Skip to:
Content

BuddyPress.org

Changeset 6978


Ignore:
Timestamp:
05/01/2013 04:29:40 AM (7 years ago)
Author:
r-a-y
Message:

Stop a logged-in spammer from being able to access the site.

When an admin marks a live user as a spammer, that user can still surf
around and cause havoc on the site until that person is logged out.

This commit stops live spammers from accessing the site on the next
page load.

Fixes #4814.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/bp-members/bp-members-functions.php

    r6891 r6978  
    14141414}
    14151415add_action( 'bp_init', 'bp_core_wpsignup_redirect' );
     1416
     1417/**
     1418 * Stop a logged-in spammer from being able to access the site.
     1419 *
     1420 * When an admin marks a live user as a spammer, that user can still surf
     1421 * around and cause havoc on the site until that person is logged out.
     1422 *
     1423 * This code checks to see if a logged-in user is marked as a spammer.  If so,
     1424 * we kill access to the rest of the site.
     1425 *
     1426 * Runs on 'bp_init' at priority 5 so the members component globals are setup
     1427 * before we do our spammer checks.
     1428 *
     1429 * This is important as the $bp->loggedin_user object is setup at priority 4.
     1430 *
     1431 * @since BuddyPress (v1.8)
     1432 */
     1433function bp_stop_live_spammer() {
     1434    $bp = buddypress();
     1435
     1436    // user isn't logged in, so stop!
     1437    if ( empty( $bp->loggedin_user ) ) {
     1438        return;
     1439    }
     1440
     1441    // get logged-in userdata
     1442    $user = $bp->loggedin_user->userdata;
     1443
     1444    // setup spammer boolean
     1445    $spammer = false;
     1446
     1447    // multisite spammer
     1448    if ( ! empty( $user->spam ) ) {
     1449        $spammer = true;
     1450
     1451    // single site spammer
     1452    } elseif ( $user->user_status == 1 ) {
     1453        $spammer = true;
     1454    }
     1455
     1456    // if spammer, kills access to the site
     1457    if ( $spammer ) {
     1458        // the spammer will not be able to view any portion of the site whatsoever
     1459        // this is a good detterent as the user cannot re-register to the site easily
     1460        wp_die( __( '<strong>ERROR</strong>: Your account has been marked as a spammer.', 'buddypress' ) );
     1461        exit;
     1462    }
     1463}
     1464add_action( 'bp_init', 'bp_stop_live_spammer', 5 );
Note: See TracChangeset for help on using the changeset viewer.