Making WordPress.org


Ignore:
Timestamp:
04/27/2021 04:24:21 AM (3 years ago)
Author:
dd32
Message:

Login: Allow registrations with "low reCaptcha scores" to register, but go into a pending-moderation state.

This will allow legitimate users who receive a "Please try again" error to be manually approved.

This will also allow us to experiment with more aggressive anti-spam measures, as the majority of current spam registrations are human generated.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/admin/ui.php

    r10029 r10928  
    1313});
    1414
     15function wporg_login_admin_action_text( $action ) {
     16    switch ( $action ) {
     17        case 'resent-email':
     18            return 'The registration email has been resent.';
     19        case 'approved':
     20            return 'The registration has been approved, and a confirmation email has been sent.';
     21        case 'deleted':
     22            return 'The registration record has been removed.';
     23        case 'blocked':
     24            return 'The registration has been blocked.';
     25        case 'blocked_account':
     26            return 'Account blocked.';
     27        default:
     28            return 'Action performed.';
     29    }
     30}
     31
    1532function wporg_login_admin_page() {
    1633    $wp_list_table = new User_Registrations_List_Table();
    1734    $wp_list_table->prepare_items();
    1835
    19     echo '<style>
     36    ?><script>
     37    jQuery( document ).ready( function($) {
     38        $( 'table .row-actions a' ).click( function( e ) {
     39            e.preventDefault();
     40
     41            var $this = $(this),
     42                $tr   = $this.parents('tr'),
     43                $tds  = $tr.find( 'td:not(:first)' );
     44
     45            $tds.remove();
     46            $tr.find( '.row-actions' ).remove();
     47            $tr.append( "<td colspan=" + $tds.length + ">...</td>" );
     48
     49            var url = $this.prop('href') + '&ajax=1';
     50
     51            $.get( url, function( data ) {
     52                $tr.find('td:last').text( data );
     53            } );
     54        });
     55    } );
     56    </script>
     57    <style>
    2058        table.dashboard_page_user-registrations td > a {
    2159            color: inherit;
     
    2462            text-decoration: underline;
    2563        }
    26     </style>';
     64        table.dashboard_page_user-registrations .delete-red {
     65            color: #b32d2e;
     66        }
     67    </style>
     68    <?php
    2769
    2870    echo '<div class="wrap">';
     
    3072    echo '<hr class="wp-header-end">';
    3173
    32     if ( isset( $_REQUEST['resent-email'] ) ) {
    33         echo '<div class="updated notice"><p>The registration email has been resent.</p></div>';
     74    if ( isset( $_GET['action'] ) ) {
     75        echo '<div class="updated notice"><p>';
     76        echo wporg_login_admin_action_text( $_GET['action'] );
     77        echo '</p></div>';
    3478    }
    3579
     
    3781    printf( '<input type="hidden" name="page" value="%s">', esc_attr( $_GET['page'] ) );
    3882
    39     //$wp_list_table->views();
     83    $wp_list_table->views();
    4084    $wp_list_table->search_box( 'Search', 's' );
    4185    $wp_list_table->display();
     
    58102    }
    59103
    60     wp_safe_redirect( add_query_arg(
    61         's',
    62         urlencode( $email ),
    63         'https://login.wordpress.org/wp-admin/index.php?page=user-registrations&resent-email=true'
    64     ) );
    65     exit;
    66 });
     104    if ( isset( $_GET['ajax'] ) ) {
     105        die( wporg_login_admin_action_text( 'resent-email' ) );
     106    }
     107
     108    wp_safe_redirect( add_query_arg(
     109        's',
     110        urlencode( $email ),
     111        'https://login.wordpress.org/wp-admin/index.php?page=user-registrations&action=resent-email'
     112    ) );
     113    exit;
     114} );
     115
     116add_action( 'admin_post_login_mark_as_cleared', function() {
     117    if ( ! current_user_can( 'manage_users' ) ) {
     118        wp_die();
     119    }
     120
     121    $email = $_REQUEST['email'] ?? '';
     122
     123    check_admin_referer( 'clear_' . $email );
     124
     125    $user = wporg_get_pending_user( $email );
     126    if ( $user ) {
     127        $user['cleared'] = 2;
     128        wporg_update_pending_user( $user );
     129
     130        wporg_login_send_confirmation_email( $user['user_email'] );
     131    }
     132
     133    if ( isset( $_GET['ajax'] ) ) {
     134        die( wporg_login_admin_action_text( 'approved' ) );
     135    }
     136
     137    wp_safe_redirect( add_query_arg(
     138        's',
     139        urlencode( $email ),
     140        'https://login.wordpress.org/wp-admin/index.php?page=user-registrations&action=approved'
     141    ) );
     142    exit;
     143} );
     144
     145add_action( 'admin_post_login_block', function() {
     146    if ( ! current_user_can( 'manage_users' ) ) {
     147        wp_die();
     148    }
     149
     150    $email = $_REQUEST['email'] ?? '';
     151
     152    check_admin_referer( 'block_' . $email );
     153
     154    $user = wporg_get_pending_user( $email );
     155    if ( $user ) {
     156        $user['cleared']             = 0;
     157        $user['user_activation_key'] = '';
     158        $user['user_profile_key']    = '';
     159
     160        wporg_update_pending_user( $user );
     161    }
     162
     163    if ( isset( $_GET['ajax'] ) ) {
     164        die( wporg_login_admin_action_text( 'blocked' ) );
     165    }
     166
     167    wp_safe_redirect( add_query_arg(
     168        's',
     169        urlencode( $email ),
     170        'https://login.wordpress.org/wp-admin/index.php?page=user-registrations&action=blocked'
     171    ) );
     172    exit;
     173} );
     174
     175add_action( 'admin_post_login_delete', function() {
     176    if ( ! current_user_can( 'manage_users' ) ) {
     177        wp_die();
     178    }
     179
     180    $email = $_REQUEST['email'] ?? '';
     181
     182    check_admin_referer( 'delete_' . $email );
     183
     184    $user = wporg_get_pending_user( $email );
     185    if ( $user ) {
     186        wporg_delete_pending_user( $user );
     187    }
     188
     189    if ( isset( $_GET['ajax'] ) ) {
     190        die( wporg_login_admin_action_text( 'deleted' ) );
     191    }
     192
     193    wp_safe_redirect( add_query_arg(
     194        's',
     195        urlencode( $email ),
     196        'https://login.wordpress.org/wp-admin/index.php?page=user-registrations&action=deleted'
     197    ) );
     198    exit;
     199} );
     200
     201add_action( 'admin_post_login_block_account', function() {
     202    if ( ! current_user_can( 'manage_users' ) ) {
     203        wp_die();
     204    }
     205
     206    $email = $_REQUEST['email'] ?? '';
     207
     208    check_admin_referer( 'block_account_' . $email );
     209
     210    $user = get_user_by( 'email', $email );
     211    if ( $user && defined( 'WPORG_SUPPORT_FORUMS_BLOGID' ) ) {
     212        // Load the support forums..
     213        include_once WP_PLUGIN_DIR . '/bbpress/bbpress.php';
     214        include_once WP_PLUGIN_DIR . '/support-forums/support-forums.php';
     215
     216        // Then switch to it (Must be done after bbPress is loaded to get roles)
     217        switch_to_blog( WPORG_SUPPORT_FORUMS_BLOGID );
     218
     219        // Set the user to blocked. Support forum hooks will take care of the rest.
     220        bbp_set_user_role( $user->ID, bbp_get_blocked_role() );
     221
     222        restore_current_blog();
     223    }
     224
     225    if ( isset( $_GET['ajax'] ) ) {
     226        die( wporg_login_admin_action_text( 'blocked_account' ) );
     227    }
     228
     229    wp_safe_redirect( add_query_arg(
     230        's',
     231        urlencode( $email ),
     232        'https://login.wordpress.org/wp-admin/index.php?page=user-registrations&action=blocked_account'
     233    ) );
     234    exit;
     235} );
     236
Note: See TracChangeset for help on using the changeset viewer.