/** * Handle flood control for members. * * @param MEMBER The member ID that just got detected */ function ocf_flood_control($id) { global $NON_PAGE_SCRIPT; if ($NON_PAGE_SCRIPT == 1) { return; } global $FLOOD_CONTROL_ONCE; if ($FLOOD_CONTROL_ONCE) { return; } $FLOOD_CONTROL_ONCE = true; if (get_page_name() == 'join') { return; } if (!running_script('index') && !running_script('iframe')) { return; } require_code('ocf_groups'); // Set last visit time session cookie if it doesn't exist if (!array_key_exists('last_visit', $_COOKIE) && $GLOBALS['FORUM_DRIVER']->get_guest_id() != $id) { require_code('users_active_actions'); $lvt = $this->get_member_row_field($id, 'm_last_visit_time'); ocp_setcookie('last_visit', is_null($lvt) ? strval(time()) : strval($lvt), true); $new_visit = true; } else { $new_visit = false; } // Do some flood control $submitting = count($_POST) > 0 && get_param('type', NULL) !== 'ed' && get_param('type', NULL) !== 'ec' && !running_script('preview'); $restrict = $submitting ? 'flood_control_submit_secs' : 'flood_control_access_secs'; $restrict_setting = $submitting ? 'm_last_submit_time' : 'm_last_visit_time'; $restrict_answer = ocf_get_best_group_property($this->get_members_groups($id), $restrict); if (!$submitting && array_key_exists('redirect', $_GET)) { $restrict_answer = 0; } if ($restrict_answer < 0) { $restrict_answer = 0; } $last = $this->get_member_row_field($id, $restrict_setting); if ($last > time()) { $last = time() - $restrict_answer; } // Weird clock problem $wait_time = $restrict_answer - time() + $last; if ($wait_time > 0 && addon_installed('stats')) { require_code('site'); log_stats('/flood', 0); $time_threshold = 30; $count_threshold = 50; $query = 'SELECT COUNT(*) FROM ' . $GLOBALS['SITE_DB']->get_table_prefix() . 'stats WHERE date_and_time>' . strval(time() - $time_threshold) . ' AND date_and_time<' . strval(time()) . ' AND ' . db_string_equal_to('ip', get_ip_address()); $count = $GLOBALS['SITE_DB']->query_value_null_ok_full($query); if ($count >= $count_threshold && addon_installed('securitylogging')) { $ip = get_ip_address(); require_code('failure'); add_ip_ban($ip); require_code('notifications'); dispatch_notification('auto_ban', NULL, do_lang('AUTO_BAN_SUBJECT', $ip, NULL, NULL, get_site_default_lang()), do_lang('AUTO_BAN_DOS_MESSAGE', $ip, integer_format($count_threshold), integer_format($time_threshold), get_site_default_lang()), NULL, A_FROM_SYSTEM_PRIVILEGED); } if (!function_exists('require_lang')) { require_code('lang'); } if (!function_exists('do_lang_tempcode')) { require_code('tempcode'); } require_lang('ocf'); warn_exit(do_lang_tempcode('FLOOD_CONTROL_RESTRICT', integer_format($wait_time))); } $extra = $submitting ? array('m_last_submit_time' => time()) : array(); $dif = time() - $this->get_member_row_field($id, 'm_last_visit_time'); if ($dif < 0) { $dif = 0; } // can happen if system clock changes if (is_guest($id)) { if (get_value('session_prudence') !== '1') { global $SESSION_CACHE; $num_guests = 0; foreach ($SESSION_CACHE as $c) { if (!array_key_exists('the_user', $c)) { continue; } // Workaround to HipHop PHP weird bug if ($c['last_activity'] > time() - 60 * 4 && is_guest($c['the_user'])) { $num_guests++; } } $dif *= $num_guests; } else { $restrict_answer = 0; } } if ($submitting || count($_POST) == 0 && $dif > $wait_time) { if ($restrict_answer != 0 || $dif > 180 || $new_visit) { $old_ip = $this->get_member_row_field($id, 'm_ip_address'); $change_map = array('m_last_visit_time' => time()); if (get_ip_address() != $old_ip) { $change_map['m_ip_address'] = get_ip_address(); } if (get_db_type() != 'xml') { $this->connection->query_update('f_members', $change_map + $extra, array('id' => $id), '', 1, NULL, false, true); } } } }
/** * Get the best value of all values of a property for a member (due to members being in multiple usergroups). * * @param MEMBER The ID of the member. * @param ID_TEXT The identifier of the property. * @return mixed The property value. */ function ocf_get_member_best_group_property($member_id, $property) { return ocf_get_best_group_property($GLOBALS['OCF_DRIVER']->get_members_groups($member_id, false, true), $property); }
/** * Do a terminal execution on a defined page type * * @param mixed The error message (string or tempcode) * @param ID_TEXT Name of the terminal page template */ function _generic_exit($text, $template) { @ob_end_clean(); // Incase in minimodule if (get_param_integer('keep_fatalistic', 0) == 1) { fatal_exit($text); } @header('Content-type: text/html; charset=' . get_charset()); @header('Content-Disposition: inline'); //$x=@ob_get_contents(); @ob_end_clean(); //if (is_string($x)) @print($x); Disabled as causes weird crashes $text_eval = is_object($text) ? $text->evaluate() : $text; if ($GLOBALS['HTTP_STATUS_CODE'] == '200') { if ($text_eval == do_lang('ocf:NO_MARKERS_SELECTED') || $text_eval == do_lang('NOTHING_SELECTED')) { if (!headers_sent()) { $GLOBALS['HTTP_STATUS_CODE'] = '400'; if (!browser_matches('ie') && strpos(ocp_srv('SERVER_SOFTWARE'), 'IIS') === false) { header('HTTP/1.0 400 Bad Request'); } } } elseif ($text_eval == do_lang('MISSING_RESOURCE') || $text_eval == do_lang('USER_NO_EXIST')) { if (!headers_sent()) { $GLOBALS['HTTP_STATUS_CODE'] = '404'; if (!browser_matches('ie') && strpos(ocp_srv('SERVER_SOFTWARE'), 'IIS') === false) { header('HTTP/1.0 404 Not Found'); } } if (ocp_srv('HTTP_REFERER') != '') { relay_error_notification($text_eval . ' ' . do_lang('REFERRER', ocp_srv('HTTP_REFERER'), substr(get_browser_string(), 0, 255)), false, 'error_occurred_missing_resource'); } } elseif ($template == 'WARN_SCREEN') { if (!headers_sent()) { $GLOBALS['HTTP_STATUS_CODE'] = '500'; if (!browser_matches('ie') && strpos(ocp_srv('SERVER_SOFTWARE'), 'IIS') === false) { header('HTTP/1.0 500 Internal server error'); } } } } if (array_key_exists('MSN_DB', $GLOBALS) && !is_null($GLOBALS['MSN_DB'])) { $GLOBALS['FORUM_DB'] = $GLOBALS['MSN_DB']; $GLOBALS['MSN_DB'] = NULL; } global $EXITING; if (running_script('upgrader') || !function_exists('get_page_title')) { critical_error('PASSON', is_object($text) ? $text->evaluate() : $text); } if ($EXITING >= 1 || !function_exists('get_member')) { critical_error('EMERGENCY', is_object($text) ? $text->evaluate() : escape_html($text)); } $EXITING++; if (!function_exists('do_header')) { require_code('site'); } if (get_forum_type() == 'ocf' && get_db_type() != 'xml') { require_code('ocf_groups'); $restrict_answer = ocf_get_best_group_property($GLOBALS['FORUM_DRIVER']->get_members_groups(get_member()), 'flood_control_submit_secs'); $GLOBALS['NO_DB_SCOPE_CHECK'] = true; $GLOBALS['SITE_DB']->query_update('f_members', array('m_last_submit_time' => time() - $restrict_answer - 1), array('id' => get_member()), '', 1); $GLOBALS['NO_DB_SCOPE_CHECK'] = false; } global $DONE_HEADER; $bail_out = isset($DONE_HEADER) && $DONE_HEADER; $echo = $bail_out ? new ocp_tempcode() : do_header(running_script('preview') || running_script('iframe') || running_script('shoutbox')); if ($template == 'INFORM_SCREEN' && is_object($GLOBALS['DISPLAYED_TITLE'])) { $title = get_page_title($GLOBALS['DISPLAYED_TITLE'], false); } else { $title = get_page_title($template == 'INFORM_SCREEN' ? 'MESSAGE' : 'ERROR_OCCURRED'); } if (running_script('preview') || running_script('iframe') || running_script('shoutbox')) { $echo = do_template('STYLED_HTML_WRAP', array('TITLE' => do_lang_tempcode($template == 'INFORM_SCREEN' ? 'MESSAGE' : 'ERROR_OCCURRED'), 'FRAME' => true, 'TARGET' => '_top', 'CONTENT' => $text)); $echo->handle_symbol_preprocessing(); $echo->evaluate_echo(); exit; } $inside = do_template($template, array('TITLE' => $title, 'TEXT' => $text, 'PROVIDE_BACK' => true)); $echo->attach(running_script('preview') || running_script('iframe') || running_script('shoutbox') ? $inside : globalise($inside)); $echo->attach(do_footer($bail_out)); $echo->handle_symbol_preprocessing(); $echo->evaluate_echo(); exit; }
/** * Assign a page refresh to the specified URL. * * @param mixed Refresh to this URL (URLPATH or Tempcode URL) * @param float Take this many times longer than a 'standard ocPortal refresh' */ function assign_refresh($url, $multiplier) { if (is_object($url)) { $url = $url->evaluate(); } if (strpos($url, 'keep_session') !== false) { $url = enforce_sessioned_url($url); } // In case the session changed in transit (this refresh URL may well have been relayed from a much earlier point) $special_page_type = get_param('special_page_type', 'view'); $must_show_message = $multiplier != 0.0; // Fudge so that redirects can't count as flooding if (get_forum_type() == 'ocf') { require_code('ocf_groups'); $restrict_answer = ocf_get_best_group_property($GLOBALS['FORUM_DRIVER']->get_members_groups(get_member()), 'flood_control_access_secs'); if ($restrict_answer != 0) { $restrict_setting = 'm_last_visit_time'; $GLOBALS['FORUM_DB']->query_update('f_members', array('m_last_visit_time' => time() - $restrict_answer - 1), array('id' => get_member()), '', 1); } } if (!$must_show_message) { // Preferably server is gonna redirect before page is shown. This is for accessibility reasons if (strpos($url, chr(10)) !== false || strpos($url, chr(13)) !== false) { log_hack_attack_and_exit('HEADER_SPLIT_HACK'); } global $FORCE_META_REFRESH; if ($special_page_type == 'view' && $GLOBALS['NON_PAGE_SCRIPT'] == 0 && !headers_sent() && !$FORCE_META_REFRESH) { header('Location: ' . $url); if (strpos($url, '#') === false) { $GLOBALS['QUICK_REDIRECT'] = true; } } } if ($special_page_type == 'view') { global $REFRESH_URL; $REFRESH_URL[0] = $url; $REFRESH_URL[1] = 2.5 * $multiplier; } }