# HG changeset patch # User Gerard Krijgsman # Date 1450613792 -3600 # Sun Dec 20 13:16:32 2015 +0100 # Node ID 8cdb5a96fe3d47947da50aea62e4a7f4acba2937 # Parent bb11e405a95522aeaec31e8435f47f9fc5aa1c19 Now operational: submitting profile spammers to StopForumSpam with extensive evidence info diff --git a/upload/admincp/checkspam.php b/upload/admincp/checkspam.php --- a/upload/admincp/checkspam.php +++ b/upload/admincp/checkspam.php @@ -2,10 +2,127 @@ // CheckSpam v1.0 - Submit user to StopForumSpam +$CS_stopforumspan_apikey = ''; +$CS_process_usergroup = 2; + require_once('./global.php'); -require_once(DIR . '/includes/adminfunctions.php'); +require_once(DIR . '/includes/adminfunctions_profilefield.php'); +require_once(DIR . '/includes/adminfunctions_user.php'); + +if (!can_administer('canadminusers')) +{ + print_cp_no_permission(); +} + +print_cp_header('Checkspam - Submit user to StopForumSpam'); -if (isset($_REQUEST['do']) && ($_REQUEST['do'] == 'cs-sfs-confirm')) +if (isset($_REQUEST['do']) && ($_REQUEST['do'] == 'confirm')) { - print_confirmation('Are you sure?', 'checkspam.php', 'cs-sfs-submit'); -} \ No newline at end of file + $userid = intval($_REQUEST['u']); + $sql = 'SELECT '.TABLE_PREFIX.'user.userid, '.TABLE_PREFIX.'user.usergroupid, '.TABLE_PREFIX.'user.username, '.TABLE_PREFIX.'user.email, '.TABLE_PREFIX.'user.ipaddress, ' + .TABLE_PREFIX.'user.homepage, '.TABLE_PREFIX.'user.birthday, '.TABLE_PREFIX.'userfield.field1 AS biography, '.TABLE_PREFIX.'userfield.field2 AS location, ' + .TABLE_PREFIX.'userfield.field3 AS interests, '.TABLE_PREFIX.'userfield.field4 AS occupation, '.TABLE_PREFIX.'userfield.field8 AS gender, '.TABLE_PREFIX.'usertextfield.signature ' + .'FROM '.TABLE_PREFIX.'user ' + .'INNER JOIN '.TABLE_PREFIX.'userfield ON ('.TABLE_PREFIX.'userfield.userid = '.TABLE_PREFIX.'user.userid) ' + .'INNER JOIN '.TABLE_PREFIX.'usertextfield ON ('.TABLE_PREFIX.'usertextfield.userid = '.TABLE_PREFIX.'user.userid) ' + .'WHERE '.TABLE_PREFIX.'user.userid='.$userid; + $result = $vbulletin->db->query($sql); + if ($vbulletin->db->num_rows($result) > 0) + { + $row = $vbulletin->db->fetch_array($result); + if ($row['usergroupid'] != $CS_process_usergroup) + print_cp_message('Error: user is not in valid usergroup', 'user.php', 3); + if (empty(trim($row['homepage']))) + print_cp_message('Error: user has no homepage set', 'user.php', 3); + else + { + if (!empty($row['birthday'])) + { + try { + $tz = new DateTimeZone('UTC'); + $row['birthday'] .= ' ('.DateTime::createFromFormat('m-d-Y', $row['birthday'], $tz)->diff(new DateTime('now', $tz))->y.'yo)'; + } catch (Exception $e) { + } + } + $row['country'] = geoip_country_code_by_name($row['ipaddress']).' ('.geoip_country_name_by_name($row['ipaddress']).')'; + $row['hostname'] = gethostbyaddr($row['ipaddress']); + $p = explode('.', $row['ipaddress']); + $result = dns_get_record($p[3].'.'.$p[2].'.'.$p[1].'.'.$p[0].'.origin.asn.cymru.com', DNS_TXT); + if (is_array($result) && (count($result) > 0)) + { + $p = preg_split('/[\s]+/', $result[0]['txt']); + $asn = intval($p[0]); + $row['network'] = 'AS'.$asn; + $result = dns_get_record('AS'.$asn.'.asn.cymru.com', DNS_TXT); + if (is_array($result) && (count($result) > 0)) + { + $p = explode('|', $result[0]['txt']); + $row['network'] .= ' - '.trim($p[4]); + } + } + $data = array(); + $data[] = 'IP address: '.$row['ipaddress']; + $data[] = 'Username: '.$row['username']; + $data[] = 'Email: '.$row['email']; + $evidence = array(); + $evidence[] = '*** Suspected profile spammer - manually submitted to StopForumSpam through vBulletin Admin CP *** '; + $evidence[] = ''; + $evidence[] = 'Homepage: '.$row['homepage']; + $evidence[] = ''; + if (!empty($row['signature'])) + { + $evidence[] = 'Signature: '.str_replace("\n", "\n ", $row['signature']); + $evidence[] = ''; + } + $evidence[] = 'Country: '.$row['country']; + $evidence[] = 'Hostname: '.$row['hostname']; + if (isset($row['network'])) + $evidence[] = 'Network: '.$row['network']; + if (!empty($row['biography']) || !empty($row['interests'])) + { + $evidence[] = ''; + $evidence[] = 'Birthday: '.$row['birthday']; + $evidence[] = 'Biography: '.str_replace("\n", "\n ", $row['biography']); + $evidence[] = 'Location: '.$row['location']; + $evidence[] = 'Interests: '.$row['interests']; + $evidence[] = 'Occupation: '.$row['occupation']; + $evidence[] = 'Gender: '.$row['gender']; + $evidence[] = ''; + $evidence[] = '(profile fields provided to illustrate likelihood user is a spambot)'; + } + $fields = array(); + $fields['userid'] = $row['userid']; + $fields['ipaddress'] = $row['ipaddress']; + $fields['username'] = $row['username']; + $fields['email'] = $row['email']; + $fields['evidence'] = implode("\n", $evidence); + print_confirmation('Are you sure you want to report user as a profile spammer? The following evidence will be provided to StopForumSpam:
'.implode("\n", $data)."\n\n".implode("\n", $evidence).'
', 'checkspam', 'submit', $fields); + } + } + else + print_cp_message('Error: user not found', 'user.php', 3); +} +elseif (isset($_REQUEST['do']) && ($_REQUEST['do'] == 'submit')) +{ + $fields = array(); + $fields['username'] = utf8_encode($_REQUEST['username']); + $fields['ip_addr'] = utf8_encode($_REQUEST['ipaddress']); + $fields['email'] = utf8_encode($_REQUEST['email']); + $fields['api_key'] = utf8_encode($CS_stopforumspan_apikey); + $fields['evidence'] = utf8_encode($_REQUEST['evidence']); + $postfields = http_build_query($fields); + $c = curl_init(); + curl_setopt($c, CURLOPT_URL, 'https://www.stopforumspam.com/add.php'); + curl_setopt($c, CURLOPT_POST, 1); + curl_setopt($c, CURLOPT_POSTFIELDS, $postfields); + curl_setopt($c, CURLOPT_RETURNTRANSFER, true); + curl_setopt($c, CURLOPT_SSL_VERIFYHOST, false); + curl_setopt($c, CURLOPT_SSL_VERIFYPEER, false); + $result = curl_exec ($c); + curl_close ($c); + if (stristr($result,'success') === false) + exit($result); + print_cp_redirect("user.php?" . $vbulletin->session->vars['sessionurl'] . "do=remove&u=" . intval($_REQUEST['userid']), 1); +} + +print_cp_footer(); \ No newline at end of file