Skip to:
Content

BuddyPress.org

Changeset 6990


Ignore:
Timestamp:
05/02/2013 12:43:07 AM (7 years ago)
Author:
r-a-y
Message:

Change logic of bp_stop_live_spammer().

Instead of using wp_die(), reauthorize the user by redirecting the logged-in
spammer to wp-login.php with the 'reauth' parameter.

bp_live_spammer_login_error() adds an error message for the logged-in
spammer on the wp-login.php page.

Fixes #4814.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/bp-members/bp-members-functions.php

    r6989 r6990  
    14521452
    14531453/**
    1454  * Stop a logged-in spammer from being able to access the site.
     1454 * Stop a logged-in user who is marked as a spammer.
    14551455 *
    14561456 * When an admin marks a live user as a spammer, that user can still surf
     
    14581458 *
    14591459 * This code checks to see if a logged-in user is marked as a spammer.  If so,
    1460  * we kill access to the rest of the site.
     1460 * we redirect the user back to wp-login.php with the 'reauth' parameter.
     1461 *
     1462 * This clears the logged-in spammer's cookies and will ask the spammer to
     1463 * reauthenticate.
     1464 *
     1465 * Note: A spammer cannot log back in - {@see bp_core_boot_spammer()}.
    14611466 *
    14621467 * Runs on 'bp_init' at priority 5 so the members component globals are setup
     
    14681473 */
    14691474function bp_stop_live_spammer() {
     1475    // if we're on the login page, stop now to prevent redirect loop
     1476    if ( strpos( $GLOBALS['pagenow'], 'wp-login.php' ) !== false ) {
     1477        return;
     1478    }
     1479
    14701480    // user isn't logged in, so stop!
    14711481    if ( ! is_user_logged_in() ) {
     
    14731483    }
    14741484
    1475     // if spammer, kills access to the site
     1485    // if spammer, redirect to wp-login.php and reauthorize
    14761486    if ( bp_is_user_spammer( bp_loggedin_user_id() ) ) {
    1477         // the spammer will not be able to view any portion of the site whatsoever
    1478         // this is a good detterent as the user cannot re-register to the site easily
    1479         wp_die( __( '<strong>ERROR</strong>: Your account has been marked as a spammer.', 'buddypress' ) );
    1480         exit;
     1487        // setup login args
     1488        $args = array(
     1489            // custom action used to throw an error message
     1490            'action' => 'bp-spam',
     1491
     1492            // reauthorize user to login
     1493            'reauth' => 1
     1494        );
     1495
     1496        // setup login URL
     1497        $login_url = apply_filters( 'bp_live_spammer_redirect', add_query_arg( $args, wp_login_url() ) );
     1498
     1499        // redirect user to login page
     1500        wp_redirect( $login_url );
     1501        die();
    14811502    }
    14821503}
    14831504add_action( 'bp_init', 'bp_stop_live_spammer', 5 );
     1505
     1506/**
     1507 * Show a custom error message when a logged-in user is marked as a spammer.
     1508 *
     1509 * @since BuddyPress (v1.8)
     1510 */
     1511function bp_live_spammer_login_error() {
     1512    global $error;
     1513
     1514    $error = __( '<strong>ERROR</strong>: Your account has been marked as a spammer.', 'buddypress' );
     1515
     1516    // shake shake shake!
     1517    add_action( 'login_head', 'wp_shake_js', 12 );
     1518}
     1519add_action( 'login_form_bp-spam', 'bp_live_spammer_login_error' );
Note: See TracChangeset for help on using the changeset viewer.