/** * Executes the blacklist. */ protected function initBlacklist() { $isAjax = isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest'; if (defined('BLACKLIST_IP_ADDRESSES') && BLACKLIST_IP_ADDRESSES != '') { if (!StringUtil::executeWordFilter(UserUtil::convertIPv6To4(self::getSession()->ipAddress), BLACKLIST_IP_ADDRESSES)) { if ($isAjax) { throw new AJAXException(self::getLanguage()->get('wcf.ajax.error.permissionDenied'), AJAXException::INSUFFICIENT_PERMISSIONS); } else { throw new PermissionDeniedException(); } } else { if (!StringUtil::executeWordFilter(self::getSession()->ipAddress, BLACKLIST_IP_ADDRESSES)) { if ($isAjax) { throw new AJAXException(self::getLanguage()->get('wcf.ajax.error.permissionDenied'), AJAXException::INSUFFICIENT_PERMISSIONS); } else { throw new PermissionDeniedException(); } } } } if (defined('BLACKLIST_USER_AGENTS') && BLACKLIST_USER_AGENTS != '') { if (!StringUtil::executeWordFilter(self::getSession()->userAgent, BLACKLIST_USER_AGENTS)) { if ($isAjax) { throw new AJAXException(self::getLanguage()->get('wcf.ajax.error.permissionDenied'), AJAXException::INSUFFICIENT_PERMISSIONS); } else { throw new PermissionDeniedException(); } } } if (defined('BLACKLIST_HOSTNAMES') && BLACKLIST_HOSTNAMES != '') { if (!StringUtil::executeWordFilter(@gethostbyaddr(self::getSession()->ipAddress), BLACKLIST_HOSTNAMES)) { if ($isAjax) { throw new AJAXException(self::getLanguage()->get('wcf.ajax.error.permissionDenied'), AJAXException::INSUFFICIENT_PERMISSIONS); } else { throw new PermissionDeniedException(); } } } // handle banned users if (self::getUser()->userID && self::getUser()->banned) { if ($isAjax) { throw new AJAXException(self::getLanguage()->getDynamicVariable('wcf.user.error.isBanned'), AJAXException::INSUFFICIENT_PERMISSIONS); } else { throw new NamedUserException(self::getLanguage()->getDynamicVariable('wcf.user.error.isBanned')); } } }
/** * Executes the blacklist. */ protected function initBlacklist() { if (defined('BLACKLIST_IP_ADDRESSES') && BLACKLIST_IP_ADDRESSES != '') { if (!util\StringUtil::executeWordFilter(WCF::getSession()->ipAddress, BLACKLIST_IP_ADDRESSES)) { throw new exception\PermissionDeniedException(); } } if (defined('BLACKLIST_USER_AGENTS') && BLACKLIST_USER_AGENTS != '') { if (!util\StringUtil::executeWordFilter(WCF::getSession()->userAgent, BLACKLIST_USER_AGENTS)) { throw new exception\PermissionDeniedException(); } } if (defined('BLACKLIST_HOSTNAMES') && BLACKLIST_HOSTNAMES != '') { if (!util\StringUtil::executeWordFilter(@gethostbyaddr(WCF::getSession()->ipAddress), BLACKLIST_HOSTNAMES)) { throw new exception\PermissionDeniedException(); } } }
/** * @see \wcf\form\IForm::validate() */ public function validate() { // validate static user options try { $this->validateUsername($this->username); } catch (UserInputException $e) { $this->errorType[$e->getField()] = $e->getType(); } try { $this->validateEmail($this->email, $this->confirmEmail); } catch (UserInputException $e) { $this->errorType[$e->getField()] = $e->getType(); } try { $this->validatePassword($this->password, $this->confirmPassword); } catch (UserInputException $e) { $this->errorType[$e->getField()] = $e->getType(); } // validate user groups if (!empty($this->groupIDs)) { $conditions = new PreparedStatementConditionBuilder(); $conditions->add("groupID IN (?)", array($this->groupIDs)); $conditions->add("groupType NOT IN (?)", array(array(UserGroup::GUESTS, UserGroup::EVERYONE, UserGroup::USERS))); $sql = "SELECT groupID\n FROM wcf" . WCF_N . "_user_group\n " . $conditions; $statement = WCF::getDB()->prepareStatement($sql); $statement->execute($conditions->getParameters()); $this->groupIDs = array(); while ($row = $statement->fetchArray()) { $this->groupIDs[] = $row['groupID']; } } // validate user language $language = LanguageFactory::getInstance()->getLanguage($this->languageID); if ($language === null || !$language->languageID) { // use default language $this->languageID = LanguageFactory::getInstance()->getDefaultLanguageID(); } // validate visible languages foreach ($this->visibleLanguages as $key => $visibleLanguage) { $language = LanguageFactory::getInstance()->getLanguage($visibleLanguage); if (!$language->languageID || !$language->hasContent) { unset($this->visibleLanguages[$key]); } } if (empty($this->visibleLanguages) && ($language = LanguageFactory::getInstance()->getLanguage($this->languageID)) && $language->hasContent) { $this->visibleLanguages[] = $this->languageID; } // validate user title try { if (mb_strlen($this->userTitle) > USER_TITLE_MAX_LENGTH) { throw new UserInputException('userTitle', 'tooLong'); } if (!StringUtil::executeWordFilter($this->userTitle, USER_FORBIDDEN_TITLES)) { throw new UserInputException('userTitle', 'forbidden'); } } catch (UserInputException $e) { $this->errorType[$e->getField()] = $e->getType(); } $this->errorType = array_merge($this->optionHandler->validate(), $this->errorType); // validate dynamic options EventHandler::getInstance()->fireAction($this, 'validate'); // validate registration time if (!empty($this->errorType)) { throw new UserInputException('options', $this->errorType); } if (!$this->isExternalAuthentication && (!WCF::getSession()->getVar('registrationStartTime') || TIME_NOW - WCF::getSession()->getVar('registrationStartTime') < self::$minRegistrationTime)) { throw new UserInputException('registrationStartTime', array()); } }
/** * Saves changes to user profile. * * @return array */ public function save() { $userTitle = null; if (isset($this->parameters['values']['__userTitle'])) { $userTitle = StringUtil::trim(MessageUtil::stripCrap($this->parameters['values']['__userTitle'])); unset($this->parameters['values']['__userTitle']); } $optionHandler = $this->getOptionHandler($this->userProfile->getDecoratedObject()); $optionHandler->readUserInput($this->parameters); $errors = $optionHandler->validate(); // validate user title if ($userTitle !== null) { try { if (mb_strlen($userTitle) > USER_TITLE_MAX_LENGTH) { throw new UserInputException('__userTitle', 'tooLong'); } if (!StringUtil::executeWordFilter($userTitle, USER_FORBIDDEN_TITLES)) { throw new UserInputException('__userTitle', 'forbidden'); } } catch (UserInputException $e) { $errors[$e->getField()] = $e->getType(); } } // validation was successful if (empty($errors)) { $saveOptions = $optionHandler->save(); $data = array('options' => $saveOptions); // save user title if ($userTitle !== null) { $data['data'] = array('userTitle' => $userTitle); } $userAction = new UserAction(array($this->userProfile->userID), 'update', $data); $userAction->executeAction(); // check if the user will be automatically added to new // user groups because of the changed user options UserGroupAssignmentHandler::getInstance()->checkUsers(array($this->userProfile->userID)); // return parsed template $user = new User($this->userProfile->userID); // reload option handler $optionHandler = $this->getOptionHandler($user, false); $options = $optionHandler->getOptionTree(); WCF::getTPL()->assign(array('options' => $options, 'userID' => $this->userProfile->userID)); return array('success' => true, 'template' => WCF::getTPL()->fetch('userProfileAbout')); } else { // validation failed WCF::getTPL()->assign(array('errorType' => $errors, 'optionTree' => $optionHandler->getOptionTree(), '__userTitle' => $userTitle !== null ? $userTitle : $this->userProfile->userTitle)); return array('success' => false, 'template' => WCF::getTPL()->fetch('userProfileAboutEditable')); } }
/** * @see \wcf\form\IForm::validate() */ public function validate() { // validate static user options try { $this->validateUsername($this->username); } catch (UserInputException $e) { $this->errorType[$e->getField()] = $e->getType(); } try { $this->validateEmail($this->email, $this->confirmEmail); } catch (UserInputException $e) { $this->errorType[$e->getField()] = $e->getType(); } try { $this->validatePassword($this->password, $this->confirmPassword); } catch (UserInputException $e) { $this->errorType[$e->getField()] = $e->getType(); } // validate user groups if (!empty($this->groupIDs)) { $conditions = new PreparedStatementConditionBuilder(); $conditions->add("groupID IN (?)", array($this->groupIDs)); $conditions->add("groupType NOT IN (?)", array(array(UserGroup::GUESTS, UserGroup::EVERYONE, UserGroup::USERS))); $sql = "SELECT\tgroupID\n\t\t\t\tFROM\twcf" . WCF_N . "_user_group\n\t\t\t\t" . $conditions; $statement = WCF::getDB()->prepareStatement($sql); $statement->execute($conditions->getParameters()); $this->groupIDs = array(); while ($row = $statement->fetchArray()) { if (UserGroup::isAccessibleGroup(array($row['groupID']))) { $this->groupIDs[] = $row['groupID']; } } } // validate user language $language = LanguageFactory::getInstance()->getLanguage($this->languageID); if ($language === null || !$language->languageID) { // use default language $this->languageID = LanguageFactory::getInstance()->getDefaultLanguageID(); } // validate visible languages foreach ($this->visibleLanguages as $key => $visibleLanguage) { $language = LanguageFactory::getInstance()->getLanguage($visibleLanguage); if (!$language->languageID || !$language->hasContent) { unset($this->visibleLanguages[$key]); } } if (empty($this->visibleLanguages) && ($language = LanguageFactory::getInstance()->getLanguage($this->languageID)) && $language->hasContent) { $this->visibleLanguages[] = $this->languageID; } // validate user title try { if (mb_strlen($this->userTitle) > USER_TITLE_MAX_LENGTH) { throw new UserInputException('userTitle', 'tooLong'); } if (!StringUtil::executeWordFilter($this->userTitle, USER_FORBIDDEN_TITLES)) { throw new UserInputException('userTitle', 'forbidden'); } } catch (UserInputException $e) { $this->errorType[$e->getField()] = $e->getType(); } // validate dynamic options parent::validate(); }