Esempio n. 1
0
function validate_search_word($word, $idx)
{
    static $stopwords;
    // If the word is a keyword we don't want to index it, but we do want to be allowed to search it
    if (is_keyword($word)) {
        return !$idx;
    }
    if (!isset($stopwords)) {
        if (file_exists(FORUM_CACHE_DIR . 'cache_stopwords.php')) {
            include FORUM_CACHE_DIR . 'cache_stopwords.php';
        }
        if (!defined('FORUM_STOPWORDS_LOADED')) {
            if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) {
                require FORUM_ROOT . 'include/cache.php';
            }
            generate_stopwords_cache();
            require FORUM_CACHE_DIR . 'cache_stopwords.php';
        }
    }
    // If it is a stopword it isn't valid
    if (in_array($word, $stopwords)) {
        return false;
    }
    // If the word is CJK we don't want to index it, but we do want to be allowed to search it
    if (is_cjk($word)) {
        return !$idx;
    }
    // Exclude % and * when checking whether current word is valid
    $word = str_replace(array('%', '*'), '', $word);
    // Check the word is within the min/max length
    $num_chars = luna_strlen($word);
    return $num_chars >= FORUM_SEARCH_MIN_WORD && $num_chars <= FORUM_SEARCH_MAX_WORD;
}
Esempio n. 2
0
 public static function validate_config($username, $password1, $password2, $email, $title, $default_lang, $default_style)
 {
     $alerts = array();
     // Validate username and passwords
     if (luna_strlen($username) < 2) {
         $alerts[] = __('Usernames must be at least 2 characters long.', 'luna');
     } elseif (luna_strlen($username) > 25) {
         // This usually doesn't happen since the form element only accepts 25 characters
         $alerts[] = __('Usernames must not be more than 25 characters long.', 'luna');
     } elseif (!strcasecmp($username, 'Guest')) {
         $alerts[] = __('The username guest is reserved.', 'luna');
     } elseif (preg_match('%[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}%', $username) || preg_match('%((([0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}:[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){5}:([0-9A-Fa-f]{1,4}:)?[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){4}:([0-9A-Fa-f]{1,4}:){0,2}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){3}:([0-9A-Fa-f]{1,4}:){0,3}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){2}:([0-9A-Fa-f]{1,4}:){0,4}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}((\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b)\\.){3}(\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b))|(([0-9A-Fa-f]{1,4}:){0,5}:((\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b)\\.){3}(\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b))|(::([0-9A-Fa-f]{1,4}:){0,5}((\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b)\\.){3}(\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b))|([0-9A-Fa-f]{1,4}::([0-9A-Fa-f]{1,4}:){0,5}[0-9A-Fa-f]{1,4})|(::([0-9A-Fa-f]{1,4}:){0,6}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){1,7}:))%', $username)) {
         $alerts[] = __('Usernames may not be in the form of an IP address.', 'luna');
     } elseif ((strpos($username, '[') !== false || strpos($username, ']') !== false) && strpos($username, '\'') !== false && strpos($username, '"') !== false) {
         $alerts[] = __('Usernames may not contain all the characters \', " and [ or ] at once.', 'luna');
     } elseif (preg_match('%(?:\\[/?(?:b|u|i|h|colou?r|quote|code|img|url|email|list)\\]|\\[(?:code|quote|list)=)%i', $username)) {
         $alerts[] = __('Usernames may not contain any of the text formatting tags (BBCode) that the forum uses.', 'luna');
     }
     if (luna_strlen($password1) < 4) {
         $alerts[] = __('Passwords must be at least 6 characters long.', 'luna');
     } elseif ($password1 != $password2) {
         $alerts[] = __('Passwords do not match.', 'luna');
     }
     // Validate email
     require FORUM_ROOT . 'include/email.php';
     if (!is_valid_email($email)) {
         $alerts[] = __('The administrator email address you entered is invalid.', 'luna');
     }
     if ($title == '') {
         $alerts[] = __('You must enter a board title.', 'luna');
     }
     $languages = forum_list_langs();
     if (!in_array($default_lang, $languages)) {
         $alerts[] = __('The default language chosen doesn\'t seem to exist.', 'luna');
     }
     $styles = forum_list_styles();
     if (!in_array($default_style, $styles)) {
         $alerts[] = __('The default style chosen doesn\'t seem to exist.', 'luna');
     }
     return $alerts;
 }
Esempio n. 3
0
<?php

if (luna_strlen(luna_htmlspecialchars($user_data['username'])) > 14) {
    $cur_user_name = utf8_substr(luna_htmlspecialchars($user_data['username']), 0, 12) . '...';
} else {
    $cur_user_name = luna_htmlspecialchars($user_data['username']);
}
?>
<div class="col-lg-4 col-md-6 col-sm-6 col-xs-12">
	<div class="user-entry">
		<div class="media">
			<a class="pull-left" href="<?php 
echo 'profile.php?id=' . $user_data['id'];
?>
">
				<?php 
echo $user_avatar;
?>
			</a>
			<div class="media-body">
				<h2 class="media-heading"><?php 
echo '<a title="' . luna_htmlspecialchars($user_data['username']) . '" href="profile.php?id=' . $user_data['id'] . '">' . $cur_user_name . '</a>';
?>
</h2>
				<h4><?php 
echo $user_title_field;
?>
</h4>
				<?php 
echo forum_number_format($user_data['num_comments']) . ' ' . __('comments since', 'luna') . ' ' . format_time($user_data['registered'], true);
?>
Esempio n. 4
0
function draw_index_threads_list($limit = 30, $thread_object_name = 'thread.php')
{
    global $luna_user, $luna_config, $db, $start_from, $id, $sort_by, $start_from, $db_type, $cur_thread, $tracked_threads;
    // Retrieve a list of thread IDs, LIMIT is (really) expensive so we only fetch the IDs here then later fetch the remaining data
    $result = $db->query('SELECT t.id, t.moved_to FROM ' . $db->prefix . 'threads AS t LEFT JOIN ' . $db->prefix . 'forum_perms AS fp ON (fp.forum_id=t.forum_id AND fp.group_id=' . $luna_user['g_id'] . ') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.moved_to IS NULL ORDER BY last_comment DESC LIMIT ' . $limit) or error('Unable to fetch thread IDs', __FILE__, __LINE__, $db->error());
    // If there are threads in this forum
    if ($db->num_rows($result)) {
        $thread_ids = array();
        for ($i = 0; $cur_thread_id = $db->result($result, $i); $i++) {
            $thread_ids[] = $cur_thread_id;
        }
        // Fetch list of threads to display on this page
        $sql_soft = NULL;
        if ($luna_user['is_guest'] || $luna_config['o_has_commented'] == '0') {
            if (!$luna_user['g_soft_delete_view']) {
                $sql_soft = 'soft = 0 AND ';
            }
            $sql = 'SELECT id, commenter, subject, commented, last_comment, last_comment_id, last_commenter, last_commenter_id, num_views, num_replies, closed, pinned, important, moved_to, soft, solved AS answer, forum_id FROM ' . $db->prefix . 'threads WHERE ' . $sql_soft . 'id IN(' . implode(',', $thread_ids) . ') ORDER BY last_comment DESC';
        } else {
            if (!$luna_user['g_soft_delete_view']) {
                $sql_soft = 't.soft = 0 AND ';
            }
            $sql = 'SELECT p.commenter_id AS has_commented, t.id, t.subject, t.commenter, t.commented, t.last_comment, t.last_comment_id, t.last_commenter, t.last_commenter_id, t.num_views, t.num_replies, t.closed, t.pinned, t.important, t.moved_to, t.soft, t.solved AS answer, t.forum_id FROM ' . $db->prefix . 'threads AS t LEFT JOIN ' . $db->prefix . 'comments AS p ON t.id=p.thread_id AND p.commenter_id=' . $luna_user['id'] . ' WHERE ' . $sql_soft . 't.id IN(' . implode(',', $thread_ids) . ') GROUP BY t.id' . ($db_type == 'pgsql' ? ', t.subject, t.commenter, t.commented, t.last_comment, t.last_comment_id, t.last_commenter, t.num_views, t.num_replies, t.closed, t.pinned, t.moved_to, p.commenter_id' : '') . ' ORDER BY t.last_comment DESC';
        }
        $result = $db->query($sql) or error('Unable to fetch thread list', __FILE__, __LINE__, $db->error());
        // Load cached forums
        if (file_exists(LUNA_CACHE_DIR . 'cache_forums.php')) {
            include LUNA_CACHE_DIR . 'cache_forums.php';
        }
        if (!defined('LUNA_LIST_LOADED')) {
            if (!defined('LUNA_CACHE_FUNCTIONS_LOADED')) {
                require LUNA_ROOT . 'include/cache.php';
            }
            generate_forum_cache();
            require LUNA_CACHE_DIR . 'cache_forums.php';
        }
        $thread_count = 0;
        while ($cur_thread = $db->fetch_assoc($result)) {
            ++$thread_count;
            $status_text = array();
            $item_status = $thread_count % 2 == 0 ? 'roweven' : 'rowodd';
            $icon_type = 'icon';
            if (luna_strlen($cur_thread['subject']) > 53) {
                $subject = utf8_substr($cur_thread['subject'], 0, 50) . '...';
            } else {
                $subject = luna_htmlspecialchars($cur_thread['subject']);
            }
            $last_comment_date = '<a href="thread.php?pid=' . $cur_thread['last_comment_id'] . '#p' . $cur_thread['last_comment_id'] . '">' . format_time($cur_thread['last_comment']) . '</a>';
            if (is_null($cur_thread['moved_to'])) {
                $thread_id = $cur_thread['id'];
                if ($luna_user['g_view_users'] == '1' && $cur_thread['last_commenter_id'] > '1') {
                    $last_commenter = '<span class="byuser">' . __('by', 'luna') . ' <a href="profile.php?id=' . $cur_thread['last_commenter_id'] . '">' . luna_htmlspecialchars($cur_thread['last_commenter']) . '</a></span>';
                } else {
                    $last_commenter = '<span class="byuser">' . __('by', 'luna') . ' ' . luna_htmlspecialchars($cur_thread['last_commenter']) . '</span>';
                }
                foreach ($luna_forums as $cur_forum) {
                    if ($cur_thread['forum_id'] == $cur_forum['id']) {
                        $forum_name = luna_htmlspecialchars($cur_forum['forum_name']);
                        $forum_color = $cur_forum['color'];
                        if ($cur_forum['icon'] != NULL) {
                            $faicon = '<span class="fa fa-fw fa-' . $cur_forum['icon'] . '"></span> ';
                        } else {
                            $faicon = '';
                        }
                    }
                }
                $forum_name = '<span class="byuser">' . __('in', 'luna') . ' <a class="label label-default" href="viewforum.php?id=' . $cur_thread['forum_id'] . '" style="background: ' . $forum_color . ';">' . $faicon . '<span class="hidden-xs hidden-sm">' . $forum_name . '</span></a></span>';
            } else {
                $last_commenter = '';
                $thread_id = $cur_thread['moved_to'];
            }
            if ($luna_config['o_censoring'] == '1') {
                $cur_thread['subject'] = censor_words($cur_thread['subject']);
            }
            if ($cur_thread['pinned'] == '1') {
                $item_status .= ' pinned-item';
                $status_text[] = '<span class="label label-warning"><span class="fa fa-fw fa-thumb-tack"></span></span>';
            }
            if ($cur_thread['important']) {
                $item_status .= ' important-item';
                $status_text[] = '<span class="label label-primary"><span class="fa fa-fw fa-map-marker"></span></span>';
            }
            if (isset($cur_thread['answer'])) {
                $item_status .= ' solved-item';
                $status_text[] = '<span class="label label-success"><span class="fa fa-fw fa-check"></span></span>';
            }
            $url = 'thread.php?id=' . $thread_id;
            $by = '<span class="byuser">' . __('by', 'luna') . ' ' . luna_htmlspecialchars($cur_thread['commenter']) . '</span>';
            if ($cur_thread['moved_to'] != 0) {
                $status_text[] = '<span class="label label-info"><span class="fa fa-fw fa-arrows-alt"></span></span>';
                $item_status .= ' moved-item';
            } elseif ($cur_thread['closed'] == '1') {
                $status_text[] = '<span class="label label-danger"><span class="fa fa-fw fa-lock"></span></span>';
                $item_status .= ' closed-item';
            }
            if (!$luna_user['is_guest'] && $luna_config['o_has_commented'] == '1') {
                if ($cur_thread['has_commented'] == $luna_user['id']) {
                    $item_status .= ' commented-item';
                }
            }
            if (!$luna_user['is_guest'] && $cur_thread['last_comment'] > $luna_user['last_visit'] && (!isset($tracked_threads['threads'][$cur_thread['id']]) || $tracked_threads['threads'][$cur_thread['id']] < $cur_thread['last_comment']) && (!isset($tracked_threads['forums'][$id]) || $tracked_threads['forums'][$id] < $cur_thread['last_comment']) && is_null($cur_thread['moved_to'])) {
                $item_status .= ' new-item';
                $icon_type = 'icon icon-new';
                $status_text[] = '<a href="thread.php?id=' . $cur_thread['id'] . '&amp;action=new" title="' . __('Go to the first new comment in the thread.', 'luna') . '" class="label label-default label-new"><span class="fa fa-fw fa-bell"></span></a>';
            }
            $subject_status = implode(' ', $status_text);
            $num_pages_thread = ceil(($cur_thread['num_replies'] + 1) / $luna_user['disp_comments']);
            if ($num_pages_thread > 1) {
                $subject_multipage = '<span class="inline-pagination"> ' . simple_paginate($num_pages_thread, -1, 'thread.php?id=' . $cur_thread['id']) . '</span>';
            } else {
                $subject_multipage = null;
            }
            $replies_label = _n('reply', 'replies', $cur_thread['num_replies'], 'luna');
            $views_label = _n('view', 'views', $cur_thread['num_views'], 'luna');
            require get_view_path($thread_object_name);
        }
    } else {
        echo '<h3 class="nothing">' . __('The board is empty, select a forum and create a thread to begin.', 'luna') . '</h3>';
    }
}
Esempio n. 5
0
         } elseif ($destinataires[$i]['g_id'] > LUNA_GUEST && $destinataires[$i]['g_inbox_limit'] != '0' && $destinataires[$i]['num_inbox'] >= $destinataires[$i]['g_inbox_limit']) {
             $errors[] = sprintf(__('%s inbox is full, you can not send you message to this user.', 'luna'), luna_htmlspecialchars($destinataire));
         }
     } else {
         $errors[] = sprintf(__('There\'s no user with the username "%s".', 'luna'), luna_htmlspecialchars($destinataire));
     }
     $i++;
 }
 // Build IDs' & usernames' list : the end
 $ids_list = implode(', ', $list_ids);
 $usernames_list = implode(', ', $list_usernames);
 // Check subject
 $p_subject = luna_trim($_POST['req_subject']);
 if ($p_subject == '' && $edit == '0') {
     $errors[] = __('Threads must contain a subject.', 'luna');
 } elseif (luna_strlen($p_subject) > '70') {
     $errors[] = __('Subjects cannot be longer than 70 characters.', 'luna');
 } elseif ($luna_config['p_subject_all_caps'] == '0' && strtoupper($p_subject) == $p_subject && $luna_user['is_admmod']) {
     $p_subject = ucwords(strtolower($p_subject));
 }
 // Clean up message from POST
 $p_message = luna_linebreaks(luna_trim($_POST['req_message']));
 // Check message
 if ($p_message == '') {
     $errors[] = __('You must enter a message.', 'luna');
 } elseif (strlen($p_message) > LUNA_MAX_COMMENT_SIZE) {
     $errors[] = sprintf(__('Comments cannot be longer than %s bytes.', 'luna'), forum_number_format(LUNA_MAX_COMMENT_SIZE));
 } elseif ($luna_config['p_message_all_caps'] == '0' && strtoupper($p_message) == $p_message && $luna_user['is_admmod']) {
     $p_message = ucwords(strtolower($p_message));
 }
 // Validate BBCode syntax
Esempio n. 6
0
 }
 // Make sure they got here from the site
 if ($fid && (!isset($_POST['_luna_nonce_post_topic']) || !LunaNonces::verify($_POST['_luna_nonce_post_topic'], 'post-reply')) || !$fid && (!isset($_POST['_luna_nonce_post_reply']) || !LunaNonces::verify($_POST['_luna_nonce_post_reply'], 'post-reply'))) {
     message(__('Are you sure you want to do this?', 'luna'));
 }
 // If it's a new thread
 if ($fid) {
     $subject = luna_trim($_POST['req_subject']);
     if ($luna_config['o_censoring'] == '1') {
         $censored_subject = luna_trim(censor_words($subject));
     }
     if ($subject == '') {
         $errors[] = __('Threads must contain a subject.', 'luna');
     } elseif ($luna_config['o_censoring'] == '1' && $censored_subject == '') {
         $errors[] = __('Threads must contain a subject. After applying censoring filters, your subject was empty.', 'luna');
     } elseif (luna_strlen($subject) > 70) {
         $errors[] = __('Subjects cannot be longer than 70 characters.', 'luna');
     } elseif ($luna_config['p_subject_all_caps'] == '0' && is_all_uppercase($subject) && !$luna_user['is_admmod']) {
         $errors[] = __('Subjects cannot contain only capital letters.', 'luna');
     }
 }
 // If the user is logged in we get the username and email from $luna_user
 if (!$luna_user['is_guest']) {
     $username = $luna_user['username'];
     $email = $luna_user['email'];
     $id = $luna_user['id'];
 } else {
     $username = luna_trim($_POST['req_username']);
     $email = strtolower(luna_trim($luna_config['p_force_guest_email'] == '1' ? $_POST['req_email'] : $_POST['email']));
     $banned_email = false;
     // It's a guest, so we have to validate the username
Esempio n. 7
0
 } elseif ($action == 'show_24h') {
     $action = 'show_recent';
 }
 // If a search_id was supplied
 if (isset($_GET['search_id'])) {
     $search_id = intval($_GET['search_id']);
     if ($search_id < 1) {
         message(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'), false, '404 Not Found');
     }
 } elseif ($action == 'search') {
     $keywords = isset($_GET['keywords']) ? utf8_strtolower(luna_trim($_GET['keywords'])) : null;
     $author = isset($_GET['author']) ? utf8_strtolower(luna_trim($_GET['author'])) : null;
     if (preg_match('%^[\\*\\%]+$%', $keywords) || luna_strlen(str_replace(array('*', '%'), '', $keywords)) < FORUM_SEARCH_MIN_WORD && !is_cjk($keywords)) {
         $keywords = '';
     }
     if (preg_match('%^[\\*\\%]+$%', $author) || luna_strlen(str_replace(array('*', '%'), '', $author)) < 2) {
         $author = '';
     }
     if (!$keywords && !$author) {
         message(__('You have to enter at least one keyword and/or an author to search for.', 'luna'));
     }
     if ($author) {
         $author = str_replace('*', '%', $author);
     }
     $show_as = isset($_GET['show_as']) && $_GET['show_as'] == 'topics' ? 'topics' : 'posts';
     $sort_by = isset($_GET['sort_by']) ? intval($_GET['sort_by']) : 0;
     $search_in = !isset($_GET['search_in']) || $_GET['search_in'] == '0' ? 0 : ($_GET['search_in'] == '1' ? 1 : -1);
 } elseif ($action == 'show_user_posts' || $action == 'show_user_topics' || $action == 'show_subscriptions') {
     $user_id = isset($_GET['user_id']) ? intval($_GET['user_id']) : $luna_user['id'];
     if ($user_id < 2) {
         message(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'), false, '404 Not Found');
Esempio n. 8
0
 $email2 = strtolower(trim($_POST['email']));
 $trimpassword = trim($_POST['password']);
 if (isset($_POST['random_pass'])) {
     $password = random_pass(8);
 } elseif (!empty($trimpassword)) {
     $password = trim($_POST['password']);
 } else {
     redirect('backstage/users.php?user_failed=true');
 }
 $errors = array();
 // Convert multiple whitespace characters into one (to prevent people from registering with indistinguishable usernames)
 $username = preg_replace('#\\s+#s', ' ', $username);
 // Validate username and passwords
 if (strlen($username) < 2) {
     message_backstage(__('Usernames must be at least 2 characters long. Please choose another (longer) username.', 'luna'));
 } elseif (luna_strlen($username) > 25) {
     // This usually doesn't happen since the form element only accepts 25 characters
     message_backstage(__('Passwords must be at least 6 characters long. Please choose another (longer) password.', 'luna'));
 } elseif (!strcasecmp($username, 'Guest') || !strcasecmp($username, __('Guest', 'luna'))) {
     message_backstage(__('The username guest is reserved. Please choose another username.', 'luna'));
 } elseif (preg_match('/[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}/', $username)) {
     message_backstage(__('Usernames may not be in the form of an IP address. Please choose another username.', 'luna'));
 } elseif ((strpos($username, '[') !== false || strpos($username, ']') !== false) && strpos($username, '\'') !== false && strpos($username, '"') !== false) {
     message_backstage(__('Usernames may not contain all the characters \', " and [ or ] at once. Please choose another username.', 'luna'));
 } elseif (preg_match('#\\[b\\]|\\[/b\\]|\\[u\\]|\\[/u\\]|\\[i\\]|\\[/i\\]|\\[color|\\[/color\\]|\\[quote\\]|\\[quote=|\\[/quote\\]|\\[code\\]|\\[/code\\]|\\[img\\]|\\[/img\\]|\\[url|\\[/url\\]|\\[email|\\[/email\\]#i', $username)) {
     message_backstage(__('Usernames may not contain any of the text formatting tags (BBCode) that the forum uses. Please choose another username.', 'luna'));
 }
 // Check that the username (or a too similar username) is not already registered
 $result = $db->query('SELECT username FROM ' . $db->prefix . 'users WHERE username=\'' . $db->escape($username) . '\' OR username=\'' . $db->escape(preg_replace('/[^\\w]/', '', $username)) . '\'') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
 if ($db->num_rows($result)) {
     $busy = $db->result($result);
Esempio n. 9
0
function check_username($username, $exclude_id = null)
{
    global $db, $luna_config, $errors, $luna_bans;
    // Include UTF-8 function
    require_once FORUM_ROOT . 'include/utf8/strcasecmp.php';
    // Convert multiple whitespace characters into one (to prevent people from registering with indistinguishable usernames)
    $username = preg_replace('%\\s+%s', ' ', $username);
    // Validate username
    if (luna_strlen($username) < 2) {
        $errors[] = __('Usernames must be at least 2 characters long. Please choose another (longer) username.', 'luna');
    } elseif (luna_strlen($username) > 25) {
        // This usually doesn't happen since the form element only accepts 25 characters
        $errors[] = __('Usernames must not be more than 25 characters long. Please choose another (shorter) username.', 'luna');
    } elseif (!strcasecmp($username, 'Guest') || !utf8_strcasecmp($username, __('Guest', 'luna'))) {
        $errors[] = __('The username guest is reserved. Please choose another username.', 'luna');
    } elseif (preg_match('%[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}%', $username) || preg_match('%((([0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}:[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){5}:([0-9A-Fa-f]{1,4}:)?[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){4}:([0-9A-Fa-f]{1,4}:){0,2}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){3}:([0-9A-Fa-f]{1,4}:){0,3}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){2}:([0-9A-Fa-f]{1,4}:){0,4}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}((\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b)\\.){3}(\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b))|(([0-9A-Fa-f]{1,4}:){0,5}:((\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b)\\.){3}(\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b))|(::([0-9A-Fa-f]{1,4}:){0,5}((\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b)\\.){3}(\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b))|([0-9A-Fa-f]{1,4}::([0-9A-Fa-f]{1,4}:){0,5}[0-9A-Fa-f]{1,4})|(::([0-9A-Fa-f]{1,4}:){0,6}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){1,7}:))%', $username)) {
        $errors[] = __('Usernames may not be in the form of an IP address. Please choose another username.', 'luna');
    } elseif ((strpos($username, '[') !== false || strpos($username, ']') !== false) && strpos($username, '\'') !== false && strpos($username, '"') !== false) {
        $errors[] = __('Usernames may not contain all the characters \', " and [ or ] at once. Please choose another username.', 'luna');
    } elseif (preg_match('%(?:\\[/?(?:b|u|s|ins|del|em|i|h|colou?r|quote|code|img|url|email|list|\\*|topic|post|forum|user)\\]|\\[(?:img|url|quote|list)=)%i', $username)) {
        $errors[] = __('Usernames may not contain any of the text formatting tags (BBCode) that the forum uses. Please choose another username.', 'luna');
    }
    // Check username for any censored words
    if ($luna_config['o_censoring'] == '1' && censor_words($username) != $username) {
        $errors[] = __('The username you entered contains one or more censored words. Please choose a different username.', 'luna');
    }
    // Check that the username (or a too similar username) is not already registered
    $query = !is_null($exclude_id) ? ' AND id!=' . $exclude_id : '';
    $result = $db->query('SELECT username FROM ' . $db->prefix . 'users WHERE (UPPER(username)=UPPER(\'' . $db->escape($username) . '\') OR UPPER(username)=UPPER(\'' . $db->escape(ucp_preg_replace('%[^\\p{L}\\p{N}]%u', '', $username)) . '\')) AND id>1' . $query) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
    if ($db->num_rows($result)) {
        $busy = $db->result($result);
        $errors[] = __('Someone is already registered with the username', 'luna') . ' ' . luna_htmlspecialchars($busy) . '. ' . __('The username you entered is too similar. The username must differ from that by at least one alphanumerical character (a-z or 0-9). Please choose a different username.', 'luna');
    }
    // Check username for any banned usernames
    foreach ($luna_bans as $cur_ban) {
        if ($cur_ban['username'] != '' && utf8_strtolower($username) == utf8_strtolower($cur_ban['username'])) {
            $errors[] = __('The username you entered is banned in this forum. Please choose another username.', 'luna');
            break;
        }
    }
}
Esempio n. 10
0
?>
<span class="help-block"><?php 
_e('Password and confirmation for SMTP server, only when required', 'luna');
?>
</span></label>
					<div class="col-sm-9">
						<div class="checkbox">
							<label>
								<input type="checkbox" name="form[smtp_change_pass]" id="form_smtp_change_pass" value="1" />
								<?php 
_e('Check this if you want to change or delete the currently stored password.', 'luna');
?>
							</label>
						</div>
<?php 
$smtp_pass = !empty($luna_config['o_smtp_pass']) ? random_key(luna_strlen($luna_config['o_smtp_pass']), true) : '';
?>
						<div class="row">
							<div class="col-sm-6">
								<input class="form-control" type="password" name="form[smtp_pass1]" maxlength="50" value="<?php 
echo $smtp_pass;
?>
" />
							</div>
							<div class="col-sm-6">
								<input class="form-control" type="password" name="form[smtp_pass2]" maxlength="50" value="<?php 
echo $smtp_pass;
?>
" />
							</div>
						</div>
Esempio n. 11
0
 if ($db->num_rows($result)) {
     message(__('A new user was registered with the same IP address as you within the last hour. To prevent registration flooding, at least an hour has to pass between registrations from the same IP. Sorry for the inconvenience.', 'luna'));
 }
 $username = luna_trim($_POST['req_user']);
 $email1 = strtolower(luna_trim($_POST['req_email1']));
 if ($luna_config['o_regs_verify'] == '1') {
     $email2 = strtolower(luna_trim($_POST['req_email2']));
     $password1 = random_pass(12);
     $password2 = $password1;
 } else {
     $password1 = luna_trim($_POST['req_password1']);
     $password2 = luna_trim($_POST['req_password2']);
 }
 // Validate username and passwords
 check_username($username);
 if (luna_strlen($password1) < 6) {
     $errors[] = __('Passwords must be at least 6 characters long. Please choose another (longer) password.', 'luna');
 } elseif ($password1 != $password2) {
     $errors[] = __('Passwords do not match.', 'luna');
 }
 // Validate email
 require LUNA_ROOT . 'include/email.php';
 if (!is_valid_email($email1)) {
     $errors[] = __('The email address you entered is invalid.', 'luna');
 } elseif ($luna_config['o_regs_verify'] == '1' && $email1 != $email2) {
     $errors[] = __('Email addresses do not match.', 'luna');
 }
 // Check if it's a banned email address
 if (is_banned_email($email1)) {
     if ($luna_config['p_allow_banned_email'] == '0') {
         $errors[] = __('The email address you entered is banned in this forum. Please choose another email address.', 'luna');
Esempio n. 12
0
 $num_posts_splitted = substr_count($posts, ',') + 1;
 // Verify that the comment IDs are valid
 $result = $db->query('SELECT 1 FROM ' . $db->prefix . 'posts WHERE id IN(' . $posts . ') AND topic_id=' . $tid) or error('Unable to check posts', __FILE__, __LINE__, $db->error());
 if ($db->num_rows($result) != $num_posts_splitted) {
     message_backstage(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'), false, '404 Not Found');
 }
 // Verify that the move to forum ID is valid
 $result = $db->query('SELECT 1 FROM ' . $db->prefix . 'forums AS f LEFT JOIN ' . $db->prefix . 'forum_perms AS fp ON (fp.group_id=' . $luna_user['g_id'] . ' AND fp.forum_id=' . $move_to_forum . ') WHERE (fp.post_topics IS NULL OR fp.post_topics=1)') or error('Unable to fetch forum permissions', __FILE__, __LINE__, $db->error());
 if (!$db->num_rows($result)) {
     message_backstage(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'), false, '404 Not Found');
 }
 // Check subject
 $new_subject = isset($_POST['new_subject']) ? luna_trim($_POST['new_subject']) : '';
 if ($new_subject == '') {
     message_backstage(__('Threads must contain a subject.', 'luna'));
 } elseif (luna_strlen($new_subject) > 70) {
     message_backstage(__('Subjects cannot be longer than 70 characters.', 'luna'));
 }
 // Get data from the new first post
 $result = $db->query('SELECT p.id, p.poster, p.posted FROM ' . $db->prefix . 'posts AS p WHERE id IN(' . $posts . ') ORDER BY p.id ASC LIMIT 1') or error('Unable to get first post', __FILE__, __LINE__, $db->error());
 $first_post_data = $db->fetch_assoc($result);
 // Create the new thread
 $db->query('INSERT INTO ' . $db->prefix . 'topics (poster, subject, posted, first_post_id, forum_id) VALUES (\'' . $db->escape($first_post_data['poster']) . '\', \'' . $db->escape($new_subject) . '\', ' . $first_post_data['posted'] . ', ' . $first_post_data['id'] . ', ' . $move_to_forum . ')') or error('Unable to create new thread', __FILE__, __LINE__, $db->error());
 $new_tid = $db->insert_id();
 // Move the comments to the new thread
 $db->query('UPDATE ' . $db->prefix . 'posts SET topic_id=' . $new_tid . ' WHERE id IN(' . $posts . ')') or error('Unable to move posts into new thread', __FILE__, __LINE__, $db->error());
 // Apply every subscription to both topics
 $db->query('INSERT INTO ' . $db->prefix . 'topic_subscriptions (user_id, topic_id) SELECT user_id, ' . $new_tid . ' FROM ' . $db->prefix . 'topic_subscriptions WHERE topic_id=' . $tid) or error('Unable to copy existing subscriptions', __FILE__, __LINE__, $db->error());
 // Get last_post, last_post_id, and last_poster from the thread and update it
 $result = $db->query('SELECT id, poster, posted FROM ' . $db->prefix . 'posts WHERE topic_id=' . $tid . ' ORDER BY id DESC LIMIT 1') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
 $last_post_data = $db->fetch_assoc($result);
Esempio n. 13
0
     $form['title'] = luna_trim($_POST['title']);
     if ($form['title'] != '') {
         // A list of words that the title may not contain
         // If the language is English, there will be some duplicates, but it's not the end of the world
         $forbidden = array('member', 'moderator', 'administrator', 'banned', 'guest', utf8_strtolower(__('Member', 'luna')), utf8_strtolower(__('Moderator', 'luna')), utf8_strtolower(__('Administrator', 'luna')), utf8_strtolower(__('Banned', 'luna')), utf8_strtolower(__('Guest', 'luna')));
         if (in_array(utf8_strtolower($form['title']), $forbidden)) {
             message(__('The title you entered contains a forbidden word. You must choose a different title.', 'luna'));
         }
     }
 }
 // Clean up signature from POST
 if ($luna_config['o_signatures'] == '1') {
     $form['signature'] = luna_linebreaks(luna_trim($_POST['signature']));
     // Validate signature
     if (luna_strlen($form['signature']) > $luna_config['p_sig_length']) {
         message(sprintf(__('Signatures cannot be longer than %1$s characters. Please reduce your signature by %2$s characters.', 'luna'), $luna_config['p_sig_length'], luna_strlen($form['signature']) - $luna_config['p_sig_length']));
     } elseif (substr_count($form['signature'], "\n") > $luna_config['p_sig_lines'] - 1) {
         message(sprintf(__('Signatures cannot have more than %s lines.', 'luna'), $luna_config['p_sig_lines']));
     } elseif ($form['signature'] && $luna_config['p_sig_all_caps'] == '0' && is_all_uppercase($form['signature']) && !$luna_user['is_admmod']) {
         $form['signature'] = utf8_ucwords(utf8_strtolower($form['signature']));
     }
     $errors = array();
     $form['signature'] = preparse_bbcode($form['signature'], $errors, true);
     if (count($errors) > 0) {
         message('<ul><li>' . implode('</li><li>', $errors) . '</li></ul>');
     }
 }
 if ($form['disp_topics'] != '') {
     $form['disp_topics'] = intval($form['disp_topics']);
     if ($form['disp_topics'] < 3) {
         $form['disp_topics'] = 3;