PageRenderTime 46ms CodeModel.GetById 11ms RepoModel.GetById 1ms app.codeStats 0ms

/admin/tool/spamcleaner/index.php

https://bitbucket.org/kudutest1/moodlegit
PHP | 336 lines | 256 code | 62 blank | 18 comment | 46 complexity | c86fee83b8053ef2d5242d4d8362ec85 MD5 | raw file
    

  1. <?php
    2. 

  2. 

  3. /**
    4. 

  4.  * Spam Cleaner
    5. 

  5.  *
    6. 

  6.  * Helps an admin to clean up spam in Moodle
    7. 

  7.  *
    8. 

  8.  * @authors Dongsheng Cai, Martin Dougiamas, Amr Hourani
    9. 

  9.  * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
    10. 

  10.  */
    11. 

  11. 

  12. // List of known spammy keywords, please add more here
    13. 

  13. 

  14. /////////////////////////////////////////////////////////////////////////////////
    15. 

  15. 

  16. require_once('../../../config.php');
    17. 

  17. require_once($CFG->libdir.'/adminlib.php');
    18. 

  18. 

  19. 

  20. // Configuration
    21. 

  21. 

  22. $autokeywords = array(
    23. 

  23.                     "<img",
    24. 

  24.                     "fuck",
    25. 

  25.                     "casino",
    26. 

  26.                     "porn",
    27. 

  27.                     "xxx",
    28. 

  28.                     "cialis",
    29. 

  29.                     "viagra",
    30. 

  30.                     "poker",
    31. 

  31.                     "warcraft"
    32. 

  32.                 );
    33. 

  33. 

  34. $keyword = optional_param('keyword', '', PARAM_RAW);
    35. 

  35. $autodetect = optional_param('autodetect', '', PARAM_RAW);
    36. 

  36. $del = optional_param('del', '', PARAM_RAW);
    37. 

  37. $delall = optional_param('delall', '', PARAM_RAW);
    38. 

  38. $ignore = optional_param('ignore', '', PARAM_RAW);
    39. 

  39. $reset = optional_param('reset', '', PARAM_RAW);
    40. 

  40. $id = optional_param('id', '', PARAM_INT);
    41. 

  41. 

  42. require_login();
    43. 

  43. admin_externalpage_setup('toolspamcleaner');
    44. 

  44. 

  45. // Delete one user
    46. 

  46. if (!empty($del) && confirm_sesskey() && ($id != $USER->id)) {
    47. 

  47.     if (isset($SESSION->users_result[$id])) {
    48. 

  48.         $user = $SESSION->users_result[$id];
    49. 

  49.         if (delete_user($user)) {
    50. 

  50.             unset($SESSION->users_result[$id]);
    51. 

  51.             echo json_encode(true);
    52. 

  52.         } else {
    53. 

  53.             echo json_encode(false);
    54. 

  54.         }
    55. 

  55.     } else {
    56. 

  56.         echo json_encode(false);
    57. 

  57.     }
    58. 

  58.     exit;
    59. 

  59. }
    60. 

  60. 

  61. // Delete lots of users
    62. 

  62. if (!empty($delall) && confirm_sesskey()) {
    63. 

  63.     if (!empty($SESSION->users_result)) {
    64. 

  64.         foreach ($SESSION->users_result as $userid => $user) {
    65. 

  65.             if ($userid != $USER->id) {
    66. 

  66.                 if (delete_user($user)) {
    67. 

  67.                     unset($SESSION->users_result[$userid]);
    68. 

  68.                 }
    69. 

  69.             }
    70. 

  70.         }
    71. 

  71.     }
    72. 

  72.     echo json_encode(true);
    73. 

  73.     exit;
    74. 

  74. }
    75. 

  75. 

  76. if (!empty($ignore)) {
    77. 

  77.     unset($SESSION->users_result[$id]);
    78. 

  78.     echo json_encode(true);
    79. 

  79.     exit;
    80. 

  80. }
    81. 

  81. 

  82. $PAGE->requires->js_init_call('M.tool_spamcleaner.init', array(me()), true);
    83. 

  83. $strings = Array('spaminvalidresult','spamdeleteallconfirm','spamcannotdelete','spamdeleteconfirm');
    84. 

  84. $PAGE->requires->strings_for_js($strings, 'tool_spamcleaner');
    85. 

  85. 

  86. echo $OUTPUT->header();
    87. 

  87. 

  88. // Print headers and things
    89. 

  89. echo $OUTPUT->box(get_string('spamcleanerintro', 'tool_spamcleaner'));
    90. 

  90. 

  91. echo $OUTPUT->box_start();     // The forms section at the top
    92. 

  92. 

  93. ?>
    94. 

  94. 

  95. <div class="mdl-align">
    96. 

  96. 

  97. <form method="post" action="index.php">
    98. 

  98.   <div>
    99. 

  99.     <label class="accesshide" for="keyword_el"><?php print_string('spamkeyword', 'tool_spamcleaner') ?></label>
    100. 

  100.     <input type="text" name="keyword" id="keyword_el" value="<?php p($keyword) ?>" />
    101. 

  101.     <input type="hidden" name="sesskey" value="<?php echo sesskey();?>" />
    102. 

  102.     <input type="submit" value="<?php echo get_string('spamsearch', 'tool_spamcleaner')?>" />
    103. 

  103.   </div>
    104. 

  104. </form>
    105. 

  105. <p><?php echo get_string('spameg', 'tool_spamcleaner');?></p>
    106. 

  106. 

  107. <hr />
    108. 

  108. 

  109. <form method="post"  action="index.php">
    110. 

  110.   <div>
    111. 

  111.     <input type="submit" name="autodetect" value="<?php echo get_string('spamauto', 'tool_spamcleaner');?>" />
    112. 

  112.   </div>
    113. 

  113. </form>
    114. 

  114. 

  115. 

  116. </div>
    117. 

  117. 

  118. <?php
    119. 

  119. echo $OUTPUT->box_end();
    120. 

  120. 

  121. echo '<div id="result" class="mdl-align">';
    122. 

  122. 

  123. // Print list of resulting profiles
    124. 

  124. 

  125. if (!empty($keyword)) {               // Use the keyword(s) supplied by the user
    126. 

  126.     $keywords = explode(',', $keyword);
    127. 

  127.     foreach ($keywords as $key => $keyword) {
    128. 

  128.         $keywords[$key] = trim($keyword);
    129. 

  129.     }
    130. 

  130.     search_spammers($keywords);
    131. 

  131. 

  132. } else if (!empty($autodetect)) {     // Use the inbuilt keyword list to detect users
    133. 

  133.     search_spammers($autokeywords);
    134. 

  134. }
    135. 

  135. 

  136. echo '</div>';
    137. 

  137. 

  138. /////////////////////////////////////////////////////////////////////////////////
    139. 

  139. 

  140. 

  141. ///  Functions
    142. 

  142. 

  143. 

  144. function search_spammers($keywords) {
    145. 

  145. 

  146.     global $CFG, $USER, $DB, $OUTPUT;
    147. 

  147. 

  148.     if (!is_array($keywords)) {
    149. 

  149.         $keywords = array($keywords);    // Make it into an array
    150. 

  150.     }
    151. 

  151. 

  152.     $params = array('userid'=>$USER->id);
    153. 

  153. 

  154.     $keywordfull = array();
    155. 

  155.     $i = 0;
    156. 

  156.     foreach ($keywords as $keyword) {
    157. 

  157.         $keywordfull[] = $DB->sql_like('description', ':descpat'.$i, false);
    158. 

  158.         $params['descpat'.$i] = "%$keyword%";
    159. 

  159.         $keywordfull2[] = $DB->sql_like('p.summary', ':sumpat'.$i, false);
    160. 

  160.         $params['sumpat'.$i] = "%$keyword%";
    161. 

  161.         $keywordfull3[] = $DB->sql_like('p.subject', ':subpat'.$i, false);
    162. 

  162.         $params['subpat'.$i] = "%$keyword%";
    163. 

  163.         $keywordfull4[] = $DB->sql_like('c.content', ':contpat'.$i, false);
    164. 

  164.         $params['contpat'.$i] = "%$keyword%";
    165. 

  165.         $keywordfull5[] = $DB->sql_like('m.fullmessage', ':msgpat'.$i, false);
    166. 

  166.         $params['msgpat'.$i] = "%$keyword%";
    167. 

  167.         $keywordfull6[] = $DB->sql_like('fp.message', ':forumpostpat'.$i, false);
    168. 

  168.         $params['forumpostpat'.$i] = "%$keyword%";
    169. 

  169.         $keywordfull7[] = $DB->sql_like('fp.subject', ':forumpostsubpat'.$i, false);
    170. 

  170.         $params['forumpostsubpat'.$i] = "%$keyword%";
    171. 

  171.         $i++;
    172. 

  172.     }
    173. 

  173.     $conditions = '( '.implode(' OR ', $keywordfull).' )';
    174. 

  174.     $conditions2 = '( '.implode(' OR ', $keywordfull2).' )';
    175. 

  175.     $conditions3 = '( '.implode(' OR ', $keywordfull3).' )';
    176. 

  176.     $conditions4 = '( '.implode(' OR ', $keywordfull4).' )';
    177. 

  177.     $conditions5 = '( '.implode(' OR ', $keywordfull5).' )';
    178. 

  178.     $conditions6 = '( '.implode(' OR ', $keywordfull6).' )';
    179. 

  179.     $conditions7 = '( '.implode(' OR ', $keywordfull7).' )';
    180. 

  180. 

  181.     $sql  = "SELECT * FROM {user} WHERE deleted = 0 AND id <> :userid AND $conditions";  // Exclude oneself
    182. 

  182.     $sql2 = "SELECT u.*, p.summary FROM {user} AS u, {post} AS p WHERE $conditions2 AND u.deleted = 0 AND u.id=p.userid AND u.id <> :userid";
    183. 

  183.     $sql3 = "SELECT u.*, p.subject as postsubject FROM {user} AS u, {post} AS p WHERE $conditions3 AND u.deleted = 0 AND u.id=p.userid AND u.id <> :userid";
    184. 

  184.     $sql4 = "SELECT u.*, c.content FROM {user} AS u, {comments} AS c WHERE $conditions4 AND u.deleted = 0 AND u.id=c.userid AND u.id <> :userid";
    185. 

  185.     $sql5 = "SELECT u.*, m.fullmessage FROM {user} AS u, {message} AS m WHERE $conditions5 AND u.deleted = 0 AND u.id=m.useridfrom AND u.id <> :userid";
    186. 

  186.     $sql6 = "SELECT u.*, fp.message FROM {user} AS u, {forum_posts} AS fp WHERE $conditions6 AND u.deleted = 0 AND u.id=fp.userid AND u.id <> :userid";
    187. 

  187.     $sql7 = "SELECT u.*, fp.subject FROM {user} AS u, {forum_posts} AS fp WHERE $conditions7 AND u.deleted = 0 AND u.id=fp.userid AND u.id <> :userid";
    188. 

  188. 

  189.     $spamusers_desc = $DB->get_recordset_sql($sql, $params);
    190. 

  190.     $spamusers_blog = $DB->get_recordset_sql($sql2, $params);
    191. 

  191.     $spamusers_blogsub = $DB->get_recordset_sql($sql3, $params);
    192. 

  192.     $spamusers_comment = $DB->get_recordset_sql($sql4, $params);
    193. 

  193.     $spamusers_message = $DB->get_recordset_sql($sql5, $params);
    194. 

  194.     $spamusers_forumpost = $DB->get_recordset_sql($sql6, $params);
    195. 

  195.     $spamusers_forumpostsub = $DB->get_recordset_sql($sql7, $params);
    196. 

  196. 

  197.     $keywordlist = implode(', ', $keywords);
    198. 

  198.     echo $OUTPUT->box(get_string('spamresult', 'tool_spamcleaner').s($keywordlist)).' ...';
    199. 

  199. 

  200.     print_user_list(array($spamusers_desc,
    201. 

  201.                           $spamusers_blog,
    202. 

  202.                           $spamusers_blogsub,
    203. 

  203.                           $spamusers_comment,
    204. 

  204.                           $spamusers_message,
    205. 

  205.                           $spamusers_forumpost,
    206. 

  206.                           $spamusers_forumpostsub
    207. 

  207.                          ),
    208. 

  208.                          $keywords);
    209. 

  209. }
    210. 

  210. 

  211. 

  212. 

  213. function print_user_list($users_rs, $keywords) {
    214. 

  214.     global $CFG, $SESSION;
    215. 

  215. 

  216.     // reset session everytime this function is called
    217. 

  217.     $SESSION->users_result = array();
    218. 

  218.     $count = 0;
    219. 

  219. 

  220.     foreach ($users_rs as $rs){
    221. 

  221.         foreach ($rs as $user) {
    222. 

  222.             if (!$count) {
    223. 

  223.                 echo '<table border="1" width="100%" id="data-grid"><tr><th>&nbsp;</th><th>'.get_string('user','admin').'</th><th>'.get_string('spamdesc', 'tool_spamcleaner').'</th><th>'.get_string('spamoperation', 'tool_spamcleaner').'</th></tr>';
    224. 

  224.             }
    225. 

  225.             $count++;
    226. 

  226.             filter_user($user, $keywords, $count);
    227. 

  227.         }
    228. 

  228.     }
    229. 

  229. 

  230.     if (!$count) {
    231. 

  231.         echo get_string('spamcannotfinduser', 'tool_spamcleaner');
    232. 

  232. 

  233.     } else {
    234. 

  234.         echo '</table>';
    235. 

  235.         echo '<div class="mld-align">
    236. 

  236.               <button id="removeall_btn">'.get_string('spamdeleteall', 'tool_spamcleaner').'</button>
    237. 

  237.               </div>';
    238. 

  238.     }
    239. 

  239. }
    240. 

  240. function filter_user($user, $keywords, $count) {
    241. 

  241.     global $CFG;
    242. 

  242.     $image_search = false;
    243. 

  243.     if (in_array('<img', $keywords)) {
    244. 

  244.         $image_search = true;
    245. 

  245.     }
    246. 

  246.     if (isset($user->summary)) {
    247. 

  247.         $user->description = '<h3>'.get_string('spamfromblog', 'tool_spamcleaner').'</h3>'.$user->summary;
    248. 

  248.         unset($user->summary);
    249. 

  249.     } else if (isset($user->postsubject)) {
    250. 

  250.         $user->description = '<h3>'.get_string('spamfromblog', 'tool_spamcleaner').'</h3>'.$user->postsubject;
    251. 

  251.         unset($user->postsubject);
    252. 

  252.     } else if (isset($user->content)) {
    253. 

  253.         $user->description = '<h3>'.get_string('spamfromcomments', 'tool_spamcleaner').'</h3>'.$user->content;
    254. 

  254.         unset($user->content);
    255. 

  255.     } else if (isset($user->fullmessage)) {
    256. 

  256.         $user->description = '<h3>'.get_string('spamfrommessages', 'tool_spamcleaner').'</h3>'.$user->fullmessage;
    257. 

  257.         unset($user->fullmessage);
    258. 

  258.     } else if (isset($user->message)) {
    259. 

  259.         $user->description = '<h3>'.get_string('spamfromforumpost', 'tool_spamcleaner').'</h3>'.$user->message;
    260. 

  260.         unset($user->message);
    261. 

  261.     } else if (isset($user->subject)) {
    262. 

  262.         $user->description = '<h3>'.get_string('spamfromforumpost', 'tool_spamcleaner').'</h3>'.$user->subject;
    263. 

  263.         unset($user->subject);
    264. 

  264.     }
    265. 

  265. 

  266.     if (preg_match('#<img.*src=[\"\']('.$CFG->wwwroot.')#', $user->description, $matches)
    267. 

  267.         && $image_search) {
    268. 

  268.         $result = false;
    269. 

  269.         foreach ($keywords as $keyword) {
    270. 

  270.             if (preg_match('#'.$keyword.'#', $user->description)
    271. 

  271.                 && ($keyword != '<img')) {
    272. 

  272.                 $result = true;
    273. 

  273.             }
    274. 

  274.         }
    275. 

  275.         if ($result) {
    276. 

  276.             echo print_user_entry($user, $keywords, $count);
    277. 

  277.         } else {
    278. 

  278.             unset($user);
    279. 

  279.         }
    280. 

  280.     } else {
    281. 

  281.         echo print_user_entry($user, $keywords, $count);
    282. 

  282.     }
    283. 

  283. }
    284. 

  284. 

  285. 

  286. function print_user_entry($user, $keywords, $count) {
    287. 

  287. 

  288.     global $SESSION, $CFG;
    289. 

  289. 

  290.     $smalluserobject = new stdClass();      // All we need to delete them later
    291. 

  291.     $smalluserobject->id = $user->id;
    292. 

  292.     $smalluserobject->email = $user->email;
    293. 

  293.     $smalluserobject->auth = $user->auth;
    294. 

  294.     $smalluserobject->firstname = $user->firstname;
    295. 

  295.     $smalluserobject->lastname = $user->lastname;
    296. 

  296.     $smalluserobject->username = $user->username;
    297. 

  297. 

  298.     if (empty($SESSION->users_result[$user->id])) {
    299. 

  299.         $SESSION->users_result[$user->id] = $smalluserobject;
    300. 

  300.         $html = '<tr valign="top" id="row-'.$user->id.'" class="result-row">';
    301. 

  301.         $html .= '<td width="10">'.$count.'</td>';
    302. 

  302.         $html .= '<td width="30%" align="left"><a href="'.$CFG->wwwroot."/user/view.php?course=1&amp;id=".$user->id.'" title="'.s($user->username).'">'.fullname($user).'</a>';
    303. 

  303. 

  304.         $html .= "<ul>";
    305. 

  305.         $profile_set = array('city'=>true, 'country'=>true, 'email'=>true);
    306. 

  306.         foreach ($profile_set as $key=>$value) {
    307. 

  307.             if (isset($user->$key)){
    308. 

  308.                 $html .= '<li>'.$user->$key.'</li>';
    309. 

  309.             }
    310. 

  310.         }
    311. 

  311.         $html .= "</ul>";
    312. 

  312.         $html .= '</td>';
    313. 

  313. 

  314.         foreach ($keywords as $keyword) {
    315. 

  315.             $user->description = highlight($keyword, $user->description);
    316. 

  316.         }
    317. 

  317. 

  318.         if (!isset($user->descriptionformat)) {
    319. 

  319.             $user->descriptionformat = FORMAT_MOODLE;
    320. 

  320.         }
    321. 

  321. 

  322.         $html .= '<td align="left">'.format_text($user->description, $user->descriptionformat, array('overflowdiv'=>true)).'</td>';
    323. 

  323.         $html .= '<td width="100px" align="center">';
    324. 

  324.         $html .= '<button onclick="M.tool_spamcleaner.del_user(this,'.$user->id.')">'.get_string('deleteuser', 'admin').'</button><br />';
    325. 

  325.         $html .= '<button onclick="M.tool_spamcleaner.ignore_user(this,'.$user->id.')">'.get_string('ignore', 'admin').'</button>';
    326. 

  326.         $html .= '</td>';
    327. 

  327.         $html .= '</tr>';
    328. 

  328.         return $html;
    329. 

  329.     } else {
    330. 

  330.         return null;
    331. 

  331.     }
    332. 

  332. 

  333. 

  334. }
    335. 

  335. 

  336. echo $OUTPUT->footer();
    337. 

  337.