예제 #1
0
if($PHORUM['registration_control']) {
    //$PHORUM['DATA']['PROFILE']['email_temp']="email_address@bogus.com|bla";
    if (!empty($PHORUM['DATA']['PROFILE']['email_temp'])) {
            list($PHORUM['DATA']['PROFILE']['email_temp_part'],$bogus)=explode("|",$PHORUM['DATA']['PROFILE']['email_temp']);
    }
}

if ( count( $_POST ) ) {

    if ( empty( $_POST["email"] ) ) {
        $error = $PHORUM["DATA"]["LANG"]["ErrRequired"];
    } elseif (!phorum_valid_email( $_POST["email"])) {
        $error = $PHORUM["DATA"]["LANG"]["ErrEmail"];
    } elseif ($PHORUM['user']['email'] != $_POST["email"] && phorum_user_check_email($_POST["email"])) {
        $error = $PHORUM["DATA"]["LANG"]["ErrEmailExists"];
    } elseif (!phorum_check_ban_lists($_POST["email"], PHORUM_BAD_EMAILS)) {
        $error = $PHORUM["DATA"]["LANG"]["ErrBannedEmail"];
    } elseif (isset($PHORUM['DATA']['PROFILE']['email_temp_part']) && !empty($_POST['email_verify_code']) && $PHORUM['DATA']['PROFILE']['email_temp_part']."|".$_POST['email_verify_code'] != $PHORUM['DATA']['PROFILE']['email_temp']) {
        $error = $PHORUM['DATA']['LANG']['ErrWrongMailcode'];
    } else {
        // flip this due to db vs. UI wording.
        $_POST["hide_email"] = ( isset($_POST["hide_email"]) ) ? 0 : 1;

        $_POST['moderation_email'] = ( isset($_POST['moderation_email']) && phorum_user_moderate_allowed(PHORUM_MODERATE_ALLOWED_ANYWHERE) ) ? 1 : 0;

        // Remember this for the template.
        if (isset($PHORUM['DATA']['PROFILE']['email_temp_part'])) {
            $email_temp_part = $PHORUM['DATA']['PROFILE']['email_temp_part'];
        }

        // do we need to send a confirmation-mail?
예제 #2
0
/**
 * This function can perform multiple banlist checks at once and will
 * automatically generate an appropriate error message when a banlist
 * match is found.
 * @param bans - an array of bans to check. Each element in this array is an
 *               array itself with two elements: the value to check and the
 *               type of banlist to check against. One special case:
 *               if the type if PHORUM_BAD_IPS, the value may be NULL.
 *               In that case the IP/hostname of the client will be checked.
 * @return - An error message in case a banlist match was found or NULL
 *           if no match was found.
 */
function phorum_check_bans($bans)
{
    $PHORUM = $GLOBALS["PHORUM"];
    // A mapping from bantype -> error message to return on match.
    $phorum_bantype2error = array(PHORUM_BAD_NAMES => "ErrBannedName", PHORUM_BAD_EMAILS => "ErrBannedEmail", PHORUM_BAD_USERID => "ErrBannedUser", PHORUM_BAD_IPS => "ErrBannedIP", PHORUM_BAD_SPAM_WORDS => "ErrBannedContent");
    // These language strings are set dynamically, so the language
    // tool won't recognize them automatically. Therefore they are
    // mentioned here.
    // $PHORUM["DATA"]["LANG"]["ErrBannedName"]
    // $PHORUM["DATA"]["LANG"]["ErrBannedEmail"]
    // $PHORUM["DATA"]["LANG"]["ErrBannedUser"]
    // $PHORUM["DATA"]["LANG"]["ErrBannedIP"]
    // $PHORUM["DATA"]["LANG"]["ErrBannedContent"]
    $cache_key = $PHORUM['forum_id'];
    // Load the ban lists.
    if (!isset($GLOBALS["PHORUM"]["banlists"])) {
        if (!empty($PHORUM['cache_banlists']) && !empty($PHORUM['banlist_version'])) {
            $GLOBALS["PHORUM"]["banlists"] = phorum_cache_get('banlist', $cache_key, $PHORUM['banlist_version']);
            if (!is_array($GLOBALS["PHORUM"]["banlists"]) || !count($GLOBALS["PHORUM"]["banlists"])) {
                unset($GLOBALS["PHORUM"]["banlists"]);
            }
        }
        // not found or no caching enabled
        if (!isset($GLOBALS["PHORUM"]["banlists"])) {
            $GLOBALS["PHORUM"]["banlists"] = phorum_db_get_banlists();
            if (isset($GLOBALS["PHORUM"]["banlists"]) && isset($PHORUM['cache_banlists']) && $PHORUM['cache_banlists']) {
                if (!isset($PHORUM['banlist_version'])) {
                    $PHORUM['banlist_version'] = 1;
                    phorum_db_update_settings(array('banlist_version' => 1));
                }
                phorum_cache_put('banlist', $cache_key, $GLOBALS["PHORUM"]["banlists"], 7200, $PHORUM['banlist_version']);
            }
        }
    }
    if (!isset($GLOBALS['PHORUM']['banlists'])) {
        return NULL;
    }
    // Run the checks.
    for (;;) {
        // An array for adding ban checks on the fly.
        $add_bans = array();
        foreach ($bans as $ban) {
            // Checking IP/hostname, but no value set? Then add the IP-address
            // and hostname (if DNS lookups are enabled) to the end of the checking
            // queue and continue with the next check.
            if ($ban[1] == PHORUM_BAD_IPS && $ban[0] == NULL) {
                $add_bans[] = array($_SERVER["REMOTE_ADDR"], PHORUM_BAD_IPS);
                if ($PHORUM["dns_lookup"]) {
                    $resolved = @gethostbyaddr($_SERVER["REMOTE_ADDR"]);
                    if (!empty($resolved) && $resolved != $_SERVER["REMOTE_ADDR"]) {
                        $add_bans[] = array($resolved, PHORUM_BAD_IPS);
                    }
                }
                continue;
            }
            // Do a single banlist check. Return an error if we find a match.
            if (!phorum_check_ban_lists($ban[0], $ban[1])) {
                $msg = $PHORUM["DATA"]["LANG"][$phorum_bantype2error[$ban[1]]];
                // Replace %name% with the blocked string.
                $msg = str_replace('%name%', htmlspecialchars($ban[0]), $msg);
                return $msg;
            }
        }
        // Bans added on the fly? Then restart the loop.
        if (count($add_bans) == 0) {
            break;
        } else {
            $bans = $add_bans;
        }
    }
    return NULL;
}