Changeset 161
- Timestamp:
- 26/12/05 16:02:55 (3 years ago)
- Files:
-
- admin.lib.php (modified) (2 diffs)
- blog.lib.php (modified) (3 diffs)
- blog.sql (modified) (2 diffs)
- miscfunctions.lib.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
admin.lib.php
r153 r161 565 565 echo "<div class=\"entry\">\n"; 566 566 echo "<h2>Comments Pending Approval</h2>\n"; 567 echo "<p>The comments in red are probably spam. They are premarked to be deleted for your convience.</p>\n"; 567 568 echo "<form action=\"{$this->adminPath}updatecomments/\" method=\"post\">\n"; 568 569 echo "<table class=\"td\">\n"; … … 591 592 } 592 593 //how display each of the comments 593 echo "\t<tr>\n"; 594 if ($r['spam'] == 't') 595 echo "\t<tr class=\"errorinfo\">\n"; 596 else 597 echo "\t<tr>\n"; 594 598 echo "\t\t<td><a href=\"mailto:{$r['email']}\" title=\"IP: {$r['host']}\">{$r['name']}</a></td>\n"; 595 599 echo "\t\t<td>{$r['body']}</td>\n"; 596 600 echo "\t\t<td><input type=\"radio\" name=\"group[$count]\" value=\"a:{$r['id']}\" /></td>\n"; 597 echo "\t\t<td><input type=\"radio\" name=\"group[".$count++."]\" value=\"d:{$r['id']}\" /></td>\n"; 601 if ($r['spam'] == 't') 602 echo "\t\t<td><input type=\"radio\" name=\"group[".$count++."]\" value=\"d:{$r['id']}\" checked=\"checked\"/></td>\n"; 603 else 604 echo "\t\t<td><input type=\"radio\" name=\"group[".$count++."]\" value=\"d:{$r['id']}\" /></td>\n"; 598 605 echo "\t</tr>\n"; 599 606 } blog.lib.php
r154 r161 340 340 $host = addslashes($_SERVER['REMOTE_ADDR']); 341 341 } 342 //decided if the host is likly to have given us spam 343 if (checkRBL($host)) { 344 $spam = TRUE; 345 } 346 else { 347 $spam = FALSE; 348 } 342 349 //sanitise comment 343 350 if (isset($_POST['comment']) && trim($_POST['comment']) != "") { … … 376 383 if ($this->commentError == "") { 377 384 // do we need to set the moderated flag on this comment? 378 if(!$this->comment_moderation ) {385 if(!$this->comment_moderation or $spam) { 379 386 $moderated = TRUE; 380 387 } else { … … 385 392 } 386 393 } 387 $query = "INSERT INTO comments (post, name, email, body, host, moderated ) VALUES ('{$postid}','{$author}','{$email}','{$comment}','{$host}', ".(($moderated) ? "true" : "false").")";394 $query = "INSERT INTO comments (post, name, email, body, host, moderated, spam) VALUES ('{$postid}','{$author}','{$email}','{$comment}','{$host}', ".(($moderated) ? "true" : "false").", ".(($spam) ? "true" : "false").")"; 388 395 if(!db_query($query)) { 389 396 error(2,_("Database commit failed -").db_error()); 390 397 } 391 398 else { 392 mail($this->userName . "@sucs.org", "Blog comment on \"".$subject."\"", "You've received a comment from ".$author." on your blog post \"".$subject.". The comment is:\n==========\n".$comment.(($moderated) ? "" : "\n==========\nPlease login to your blog admin page to approve or delete this comment."), "From: Your Blog <noreply@sucs.org>"); 399 if(!$spam) 400 mail($this->userName . "@sucs.org", "Blog comment on \"".$subject."\"", "You've received a comment from ".$author." on your blog post \"".$subject.". The comment is:\n==========\n".$comment.(($moderated) ? "" : "\n==========\nPlease login to your blog admin page to approve or delete this comment."), "From: Your Blog <noreply@sucs.org>"); 393 401 if(!$moderated) { 394 402 echo "<p class=\"updateinfo\">"._("Your comment has been added, but before it appears here it must be accepted by the blog owner.")."</p>"; blog.sql
r150 r161 2 2 3 3 CREATE TABLE categories ( 4 5 6 7 4 id serial NOT NULL PRIMARY KEY, 5 name text NOT NULL, 6 description text, 7 user_id integer REFERENCES users ON DELETE CASCADE 8 8 ); 9 9 … … 23 23 24 24 CREATE TABLE entries ( 25 26 27 28 29 30 31 25 id serial NOT NULL PRIMARY KEY, 26 category integer REFERENCES categories ON DELETE RESTRICT NOT NULL, 27 subject text NOT NULL, 28 shortsubject text NOT NULL, 29 body text NOT NULL, 30 "timestamp" timestamp(0) with time zone DEFAULT ('now'::text)::timestamp(0) with time zone, 31 user_id integer REFERENCES users ON DELETE CASCADE NOT NULL 32 32 ); 33 33 CREATE UNIQUE INDEX entries_shortsubject_key ON entries (shortsubject, user_id); 34 34 35 35 CREATE TABLE comments ( 36 id serial NOT NULL PRIMARY KEY, 37 post integer REFERENCES entries ON DELETE CASCADE NOT NULL, 38 "timestamp" timestamp(0) with time zone DEFAULT ('now'::text)::timestamp(0) with time zone, 39 name text NOT NULL, 40 email text, 41 body text NOT NULL, 42 host text NOT NULL, 43 moderated bool NOT NULL DEFAULT false; 36 id serial NOT NULL PRIMARY KEY, 37 post integer REFERENCES entries ON DELETE CASCADE NOT NULL, 38 "timestamp" timestamp(0) with time zone DEFAULT ('now'::text)::timestamp(0) with time zone, 39 name text NOT NULL, 40 email text, 41 body text NOT NULL, 42 host text NOT NULL, 43 moderated bool NOT NULL DEFAULT false; 44 spam bool NOT NULL DEFAULT false; 44 45 ); 45 46 46 47 CREATE TABLE authorised_emails ( 47 48 49 48 user_id integer REFERENCES users ON DELETE CASCADE NOT NULL, 49 email text NOT NULL, 50 name text 50 51 ); 51 52 CREATE UNIQUE INDEX authorised_emails_email_key ON authorised_emails (email, user_id); miscfunctions.lib.php
r151 r161 66 66 return $revision; 67 67 } 68 ?> 68 69 //checks an ip in several blacklists returns true if its present 70 function checkRBL($ip) { 71 $spam = false; 72 //reverse the ip 73 $ip = implode('.',array_reverse(explode('.',$ip))); 74 //look up in various rbls 75 $rbl = gethostbyname($ip.'.rbl-plus.mail-abuse.ja.net'); 76 $scbl = gethostbynamel($ip.'.bl.spamcop.net'); 77 $sorbs = gethostbynamel($ip.'.dnsbl.sorbs.net'); 78 $sbl = gethostbynamel($ip.'.sbl.spamhaus.org'); 79 $njabl = gethostbynamel($ip.'.dnsbl.njabl.org'); 80 $opm = gethostbyname($ip.'.opm.blitzed.org'); 81 $cbl = gethostbynamel($ip.'.cbl.abuseat.org'); 82 83 //CBL 84 if ($cbl) { 85 $spam = true; 86 } 87 88 //OPM 89 if ($opm != $ip.".opm.blitzed.org") { 90 //this bl uses a decimal to represent one catagory of spam source 91 $code = decbin(ip2long($opm)); 92 //check for WinGate 93 if ($code[30]) 94 $spam = true; 95 //check for SOCKS 96 if ($code[29]) 97 $spam = true; 98 //check for HTTP CONNECT 99 if ($code[28]) 100 $spam = true; 101 //check for Router 102 if ($code[27]) 103 $spam = true; 104 //check for HTTP POST 105 if ($code[26]) 106 $spam = true; 107 } 108 109 //RBL+ 110 if ($rbl != $ip.".rbl-plus.mail-abuse.ja.net") { 111 $code = decbin(ip2long($rbl)); 112 //check for rbl 113 if ($code[30]) 114 $spam = true; 115 //check for dul 116 if ($code[29]) 117 //we dont care about dul 118 //check for rss 119 if ($code[28]) 120 $spam = true; 121 //check for ops 122 if ($code[27]) 123 $spam = true; 124 } 125 126 //SpamCop 127 if ($scbl) { 128 $spam = true; 129 } 130 131 //SORBS 132 if ($sorbs) { 133 foreach($sorbs as $result) { 134 $result = explode('.',$result); 135 //check for http 136 if ($result[3] == 2) 137 $spam = true; 138 //check for socks 139 if ($result[3] == 3) 140 $spam = true; 141 //check for misc 142 if ($result[3] == 4) 143 $spam = true; 144 //check for smtp 145 if ($result[3] == 5) 146 $spam = true; 147 //check for spam 148 if ($result[3] == 6) 149 $spam = true; 150 //check for web 151 if ($result[3] == 7) 152 $spam = true; 153 //check for block 154 if ($result[3] == 8) 155 $spam = true; 156 //check for zombie 157 if ($result[3] == 9) 158 $spam = true; 159 //check for dul 160 if ($result[3] == 10) 161 //dont care about dul 162 //check for badconf 163 if ($result[3] == 11) 164 $spam = true; 165 //check for nomail 166 if ($result[3] == 12) 167 $spam = true; 168 } 169 } 170 171 //NJABL 172 if ($njabl) { 173 foreach($njabl as $result) { 174 $result = explode('.',$result); 175 //check for relay 176 if ($result[3] == 2) 177 $spam = true; 178 //check for dul 179 if ($result[3] == 3) { 180 //dont care about dul 181 } 182 //check for spam 183 if ($result[3] == 4) 184 $spam = true; 185 //check for relay 186 if ($result[3] == 5) 187 $spam = true; 188 //check for web 189 if ($result[3] == 8) 190 $spam = true; 191 //check for proxy 192 if ($result[3] == 9) 193 $spam = true; 194 } 195 } 196 197 //SBL 198 if($sbl) { 199 $spam = true; 200 } 201 return $spam; 202 }
