/** * Check if the given message and/or user is banned from posting. * * NOTE: This function could probably be optimized by doing most of the * work in the MySQL database instead of in PHP. In other words, * do the work that isBanned() is doing in a database query, something * like: * * $sql = "SELECT type FROM {$PHORUM['banlist_table']} " * ." WHERE pcre=0 " * ." AND (type=".PHORUM_BAD_IPS." AND string='$p_ip')" * ." OR (type=".PHORUM_BAD_EMAILS." AND string='".$p_email"')" * ." OR (type=".PHORUM_BAD_NAMES." AND string='$p_name')"; * * @param Phorum_message $p_phorumMessage * @param Phorum_user $p_phorumUser * @param int $p_forumId * @return boolean */ public static function IsPostBanned($p_phorumMessage, $p_phorumUser = null, $p_forumId = null) { global $PHORUM; static $bans; // Fetch the settings and pretend they were returned to // us instead of setting a global variable. phorum_db_load_settings(); $settings = $PHORUM['SETTINGS']; // Cache the ban list. if (!isset($bans)) { // get the bans $bans = Phorum_ban_item::GetBanItems($p_forumId); } // Check if any of them match $banned = array(); foreach ($bans as $ban) { switch ($ban->getType()) { case PHORUM_BAD_NAMES: if ($ban->isBanned($p_phorumMessage->getAuthor())) { $banned[PHORUM_BAD_NAMES] = PHORUM_BAD_NAMES; } if (!is_null($p_phorumUser) && $ban->isBanned($p_phorumUser->getUserName())) { $banned[PHORUM_BAD_NAMES] = PHORUM_BAD_NAMES; } break; case PHORUM_BAD_EMAILS: if ($ban->isBanned($p_phorumMessage->getEmail())) { $banned[PHORUM_BAD_EMAILS] = PHORUM_BAD_EMAILS; } if (!is_null($p_phorumUser) && $ban->isBanned($p_phorumUser->getEmail())) { $banned[PHORUM_BAD_EMAILS] = PHORUM_BAD_EMAILS; } break; case PHORUM_BAD_USERID: if (!is_null($p_phorumUser) && $ban->isBanned($p_phorumUser->getUserId())) { $banned[PHORUM_BAD_USERID] = PHORUM_BAD_USERID; } break; case PHORUM_BAD_IPS: if ($ban->isBanned($p_phorumMessage->getIpAddress())) { $banned[PHORUM_BAD_IPS] = PHORUM_BAD_IPS; } break; case PHORUM_BAD_SPAM_WORDS: if ($ban->isBanned($p_phorumMessage->getSubject()) || $ban->isBanned($p_phorumMessage->getBody())){ $banned[PHORUM_BAD_SPAM_WORDS] = PHORUM_BAD_SPAM_WORDS; } break; } } if (count($banned) > 0) { return $banned; } else { return false; } } // fn IsPostBanned
// Load the database layer. include_once( "./include/db/{$PHORUM['DBCONFIG']['type']}.php" ); if(!phorum_db_check_connection()){ if(isset($PHORUM["DBCONFIG"]["down_page"])){ header("Location: ".$PHORUM["DBCONFIG"]["down_page"]); exit(); } else { echo "The database connection failed. Please check your database configuration in include/db/config.php. If the configuration is okay, check if the database server is running."; exit(); } } // get the Phorum settings phorum_db_load_settings(); // a hook for rewriting vars at the beginning of common.php, //right after loading the settings from the database phorum_hook( "common_pre", "" ); include_once( "./include/cache.php" ); // stick some stuff from the settings into the DATA member $PHORUM["DATA"]["TITLE"] = ( isset( $PHORUM["title"] ) ) ? $PHORUM["title"] : ""; $PHORUM["DATA"]["HTML_TITLE"] = ( !empty( $PHORUM["html_title"] ) ) ? $PHORUM["html_title"] : $PHORUM["DATA"]["TITLE"]; $PHORUM["DATA"]["HEAD_TAGS"] = ( isset( $PHORUM["head_tags"] ) ) ? $PHORUM["head_tags"] : ""; $PHORUM["DATA"]["FORUM_ID"] = $PHORUM["forum_id"]; //////////////////////////////////////////////////////////// // only do this stuff if we are not in the admin
/** * Create a message. * * @param int $p_forumId * The forum ID that this message belongs to. * * @param string $p_subject * The subject of the message. * * @param string $p_body * The body of the message * * @param int $p_threadId * Set this to zero if it is the first message in the thread * * @param int $p_parentId * The message you are replying to. * * @param string $p_author * Human readable string for the name of the author. * * @param string $p_email * Author's email. * * @param int $p_userId * User ID that is stored in the phorum_users table. * * @return boolean */ public function create($p_forumId, $p_subject ='', $p_body = '', $p_threadId = 0, $p_parentId = 0, $p_author = '', $p_email = '', $p_userId = 0) { global $PHORUM; global $g_ado_db; if (!is_numeric($p_forumId)) { return null; } // Fetch the settings and pretend they were returned to // us instead of setting a global variable. phorum_db_load_settings(); $settings = $PHORUM['SETTINGS']; // Required Input $message['forum_id'] = $p_forumId; // Optional input $message['body'] = $p_body; $message['subject'] = $p_subject; $message['thread'] = $p_threadId; $message['parent_id'] = $p_parentId; $message['author'] = $p_author; $message['email'] = $p_email; $message['user_id'] = $p_userId; // Defaults $message['sort'] = PHORUM_SORT_DEFAULT; $message['closed'] = 0; // ??? Whats that suffix for? // $suffix = preg_replace("/[^a-z0-9]/i", "", $PHORUM["name"]); // $message['msgid'] = md5(uniqid(rand())) . ".$suffix"; $message['msgid'] = md5(uniqid(rand())); $message['moderator_post'] = '0'; $message['datestamp'] = time(); // Fetch the forum object - // we need it for the config values. $forumObj = new Phorum_forum($p_forumId); if (!$forumObj->exists()) { return false; } // Set message workflow based on forum config. if ($forumObj->isModerated()) { $message['status'] = PHORUM_STATUS_HOLD; } else { $message['status'] = PHORUM_STATUS_APPROVED; } // Set user IP. $user_ip = $_SERVER["REMOTE_ADDR"]; if ($settings["dns_lookup"]) { $resolved = @gethostbyaddr($_SERVER["REMOTE_ADDR"]); if (!empty($resolved)) { $user_ip = $resolved; } } $message["ip"] = $user_ip; $lockTables = array($PHORUM['message_table'], $PHORUM['search_table'], $PHORUM['subscribers_table']); $this->lockTables($lockTables); phorum_db_post_message($message); $this->mod_emailcomments($message); // Update the thread count. $sql = "SELECT COUNT(*) as thread_count FROM ".$PHORUM['message_table'] ." WHERE forum_id=".$p_forumId ." AND thread=".$message['thread'] ." AND status > 0"; $threadCount = $g_ado_db->GetOne($sql); $sql = "UPDATE ".$PHORUM['message_table'] ." SET thread_count=".$threadCount; $g_ado_db->Execute($sql); // Retrieve the message again because the database sets // some values. $message = phorum_db_get_message($message["message_id"], "message_id", true); $this->m_data = $message; // Set the thread depth $this->__initThreadDepth(); // Set the thread order. $this->__initThreadOrder(); $this->__updateThreadInfo(); if (isset($PHORUM['user']['user_id'])) { // Mark own message read. phorum_db_newflag_add_read(array(0=>array( "id" => $message["message_id"], "forum" => $message["forum_id"], ))); // Update the number of messages the user has posted. phorum_db_user_addpost(); } // Actions for messages which are approved. if ($message["status"] > 0) { // Update forum statistics, // ??? Note: phorum_db_update_forum_stats requires global parameter-passing. $PHORUM['forum_id'] = $p_forumId; phorum_db_update_forum_stats(false, 1, $message["datestamp"]); // Mail subscribed users. //phorum_email_notice($message); } // Mail moderators. if ($forumObj->emailModeratorsEnabled()) { //phorum_email_moderators($message); } $this->unlockTables(); return true; } // fn create
/** * Return TRUE if any one of the given username, email, or IP address * is banned. * * @param string $p_username * @param string $p_email */ public static function IsBanned($p_username, $p_email) { global $PHORUM; $conn = phorum_db_mysql_connect(); // Check if username is banned. $sql = "SELECT COUNT(*) as matches FROM ".$PHORUM['banlist_table'] ." WHERE type=".PHORUM_BAD_NAMES ." AND string='".mysql_escape_string($p_username)."'"; $result = mysql_query($sql, $conn); $row = mysql_fetch_assoc($result); if ($row['matches'] > 0) { return true; } // Check if email is banned. $sql = "SELECT COUNT(*) as matches FROM ".$PHORUM['banlist_table'] ." WHERE type=".PHORUM_BAD_EMAILS ." AND string='".mysql_escape_string($p_email)."'"; $result = mysql_query($sql, $conn); $row = mysql_fetch_assoc($result); if ($row['matches'] > 0) { return true; } // Check if IP address is banned. $ipaddr = $_SERVER['REMOTE_ADDR']; // Fetch the settings and pretend they were returned to // us instead of setting a global variable. phorum_db_load_settings(); $settings = $PHORUM['SETTINGS']; if ($settings["dns_lookup"]) { $resolved = @gethostbyaddr($_SERVER["REMOTE_ADDR"]); if (!empty($resolved) && $resolved != $_SERVER["REMOTE_ADDR"]) { $ipaddr = $resolved; } } $sql = "SELECT COUNT(*) as matches FROM ".$PHORUM['banlist_table'] ." WHERE type=".PHORUM_BAD_IPS ." AND string='".mysql_escape_string($ipaddr)."'"; $result = mysql_query($sql, $conn); $row = mysql_fetch_assoc($result); if ($row['matches'] > 0) { return true; } return false; } // fn IsBanned