/**
* Check if the given message and/or user is banned from posting.
*
* NOTE: This function could probably be optimized by doing most of the
* work in the MySQL database instead of in PHP. In other words,
* do the work that isBanned() is doing in a database query, something
* like:
*
* $sql = "SELECT type FROM {$PHORUM['banlist_table']} "
* ." WHERE pcre=0 "
* ." AND (type=".PHORUM_BAD_IPS." AND string='$p_ip')"
* ." OR (type=".PHORUM_BAD_EMAILS." AND string='".$p_email"')"
* ." OR (type=".PHORUM_BAD_NAMES." AND string='$p_name')";
*
* @param Phorum_message $p_phorumMessage
* @param Phorum_user $p_phorumUser
* @param int $p_forumId
* @return boolean
*/
public static function IsPostBanned($p_phorumMessage, $p_phorumUser = null, $p_forumId = null)
{
global $PHORUM;
static $bans;
// Fetch the settings and pretend they were returned to
// us instead of setting a global variable.
phorum_db_load_settings();
$settings = $PHORUM['SETTINGS'];
// Cache the ban list.
if (!isset($bans)) {
// get the bans
$bans = Phorum_ban_item::GetBanItems($p_forumId);
}
// Check if any of them match
$banned = array();
foreach ($bans as $ban) {
switch ($ban->getType()) {
case PHORUM_BAD_NAMES:
if ($ban->isBanned($p_phorumMessage->getAuthor())) {
$banned[PHORUM_BAD_NAMES] = PHORUM_BAD_NAMES;
}
if (!is_null($p_phorumUser) && $ban->isBanned($p_phorumUser->getUserName())) {
$banned[PHORUM_BAD_NAMES] = PHORUM_BAD_NAMES;
}
break;
case PHORUM_BAD_EMAILS:
if ($ban->isBanned($p_phorumMessage->getEmail())) {
$banned[PHORUM_BAD_EMAILS] = PHORUM_BAD_EMAILS;
}
if (!is_null($p_phorumUser) && $ban->isBanned($p_phorumUser->getEmail())) {
$banned[PHORUM_BAD_EMAILS] = PHORUM_BAD_EMAILS;
}
break;
case PHORUM_BAD_USERID:
if (!is_null($p_phorumUser) && $ban->isBanned($p_phorumUser->getUserId())) {
$banned[PHORUM_BAD_USERID] = PHORUM_BAD_USERID;
}
break;
case PHORUM_BAD_IPS:
if ($ban->isBanned($p_phorumMessage->getIpAddress())) {
$banned[PHORUM_BAD_IPS] = PHORUM_BAD_IPS;
}
break;
case PHORUM_BAD_SPAM_WORDS:
if ($ban->isBanned($p_phorumMessage->getSubject())
|| $ban->isBanned($p_phorumMessage->getBody())){
$banned[PHORUM_BAD_SPAM_WORDS] = PHORUM_BAD_SPAM_WORDS;
}
break;
}
}
if (count($banned) > 0) {
return $banned;
} else {
return false;
}
} // fn IsPostBanned
// Load the database layer.
include_once( "./include/db/{$PHORUM['DBCONFIG']['type']}.php" );
if(!phorum_db_check_connection()){
if(isset($PHORUM["DBCONFIG"]["down_page"])){
header("Location: ".$PHORUM["DBCONFIG"]["down_page"]);
exit();
} else {
echo "The database connection failed. Please check your database configuration in include/db/config.php. If the configuration is okay, check if the database server is running.";
exit();
}
}
// get the Phorum settings
phorum_db_load_settings();
// a hook for rewriting vars at the beginning of common.php,
//right after loading the settings from the database
phorum_hook( "common_pre", "" );
include_once( "./include/cache.php" );
// stick some stuff from the settings into the DATA member
$PHORUM["DATA"]["TITLE"] = ( isset( $PHORUM["title"] ) ) ? $PHORUM["title"] : "";
$PHORUM["DATA"]["HTML_TITLE"] = ( !empty( $PHORUM["html_title"] ) ) ? $PHORUM["html_title"] : $PHORUM["DATA"]["TITLE"];
$PHORUM["DATA"]["HEAD_TAGS"] = ( isset( $PHORUM["head_tags"] ) ) ? $PHORUM["head_tags"] : "";
$PHORUM["DATA"]["FORUM_ID"] = $PHORUM["forum_id"];
////////////////////////////////////////////////////////////
// only do this stuff if we are not in the admin
/**
* Create a message.
*
* @param int $p_forumId
* The forum ID that this message belongs to.
*
* @param string $p_subject
* The subject of the message.
*
* @param string $p_body
* The body of the message
*
* @param int $p_threadId
* Set this to zero if it is the first message in the thread
*
* @param int $p_parentId
* The message you are replying to.
*
* @param string $p_author
* Human readable string for the name of the author.
*
* @param string $p_email
* Author's email.
*
* @param int $p_userId
* User ID that is stored in the phorum_users table.
*
* @return boolean
*/
public function create($p_forumId, $p_subject ='', $p_body = '',
$p_threadId = 0, $p_parentId = 0,
$p_author = '', $p_email = '', $p_userId = 0)
{
global $PHORUM;
global $g_ado_db;
if (!is_numeric($p_forumId)) {
return null;
}
// Fetch the settings and pretend they were returned to
// us instead of setting a global variable.
phorum_db_load_settings();
$settings = $PHORUM['SETTINGS'];
// Required Input
$message['forum_id'] = $p_forumId;
// Optional input
$message['body'] = $p_body;
$message['subject'] = $p_subject;
$message['thread'] = $p_threadId;
$message['parent_id'] = $p_parentId;
$message['author'] = $p_author;
$message['email'] = $p_email;
$message['user_id'] = $p_userId;
// Defaults
$message['sort'] = PHORUM_SORT_DEFAULT;
$message['closed'] = 0;
// ??? Whats that suffix for?
// $suffix = preg_replace("/[^a-z0-9]/i", "", $PHORUM["name"]);
// $message['msgid'] = md5(uniqid(rand())) . ".$suffix";
$message['msgid'] = md5(uniqid(rand()));
$message['moderator_post'] = '0';
$message['datestamp'] = time();
// Fetch the forum object -
// we need it for the config values.
$forumObj = new Phorum_forum($p_forumId);
if (!$forumObj->exists()) {
return false;
}
// Set message workflow based on forum config.
if ($forumObj->isModerated()) {
$message['status'] = PHORUM_STATUS_HOLD;
} else {
$message['status'] = PHORUM_STATUS_APPROVED;
}
// Set user IP.
$user_ip = $_SERVER["REMOTE_ADDR"];
if ($settings["dns_lookup"]) {
$resolved = @gethostbyaddr($_SERVER["REMOTE_ADDR"]);
if (!empty($resolved)) {
$user_ip = $resolved;
}
}
$message["ip"] = $user_ip;
$lockTables = array($PHORUM['message_table'],
$PHORUM['search_table'],
$PHORUM['subscribers_table']);
$this->lockTables($lockTables);
phorum_db_post_message($message);
$this->mod_emailcomments($message);
// Update the thread count.
$sql = "SELECT COUNT(*) as thread_count FROM ".$PHORUM['message_table']
." WHERE forum_id=".$p_forumId
." AND thread=".$message['thread']
." AND status > 0";
$threadCount = $g_ado_db->GetOne($sql);
$sql = "UPDATE ".$PHORUM['message_table']
." SET thread_count=".$threadCount;
$g_ado_db->Execute($sql);
// Retrieve the message again because the database sets
// some values.
$message = phorum_db_get_message($message["message_id"], "message_id", true);
$this->m_data = $message;
// Set the thread depth
$this->__initThreadDepth();
// Set the thread order.
$this->__initThreadOrder();
$this->__updateThreadInfo();
if (isset($PHORUM['user']['user_id'])) {
// Mark own message read.
phorum_db_newflag_add_read(array(0=>array(
"id" => $message["message_id"],
"forum" => $message["forum_id"],
)));
// Update the number of messages the user has posted.
phorum_db_user_addpost();
}
// Actions for messages which are approved.
if ($message["status"] > 0) {
// Update forum statistics,
// ??? Note: phorum_db_update_forum_stats requires global parameter-passing.
$PHORUM['forum_id'] = $p_forumId;
phorum_db_update_forum_stats(false, 1, $message["datestamp"]);
// Mail subscribed users.
//phorum_email_notice($message);
}
// Mail moderators.
if ($forumObj->emailModeratorsEnabled()) {
//phorum_email_moderators($message);
}
$this->unlockTables();
return true;
} // fn create
/**
* Return TRUE if any one of the given username, email, or IP address
* is banned.
*
* @param string $p_username
* @param string $p_email
*/
public static function IsBanned($p_username, $p_email)
{
global $PHORUM;
$conn = phorum_db_mysql_connect();
// Check if username is banned.
$sql = "SELECT COUNT(*) as matches FROM ".$PHORUM['banlist_table']
." WHERE type=".PHORUM_BAD_NAMES
." AND string='".mysql_escape_string($p_username)."'";
$result = mysql_query($sql, $conn);
$row = mysql_fetch_assoc($result);
if ($row['matches'] > 0) {
return true;
}
// Check if email is banned.
$sql = "SELECT COUNT(*) as matches FROM ".$PHORUM['banlist_table']
." WHERE type=".PHORUM_BAD_EMAILS
." AND string='".mysql_escape_string($p_email)."'";
$result = mysql_query($sql, $conn);
$row = mysql_fetch_assoc($result);
if ($row['matches'] > 0) {
return true;
}
// Check if IP address is banned.
$ipaddr = $_SERVER['REMOTE_ADDR'];
// Fetch the settings and pretend they were returned to
// us instead of setting a global variable.
phorum_db_load_settings();
$settings = $PHORUM['SETTINGS'];
if ($settings["dns_lookup"]) {
$resolved = @gethostbyaddr($_SERVER["REMOTE_ADDR"]);
if (!empty($resolved) && $resolved != $_SERVER["REMOTE_ADDR"]) {
$ipaddr = $resolved;
}
}
$sql = "SELECT COUNT(*) as matches FROM ".$PHORUM['banlist_table']
." WHERE type=".PHORUM_BAD_IPS
." AND string='".mysql_escape_string($ipaddr)."'";
$result = mysql_query($sql, $conn);
$row = mysql_fetch_assoc($result);
if ($row['matches'] > 0) {
return true;
}
return false;
} // fn IsBanned
