/**
* Check to see if the password meets the complexity settings
*
* @return boolean|string Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
*/
function validate_password($password)
{
global $config;
if ($password === '' || $config['pass_complex'] === 'PASS_TYPE_ANY') {
// Password empty or no password complexity required.
return false;
}
$pcre = $mbstring = false;
// generic UTF-8 character types supported?
if (src_pcre_utf8_support()) {
$upp = '\\p{Lu}';
$low = '\\p{Ll}';
$num = '\\p{N}';
$sym = '[^\\p{Lu}\\p{Ll}\\p{N}]';
$pcre = true;
} else {
if (function_exists('mb_ereg_match')) {
mb_regex_encoding('UTF-8');
$upp = '[[:upper:]]';
$low = '[[:lower:]]';
$num = '[[:digit:]]';
$sym = '[^[:upper:][:lower:][:digit:]]';
$mbstring = true;
} else {
$upp = '[A-Z]';
$low = '[a-z]';
$num = '[0-9]';
$sym = '[^A-Za-z0-9]';
$pcre = true;
}
}
$chars = array();
switch ($config['pass_complex']) {
// No break statements below ...
// We require strong passwords in case pass_complex is not set or is invalid
default:
// Require mixed case letters, numbers and symbols
// Require mixed case letters, numbers and symbols
case 'PASS_TYPE_SYMBOL':
$chars[] = $sym;
// Require mixed case letters and numbers
// Require mixed case letters and numbers
case 'PASS_TYPE_ALPHA':
$chars[] = $num;
// Require mixed case letters
// Require mixed case letters
case 'PASS_TYPE_CASE':
$chars[] = $low;
$chars[] = $upp;
}
if ($pcre) {
foreach ($chars as $char) {
if (!preg_match('#' . $char . '#u', $password)) {
return 'INVALID_CHARS';
}
}
} else {
if ($mbstring) {
foreach ($chars as $char) {
if (mb_ereg($char, $password) === false) {
return 'INVALID_CHARS';
}
}
}
}
return false;
}
/**
* Generate regexp for naughty words censoring
* Depends on whether installed PHP version supports unicode properties
*
* @param string $word word template to be replaced
* @param bool $use_unicode whether or not to take advantage of PCRE supporting unicode
*
* @return string $preg_expr regex to use with word censor
*/
function get_censor_preg_expression($word, $use_unicode = true)
{
// Unescape the asterisk to simplify further conversions
$word = str_replace('\\*', '*', preg_quote($word, '#'));
if ($use_unicode && src_pcre_utf8_support()) {
// Replace asterisk(s) inside the pattern, at the start and at the end of it with regexes
$word = preg_replace(array('#(?<=[\\p{Nd}\\p{L}_])\\*+(?=[\\p{Nd}\\p{L}_])#iu', '#^\\*+#', '#\\*+$#'), array('([\\x20]*?|[\\p{Nd}\\p{L}_-]*?)', '[\\p{Nd}\\p{L}_-]*?', '[\\p{Nd}\\p{L}_-]*?'), $word);
// Generate the final substitution
$preg_expr = '#(?<![\\p{Nd}\\p{L}_-])(' . $word . ')(?![\\p{Nd}\\p{L}_-])#iu';
} else {
// Replace the asterisk inside the pattern, at the start and at the end of it with regexes
$word = preg_replace(array('#(?<=\\S)\\*+(?=\\S)#iu', '#^\\*+#', '#\\*+$#'), array('(\\x20*?\\S*?)', '\\S*?', '\\S*?'), $word);
// Generate the final substitution
$preg_expr = '#(?<!\\S)(' . $word . ')(?!\\S)#iu';
}
return $preg_expr;
}
function build_regexp(&$bbcode_match, &$bbcode_tpl)
{
$bbcode_match = trim($bbcode_match);
$bbcode_tpl = trim($bbcode_tpl);
// Allow unicode characters for URL|LOCAL_URL|RELATIVE_URL|INTTEXT tokens
$utf8 = preg_match('/(URL|LOCAL_URL|RELATIVE_URL|INTTEXT)/', $bbcode_match);
$utf8_pcre_properties = src_pcre_utf8_support();
$fp_match = preg_quote($bbcode_match, '!');
$fp_replace = preg_replace('#^\\[(.*?)\\]#', '[$1:$uid]', $bbcode_match);
$fp_replace = preg_replace('#\\[/(.*?)\\]$#', '[/$1:$uid]', $fp_replace);
$sp_match = preg_quote($bbcode_match, '!');
$sp_match = preg_replace('#^\\\\\\[(.*?)\\\\\\]#', '\\[$1:$uid\\]', $sp_match);
$sp_match = preg_replace('#\\\\\\[/(.*?)\\\\\\]$#', '\\[/$1:$uid\\]', $sp_match);
$sp_replace = $bbcode_tpl;
// @todo Make sure to change this too if something changed in message parsing
$tokens = array('URL' => array('!(?:(' . str_replace(array('!', '\\#'), array('\\!', '#'), get_preg_expression('url')) . ')|(' . str_replace(array('!', '\\#'), array('\\!', '#'), get_preg_expression('www_url')) . '))!ie' => "\$this->bbcode_specialchars(('\$1') ? '\$1' : 'http://\$2')"), 'LOCAL_URL' => array('!(' . str_replace(array('!', '\\#'), array('\\!', '#'), get_preg_expression('relative_url')) . ')!e' => "\$this->bbcode_specialchars('\$1')"), 'RELATIVE_URL' => array('!(' . str_replace(array('!', '\\#'), array('\\!', '#'), get_preg_expression('relative_url')) . ')!e' => "\$this->bbcode_specialchars('\$1')"), 'EMAIL' => array('!(' . get_preg_expression('email') . ')!ie' => "\$this->bbcode_specialchars('\$1')"), 'TEXT' => array('!(.*?)!es' => "str_replace(array(\"\\r\\n\", '\\\"', '\\'', '(', ')'), array(\"\\n\", '\"', ''', '(', ')'), trim('\$1'))"), 'SIMPLETEXT' => array('!([a-zA-Z0-9-+.,_ ]+)!' => "\$1"), 'INTTEXT' => array($utf8_pcre_properties ? '!([\\p{L}\\p{N}\\-+,_. ]+)!u' : '!([a-zA-Z0-9\\-+,_. ]+)!u' => "\$1"), 'IDENTIFIER' => array('!([a-zA-Z0-9-_]+)!' => "\$1"), 'COLOR' => array('!([a-z]+|#[0-9abcdef]+)!i' => '$1'), 'NUMBER' => array('!([0-9]+)!' => '$1'));
$sp_tokens = array('URL' => '(?i)((?:' . str_replace(array('!', '\\#'), array('\\!', '#'), get_preg_expression('url')) . ')|(?:' . str_replace(array('!', '\\#'), array('\\!', '#'), get_preg_expression('www_url')) . '))(?-i)', 'LOCAL_URL' => '(?i)(' . str_replace(array('!', '\\#'), array('\\!', '#'), get_preg_expression('relative_url')) . ')(?-i)', 'RELATIVE_URL' => '(?i)(' . str_replace(array('!', '\\#'), array('\\!', '#'), get_preg_expression('relative_url')) . ')(?-i)', 'EMAIL' => '(' . get_preg_expression('email') . ')', 'TEXT' => '(.*?)', 'SIMPLETEXT' => '([a-zA-Z0-9-+.,_ ]+)', 'INTTEXT' => $utf8_pcre_properties ? '([\\p{L}\\p{N}\\-+,_. ]+)' : '([a-zA-Z0-9\\-+,_. ]+)', 'IDENTIFIER' => '([a-zA-Z0-9-_]+)', 'COLOR' => '([a-zA-Z]+|#[0-9abcdefABCDEF]+)', 'NUMBER' => '([0-9]+)');
$pad = 0;
$modifiers = 'i';
$modifiers .= $utf8 && $utf8_pcre_properties ? 'u' : '';
if (preg_match_all('/\\{(' . implode('|', array_keys($tokens)) . ')[0-9]*\\}/i', $bbcode_match, $m)) {
foreach ($m[0] as $n => $token) {
$token_type = $m[1][$n];
reset($tokens[strtoupper($token_type)]);
list($match, $replace) = each($tokens[strtoupper($token_type)]);
// Pad backreference numbers from tokens
if (preg_match_all('/(?<!\\\\)\\$([0-9]+)/', $replace, $repad)) {
$repad = $pad + sizeof(array_unique($repad[0]));
$replace = preg_replace('/(?<!\\\\)\\$([0-9]+)/e', "'\${' . (\$1 + \$pad) . '}'", $replace);
$pad = $repad;
}
// Obtain pattern modifiers to use and alter the regex accordingly
$regex = preg_replace('/!(.*)!([a-z]*)/', '$1', $match);
$regex_modifiers = preg_replace('/!(.*)!([a-z]*)/', '$2', $match);
for ($i = 0, $size = strlen($regex_modifiers); $i < $size; ++$i) {
if (strpos($modifiers, $regex_modifiers[$i]) === false) {
$modifiers .= $regex_modifiers[$i];
if ($regex_modifiers[$i] == 'e') {
$fp_replace = "'" . str_replace("'", "\\'", $fp_replace) . "'";
}
}
if ($regex_modifiers[$i] == 'e') {
$replace = "'.{$replace}.'";
}
}
$fp_match = str_replace(preg_quote($token, '!'), $regex, $fp_match);
$fp_replace = str_replace($token, $replace, $fp_replace);
$sp_match = str_replace(preg_quote($token, '!'), $sp_tokens[$token_type], $sp_match);
// Prepend the srcrd url to local relative links
$replace_prepend = $token_type === 'LOCAL_URL' ? generate_srcrd_url() . '/' : '';
$sp_replace = str_replace($token, $replace_prepend . '${' . ($n + 1) . '}', $sp_replace);
}
$fp_match = '!' . $fp_match . '!' . $modifiers;
$sp_match = '!' . $sp_match . '!s' . ($utf8 ? 'u' : '');
if (strpos($fp_match, 'e') !== false) {
$fp_replace = str_replace("'.'", '', $fp_replace);
$fp_replace = str_replace(".''.", '.', $fp_replace);
}
} else {
// No replacement is present, no need for a second-pass pattern replacement
// A simple str_replace will suffice
$fp_match = '!' . $fp_match . '!' . $modifiers;
$sp_match = $fp_replace;
$sp_replace = '';
}
// Lowercase tags
$bbcode_tag = preg_replace('/.*?\\[([a-z0-9_-]+=?).*/i', '$1', $bbcode_match);
$bbcode_search = preg_replace('/.*?\\[([a-z0-9_-]+)=?.*/i', '$1', $bbcode_match);
if (!preg_match('/^[a-zA-Z0-9_-]+=?$/', $bbcode_tag)) {
global $user;
trigger_error($user->lang['BBCODE_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
}
$fp_match = preg_replace('#\\[/?' . $bbcode_search . '#ie', "strtolower('\$0')", $fp_match);
$fp_replace = preg_replace('#\\[/?' . $bbcode_search . '#ie', "strtolower('\$0')", $fp_replace);
$sp_match = preg_replace('#\\[/?' . $bbcode_search . '#ie', "strtolower('\$0')", $sp_match);
$sp_replace = preg_replace('#\\[/?' . $bbcode_search . '#ie', "strtolower('\$0')", $sp_replace);
return array('bbcode_tag' => $bbcode_tag, 'first_pass_match' => $fp_match, 'first_pass_replace' => $fp_replace, 'second_pass_match' => $sp_match, 'second_pass_replace' => $sp_replace);
}
