BuddyPress.org

function get_recently_active_users( $limit = null, $page = 1 ) {

global $wpdb;



if ( $limit && $page )

$pag_sql = $wpdb->prepare( \" LIMIT %d, %d\", intval( ( $page - 1 ) * $limit), intval( $limit ) );



$paged_users = $wpdb->get_results( $wpdb->prepare(

\"SELECT DISTINCT um.user_id FROM \" . $wpdb->base_prefix . \"usermeta um

LEFT JOIN \" . $wpdb->base_prefix . \"users u

ON u.ID = um.user_id

WHERE um.meta_key = \'last_activity\'

AND u.spam = 0 AND u.deleted = 0 AND u.user_status = 0

AND DATE_ADD( FROM_UNIXTIME(um.meta_value), INTERVAL 10 HOUR ) >= NOW()

ORDER BY FROM_UNIXTIME(um.meta_value) DESC{$pag_sql}\" ) );



return $paged_users;

}

‘

….that means having to go over the user’s entire output…. and make a serious of highly-subjective decisions about what is and is not acceptable.

‘

you’re right Donnacha… good thinking

@ Nicola

your workflow looks good to me…

would the [Report This] link dynamically insert the reported user’s info?

like:

– Username being reported

– username of the person reporting(in case questions need to be asked)

(if user reporting isn’t signed in, show something else…?)

– a place for the reporter to describe what’s offensive

– perhaps checkboxes of where the offensive content is (blog, wire, events, etc)

That could then be written to a DB table and called back for the admins on the dashboard

(almost the same as the blog comments feature…. delete user, mark report as spam, warm reporting user, warn reported user)

that would be pretty cool…

are you sure they are not spammers that register account when you delete them?

Well, if I understand correctly it certainly seems possible, considering its pretty much the way that WordPress installation goes.

You install WordPress and are provided a login (“admin”) and a randomized password.

If you’re looking for code to try to tap into, or an example of how to go about it, that would be where I would look first?

The next step in your theory would be to consider how to handle spam registrations in the event that user never sees the pw and never logs in to your website. Maybe take a look at the Register Plus plugin for WordPress.org to get some ideas also?

Following the chain of functions:

<?php $posts = bp_blogs_get_latest_posts( null, $options ) ?>

to this:

function bp_blogs_get_latest_posts( $blog_id = null, $limit = 5 ) {

global $bp;

if ( !is_numeric( $limit ) )

$limit = 5;

return BP_Blogs_Post::get_latest_posts( $blog_id, $limit );

}

gets me to this:

function get_latest_posts( $blog_id = null, $limit = 5 ) {

global $wpdb, $bp;

if ( !$bp->blogs )

bp_blogs_setup_globals();

if ( $blog_id )

$blog_sql = $wpdb->prepare( ” AND p.blog_id = %d”, $blog_id );

$post_ids = $wpdb->get_results( $wpdb->prepare( “SELECT DISTINCT p.post_id, p.blog_id FROM {$bp->blogs->table_name_blog_posts} p LEFT JOIN {$wpdb->base_prefix}blogs b ON p.blog_id = b.blog_id WHERE b.public = 1 AND b.deleted = 0 AND b.archived = ‘0’ AND b.spam = 0 AND b.mature = 0 $blog_sql ORDER BY p.date_created DESC LIMIT $limit” ) );

for ( $i = 0; $i < count($post_ids); $i++ ) {

$posts[$i] = BP_Blogs_Post::fetch_post_content($post_ids[$i]);

}

return $posts;

}

Where I see that changing ‘null’ to ‘1’ in bp_blogs_get_latest_posts() will get me posts only from blog id 1.

Bigkill,

glad to see that it’s working (although not as secure as you thought) as i understood it, you have to force it sitewide because the registration page is for your whole site, not just the main one.

As far as wp-recapatcha not being the best, well this might be the case, but it does prevent some spammers. I was having a problem with scripts bypassing the entire registration process and starting up profiles and blogs without entering any of the required fields, and the only way i got them to stop, was to change my “wp-signup.php” to something different like “sbn-start.php” and replaced the 4 instances of it in the “wp-signup.php” file with “sbn-start.php” and then went into “bp-core-template-tags.php” and replaced the one instance of “wp-signup.php”.

This solved the problem (crossing fingers), but I still have a few people getting by that I have to manually spam and ban, but I can deal with 2-3 a day versus waking up in the morning and finding 200 spam blogs signup over night.

Hope I helped.

It could lead to spamming…

Yeah it’s frustrating when things don’t work the way you want them to, that’s for sure.

You can email me at spam (at) johnjamesjacoby (dot) com and I’ll get it right away.

I can verify that the way the cookies are presented hasn’t changed in Firefox versions as I’ve had integration going on a few platforms since 2.0x.

We’ll get this figured out, just gotta figure out what we’re missing.

i would like to see member themes changeable on a per user basis so they can have their own skins as such, and also allow them to create their own, i think we need to collaborate as to what the user can change and what they cant, it would be nice to allow them selected css,

i would also like to see the modules changeable in a drag and drop kinda way and allow the user to choose which modules they do or do not want to use,

im interested in a love plugin which allows users to post a little love icon with thier wire posts but i could also see this being extended to comments, i have made a request for it before but got no replies so visit my profile for the topic,

last fm integration would be majorly cool i think, as it would rival many of the ‘apps’ out there on the larger social networks. building on this area of things you could also add twitter, etc. so i guess what im trying to say is focus on the users ‘lifestream’

when the user logs in i want them to go straight to the dashboard but the dashboard should have things like pending freind requests, groups to join, latest comments, profile stats (incuding who visited thier profile), options and such like, and an aggregation of thier freinds activity updates. when i visit my site i dont care what user a,b and c are up to im just interested in what my freinds x,y and z did recently,

so it would be very useful to have these widgets in the dashboard, that way everything is centralised for the user to do things,

another thing i thought would be useful was profile privacy options, allowing members to discriminate based on age eg, users over X cant visit profiles for members under 18 or whatever, maybe allow the user to choose who can contact them / add them etc,

also have a block ability and mark as spam,

the profile itself should have 3 modes of operation, public – everything is displayed, semi private, freinds can see full profile, non freinds can see selected modules / different modules only, and fully private – the user must be freinds to see anything other than name, age and city/ country.

i have used the profile sidebar plugin, but as of yet there are no freinds or group widgets for it, i would like to see these with a good amount of configurability options allowing for things like top freinds, other half etc

sorry for such a long post but i would like to see these features implemented as i think they would greatly enhance buddypress!!

thanks!!

That kind of thing happens if you email provider decides that the mail is spam and doesn’t even let you see it. It gets blocked before you get it. Hotmail as email provider does this alot. Look in your ‘spam’ folder.

Just getting situated here this morning. Gotta go look at this thread again.

Disabling spamkarma 2 did not do the trick.

I am running buddypress in a subdirectory–not the root of the wpmu install

(wpmu is in http://macaulay.cuny.edu/eportfolios and buddypress in http://macaulay.cuny.edu/eportfolios/social ). Could that be the source of the problem? Doing it this way has caused other problems, all of which I’ve been able to solve so far!

I am running sk2 for anti-spam.

Will try disabling that temporarily to troubleshoot.

But this error is not in the admin area at all–on a user page.

Does that url look right? Should the reply button be calling to wp-admin?

I did find some threads about that type of msg in my googling around. They all seemed to have somthing to do with a plugin that was hooking the url resolution mechanism. Got any anti-spam plugins?

As a matter of fact these errors only occurred in the admin area of wp.

According to a legend if you remove the copyright you will be captured by extra-terrestrials (Automattic team) and their chief (Mullenweg) will implante an electronic chip in your brain . the chip will generate the same song (downtown by petula clark) everytime a comment spam is send to a blog around the world.

so : Be careful please!

I’d be interested in this as well. This would be an important tool to have for management of the sites I run. For instance, if someone where to post an inappropriate avatar, how does admin currently deal with this other than marking as spammer or deleting their profile? I’d like to have the ability to simply change an avatar or other parts of a profile to a default in these cases.

Thanks!

Best look in the WPMU forums for things (plugins) to help. Off the top of my head, some of the better ones are WP-Hashcash, Signup Question and Admin confirm new blogs. Hashcash is available at https://wordpress.org/extend/plugins and the others are at http://wpmudev.org/plugins/

Loads of good ideas though in the WPMU forums and that is the best place to start looking.

Trent

its http://spotskenya.com

I have had a major spam attack on my new instalation… over 100 new blog and user subsriptions that are definately spam… how can i over come this…

they are signing up and then confirming the email…

shall i put a human idendifyer on??

I think it somewhat depends on the kind of network you have but I generally recommend against open registration for blogs and, instead, have people request a blog with you instead. Yeah, it’s a bit more work and yeah, it takes away some spontaneity – but the reality is you’ll have tenfold the amount of work with monitoring for SPAM blogs AND people that do the spur of the moment “let’s start a blog” thing are not your long term bloggers either. What’s the benefit of having 100 inactive blogs on your network? I’d rather have 5 that update daily with solid, quality content. As with many things in life, quality trumps quantity any day of the week.

So, it may sound a bit counter-intuitive but I’m all for slowing down to speed up with blogs/members that are worth your effort.

1. not to be a dick but it would help a lot if you could create a better topic title than WTF??

2. that error smells really fishy…almost spam like. scary. curious to see what comes of it

It can, but the amount of spam accounts will increase dramatically. The reason for sending the account password via e-mail is to prevent spammers from simply entering a known username and password and creating 1000’s of spam blog posts on wordpress mu.

I have a similar situation, where I have a current site with 15k users, username and passwords. What I used is this plugin. It works well on wordpress and buddypress.

https://wordpress.org/extend/plugins/external-database-authentication/

When a user logins, it checks my “other” database for the username, and validates the password against it. This means they don’t need to do the e-maiil thing, as their e-mail was already validated on the old site. It then creates the user in wordpress and the user doesn’t notice anything.

How you could do this for your friends, just make a table of all the friends, and set the same password for everyone initially, and ask them to change it. I only suggest this for very small beta sites with friends you trust, like less then 10 people.

Brad

http://gorgeousgamers.com/beta