Rev 1372 | Blame | Compare with Previous | Last modification | View Log | RSS feed
<?php
////////////////////////////////////////////////////////////////////////////////
// //
// Copyright (C) 2006 Phorum Development Team //
// http://www.phorum.org //
// //
// This program is free software. You can redistribute it and/or modify //
// it under the terms of either the current Phorum License (viewable at //
// phorum.org) or the Phorum License that was distributed with this file //
// //
// This program is distributed in the hope that it will be useful, //
// but WITHOUT ANY WARRANTY, without even the implied warranty of //
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. //
// //
// You should have received a copy of the Phorum License //
// along with this program. //
////////////////////////////////////////////////////////////////////////////////
if(!defined("PHORUM")) return;
function phorum_gen_password($charpart=4, $numpart=3)
{
$vowels = array("a", "e", "i", "o", "u");
$cons = array("b", "c", "d", "g", "h", "j", "k", "l", "m", "n", "p", "r", "s", "t", "u", "v", "w", "tr", "cr", "br", "fr", "th", "dr", "ch", "ph", "wr", "st", "sp", "sw", "pr", "sl", "cl");
$num_vowels = count($vowels);
$num_cons = count($cons);
$password="";
for($i = 0; $i < $charpart; $i++){
$password .= $cons[mt_rand(0, $num_cons - 1)] . $vowels[mt_rand(0, $num_vowels - 1)];
}
$password = substr($password, 0, $charpart);
if($numpart){
$max=(int)str_pad("", $numpart, "9");
$min=(int)str_pad("1", $numpart, "0");
$num=(string)mt_rand($min, $max);
}
return strtolower($password.$num);
}
// ----------------------------------------------------------------------------
// Banlist checking
// ----------------------------------------------------------------------------
/**
* This function can perform multiple banlist checks at once and will
* automatically generate an appropriate error message when a banlist
* match is found.
* @param bans - an array of bans to check. Each element in this array is an
* array itself with two elements: the value to check and the
* type of banlist to check against. One special case:
* if the type if PHORUM_BAD_IPS, the value may be NULL.
* In that case the IP/hostname of the client will be checked.
* @return - An error message in case a banlist match was found or NULL
* if no match was found.
*/
function phorum_check_bans($bans)
{
$PHORUM = $GLOBALS["PHORUM"];
// A mapping from bantype -> error message to return on match.
$phorum_bantype2error = array (
PHORUM_BAD_NAMES => "ErrBannedName",
PHORUM_BAD_EMAILS => "ErrBannedEmail",
PHORUM_BAD_USERID => "ErrBannedUser",
PHORUM_BAD_IPS => "ErrBannedIP",
PHORUM_BAD_SPAM_WORDS => "ErrBannedContent",
);
// These language strings are set dynamically, so the language
// tool won't recognize them automatically. Therefore they are
// mentioned here.
// $PHORUM["DATA"]["LANG"]["ErrBannedName"]
// $PHORUM["DATA"]["LANG"]["ErrBannedEmail"]
// $PHORUM["DATA"]["LANG"]["ErrBannedUser"]
// $PHORUM["DATA"]["LANG"]["ErrBannedIP"]
// Load the ban lists.
if (! isset($GLOBALS["PHORUM"]["banlists"]))
$GLOBALS["PHORUM"]["banlists"] = phorum_db_get_banlists();
if(! isset($GLOBALS['PHORUM']['banlists'])) return NULL;
// Run the checks.
for (;;) {
// An array for adding ban checks on the fly.
$add_bans = array();
foreach ($bans as $ban) {
// Checking IP/hostname, but no value set? Then add the IP-address
// and hostname (if DNS lookups are enabled) to the end of the checking
// queue and continue with the next check.
if ($ban[1] == PHORUM_BAD_IPS && $ban[0] == NULL) {
$add_bans[] = array($_SERVER["REMOTE_ADDR"], PHORUM_BAD_IPS);
if ($PHORUM["dns_lookup"]) {
$resolved = @gethostbyaddr($_SERVER["REMOTE_ADDR"]);
if (!empty($resolved) && $resolved != $_SERVER["REMOTE_ADDR"]) {
$add_bans[] = array($resolved, PHORUM_BAD_IPS);
}
}
continue;
}
// Do a single banlist check. Return an error if we find a match.
if (! phorum_check_ban_lists($ban[0], $ban[1])) {
$msg = $PHORUM["DATA"]["LANG"][$phorum_bantype2error[$ban[1]]];
// Replace %name% with the blocked string.
$msg = str_replace('%name%', htmlspecialchars($ban[0]), $msg);
return $msg;
}
}
// Bans added on the fly? Then restart the loop.
if (count($add_bans) == 0) {
break;
} else {
$bans = $add_bans;
}
}
return NULL;
}
/**
* Check a single banlist for a match.
* @param value - The value to check.
* @param type - The type of banlist to check the value against.
* @return True if all is okay. False if a match has been found.
*/
function phorum_check_ban_lists($value, $type)
{
// Load the ban lists.
if (! isset($GLOBALS["PHORUM"]["banlists"]))
$GLOBALS["PHORUM"]["banlists"] = phorum_db_get_banlists();
if(! isset($GLOBALS['PHORUM']['banlists'])) return true;
$banlists = $GLOBALS['PHORUM']['banlists'];
$value = trim($value);
if (!empty($value)) {
if (isset($banlists[$type]) && is_array($banlists[$type])) {
foreach($banlists[$type] as $item) {
if ( !empty($item['string']) && (
($item["pcre"] && @preg_match("/\b".$item['string']."\b/i", $value)) ||
(!$item["pcre"] && stristr($value , $item["string"]) && $type != PHORUM_BAD_USERID) ||
($type == PHORUM_BAD_USERID && $value == $item["string"])) ) {
return false;
}
}
}
}
return true;
}
/*
function phorum_dyn_profile_html($field, $value="")
{
// $PHORUM["PROFILE_FIELDS"][]=array("name"=>"real_name", "type"=>"text", "length"=>100, "required"=>0);
// $PHORUM["PROFILE_FIELDS"][]=array("name"=>"email", "type"=>"text", "length"=>100, "required"=>1);
// $PHORUM["PROFILE_FIELDS"][]=array("name"=>"hide_email", "type"=>"bool", "default"=>1);
// $PHORUM["PROFILE_FIELDS"][]=array("name"=>"sig", "type"=>"text", "length"=>0, "required"=>0);
$PHORUM=$GLOBALS["PHORUM"];
$html="";
switch ($field["type"]){
case "text":
if($field["length"]==0){
$html="<textarea name=\"$field[name]\" rows=\"15\" cols=\"50\" style=\"width: 100%\">$value</textarea>";
} else {
$html="<input type=\"text\" name=\"$field[name]\" size=\"30\" maxlength=\"$field[length]\" value=\"$value\" />";
}
break;
case "check":
$html ="<input type=\"checkbox\" name=\"$field[name]\" value=\"1\" ";
if($value) $html.="checked ";
$html.="/> $field[caption]";
break;
case "radio":
foreach($field["options"] as $option){
$html.="<input type=\"radio\" name=\"$field[name]\" value=\"$option\" ";
if($value==$option) $html.="checked ";
$html.="/> $option ";
}
break;
case "select":
$html ="<select name=\"$field[name]\" size=\"1\">";
foreach($field["options"] as $option){
$html.="<option value=\"$option\"";
if($value==$option) $html.=" selected";
$html.=">$option</option>";
}
$html.="</select>";
break;
}
return $html;
}
*/
?>