Ejemplo n.º 1
0
 public function check_for_errors()
 {
     $user = array();
     $user['errors'] = '';
     $user = Container::get('hooks')->fire('model.register.check_for_errors_start', $user);
     // Check that someone from this IP didn't register a user within the last hour (DoS prevention)
     $already_registered = DB::for_table('users')->where('registration_ip', Utils::getIp())->where_gt('registered', time() - 3600);
     $already_registered = Container::get('hooks')->fireDB('model.register.check_for_errors_ip_query', $already_registered);
     $already_registered = $already_registered->find_one();
     if ($already_registered) {
         throw new Error(__('Registration flood'), 429);
     }
     $user['username'] = Utils::trim(Input::post('req_user'));
     $user['email1'] = strtolower(Utils::trim(Input::post('req_email1')));
     if (ForumSettings::get('o_regs_verify') == '1') {
         $email2 = strtolower(Utils::trim(Input::post('req_email2')));
         $user['password1'] = Random::pass(12);
         $password2 = $user['password1'];
     } else {
         $user['password1'] = Utils::trim(Input::post('req_password1'));
         $password2 = Utils::trim(Input::post('req_password2'));
     }
     // Validate username and passwords
     $profile = new \FeatherBB\Model\Profile();
     $user['errors'] = $profile->check_username($user['username'], $user['errors']);
     if (Utils::strlen($user['password1']) < 6) {
         $user['errors'][] = __('Pass too short');
     } elseif ($user['password1'] != $password2) {
         $user['errors'][] = __('Pass not match');
     }
     // Antispam feature
     $lang_antispam_questions = (require ForumEnv::get('FEATHER_ROOT') . 'featherbb/lang/' . User::get()->language . '/antispam.php');
     $question = Input::post('captcha_q') ? trim(Input::post('captcha_q')) : '';
     $answer = Input::post('captcha') ? strtoupper(trim(Input::post('captcha'))) : '';
     $lang_antispam_questions_array = array();
     foreach ($lang_antispam_questions as $k => $v) {
         $lang_antispam_questions_array[md5($k)] = strtoupper($v);
     }
     if (empty($lang_antispam_questions_array[$question]) || $lang_antispam_questions_array[$question] != $answer) {
         $user['errors'][] = __('Robot test fail');
     }
     // Validate email
     if (!Container::get('email')->is_valid_email($user['email1'])) {
         $user['errors'][] = __('Invalid email');
     } elseif (ForumSettings::get('o_regs_verify') == '1' && $user['email1'] != $email2) {
         $user['errors'][] = __('Email not match');
     }
     // Check if it's a banned email address
     if (Container::get('email')->is_banned_email($user['email1'])) {
         if (ForumSettings::get('p_allow_banned_email') == '0') {
             $user['errors'][] = __('Banned email');
         }
         $user['banned_email'] = 1;
         // Used later when we send an alert email
     }
     // Check if someone else already has registered with that email address
     $dupe_list = array();
     $dupe_mail = DB::for_table('users')->select('username')->where('email', $user['email1']);
     $dupe_mail = Container::get('hooks')->fireDB('model.register.check_for_errors_dupe', $dupe_mail);
     $dupe_mail = $dupe_mail->find_many();
     if ($dupe_mail) {
         if (ForumSettings::get('p_allow_dupe_email') == '0') {
             $user['errors'][] = __('Dupe email');
         }
         foreach ($dupe_mail as $cur_dupe) {
             $dupe_list[] = $cur_dupe['username'];
         }
     }
     // Make sure we got a valid language string
     if (Input::post('language')) {
         $user['language'] = preg_replace('%[\\.\\\\/]%', '', Input::post('language'));
         if (!file_exists(ForumEnv::get('FEATHER_ROOT') . 'featherbb/lang/' . $user['language'] . '/common.po')) {
             throw new Error(__('Bad request'), 500);
         }
     } else {
         $user['language'] = ForumSettings::get('o_default_lang');
     }
     $user = Container::get('hooks')->fire('model.register.check_for_errors', $user);
     return $user;
 }
Ejemplo n.º 2
0
 public function check_errors_before_post($fid, $tid, $qid, $pid, $page, $errors)
 {
     $lang_antispam_questions = (require ForumEnv::get('FEATHER_ROOT') . 'featherbb/lang/' . User::get()->language . '/antispam.php');
     $fid = Container::get('hooks')->fire('model.post.check_errors_before_post_start', $fid);
     // Antispam feature
     if (User::get()->is_guest) {
         // It's a guest, so we have to validate the username
         $profile = new \FeatherBB\Model\Profile();
         $errors = $profile->check_username(Utils::trim(Input::post('req_username')), $errors);
         $errors = Container::get('hooks')->fire('model.post.check_errors_before_post_antispam', $errors);
         $question = Input::post('captcha_q') ? trim(Input::post('captcha_q')) : '';
         $answer = Input::post('captcha') ? strtoupper(trim(Input::post('captcha'))) : '';
         $lang_antispam_questions_array = array();
         foreach ($lang_antispam_questions as $k => $v) {
             $lang_antispam_questions_array[md5($k)] = strtoupper($v);
         }
         if (empty($lang_antispam_questions_array[$question]) || $lang_antispam_questions_array[$question] != $answer) {
             $errors[] = __('Robot test fail');
         }
     }
     // Flood protection
     if (Input::post('preview') != '' && User::get()->last_post != '' && time() - User::get()->last_post < Container::get('prefs')->get(User::get(), 'post.min_interval')) {
         $errors[] = sprintf(__('Flood start'), Container::get('prefs')->get(User::get(), 'post.min_interval'), Container::get('prefs')->get(User::get(), 'post.min_interval') - (time() - User::get()->last_post));
     }
     // If it's a new topic
     if ($fid) {
         $subject = Utils::trim(Input::post('req_subject'));
         $subject = Container::get('hooks')->fire('model.post.check_errors_before_new_topic_subject', $subject);
         if (ForumSettings::get('o_censoring') == '1') {
             $censored_subject = Utils::trim(Utils::censor($subject));
             $censored_subject = Container::get('hooks')->fire('model.post.check_errors_before_censored', $censored_subject);
         }
         if ($subject == '') {
             $errors[] = __('No subject');
         } elseif (ForumSettings::get('o_censoring') == '1' && $censored_subject == '') {
             $errors[] = __('No subject after censoring');
         } elseif (Utils::strlen($subject) > 70) {
             $errors[] = __('Too long subject');
         } elseif (ForumSettings::get('p_subject_all_caps') == '0' && Utils::is_all_uppercase($subject) && !User::get()->is_admmod) {
             $errors[] = __('All caps subject');
         }
         $errors = Container::get('hooks')->fire('model.post.check_errors_before_new_topic_errors', $errors);
     }
     if (User::get()->is_guest) {
         $email = strtolower(Utils::trim(ForumSettings::get('p_force_guest_email') == '1' ? Input::post('req_email') : Input::post('email')));
         if (ForumSettings::get('p_force_guest_email') == '1' || $email != '') {
             $errors = Container::get('hooks')->fire('model.post.check_errors_before_post_email', $errors, $email);
             if (!Container::get('email')->is_valid_email($email)) {
                 $errors[] = __('Invalid email');
             }
             // Check if it's a banned email address
             // we should only check guests because members' addresses are already verified
             if (User::get()->is_guest && Container::get('email')->is_banned_email($email)) {
                 if (ForumSettings::get('p_allow_banned_email') == '0') {
                     $errors[] = __('Banned email');
                 }
                 $errors['banned_email'] = 1;
                 // Used later when we send an alert email
             }
         }
     }
     // Clean up message from POST
     $message = Utils::linebreaks(Utils::trim(Input::post('req_message')));
     $message = Container::get('hooks')->fire('model.post.check_errors_before_post_message', $message);
     // Here we use strlen() not Utils::strlen() as we want to limit the post to FEATHER_MAX_POSTSIZE bytes, not characters
     if (strlen($message) > ForumEnv::get('FEATHER_MAX_POSTSIZE')) {
         $errors[] = sprintf(__('Too long message'), Utils::forum_number_format(ForumEnv::get('FEATHER_MAX_POSTSIZE')));
     } elseif (ForumSettings::get('p_message_all_caps') == '0' && Utils::is_all_uppercase($message) && !User::get()->is_admmod) {
         $errors[] = __('All caps message');
     }
     // Validate BBCode syntax
     if (ForumSettings::get('p_message_bbcode') == '1') {
         $message = Container::get('parser')->preparse_bbcode($message, $errors);
         $message = Container::get('hooks')->fire('model.post.check_errors_before_post_bbcode', $message);
     }
     if (empty($errors)) {
         $errors = Container::get('hooks')->fire('model.post.check_errors_before_post_no_error', $errors);
         if ($message == '') {
             $errors[] = __('No message');
         } elseif (ForumSettings::get('o_censoring') == '1') {
             // Censor message to see if that causes problems
             $censored_message = Utils::trim(Utils::censor($message));
             if ($censored_message == '') {
                 $errors[] = __('No message after censoring');
             }
         }
     }
     $errors = Container::get('hooks')->fire('model.post.check_errors_before_post', $errors);
     return $errors;
 }