function validate_username($username, $check_ban_and_taken = true) { global $user, $lang; static $name_chars = 'a-z0-9а-яё_@$%^&;(){}\\#\\-\'.:+ '; $username = str_compact($username); $username = clean_username($username); // Length if (mb_strlen($username, 'UTF-8') > USERNAME_MAX_LENGTH) { return $lang['USERNAME_TOO_LONG']; } else { if (mb_strlen($username, 'UTF-8') < USERNAME_MIN_LENGTH) { return $lang['USERNAME_TOO_SMALL']; } } // Allowed symbols if (!preg_match('#^[' . $name_chars . ']+$#iu', $username, $m)) { $invalid_chars = preg_replace('#[' . $name_chars . ']#iu', '', $username); return "{$lang['USERNAME_INVALID']}: <b>" . htmlCHR($invalid_chars) . "</b>"; } // HTML Entities if (preg_match_all('/&(#[0-9]+|[a-z]+);/iu', $username, $m)) { foreach ($m[0] as $ent) { if (!preg_match('/^(&|<|>)$/iu', $ent)) { return $lang['USERNAME_INVALID']; } } } if ($check_ban_and_taken) { // Занято $username_sql = DB()->escape($username); if ($row = DB()->fetch_row("SELECT username FROM " . BB_USERS . " WHERE username = '******' LIMIT 1")) { if (!IS_GUEST && $row['username'] != $user->name || IS_GUEST) { return $lang['USERNAME_TAKEN']; } } // Запрещено $banned_names = array(); foreach (DB()->fetch_rowset("SELECT disallow_username FROM " . BB_DISALLOW . " ORDER BY NULL") as $row) { $banned_names[] = str_replace('\\*', '.*?', preg_quote($row['disallow_username'], '#u')); } if ($banned_names_exp = join('|', $banned_names)) { if (preg_match("#^({$banned_names_exp})\$#iu", $username)) { return $lang['USERNAME_DISALLOWED']; } } } return false; }
function words_rate() { // слова начинающиеся на.. $del_list = file_get_contents(BB_ROOT . '/library/words_rate_del_list.txt'); $del_list = str_compact($del_list); $del_list = str_replace(' ', '|', preg_quote($del_list, '/')); $del_exp = '/\\b(' . $del_list . ')[\\w\\-]*/i'; $this->words_del_exp = $del_exp; }
function build_poll_data($posted_data) { $poll_caption = (string) @$posted_data['poll_caption']; $poll_votes = (string) @$posted_data['poll_votes']; $this->poll_votes = array(); if (!($poll_caption = str_compact($poll_caption))) { global $lang; return $this->err_msg = $lang['EMPTY_POLL_TITLE']; } $this->poll_votes[] = $poll_caption; // заголовок имеет vote_id = 0 foreach (explode("\n", $poll_votes) as $vote) { if (!($vote = str_compact($vote))) { continue; } $this->poll_votes[] = $vote; } // проверять на "< 3" -- 2 варианта ответа + заголовок if (count($this->poll_votes) < 3 || count($this->poll_votes) > $this->max_votes + 1) { global $lang; return $this->err_msg = sprintf($lang['NEW_POLL_VOTES'], $this->max_votes); } }
/** * Explain queries (based on code from phpBB3) */ function explain($mode, $html_table = '', $row = '') { $query = str_compact($this->cur_query); // remove comments $query = preg_replace('#(\\s*)(/\\*)(.*)(\\*/)(\\s*)#', '', $query); switch ($mode) { case 'start': $this->explain_hold = ''; // TODO: добавить поддержку многотабличных запросов if (preg_match('#UPDATE ([a-z0-9_]+).*?WHERE(.*)/#', $query, $m)) { $query = "SELECT * FROM {$m['1']} WHERE {$m['2']}"; } else { if (preg_match('#DELETE FROM ([a-z0-9_]+).*?WHERE(.*)#s', $query, $m)) { $query = "SELECT * FROM {$m['1']} WHERE {$m['2']}"; } } if (preg_match('#^SELECT#', $query)) { $html_table = false; if ($result = @mysql_query("EXPLAIN {$query}", $this->link)) { while ($row = @mysql_fetch_assoc($result)) { $html_table = $this->explain('add_explain_row', $html_table, $row); } } if ($html_table) { $this->explain_hold .= '</table>'; } } break; case 'stop': if (!$this->explain_hold) { break; } $id = $this->dbg_id - 1; $htid = 'expl-' . intval($this->link) . '-' . $id; $dbg = $this->dbg[$id]; $this->explain_out .= ' <table width="98%" cellpadding="0" cellspacing="0" class="bodyline row2 bCenter" style="border-bottom: 0px;"> <tr> <th style="height: 22px; cursor: pointer;" align="left"> ' . $dbg['src'] . ' [' . sprintf('%.4f', $dbg['time']) . ' s] <i>' . $dbg['info'] . '</i></th> <th style="height: 22px; cursor: pointer;" align="right" title="Copy to clipboard" onclick="$.copyToClipboard( $(\'#' . $htid . '\').text() );">' . "{$this->db_server}.{$this->selected_db}" . ' :: Query #' . ($this->num_queries + 1) . ' </th> </tr> <tr><td colspan="2">' . $this->explain_hold . '</td></tr> </table> <div class="sqlLog"><div id="' . $htid . '" class="sqlLogRow sqlExplain" style="padding: 0px;">' . short_query($dbg['sql'], true) . ' </div></div> <br />'; break; case 'add_explain_row': if (!$html_table && $row) { $html_table = true; $this->explain_hold .= '<table width="100%" cellpadding="3" cellspacing="1" class="bodyline" style="border-width: 0;"><tr>'; foreach (array_keys($row) as $val) { $this->explain_hold .= '<td class="row3 gensmall" align="center"><b>' . $val . '</b></td>'; } $this->explain_hold .= '</tr>'; } $this->explain_hold .= '<tr>'; foreach (array_values($row) as $i => $val) { $class = !($i % 2) ? 'row1' : 'row2'; $this->explain_hold .= '<td class="' . $class . ' gen">' . str_replace(array("{$this->selected_db}.", ',', ';'), array('', ', ', ';<br />'), $val) . '</td>'; } $this->explain_hold .= '</tr>'; return $html_table; break; case 'display': echo '<a name="explain"></a><div class="med">' . $this->explain_out . '</div>'; break; } }
break; } switch ($mode) { case 'save': case 'new': if (!($tpl_name = htmlCHR(str_compact($this->request['tpl_name'])))) { $this->ajax_die('не заполнено название шаблона'); } $tpl_name = substr($tpl_name, 0, 60); if (!($tpl_src_form = htmlCHR($this->request['tpl_src_form']))) { $this->ajax_die('не заполнен скрипт формы шаблона'); } if (!($tpl_src_title = htmlCHR($this->request['tpl_src_title']))) { $this->ajax_die('не заполнен формат названия темы'); } $tpl_src_title = str_compact($tpl_src_title); if (!($tpl_src_msg = htmlCHR($this->request['tpl_src_msg']))) { $this->ajax_die('не заполнен формат создания сообщения'); } $tpl_comment = htmlCHR($this->request['tpl_comment']); preg_match('#\\d+#', (string) $this->request['tpl_rules'], $m); $tpl_rules_post_id = isset($m[0]) ? (int) $m[0] : 0; $sql_args = array('tpl_name' => (string) $tpl_name, 'tpl_src_form' => (string) $tpl_src_form, 'tpl_src_title' => (string) $tpl_src_title, 'tpl_src_msg' => (string) $tpl_src_msg, 'tpl_comment' => (string) $tpl_comment, 'tpl_rules_post_id' => (int) $tpl_rules_post_id, 'tpl_last_edit_tm' => (int) TIMENOW, 'tpl_last_edit_by' => (int) $userdata['user_id']); break; } // выполнение switch ($mode) { // загрузка шаблона case 'load': $this->response['val']['tpl-name-save'] = $tpl_data['tpl_name']; $this->response['val']['tpl-src-form'] = $tpl_data['tpl_src_form'];
/** * Log error */ function log_error() { if (!SQL_LOG_ERRORS) { return; } if (!error_reporting()) { return; } $msg = array(); $err = $this->sql_error(); $msg[] = str_compact(sprintf('#%06d %s', $err['code'], $err['message'])); $msg[] = ''; $msg[] = str_compact($this->cur_query); $msg[] = ''; $msg[] = 'Source : ' . $this->debug_find_source(); $msg[] = 'IP : ' . @$_SERVER['REMOTE_ADDR']; $msg[] = 'Date : ' . date('Y-m-d H:i:s'); $msg[] = 'Agent : ' . @$_SERVER['HTTP_USER_AGENT']; $msg[] = 'Req_URI : ' . @$_SERVER['REQUEST_URI']; $msg[] = 'Referer : ' . @$_SERVER['HTTP_REFERER']; $msg[] = 'Method : ' . @$_SERVER['REQUEST_METHOD']; $msg[] = 'Request : ' . trim(print_r($_REQUEST, true)) . str_repeat('_', 78) . LOG_LF; $msg[] = ''; bb_log($msg, 'sql_error_tr'); }
function log_request($file = '', $prepend_str = false, $add_post = true) { global $user; $file = $file ? $file : 'req/' . date('m-d'); $str = array(); $str[] = date('m-d H:i:s'); if ($prepend_str !== false) { $str[] = $prepend_str; } if (!empty($user->data)) { $str[] = $user->id . "\t" . html_entity_decode($user->name); } $str[] = sprintf('%-15s', $_SERVER['REMOTE_ADDR']); if (isset($_SERVER['REQUEST_URI'])) { $str[] = $_SERVER['REQUEST_URI']; } if (isset($_SERVER['HTTP_USER_AGENT'])) { $str[] = $_SERVER['HTTP_USER_AGENT']; } if (isset($_SERVER['HTTP_REFERER'])) { $str[] = $_SERVER['HTTP_REFERER']; } if (!empty($_POST) && $add_post) { $str[] = "post: " . str_compact(urldecode(http_build_query($_POST))); } $str = join("\t", $str) . "\n"; bb_log($str, $file); }
function remove_stopwords($text) { static $stopwords = null; if (is_null($stopwords)) { $stopwords = explode(' ', str_compact(@file_get_contents(LANG_DIR . 'search_stopwords.txt'))); array_deep($stopwords, 'pad_with_space'); } return $stopwords ? str_replace($stopwords, ' ', $text) : $text; }
function clean_filename($fname) { static $s = array('\\', '/', ':', '*', '?', '"', '<', '>', '|', ' '); return str_replace($s, '_', str_compact($fname)); }