function check_post_rules($ressource = '', $returnVal = false) { global $tpl; if (isset($ressource) && is_array($ressource) && !empty($ressource)) { //Check if submitter is using an user-agent if ($ALLOW_EMPTY_USERAGENT != 1) { //Determine user-agent $userAgent = isset($_SERVER['HTTP_USER_AGENT']) && !empty($_SERVER['HTTP_USER_AGENT']) ? filter_white_space($_SERVER['HTTP_USER_AGENT']) : ''; if (empty($userAgent)) { //No user-agent available, //further access blocked unset($_POST, $_GET, $_REQUEST); //Provide a reason why access was unautorised $reason = _L('You have no or an invalid useragent') . '!'; if ($returnVal) { return gotoUnauthorized($reason, TEMPLATE_DIR . '/unauthorized.tpl', true); } else { gotoUnauthorized($reason, TEMPLATE_DIR . '/unauthorized.tpl', false); exit; } } } //Check if submission is comming from //the current server or somewhere else if ($ALLOW_FOREIGN_REFERER != 1) { //Determine server hostname $serverHostTemp = isset($_SERVER['SERVER_NAME']) && !empty($_SERVER['SERVER_NAME']) ? trim($_SERVER['SERVER_NAME']) : (isset($_SERVER['HTTP_HOST']) && !empty($_SERVER['HTTP_HOST']) ? trim($_SERVER['HTTP_HOST']) : ''); //Get only domain //(usually not needed but server configs are not always correct) $serverHost = trim(parseDomain($serverHostTemp)); if (empty($serverHost)) { //Could not determine server hostname, //usually if it's an IP address $serverPath = parseURL($serverHostTemp); $serverHost = !empty($serverPath['path']) ? $serverPath['path'] : $serverHostTemp; unset($serverPath); } //Determine page where post came from $refererHostTemp = isset($_SERVER['HTTP_REFERER']) && !empty($_SERVER['HTTP_REFERER']) ? trim($_SERVER['HTTP_REFERER']) : ''; $refererHost = parseDomain($refererHostTemp); $pattern = array('`^http[s]?:`', '`^ftp:`', '`^mailto:`', '`^www\\.`', '`^\\.`', '`\\.$`', '`[^\\w\\d-\\.]`'); $serverHost = preg_replace($pattern, '', $serverHost); $refererHost = preg_replace($pattern, '', $refererHost); //Check if hostnames are identical if (!empty($serverHost) && !empty($refererHost) && $serverHost != $refererHost) { //Hostnames do not match, //Submission is not allowed! //Provide a reason why access was unautorised $reason = _L('You are now allowed to submit using foreign pages or scripts') . '!'; if ($returnVal) { return gotoUnauthorized($reason, TEMPLATE_DIR . '/unauthorized.tpl', true); } else { gotoUnauthorized($reason, TEMPLATE_DIR . '/unauthorized.tpl', false); exit; } } unset($serverHost, $serverHostTemp, $refererHost, $refererHostTemp); } } unset($ressource, $returnVal); return false; }
/** * Check if URL is unique * @author Constantin Bejenaru / Boby <*****@*****.**> (http://www.frozenminds.com) */ function checkUrlUnique($table, $field, $value, $exclude_id = NULL, $parent_field = NULL, $parent_value = NULL, $exclude_from_field = NULL, $exclude_value = NULL) { global $tables, $db; //Use only domain $value = parseDomain($value); if (empty($value)) { return 0; } $sql = "SELECT `URL` FROM `" . $tables[$table]['name'] . "` WHERE `" . $field . "` LIKE " . $db->qstr('%' . $value . '%'); if (strlen($exclude_id) > 0) { $sql .= " AND `ID` != " . $db->qstr($exclude_id); } if (!empty($parent_field)) { $sql .= " AND `" . $parent_field . "` = " . $db->qstr($parent_value); } if (!empty($exclude_from_field) && !empty($exclude_value)) { $sql .= " AND `" . $exclude_from_field . "` != " . $db->qstr($exclude_value); } //Retrieve simmilar URLs from DB $simmilarURLs = $db->GetCol($sql); if (!is_array($simmilarURLs) || empty($simmilarURLs)) { //No simmilar URLs found return 1; } else { //Loop through each simmilar URL and compare foreach ($simmilarURLs as $key => $dbURL) { //Get only domain $dbURL = parseDomain($dbURL); //Check if domains match if (preg_match('#^' . $value . '$#i', $dbURL)) { //Domains matched return 0; } //Free some memory unset($simmilarURLs[$key], $dbURL); } } return 1; }