function check_post_rules($ressource = '', $returnVal = false)
{
global $tpl;
if (isset($ressource) && is_array($ressource) && !empty($ressource)) {
//Check if submitter is using an user-agent
if ($ALLOW_EMPTY_USERAGENT != 1) {
//Determine user-agent
$userAgent = isset($_SERVER['HTTP_USER_AGENT']) && !empty($_SERVER['HTTP_USER_AGENT']) ? filter_white_space($_SERVER['HTTP_USER_AGENT']) : '';
if (empty($userAgent)) {
//No user-agent available,
//further access blocked
unset($_POST, $_GET, $_REQUEST);
//Provide a reason why access was unautorised
$reason = _L('You have no or an invalid useragent') . '!';
if ($returnVal) {
return gotoUnauthorized($reason, TEMPLATE_DIR . '/unauthorized.tpl', true);
} else {
gotoUnauthorized($reason, TEMPLATE_DIR . '/unauthorized.tpl', false);
exit;
}
}
}
//Check if submission is comming from
//the current server or somewhere else
if ($ALLOW_FOREIGN_REFERER != 1) {
//Determine server hostname
$serverHostTemp = isset($_SERVER['SERVER_NAME']) && !empty($_SERVER['SERVER_NAME']) ? trim($_SERVER['SERVER_NAME']) : (isset($_SERVER['HTTP_HOST']) && !empty($_SERVER['HTTP_HOST']) ? trim($_SERVER['HTTP_HOST']) : '');
//Get only domain
//(usually not needed but server configs are not always correct)
$serverHost = trim(parseDomain($serverHostTemp));
if (empty($serverHost)) {
//Could not determine server hostname,
//usually if it's an IP address
$serverPath = parseURL($serverHostTemp);
$serverHost = !empty($serverPath['path']) ? $serverPath['path'] : $serverHostTemp;
unset($serverPath);
}
//Determine page where post came from
$refererHostTemp = isset($_SERVER['HTTP_REFERER']) && !empty($_SERVER['HTTP_REFERER']) ? trim($_SERVER['HTTP_REFERER']) : '';
$refererHost = parseDomain($refererHostTemp);
$pattern = array('`^http[s]?:`', '`^ftp:`', '`^mailto:`', '`^www\\.`', '`^\\.`', '`\\.$`', '`[^\\w\\d-\\.]`');
$serverHost = preg_replace($pattern, '', $serverHost);
$refererHost = preg_replace($pattern, '', $refererHost);
//Check if hostnames are identical
if (!empty($serverHost) && !empty($refererHost) && $serverHost != $refererHost) {
//Hostnames do not match,
//Submission is not allowed!
//Provide a reason why access was unautorised
$reason = _L('You are now allowed to submit using foreign pages or scripts') . '!';
if ($returnVal) {
return gotoUnauthorized($reason, TEMPLATE_DIR . '/unauthorized.tpl', true);
} else {
gotoUnauthorized($reason, TEMPLATE_DIR . '/unauthorized.tpl', false);
exit;
}
}
unset($serverHost, $serverHostTemp, $refererHost, $refererHostTemp);
}
}
unset($ressource, $returnVal);
return false;
}
/**
* Check if URL is unique
* @author Constantin Bejenaru / Boby <*****@*****.**> (http://www.frozenminds.com)
*/
function checkUrlUnique($table, $field, $value, $exclude_id = NULL, $parent_field = NULL, $parent_value = NULL, $exclude_from_field = NULL, $exclude_value = NULL)
{
global $tables, $db;
//Use only domain
$value = parseDomain($value);
if (empty($value)) {
return 0;
}
$sql = "SELECT `URL` FROM `" . $tables[$table]['name'] . "` WHERE `" . $field . "` LIKE " . $db->qstr('%' . $value . '%');
if (strlen($exclude_id) > 0) {
$sql .= " AND `ID` != " . $db->qstr($exclude_id);
}
if (!empty($parent_field)) {
$sql .= " AND `" . $parent_field . "` = " . $db->qstr($parent_value);
}
if (!empty($exclude_from_field) && !empty($exclude_value)) {
$sql .= " AND `" . $exclude_from_field . "` != " . $db->qstr($exclude_value);
}
//Retrieve simmilar URLs from DB
$simmilarURLs = $db->GetCol($sql);
if (!is_array($simmilarURLs) || empty($simmilarURLs)) {
//No simmilar URLs found
return 1;
} else {
//Loop through each simmilar URL and compare
foreach ($simmilarURLs as $key => $dbURL) {
//Get only domain
$dbURL = parseDomain($dbURL);
//Check if domains match
if (preg_match('#^' . $value . '$#i', $dbURL)) {
//Domains matched
return 0;
}
//Free some memory
unset($simmilarURLs[$key], $dbURL);
}
}
return 1;
}
