| Current File : /data/web/virtuals/215191/virtual/www/domains/starwars.cz/sites/all/modules/spambot/spambot.module |
<?php
/**
* @file
* Main module file.
*
* Anti-spam module that uses data from www.stopforumspam.com
* to protect the user registration form against known spammers and spambots.
*/
define('SPAMBOT_ACTION_NONE', 0);
define('SPAMBOT_ACTION_BLOCK', 1);
define('SPAMBOT_ACTION_DELETE', 2);
define('SPAMBOT_DEFAULT_CRITERIA_EMAIL', 1);
define('SPAMBOT_DEFAULT_CRITERIA_USERNAME', 0);
define('SPAMBOT_DEFAULT_CRITERIA_IP', 20);
define('SPAMBOT_DEFAULT_DELAY', 0);
define('SPAMBOT_DEFAULT_CRON_USER_LIMIT', 0);
define('SPAMBOT_DEFAULT_BLOCKED_MESSAGE', 'Your email address or username or IP address is blacklisted.');
define('SPAMBOT_MAX_EVIDENCE_LENGTH', 1024);
/**
* Implements hook_menu().
*/
function spambot_menu() {
$items['admin/config/system/spambot'] = array(
'title' => 'Spambot',
'description' => 'Configure the spambot module',
'page callback' => 'drupal_get_form',
'page arguments' => array('spambot_settings_form'),
'access arguments' => array('administer site configuration'),
'file' => 'spambot.admin.inc',
);
$items['user/%user/spambot'] = array(
'title' => 'Spam',
'page callback' => 'spambot_user_spam',
'page arguments' => array(1),
'access arguments' => array('administer users'),
'type' => MENU_LOCAL_TASK,
'file' => 'spambot.pages.inc',
);
return $items;
}
/**
* Implements hook_permission().
*/
function spambot_permission() {
return array(
'protected from spambot scans' => array(
'title' => t('Protected from spambot scans'),
'description' => t('Roles with this access permission would not be checked for spammer'),
),
);
}
/**
* Implements hook_admin_paths().
*/
function spambot_admin_paths() {
$paths = array(
'user/*/spambot' => TRUE,
);
return $paths;
}
/**
* Implements hook_form_FORM_ID_alter().
*/
function spambot_form_user_register_form_alter(&$form, &$form_state) {
if (variable_get('spambot_user_register_protect', TRUE)) {
spambot_add_form_protection(
$form,
array(
'mail' => 'mail',
'name' => 'name',
'ip' => TRUE,
)
);
}
}
/**
* Implements hook_form_FORM_ID_alter().
*/
function spambot_form_user_admin_account_alter(&$form, &$form_state, $form_id) {
foreach ($form['accounts']['#options'] as $uid => $user_options) {
// Change $form['accounts']['#options'][$uid]['operations']['data']
// into a multi-item render array so we can append to it.
$form['accounts']['#options'][$uid]['operations']['data'] = array(
'edit' => $form['accounts']['#options'][$uid]['operations']['data'],
);
$form['accounts']['#options'][$uid]['operations']['data']['spam'] = array(
'#type' => 'link',
'#title' => t('spam'),
'#href' => "user/$uid/spambot",
// Ugly hack to insert a space.
'#prefix' => ' ',
);
}
}
/**
* Implements hook_node_insert().
*/
function spambot_node_insert($node) {
db_insert('node_spambot')
->fields(array(
'nid' => $node->nid,
'uid' => $node->uid,
'hostname' => ip_address(),
))
->execute();
}
/**
* Implements hook_node_delete().
*/
function spambot_node_delete($node) {
db_delete('node_spambot')
->condition('nid', $node->nid)
->execute();
}
/**
* Implements hook_cron().
*/
function spambot_cron() {
if ($limit = variable_get('spambot_cron_user_limit', SPAMBOT_DEFAULT_CRON_USER_LIMIT)) {
$last_uid = variable_get('spambot_last_checked_uid', 0);
if ($last_uid < 1) {
// Skip scanning the anonymous and superadmin users.
$last_uid = 1;
}
$query = db_select('users')
->fields('users', array('uid'))
->condition('uid', $last_uid, '>')
->orderBy('uid')
->range(0, $limit);
if (!variable_get('spambot_check_blocked_accounts', FALSE)) {
$query->condition('status', 1);
}
$uids = $query
->execute()
->fetchCol();
if ($uids) {
$action = variable_get('spambot_spam_account_action', SPAMBOT_ACTION_NONE);
$accounts = user_load_multiple($uids);
foreach ($accounts as $account) {
$result = spambot_account_is_spammer($account);
if ($result > 0) {
$link = l(t('spammer'), 'user/' . $account->uid);
switch (user_access('protected from spambot scans', $account) ? SPAMBOT_ACTION_NONE : $action) {
case SPAMBOT_ACTION_BLOCK:
if ($account->status) {
// Block spammer's account.
$account->status = 0;
user_save($account);
watchdog('spambot', 'Blocked spam account: @name <@email> (uid @uid)', array(
'@name' => $account->name,
'@email' => $account->mail,
'@uid' => $account->uid,
), WATCHDOG_NOTICE, $link);
}
else {
// Don't block an already blocked account.
watchdog('spambot', 'Spam account already blocked: @name <@email> (uid @uid)', array(
'@name' => $account->name,
'@email' => $account->mail,
'@uid' => $account->uid,
), WATCHDOG_NOTICE, $link);
}
break;
case SPAMBOT_ACTION_DELETE:
user_delete($account->uid);
watchdog('spambot', 'Deleted spam account: @name <@email> (uid @uid)', array(
'@name' => $account->name,
'@email' => $account->mail,
'@uid' => $account->uid,
), WATCHDOG_NOTICE, $link);
break;
default:
watchdog('spambot', 'Found spam account: @name <@email> (uid @uid)', array(
'@name' => $account->name,
'@email' => $account->mail,
'@uid' => $account->uid,
), WATCHDOG_NOTICE, $link);
break;
}
// Mark this uid as successfully checked.
variable_set('spambot_last_checked_uid', $account->uid);
}
elseif ($result == 0) {
// Mark this uid as successfully checked.
variable_set('spambot_last_checked_uid', $account->uid);
}
elseif ($result < 0) {
// Error contacting service, so pause processing.
break;
}
}
}
}
}
/**
* Validate callback for user_register form.
*/
function spambot_user_register_form_validate(&$form, &$form_state) {
$validation_field_names = $form['#spambot_validation'];
$values = $form_state['values'];
$form_errors = form_get_errors();
$email_threshold = variable_get('spambot_criteria_email', SPAMBOT_DEFAULT_CRITERIA_EMAIL);
$username_threshold = variable_get('spambot_criteria_username', SPAMBOT_DEFAULT_CRITERIA_USERNAME);
$ip_threshold = variable_get('spambot_criteria_ip', SPAMBOT_DEFAULT_CRITERIA_IP);
// Build request parameters according to the criteria to use.
$request = array();
if (!empty($values[$validation_field_names['mail']]) && $email_threshold > 0 && !spambot_check_whitelist('email', $values[$validation_field_names['mail']])) {
$request['email'] = $values[$validation_field_names['mail']];
}
if (!empty($values[$validation_field_names['name']]) && $username_threshold > 0 && !spambot_check_whitelist('username', $values[$validation_field_names['name']])) {
$request['username'] = $values[$validation_field_names['name']];
}
$ip = ip_address();
if ($ip_threshold > 0 && $ip != '127.0.0.1' && $validation_field_names['ip'] && !spambot_check_whitelist('ip', $ip)) {
// Make sure we have a valid IPv4 address (API doesn't support IPv6 yet).
if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) === FALSE) {
watchdog('spambot', 'Invalid IP address on registration: @ip. Spambot will not rely on it.', array('@ip' => $ip));
}
else {
$request['ip'] = $ip;
}
}
// Only do a remote API request if there is anything to check.
if ($request && !$form_errors) {
$data = array();
if (spambot_sfs_request($request, $data)) {
$substitutions = array(
'@email' => $values[$validation_field_names['mail']],
'%email' => $values[$validation_field_names['mail']],
'@username' => $values[$validation_field_names['name']],
'%username' => $values[$validation_field_names['name']],
'@ip' => $ip,
'%ip' => $ip,
);
$reasons = array();
if ($email_threshold > 0 && !empty($data['email']['appears']) && $data['email']['frequency'] >= $email_threshold) {
form_set_error('mail', format_string(variable_get('spambot_blocked_message_email', SPAMBOT_DEFAULT_BLOCKED_MESSAGE), $substitutions));
$reasons[] = t('email=@value', array('@value' => $request['email']));
}
if ($username_threshold > 0 && !empty($data['username']['appears']) && $data['username']['frequency'] >= $username_threshold) {
form_set_error('name', format_string(variable_get('spambot_blocked_message_username', SPAMBOT_DEFAULT_BLOCKED_MESSAGE), $substitutions));
$reasons[] = t('username=@value', array('@value' => $request['username']));
}
if ($ip_threshold > 0 && !empty($data['ip']['appears']) && $data['ip']['frequency'] >= $ip_threshold) {
form_set_error('', format_string(variable_get('spambot_blocked_message_ip', SPAMBOT_DEFAULT_BLOCKED_MESSAGE), $substitutions));
$reasons[] = t('ip=@value', array('@value' => $request['ip']));
}
if ($reasons) {
if (variable_get('spambot_log_blocked_registration', TRUE)) {
watchdog('spambot', 'Blocked registration: @reasons', array('@reasons' => implode(',', $reasons)));
$hook_args = array(
'request' => $request,
'reasons' => $reasons,
);
module_invoke_all('spambot_registration_blocked', $hook_args);
}
// Slow them down if configured.
if ($delay = variable_get('spambot_blacklisted_delay', SPAMBOT_DEFAULT_DELAY)) {
sleep($delay);
}
}
}
}
}
/**
* Invoke www.stopforumspam.com's api.
*
* @param array $query
* A keyed array of url parameters ie. array('email' => 'blah@blah.com').
* @param array $data
* An array that will be filled with the data from www.stopforumspam.com.
*
* @return bool
* TRUE on successful request (and $data will contain the data)
* FALSE otherwise.
*/
function spambot_sfs_request(array $query, array &$data) {
// An empty request results in no match.
if (empty($query)) {
return FALSE;
}
// Use php serialisation format.
$query['f'] = 'serial';
$url = 'http://www.stopforumspam.com/api?' . http_build_query($query, '', '&');
$result = drupal_http_request($url);
if (!empty($result->code) && $result->code == 200 && empty($result->error) && !empty($result->data)) {
$data = unserialize($result->data);
if (!empty($data['success'])) {
return TRUE;
}
else {
watchdog('spambot', "Request unsuccessful: %url <pre>\n@dump</pre>", array(
'%url' => $url,
'@dump' => print_r($data, TRUE),
));
}
}
else {
watchdog('spambot', "Error contacting service: %url <pre>\n@dump</pre>", array(
'%url' => $url,
'@dump' => print_r($result, TRUE),
));
}
return FALSE;
}
/**
* Checks an account to see if it's a spammer.
*
* This one uses configurable automated criteria checking
* of email and username only.
*
* @param object $account
* User account.
*
* @return int
* Positive if spammer, 0 if not spammer, negative if error.
*/
function spambot_account_is_spammer($account) {
$email_threshold = variable_get('spambot_criteria_email', SPAMBOT_DEFAULT_CRITERIA_EMAIL);
$username_threshold = variable_get('spambot_criteria_username', SPAMBOT_DEFAULT_CRITERIA_USERNAME);
$ip_threshold = variable_get('spambot_criteria_ip', SPAMBOT_DEFAULT_CRITERIA_IP);
// Build request parameters according to the criteria to use.
$request = array();
if (!empty($account->mail) && $email_threshold > 0 && !spambot_check_whitelist('email', $account->mail)) {
$request['email'] = $account->mail;
}
if (!empty($account->name) && $username_threshold > 0 && !spambot_check_whitelist('username', $account->name)) {
$request['username'] = $account->name;
}
// Only do a remote API request if there is anything to check.
if ($request) {
$data = array();
if (spambot_sfs_request($request, $data)) {
if (($email_threshold > 0 && !empty($data['email']['appears']) && $data['email']['frequency'] >= $email_threshold)
|| ($username_threshold > 0 && !empty($data['username']['appears']) && $data['username']['frequency'] >= $username_threshold)) {
return 1;
}
}
else {
// Return error.
return -1;
}
}
// Now check IP's
// If any IP matches the threshold, then flag as a spammer.
if ($ip_threshold > 0) {
$ips = spambot_account_ip_addresses($account);
foreach ($ips as $ip) {
// Skip the loopback interface.
if ($ip == '127.0.0.1') {
continue;
}
// Make sure we have a valid IPv4 address
// (the API doesn't support IPv6 yet).
elseif (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) === FALSE) {
$link = l(t('user'), 'user/' . $account->uid);
watchdog('spambot', 'Invalid IP address: %ip (uid=%uid, name=%name, email=%email). Spambot will not rely on it.', array(
'%ip' => $ip,
'%name' => $account->name,
'%email' => $account->mail,
'%uid' => $account->uid,
), WATCHDOG_NOTICE, $link);
continue;
}
$request = array('ip' => $ip);
$data = array();
if (spambot_sfs_request($request, $data)) {
if (!empty($data['ip']['appears']) && $data['ip']['frequency'] >= $ip_threshold) {
return 1;
}
}
else {
// Abort on error.
return -1;
}
}
}
// Return no match.
return 0;
}
/**
* Retrieves a list of IP addresses for an account.
*
* @param object $account
* Account to retrieve IP addresses for.
*
* @return array
* An array of IP addresses, or an empty array if none found
*/
function spambot_account_ip_addresses($account) {
$hostnames = array();
// Retrieve IPs from node_spambot table.
$items = db_select('node_spambot')
->distinct()
->fields('node_spambot', array('hostname'))
->condition('uid', $account->uid, '=')
->execute()
->fetchCol();
$hostnames = array_merge($hostnames, $items);
// Retrieve IPs from any sessions which may still exist.
$items = db_select('sessions')
->distinct()
->fields('sessions', array('hostname'))
->condition('uid', $account->uid, '=')
->execute()
->fetchCol();
$hostnames = array_merge($hostnames, $items);
// Retrieve IPs from comments.
if (module_exists('comment')) {
$items = db_select('comment')
->distinct()
->fields('comment', array('hostname'))
->condition('uid', $account->uid, '=')
->execute()
->fetchCol();
$hostnames = array_merge($hostnames, $items);
}
// Retrieve IPs from statistics.
if (module_exists('statistics')) {
$items = db_select('accesslog')
->distinct()
->fields('accesslog', array('hostname'))
->condition('uid', $account->uid, '=')
->execute()
->fetchCol();
$hostnames = array_merge($hostnames, $items);
}
// Retrieve IPs from user stats.
if (module_exists('user_stats')) {
$items = db_select('user_stats_ips')
->distinct()
->fields('user_stats_ips', array('ip_address'))
->condition('uid', $account->uid, '=')
->execute()
->fetchCol();
$hostnames = array_merge($hostnames, $items);
}
$hostnames = array_unique($hostnames);
return $hostnames;
}
/**
* Reports an account as a spammer.
*
* Requires ip address and evidence of a single incident.
*
* @param object $account
* Account to report.
* @param string $ip
* IP address to report.
* @param string $evidence
* Evidence to report.
*
* @return bool
* TRUE if successful, FALSE if error
*/
function spambot_report_account($account, $ip, $evidence) {
$success = FALSE;
if ($key = variable_get('spambot_sfs_api_key', FALSE)) {
$query['api_key'] = $key;
$query['email'] = $account->mail;
$query['username'] = $account->name;
$query['ip_addr'] = $ip;
$query['evidence'] = truncate_utf8($evidence, SPAMBOT_MAX_EVIDENCE_LENGTH);
$url = 'http://www.stopforumspam.com/add.php';
$options = array(
'headers' => array('Content-type' => 'application/x-www-form-urlencoded'),
'method' => 'POST',
'data' => http_build_query($query, '', '&'),
);
$result = drupal_http_request($url, $options);
if (!empty($result->code) && $result->code == 200 && !empty($result->data) && stripos($result->data, 'data submitted successfully') !== FALSE) {
$success = TRUE;
}
elseif (stripos($result->data, 'duplicate') !== FALSE) {
// www.stopforumspam.com can return a 503 code
// with data = '<p>recent duplicate entry</p>'
// which we will treat as successful.
$success = TRUE;
}
else {
watchdog('spambot', "Error reporting account: %url <pre>\n@dump</pre>", array(
'%url' => $url,
'@dump' => print_r($result, TRUE),
));
}
}
return $success;
}
/**
* Check if current data $type is whitelisted.
*
* @param string $type
* Type can be one of these three values: 'ip', 'email' or 'username'.
* @param string $value
* Value to be checked.
*
* @return bool
* TRUE if data is whitelisted, FALSE otherwise.
*/
function spambot_check_whitelist($type, $value) {
switch ($type) {
case 'ip':
$whitelist_ips = variable_get('spambot_whitelist_ip', '');
$result = strpos($whitelist_ips, $value) !== FALSE;
break;
case 'email':
$whitelist_usernames = variable_get('spambot_whitelist_email', '');
$result = strpos($whitelist_usernames, $value) !== FALSE;
break;
case 'username':
$whitelist_emails = variable_get('spambot_whitelist_username', '');
$result = strpos($whitelist_emails, $value) !== FALSE;
break;
default:
$result = FALSE;
break;
}
return $result;
}
/**
* Form builder function to add spambot validations.
*
* @param array $form
* Form array on which will be added spambot validation.
* @param array $options
* Array of options to be added to form.
*/
function spambot_add_form_protection(array &$form, array $options = array()) {
// Don't add any protections if the user can bypass the Spambot.
if (!user_access('protected from spambot scans')) {
// Allow other modules to alter the protections applied to this form.
drupal_alter('spambot_form_protections', $options, $form);
$form['#spambot_validation']['name'] = !empty($options['name']) ? $options['name'] : '';
$form['#spambot_validation']['mail'] = !empty($options['mail']) ? $options['mail'] : '';
$form['#spambot_validation']['ip'] = isset($options['ip']) && is_bool($options['ip']) ? $options['ip'] : TRUE;
$form['#validate'][] = 'spambot_user_register_form_validate';
}
}