Hi @kirupa
I happened to have somehow the same issue.
We reviewed thousands of automatically flagged (system and Akismet) posts/users on my forum.
The accuracy of both system and Akismet was very close to 100% (1 false positive to my knowledge for 2500 flags). It’s not the case for every forum, so you have to be sure of what you’re doing if you want to automate the ban of automatically flagged users.
In the end, I made a PHP script using a Discourse webhook data:
I first created the webhook:
Then I used Use Discourse webhooks with PHP to receive the request and parse the data.
I added custom code to trigger the auto-ban by sending an API request to Discourse, based on arbitrary criteria:
Here’s the final code:
<?php
// Immediately verify the authenticity of the request.
if (array_key_exists('HTTP_X_DISCOURSE_EVENT_SIGNATURE', $_SERVER)) {
$discourse_payload_raw = file_get_contents('php://input');
$discourse_payload_sha256 = substr($_SERVER['HTTP_X_DISCOURSE_EVENT_SIGNATURE'], 7);
// For security, configure the webhook with a secret in Discourse and set it below.
$discourse_payload_secret = 'xxxxxxxxxxxxxxxxxxxxx';
// Verify that the request was sent from an authorized webhook.
if (hash_hmac('sha256', $discourse_payload_raw, $discourse_payload_secret) == $discourse_payload_sha256) {
echo 'received';
}
else {
die('authentication failed');
}
}
else {
die('access denied');
}
// Prepare the payload for use in the PHP script.
$discourse_json = json_decode($discourse_payload_raw);
$reviewable = $discourse_json->reviewable;
// Set up the API URL
$api_url = "https://unicyclist.com/review/$reviewable->id/perform/delete_user?version=0";
// Verify that the "type" and "score" properties are valid
if (($reviewable->type == "ReviewableUser" || $reviewable->type == "ReviewableAkismetUser" || $reviewable->type == "ReviewableQueuedPost") && $reviewable->score > 0) {
// Set up the curl options
$options = array(
CURLOPT_URL => $api_url,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_CUSTOMREQUEST => "PUT", // Set the request method to PUT
CURLOPT_HTTPHEADER => array(
"Api-Key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"Api-Username: system"
)
);
// Initialize the curl session
$curl = curl_init();
curl_setopt_array($curl, $options);
// Make the API call
$response = curl_exec($curl);
curl_close($curl);
// Decode the response
$response_data = json_decode($response);
print_r($response_data);
} else {
exit;
}
?>
It works perfectly so far.
Note that my code may be very dangerous to use in another context and the content must be thought carefully.
For example, a “ReviewableUser” flag may be set on users on forums who need to validate users manually (I don’t know if it’s the case, it’s just an example). Other forums could have changed the spammer detection thresholds in their setting, or the automatic detection could simply be less accurate on their forum.