| | 206 | // Include any warning flags. |
| | 207 | if ( ! empty( $warning_flags ) ) { |
| | 208 | echo '<strong>' . __( 'Warning Flags:', 'wporg-plugins' ) . '</strong>'; |
| | 209 | echo '<ul class="plugin-flagged">'; |
| | 210 | foreach ( $warning_flags as $flag => $reasons ) { |
| | 211 | if ( count( $reasons ) ) { |
| | 212 | echo '<li class="plugin-flagged-' . esc_attr( $flag ) . '"><strong>' . esc_html( strtoupper( $flag ) ) . ' (' . esc_html( count( $reasons ) ) . '):</strong> ' . esc_html( implode( '; ', $reasons ) ) . '</li>'; |
| | 213 | } |
| | 214 | } |
| | 215 | echo '</ul>'; |
| | 216 | } |
| | 217 | |
| | 218 | // Check IPs. |
| | 219 | $post_ids = get_posts( array( |
| | 220 | 'fields' => 'ids', |
| | 221 | 'post_type' => 'plugin', |
| | 222 | 'post_status' => 'any', |
| | 223 | 'author' => $author->ID, |
| | 224 | 'meta_key' => '_author_ip', |
| | 225 | 'posts_per_page' => -1, |
| | 226 | ) ); |
| | 227 | |
| | 228 | $user_ips = array_unique( array_map( function( $post_id ) { |
| | 229 | return get_post_meta( $post_id, '_author_ip', true ); |
| | 230 | }, $post_ids ) ); |
| | 231 | |
| | 232 | if ( $user_ips ) : |
| | 233 | sort( $user_ips, SORT_NUMERIC ); |
| | 234 | |
| | 235 | /* translators: %s: comma-separated list of plugin author's IP addresses */ |
| | 236 | printf( |
| | 237 | '<p>' . __( 'IPs : %s', 'wporg-plugins' ) . '</p>', |
| | 238 | implode( ', ', array_map( array( __NAMESPACE__ . '\Author_Card', 'link_ip' ), $user_ips ) ) |
| | 239 | ); |
| | 240 | endif; |
| | 241 | |
| | 242 | // Include any user notes. |
| 220 | | <?php |
| 221 | | $post_ids = get_posts( array( |
| 222 | | 'fields' => 'ids', |
| 223 | | 'post_type' => 'plugin', |
| 224 | | 'post_status' => 'any', |
| 225 | | 'author' => $author->ID, |
| 226 | | 'meta_key' => '_author_ip', |
| 227 | | 'posts_per_page' => -1, |
| 228 | | ) ); |
| 229 | | |
| 230 | | $user_ips = array_unique( array_map( function( $post_id ) { |
| 231 | | return get_post_meta( $post_id, '_author_ip', true ); |
| 232 | | }, $post_ids ) ); |
| 233 | | |
| 234 | | if ( $user_ips ) : |
| 235 | | sort( $user_ips, SORT_NUMERIC ); |
| 236 | | |
| 237 | | /* translators: %s: comma-separated list of plugin author's IP addresses */ |
| 238 | | printf( |
| 239 | | '<p>' . __( 'IPs : %s', 'wporg-plugins' ) . '</p>', |
| 240 | | implode( ', ', array_map( array( __NAMESPACE__ . '\Author_Card', 'link_ip' ), $user_ips ) ) |
| 241 | | ); |
| 242 | | endif; |
| 243 | | ?> |
| 244 | | |
| 245 | | <?php if ( $author->user_pass == '~~~' ) : ?> |
| 246 | | <p><strong><?php _e( 'Has not logged in since we reset passwords in June 2011', 'wporg-plugins' ); ?></strong></p> |
| 247 | | <?php endif; ?> |
| 248 | | |
| | 333 | protected static function display_user_flags( $user_id ) { |
| | 334 | $author = get_user_by( 'id', $user_id ); |
| | 335 | $flagged = array( |
| | 336 | 'low' => [], |
| | 337 | 'med' => [], |
| | 338 | 'high' => [], |
| | 339 | ); |
| | 340 | |
| | 341 | // Check for login. |
| | 342 | if ( $author->user_pass == '~~~' ) { |
| | 343 | array_push( $flagged['high'], 'has not logged in since we reset passwords in June 2011' ); |
| | 344 | } |
| | 345 | |
| | 346 | // Check for Yahoo. |
| | 347 | if ( false !== stripos( $author->user_email, 'yahoo' ) ) { |
| | 348 | array_push( $flagged['med'], 'account email contains yahoo and will not get our emails.' ); |
| | 349 | } |
| | 350 | |
| | 351 | // There has been an uptick in users with names ending in numbers AND being very new, submitting |
| | 352 | // a lot of plugins after being banned. |
| | 353 | $two_weeks_ago = time() - ( 2 * WEEK_IN_SECONDS ); |
| | 354 | $four_days_ago = time() - ( 4 * DAY_IN_SECONDS ); |
| | 355 | if ( is_numeric( substr( $author->user_login, - 1, 1 ) ) && strtotime( $author->user_registered ) > c ) { |
| | 356 | // Username ends in numbers and is less than 4 days old. |
| | 357 | array_push( $flagged['high'], 'account registered less than 4 days ago and username ends in numbers' ); |
| | 358 | } elseif ( is_numeric( substr( $author->user_login, - 1, 1 ) ) ) { |
| | 359 | // Username just ends in numbers. |
| | 360 | array_push( $flagged['med'], 'username ends in numbers' ); |
| | 361 | } elseif ( strtotime( $author->user_registered ) > $two_weeks_ago && strtotime( $author->user_registered ) < $four_days_ago ) { |
| | 362 | // User account was registered less than 2 weeks ago (but longer than 4 days). |
| | 363 | array_push( $flagged['low'], 'account registered less than 2 weeks ago' ); |
| | 364 | // If they have 4+ plugins in 2 weeks, it MAY be an issue. |
| | 365 | if ( 4 <= count( $author_plugins ) ) { |
| | 366 | array_push( $flagged['med'], 'high number of submitted plugins in a short timeframe' ); |
| | 367 | } |
| | 368 | } elseif ( strtotime( $author->user_registered ) > $four_days_ago ) { |
| | 369 | // User account was registered less than 4 days ago. |
| | 370 | array_push( $flagged['med'], 'account registered less than 4 days ago' ); |
| | 371 | // If they have 2+ plugins in 4 days, it's a problem. |
| | 372 | if ( 2 <= count( $author_plugins ) ) { |
| | 373 | array_push( $flagged['high'], 'high number of submitted plugins in a short timeframe' ); |
| | 374 | } |
| | 375 | } |
| | 376 | |
| | 377 | // Check IPs. |
| | 378 | $post_ids = get_posts( array( |
| | 379 | 'fields' => 'ids', |
| | 380 | 'post_type' => 'plugin', |
| | 381 | 'post_status' => 'any', |
| | 382 | 'author' => $author->ID, |
| | 383 | 'meta_key' => '_author_ip', |
| | 384 | 'posts_per_page' => -1, |
| | 385 | ) ); |
| | 386 | |
| | 387 | $user_ips = array_unique( array_map( function( $post_id ) { |
| | 388 | return get_post_meta( $post_id, '_author_ip', true ); |
| | 389 | }, $post_ids ) ); |
| | 390 | |
| | 391 | if ( $user_ips ) { |
| | 392 | sort( $user_ips, SORT_NUMERIC ); |
| | 393 | |
| | 394 | foreach ( $user_ips as $check_ip ) { |
| | 395 | // if IP is 100% bad, it's a high flag. |
| | 396 | if ( in_array( $check_ip, self::$iffy_ips ) ) { |
| | 397 | array_push( $flagged['high'], 'uses known bad IP - ' . $check_ip ); |
| | 398 | } else { |
| | 399 | foreach ( self::$iffy_ips as $check_iffy_ip ) { |
| | 400 | if ( false !== strpos( $check_ip, $check_iffy_ip ) ) { |
| | 401 | array_push( $flagged['med'], 'IP is partial match to known bad IPs - ' . $check_ip . ' vs ' . $check_iffy_ip ); |
| | 402 | } |
| | 403 | } |
| | 404 | } |
| | 405 | } |
| | 406 | } |
| | 407 | |
| | 408 | return $flagged; |
| | 409 | |
| | 410 | } |
| | 411 | |