Changeset 10900

Timestamp:

04/14/2021 04:13:37 AM (5 years ago)

Author:

dd32

Message:

Login: Reject spam signups based on Akismet data.

Follow up to r10890.

Location:

sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login

Files:

• functions-registration.php (modified) (5 diffs)
• pending-create.php (modified) (3 diffs)
• register.php (modified) (3 diffs)

sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/functions-registration.php

@@ -49 +49 @@
 function wporg_login_check_akismet( $user_login, $user_email, $user_url = '', $content = array() ) {
     if ( ! class_exists( 'Akismet' ) ) {
-        return true;
+        return 'OK';
     }
 
@@ -63 +63 @@
     $akismet = Akismet::rest_auto_check_comment( $payload );
     if ( is_wp_error( $akismet ) ) {
-        return $akismet->get_error_code();
+        return 'OK'; // Assume it's okay in the event of failure / unknown.
+        // return $akismet->get_error_code();
     }
 
@@ -73 +74 @@
         return 'OK';
     } else {
-        return 'unsure';
+        return 'OK'; // Assume it's okay in the event of failure / unknown.
     }
 }
@@ -125 +126 @@
         }
     }
-
-    $akismet_says = wporg_login_check_akismet( $user_login, $user_email );
-    $pending_user['meta']['akismet_result'] = $akismet_says;
 
     $inserted = wporg_update_pending_user( $pending_user );
@@ -348 +346 @@
 
     if ( $pending_user ) {
-        $akismet_says = wporg_login_check_akismet(
-            $pending_user['user_login'],
-            $pending_user['user_email'],
-            $pending_user['meta']['url'] ?? '',
-            array_filter( [
-                $pending_user['meta']['from'] ?? '',
-                $pending_user['meta']['occ'] ?? '',
-                $pending_user['meta']['interests'] ?? '',
-            ] )
-        );
-        $pending_user['meta']['akismet_result_update'] = $akismet_says;
-
         wporg_update_pending_user( $pending_user );
     }

sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/pending-create.php

@@ -55 +55 @@
 }
 
-// Check reCaptcha status
-$error_recapcha_status = false;
+if ( wporg_login_save_profile_fields( $pending_user ) ) {
+    // re-fetch the user, it's probably changed.
+    $pending_user = wporg_get_pending_user( $activation_user );
+}
+
+
+$error_recapcha_status = $error_akismet = false;
 if ( isset( $_POST['user_pass'] ) ) {
+
+    // Check reCaptcha status
     if ( ! wporg_login_check_recapcha_status( 'pending_create' ) ) {
         // No no. "Please try again."
@@ -63 +70 @@
         unset( $_POST['user_pass'] );
     }
-}
 
-if ( wporg_login_save_profile_fields( $pending_user ) ) {
-    // re-fetch the user, it's probably changed.
-    $pending_user = wporg_get_pending_user( $activation_user );
+    // Check Akismet
+    $akismet = wporg_login_check_akismet(
+        $pending_user['user_login'],
+        $pending_user['user_email'],
+        $pending_user['meta']['url'] ?? '',
+        array_filter( [
+            $pending_user['meta']['from'] ?? '',
+            $pending_user['meta']['occ'] ?? '',
+            $pending_user['meta']['interests'] ?? '',
+        ] )
+    );
+
+    if ( 'OK' !== $akismet ) {
+        // No no. "Please try again."
+        $error_akismet = true;
+        unset( $_POST['user_pass'] );
+
+        // Store for reference.
+        $pending_user['meta']['akismet_result'] = $akismet;
+        wporg_update_pending_user( $pending_user );
+    }
+
 }
 
@@ -127 +152 @@
     ?>
     <?php
-        if ( $error_recapcha_status ) {
+        if ( $error_recapcha_status || $error_akismet ) {
             echo '<div class="message error"><p>' . __( 'Please try again.', 'wporg' ) . '</p></div>';
         }

sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/register.php

@@ -15 +15 @@
 }
 
-$error_user_login = $error_user_email = $error_recapcha_status = false;
+$error_user_login = $error_user_email = $error_recapcha_status = $error_akismet = $terms_of_service_error = false;
 if ( $_POST ) {
 
@@ -36 +36 @@
         if ( ! wporg_login_check_recapcha_status( 'register' ) ) {
             $error_recapcha_status = true;
+        } elseif ( 'OK' !== wporg_login_check_akismet( $user_login, $user_email ) ) {
+            $error_akismet = true;
         } else {
             wporg_login_create_pending_user( $user_login, $user_email, $user_mailinglist, $terms_of_service );
@@ -109 +111 @@
     </p>
     <?php
-        if ( $error_recapcha_status ) {
+        if ( $error_recapcha_status || $error_akismet ) {
             echo '<div class="message error"><p>' . __( 'Please try again.', 'wporg' ) . '</p></div>';
         }