vb.org Archive - View Single Post

Michael Morris · #7 02-27-2005, 05:10 AM

Ok, several changes here.

1) More commentary code.
2) Blacklist is now called from a file instead of a template
3) File is included from PHPINCLUDE_START

This is currently the PHPINCLUDE_START section

PHP Code:


			
if (defined('GET_EDIT_TEMPLATES'))

{

require('./antispam.php');

}

Later we can include a post variable but for testing purposes that's just another thing that can go wrong. The GET_EDIT_TEMPLATES constant is defined true by any script we would conceivably want to watch for spam - not only vbulletin inbuilt scripts but also hacks which have inputs such as vblinks.

The other file is antispam itself for the moment. If it isn't clear with the comment code let me know.

PHP Code:


			
<?php

/*======================================================================*\

|| #################################################################### ||

|| # VbSpamicide                                                      # ||

|| # Developed by UK Jimbo & Michael Morris                           # ||

|| # Alpha Day 1                                                      # ||

|| # ---------------------------------------------------------------- # ||

|| # ---------------- VBULLETIN IS NOT FREE SOFTWARE ---------------- # ||

|| # http://www.vbulletin.com | http://www.vbulletin.com/license.html # ||

|| #################################################################### ||

\*======================================================================*/



// This script gets called by PHPINCLUDE_START, so check to see if the

// DB is initialized before running.



if (!is_object($DB_site))

{

    echo 'You can\'t access this file directly';

    exit;

}



// Define our settings.  Later we'll use variables from the $vboptions group

// To perform these assignements. For now let's tag them into the $vboptions

// array manually.

$vboptions['systemuserid'] = 2; // This is the user id for the system auto poster.

$vboptions['systemusername'] = 'Messageboard Golem'; // This is the name of the auto poster.

$vboptions['usetachy'] = false; // If set true the system adds the user to tachy goes

                                // to coventry. Tachy needs to be hardened for this to be

                                // effective.  For now we'll concentrate on banning.



$vboptions['spambangroup'] = 8; // The usergroup spammers go to.

$vboptions['reportforum'] = 4; // For now use a forum for spam reports. Later make this

                                // an option.



// Transfer the $_POST data to the variables we want to work with as necessary. This code is identical

// to newthread.php, newreply.php and editpost.php

if (isset($_POST['WYSIWYG_HTML']))

    {

        require_once('./includes/functions_wysiwyg.php');

        $spamcheck['message'] = convert_wysiwyg_html_to_bbcode($_POST['WYSIWYG_HTML'], $foruminfo['allowhtml']);

    }

    else

    {

        $spamcheck['message'] = &$_POST['message'];

    }



// Grab the blacklist text file.

$blacklist = file_get_contents('blacklist.txt');



// Explode it into an array broken down line by lines.

$spamlist = explode("\n", $blacklist);



// Now grab the blacklist template.  This template will include user defined url's seperate from

// the master blacklist.

eval('$blacklist = "' . fetch_template('mtblacklist') . '";');



// Explode it as well.

$localspamlist = explode("\n", $blacklist);



// Merge the lists.

$spamlist = array_merge($spamlist, $localspamlist);



// Use a foreach loop to iterate over the spamlist.

foreach ($spamlist as $spam)

{

    // Chop off comment text at the end of some lines as necessary

    if (strstr($spam, '#'))

    {

        $spam = substr($spam, 0, strpos($spam,"#") - 1);

    }

    

    // Check if the line is now blank because of the above operation, and if so, skip it.

    if (!strstr($spam, '#') AND strlen($spam) != 0) 

    {

        // Now use a regluar expression to check known for URL's off the blacklist.

        if (eregi(trim($spam), $spamcheck['message']))

        {

            // Ok, true.  For now we will go ahead and report the post in a designated forum.

            // Later we will choose from a number of branch actions.



            // Grab the forum info for the report post forum

            $report_foruminfo = fetch_foruminfo($vboptions['reportforum']);



            // Create a report post array.

            $reportpost = array(

                'username' => $vboptions['systemusername'],

                'userid' => $vboptions['systemuserid'],

                'title' => 'Spam Alert: ' . trim(htmlspecialchars_uni($_POST['subject'])),

                'emailupdate' => 9999

            );

        

            // This template isn't cached.  It's used so rarely will it need to be?

            eval('$reportpost[message] = "' . fetch_template('spam_alert') . '";');



            // Call the library containing function build new post

            require_once('./includes/functions_newpost.php');

            

            // Call build new post and make the report.

            build_new_post('thread', $report_foruminfo, array(), 0, $reportpost, $errors);

        

            // Now begin the banning proceedure.

        

            // check to see if there is already a ban record for this user in the userban table

            if ($check = $DB_site->query_first("SELECT userid, liftdate FROM " . TABLE_PREFIX . "userban WHERE userid = $bbuserinfo[userid]"))

            {

                // there is already a record - just update this record

                $DB_site->query("

                    UPDATE " . TABLE_PREFIX . "userban SET

                    adminid = $vboptions[systemuserid],

                    bandate = " . TIMENOW . ",

                    liftdate = 0

                    WHERE userid = $bbuserinfo[userid]

                ");

            }

            else

            {

                // insert a record into the userban table

                $DB_site->query("

                    INSERT INTO " . TABLE_PREFIX . "userban

                    (userid, usergroupid, displaygroupid, customtitle, usertitle, adminid, bandate, liftdate)

                    VALUES

                    ($bbuserinfo[userid], $bbuserinfo[usergroupid], $bbuserinfo[displaygroupid], $bbuserinfo[customtitle], '" . addslashes($bbuserinfo['usertitle']) . "', $vboptions[systemuserid], " . TIMENOW . ", 0)

                ");

            }

        

            // update the user record

            $DB_site->query("

                UPDATE " . TABLE_PREFIX . "user SET

                $bantitlesql

                usergroupid = $vboptions[spambangroup],

                displaygroupid = $vboptions[spambangroup]

                WHERE userid = $bbuserinfo[userid]

            ");

            

            // Now parse some global templates which haven't been called yet (we arrive here from

            // PHPINCLUDE_START

            

            eval('$timezone = "' . fetch_template('timezone') . '";');

            eval('$gobutton = "' . fetch_template('gobutton') . '";');

            eval('$spacer_open = "' . fetch_template('spacer_open') . '";');

            eval('$spacer_close = "' . fetch_template('spacer_close') . '";');

            

            // parse headinclude, header & footer

            eval('$headinclude = "' . fetch_template('headinclude') . '";');

            eval('$header = "' . fetch_template('header') . '";');

            eval('$footer = "' . fetch_template('footer') . '";');



            // Inform the user that they've been spam banned.            

            eval(print_standard_error('error_nospam'));

        }

    }

}



?>

EDIT: There is now a local list above. Moving on to work on getting the system to "learn" bad URL's.

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01120 seconds Memory Usage 1,884KB Queries Executed 11 (?)
More Information
Template Usage: (1)SHOWTHREAD_SHOWPOST (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (2)bbcode_php (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)post_thanks_box (1)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (1)post_thanks_postbit_info (1)postbit (1)postbit_onlinestatus (1)postbit_wrapper (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit reputationlevel showthread	Included Files: ./showpost.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_postinfo_query fetch_postinfo fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showpost_start bbcode_fetch_tags bbcode_create postbit_factory showpost_post postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start showpost_complete
Messages: