public function check_errors_before_post($fid, $tid, $qid, $pid, $page, $errors) { $lang_antispam_questions = (require ForumEnv::get('FEATHER_ROOT') . 'featherbb/lang/' . User::get()->language . '/antispam.php'); $fid = Container::get('hooks')->fire('model.post.check_errors_before_post_start', $fid); // Antispam feature if (User::get()->is_guest) { // It's a guest, so we have to validate the username $profile = new \FeatherBB\Model\Profile(); $errors = $profile->check_username(Utils::trim(Input::post('req_username')), $errors); $errors = Container::get('hooks')->fire('model.post.check_errors_before_post_antispam', $errors); $question = Input::post('captcha_q') ? trim(Input::post('captcha_q')) : ''; $answer = Input::post('captcha') ? strtoupper(trim(Input::post('captcha'))) : ''; $lang_antispam_questions_array = array(); foreach ($lang_antispam_questions as $k => $v) { $lang_antispam_questions_array[md5($k)] = strtoupper($v); } if (empty($lang_antispam_questions_array[$question]) || $lang_antispam_questions_array[$question] != $answer) { $errors[] = __('Robot test fail'); } } // Flood protection if (Input::post('preview') != '' && User::get()->last_post != '' && time() - User::get()->last_post < Container::get('prefs')->get(User::get(), 'post.min_interval')) { $errors[] = sprintf(__('Flood start'), Container::get('prefs')->get(User::get(), 'post.min_interval'), Container::get('prefs')->get(User::get(), 'post.min_interval') - (time() - User::get()->last_post)); } // If it's a new topic if ($fid) { $subject = Utils::trim(Input::post('req_subject')); $subject = Container::get('hooks')->fire('model.post.check_errors_before_new_topic_subject', $subject); if (ForumSettings::get('o_censoring') == '1') { $censored_subject = Utils::trim(Utils::censor($subject)); $censored_subject = Container::get('hooks')->fire('model.post.check_errors_before_censored', $censored_subject); } if ($subject == '') { $errors[] = __('No subject'); } elseif (ForumSettings::get('o_censoring') == '1' && $censored_subject == '') { $errors[] = __('No subject after censoring'); } elseif (Utils::strlen($subject) > 70) { $errors[] = __('Too long subject'); } elseif (ForumSettings::get('p_subject_all_caps') == '0' && Utils::is_all_uppercase($subject) && !User::get()->is_admmod) { $errors[] = __('All caps subject'); } $errors = Container::get('hooks')->fire('model.post.check_errors_before_new_topic_errors', $errors); } if (User::get()->is_guest) { $email = strtolower(Utils::trim(ForumSettings::get('p_force_guest_email') == '1' ? Input::post('req_email') : Input::post('email'))); if (ForumSettings::get('p_force_guest_email') == '1' || $email != '') { $errors = Container::get('hooks')->fire('model.post.check_errors_before_post_email', $errors, $email); if (!Container::get('email')->is_valid_email($email)) { $errors[] = __('Invalid email'); } // Check if it's a banned email address // we should only check guests because members' addresses are already verified if (User::get()->is_guest && Container::get('email')->is_banned_email($email)) { if (ForumSettings::get('p_allow_banned_email') == '0') { $errors[] = __('Banned email'); } $errors['banned_email'] = 1; // Used later when we send an alert email } } } // Clean up message from POST $message = Utils::linebreaks(Utils::trim(Input::post('req_message'))); $message = Container::get('hooks')->fire('model.post.check_errors_before_post_message', $message); // Here we use strlen() not Utils::strlen() as we want to limit the post to FEATHER_MAX_POSTSIZE bytes, not characters if (strlen($message) > ForumEnv::get('FEATHER_MAX_POSTSIZE')) { $errors[] = sprintf(__('Too long message'), Utils::forum_number_format(ForumEnv::get('FEATHER_MAX_POSTSIZE'))); } elseif (ForumSettings::get('p_message_all_caps') == '0' && Utils::is_all_uppercase($message) && !User::get()->is_admmod) { $errors[] = __('All caps message'); } // Validate BBCode syntax if (ForumSettings::get('p_message_bbcode') == '1') { $message = Container::get('parser')->preparse_bbcode($message, $errors); $message = Container::get('hooks')->fire('model.post.check_errors_before_post_bbcode', $message); } if (empty($errors)) { $errors = Container::get('hooks')->fire('model.post.check_errors_before_post_no_error', $errors); if ($message == '') { $errors[] = __('No message'); } elseif (ForumSettings::get('o_censoring') == '1') { // Censor message to see if that causes problems $censored_message = Utils::trim(Utils::censor($message)); if ($censored_message == '') { $errors[] = __('No message after censoring'); } } } $errors = Container::get('hooks')->fire('model.post.check_errors_before_post', $errors); return $errors; }
public function check_for_errors() { $user = array(); $user['errors'] = ''; $user = Container::get('hooks')->fire('model.register.check_for_errors_start', $user); // Check that someone from this IP didn't register a user within the last hour (DoS prevention) $already_registered = DB::for_table('users')->where('registration_ip', Utils::getIp())->where_gt('registered', time() - 3600); $already_registered = Container::get('hooks')->fireDB('model.register.check_for_errors_ip_query', $already_registered); $already_registered = $already_registered->find_one(); if ($already_registered) { throw new Error(__('Registration flood'), 429); } $user['username'] = Utils::trim(Input::post('req_user')); $user['email1'] = strtolower(Utils::trim(Input::post('req_email1'))); if (ForumSettings::get('o_regs_verify') == '1') { $email2 = strtolower(Utils::trim(Input::post('req_email2'))); $user['password1'] = Random::pass(12); $password2 = $user['password1']; } else { $user['password1'] = Utils::trim(Input::post('req_password1')); $password2 = Utils::trim(Input::post('req_password2')); } // Validate username and passwords $profile = new \FeatherBB\Model\Profile(); $user['errors'] = $profile->check_username($user['username'], $user['errors']); if (Utils::strlen($user['password1']) < 6) { $user['errors'][] = __('Pass too short'); } elseif ($user['password1'] != $password2) { $user['errors'][] = __('Pass not match'); } // Antispam feature $lang_antispam_questions = (require ForumEnv::get('FEATHER_ROOT') . 'featherbb/lang/' . User::get()->language . '/antispam.php'); $question = Input::post('captcha_q') ? trim(Input::post('captcha_q')) : ''; $answer = Input::post('captcha') ? strtoupper(trim(Input::post('captcha'))) : ''; $lang_antispam_questions_array = array(); foreach ($lang_antispam_questions as $k => $v) { $lang_antispam_questions_array[md5($k)] = strtoupper($v); } if (empty($lang_antispam_questions_array[$question]) || $lang_antispam_questions_array[$question] != $answer) { $user['errors'][] = __('Robot test fail'); } // Validate email if (!Container::get('email')->is_valid_email($user['email1'])) { $user['errors'][] = __('Invalid email'); } elseif (ForumSettings::get('o_regs_verify') == '1' && $user['email1'] != $email2) { $user['errors'][] = __('Email not match'); } // Check if it's a banned email address if (Container::get('email')->is_banned_email($user['email1'])) { if (ForumSettings::get('p_allow_banned_email') == '0') { $user['errors'][] = __('Banned email'); } $user['banned_email'] = 1; // Used later when we send an alert email } // Check if someone else already has registered with that email address $dupe_list = array(); $dupe_mail = DB::for_table('users')->select('username')->where('email', $user['email1']); $dupe_mail = Container::get('hooks')->fireDB('model.register.check_for_errors_dupe', $dupe_mail); $dupe_mail = $dupe_mail->find_many(); if ($dupe_mail) { if (ForumSettings::get('p_allow_dupe_email') == '0') { $user['errors'][] = __('Dupe email'); } foreach ($dupe_mail as $cur_dupe) { $dupe_list[] = $cur_dupe['username']; } } // Make sure we got a valid language string if (Input::post('language')) { $user['language'] = preg_replace('%[\\.\\\\/]%', '', Input::post('language')); if (!file_exists(ForumEnv::get('FEATHER_ROOT') . 'featherbb/lang/' . $user['language'] . '/common.po')) { throw new Error(__('Bad request'), 500); } } else { $user['language'] = ForumSettings::get('o_default_lang'); } $user = Container::get('hooks')->fire('model.register.check_for_errors', $user); return $user; }
public function delete_users() { if (Input::post('users')) { $user_ids = is_array(Input::post('users')) ? array_keys(Input::post('users')) : explode(',', Input::post('users')); $user_ids = array_map('intval', $user_ids); // Delete invalid IDs $user_ids = array_diff($user_ids, array(0, 1)); } else { $user_ids = array(); } $user_ids = Container::get('hooks')->fire('model.admin.model.users.delete_users.user_ids', $user_ids); if (empty($user_ids)) { throw new Error(__('No users selected'), 404); } // Are we trying to delete any admins? $is_admin = DB::for_table('users')->where_in('id', $user_ids)->where('group_id', ForumEnv::get('FEATHER_ADMIN'))->find_one(); if ($is_admin) { throw new Error(__('No delete admins message'), 403); } if (Input::post('delete_users_comply')) { // Fetch user groups $user_groups = array(); $result['select'] = array('id', 'group_id'); $result = DB::for_table('users')->select_many($result['select'])->where_in('id', $user_ids); $result = Container::get('hooks')->fireDB('model.admin.model.admin.users.delete_users.user_groups_query', $result); $result = $result->find_many(); foreach ($result as $cur_user) { if (!isset($user_groups[$cur_user['group_id']])) { $user_groups[$cur_user['group_id']] = array(); } $user_groups[$cur_user['group_id']][] = $cur_user['id']; } // Are any users moderators? $group_ids = array_keys($user_groups); $select_fetch_user_mods = array('g_id', 'g_moderator'); $result = DB::for_table('groups')->select_many($select_fetch_user_mods)->where_in('g_id', $group_ids)->find_many(); foreach ($result as $cur_group) { if ($cur_group['g_moderator'] == '0') { unset($user_groups[$cur_group['g_id']]); } } $user_groups = Container::get('hooks')->fire('model.admin.model.users.delete_users.user_groups', $user_groups); // Fetch forum list and clean up their moderator list $select_mods = array('id', 'moderators'); $result = DB::for_table('forums')->select_many($select_mods)->find_many(); foreach ($result as $cur_forum) { $cur_moderators = $cur_forum['moderators'] != '' ? unserialize($cur_forum['moderators']) : array(); foreach ($user_groups as $group_users) { $cur_moderators = array_diff($cur_moderators, $group_users); } if (!empty($cur_moderators)) { DB::for_table('forums')->where('id', $cur_forum['id'])->find_one()->set('moderators', serialize($cur_moderators))->save(); } else { DB::for_table('forums')->where('id', $cur_forum['id'])->find_one()->set_expr('moderators', 'NULL')->save(); } } // Delete any subscriptions DB::for_table('topic_subscriptions')->where_in('user_id', $user_ids)->delete_many(); DB::for_table('forum_subscriptions')->where_in('user_id', $user_ids)->delete_many(); // Remove them from the online list (if they happen to be logged in) DB::for_table('online')->where_in('user_id', $user_ids)->delete_many(); // Should we delete all posts made by these users? if (Input::post('delete_posts')) { @set_time_limit(0); // Find all posts made by this user $select_user_posts = array('p.id', 'p.topic_id', 't.forum_id'); $result = DB::for_table('posts')->table_alias('p')->select_many($select_user_posts)->inner_join('topics', array('t.id', '=', 'p.topic_id'), 't')->inner_join('forums', array('f.id', '=', 't.forum_id'), 'f')->where('p.poster_id', $user_ids); $result = Container::get('hooks')->fireDB('model.admin.model.admin.users.delete_users.user_posts_query', $result); $result = $result->find_many(); if ($result) { foreach ($result as $cur_post) { // Determine whether this post is the "topic post" or not $result2 = DB::for_table('posts')->where('topic_id', $cur_post['topic_id'])->order_by('posted')->find_one_col('id'); if ($result2 == $cur_post['id']) { \FeatherBB\Model\Topic::delete($cur_post['topic_id']); } else { \FeatherBB\Model\Post::delete($cur_post['id'], $cur_post['topic_id']); } \FeatherBB\Model\Forum::update($cur_post['forum_id']); } } } else { // Set all their posts to guest DB::for_table('posts')->where_in('poster_id', $user_ids)->update_many('poster_id', '1'); } // Delete the users DB::for_table('users')->where_in('id', $user_ids)->delete_many(); // Delete user avatars $userProfile = new \FeatherBB\Model\Profile(); foreach ($user_ids as $user_id) { $userProfile->delete_avatar($user_id); } // Regenerate the users info cache if (!Container::get('cache')->isCached('users_info')) { Container::get('cache')->store('users_info', Cache::get_users_info()); } $stats = Container::get('cache')->retrieve('users_info'); return Router::redirect(Router::pathFor('adminUsers'), __('Users delete redirect')); } return $user_ids; }