public function checkPrivileges($o)
{
$username=SC::get('userdata.username');
if(in_array($username,array('dev1','dev2'))){
return true;
}
$uid=SC::get('userdata.user_id');
$dao=DaoFactory::create('user/admin');
$dao->select('count(user_id) as count');
$dao->byUserId($uid);
$rs=$dao->execute();
if(!$rs->isSuccess())
{
throw new CircuitDatabaseException('query admin users failed', $rs);
}
$count=$rs->fetchrow(DB_ASSOC);
if($count['count']==0)
{
$message = "This page is not available under the current configuration, or ";
$message .= "you are not authorized to view this page.";
$o->set('error.message', $message);
$o->set('error.code', GENERAL_MESSAGE);
$o->set('error.title', 'Not Authorized');
$o->set('error.line', __LINE__);
$o->set('error.file', __FILE__);
return false;
}
return true;
}
/**
* Execute
*/
function execute(&$observer)
{
// MOD RJH
// Modification Date: 11-18-2004
// Add Tracking for all actions into a single consolidated Admin Log Table
// using Sushi to store data
// TRACKING
// ID (pk), USER ID(ind), IP(ind), datetime, request page, POST/GET
if( preg_match("/^10./",$_SERVER['REMOTE_ADDR']) ) return TRUE;
$GAIALOG = serialize(array($_GET,$_POST));
$dao_logging =& DaoFactory::create('admincpanellog.insert');
$dao_logging->setUserId(SC::get('userdata.user_id'));
$dao_logging->setUsername(SC::get('userdata.username'));
$dao_logging->setUserIp($_SERVER['REMOTE_ADDR']);
$dao_logging->setDatetime(SC::get('board_config.time_now'));
$dao_logging->setRequestFilename($_SERVER['SCRIPT_NAME']);
$dao_logging->setRequestData($GAIALOG);
$rs =& $dao_logging->execute();
if(!$rs->isSuccess())
{
$observer->set('error.message', "Unable to connect to the database, please try again later.");
$observer->set('error.title', 'Database Error');
$observer->set('error.code', GENERAL_ERROR);
$observer->set('error.line', __LINE__);
$observer->set('error.file', __FILE__);
return FALSE;
}
return TRUE;
}
public function swapItem($from_serial, $to_item_id, $user_id = NULL)
{
// default the user_id to the current logged in user if nothing was passed in
$user_id = empty($user_id) ? SC::get('userdata.user_id') : intval($user_id);
// validate that the serial we want to delete belongs to the user
$ir = new InventoryReader($user_id);
$ir->bySerial($from_serial);
$rs = $ir->execute();
if (!$rs->isSuccess()) {
return $this->throwError('Unable to load your inventory at this time. Please try again later. Error: ' . $rs->getError(), $rs);
}
$data = $rs->getItems();
// data is empty so that means the user doesn't own this serial
if (empty($data)) {
return $this->throwError('The item was not found in your inventory.');
}
// validate that the item we want to swap to exists
// to_item_id can be either an INT (item_id that we want to grant) or
// an array of item_ids that we want to grant and how many of each we want to grant
// get the ids of the items we want to grant
$item_ids = array();
if (is_array($to_item_id)) {
foreach ($to_item_id as $item) {
$item_ids[] = $item['item_id'];
}
} else {
$item_ids[] = $to_item_id;
}
// check to see if the items we want to grant exist
$idr = new ItemDefinitionReader();
$idr->addIds($item_ids);
if (!$idr->execute('__meta__')) {
return $this->throwError('Unable to load item detail, please try again. ' . $idr->getError(), $idr);
}
$found_ids = $idr->getItemIds();
// if item_ids contains ids that arent in $found_ids then an item doesn't exist
$difference = array_diff($item_ids, $found_ids);
if (!empty($difference)) {
return $this->throwError('Item(s) not found', $difference);
}
// at this point we have a valid serial that belongs to the user_id and valid items that we want to grant
$txn = DaoFactory::create('transactionmanager');
// clear frozen status (if any) as we should allow users to open frozen letters
$prop = PropertyReader::instance()->getProperties($from_serial, $user_id);
$from_item_frozen_property = NULL;
if (isset($prop['frozen']) && FrozenChecker::isFrozenByProperty($prop)) {
$from_item_frozen_property = $prop['frozen'];
// would be nice if we can attach $txn to $iw here, but it would create a dirty read
// problem. we could potentially fail later after clearing the frozen status. we will live
// with the unlikely case for now.
$iw = new InventoryWriter(IW_APPCODE_FUNC_SWAP_ITEM);
$iw->deleteProperty($from_serial, $user_id, INVENTORY_LOCATION_MAIN, 'frozen');
$iwr = $iw->execute();
if (!$iwr->isSuccess()) {
$txn->rollback();
return $this->throwError($iwr->getError());
}
}
//delete item we are swapping out
$iw = new InventoryWriter(IW_APPCODE_FUNC_SWAP_ITEM, $txn);
$iw->deleteSerializedItem($user_id, $from_serial);
//grant item(s) we are swapping in
if (is_array($to_item_id)) {
foreach ($to_item_id as $item) {
$quantity = isset($item['quantity']) ? $item['quantity'] : 1;
$iw->grantNewItems($user_id, $item['item_id'], $quantity);
}
} else {
$iw->grantNewItems($user_id, $to_item_id, 1);
}
$iwr = $iw->execute(FALSE);
if (!$iwr->isSuccess()) {
$txn->rollback();
return $this->throwError($iwr->getError());
}
// get the serials of the granted items
$this->granted_items = $iwr->getGeneratedSerials();
if ($from_item_frozen_property) {
// transfer the frozen property value to the swapped item
// with packages it's not possible that a frozen item will grant multiple items.
// all these items should be frozen
$iw = new InventoryWriter(IW_APPCODE_FUNC_SWAP_ITEM, $txn);
foreach ($this->granted_items as $new_serial) {
$iw->setProperty($new_serial, $user_id, INVENTORY_LOCATION_MAIN, 'frozen', $from_item_frozen_property);
}
$iw->execute(FALSE);
if (!$iwr->isSuccess()) {
$txn->rollback();
return $this->throwError($iwr->getError());
}
}
$txn->commit();
// set the new serials associated with the item_ids
return TRUE;
}
public function start()
{
return DaoFactory::create('transactionmanager');
}
public function testNoConnectorCreatedReturnsFalse()
{
return $this->assertFalse(DaoFactory::create('testdb.testtable', $this->test_map_file));
}
function execute(&$observer)
{
$username = $observer->get('default.validation.username');
// length check
if (strlen(trim($username)) > 25) {
$observer->set('error.title', 'Username Error');
$observer->set('error.message', 'Your username must be no more than 25 characters long.');
$observer->set('default.validation.status', 'LONG');
$observer->set('login.request.status', 'LONG');
return FALSE;
}
//get the entire list of disallowed words. In the future we might have
//more specific queries eg. get only swear words, get only NPC, etc.
$filterList = UsernameFilter::filterList(1);
if (count($filterList) <= 0) {
return TRUE;
}
//nothing to filter against lol
// are they logged in -- Jakob
// if so, we don't bother doing the NPC check
// rxes defines the array of regular expressions
$rxes = array();
// MATCH 1. Variants of [NPC] using nonword characters
$delim = "[\\W\\s_]";
// Nonword, whitespace, underscore
$rx = "^(.*?)" . "{$delim} *?" . "[N]" . "{$delim} *?" . "[P]" . "{$delim} *?" . "[C]" . "{$delim} +" . "(.*)";
// match as much as possible to end of string
$rx = "/" . $rx . "/xi";
$rxes[] = $rx;
// MATCH 2, inpci, lnpcl, l_n-p_c and word variants. Much stricter so as not
// to break actual words
$delim = "[il\\|]";
// i, l, pipe
$rx = "^(.*?)" . "{$delim}" . "[\\s\\-_]*" . "n[\\s\\-_]*" . "p[\\s\\-_]*" . "c[\\s\\-_]*" . "{$delim} ?" . "(.*)";
// grab the rest by being greedy
$rx = "/" . $rx . "/xi";
$rxes[] = $rx;
$matched = false;
foreach ($rxes as $rx) {
if (preg_match($rx, $username)) {
$matched = true;
}
}
if ($matched) {
/// name found, logged in?
if (SC::get("userdata.user_level") <= 0) {
$observer->set('error.title', 'Username Error');
$observer->set('error.message', 'Your username is in conflict because it is the name of a NPC (Non-Playable Character). For storyline purposes, we kindly ask you to choose another username. Thank you!');
$observer->set('default.validation.status', 'NPC');
$observer->set('login.request.status', 'NPC');
return FALSE;
}
}
//-------------------------------------------------------------------------------------
//this is pretty ghetto but we don't have a consesus for handling all the names in the database
//so there is some hack-ish stuff going on eg. with checking ElfTech names it is extra
//strict that previous NPC names
//do a case insensitive check against each of the NPC names.
foreach ($filterList['NPC'] as $f) {
//in the future if we want to do other checks like against l33t names we can modify this.
$pattern = "/\\b{$f}\\b/i";
//this is more lenient than below
if ($f == 'ElfTech') {
$pattern = "/.*Elf.*Tech.*/i";
//nothing allowed!!! omg:O
}
$result = preg_match($pattern, $username);
if (!empty($result)) {
$observer->set('error.title', 'Username Error');
$observer->set('error.message', 'Your username is in conflict because it is the name of a NPC (Non-Playable Character). For storyline purposes, we kindly ask you to choose another username. Thank you!');
$observer->set('default.validation.status', 'NPC');
$observer->set('login.request.status', 'NPC');
return FALSE;
}
}
//----------------------------------------------------------------------------------------
//do a case insensitive check against each of the Admin names.
foreach ($filterList['Admin'] as $f) {
//in the future if we want to do other checks like against l33t names we can modify this.
$pattern = "/{$f}/i";
$result = preg_match($pattern, $username);
if (!empty($result)) {
$observer->set('error.title', 'Username Error');
$observer->set('error.message', 'Your username is in conflict with administration names. We kindly ask you to choose another username that will not confuse other user.');
$observer->set('default.validation.status', 'Admin');
$observer->set('login.request.status', 'Admin');
return FALSE;
}
}
//----------------------------------------------------------------------------------------
//do a case insensitive check against each of the Swear names.
foreach ($filterList['Swear'] as $f) {
//in the future if we want to do other checks like against l33t names we can modify this.
$pattern = "/{$f}/i";
$result = preg_match($pattern, $username);
if (!empty($result)) {
$observer->set('error.title', 'Username Error');
$observer->set('error.message', 'Your username is in conflict with PG-13 guidelines! We kindly ask you to choose another username that is more appropriate.');
$observer->set('default.validation.status', 'Swear');
$observer->set('login.request.status', 'Swear');
return FALSE;
}
}
//----------------------------------------------------------------------------------------
// username approximate matching
// we need to munge the name now and attempt to standardize the lookups
$userdata =& SC::get('userdata');
$username = str_replace("\\'", "''", $username);
$checkname = strtolower(preg_replace("/^[_\\-\\+\\=\\)\\(\\^\\#\\!\\~\\'\\s\\.]+/", '', $username));
$checkname = preg_replace("/[_\\-\\+\\=\\)\\(\\^\\#\\!\\~\\'\\s\\.]+\$/", '', $checkname);
$checkname = preg_replace("/[\\-\\+\\=\\^\\#\\!\\~\\s\\.]/", '_', $checkname);
// compressed length check
if (strlen(trim($username)) <= 2) {
$observer->set('error.title', 'Username Error');
$observer->set('error.message', 'Your username must be at least 3 characters.');
return FALSE;
}
// invalid character check
if (!preg_match('/^[a-zA-z0-9_\\-\\+\\=\\)\\(\\^\\#\\!\\~\\s\\.]+$/', $username)) {
$observer->set('error.title', 'Username Error');
$observer->set('error.message', 'Your username contains invalid characters.');
return FALSE;
}
// check for at least one letter
if (!preg_match("/[a-zA-Z]/", $username)) {
$observer->set('error.title', 'Username Error');
$observer->set('error.message', 'Your username must have at least one letter.');
return FALSE;
}
// check for double spaces
if (preg_match("/ /", $username)) {
$observer->set('error.title', 'Username Error');
$observer->set('error.message', 'Your username cannot have 2 spaces in a row.');
return FALSE;
}
// Don't allow " in username.
if (strstr($username, '"') || strstr($username, ',')) {
$observer->set('error.title', 'Username Error');
$observer->set('error.message', 'Your username cannot contain quotations or commas.');
return FALSE;
}
// check for exact username
$dao =& DaoFactory::create('users');
$dao->byExactUsername(strtolower($username));
$rs =& $dao->execute();
if (!$rs->isSuccess()) {
$observer->set('error.title', 'Username Error');
$observer->set('error.message', 'Unable to validate username.');
$observer->set('error.line', __LINE__);
$observer->set('error.file', __FILE__);
$observer->set('error.debug', $rs);
return FALSE;
}
while ($row = $rs->sql_fetchrow(DB_ASSOC)) {
if ($userdata['session_logged_in'] && $row['username'] != $userdata['username'] || !$userdata['session_logged_in']) {
if (strtolower($row['username']) == strtolower($username)) {
$observer->set('error.title', 'Username Error');
$observer->set('error.message', 'That username is already taken.');
return FALSE;
} else {
$observer->set('error.title', 'Username Error');
$observer->set('error.message', 'Your username is too similar to the username of ' . $row['username']);
return FALSE;
}
}
}
// perform a wildcard search for special character matching
if (strtolower($username) != $checkname) {
$dao =& DaoFactory::create('users');
$dao->byUsername(preg_replace('/_/', '\\_', $checkname));
$rs =& $dao->execute();
while ($row = $rs->sql_fetchrow(DB_ASSOC)) {
if ($userdata['session_logged_in'] && $row['username'] != $userdata['username'] || !$userdata['session_logged_in']) {
if (strtolower($row['username']) == strtolower($username)) {
$observer->set('error.title', 'Username Error');
$observer->set('error.message', 'That username is already taken.');
return FALSE;
} else {
$observer->set('error.title', 'Username Error');
$observer->set('error.message', 'Your username is too similar to the username of ' . $row['username']);
return FALSE;
}
}
}
}
// check wordlist filter
$dao =& DaoFactory::create('words');
$dao->setWhat('word');
$rs =& $dao->execute();
while ($row = $rs->sql_fetchrow(DB_ASSOC)) {
if (preg_match("#\\b(" . str_replace("\\*", ".*?", phpbb_preg_quote($row['word'], '#')) . ")\\b#i", $username)) {
$observer->set('error.title', 'Username Error');
$observer->set('error.message', 'Your username contains invalid characters.');
return FALSE;
}
}
return TRUE;
}
