public function check_errors_before_post($fid, $tid, $qid, $pid, $page, $errors)
{
$lang_antispam_questions = (require ForumEnv::get('FEATHER_ROOT') . 'featherbb/lang/' . User::get()->language . '/antispam.php');
$fid = Container::get('hooks')->fire('model.post.check_errors_before_post_start', $fid);
// Antispam feature
if (User::get()->is_guest) {
// It's a guest, so we have to validate the username
$profile = new \FeatherBB\Model\Profile();
$errors = $profile->check_username(Utils::trim(Input::post('req_username')), $errors);
$errors = Container::get('hooks')->fire('model.post.check_errors_before_post_antispam', $errors);
$question = Input::post('captcha_q') ? trim(Input::post('captcha_q')) : '';
$answer = Input::post('captcha') ? strtoupper(trim(Input::post('captcha'))) : '';
$lang_antispam_questions_array = array();
foreach ($lang_antispam_questions as $k => $v) {
$lang_antispam_questions_array[md5($k)] = strtoupper($v);
}
if (empty($lang_antispam_questions_array[$question]) || $lang_antispam_questions_array[$question] != $answer) {
$errors[] = __('Robot test fail');
}
}
// Flood protection
if (Input::post('preview') != '' && User::get()->last_post != '' && time() - User::get()->last_post < Container::get('prefs')->get(User::get(), 'post.min_interval')) {
$errors[] = sprintf(__('Flood start'), Container::get('prefs')->get(User::get(), 'post.min_interval'), Container::get('prefs')->get(User::get(), 'post.min_interval') - (time() - User::get()->last_post));
}
// If it's a new topic
if ($fid) {
$subject = Utils::trim(Input::post('req_subject'));
$subject = Container::get('hooks')->fire('model.post.check_errors_before_new_topic_subject', $subject);
if (ForumSettings::get('o_censoring') == '1') {
$censored_subject = Utils::trim(Utils::censor($subject));
$censored_subject = Container::get('hooks')->fire('model.post.check_errors_before_censored', $censored_subject);
}
if ($subject == '') {
$errors[] = __('No subject');
} elseif (ForumSettings::get('o_censoring') == '1' && $censored_subject == '') {
$errors[] = __('No subject after censoring');
} elseif (Utils::strlen($subject) > 70) {
$errors[] = __('Too long subject');
} elseif (ForumSettings::get('p_subject_all_caps') == '0' && Utils::is_all_uppercase($subject) && !User::get()->is_admmod) {
$errors[] = __('All caps subject');
}
$errors = Container::get('hooks')->fire('model.post.check_errors_before_new_topic_errors', $errors);
}
if (User::get()->is_guest) {
$email = strtolower(Utils::trim(ForumSettings::get('p_force_guest_email') == '1' ? Input::post('req_email') : Input::post('email')));
if (ForumSettings::get('p_force_guest_email') == '1' || $email != '') {
$errors = Container::get('hooks')->fire('model.post.check_errors_before_post_email', $errors, $email);
if (!Container::get('email')->is_valid_email($email)) {
$errors[] = __('Invalid email');
}
// Check if it's a banned email address
// we should only check guests because members' addresses are already verified
if (User::get()->is_guest && Container::get('email')->is_banned_email($email)) {
if (ForumSettings::get('p_allow_banned_email') == '0') {
$errors[] = __('Banned email');
}
$errors['banned_email'] = 1;
// Used later when we send an alert email
}
}
}
// Clean up message from POST
$message = Utils::linebreaks(Utils::trim(Input::post('req_message')));
$message = Container::get('hooks')->fire('model.post.check_errors_before_post_message', $message);
// Here we use strlen() not Utils::strlen() as we want to limit the post to FEATHER_MAX_POSTSIZE bytes, not characters
if (strlen($message) > ForumEnv::get('FEATHER_MAX_POSTSIZE')) {
$errors[] = sprintf(__('Too long message'), Utils::forum_number_format(ForumEnv::get('FEATHER_MAX_POSTSIZE')));
} elseif (ForumSettings::get('p_message_all_caps') == '0' && Utils::is_all_uppercase($message) && !User::get()->is_admmod) {
$errors[] = __('All caps message');
}
// Validate BBCode syntax
if (ForumSettings::get('p_message_bbcode') == '1') {
$message = Container::get('parser')->preparse_bbcode($message, $errors);
$message = Container::get('hooks')->fire('model.post.check_errors_before_post_bbcode', $message);
}
if (empty($errors)) {
$errors = Container::get('hooks')->fire('model.post.check_errors_before_post_no_error', $errors);
if ($message == '') {
$errors[] = __('No message');
} elseif (ForumSettings::get('o_censoring') == '1') {
// Censor message to see if that causes problems
$censored_message = Utils::trim(Utils::censor($message));
if ($censored_message == '') {
$errors[] = __('No message after censoring');
}
}
}
$errors = Container::get('hooks')->fire('model.post.check_errors_before_post', $errors);
return $errors;
}
public function check_for_errors()
{
$user = array();
$user['errors'] = '';
$user = Container::get('hooks')->fire('model.register.check_for_errors_start', $user);
// Check that someone from this IP didn't register a user within the last hour (DoS prevention)
$already_registered = DB::for_table('users')->where('registration_ip', Utils::getIp())->where_gt('registered', time() - 3600);
$already_registered = Container::get('hooks')->fireDB('model.register.check_for_errors_ip_query', $already_registered);
$already_registered = $already_registered->find_one();
if ($already_registered) {
throw new Error(__('Registration flood'), 429);
}
$user['username'] = Utils::trim(Input::post('req_user'));
$user['email1'] = strtolower(Utils::trim(Input::post('req_email1')));
if (ForumSettings::get('o_regs_verify') == '1') {
$email2 = strtolower(Utils::trim(Input::post('req_email2')));
$user['password1'] = Random::pass(12);
$password2 = $user['password1'];
} else {
$user['password1'] = Utils::trim(Input::post('req_password1'));
$password2 = Utils::trim(Input::post('req_password2'));
}
// Validate username and passwords
$profile = new \FeatherBB\Model\Profile();
$user['errors'] = $profile->check_username($user['username'], $user['errors']);
if (Utils::strlen($user['password1']) < 6) {
$user['errors'][] = __('Pass too short');
} elseif ($user['password1'] != $password2) {
$user['errors'][] = __('Pass not match');
}
// Antispam feature
$lang_antispam_questions = (require ForumEnv::get('FEATHER_ROOT') . 'featherbb/lang/' . User::get()->language . '/antispam.php');
$question = Input::post('captcha_q') ? trim(Input::post('captcha_q')) : '';
$answer = Input::post('captcha') ? strtoupper(trim(Input::post('captcha'))) : '';
$lang_antispam_questions_array = array();
foreach ($lang_antispam_questions as $k => $v) {
$lang_antispam_questions_array[md5($k)] = strtoupper($v);
}
if (empty($lang_antispam_questions_array[$question]) || $lang_antispam_questions_array[$question] != $answer) {
$user['errors'][] = __('Robot test fail');
}
// Validate email
if (!Container::get('email')->is_valid_email($user['email1'])) {
$user['errors'][] = __('Invalid email');
} elseif (ForumSettings::get('o_regs_verify') == '1' && $user['email1'] != $email2) {
$user['errors'][] = __('Email not match');
}
// Check if it's a banned email address
if (Container::get('email')->is_banned_email($user['email1'])) {
if (ForumSettings::get('p_allow_banned_email') == '0') {
$user['errors'][] = __('Banned email');
}
$user['banned_email'] = 1;
// Used later when we send an alert email
}
// Check if someone else already has registered with that email address
$dupe_list = array();
$dupe_mail = DB::for_table('users')->select('username')->where('email', $user['email1']);
$dupe_mail = Container::get('hooks')->fireDB('model.register.check_for_errors_dupe', $dupe_mail);
$dupe_mail = $dupe_mail->find_many();
if ($dupe_mail) {
if (ForumSettings::get('p_allow_dupe_email') == '0') {
$user['errors'][] = __('Dupe email');
}
foreach ($dupe_mail as $cur_dupe) {
$dupe_list[] = $cur_dupe['username'];
}
}
// Make sure we got a valid language string
if (Input::post('language')) {
$user['language'] = preg_replace('%[\\.\\\\/]%', '', Input::post('language'));
if (!file_exists(ForumEnv::get('FEATHER_ROOT') . 'featherbb/lang/' . $user['language'] . '/common.po')) {
throw new Error(__('Bad request'), 500);
}
} else {
$user['language'] = ForumSettings::get('o_default_lang');
}
$user = Container::get('hooks')->fire('model.register.check_for_errors', $user);
return $user;
}
public function delete_users()
{
if (Input::post('users')) {
$user_ids = is_array(Input::post('users')) ? array_keys(Input::post('users')) : explode(',', Input::post('users'));
$user_ids = array_map('intval', $user_ids);
// Delete invalid IDs
$user_ids = array_diff($user_ids, array(0, 1));
} else {
$user_ids = array();
}
$user_ids = Container::get('hooks')->fire('model.admin.model.users.delete_users.user_ids', $user_ids);
if (empty($user_ids)) {
throw new Error(__('No users selected'), 404);
}
// Are we trying to delete any admins?
$is_admin = DB::for_table('users')->where_in('id', $user_ids)->where('group_id', ForumEnv::get('FEATHER_ADMIN'))->find_one();
if ($is_admin) {
throw new Error(__('No delete admins message'), 403);
}
if (Input::post('delete_users_comply')) {
// Fetch user groups
$user_groups = array();
$result['select'] = array('id', 'group_id');
$result = DB::for_table('users')->select_many($result['select'])->where_in('id', $user_ids);
$result = Container::get('hooks')->fireDB('model.admin.model.admin.users.delete_users.user_groups_query', $result);
$result = $result->find_many();
foreach ($result as $cur_user) {
if (!isset($user_groups[$cur_user['group_id']])) {
$user_groups[$cur_user['group_id']] = array();
}
$user_groups[$cur_user['group_id']][] = $cur_user['id'];
}
// Are any users moderators?
$group_ids = array_keys($user_groups);
$select_fetch_user_mods = array('g_id', 'g_moderator');
$result = DB::for_table('groups')->select_many($select_fetch_user_mods)->where_in('g_id', $group_ids)->find_many();
foreach ($result as $cur_group) {
if ($cur_group['g_moderator'] == '0') {
unset($user_groups[$cur_group['g_id']]);
}
}
$user_groups = Container::get('hooks')->fire('model.admin.model.users.delete_users.user_groups', $user_groups);
// Fetch forum list and clean up their moderator list
$select_mods = array('id', 'moderators');
$result = DB::for_table('forums')->select_many($select_mods)->find_many();
foreach ($result as $cur_forum) {
$cur_moderators = $cur_forum['moderators'] != '' ? unserialize($cur_forum['moderators']) : array();
foreach ($user_groups as $group_users) {
$cur_moderators = array_diff($cur_moderators, $group_users);
}
if (!empty($cur_moderators)) {
DB::for_table('forums')->where('id', $cur_forum['id'])->find_one()->set('moderators', serialize($cur_moderators))->save();
} else {
DB::for_table('forums')->where('id', $cur_forum['id'])->find_one()->set_expr('moderators', 'NULL')->save();
}
}
// Delete any subscriptions
DB::for_table('topic_subscriptions')->where_in('user_id', $user_ids)->delete_many();
DB::for_table('forum_subscriptions')->where_in('user_id', $user_ids)->delete_many();
// Remove them from the online list (if they happen to be logged in)
DB::for_table('online')->where_in('user_id', $user_ids)->delete_many();
// Should we delete all posts made by these users?
if (Input::post('delete_posts')) {
@set_time_limit(0);
// Find all posts made by this user
$select_user_posts = array('p.id', 'p.topic_id', 't.forum_id');
$result = DB::for_table('posts')->table_alias('p')->select_many($select_user_posts)->inner_join('topics', array('t.id', '=', 'p.topic_id'), 't')->inner_join('forums', array('f.id', '=', 't.forum_id'), 'f')->where('p.poster_id', $user_ids);
$result = Container::get('hooks')->fireDB('model.admin.model.admin.users.delete_users.user_posts_query', $result);
$result = $result->find_many();
if ($result) {
foreach ($result as $cur_post) {
// Determine whether this post is the "topic post" or not
$result2 = DB::for_table('posts')->where('topic_id', $cur_post['topic_id'])->order_by('posted')->find_one_col('id');
if ($result2 == $cur_post['id']) {
\FeatherBB\Model\Topic::delete($cur_post['topic_id']);
} else {
\FeatherBB\Model\Post::delete($cur_post['id'], $cur_post['topic_id']);
}
\FeatherBB\Model\Forum::update($cur_post['forum_id']);
}
}
} else {
// Set all their posts to guest
DB::for_table('posts')->where_in('poster_id', $user_ids)->update_many('poster_id', '1');
}
// Delete the users
DB::for_table('users')->where_in('id', $user_ids)->delete_many();
// Delete user avatars
$userProfile = new \FeatherBB\Model\Profile();
foreach ($user_ids as $user_id) {
$userProfile->delete_avatar($user_id);
}
// Regenerate the users info cache
if (!Container::get('cache')->isCached('users_info')) {
Container::get('cache')->store('users_info', Cache::get_users_info());
}
$stats = Container::get('cache')->retrieve('users_info');
return Router::redirect(Router::pathFor('adminUsers'), __('Users delete redirect'));
}
return $user_ids;
}
