public function check_errors_before_edit($can_edit_subject, $errors)
{
$errors = $this->hook->fire('check_errors_before_edit_start', $errors);
// If it's a topic it must contain a subject
if ($can_edit_subject) {
$subject = Utils::trim($this->request->post('req_subject'));
if ($this->config['o_censoring'] == '1') {
$censored_subject = Utils::trim(Utils::censor($subject));
}
if ($subject == '') {
$errors[] = __('No subject');
} elseif ($this->config['o_censoring'] == '1' && $censored_subject == '') {
$errors[] = __('No subject after censoring');
} elseif (Utils::strlen($subject) > 70) {
$errors[] = __('Too long subject');
} elseif ($this->config['p_subject_all_caps'] == '0' && Utils::is_all_uppercase($subject) && !$this->user->is_admmod) {
$errors[] = __('All caps subject');
}
}
// Clean up message from POST
$message = Utils::linebreaks(Utils::trim($this->request->post('req_message')));
// Here we use strlen() not Utils::strlen() as we want to limit the post to FEATHER_MAX_POSTSIZE bytes, not characters
if (strlen($message) > $this->feather->forum_env['FEATHER_MAX_POSTSIZE']) {
$errors[] = sprintf(__('Too long message'), Utils::forum_number_format($this->feather->forum_env['FEATHER_MAX_POSTSIZE']));
} elseif ($this->config['p_message_all_caps'] == '0' && Utils::is_all_uppercase($message) && !$this->user->is_admmod) {
$errors[] = __('All caps message');
}
// Validate BBCode syntax
if ($this->config['p_message_bbcode'] == '1') {
$message = $this->feather->parser->preparse_bbcode($message, $errors);
}
if (empty($errors)) {
if ($message == '') {
$errors[] = __('No message');
} elseif ($this->config['o_censoring'] == '1') {
// Censor message to see if that causes problems
$censored_message = Utils::trim(Utils::censor($message));
if ($censored_message == '') {
$errors[] = __('No message after censoring');
}
}
}
$errors = $this->hook->fire('check_errors_before_edit', $errors);
return $errors;
}
public function send($uid = null, $conv_id = null)
{
if ($this->feather->request->isPost()) {
// First raw validation
$data = array_merge(array('username' => null, 'subject' => null, 'message' => null, 'smilies' => 0, 'preview' => null), $this->feather->request->post());
$data = array_map(array('FeatherBB\\Core\\Utils', 'trim'), $data);
$conv = false;
if (!is_null($conv_id)) {
if ($conv_id < 1) {
throw new Error('Wrong conversation ID', 400);
}
if (!($conv = $this->model->getConversation($conv_id, $this->feather->user->id))) {
throw new Error('Unknown conversation ID', 400);
}
}
// Preview message
if ($this->feather->request->post('preview')) {
// Make breadcrumbs
$this->crumbs[] = __('Reply', 'private_messages');
$this->crumbs[] = __('Preview');
Utils::generateBreadcrumbs($this->crumbs);
$this->feather->hooks->fire('conversationsPlugin.send.preview');
$msg = $this->feather->parser->parse_message($data['req_message'], $data['smilies']);
$this->feather->template->setPageInfo(array('parsed_message' => $msg, 'username' => Utils::escape($data['username']), 'subject' => Utils::escape($data['subject']), 'message' => Utils::escape($data['req_message'])))->addTemplate('send.php')->display();
} else {
// Prevent flood
if (!is_null($data['preview']) && $this->feather->user['last_post'] != '' && $this->feather->now - $this->feather->user['last_post'] < $this->feather->user['g_post_flood']) {
throw new Error(sprintf($lang_post['Flood start'], $this->feather->user['g_post_flood'], $this->feather->user['g_post_flood'] - ($this->feather->now - $this->feather->user['last_post'])), 429);
}
if (!$conv) {
// Validate username / TODO : allow multiple usernames
if (!($user = $this->model->isAllowed($data['username']))) {
throw new Error('You can\'t send an PM to ' . ($data['username'] ? $data['username'] : '******'), 400);
}
// Avoid self messages
if ($user->id == $this->feather->user->id) {
throw new Error('No self message', 403);
}
// Validate subject
if ($this->feather->forum_settings['o_censoring'] == '1') {
$data['subject'] = Utils::trim(Utils::censor($data['subject']));
}
if (empty($data['subject'])) {
throw new Error('No subject or censored subject', 400);
} else {
if (Utils::strlen($data['subject']) > 70) {
throw new Error('Too long subject', 400);
} else {
if ($this->feather->forum_settings['p_subject_all_caps'] == '0' && Utils::is_all_uppercase($data['subject']) && !$this->feather->user->is_admmod) {
throw new Error('All caps subject forbidden', 400);
}
}
}
}
// TODO : inbox full
// Validate message
if ($this->feather->forum_settings['o_censoring'] == '1') {
$data['req_message'] = Utils::trim(Utils::censor($data['req_message']));
}
if (empty($data['req_message'])) {
throw new Error('No message or censored message', 400);
} else {
if (Utils::strlen($data['req_message']) > $this->feather->forum_env['FEATHER_MAX_POSTSIZE']) {
throw new Error('Too long message', 400);
} else {
if ($this->feather->forum_settings['p_subject_all_caps'] == '0' && Utils::is_all_uppercase($data['subject']) && !$this->feather->user->is_admmod) {
throw new Error('All caps message forbidden', 400);
}
}
}
// Send ... TODO : when perms will be ready
// Check if the receiver has the PM enabled
// Check if he has reached his max limit of PM
// Block feature ?
if (!$conv) {
$conv_data = array('subject' => $data['subject'], 'poster' => $this->feather->user->username, 'poster_id' => $this->feather->user->id, 'num_replies' => 0, 'last_post' => $this->feather->now, 'last_poster' => $this->feather->user->username);
$conv_id = $this->model->addConversation($conv_data);
}
if ($conv_id) {
$msg_data = array('poster' => $this->feather->user->username, 'poster_id' => $this->feather->user->id, 'poster_ip' => $this->feather->request->getIp(), 'message' => $data['req_message'], 'hide_smilies' => $data['smilies'], 'sent' => $this->feather->now);
if ($conv) {
// Reply to an existing conversation
if ($msg_id = $this->model->addMessage($msg_data, $conv_id)) {
Url::redirect($this->feather->urlFor('Conversations.home'), sprintf(__('Reply success', 'private_messages'), $conv->subject));
}
} else {
// Add message in conversation + add receiver (create new conversation)
if ($msg_id = $this->model->addMessage($msg_data, $conv_id, array($user->id, $this->feather->user->id))) {
Url::redirect($this->feather->urlFor('Conversations.home'), sprintf(__('Send success', 'private_messages'), $user->username));
}
}
} else {
throw new Error('Unable to create conversation');
}
}
} else {
$this->feather->hooks->fire('conversationsPlugin.send.display');
// New conversation
if (!is_null($uid)) {
if ($uid < 2) {
throw new Error('Wrong user ID', 400);
}
if ($user = $this->model->getUserByID($uid)) {
$this->feather->template->setPageInfo(array('username' => Utils::escape($user->username)));
} else {
throw new Error('Unable to find user', 400);
}
}
// Reply
if (!is_null($conv_id)) {
if ($conv_id < 1) {
throw new Error('Wrong conversation ID', 400);
}
if ($conv = $this->model->getConversation($conv_id, $this->feather->user->id)) {
$inbox = DB::for_table('pms_folders')->find_one($conv->folder_id);
$this->crumbs[$this->feather->urlFor('Conversations.home', ['inbox_id' => $inbox['id']])] = $inbox['name'];
$this->crumbs[] = __('Reply', 'private_messages');
$this->crumbs[] = $conv['subject'];
Utils::generateBreadcrumbs($this->crumbs);
return $this->feather->template->setPageInfo(array('current_inbox' => $inbox, 'conv' => $conv, 'msg_data' => $this->model->getMessagesFromConversation($conv_id, $this->feather->user->id, 5)))->addTemplate('reply.php')->display();
} else {
throw new Error('Unknown conversation ID', 400);
}
}
$this->crumbs[] = __('Send', 'private_messages');
if (isset($user)) {
$this->crumbs[] = $user->username;
}
Utils::generateBreadcrumbs($this->crumbs);
$this->feather->template->addTemplate('send.php')->display();
}
}
public function update_profile($id, $info, $section)
{
$info = Container::get('hooks')->fire('model.profile.update_profile_start', $info, $id, $section);
$username_updated = false;
$section = Container::get('hooks')->fire('model.profile.update_profile_section', $section, $id, $info);
// Validate input depending on section
switch ($section) {
case 'essentials':
$form = array('timezone' => floatval(Input::post('form_timezone')), 'dst' => Input::post('form_dst') ? '1' : '0', 'time_format' => intval(Input::post('form_time_format')), 'date_format' => intval(Input::post('form_date_format')));
// Make sure we got a valid language string
if (Input::post('form_language')) {
$languages = \FeatherBB\Core\Lister::getLangs();
$form['language'] = Utils::trim(Input::post('form_language'));
if (!in_array($form['language'], $languages)) {
throw new Error(__('Bad request'), 404);
}
}
if (User::get()->is_admmod) {
$form['admin_note'] = Utils::trim(Input::post('admin_note'));
// Are we allowed to change usernames?
if (User::get()->g_id == ForumEnv::get('FEATHER_ADMIN') || User::get()->g_moderator == '1' && User::get()->g_mod_rename_users == '1') {
$form['username'] = Utils::trim(Input::post('req_username'));
if ($form['username'] != $info['old_username']) {
$errors = '';
$errors = $this->check_username($form['username'], $errors, $id);
if (!empty($errors)) {
throw new Error($errors[0]);
}
$username_updated = true;
}
}
// We only allow administrators to update the post count
if (User::get()->g_id == ForumEnv::get('FEATHER_ADMIN')) {
$form['num_posts'] = intval(Input::post('num_posts'));
}
}
if (ForumSettings::get('o_regs_verify') == '0' || User::get()->is_admmod) {
// Validate the email address
$form['email'] = strtolower(Utils::trim(Input::post('req_email')));
if (!Container::get('email')->is_valid_email($form['email'])) {
throw new Error(__('Invalid email'));
}
}
break;
case 'personal':
$form = array('realname' => Input::post('form_realname') ? Utils::trim(Input::post('form_realname')) : '', 'url' => Input::post('form_url') ? Utils::trim(Input::post('form_url')) : '', 'location' => Input::post('form_location') ? Utils::trim(Input::post('form_location')) : '');
// Add http:// if the URL doesn't contain it already (while allowing https://, too)
if (User::get()->g_post_links == '1') {
if ($form['url'] != '') {
$url = Url::is_valid($form['url']);
if ($url === false) {
throw new Error(__('Invalid website URL'));
}
$form['url'] = $url['url'];
}
} else {
if (!empty($form['url'])) {
throw new Error(__('Website not allowed'));
}
$form['url'] = '';
}
if (User::get()->g_id == ForumEnv::get('FEATHER_ADMIN')) {
$form['title'] = Utils::trim(Input::post('title'));
} elseif (User::get()->g_set_title == '1') {
$form['title'] = Utils::trim(Input::post('title'));
if ($form['title'] != '') {
// A list of words that the title may not contain
// If the language is English, there will be some duplicates, but it's not the end of the world
$forbidden = array('member', 'moderator', 'administrator', 'banned', 'guest', utf8_strtolower(__('Member')), utf8_strtolower(__('Moderator')), utf8_strtolower(__('Administrator')), utf8_strtolower(__('Banned')), utf8_strtolower(__('Guest')));
if (in_array(utf8_strtolower($form['title']), $forbidden)) {
throw new Error(__('Forbidden title'));
}
}
}
break;
case 'messaging':
$form = array('jabber' => Utils::trim(Input::post('form_jabber')), 'icq' => Utils::trim(Input::post('form_icq')), 'msn' => Utils::trim(Input::post('form_msn')), 'aim' => Utils::trim(Input::post('form_aim')), 'yahoo' => Utils::trim(Input::post('form_yahoo')));
// If the ICQ UIN contains anything other than digits it's invalid
if (preg_match('%[^0-9]%', $form['icq'])) {
throw new Error(__('Bad ICQ'));
}
break;
case 'personality':
$form = array();
// Clean up signature from POST
if (ForumSettings::get('o_signatures') == '1') {
$form['signature'] = Utils::linebreaks(Utils::trim(Input::post('signature')));
// Validate signature
if (Utils::strlen($form['signature']) > ForumSettings::get('p_sig_length')) {
throw new Error(sprintf(__('Sig too long'), ForumSettings::get('p_sig_length'), Utils::strlen($form['signature']) - ForumSettings::get('p_sig_length')));
} elseif (substr_count($form['signature'], "\n") > ForumSettings::get('p_sig_lines') - 1) {
throw new Error(sprintf(__('Sig too many lines'), ForumSettings::get('p_sig_lines')));
} elseif ($form['signature'] && ForumSettings::get('p_sig_all_caps') == '0' && Utils::is_all_uppercase($form['signature']) && !User::get()->is_admmod) {
$form['signature'] = utf8_ucwords(utf8_strtolower($form['signature']));
}
// Validate BBCode syntax
if (ForumSettings::get('p_sig_bbcode') == '1') {
$errors = array();
$form['signature'] = Container::get('parser')->preparse_bbcode($form['signature'], $errors, true);
if (count($errors) > 0) {
throw new Error('<ul><li>' . implode('</li><li>', $errors) . '</li></ul>');
}
}
}
break;
case 'display':
$form = array('disp_topics' => Utils::trim(Input::post('form_disp_topics')), 'disp_posts' => Utils::trim(Input::post('form_disp_posts')), 'show_smilies' => Input::post('form_show_smilies') ? '1' : '0', 'show_img' => Input::post('form_show_img') ? '1' : '0', 'show_img_sig' => Input::post('form_show_img_sig') ? '1' : '0', 'show_avatars' => Input::post('form_show_avatars') ? '1' : '0', 'show_sig' => Input::post('form_show_sig') ? '1' : '0');
if ($form['disp_topics'] != '') {
$form['disp_topics'] = intval($form['disp_topics']);
if ($form['disp_topics'] < 3) {
$form['disp_topics'] = 3;
} elseif ($form['disp_topics'] > 75) {
$form['disp_topics'] = 75;
}
}
if ($form['disp_posts'] != '') {
$form['disp_posts'] = intval($form['disp_posts']);
if ($form['disp_posts'] < 3) {
$form['disp_posts'] = 3;
} elseif ($form['disp_posts'] > 75) {
$form['disp_posts'] = 75;
}
}
// Make sure we got a valid style string
if (Input::post('form_style')) {
$styles = \FeatherBB\Core\Lister::getStyles();
$form['style'] = Utils::trim(Input::post('form_style'));
if (!in_array($form['style'], $styles)) {
throw new Error(__('Bad request'), 404);
}
}
break;
case 'privacy':
$form = array('email_setting' => intval(Input::post('form_email_setting')), 'notify_with_post' => Input::post('form_notify_with_post') ? '1' : '0', 'auto_notify' => Input::post('form_auto_notify') ? '1' : '0');
if ($form['email_setting'] < 0 || $form['email_setting'] > 2) {
$form['email_setting'] = ForumSettings::get('o_default_email_setting');
}
break;
default:
throw new Error(__('Bad request'), 404);
}
$form = Container::get('hooks')->fire('model.profile.update_profile_form', $form, $section, $id, $info);
// Single quotes around non-empty values and nothing for empty values
$temp = array();
foreach ($form as $key => $input) {
$temp[$key] = $input;
}
if (empty($temp)) {
throw new Error(__('Bad request'), 404);
}
$update_user = DB::for_table('users')->where('id', $id)->find_one()->set($temp);
$update_user = Container::get('hooks')->fireDB('model.profile.update_profile_query', $update_user);
$update_user = $update_user->save();
// If we changed the username we have to update some stuff
if ($username_updated) {
$bans_updated = DB::for_table('bans')->where('username', $info['old_username']);
$bans_updated = Container::get('hooks')->fireDB('model.profile.update_profile_bans_updated', $bans_updated);
$bans_updated = $bans_updated->update_many('username', $form['username']);
$update_poster_id = DB::for_table('posts')->where('poster_id', $id);
$update_poster_id = Container::get('hooks')->fireDB('model.profile.update_profile_poster_id', $update_poster_id);
$update_poster_id = $update_poster_id->update_many('poster', $form['username']);
$update_posts = DB::for_table('posts')->where('edited_by', $info['old_username']);
$update_posts = Container::get('hooks')->fireDB('model.profile.update_profile_posts', $update_posts);
$update_posts = $update_posts->update_many('edited_by', $form['username']);
$update_topics_poster = DB::for_table('topics')->where('poster', $info['old_username']);
$update_topics_poster = Container::get('hooks')->fireDB('model.profile.update_profile_topics_poster', $update_topics_poster);
$update_topics_poster = $update_topics_poster->update_many('poster', $form['username']);
$update_topics_last_poster = DB::for_table('topics')->where('last_poster', $info['old_username']);
$update_topics_last_poster = Container::get('hooks')->fireDB('model.profile.update_profile_topics_last_poster', $update_topics_last_poster);
$update_topics_last_poster = $update_topics_last_poster->update_many('last_poster', $form['username']);
$update_forums = DB::for_table('forums')->where('last_poster', $info['old_username']);
$update_forums = Container::get('hooks')->fireDB('model.profile.update_profile_forums', $update_forums);
$update_forums = $update_forums->update_many('last_poster', $form['username']);
$update_online = DB::for_table('online')->where('ident', $info['old_username']);
$update_online = Container::get('hooks')->fireDB('model.profile.update_profile_online', $update_online);
$update_online = $update_online->update_many('ident', $form['username']);
// If the user is a moderator or an administrator we have to update the moderator lists
$group_id = DB::for_table('users')->where('id', $id);
// TODO: restore hook
// $group_id = Container::get('hooks')->fireDB('model.profile.update_profile_group_id', $update_online);
$group_id = $group_id->find_one_col('group_id');
$group_mod = DB::for_table('groups')->where('g_id', $group_id);
$group_mod = Container::get('hooks')->fireDB('model.profile.update_profile_group_mod', $group_mod);
$group_mod = $group_mod->find_one_col('g_moderator');
if ($group_id == ForumEnv::get('FEATHER_ADMIN') || $group_mod == '1') {
// Loop through all forums
$result = $this->loop_mod_forums();
foreach ($result as $cur_forum) {
$cur_moderators = $cur_forum['moderators'] != '' ? unserialize($cur_forum['moderators']) : array();
if (in_array($id, $cur_moderators)) {
unset($cur_moderators[$info['old_username']]);
$cur_moderators[$form['username']] = $id;
uksort($cur_moderators, 'utf8_strcasecmp');
$update_mods = DB::for_table('forums')->where('id', $cur_forum['id'])->find_one()->set('moderators', serialize($cur_moderators));
$update_mods = Container::get('hooks')->fireDB('model.profile.update_profile_mods', $update_mods);
$update_mods = $update_mods->save();
}
}
}
// Regenerate the users info cache
if (!Container::get('cache')->isCached('users_info')) {
Container::get('cache')->store('users_info', Cache::get_users_info());
}
$stats = Container::get('cache')->retrieve('users_info');
// Check if the bans table was updated and regenerate the bans cache when needed
if ($bans_updated) {
Container::get('cache')->store('bans', Cache::get_bans());
}
}
$section = Container::get('hooks')->fireDB('model.profile.update_profile', $section, $id);
return Router::redirect(Router::pathFor('profileSection', array('id' => $id, 'section' => $section)), __('Profile redirect'));
}
public function check_errors_before_post($fid, $tid, $qid, $pid, $page, $errors)
{
global $lang_antispam, $lang_antispam_questions;
$fid = $this->hook->fire('check_errors_before_post_start', $fid);
// Antispam feature
if ($this->user->is_guest) {
// It's a guest, so we have to validate the username
$profile = new \FeatherBB\Model\Profile();
$errors = $profile->check_username(Utils::trim($this->request->post('req_username')), $errors);
$errors = $this->hook->fire('check_errors_before_post_antispam', $errors);
$question = $this->request->post('captcha_q') ? trim($this->request->post('captcha_q')) : '';
$answer = $this->request->post('captcha') ? strtoupper(trim($this->request->post('captcha'))) : '';
$lang_antispam_questions_array = array();
foreach ($lang_antispam_questions as $k => $v) {
$lang_antispam_questions_array[md5($k)] = strtoupper($v);
}
if (empty($lang_antispam_questions_array[$question]) || $lang_antispam_questions_array[$question] != $answer) {
$errors[] = __('Robot test fail');
}
}
// Flood protection
if ($this->request->post('preview') != '' && $this->user->last_post != '' && time() - $this->user->last_post < $this->user->g_post_flood) {
$errors[] = sprintf(__('Flood start'), $this->user->g_post_flood, $this->user->g_post_flood - (time() - $this->user->last_post));
}
// If it's a new topic
if ($fid) {
$subject = Utils::trim($this->request->post('req_subject'));
$subject = $this->hook->fire('check_errors_before_new_topic_subject', $subject);
if ($this->config['o_censoring'] == '1') {
$censored_subject = Utils::trim(Utils::censor($subject));
$censored_subject = $this->hook->fire('check_errors_before_censored', $censored_subject);
}
if ($subject == '') {
$errors[] = __('No subject');
} elseif ($this->config['o_censoring'] == '1' && $censored_subject == '') {
$errors[] = __('No subject after censoring');
} elseif (Utils::strlen($subject) > 70) {
$errors[] = __('Too long subject');
} elseif ($this->config['p_subject_all_caps'] == '0' && Utils::is_all_uppercase($subject) && !$this->user->is_admmod) {
$errors[] = __('All caps subject');
}
$errors = $this->hook->fire('check_errors_before_new_topic_errors', $errors);
}
if ($this->user->is_guest) {
$email = strtolower(Utils::trim($this->config['p_force_guest_email'] == '1' ? $this->request->post('req_email') : $this->request->post('email')));
if ($this->config['p_force_guest_email'] == '1' || $email != '') {
$errors = $this->hook->fire('check_errors_before_post_email', $errors, $email);
if (!$this->email->is_valid_email($email)) {
$errors[] = __('Invalid email');
}
// Check if it's a banned email address
// we should only check guests because members' addresses are already verified
if ($this->user->is_guest && $this->email->is_banned_email($email)) {
if ($this->config['p_allow_banned_email'] == '0') {
$errors[] = __('Banned email');
}
$errors['banned_email'] = 1;
// Used later when we send an alert email
}
}
}
// Clean up message from POST
$message = Utils::linebreaks(Utils::trim($this->request->post('req_message')));
$message = $this->hook->fire('check_errors_before_post_message', $message);
// Here we use strlen() not Utils::strlen() as we want to limit the post to FEATHER_MAX_POSTSIZE bytes, not characters
if (strlen($message) > $this->feather->forum_env['FEATHER_MAX_POSTSIZE']) {
$errors[] = sprintf(__('Too long message'), Utils::forum_number_format($this->feather->forum_env['FEATHER_MAX_POSTSIZE']));
} elseif ($this->config['p_message_all_caps'] == '0' && Utils::is_all_uppercase($message) && !$this->user->is_admmod) {
$errors[] = __('All caps message');
}
// Validate BBCode syntax
if ($this->config['p_message_bbcode'] == '1') {
$message = $this->feather->parser->preparse_bbcode($message, $errors);
$message = $this->hook->fire('check_errors_before_post_bbcode', $message);
}
if (empty($errors)) {
$errors = $this->hook->fire('check_errors_before_post_no_error', $errors);
if ($message == '') {
$errors[] = __('No message');
} elseif ($this->config['o_censoring'] == '1') {
// Censor message to see if that causes problems
$censored_message = Utils::trim(Utils::censor($message));
if ($censored_message == '') {
$errors[] = __('No message after censoring');
}
}
}
$errors = $this->hook->fire('check_errors_before_post', $errors);
return $errors;
}
