b2evolution PHP Cross Reference Blogging Systems

Source: /inc/antispam/views/_antispam_ban.form.php - 268 lines - 9605 bytes - Text - Print

Description: This file implements the UI controller for the antispam management.

   1  <?php
   2  /**
   3   * This file implements the UI controller for the antispam management.
   4   *
   5   * This file is part of the b2evolution/evocms project - {@link http://b2evolution.net/}.
   6   * See also {@link http://sourceforge.net/projects/evocms/}.
   7   *
   8   * @copyright (c)2003-2014 by Francois Planque - {@link http://fplanque.com/}.
   9   *
  10   * @license http://b2evolution.net/about/license.html GNU General Public License (GPL)
  11   *
  12   * {@internal Open Source relicensing agreement:
  13   * }}
  14   *
  15   * @package admin
  16   *
  17   * {@internal Below is a list of authors who have contributed to design/coding of this file: }}
  18   *
  19   * @todo Allow applying / re-checking of the known data, not just after an update!
  20   *
  21   * @version $Id: _antispam_ban.form.php 6136 2014-03-08 07:59:48Z manuel $
  22   */
  23  if( !defined('EVO_MAIN_INIT') ) die( 'Please, do not access this page directly.' );
  24  
  25  global $Settings, $current_User;
  26  global $keyword;
  27  
  28  global $row_stats;    // for hit functions
  29  
  30  $Form = new Form( NULL, 'antispam_ban', 'post', 'compact' );
  31  
  32  $redirect_to = param( 'redirect_to', 'url', NULL );
  33  if( $redirect_to == NULL )
  34  {
  35      $redirect_to = regenerate_url( 'action' );
  36  }
  37  
  38  $Form->global_icon( T_('Cancel!'), 'close', $redirect_to, '', 3, 2, array( 'class'=>'action_icon', 'id'=>'close_button' ) );
  39  
  40  $Form->begin_form( 'fform',  T_('Confirm ban & delete') );
  41  
  42      $Form->add_crumb( 'antispam' );
  43      $Form->hidden_ctrl();
  44      $Form->hiddens_by_key( get_memorized() );
  45      $Form->hidden( 'confirm', 'confirm' );
  46  
  47      // Check for junk:
  48  
  49      // Check for potentially affected logged hits:
  50      $sql = 'SELECT SQL_NO_CACHE hit_ID, UNIX_TIMESTAMP(hit_datetime) as hit_datetime, hit_uri, hit_referer, dom_name,
  51                                      hit_blog_ID, hit_remote_addr, blog_shortname
  52                       FROM T_hitlog INNER JOIN T_basedomains ON hit_referer_dom_ID = dom_ID
  53                                   LEFT JOIN T_blogs ON hit_blog_ID = blog_ID
  54                      WHERE hit_referer LIKE '.$DB->quote('%'.$keyword.'%').'
  55                      ORDER BY dom_name ASC
  56                      LIMIT 500';
  57      $res_affected_hits = $DB->get_results( $sql, ARRAY_A );
  58      if( $DB->num_rows == 0 )
  59      { // No matching hits.
  60          printf( '<p>'.T_('No <strong>log-hits</strong> match the keyword [%s].').'</p>', htmlspecialchars($keyword) );
  61      }
  62      else
  63      {
  64      ?>
  65          <p>
  66              <input type="checkbox" name="delhits" id="delhits_cb" value="1" checked="checked" />
  67              <label for="delhits_cb">
  68              <?php printf ( T_('Delete the following %s <strong>referer hits</strong>:'), $DB->num_rows == 500 ? '500+' : $DB->num_rows ) ?>
  69              </label>
  70          </p>
  71          <table class="grouped" cellspacing="0">
  72              <thead>
  73              <tr>
  74                  <th class="firstcol"><?php echo T_('Date') ?></th>
  75                  <th><?php echo T_('Referer') ?></th>
  76                  <th><?php echo T_('Ref. IP') ?></th>
  77                  <th><?php echo T_('Target Blog') ?></th>
  78                  <th><?php echo T_('Target URL') ?></th>
  79              </tr>
  80              </thead>
  81              <tbody>
  82              <?php
  83              load_funcs('sessions/model/_hitlog.funcs.php');
  84              $count = 0;
  85              foreach( $res_affected_hits as $row_stats )
  86              {
  87                  ?>
  88                  <tr class="<?php echo ($count%2 == 1) ? 'odd' : 'even' ?>">
  89                      <td class="firstcol"><?php stats_time() ?></td>
  90                      <td><a href="<?php stats_referer() ?>"><?php stats_basedomain() ?></a></td>
  91                      <td class="center"><?php stats_hit_remote_addr() ?></td>
  92                      <td><?php echo format_to_output( $row_stats['blog_shortname'], 'htmlbody' ); ?></td>
  93                      <td><?php disp_url( $row_stats['hit_uri'], 50 ); ?></td>
  94                  </tr>
  95                  <?php
  96                  $count++;
  97              } ?>
  98              </tbody>
  99          </table>
 100      <?php
 101      }
 102  
 103      // Check for potentially affected comments:
 104      $sql = 'SELECT *
 105                  FROM T_comments
 106               WHERE comment_author LIKE '.$DB->quote('%'.$keyword.'%').'
 107                   OR comment_author_email LIKE '.$DB->quote('%'.$keyword.'%').'
 108                    OR comment_author_url LIKE '.$DB->quote('%'.$keyword.'%').'
 109                      OR comment_content LIKE '.$DB->quote('%'.$keyword.'%').'
 110               ORDER BY comment_date ASC
 111               LIMIT 500';
 112      $res_affected_comments = $DB->get_results( $sql, OBJECT, 'Find matching comments' );
 113      if( $DB->num_rows == 0 )
 114      { // No matching hits.
 115          printf( '<p>'.T_('No <strong>comments</strong> match the keyword [%s].').'</p>', htmlspecialchars($keyword) );
 116      }
 117      else
 118      { // create comment arrays
 119          $comments_by_status = array( 'published' => array(), 'community' => array(), 'protected' => array(), 'private' => array(), 'draft' => array(), 'review' => array(), 'deprecated' => array() );
 120          $no_perms_count = array( 'published' => 0, 'community' => 0, 'protected' => 0, 'private' => 0, 'draft' => 0, 'review' => 0, 'deprecated' => 0 );
 121          foreach( $res_affected_comments as $row_stats )
 122          { // select comments
 123              $affected_Comment = new Comment($row_stats);
 124              $comment_status = $affected_Comment->get( 'status' );
 125              if( $comment_status == 'trash' )
 126              { // This comment was already deleted
 127                  continue;
 128              }
 129              if( !$current_User->check_perm( 'comment!CURSTATUS', 'edit', false, $affected_Comment ) )
 130              { // no permission to delete
 131                  $no_perms_count[$comment_status] = $no_perms_count[$comment_status] + 1;
 132                  continue;
 133              }
 134              // Add comment to the corresponding list
 135              $comments_by_status[$comment_status][] = $affected_Comment;
 136          }
 137  
 138          // show comments
 139          foreach( $comments_by_status as $status => $comments )
 140          {
 141              echo_affected_comments( $comments, $status, $keyword, $no_perms_count[$status] );
 142          }
 143      }
 144  
 145      // Check for potentially affected comments:
 146      $quoted_keyword = $DB->quote('%'.$keyword.'%');
 147      $sql = 'SELECT DISTINCT T_users.*
 148                  FROM T_users 
 149                      LEFT JOIN T_users__fields ON user_ID = uf_user_ID
 150                      LEFT JOIN T_users__usersettings user_domain_setting ON user_ID = user_domain_setting.uset_user_ID AND user_domain_setting.uset_name = "user_domain"
 151               WHERE user_url LIKE '.$quoted_keyword.'
 152                   OR user_email LIKE '.$quoted_keyword.'
 153                   OR user_domain_setting.uset_value LIKE '.$quoted_keyword.'
 154                   OR user_nickname LIKE '.$quoted_keyword.'
 155                   OR user_firstname LIKE '.$quoted_keyword.'
 156                   OR user_lastname LIKE '.$quoted_keyword.'
 157                   OR user_login LIKE '.$quoted_keyword.'
 158                   OR uf_varchar LIKE '.$quoted_keyword.'
 159               ORDER BY user_login ASC
 160               LIMIT 500';
 161      $res_affected_users = $DB->get_results( $sql, OBJECT, 'Find matching users' );
 162      if( $DB->num_rows != 0 )
 163      {
 164          if( ! $current_User->check_perm( 'users', 'view', false ) )
 165          { // current user has no permission to view users
 166              printf( '<p>'.T_('There are %d matching <strong>users</strong> but you have no permission to see them.').'</p>', $DB->num_rows );
 167          }
 168          else
 169          { // matching found, and current user has permission to view -> display users table
 170              ?>
 171              <p><label><strong><?php echo( T_('Affected users').':' )?></strong></label></p>
 172              <table class="grouped" cellspacing="0">
 173                  <thead><tr>
 174                  <th class="firstcol"><?php printf( T_('Login') )?></th>
 175                  <th><?php echo( T_('First name') )?></th>
 176                  <th><?php echo( T_('Last name') )?></th>
 177                  <th><?php echo( T_('Nickname') )?></th>
 178                  <th><?php echo( T_('URL') )?></th>
 179                  </tr></thead>
 180                   <?php
 181                   $count = 0;
 182                  $current_user_edit_perm = $current_User->check_perm( 'users', 'edit', false );
 183                  foreach( $res_affected_users as $row_stats )
 184                  { // Display affected users
 185                      $affected_User = new User($row_stats);
 186                      ?>
 187                      <tr class="<?php echo ($count%2 == 1) ? 'odd' : 'even' ?>">
 188                      <td class="firstcol">
 189                          <?php
 190                          if( $current_user_edit_perm )
 191                          {
 192                              echo '<a href="?ctrl=user&amp;user_tab=profile&amp;user_ID='
 193                                  .$affected_User->ID.'"><strong>'.$affected_User->login.'</strong></a>';
 194                          }
 195                          else
 196                          {
 197                              echo '<strong>'.$affected_User->login.'</strong>';
 198                          }
 199                          ?>
 200                      </td>
 201                      <td><?php echo $affected_User->first_name() ?></td>
 202                      <td><?php echo $affected_User->last_name() ?></td>
 203                      <td><?php echo $affected_User->nick_name() ?></td>
 204                      <td><?php echo '<strong>'.$affected_User->get('url').'</strong>' ?></td>
 205                      </tr>
 206                      <?php
 207                      $count++;
 208                  }
 209                   ?>
 210              </table>
 211              <?php
 212          }
 213      }
 214      else
 215      { // There is no affected users
 216          printf( '<p>'.T_('No <strong>users</strong> match the keyword [%s]').'</p>', $keyword );
 217      }
 218  
 219      // Check if the string is already in the blacklist:
 220      if( antispam_check($keyword) )
 221      { // Already there:
 222          printf( '<p>'.T_('The keyword [%s] is <strong>already handled</strong> by the blacklist.').'</p>', htmlspecialchars($keyword) );
 223      }
 224      else
 225      { // Not in blacklist
 226          ?>
 227          <p>
 228          <input type="checkbox" name="blacklist_locally" id="blacklist_locally_cb" value="1" checked="checked" />
 229          <label for="blacklist_locally_cb">
 230              <?php printf ( T_('<strong>Blacklist</strong> the keyword [%s] locally.'), htmlspecialchars($keyword) ) ?>
 231          </label>
 232          </p>
 233  
 234          <?php
 235          if( $Settings->get('antispam_report_to_central') )
 236          {
 237              ?>
 238              <p>
 239              <input type="checkbox" name="report" id="report_cb" value="1" checked="checked" />
 240              <label for="report_cb">
 241                  <?php printf ( T_('<strong>Report</strong> the keyword [%s] as abuse to b2evolution.net.'), htmlspecialchars($keyword) ) ?>
 242              </label>
 243              [<a href="http://b2evolution.net/about/terms.html"><?php echo T_('Terms of service') ?></a>]
 244              </p>
 245              <?php
 246          }
 247      }
 248  
 249      $Form->buttons( array(
 250          array( '', 'actionArray[ban]', T_('Perform selected operations'), 'DeleteButton' ),
 251      ) );
 252  
 253  $Form->end_form();
 254  
 255  
 256  $Form = new Form( NULL, 'antispam_add', 'post', 'compact' );
 257  $Form->begin_form( 'fform', T_('Add a banned keyword') );
 258      $Form->add_crumb('antispam');
 259      $Form->hidden_ctrl();
 260      $Form->hidden( 'action', 'ban' );
 261      $Form->text( 'keyword', $keyword, 50, T_('Keyword/phrase to ban'), '', 80 ); // TODO: add note
 262      /*
 263       * TODO: explicitly add a domain?
 264       * $add_Form->text( 'domain', $domain, 30, T_('Add a banned domain'), 'note..', 80 ); // TODO: add note
 265       */
 266  $Form->end_form( array( array( 'submit', 'submit', T_('Check & ban...'), 'SaveButton' ) ) );
 267  
 268  ?>

title

Description

title

Description

title

Description

title

title

Body