| 831 |
florian |
1 |
<?php
|
|
|
2 |
|
|
|
3 |
////////////////////////////////////////////////////////////////////////////////
|
|
|
4 |
// //
|
|
|
5 |
// Copyright (C) 2006 Phorum Development Team //
|
|
|
6 |
// http://www.phorum.org //
|
|
|
7 |
// //
|
|
|
8 |
// This program is free software. You can redistribute it and/or modify //
|
|
|
9 |
// it under the terms of either the current Phorum License (viewable at //
|
|
|
10 |
// phorum.org) or the Phorum License that was distributed with this file //
|
|
|
11 |
// //
|
|
|
12 |
// This program is distributed in the hope that it will be useful, //
|
|
|
13 |
// but WITHOUT ANY WARRANTY, without even the implied warranty of //
|
|
|
14 |
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. //
|
|
|
15 |
// //
|
|
|
16 |
// You should have received a copy of the Phorum License //
|
|
|
17 |
// along with this program. //
|
|
|
18 |
////////////////////////////////////////////////////////////////////////////////
|
|
|
19 |
|
|
|
20 |
if(!defined("PHORUM")) return;
|
|
|
21 |
|
|
|
22 |
|
|
|
23 |
function phorum_gen_password($charpart=4, $numpart=3)
|
|
|
24 |
{
|
|
|
25 |
$vowels = array("a", "e", "i", "o", "u");
|
|
|
26 |
$cons = array("b", "c", "d", "g", "h", "j", "k", "l", "m", "n", "p", "r", "s", "t", "u", "v", "w", "tr", "cr", "br", "fr", "th", "dr", "ch", "ph", "wr", "st", "sp", "sw", "pr", "sl", "cl");
|
|
|
27 |
|
|
|
28 |
$num_vowels = count($vowels);
|
|
|
29 |
$num_cons = count($cons);
|
|
|
30 |
|
|
|
31 |
$password="";
|
|
|
32 |
|
|
|
33 |
for($i = 0; $i < $charpart; $i++){
|
|
|
34 |
$password .= $cons[mt_rand(0, $num_cons - 1)] . $vowels[mt_rand(0, $num_vowels - 1)];
|
|
|
35 |
}
|
|
|
36 |
|
|
|
37 |
$password = substr($password, 0, $charpart);
|
|
|
38 |
|
|
|
39 |
if($numpart){
|
|
|
40 |
$max=(int)str_pad("", $numpart, "9");
|
|
|
41 |
$min=(int)str_pad("1", $numpart, "0");
|
|
|
42 |
|
|
|
43 |
$num=(string)mt_rand($min, $max);
|
|
|
44 |
}
|
|
|
45 |
|
|
|
46 |
return strtolower($password.$num);
|
|
|
47 |
}
|
|
|
48 |
|
|
|
49 |
// ----------------------------------------------------------------------------
|
|
|
50 |
// Banlist checking
|
|
|
51 |
// ----------------------------------------------------------------------------
|
|
|
52 |
|
|
|
53 |
/**
|
|
|
54 |
* This function can perform multiple banlist checks at once and will
|
|
|
55 |
* automatically generate an appropriate error message when a banlist
|
|
|
56 |
* match is found.
|
|
|
57 |
* @param bans - an array of bans to check. Each element in this array is an
|
|
|
58 |
* array itself with two elements: the value to check and the
|
|
|
59 |
* type of banlist to check against. One special case:
|
|
|
60 |
* if the type if PHORUM_BAD_IPS, the value may be NULL.
|
|
|
61 |
* In that case the IP/hostname of the client will be checked.
|
|
|
62 |
* @return - An error message in case a banlist match was found or NULL
|
|
|
63 |
* if no match was found.
|
|
|
64 |
*/
|
|
|
65 |
function phorum_check_bans($bans)
|
|
|
66 |
{
|
|
|
67 |
$PHORUM = $GLOBALS["PHORUM"];
|
|
|
68 |
|
|
|
69 |
// A mapping from bantype -> error message to return on match.
|
|
|
70 |
$phorum_bantype2error = array (
|
|
|
71 |
PHORUM_BAD_NAMES => "ErrBannedName",
|
|
|
72 |
PHORUM_BAD_EMAILS => "ErrBannedEmail",
|
|
|
73 |
PHORUM_BAD_USERID => "ErrBannedUser",
|
|
|
74 |
PHORUM_BAD_IPS => "ErrBannedIP",
|
|
|
75 |
PHORUM_BAD_SPAM_WORDS => "ErrBannedContent",
|
|
|
76 |
);
|
|
|
77 |
|
|
|
78 |
// These language strings are set dynamically, so the language
|
|
|
79 |
// tool won't recognize them automatically. Therefore they are
|
|
|
80 |
// mentioned here.
|
|
|
81 |
// $PHORUM["DATA"]["LANG"]["ErrBannedName"]
|
|
|
82 |
// $PHORUM["DATA"]["LANG"]["ErrBannedEmail"]
|
|
|
83 |
// $PHORUM["DATA"]["LANG"]["ErrBannedUser"]
|
|
|
84 |
// $PHORUM["DATA"]["LANG"]["ErrBannedIP"]
|
|
|
85 |
|
|
|
86 |
// Load the ban lists.
|
|
|
87 |
if (! isset($GLOBALS["PHORUM"]["banlists"]))
|
|
|
88 |
$GLOBALS["PHORUM"]["banlists"] = phorum_db_get_banlists();
|
|
|
89 |
if(! isset($GLOBALS['PHORUM']['banlists'])) return NULL;
|
|
|
90 |
|
|
|
91 |
// Run the checks.
|
|
|
92 |
for (;;) {
|
|
|
93 |
// An array for adding ban checks on the fly.
|
|
|
94 |
$add_bans = array();
|
|
|
95 |
|
|
|
96 |
foreach ($bans as $ban) {
|
|
|
97 |
// Checking IP/hostname, but no value set? Then add the IP-address
|
|
|
98 |
// and hostname (if DNS lookups are enabled) to the end of the checking
|
|
|
99 |
// queue and continue with the next check.
|
|
|
100 |
if ($ban[1] == PHORUM_BAD_IPS && $ban[0] == NULL) {
|
|
|
101 |
$add_bans[] = array($_SERVER["REMOTE_ADDR"], PHORUM_BAD_IPS);
|
|
|
102 |
if ($PHORUM["dns_lookup"]) {
|
|
|
103 |
$resolved = @gethostbyaddr($_SERVER["REMOTE_ADDR"]);
|
|
|
104 |
if (!empty($resolved) && $resolved != $_SERVER["REMOTE_ADDR"]) {
|
|
|
105 |
$add_bans[] = array($resolved, PHORUM_BAD_IPS);
|
|
|
106 |
}
|
|
|
107 |
}
|
|
|
108 |
continue;
|
|
|
109 |
}
|
|
|
110 |
|
|
|
111 |
// Do a single banlist check. Return an error if we find a match.
|
|
|
112 |
if (! phorum_check_ban_lists($ban[0], $ban[1])) {
|
|
|
113 |
$msg = $PHORUM["DATA"]["LANG"][$phorum_bantype2error[$ban[1]]];
|
|
|
114 |
// Replace %name% with the blocked string.
|
|
|
115 |
$msg = str_replace('%name%', htmlspecialchars($ban[0]), $msg);
|
|
|
116 |
return $msg;
|
|
|
117 |
}
|
|
|
118 |
}
|
|
|
119 |
|
|
|
120 |
// Bans added on the fly? Then restart the loop.
|
|
|
121 |
if (count($add_bans) == 0) {
|
|
|
122 |
break;
|
|
|
123 |
} else {
|
|
|
124 |
$bans = $add_bans;
|
|
|
125 |
}
|
|
|
126 |
}
|
|
|
127 |
|
|
|
128 |
return NULL;
|
|
|
129 |
}
|
|
|
130 |
|
|
|
131 |
/**
|
|
|
132 |
* Check a single banlist for a match.
|
|
|
133 |
* @param value - The value to check.
|
|
|
134 |
* @param type - The type of banlist to check the value against.
|
|
|
135 |
* @return True if all is okay. False if a match has been found.
|
|
|
136 |
*/
|
|
|
137 |
function phorum_check_ban_lists($value, $type)
|
|
|
138 |
{
|
|
|
139 |
// Load the ban lists.
|
|
|
140 |
if (! isset($GLOBALS["PHORUM"]["banlists"]))
|
|
|
141 |
$GLOBALS["PHORUM"]["banlists"] = phorum_db_get_banlists();
|
|
|
142 |
if(! isset($GLOBALS['PHORUM']['banlists'])) return true;
|
|
|
143 |
|
|
|
144 |
$banlists = $GLOBALS['PHORUM']['banlists'];
|
|
|
145 |
|
|
|
146 |
$value = trim($value);
|
|
|
147 |
|
|
|
148 |
if (!empty($value)) {
|
|
|
149 |
if (isset($banlists[$type]) && is_array($banlists[$type])) {
|
|
|
150 |
foreach($banlists[$type] as $item) {
|
|
|
151 |
if ( !empty($item['string']) && (
|
|
|
152 |
($item["pcre"] && @preg_match("/\b".$item['string']."\b/i", $value)) ||
|
|
|
153 |
(!$item["pcre"] && stristr($value , $item["string"]) && $type != PHORUM_BAD_USERID) ||
|
|
|
154 |
($type == PHORUM_BAD_USERID && $value == $item["string"])) ) {
|
|
|
155 |
return false;
|
|
|
156 |
}
|
|
|
157 |
}
|
|
|
158 |
}
|
|
|
159 |
}
|
|
|
160 |
|
|
|
161 |
return true;
|
|
|
162 |
}
|
|
|
163 |
|
|
|
164 |
|
|
|
165 |
/*
|
|
|
166 |
|
|
|
167 |
function phorum_dyn_profile_html($field, $value="")
|
|
|
168 |
{
|
|
|
169 |
|
|
|
170 |
// $PHORUM["PROFILE_FIELDS"][]=array("name"=>"real_name", "type"=>"text", "length"=>100, "required"=>0);
|
|
|
171 |
// $PHORUM["PROFILE_FIELDS"][]=array("name"=>"email", "type"=>"text", "length"=>100, "required"=>1);
|
|
|
172 |
// $PHORUM["PROFILE_FIELDS"][]=array("name"=>"hide_email", "type"=>"bool", "default"=>1);
|
|
|
173 |
// $PHORUM["PROFILE_FIELDS"][]=array("name"=>"sig", "type"=>"text", "length"=>0, "required"=>0);
|
|
|
174 |
|
|
|
175 |
|
|
|
176 |
$PHORUM=$GLOBALS["PHORUM"];
|
|
|
177 |
|
|
|
178 |
$html="";
|
|
|
179 |
|
|
|
180 |
switch ($field["type"]){
|
|
|
181 |
|
|
|
182 |
case "text":
|
|
|
183 |
if($field["length"]==0){
|
|
|
184 |
$html="<textarea name=\"$field[name]\" rows=\"15\" cols=\"50\" style=\"width: 100%\">$value</textarea>";
|
|
|
185 |
} else {
|
|
|
186 |
$html="<input type=\"text\" name=\"$field[name]\" size=\"30\" maxlength=\"$field[length]\" value=\"$value\" />";
|
|
|
187 |
}
|
|
|
188 |
break;
|
|
|
189 |
case "check":
|
|
|
190 |
$html ="<input type=\"checkbox\" name=\"$field[name]\" value=\"1\" ";
|
|
|
191 |
if($value) $html.="checked ";
|
|
|
192 |
$html.="/> $field[caption]";
|
|
|
193 |
break;
|
|
|
194 |
case "radio":
|
|
|
195 |
foreach($field["options"] as $option){
|
|
|
196 |
$html.="<input type=\"radio\" name=\"$field[name]\" value=\"$option\" ";
|
|
|
197 |
if($value==$option) $html.="checked ";
|
|
|
198 |
$html.="/> $option ";
|
|
|
199 |
}
|
|
|
200 |
break;
|
|
|
201 |
case "select":
|
|
|
202 |
$html ="<select name=\"$field[name]\" size=\"1\">";
|
|
|
203 |
foreach($field["options"] as $option){
|
|
|
204 |
$html.="<option value=\"$option\"";
|
|
|
205 |
if($value==$option) $html.=" selected";
|
|
|
206 |
$html.=">$option</option>";
|
|
|
207 |
}
|
|
|
208 |
$html.="</select>";
|
|
|
209 |
break;
|
|
|
210 |
|
|
|
211 |
}
|
|
|
212 |
|
|
|
213 |
return $html;
|
|
|
214 |
|
|
|
215 |
}
|
|
|
216 |
|
|
|
217 |
*/
|
|
|
218 |
|
|
|
219 |
?>
|