New file |
0,0 → 1,219 |
<?php |
|
//////////////////////////////////////////////////////////////////////////////// |
// // |
// Copyright (C) 2006 Phorum Development Team // |
// http://www.phorum.org // |
// // |
// This program is free software. You can redistribute it and/or modify // |
// it under the terms of either the current Phorum License (viewable at // |
// phorum.org) or the Phorum License that was distributed with this file // |
// // |
// This program is distributed in the hope that it will be useful, // |
// but WITHOUT ANY WARRANTY, without even the implied warranty of // |
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. // |
// // |
// You should have received a copy of the Phorum License // |
// along with this program. // |
//////////////////////////////////////////////////////////////////////////////// |
|
if(!defined("PHORUM")) return; |
|
|
function phorum_gen_password($charpart=4, $numpart=3) |
{ |
$vowels = array("a", "e", "i", "o", "u"); |
$cons = array("b", "c", "d", "g", "h", "j", "k", "l", "m", "n", "p", "r", "s", "t", "u", "v", "w", "tr", "cr", "br", "fr", "th", "dr", "ch", "ph", "wr", "st", "sp", "sw", "pr", "sl", "cl"); |
|
$num_vowels = count($vowels); |
$num_cons = count($cons); |
|
$password=""; |
|
for($i = 0; $i < $charpart; $i++){ |
$password .= $cons[mt_rand(0, $num_cons - 1)] . $vowels[mt_rand(0, $num_vowels - 1)]; |
} |
|
$password = substr($password, 0, $charpart); |
|
if($numpart){ |
$max=(int)str_pad("", $numpart, "9"); |
$min=(int)str_pad("1", $numpart, "0"); |
|
$num=(string)mt_rand($min, $max); |
} |
|
return strtolower($password.$num); |
} |
|
// ---------------------------------------------------------------------------- |
// Banlist checking |
// ---------------------------------------------------------------------------- |
|
/** |
* This function can perform multiple banlist checks at once and will |
* automatically generate an appropriate error message when a banlist |
* match is found. |
* @param bans - an array of bans to check. Each element in this array is an |
* array itself with two elements: the value to check and the |
* type of banlist to check against. One special case: |
* if the type if PHORUM_BAD_IPS, the value may be NULL. |
* In that case the IP/hostname of the client will be checked. |
* @return - An error message in case a banlist match was found or NULL |
* if no match was found. |
*/ |
function phorum_check_bans($bans) |
{ |
$PHORUM = $GLOBALS["PHORUM"]; |
|
// A mapping from bantype -> error message to return on match. |
$phorum_bantype2error = array ( |
PHORUM_BAD_NAMES => "ErrBannedName", |
PHORUM_BAD_EMAILS => "ErrBannedEmail", |
PHORUM_BAD_USERID => "ErrBannedUser", |
PHORUM_BAD_IPS => "ErrBannedIP", |
PHORUM_BAD_SPAM_WORDS => "ErrBannedContent", |
); |
|
// These language strings are set dynamically, so the language |
// tool won't recognize them automatically. Therefore they are |
// mentioned here. |
// $PHORUM["DATA"]["LANG"]["ErrBannedName"] |
// $PHORUM["DATA"]["LANG"]["ErrBannedEmail"] |
// $PHORUM["DATA"]["LANG"]["ErrBannedUser"] |
// $PHORUM["DATA"]["LANG"]["ErrBannedIP"] |
|
// Load the ban lists. |
if (! isset($GLOBALS["PHORUM"]["banlists"])) |
$GLOBALS["PHORUM"]["banlists"] = phorum_db_get_banlists(); |
if(! isset($GLOBALS['PHORUM']['banlists'])) return NULL; |
|
// Run the checks. |
for (;;) { |
// An array for adding ban checks on the fly. |
$add_bans = array(); |
|
foreach ($bans as $ban) { |
// Checking IP/hostname, but no value set? Then add the IP-address |
// and hostname (if DNS lookups are enabled) to the end of the checking |
// queue and continue with the next check. |
if ($ban[1] == PHORUM_BAD_IPS && $ban[0] == NULL) { |
$add_bans[] = array($_SERVER["REMOTE_ADDR"], PHORUM_BAD_IPS); |
if ($PHORUM["dns_lookup"]) { |
$resolved = @gethostbyaddr($_SERVER["REMOTE_ADDR"]); |
if (!empty($resolved) && $resolved != $_SERVER["REMOTE_ADDR"]) { |
$add_bans[] = array($resolved, PHORUM_BAD_IPS); |
} |
} |
continue; |
} |
|
// Do a single banlist check. Return an error if we find a match. |
if (! phorum_check_ban_lists($ban[0], $ban[1])) { |
$msg = $PHORUM["DATA"]["LANG"][$phorum_bantype2error[$ban[1]]]; |
// Replace %name% with the blocked string. |
$msg = str_replace('%name%', htmlspecialchars($ban[0]), $msg); |
return $msg; |
} |
} |
|
// Bans added on the fly? Then restart the loop. |
if (count($add_bans) == 0) { |
break; |
} else { |
$bans = $add_bans; |
} |
} |
|
return NULL; |
} |
|
/** |
* Check a single banlist for a match. |
* @param value - The value to check. |
* @param type - The type of banlist to check the value against. |
* @return True if all is okay. False if a match has been found. |
*/ |
function phorum_check_ban_lists($value, $type) |
{ |
// Load the ban lists. |
if (! isset($GLOBALS["PHORUM"]["banlists"])) |
$GLOBALS["PHORUM"]["banlists"] = phorum_db_get_banlists(); |
if(! isset($GLOBALS['PHORUM']['banlists'])) return true; |
|
$banlists = $GLOBALS['PHORUM']['banlists']; |
|
$value = trim($value); |
|
if (!empty($value)) { |
if (isset($banlists[$type]) && is_array($banlists[$type])) { |
foreach($banlists[$type] as $item) { |
if ( !empty($item['string']) && ( |
($item["pcre"] && @preg_match("/\b".$item['string']."\b/i", $value)) || |
(!$item["pcre"] && stristr($value , $item["string"]) && $type != PHORUM_BAD_USERID) || |
($type == PHORUM_BAD_USERID && $value == $item["string"])) ) { |
return false; |
} |
} |
} |
} |
|
return true; |
} |
|
|
/* |
|
function phorum_dyn_profile_html($field, $value="") |
{ |
|
// $PHORUM["PROFILE_FIELDS"][]=array("name"=>"real_name", "type"=>"text", "length"=>100, "required"=>0); |
// $PHORUM["PROFILE_FIELDS"][]=array("name"=>"email", "type"=>"text", "length"=>100, "required"=>1); |
// $PHORUM["PROFILE_FIELDS"][]=array("name"=>"hide_email", "type"=>"bool", "default"=>1); |
// $PHORUM["PROFILE_FIELDS"][]=array("name"=>"sig", "type"=>"text", "length"=>0, "required"=>0); |
|
|
$PHORUM=$GLOBALS["PHORUM"]; |
|
$html=""; |
|
switch ($field["type"]){ |
|
case "text": |
if($field["length"]==0){ |
$html="<textarea name=\"$field[name]\" rows=\"15\" cols=\"50\" style=\"width: 100%\">$value</textarea>"; |
} else { |
$html="<input type=\"text\" name=\"$field[name]\" size=\"30\" maxlength=\"$field[length]\" value=\"$value\" />"; |
} |
break; |
case "check": |
$html ="<input type=\"checkbox\" name=\"$field[name]\" value=\"1\" "; |
if($value) $html.="checked "; |
$html.="/> $field[caption]"; |
break; |
case "radio": |
foreach($field["options"] as $option){ |
$html.="<input type=\"radio\" name=\"$field[name]\" value=\"$option\" "; |
if($value==$option) $html.="checked "; |
$html.="/> $option "; |
} |
break; |
case "select": |
$html ="<select name=\"$field[name]\" size=\"1\">"; |
foreach($field["options"] as $option){ |
$html.="<option value=\"$option\""; |
if($value==$option) $html.=" selected"; |
$html.=">$option</option>"; |
} |
$html.="</select>"; |
break; |
|
} |
|
return $html; |
|
} |
|
*/ |
|
?> |