Changeset 11620 for sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/functions-registration.php

Timestamp:

03/02/2022 06:07:14 AM (4 years ago)

Author:

dd32

Message:

Login: Add an admin UI to manage blocked words/phrases/email domains for registration spam.

This also allows whitelisting/blocking individual IP addresses.

File:

• sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/functions-registration.php (modified) (4 diffs)

sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/functions-registration.php

@@ -46 +46 @@
 
 /**
- * Handles creating a "Pending" registration that will later be converted to an actual user  account.
+ * Handles creating a "Pending" registration that will later be converted to an actual user account.
  */
 function wporg_login_create_pending_user( $user_login, $user_email, $meta = array() ) {
@@ -96 +96 @@
     }
 
+    $passes_block_words = wporg_login_check_against_block_words( $pending_user );
+
     $pending_user['cleared'] = (
         'allow' === $pending_user['meta']['heuristics'] &&
-        (float)$pending_user['scores']['pending'] >= (float) get_option( 'recaptcha_v3_threshold', 0.2 ) 
+        (float)$pending_user['scores']['pending'] >= (float) get_option( 'recaptcha_v3_threshold', 0.2 ) &&
+        $passes_block_words
     );
 
@@ -398 +401 @@
     }
 
+    // If not manually approved, check against block_words.
+    if ( $pending_user['cleared'] < 2 ) {
+        $passes_block_words = wporg_login_check_against_block_words( $pending_user );
+        if ( ! $passes_block_words ) {
+            $pending_user['cleared'] = 0;
+        }
+    }
+
     if ( $pending_user ) {
         wporg_update_pending_user( $pending_user );
@@ -407 +418 @@
     return true;
 }
+
+/**
+ * Check a pending user object against the 'block words' setting.
+ * 
+ * @return bool
+ */
+function wporg_login_check_against_block_words( $user ) {
+    $block_words = get_option( 'registration_block_words', [] );
+
+    foreach ( $block_words as $word ) {
+        if (
+            false !== stripos( $user['user_login'], $word ) ||
+            false !== stripos( $user['user_email'], $word ) ||
+            false !== stripos( $user['meta']['url'], $word ) ||
+            false !== stripos( $user['meta']['from'], $word ) ||
+            false !== stripos( $user['meta']['occ'], $word ) ||
+            false !== stripos( $user['meta']['interests'], $word )
+        ) {
+            return false;
+        }
+    }
+
+    return true;
+}