Making WordPress.org


Ignore:
Timestamp:
04/27/2021 04:24:21 AM (3 years ago)
Author:
dd32
Message:

Login: Allow registrations with "low reCaptcha scores" to register, but go into a pending-moderation state.

This will allow legitimate users who receive a "Please try again" error to be manually approved.

This will also allow us to experiment with more aggressive anti-spam measures, as the majority of current spam registrations are human generated.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/functions-registration.php

    r10902 r10928  
    11<?php
    22
    3 function wporg_login_check_recapcha_status( $check_v3_action = false ) {
     3function wporg_login_check_recapcha_status( $check_v3_action = false, $block_low_scores = true ) {
    44
    55    // reCaptcha V3 Checks
     
    2222
    2323        // Block super-low scores.
    24         if ( (float)$result['score'] < (float) get_option( 'recaptcha_v3_threshold', 0.2 ) ) {
     24        if ( $block_low_scores && (float)$result['score'] < (float) get_option( 'recaptcha_v3_threshold', 0.2 ) ) {
    2525            return false;
    2626        }
     
    122122    }
    123123
     124    $pending_user['meta']['akismet_result'] = wporg_login_check_akismet( $user_login, $user_email );
     125
     126    $pending_user['cleared'] = (
     127        'spam' !== $pending_user['meta']['akismet_result'] &&
     128        (float)$pending_user['scores']['pending'] >= (float) get_option( 'recaptcha_v3_threshold', 0.2 )
     129    );
     130
    124131    $inserted = wporg_update_pending_user( $pending_user );
    125132    if ( ! $inserted ) {
     
    147154    $user = wporg_get_pending_user( $user );
    148155
    149     if ( ! $user || $user['created'] ) {
     156    if ( ! $user || $user['created'] || ! $user['cleared'] ) {
    150157        return false;
    151158    }
     
    230237    }
    231238
     239}
     240
     241function wporg_delete_pending_user( $pending_user ) {
     242    global $wpdb;
     243
     244    if ( empty( $pending_user['pending_id'] ) ) {
     245        return false;
     246    }
     247
     248    return $wpdb->delete(
     249        "{$wpdb->base_prefix}user_pending_registrations",
     250        array( 'pending_id' => $pending_user['pending_id'] )
     251    );
    232252}
    233253
Note: See TracChangeset for help on using the changeset viewer.