echo getpart('align_center', array(lang('Your e-mail is too long!')));
return FALSE;
} elseif (strlen($comments) > $config_comment_max_long and $config_comment_max_long != "" and $config_comment_max_long != "0") {
echo getpart('align_center', array(lang('Your comment is too long!')));
return FALSE;
}
// Check URL in comment
$pattern = "/[.]+(aero|arpa|asia|biz|cat|com|coop|edu|gov|info|int|jobs" . "|mobi|mil|museum|name|net|org|pro|root|tel|travel|ac" . "|ad|ae|af|ag|ai|al|am|an|ao|aq|ar|as|at|au|aw|ax|az" . "|ba|bb|bd|be|bf|bg|bh|bi|bj|bm|bn|bo|br|bs|bt|bw|by" . "|bz|ca|cc|cd|cf|cg|ch|ci|ck|cl|cm|cn|co|cr|cu|cv|cx" . "|cy|cz|de|dj|dk|dm|do|dz|ec|ee|eg|er|es|et|eu|fi|fj" . "|fk|fm|fo|fr|ga|gd|ge|gf|gg|gh|gi|gl|gm|gn|gp|gq|gr" . "|gs|gt|gu|gw|gy|hk|hm|hn|hr|ht|hu|id|ie|htm|html|php|il|im|in|io|iq" . "|ir|is|it|je|jm|jo|jp|ke|kg|kh|ki|km|kn|kr|kw|ky|kz|la" . "|lb|lc|li|lk|lr|ls|lt|lu|lv|ly|ma|mc|md|mg|mh|mk|ml|mm" . "|mn|mo|mp|mq|mr|ms|mt|mu|mv|mw|mx|my|mz|na|nc|asp|cgi" . "|ne|nf|ng|ni|nl|no|np|nr|nu|nz|om|pa|pe|pf|pg|ph|pk" . "|pl|pm|pn|pr|ps|pt|pw|py|qa|re|ro|ru|rw|sa|sb|sc|sd" . "|se|sg|sh|si|sk|sl|sm|sn|sr|st|sv|sy|sz|tc|td|tf|tg|th" . "|tj|tk|tl|tm|tn|to|tr|tt|tv|tw|tz|ua|ug|uk|us|uy|uz|va" . "|vc|ve|vg|vi|vn|vu|wf|ws|ye|yt|yu|za|zm|zw)/i";
if (preg_match($pattern, $comments) && (preg_match("/www./i", $comments) || preg_match("/http/i", $comments))) {
echo getpart('align_center', array(lang("Your not allowed to put URL's in the comments field.")));
return FALSE;
}
//----------------------------------
// Check if IP is blocked or wrong
//----------------------------------
$is_ban = (user_getban($ip) or user_getban($name)) ? true : false;
// user really banned
if ($is_ban) {
echo '<div class="blocking_posting_comment">' . lang('Sorry but you have been blocked from posting comments') . '</div>';
return FALSE;
}
//----------------------------------
// Flood Protection
//----------------------------------
if ($config_flood_time != 0 and $config_flood_time != "") {
if (flooder($ip, $id) == true) {
echo '<div class="blocking_posting_comment">' . str_replace('%1', $config_flood_time, lang('Flood protection activated! You have to wait %1 seconds after your last comment before posting again at this article')) . '</div>';
return FALSE;
}
}
//----------------------------------
if (empty($cs)) {
$cs = false;
} else {
$cs = intval($cs);
}
header("Content-Type: text/javascript");
send_cookie();
echo "document.getElementById('csrf_code{$cs}').value = '{$CSRF}';";
die;
}
// Check the User is Identified -------------------------------------------------------------------------------------
$result = false;
$username = empty($_POST['user']) ? $_POST['username'] : $_SESS['ix'];
$password = $_POST['password'];
// User is banned
if ($bandata = user_getban($ip, false)) {
if ($bandata[1] > $config_ban_attempts + 1) {
msg('error', lang('Error!'), getpart('youban', format_date($bandata[2], 'since-short')));
}
}
if (empty($_SESS['user'])) {
/* Login Authorization using COOKIES */
if ($action == 'dologin') {
// Check referer
RereferCheck();
// Do we have correct username and password ?
$member_db = user_search($username);
$cmd5_password = hash_generate($password);
if (in_array($member_db[UDB_PASS], $cmd5_password)) {
$_SESS['ix'] = $username;
$_SESS['user'] = $username;
// Run Once
if (!file_exists(SERVDIR . '/cdata/installed.mark')) {
fclose(fopen(SERVDIR . '/cdata/installed.mark', 'w'));
relocation("http://www.cutephp.com/thanks.php?referer=" . urlencode(base64_encode('http://' . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'])));
} else {
msg('info', 'Notification', lang('You have successfully installed Cutenews! Refresh page to login.'));
}
}
}
if (empty($is_loged_in)) {
echoheader("user", lang("Please Login"));
echo proc_tpl('login_window', array('lastusername' => htmlspecialchars($username)), array('ALLOW_REG' => $config_allow_registration == "1" ? 1 : 0));
echofooter();
} elseif ($is_loged_in) {
// User banned
if ('blocked' == user_getban($member_db[UDB_NAME], true)) {
$_SESS['user'] = false;
send_cookie();
msg('error', lang('Error!'), lang('You\'re banned!'));
}
// ********************************************************************************
// Include System Module
// ********************************************************************************
//name of mod //access
$system_modules = array('addnews' => 'user', 'editnews' => 'user', 'main' => 'user', 'options' => 'user', 'images' => 'user', 'editusers' => 'admin', 'editcomments' => 'admin', 'tools' => 'admin', 'ipban' => 'admin', 'about' => 'user', 'categories' => 'admin', 'massactions' => 'user', 'help' => 'user', 'debug' => 'admin', 'wizards' => 'admin', 'update' => 'user', 'rating' => 'user');
list($system_modules, $mod, $stop) = hook('system_modules_expand', array($system_modules, $mod, false));
// Plugin tells us: don't show anything, stop
if ($stop == false) {
if ($mod == false) {
require SERVDIR . "/inc/main.php";
} elseif ($system_modules[$mod]) {
function user_addban($ip, $expire = false)
{
$ip = str_replace(array('|', '"'), '', $ip);
if (empty($ip)) {
return false;
}
$users_ban = load_database('users_ban', 'ipban.db');
if ($bandata = user_getban($ip, false)) {
if (preg_match('~^' . preg_sanitize($bandata[0]) . '\\|.*$~im', $users_ban, $c)) {
$bandata = explode('|', $c[0]);
$bandata[1]++;
$bandata[2] = $expire;
$users_ban = str_replace($c[0], implode('|', $bandata), $users_ban);
}
} else {
$users_ban = load_database('users_ban', 'ipban.db', true);
$users_ban .= "{$ip}|0|{$expire}|\n";
$bandata = array($ip, 0, $expire);
}
rewritefile('/cdata/ipban.db.php', $users_ban);
return $bandata;
}