From: Roland Häder <roland@mxchange.org>
Date: Mon, 21 Jan 2013 20:27:47 +0000 (+0000)
Subject: Extension ext-blacklist continued:
X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=fed7fa31618320f28ae73af4f19d008012d75849;p=mailer.git

Extension ext-blacklist continued:
- Added check in ext-register/mydata to check for email address
- Added filters for above check + unfinsihed logging
- TODOs.txt updated
---

diff --git a/.gitattributes b/.gitattributes
index 34919c11b9..8072e2256f 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -266,6 +266,7 @@ inc/filter/_filter.php svneol=native#text/plain
 inc/filter/active_filter.php svneol=native#text/plain
 inc/filter/admins_filter.php svneol=native#text/plain
 inc/filter/beg_filter.php svneol=native#text/plain
+inc/filter/blacklist_filter.php svneol=native#text/plain
 inc/filter/bonus_filter.php svneol=native#text/plain
 inc/filter/booking_filter.php svneol=native#text/plain
 inc/filter/cache_filter.php svneol=native#text/plain
diff --git a/DOCS/TODOs.txt b/DOCS/TODOs.txt
index 56d24cb2dc..3c9593516c 100644
--- a/DOCS/TODOs.txt
+++ b/DOCS/TODOs.txt
@@ -61,6 +61,7 @@
 ./inc/extensions/sponsor/mode-setup.php:43:// @TODO Remove double tabs
 ./inc/extensions/sql_patches/mode-update.php:43:// @TODO Remove double-tabs
 ./inc/extensions/user/mode-update.php:43:// @TODO Remove double tabs
+./inc/filter/blacklist_filter.php:63:	// @TODO Insert log entry
 ./inc/filter/bonus_filter.php:56:		// @TODO This query isn't right, it will only update if the user was for a longer time away!
 ./inc/filter/cache_filter.php:94:		// @TODO This should be rewritten not to load the cache file for just checking if it is there for save removal.
 ./inc/filter/forced_filter.php:73:		// @TODO This part is unfinished
@@ -77,8 +78,8 @@
 ./inc/header.php:66:// @TODO Find a way to not use direct module comparison
 ./inc/install-functions.php:446:	// @TODO Comparing with DEFAULT_MAIN_TITLE doesn't work
 ./inc/install-functions.php:97:	// @TODO DEACTIVATED: changeDataInLocalConfigurationFile('OUTPUT-MODE', "setConfigEntry('OUTPUT_MODE', '", "');", postRequestElement('omode'), 0);
-./inc/language/de.php:1161:	// @TODO Rewrite these two constants
-./inc/language/de.php:1177:	// @TODO Rewrite these three constants
+./inc/language/de.php:1162:	// @TODO Rewrite these two constants
+./inc/language/de.php:1178:	// @TODO Rewrite these three constants
 ./inc/language/de.php:46:	// @TODO Please sort these language elements
 ./inc/language/de.php:749:// @TODO Are these constants longer used?
 ./inc/language-functions.php:254:	// @TODO These are all valid languages, again hard-coded
diff --git a/inc/extensions/ext-blacklist.php b/inc/extensions/ext-blacklist.php
index 50fd459df6..a34fdeaed5 100644
--- a/inc/extensions/ext-blacklist.php
+++ b/inc/extensions/ext-blacklist.php
@@ -56,20 +56,28 @@ switch (getExtensionMode()) {
 		addCreateTableSql('blacklist', "
 `id` BIGINT(20) UNSIGNED NOT NULL AUTO_INCREMENT,
 `data` VARCHAR(255) NOT NULL DEFAULT '',
-`type` VARCHAR(20) NOT NULL DEFAULT 'INVALID',
 `pool_id` BIGINT(20) UNSIGNED NULL DEFAULT NULL,
+`provider` VARCHAR(255) NOT NULL DEFAULT 'BLACKLIST',
+`type` VARCHAR(20) NOT NULL DEFAULT 'INVALID',
 `added` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
 PRIMARY KEY (`id`),
+INDEX (`provider`),
+INDEX (`type`),
 INDEX (`pool_id`)",
 			'Generic blacklist');
 
 		// Add admin menu
-		addAdminMenuSql('setup','config_blacklist','Sperrlisten','Einstellungen zu den Sperrlisten.',8);
-		addAdminMenuSql('misc','list_blacklist','Sperrlisten...','Zeigt gesperrte Email-Adressen und/oder URLs an.',3);
+		addAdminMenuSql('setup', 'config_blacklist', 'Sperrlisten', 'Einstellungen zu den Sperrlisten.', 8);
+		addAdminMenuSql('misc', 'list_blacklist', 'Sperrlisten...', 'Zeigt gesperrte Email-Adressen und/oder URLs an.', 3);
 
 		// Add configuration
-		addConfigAddSql('url_blacklist', "ENUM('Y','N') NOT NULL DEFAULT 'Y'");
 		addConfigAddSql('email_blacklist', "ENUM('Y','N') NOT NULL DEFAULT 'Y'");
+		addConfigAddSql('url_blacklist', "ENUM('Y','N') NOT NULL DEFAULT 'Y'");
+
+		// Register filters
+		registerFilter(__FILE__, __LINE__, 'pre_user_registration', 'CHECK_EMAIL_BLACKLISTED', FALSE, TRUE, isExtensionDryRun());
+		registerFilter(__FILE__, __LINE__, 'pre_update_user_data', 'CHECK_EMAIL_BLACKLISTED', FALSE, TRUE, isExtensionDryRun());
+		registerFilter(__FILE__, __LINE__, 'post_email_blacklisted', 'LOG_EMAIL_BLACKLISTED', FALSE, TRUE, isExtensionDryRun());
 		break;
 
 	case 'remove': // Do stuff when removing extension
@@ -78,6 +86,11 @@ INDEX (`pool_id`)",
 
 		// Remove menu
 		addExtensionSql("DELETE LOW_PRIORITY FROM `{?_MYSQL_PREFIX?}_admin_menu` WHERE `what` IN('config_blacklist', 'list_blacklist') LIMIT 1");
+
+		// Unregister filters
+		unregisterFilter(__FILE__, __LINE__, 'pre_user_registration', 'CHECK_EMAIL_BLACKLISTED', TRUE, isExtensionDryRun());
+		unregisterFilter(__FILE__, __LINE__, 'pre_update_user_data', 'CHECK_EMAIL_BLACKLISTED', TRUE, isExtensionDryRun());
+		unregisterFilter(__FILE__, __LINE__, 'post_email_blacklisted', 'LOG_EMAIL_BLACKLISTED', FALSE, TRUE, isExtensionDryRun());
 		break;
 
 	case 'activate': // Do stuff when admin activates this extension
diff --git a/inc/filter/blacklist_filter.php b/inc/filter/blacklist_filter.php
new file mode 100644
index 0000000000..289d27105f
--- /dev/null
+++ b/inc/filter/blacklist_filter.php
@@ -0,0 +1,70 @@
+<?php
+/************************************************************************
+ * Mailer v0.2.1-FINAL                                Start: 01/21/2013 *
+ * ===================                          Last change: 01/21/2013 *
+ *                                                                      *
+ * -------------------------------------------------------------------- *
+ * File              : blacklist_filter.php                             *
+ * -------------------------------------------------------------------- *
+ * Short description : Filters for ext-blacklist                        *
+ * -------------------------------------------------------------------- *
+ * Kurzbeschreibung  : Filter fuer ext-blacklist                        *
+ * -------------------------------------------------------------------- *
+ * $Revision::                                                        $ *
+ * $Date::                                                            $ *
+ * $Tag:: 0.2.1-FINAL                                                 $ *
+ * $Author::                                                          $ *
+ * -------------------------------------------------------------------- *
+ * Copyright (c) 2003 - 2009 by Roland Haeder                           *
+ * Copyright (c) 2009 - 2012 by Mailer Developer Team                   *
+ * For more information visit: http://mxchange.org                      *
+ *                                                                      *
+ * This program is free software; you can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; either version 2 of the License, or    *
+ * (at your option) any later version.                                  *
+ *                                                                      *
+ * This program is distributed in the hope that it will be useful,      *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
+ * GNU General Public License for more details.                         *
+ *                                                                      *
+ * You should have received a copy of the GNU General Public License    *
+ * along with this program; if not, write to the Free Software          *
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
+ * MA  02110-1301  USA                                                  *
+ ************************************************************************/
+
+// Some security stuff...
+if (!defined('__SECURITY')) {
+	die();
+} // END - if
+
+// Filter to check if email address is blacklisted
+function FILTER_CHECK_EMAIL_BLACKLISTED ($filterData) {
+	// Is the email address blacklisted?
+	if (($filterData['init_done'] === TRUE) && (isEmailBlacklistEnabled()) && (isEmailBlacklisted($filterData['post_data']['email']))) {
+		// Then abort here
+		$filterData['init_done'] = FALSE;
+
+		// Run filter chain for successful detection (don't rely on other fields than 'email') here
+		runFilterChain('post_email_blacklisted', $filterData);
+	} // END - if
+
+	// Return filtered data
+	return $filterData;
+}
+
+// Filter for logging blacklisted email addresses, is being called from above filter
+function FILTER_LOG_EMAIL_BLACKLISTED ($filerData) {
+	// Make sure, that required data is there
+	assert((isset($filterData['init_done'])) && (isset($filterData['post_data']['email'])));
+
+	// @TODO Insert log entry
+
+	// Return filtered data
+	return $filterData;
+}
+
+// [EOF]
+?>
diff --git a/inc/language/de.php b/inc/language/de.php
index 709a5ffc6b..f68a739f07 100644
--- a/inc/language/de.php
+++ b/inc/language/de.php
@@ -1026,6 +1026,7 @@ addMessages(array(
 	'UNKNOWN_ERROR_CODE' => "Unbekannter Fehlercode <span class=\"data\">0x{%%pipe,getHexErrorCode=%s%%}</span> erkannt.",
 	'LOADER_SECURITY_HASH_MISMATCH' => "Der Sicherheitshash f&uuml;r den Dereferrer stimmt nicht mit der URL &uuml;berein.",
 	'URL_IS_BLACKLISTED' => "URL ist gesperrt.",
+	'MEMBER_EMAIL_BLACKLISTED' => "Ihre Email-Adresse darf bei uns nicht verwendet werden. Bitte setzen Sie sich mit uns in Verbindung.",
 	'DATA_IS_HIDDEN' => "Daten sind verdeckt.",
 	'ADMIN_BOOKING_PACKAGE_ID' => "Buchungspaket",
 	'ADMIN_BOOKING_PACKAGE_LINK' => "Zum Paket ...",
diff --git a/inc/libs/blacklist_functions.php b/inc/libs/blacklist_functions.php
index 92e0b2b4d1..05803c8c27 100644
--- a/inc/libs/blacklist_functions.php
+++ b/inc/libs/blacklist_functions.php
@@ -40,40 +40,39 @@ if (!defined('__SECURITY')) {
 	die();
 } // END - if
 
-// Inserts a given email (pattern) in blacklist if not found
-function insertEmailInBlacklist ($email, $id) {
-	// Is this feature turned on and is the URL not there?
-	if (!isEmailBlacklistEnabled()) {
-		// Not enabled, then please don't call this function
-		reportBug(__FUNCTION__, __LINE__, 'URL blacklisting is disabled, email=' . $email . ',id=' . $id);
-	} elseif (!isEmailBlacklisted($email)) {
-		// Did not find a record so we can add it... :)
-		SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_blacklist` (`data`, `pool_id`, `type`) VALUES ('%s', %s, 'EMAIL')",
-			array(
-				$email,
-				$id
-			), __FUNCTION__, __LINE__);
-	} // END - if
-}
-
-// Checks whether given email is blacklisted
-function isEmailBlacklisted ($email) {
+// Checks whether given data is blacklisted
+function isGenericBlacklisted ($type, $data) {
 	// Mark it as not listed by default
 	$listed = FALSE;
 
 	// Is black-listing enbaled?
-	if (!isEmailBlacklistEnabled()) {
+	if (!isGenericBlacklistEnabled($type)) {
 		// No, then all emails are not in this list
 		return FALSE;
-	} elseif (!isset($GLOBALS['blacklist_data']['email'][$email])) {
+	} elseif (!isset($GLOBALS['blacklist_data'][$type][$data])) {
 		// Check black-list for given email
-		$result = SQL_QUERY_ESC("SELECT UNIX_TIMESTAMP(`added`) AS `added` FROM `{?_MYSQL_PREFIX?}_blacklist` WHERE '%s' REGEXP `data` AND `type`='EMAIL' LIMIT 1",
-			array($email), __FUNCTION__, __LINE__);
+		$result = SQL_QUERY_ESC("SELECT
+	`id`,
+	`data`,
+	`pool_id`,
+	`provider`,
+	`type`,
+	UNIX_TIMESTAMP(`added`) AS `added`
+FROM
+	`{?_MYSQL_PREFIX?}_blacklist`
+WHERE
+	'%s' REGEXP `data` AND
+	`type`='%s'
+LIMIT 1",
+			array(
+				$data,
+				strtoupper($type)
+			), __FUNCTION__, __LINE__);
 
 		// Is there an entry?
 		if (SQL_NUMROWS($result) == 1) {
 			// Jupp, we got one listed
-			$GLOBALS['blacklist_data']['email'][$email] = SQL_FETCHARRAY($result);
+			$GLOBALS['blacklist_data'][$type][$data] = SQL_FETCHARRAY($result);
 
 			// Mark it as listed
 			$listed = TRUE;
@@ -90,60 +89,76 @@ function isEmailBlacklisted ($email) {
 	return $listed;
 }
 
+// Inserts a given email (pattern) in blacklist if not found
+function insertEmailInBlacklist ($email, $provider = 'BLACKLIST') {
+	// Call inner function
+	insertGenericInBlacklist ('email', $email, NULL, $provider);
+}
+
+// Inserts a given URL in blacklist if not found
+function insertUrlInBlacklist ($url, $poolId, $provider = 'BLACKLIST') {
+	// Call inner function
+	insertGenericInBlacklist ('url', $url, $poolId, $provider);
+}
+
 // Inserts a given URL in blacklist if not found
-function insertUrlInBlacklist ($url, $id) {
+function insertGenericInBlacklist ($type, $data, $poolId = NULL, $provider = 'BLACKLIST') {
 	// Is this feature turned on and is the URL not there?
-	if (!isUrlBlacklistEnabled()) {
+	if (!isGenericBlacklistEnabled($type)) {
 		// Not enabled, then please don't call this function
-		reportBug(__FUNCTION__, __LINE__, 'URL blacklisting is disabled, url=' . $url . ',id=' . $id);
-	} elseif (!isUrlBlacklisted($url)) {
+		reportBug(__FUNCTION__, __LINE__, 'Blacklisting of type ' . $type . ' is disabled, data=' . $data . ',poolId=' . convertZeroToNull($poolId));
+	} elseif (!isUrlBlacklisted($data)) {
 		// Did not find a record so we can add it... :)
-		SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_blacklist` (`data`, `pool_id`, `type`) VALUES ('%s', %s, 'URL')",
-			array(
-				$url,
-				$id
-			), __FUNCTION__, __LINE__);
+		SQL_QUERY_ESC("INSERT INTO
+	`{?_MYSQL_PREFIX?}_blacklist`
+(
+	`data`,
+	`pool_id`,
+	`provider`,
+	`type`
+) VALUES (
+	'%s',
+	%s,
+	'%s',
+	'%s'
+)",
+		array(
+			$data,
+			convertZeroToNull($poolId),
+			$provider,
+			strtoupper($type)
+		), __FUNCTION__, __LINE__);
 	} // END - if
 }
 
+// Checks whether given email is blacklisted
+function isEmailBlacklisted ($email) {
+	// Call inner function
+	return isGenericBlacklisted('email', $email);
+}
+
 // Checks whether given URL is blacklisted
 function isUrlBlacklisted ($url) {
-	// Mark it as not listed by default
-	$listed = FALSE;
-
-	// Is black-listing enbaled?
-	if (!isUrlBlacklistEnabled()) {
-		// No, then all URLs are not in this list
-		return FALSE;
-	} elseif (!isset($GLOBALS['blacklist_data']['url'][$url])) {
-		// Check black-list for given URL
-		$result = SQL_QUERY_ESC("SELECT UNIX_TIMESTAMP(`added`) AS `added`, `pool_id` FROM `{?_MYSQL_PREFIX?}_blacklist` WHERE `data`='%s' AND `type`='URL' LIMIT 1",
-			array($url), __FUNCTION__, __LINE__);
-
-		// Is there an entry?
-		if (SQL_NUMROWS($result) == 1) {
-			// Jupp, we got one listed
-			$GLOBALS['blacklist_data']['url'][$url] = SQL_FETCHARRAY($result);
-
-			// Mark it as listed
-			$listed = TRUE;
-		} // END - if
-
-		// Free result
-		SQL_FREERESULT($result);
-	} else {
-		// Is found in cache -> black-listed
-		$listed = TRUE;
-	}
-
-	// Return result
-	return $listed;
+	// Call inner function
+	return isGenericBlacklisted('url', $email);
 }
 
 // ----------------------------------------------------------------------------
 //                      Configuration wrapper functions
 // ----------------------------------------------------------------------------
 
+// Generic wrapper
+function isGenericBlacklistEnabled ($type) {
+	// Is there cache?
+	if (!isset($GLOBALS[__FUNCTION__])) {
+		// Determine it
+		$GLOBALS[__FUNCTION__] = (getConfig($type . '_blacklist') == 'Y');
+	} // END - if
+
+	// Return cache
+	return $GLOBALS[__FUNCTION__];
+}
+
 // Wrapper to check if url_blacklist is enabled
 function isUrlBlacklistEnabled () {
 	// Is there cache?
diff --git a/inc/libs/register_functions.php b/inc/libs/register_functions.php
index 9818c73124..2c9c46a57a 100644
--- a/inc/libs/register_functions.php
+++ b/inc/libs/register_functions.php
@@ -291,7 +291,8 @@ function doUserRegistration () {
 	// Init filter data
 	$filterData = array(
 		// Initialization not done by default
-		'init_done' => FALSE
+		'init_done' => FALSE,
+		'post_data' => postRequestArray(),
 	);
 
 	// Init extra SQL data
@@ -406,9 +407,9 @@ function doUserRegistration () {
 	addPointsThroughReferralSystem(
 		// Subject
 		'register_welcome',
-		// New user's id
+		// User's id number
 		$filterData['register_insert_id'],
-		// Points
+		// Points to add
 		getPointsRegister(),
 		// Referral id (or NULL if none set)
 		convertZeroToNull(postRequestElement('refid'))
@@ -416,18 +417,20 @@ function doUserRegistration () {
 
 	// Write catgories
 	if (ifPostContainsSelections('cat')) {
+		// Init SQL
+		$sql = 'INSERT INTO `{?_MYSQL_PREFIX?}_user_cats` (`userid`, `cat_id`) VALUES';
+
 		// Write all entries
 		foreach (postRequestElement('cat') as $categoryId => $joined) {
 			// "Join" this group?
 			if ($joined == 'Y') {
 				// Insert category entry
-				SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_user_cats` (`userid`, `cat_id`) VALUES (%s, %s)",
-					array(
-						$filterData['register_insert_id'],
-						bigintval($categoryId)
-					), __FUNCTION__, __LINE__);
+				$sql .= ' (' . $filterData['register_insert_id'] . ', ' . bigintval($categoryId) . '),';
 			} // END - if
 		} // END - foreach
+
+		// Run SQL without last commata
+		SQL_QUERY(substr($sql, 0, -1), __FUNCTION__, __LINE__);
 	} // END - if
 
 	// Registration phase is done here, so for tester accounts we end here
@@ -444,7 +447,6 @@ function doUserRegistration () {
 	// Is ZIP code set?
 	if (isPostRequestElementSet('zip')) {
 		// Prepare data array for the email template
-		// Start with the gender...
 		$content = array(
 			'hash'     => $GLOBALS['register_confirm_hash'],
 			'userid'   => $filterData['register_insert_id'],
diff --git a/inc/modules/member/what-mydata.php b/inc/modules/member/what-mydata.php
index 0b5fe7d183..cd8b867b06 100644
--- a/inc/modules/member/what-mydata.php
+++ b/inc/modules/member/what-mydata.php
@@ -237,13 +237,27 @@ LIMIT 1',
 
 				// Did the user changed the password?
 				if ($hash != $content['password']) {
+					// Yes
 					$AND = ",`password`='" . $hash . "'";
 					$mode = 'password';
 				} // END - if
 
-				// Or did he changed his password?
+				// Or did he changed his email address?
 				if (postRequestElement('email') != $content['email']) {
-					// Jupp
+					// Yes, but is it maybe blacklisted?
+					$filterData = array(
+						'init_done' => TRUE
+						'post_data' => postRequestArray()
+					);
+					$filterData = runFilterChain('pre_update_user_data', $filterData);
+
+					// Is it blacklisted?
+					if ($filterData['init_done'] === FALSE) {
+						// Blacklisted email address found
+						displayMessage('{--MEMBER_EMAIL_BLACKLISTED--}');
+						return;
+					} // END - if
+
 					if ($mode == 'normal') {
 						$mode = 'email';
 					} else {