Now operational: submitting profile spammers to StopForumSpam with extensive evidence info
1 files changed, 121 insertions(+), 4 deletions(-)

M upload/admincp/checkspam.php
M upload/admincp/checkspam.php +121 -4
@@ 2,10 2,127 @@ 
 
 // CheckSpam v1.0 - Submit user to StopForumSpam
 
+$CS_stopforumspan_apikey = '';
+$CS_process_usergroup = 2;
+
 require_once('./global.php');
-require_once(DIR . '/includes/adminfunctions.php');
+require_once(DIR . '/includes/adminfunctions_profilefield.php');
+require_once(DIR . '/includes/adminfunctions_user.php');
+
+if (!can_administer('canadminusers'))
+{
+	print_cp_no_permission();
+}
+
+print_cp_header('Checkspam - Submit user to StopForumSpam');
 
-if (isset($_REQUEST['do']) && ($_REQUEST['do'] == 'cs-sfs-confirm'))
+if (isset($_REQUEST['do']) && ($_REQUEST['do'] == 'confirm'))
 {
-    print_confirmation('Are you sure?', 'checkspam.php', 'cs-sfs-submit');
-}
  No newline at end of file
+	$userid = intval($_REQUEST['u']);
+	$sql = 'SELECT '.TABLE_PREFIX.'user.userid, '.TABLE_PREFIX.'user.usergroupid, '.TABLE_PREFIX.'user.username, '.TABLE_PREFIX.'user.email, '.TABLE_PREFIX.'user.ipaddress, '
+					.TABLE_PREFIX.'user.homepage, '.TABLE_PREFIX.'user.birthday, '.TABLE_PREFIX.'userfield.field1 AS biography, '.TABLE_PREFIX.'userfield.field2 AS location, '
+					.TABLE_PREFIX.'userfield.field3 AS interests, '.TABLE_PREFIX.'userfield.field4 AS occupation, '.TABLE_PREFIX.'userfield.field8 AS gender, '.TABLE_PREFIX.'usertextfield.signature '
+					.'FROM '.TABLE_PREFIX.'user '
+					.'INNER JOIN '.TABLE_PREFIX.'userfield ON ('.TABLE_PREFIX.'userfield.userid = '.TABLE_PREFIX.'user.userid) '
+					.'INNER JOIN '.TABLE_PREFIX.'usertextfield ON ('.TABLE_PREFIX.'usertextfield.userid = '.TABLE_PREFIX.'user.userid) '
+					.'WHERE '.TABLE_PREFIX.'user.userid='.$userid;
+	$result = $vbulletin->db->query($sql);
+	if ($vbulletin->db->num_rows($result) > 0)
+	{
+	    $row = $vbulletin->db->fetch_array($result);
+		if ($row['usergroupid'] != $CS_process_usergroup)
+			print_cp_message('<b>Error:</b> user is not in valid usergroup', 'user.php', 3);
+		if (empty(trim($row['homepage'])))
+			print_cp_message('<b>Error:</b> user has no homepage set', 'user.php', 3);
+		else
+		{
+			if (!empty($row['birthday']))
+			{
+				try {
+					$tz  = new DateTimeZone('UTC');
+					$row['birthday'] .= ' ('.DateTime::createFromFormat('m-d-Y', $row['birthday'], $tz)->diff(new DateTime('now', $tz))->y.'yo)';
+				} catch (Exception $e) {
+				}
+			}
+			$row['country'] = geoip_country_code_by_name($row['ipaddress']).' ('.geoip_country_name_by_name($row['ipaddress']).')';
+			$row['hostname'] = gethostbyaddr($row['ipaddress']);
+			$p = explode('.', $row['ipaddress']);
+			$result = dns_get_record($p[3].'.'.$p[2].'.'.$p[1].'.'.$p[0].'.origin.asn.cymru.com', DNS_TXT);
+			if (is_array($result) && (count($result) > 0))
+			{
+				$p = preg_split('/[\s]+/', $result[0]['txt']);
+				$asn = intval($p[0]);
+				$row['network'] = 'AS'.$asn;
+				$result = dns_get_record('AS'.$asn.'.asn.cymru.com', DNS_TXT);
+				if (is_array($result) && (count($result) > 0))
+				{
+					$p = explode('|', $result[0]['txt']);
+					$row['network'] .= ' - '.trim($p[4]);
+				}
+			}
+			$data = array();
+			$data[] = 'IP address:   '.$row['ipaddress'];
+			$data[] = 'Username:     '.$row['username'];
+			$data[] = 'Email:        '.$row['email'];
+			$evidence = array();
+			$evidence[] = '*** Suspected profile spammer - manually submitted to StopForumSpam through vBulletin Admin CP *** ';
+			$evidence[] = '';
+			$evidence[] = 'Homepage:     '.$row['homepage'];
+			$evidence[] = '';
+			if (!empty($row['signature']))
+			{
+				$evidence[] = 'Signature:    '.str_replace("\n", "\n              ", $row['signature']);
+				$evidence[] = '';
+			}
+			$evidence[] = 'Country:      '.$row['country'];
+			$evidence[] = 'Hostname:     '.$row['hostname'];
+			if (isset($row['network']))
+				$evidence[] = 'Network:      '.$row['network'];
+			if (!empty($row['biography']) || !empty($row['interests']))
+			{
+				$evidence[] = '';
+				$evidence[] = 'Birthday:     '.$row['birthday'];
+				$evidence[] = 'Biography:    '.str_replace("\n", "\n              ", $row['biography']);
+				$evidence[] = 'Location:     '.$row['location'];
+				$evidence[] = 'Interests:    '.$row['interests'];
+				$evidence[] = 'Occupation:   '.$row['occupation'];
+				$evidence[] = 'Gender:       '.$row['gender'];
+				$evidence[] = '';
+				$evidence[] = '(profile fields provided to illustrate likelihood user is a spambot)';
+			}
+			$fields = array();
+			$fields['userid'] = $row['userid'];
+			$fields['ipaddress'] = $row['ipaddress'];
+			$fields['username'] = $row['username'];
+			$fields['email'] = $row['email'];
+			$fields['evidence'] = implode("\n", $evidence);
+			print_confirmation('Are you sure you want to report user as a profile spammer? The following evidence will be provided to <b>StopForumSpam</b>: <pre>'.implode("\n", $data)."\n\n".implode("\n", $evidence).'</pre>', 'checkspam', 'submit', $fields);
+		}
+	}
+	else
+		print_cp_message('<b>Error:</b> user not found', 'user.php', 3);
+}
+elseif (isset($_REQUEST['do']) && ($_REQUEST['do'] == 'submit'))
+{
+	$fields = array();
+	$fields['username'] = utf8_encode($_REQUEST['username']);
+	$fields['ip_addr'] = utf8_encode($_REQUEST['ipaddress']);
+	$fields['email'] = utf8_encode($_REQUEST['email']);
+	$fields['api_key'] = utf8_encode($CS_stopforumspan_apikey);
+	$fields['evidence'] = utf8_encode($_REQUEST['evidence']);
+	$postfields = http_build_query($fields);
+	$c = curl_init();
+	curl_setopt($c, CURLOPT_URL, 'https://www.stopforumspam.com/add.php');
+	curl_setopt($c, CURLOPT_POST, 1);
+	curl_setopt($c, CURLOPT_POSTFIELDS, $postfields);
+	curl_setopt($c, CURLOPT_RETURNTRANSFER, true);
+	curl_setopt($c, CURLOPT_SSL_VERIFYHOST, false);
+	curl_setopt($c, CURLOPT_SSL_VERIFYPEER, false);
+	$result = curl_exec ($c);
+	curl_close ($c);
+	if (stristr($result,'success') === false)
+		exit($result);
+	print_cp_redirect("user.php?" . $vbulletin->session->vars['sessionurl'] . "do=remove&amp;u=" . intval($_REQUEST['userid']), 1);
+}
+
+print_cp_footer();
  No newline at end of file