anti-Splog', 'ust'), 10, 'ust', 'ust_admin_output'); } else { $page = add_submenu_page('ms-admin.php', __('Anti-Splog', 'ust'), __('Anti-Splog', 'ust'), 10, 'ust', 'ust_admin_output'); } /* Using registered $page handle to hook script load */ add_action('admin_print_scripts-' . $page, 'ust_admin_script'); add_action('admin_print_styles-' . $page, 'ust_admin_style'); } } function ust_preview_splog() { global $current_blog; //temporarily unspams the blog while previewing from Splogs queue if (strpos($_SERVER['HTTP_REFERER'], '?page=ust&tab=splogs')) $current_blog->spam = '0'; } function ust_do_ajax() { global $wpdb, $current_site; //make sure we have permission! if (!is_super_admin()) die(); $query = parse_url($_POST['url']); parse_str($query['query'], $_GET); //process any actions and messages if ( isset($_GET['spam_user']) ) { //spam a user and all blogs they are associated with //don't spam site admin $user_info = get_userdata((int)$_GET['spam_user']); if (!is_super_admin($user_info->user_login)) { $blogs = get_blogs_of_user( (int)$_GET['spam_user'], true ); foreach ( (array) $blogs as $key => $details ) { if ( $details->userblog_id == $current_site->blog_id ) { continue; } // main blog not a spam ! update_blog_status( $details->userblog_id, "spam", '1' ); set_time_limit(60); } update_user_status( (int)$_GET['spam_user'], "spam", '1' ); } } else if ( isset($_POST['check_ip']) ) { //count all blogs created or modified with the IP address $ip_query = parse_url($_POST['check_ip']); parse_str($ip_query['query'], $ip_data); $spam_ip = addslashes($ip_data['spam_ip']); $query = "SELECT COUNT(b.blog_id) FROM {$wpdb->blogs} b, {$wpdb->registration_log} r, {$wpdb->base_prefix}ust u WHERE b.site_id = '{$wpdb->siteid}' AND b.blog_id = r.blog_id AND b.blog_id = u.blog_id AND b.spam = 0 AND (r.IP = '$spam_ip' OR u.last_ip = '$spam_ip')"; $query2 = "SELECT COUNT(b.blog_id) FROM {$wpdb->blogs} b, {$wpdb->registration_log} r, {$wpdb->base_prefix}ust u WHERE b.site_id = '{$wpdb->siteid}' AND b.blog_id = r.blog_id AND b.blog_id = u.blog_id AND b.spam = 1 AND (r.IP = '$spam_ip' OR u.last_ip = '$spam_ip')"; //return json response echo '{"num":"'.$wpdb->get_var($query).'", "numspam":"'.$wpdb->get_var($query2).'", "bid":"'.$ip_data['id'].'", "ip":"'.$ip_data['spam_ip'].'"}'; } else if ( isset($_GET['spam_ip']) ) { //spam all blogs created or modified with the IP address $spam_ip = addslashes($_GET['spam_ip']); $query = "SELECT b.blog_id FROM {$wpdb->blogs} b, {$wpdb->registration_log} r, {$wpdb->base_prefix}ust u WHERE b.site_id = '{$wpdb->siteid}' AND b.blog_id = r.blog_id AND b.blog_id = u.blog_id AND b.spam = 0 AND (r.IP = '$spam_ip' OR u.last_ip = '$spam_ip')"; $blogs = $wpdb->get_results( $query, ARRAY_A ); foreach ( (array) $blogs as $blog ) { if ( $blog['blog_id'] == $current_site->blog_id ) { continue; } // main blog not a spam ! update_blog_status( $blog['blog_id'], "spam", '1' ); set_time_limit(60); } } else if ( isset($_GET['ignore_blog']) ) { //ignore a single blog so it doesn't show up on the possible spam list ust_blog_ignore((int)$_GET['id']); echo $_GET['id']; } else if ( isset($_GET['unignore_blog']) ) { //unignore a single blog so it can show up on the possible spam list ust_blog_unignore((int)$_GET['id']); echo $_GET['id']; } else if ( isset($_GET['spam_blog']) ) { //spam a single blog update_blog_status( (int)$_GET['id'], "spam", '1' ); echo $_GET['id']; } else if (isset($_GET['unspam_blog'])) { update_blog_status( (int)$_GET['id'], "spam", '0' ); ust_blog_ignore((int)$_GET['id'], false); echo $_GET['id']; } else if (isset($_POST['allblogs'])) { parse_str($_POST['allblogs'], $blog_list); foreach ( (array) $blog_list['allblogs'] as $key => $val ) { if( $val != '0' && $val != $current_site->blog_id ) { if ( isset($_POST['allblog_ignore']) ) { ust_blog_ignore($val); set_time_limit(60); } else if ( isset($_POST['allblog_unignore']) ) { ust_blog_unignore($val); set_time_limit(60); } else if ( isset($_POST['allblog_spam']) ) { update_blog_status( $val, "spam", '1' ); set_time_limit(60); } else if ( isset($_POST['allblog_notspam']) ) { update_blog_status( $val, "spam", '0' ); ust_blog_ignore( $val, false ); set_time_limit(60); } } } _e("Selected blogs processed", 'ust'); } die(); } // call with array of additional commands function ust_http_post($action='api_check', $request=false) { global $wp_version, $ust_current_version, $ust_api_url, $current_site; $ust_settings = get_site_option("ust_settings"); //if api key is not set/valid if (!$ust_settings['api_key'] && $action != 'api_check') return false; //create the default request if (!$request["API_KEY"]) $request["API_KEY"] = $ust_settings['api_key']; $request["SITE_DOMAIN"] = $current_site->domain; $request["ACTION"] = $action; $query_string = ''; if (is_array($request)) { foreach ( $request as $key => $data ) $query_string .= $key . '=' . urlencode( stripslashes($data) ) . '&'; } //build args $args['user-agent'] = "WordPress/$wp_version | Anti-Splog/$ust_current_version"; $args['body'] = $query_string; $response = wp_remote_post($ust_api_url, $args); if (is_wp_error($response) || wp_remote_retrieve_response_code($response) != 200) { if ($action != 'api_check') { //schedule a check in 24 hours to determine API key is valid (in case it's not a temporary server issue) switch_to_blog($current_site->blog_id); if (!wp_next_scheduled('ust_check_api_cron')) wp_schedule_single_event(time()+86400, 'ust_check_api_cron'); restore_current_blog(); } return false; } else { return $response['body']; } } function ust_check_api() { global $current_site, $ust_admin_url; $ust_url = $ust_admin_url . "&tab=settings"; //check the api key and connection $api_response = ust_http_post(); if ($api_response && $api_response != 'Valid') { $message = __(sprintf("There seems to be a problem with the Anti-Splog plugin API key on your server at %s.\n%s\n\nFix it here: %s", $current_site->domain, $api_response, $ust_url), 'ust'); } else if (!$api_response) { $message = __(sprintf("The Anti-Splog plugin on your server at %s is having a problem connecting to the API server.\n\nFix it here: %s", $current_site->domain, $ust_url), 'ust'); } if ($message) { //email site admin $admin_email = get_site_option( "admin_email" ); $subject = __('A problem with your Anti-Splog plugin', 'ust'); wp_mail($admin_email, $subject, $message); //clear API key $ust_settings = get_site_option("ust_settings"); $ust_settings['api_key'] = ''; update_site_option("ust_settings", $ust_settings); } } function ust_signup_errorcheck($content) { //skip check if BP global $bp; if (isset($bp->signup->step)) return $content; $ust_settings = get_site_option("ust_settings"); if($ust_settings['signup_protect'] == 'recaptcha') { //check reCAPTCHA $recaptcha = get_site_option('ust_recaptcha'); require_once('includes/recaptchalib.php'); $resp = rp_recaptcha_check_answer($recaptcha['privkey'], $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); if (!$resp->is_valid) { $content['errors']->add('recaptcha', __("The reCAPTCHA wasn't entered correctly. Please try again.", 'ust')); } } else if($ust_settings['signup_protect'] == 'asirra') { require_once('includes/asirra.php'); $asirra = new AsirraValidator($_POST['Asirra_Ticket']); if (!$asirra->passed) $content['errors']->add('asirra', __("Please try to correctly identify the cats again.", 'ust')); } else if ($ust_settings['signup_protect'] == 'questions') { $ust_qa = get_site_option("ust_qa"); if (is_array($ust_qa) && count($ust_qa)) { //check the encrypted answer field $salt = get_site_option("ust_salt"); $datesalt = strtotime(date('Y-m-d H:00:00')); $valid_fields = false; foreach ($ust_qa as $qkey=>$answer) { $field_name = 'qa_'.md5($qkey.$salt.$datesalt); if (isset($_POST[$field_name])) { if (strtolower(trim($_POST[$field_name])) != strtolower(stripslashes($answer[1]))) $content['errors']->add('qa', __("Incorrect Answer. Please try again.", 'ust')); $valid_fields = true; } } //if no fields are valid try again for previous hour if (!$valid_fields) { $datesalt = strtotime('-1 hour', $datesalt); foreach ($ust_qa as $qkey=>$answer) { $field_name = 'qa_'.md5($qkey.$salt.$datesalt); if (isset($_POST[$field_name])) { if (strtolower(trim($_POST[$field_name])) != strtolower(stripslashes($answer[1]))) $content['errors']->add('qa', __("Incorrect Answer. Please try again.", 'ust')); } } } } } return $content; } function ust_signup_errorcheck_bp() { global $bp; $ust_settings = get_site_option("ust_settings"); if($ust_settings['signup_protect'] == 'recaptcha') { //check reCAPTCHA $recaptcha = get_site_option('ust_recaptcha'); require_once('includes/recaptchalib.php'); $resp = rp_recaptcha_check_answer($recaptcha['privkey'], $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); if (!$resp->is_valid) { $bp->signup->errors['recaptcha'] = __("The reCAPTCHA wasn't entered correctly. Please try again.", 'ust'); } } else if($ust_settings['signup_protect'] == 'asirra') { require_once('includes/asirra.php'); $asirra = new AsirraValidator($_POST['Asirra_Ticket']); if (!$asirra->passed) $bp->signup->errors['asirra'] = __("Please try to correctly identify the cats again.", 'ust'); } else if ($ust_settings['signup_protect'] == 'questions') { $ust_qa = get_site_option("ust_qa"); if (is_array($ust_qa) && count($ust_qa)) { //check the encrypted answer field $salt = get_site_option("ust_salt"); $datesalt = strtotime(date('Y-m-d H:00:00')); $valid_fields = false; foreach ($ust_qa as $qkey=>$answer) { $field_name = 'qa_'.md5($qkey.$salt.$datesalt); if (isset($_POST[$field_name])) { if (strtolower(trim($_POST[$field_name])) != strtolower(stripslashes($answer[1]))) $bp->signup->errors['qa'] = __("Incorrect Answer. Please try again.", 'ust'); $valid_fields = true; } } //if no fields are valid try again for previous hour if (!$valid_fields) { $datesalt = strtotime('-1 hour', $datesalt); foreach ($ust_qa as $qkey=>$answer) { $field_name = 'qa_'.md5($qkey.$salt.$datesalt); if (isset($_POST[$field_name])) { if (strtolower(trim($_POST[$field_name])) != strtolower(stripslashes($answer[1]))) $bp->signup->errors['qa'] = __("Incorrect Answer. Please try again.", 'ust'); } } } } } } //check for multiple signups from the same IP in 24 hours function ust_signup_multicheck($content) { global $wpdb; $ust_settings = get_site_option("ust_settings"); if ($ust_settings['num_signups']) { $date = date('Y-m-d H:i:s', strtotime('-1 day', time())); $ips = $wpdb->get_var("SELECT COUNT(ID) FROM {$wpdb->registration_log} WHERE IP = '{$_SERVER['REMOTE_ADDR']}' AND date_registered >= '$date'"); if ($ips > $ust_settings['num_signups']) $content['errors']->add('blogname', __("A limited number of signups can be done in a short period of time from your Internet connection. If you are not a spammer please try again in 24 hours.", 'ust')); } return $content; } //check for multiple signups from the same IP in 24 hours buddypress function ust_signup_multicheck_bp() { global $wpdb, $bp; $ust_settings = get_site_option("ust_settings"); if ($ust_settings['num_signups']) { $date = date('Y-m-d H:i:s', strtotime('-1 day', time())); $ips = $wpdb->get_var("SELECT COUNT(ID) FROM {$wpdb->registration_log} WHERE IP = '{$_SERVER['REMOTE_ADDR']}' AND date_registered >= '$date'"); if ($ips > $ust_settings['num_signups']) $bp->signup->errors['multicheck'] = __("A limited number of signups can be done in a short period of time from your Internet connection. If you are not a spammer please try again in 24 hours.", 'ust'); } } function ust_signup_multicheck_bp_error_display() { ?>
20) return substr($title, 0, 17).'...'; else return $title; } //------------------------------------------------------------------------// //---Output Functions-----------------------------------------------------// //------------------------------------------------------------------------// function ust_api_warning() { global $ust_admin_url; if (!is_super_admin()) return; $ust_settings = get_site_option("ust_settings"); $expire = get_site_option("ust_key_dismiss"); if (!$ust_settings['api_key'] && !isset($_GET['dismiss']) && !($expire && $expire > time())) echo "

".sprintf(__('Anti-Splog is not fully enabled. You must enter your WPMU DEV Premium API key to enable the powerful blog and signup checking. More info»', 'ust'), "$ust_admin_url&tab=settings", 'http://premium.wpmudev.org/project/anti-splog'). ' '.__('Dismiss', 'ust')."

"; } function ust_wpsignup_url($echo=true) { global $current_site; $ust_signup = get_site_option('ust_signup'); $original_url = network_home_url( 'wp-signup.php' ); $new_url = network_home_url( trailingslashit($ust_signup['slug']) ); if (!$ust_signup['active']) { if ($echo) { echo $original_url; } else { return $original_url; } } else { if ($echo) { echo $new_url; } else { return $new_url; } } } function ust_signup_fields($errors) { $ust_settings = get_site_option("ust_settings"); if($ust_settings['signup_protect'] == 'recaptcha') { $recaptcha = get_site_option('ust_recaptcha'); require_once('includes/recaptchalib.php'); echo ""; echo '

'; if ( $errmsg = $errors->get_error_message('recaptcha') ) { echo '

'.$errmsg.'

'; } echo '
'; echo rp_recaptcha_get_html($recaptcha['pubkey']); echo '

 
'; } else if($ust_settings['signup_protect'] == 'asirra') { echo '

'; if ( $errmsg = $errors->get_error_message('asirra') ) { echo '

'.$errmsg.'

'; } else { echo '
'; } echo ''; echo ''; } else if ($ust_settings['signup_protect'] == 'questions') { $ust_qa = get_site_option("ust_qa"); if (is_array($ust_qa) && count($ust_qa)) { $qkey = rand(0, count($ust_qa)-1); //encrypt the answer field name to make it harder for sploggers to guess. Changes every hour & different for every site. $salt = get_site_option("ust_salt"); $datesalt = strtotime(date('Y-m-d H:00:00')); $field_name = 'qa_'.md5($qkey.$salt.$datesalt); echo '

'; if ( $errmsg = $errors->get_error_message('qa') ) { echo '

'.$errmsg.'

'; } echo stripslashes($ust_qa[$qkey][0]); echo '
'; echo '
'.__('NOTE: Answers are not case sensitive.', 'ust').''; echo '

 
'; } } } function ust_signup_fields_bp() { $ust_settings = get_site_option("ust_settings"); if($ust_settings['signup_protect'] == 'recaptcha') { $recaptcha = get_site_option('ust_recaptcha'); require_once('includes/recaptchalib.php'); echo '
'; echo ""; echo ''; do_action( 'bp_recaptcha_errors' ); echo '
'; echo rp_recaptcha_get_html($recaptcha['pubkey']); echo '
'; } else if($ust_settings['signup_protect'] == 'asirra') { echo '
'; echo ''; do_action( 'bp_asirra_errors' ); echo '
'; echo ''; echo ''; echo '
'; echo ''; } else if ($ust_settings['signup_protect'] == 'questions') { $ust_qa = get_site_option("ust_qa"); if (is_array($ust_qa) && count($ust_qa)) { $qkey = rand(0, count($ust_qa)-1); //encrypt the answer field name to make it harder for sploggers to guess. Changes every hour & different for every site. $salt = get_site_option("ust_salt"); $datesalt = strtotime(date('Y-m-d H:00:00')); $field_name = 'qa_'.md5($qkey.$salt.$datesalt); echo '
'; echo ''; do_action( 'bp_qa_errors' ); echo stripslashes($ust_qa[$qkey][0]); echo '
'; echo '
'.__('NOTE: Answers are not case sensitive.', 'ust').''; echo '
'; } } } //Add CSS to signup function ust_signup_css() { ?> " . __('Nice Try...', 'ust') . "

"; //If accessed properly, this message doesn't appear. return; } //handle notice dismissal if (isset($_GET['dismiss'])) { update_site_option( 'ust_key_dismiss', strtotime("+1 month") ); ?>

user_login)) { $blogs = get_blogs_of_user( (int)$_GET['spam_user'], true ); foreach ( (array) $blogs as $key => $details ) { if ( $details->userblog_id == $current_site->blog_id ) { continue; } // main blog not a spam ! update_blog_status( $details->userblog_id, "spam", '1' ); set_time_limit(60); } update_user_status( (int)$_GET['spam_user'], "spam", '1' ); $_GET['updatedmsg'] = sprintf(__('%s blog(s) spammed for user!', 'ust'), count($blogs)); } } else if ( isset($_GET['spam_ip']) ) { //spam all blogs created or modified with the IP address $spam_ip = addslashes($_GET['spam_ip']); $query = "SELECT b.blog_id FROM {$wpdb->blogs} b, {$wpdb->registration_log} r, {$wpdb->base_prefix}ust u WHERE b.site_id = '{$wpdb->siteid}' AND b.blog_id = r.blog_id AND b.blog_id = u.blog_id AND b.spam = 0 AND (r.IP = '$spam_ip' OR u.last_ip = '$spam_ip')"; $blogs = $wpdb->get_results( $query, ARRAY_A ); foreach ( (array) $blogs as $blog ) { if ( $blog['blog_id'] == $current_site->blog_id ) { continue; } // main blog not a spam ! update_blog_status( $blog['blog_id'], "spam", '1' ); set_time_limit(60); } $_GET['updatedmsg'] = sprintf(__('%s blog(s) spammed for %s!', 'ust'), count($blogs), $spam_ip); } else if ( isset($_GET['ignore_blog']) ) { //ignore a single blog so it doesn't show up on the possible spam list ust_blog_ignore((int)$_GET['id']); } else if ( isset($_GET['unignore_blog']) ) { //unignore a single blog so it can show up on the possible spam list ust_blog_unignore((int)$_GET['id']); } else if ( isset($_GET['spam_blog']) ) { //spam a single blog update_blog_status( (int)$_GET['id'], "spam", '1' ); } else if (isset($_GET['unspam_blog'])) { update_blog_status( (int)$_GET['id'], "spam", '0' ); ust_blog_ignore( (int)$_GET['id'], false ); } else if ( $_GET['action'] == 'all_notspam' ) { $_GET['updatedmsg'] = __('Blogs marked as not spam.', 'ust'); } else if ($_GET['action'] == 'allblogs') { foreach ( (array) $_POST['allblogs'] as $key => $val ) { if( $val != '0' && $val != $current_site->blog_id ) { if ( isset($_POST['allblog_ignore']) ) { $_GET['updatedmsg'] = __('Selected Blogs Ignored.', 'ust'); ust_blog_ignore($val); set_time_limit(60); } else if ( isset($_POST['allblog_unignore']) ) { $_GET['updatedmsg'] = __('Selected Blogs Un-ignored.', 'ust'); ust_blog_unignore($val); set_time_limit(60); } else if ( isset($_POST['allblog_spam']) ) { $_GET['updatedmsg'] = __('Blogs marked as spam.', 'ust'); update_blog_status( $val, "spam", '1' ); set_time_limit(60); } } } } else if ($_GET['action'] == 'delete') { $_GET['updatedmsg'] = __('Blog Deleted!', 'ust'); } if (isset($_GET['updated']) && $_GET['updatedmsg']) { ?>

".sprintf(__('You must enable the Anti-Splog API by entering your WPMU DEV Premium API key to be able to use this feature of the plugin.', 'ust'), "$ust_admin_url&tab=settings"). "

"; _e('

This is the moderation queue for suspicious blogs. When you are sure a blog is spam, mark it so. If it is definitely a valid blog you should "ignore" it. It is best to leave blogs in here until you are sure whether they are spam or not spam, as the system learns from both actions.

', 'ust'); $apage = isset( $_GET['apage'] ) ? intval( $_GET['apage'] ) : 1; $num = isset( $_GET['num'] ) ? intval( $_GET['num'] ) : $ust_settings['paged_blogs']; $page_link = ($apage > 1) ? '&apage='.$apage : ''; //get sort if ($_GET['orderby'] == 'lastupdated') $order_by = 'b.last_updated DESC'; else if ($_GET['orderby'] == 'registered') $order_by = 'b.registered DESC'; else $order_by = 'u.certainty DESC, b.last_updated DESC'; $blogname_columns = ( constant( "VHOST" ) == 'yes' ) ? __('Domain') : __('Path'); if (is_array($ust_settings['keywords']) && count($ust_settings['keywords'])) { foreach ($ust_settings['keywords'] as $word) $keywords[] = "`post_content` LIKE '%".addslashes(trim($word))."%'"; $keyword_string = implode($keywords, ' OR '); } //if the Post Indexer plugin is installed and keywords are set if (function_exists('post_indexer_post_insert_update') && $keyword_string) { $query = "SELECT * FROM {$wpdb->blogs} b JOIN {$wpdb->registration_log} r ON b.blog_id = r.blog_id JOIN {$wpdb->base_prefix}ust u ON b.blog_id = u.blog_id LEFT JOIN (SELECT `blog_id` as bid, COUNT( `site_post_id` ) AS total FROM `{$wpdb->base_prefix}site_posts` WHERE $keyword_string GROUP BY blog_id) as s ON b.blog_id = s.bid WHERE b.site_id = '{$wpdb->siteid}' AND b.spam = '0' AND b.deleted = '0' AND b.archived = '0' AND u.`ignore` = '0' AND b.blog_id != '{$current_site->blog_id}' AND (u.certainty > 0 OR s.total > 0) ORDER BY s.total DESC, u.certainty DESC, b.last_updated DESC"; $total = $wpdb->get_var( "SELECT COUNT(b.blog_id) FROM {$wpdb->blogs} b JOIN {$wpdb->registration_log} r ON b.blog_id = r.blog_id JOIN {$wpdb->base_prefix}ust u ON b.blog_id = u.blog_id LEFT JOIN (SELECT `blog_id`, COUNT( `site_post_id` ) AS total FROM `{$wpdb->base_prefix}site_posts` WHERE $keyword_string GROUP BY blog_id) as s ON b.blog_id = s.blog_id WHERE b.site_id = '{$wpdb->siteid}' AND b.spam = '0' AND b.deleted = '0' AND b.archived = '0' AND u.`ignore` = '0' AND b.blog_id != '{$current_site->blog_id}' AND (u.certainty > 0 OR s.total > 0)"); $posts_columns = array( 'id' => __('ID', 'ust'), 'blogname' => $blogname_columns, 'ips' => __('IPs', 'ust'), 'users' => __('Blog Users', 'ust'), 'keywords' => __('Keywords', 'ust'), 'certainty' => __('Splog Certainty', 'ust'), 'lastupdated' => __('Last Updated'), 'registered' => __('Registered'), 'posts' => __('Recent Posts', 'ust') ); } else { //no post indexer $query = "SELECT * FROM {$wpdb->blogs} b JOIN {$wpdb->registration_log} r ON b.blog_id = r.blog_id JOIN {$wpdb->base_prefix}ust u ON b.blog_id = u.blog_id WHERE b.site_id = '{$wpdb->siteid}' AND b.spam = '0' AND b.deleted = '0' AND b.archived = '0' AND u.ignore = '0' AND b.blog_id != '{$current_site->blog_id}' AND u.certainty > 0 ORDER BY $order_by"; $total = $wpdb->get_var( "SELECT COUNT(b.blog_id) FROM {$wpdb->blogs} b JOIN {$wpdb->registration_log} r ON b.blog_id = r.blog_id JOIN {$wpdb->base_prefix}ust u ON b.blog_id = u.blog_id WHERE b.site_id = '{$wpdb->siteid}' AND b.spam = '0' AND b.deleted = '0' AND b.archived = '0' AND u.ignore = '0' AND b.blog_id != '{$current_site->blog_id}' AND u.certainty > 0"); $posts_columns = array( 'id' => __('ID', 'ust'), 'blogname' => $blogname_columns, 'ips' => __('IPs', 'ust'), 'users' => __('Blog Users', 'ust'), 'certainty' => __('Splog Certainty', 'ust'), 'lastupdated' => ''.__('Last Updated').'', 'registered' => ''.__('Registered').'', 'posts' => __('Recent Posts', 'ust') ); } $query .= " LIMIT " . intval( ( $apage - 1 ) * $num) . ", " . intval( $num ); $blog_list = $wpdb->get_results( $query, ARRAY_A ); $blog_navigation = paginate_links( array( 'base' => add_query_arg( 'apage', '%#%' ).$url2, 'format' => '', 'total' => ceil($total / $num), 'current' => $apage )); if ($_GET['order_by']) $page_link = $page_link . '&orderby='.urlencode($_GET['orderby']); ?>
$blog_navigation
"; ?>


$column_display_name) { $col_url = $column_display_name; ?> '; $blogname = ( constant( "VHOST" ) == 'yes' ) ? str_replace('.'.$current_site->domain, '', $blog['domain']) : $blog['path']; foreach( $posts_columns as $column_name=>$column_display_name ) { switch($column_name) { case 'id': ?> get_row("SELECT user_login, spam FROM " . $wpdb->base_prefix . "users WHERE ID = '" . $blog['last_user_id'] . "'"); $user_login = $result->user_login; $user_spam = $result->spam; ?> base_prefix}{$blog['blog_id']}_posts` WHERE post_status = 'publish' AND post_type = 'post' AND ID != '1' ORDER BY post_date DESC LIMIT {$ust_settings['paged_posts']}"; $posts = $wpdb->get_results( $query, ARRAY_A ); ?> $column_display_name) { $col_url = $column_display_name; ?>
' name='allblogs[]' value='' />
' . __('Ignore', 'ust') . ''; ?> | ' . __('Spam') . ''; ?>
Registered:
Last User: title="" href="users.php?s=" class="edit">
Last IP: 		get_blog_prefix( $blog['blog_id'] ); $blogusers = $wpdb->get_results( "SELECT user_id, user_id AS ID, user_login, display_name, user_email, spam, meta_value FROM $wpdb->users, $wpdb->usermeta WHERE {$wpdb->users}.ID = {$wpdb->usermeta}.user_id AND meta_key = '{$blog_prefix}capabilities' ORDER BY {$wpdb->usermeta}.user_id" ); if ( is_array( $blogusers ) ) { $blogusers_warning = ''; if ( count( $blogusers ) > 5 ) { $blogusers = array_slice( $blogusers, 0, 5 ); $blogusers_warning = __( 'Only showing first 5 users.' ) . ' ' . __( 'More' ) . ''; } foreach ( $blogusers as $key => $val ) { $spm_class = ($val->spam) ? ' style="color:red;"' : ''; echo '' . $val->user_login . ' '; echo '' . __('Blogs', 'ust') . ''; if ($val->spam == 0) echo ' | ' . __('Spam', 'ust') . ''; echo '
'; } if( $blogusers_warning != '' ) { echo '' . $blogusers_warning . '
'; } } ?> 		% g:i:s a'), $blog['last_updated']); ?> g:i:s a'), $blog['registered']); ?> '.ust_trim_title($title).'
'; $preview_id++; } } else { _e('No Posts', 'ust'); } ?>
$blog_navigation
"; ?>

'; foreach ($post_preview as $id => $content) { if ($ust_settings['strip']) $content = strip_tags($content, '