ForumRole::NumPosts() looks like:
function NumPosts() {
if(is_numeric($this->owner->ID)) {
return (int)DB::query("SELECT count(*) FROM \"Post\" WHERE \"AuthorID\" = '" . $this->owner->ID . "'")->value();
} else {
return 0;
}
}
But this returns not just *approved* posts -- it will also include any spam that has not yet been reviewed (and spam that was rejected.) A spammer can therefore rack up X number of not-yet-approved posts, and bypass any logic that anyone writes against NumPosts.
I just added the following into my own member extension:
function NumApprovedPosts()
{
if(is_numeric($this->owner->ID)) {
return (int)DB::query("SELECT count(*) FROM \"Post\" WHERE \"AuthorID\" = '" . $this->owner->ID . "' AND \"Status\" != 'Awaiting' AND \"Status\" != 'Rejected'")->value();
} else {
return 0;
}
}
Does that look right? (Is there a better way to do this?) I'd prefer negative awaiting/rejected instead of affirmative on the others, since it is more likely that status might be added in the future that are more related to valid posts than invalid.