Rev 1087 | Blame | Compare with Previous | Last modification | View Log | RSS feed
<?php////////////////////////////////////////////////////////////////////////////////// //// Copyright (C) 2006 Phorum Development Team //// http://www.phorum.org //// //// This program is free software. You can redistribute it and/or modify //// it under the terms of either the current Phorum License (viewable at //// phorum.org) or the Phorum License that was distributed with this file //// //// This program is distributed in the hope that it will be useful, //// but WITHOUT ANY WARRANTY, without even the implied warranty of //// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. //// //// You should have received a copy of the Phorum License //// along with this program. //////////////////////////////////////////////////////////////////////////////////if(!defined("PHORUM")) return;function phorum_gen_password($charpart=4, $numpart=3){$vowels = array("a", "e", "i", "o", "u");$cons = array("b", "c", "d", "g", "h", "j", "k", "l", "m", "n", "p", "r", "s", "t", "u", "v", "w", "tr", "cr", "br", "fr", "th", "dr", "ch", "ph", "wr", "st", "sp", "sw", "pr", "sl", "cl");$num_vowels = count($vowels);$num_cons = count($cons);$password="";for($i = 0; $i < $charpart; $i++){$password .= $cons[mt_rand(0, $num_cons - 1)] . $vowels[mt_rand(0, $num_vowels - 1)];}$password = substr($password, 0, $charpart);if($numpart){$max=(int)str_pad("", $numpart, "9");$min=(int)str_pad("1", $numpart, "0");$num=(string)mt_rand($min, $max);}return strtolower($password.$num);}// ----------------------------------------------------------------------------// Banlist checking// ----------------------------------------------------------------------------/*** This function can perform multiple banlist checks at once and will* automatically generate an appropriate error message when a banlist* match is found.* @param bans - an array of bans to check. Each element in this array is an* array itself with two elements: the value to check and the* type of banlist to check against. One special case:* if the type if PHORUM_BAD_IPS, the value may be NULL.* In that case the IP/hostname of the client will be checked.* @return - An error message in case a banlist match was found or NULL* if no match was found.*/function phorum_check_bans($bans){$PHORUM = $GLOBALS["PHORUM"];// A mapping from bantype -> error message to return on match.$phorum_bantype2error = array (PHORUM_BAD_NAMES => "ErrBannedName",PHORUM_BAD_EMAILS => "ErrBannedEmail",PHORUM_BAD_USERID => "ErrBannedUser",PHORUM_BAD_IPS => "ErrBannedIP",PHORUM_BAD_SPAM_WORDS => "ErrBannedContent",);// These language strings are set dynamically, so the language// tool won't recognize them automatically. Therefore they are// mentioned here.// $PHORUM["DATA"]["LANG"]["ErrBannedName"]// $PHORUM["DATA"]["LANG"]["ErrBannedEmail"]// $PHORUM["DATA"]["LANG"]["ErrBannedUser"]// $PHORUM["DATA"]["LANG"]["ErrBannedIP"]// Load the ban lists.if (! isset($GLOBALS["PHORUM"]["banlists"]))$GLOBALS["PHORUM"]["banlists"] = phorum_db_get_banlists();if(! isset($GLOBALS['PHORUM']['banlists'])) return NULL;// Run the checks.for (;;) {// An array for adding ban checks on the fly.$add_bans = array();foreach ($bans as $ban) {// Checking IP/hostname, but no value set? Then add the IP-address// and hostname (if DNS lookups are enabled) to the end of the checking// queue and continue with the next check.if ($ban[1] == PHORUM_BAD_IPS && $ban[0] == NULL) {$add_bans[] = array($_SERVER["REMOTE_ADDR"], PHORUM_BAD_IPS);if ($PHORUM["dns_lookup"]) {$resolved = @gethostbyaddr($_SERVER["REMOTE_ADDR"]);if (!empty($resolved) && $resolved != $_SERVER["REMOTE_ADDR"]) {$add_bans[] = array($resolved, PHORUM_BAD_IPS);}}continue;}// Do a single banlist check. Return an error if we find a match.if (! phorum_check_ban_lists($ban[0], $ban[1])) {$msg = $PHORUM["DATA"]["LANG"][$phorum_bantype2error[$ban[1]]];// Replace %name% with the blocked string.$msg = str_replace('%name%', htmlspecialchars($ban[0]), $msg);return $msg;}}// Bans added on the fly? Then restart the loop.if (count($add_bans) == 0) {break;} else {$bans = $add_bans;}}return NULL;}/*** Check a single banlist for a match.* @param value - The value to check.* @param type - The type of banlist to check the value against.* @return True if all is okay. False if a match has been found.*/function phorum_check_ban_lists($value, $type){// Load the ban lists.if (! isset($GLOBALS["PHORUM"]["banlists"]))$GLOBALS["PHORUM"]["banlists"] = phorum_db_get_banlists();if(! isset($GLOBALS['PHORUM']['banlists'])) return true;$banlists = $GLOBALS['PHORUM']['banlists'];$value = trim($value);if (!empty($value)) {if (isset($banlists[$type]) && is_array($banlists[$type])) {foreach($banlists[$type] as $item) {if ( !empty($item['string']) && (($item["pcre"] && @preg_match("/\b".$item['string']."\b/i", $value)) ||(!$item["pcre"] && stristr($value , $item["string"]) && $type != PHORUM_BAD_USERID) ||($type == PHORUM_BAD_USERID && $value == $item["string"])) ) {return false;}}}}return true;}/*function phorum_dyn_profile_html($field, $value=""){// $PHORUM["PROFILE_FIELDS"][]=array("name"=>"real_name", "type"=>"text", "length"=>100, "required"=>0);// $PHORUM["PROFILE_FIELDS"][]=array("name"=>"email", "type"=>"text", "length"=>100, "required"=>1);// $PHORUM["PROFILE_FIELDS"][]=array("name"=>"hide_email", "type"=>"bool", "default"=>1);// $PHORUM["PROFILE_FIELDS"][]=array("name"=>"sig", "type"=>"text", "length"=>0, "required"=>0);$PHORUM=$GLOBALS["PHORUM"];$html="";switch ($field["type"]){case "text":if($field["length"]==0){$html="<textarea name=\"$field[name]\" rows=\"15\" cols=\"50\" style=\"width: 100%\">$value</textarea>";} else {$html="<input type=\"text\" name=\"$field[name]\" size=\"30\" maxlength=\"$field[length]\" value=\"$value\" />";}break;case "check":$html ="<input type=\"checkbox\" name=\"$field[name]\" value=\"1\" ";if($value) $html.="checked ";$html.="/> $field[caption]";break;case "radio":foreach($field["options"] as $option){$html.="<input type=\"radio\" name=\"$field[name]\" value=\"$option\" ";if($value==$option) $html.="checked ";$html.="/> $option ";}break;case "select":$html ="<select name=\"$field[name]\" size=\"1\">";foreach($field["options"] as $option){$html.="<option value=\"$option\"";if($value==$option) $html.=" selected";$html.=">$option</option>";}$html.="</select>";break;}return $html;}*/?>