public function check_for_errors() { $user = array(); $user['errors'] = ''; $user = Container::get('hooks')->fire('model.register.check_for_errors_start', $user); // Check that someone from this IP didn't register a user within the last hour (DoS prevention) $already_registered = DB::for_table('users')->where('registration_ip', Utils::getIp())->where_gt('registered', time() - 3600); $already_registered = Container::get('hooks')->fireDB('model.register.check_for_errors_ip_query', $already_registered); $already_registered = $already_registered->find_one(); if ($already_registered) { throw new Error(__('Registration flood'), 429); } $user['username'] = Utils::trim(Input::post('req_user')); $user['email1'] = strtolower(Utils::trim(Input::post('req_email1'))); if (ForumSettings::get('o_regs_verify') == '1') { $email2 = strtolower(Utils::trim(Input::post('req_email2'))); $user['password1'] = Random::pass(12); $password2 = $user['password1']; } else { $user['password1'] = Utils::trim(Input::post('req_password1')); $password2 = Utils::trim(Input::post('req_password2')); } // Validate username and passwords $profile = new \FeatherBB\Model\Profile(); $user['errors'] = $profile->check_username($user['username'], $user['errors']); if (Utils::strlen($user['password1']) < 6) { $user['errors'][] = __('Pass too short'); } elseif ($user['password1'] != $password2) { $user['errors'][] = __('Pass not match'); } // Antispam feature $lang_antispam_questions = (require ForumEnv::get('FEATHER_ROOT') . 'featherbb/lang/' . User::get()->language . '/antispam.php'); $question = Input::post('captcha_q') ? trim(Input::post('captcha_q')) : ''; $answer = Input::post('captcha') ? strtoupper(trim(Input::post('captcha'))) : ''; $lang_antispam_questions_array = array(); foreach ($lang_antispam_questions as $k => $v) { $lang_antispam_questions_array[md5($k)] = strtoupper($v); } if (empty($lang_antispam_questions_array[$question]) || $lang_antispam_questions_array[$question] != $answer) { $user['errors'][] = __('Robot test fail'); } // Validate email if (!Container::get('email')->is_valid_email($user['email1'])) { $user['errors'][] = __('Invalid email'); } elseif (ForumSettings::get('o_regs_verify') == '1' && $user['email1'] != $email2) { $user['errors'][] = __('Email not match'); } // Check if it's a banned email address if (Container::get('email')->is_banned_email($user['email1'])) { if (ForumSettings::get('p_allow_banned_email') == '0') { $user['errors'][] = __('Banned email'); } $user['banned_email'] = 1; // Used later when we send an alert email } // Check if someone else already has registered with that email address $dupe_list = array(); $dupe_mail = DB::for_table('users')->select('username')->where('email', $user['email1']); $dupe_mail = Container::get('hooks')->fireDB('model.register.check_for_errors_dupe', $dupe_mail); $dupe_mail = $dupe_mail->find_many(); if ($dupe_mail) { if (ForumSettings::get('p_allow_dupe_email') == '0') { $user['errors'][] = __('Dupe email'); } foreach ($dupe_mail as $cur_dupe) { $dupe_list[] = $cur_dupe['username']; } } // Make sure we got a valid language string if (Input::post('language')) { $user['language'] = preg_replace('%[\\.\\\\/]%', '', Input::post('language')); if (!file_exists(ForumEnv::get('FEATHER_ROOT') . 'featherbb/lang/' . $user['language'] . '/common.po')) { throw new Error(__('Bad request'), 500); } } else { $user['language'] = ForumSettings::get('o_default_lang'); } $user = Container::get('hooks')->fire('model.register.check_for_errors', $user); return $user; }
public function check_errors_before_post($fid, $tid, $qid, $pid, $page, $errors) { $lang_antispam_questions = (require ForumEnv::get('FEATHER_ROOT') . 'featherbb/lang/' . User::get()->language . '/antispam.php'); $fid = Container::get('hooks')->fire('model.post.check_errors_before_post_start', $fid); // Antispam feature if (User::get()->is_guest) { // It's a guest, so we have to validate the username $profile = new \FeatherBB\Model\Profile(); $errors = $profile->check_username(Utils::trim(Input::post('req_username')), $errors); $errors = Container::get('hooks')->fire('model.post.check_errors_before_post_antispam', $errors); $question = Input::post('captcha_q') ? trim(Input::post('captcha_q')) : ''; $answer = Input::post('captcha') ? strtoupper(trim(Input::post('captcha'))) : ''; $lang_antispam_questions_array = array(); foreach ($lang_antispam_questions as $k => $v) { $lang_antispam_questions_array[md5($k)] = strtoupper($v); } if (empty($lang_antispam_questions_array[$question]) || $lang_antispam_questions_array[$question] != $answer) { $errors[] = __('Robot test fail'); } } // Flood protection if (Input::post('preview') != '' && User::get()->last_post != '' && time() - User::get()->last_post < Container::get('prefs')->get(User::get(), 'post.min_interval')) { $errors[] = sprintf(__('Flood start'), Container::get('prefs')->get(User::get(), 'post.min_interval'), Container::get('prefs')->get(User::get(), 'post.min_interval') - (time() - User::get()->last_post)); } // If it's a new topic if ($fid) { $subject = Utils::trim(Input::post('req_subject')); $subject = Container::get('hooks')->fire('model.post.check_errors_before_new_topic_subject', $subject); if (ForumSettings::get('o_censoring') == '1') { $censored_subject = Utils::trim(Utils::censor($subject)); $censored_subject = Container::get('hooks')->fire('model.post.check_errors_before_censored', $censored_subject); } if ($subject == '') { $errors[] = __('No subject'); } elseif (ForumSettings::get('o_censoring') == '1' && $censored_subject == '') { $errors[] = __('No subject after censoring'); } elseif (Utils::strlen($subject) > 70) { $errors[] = __('Too long subject'); } elseif (ForumSettings::get('p_subject_all_caps') == '0' && Utils::is_all_uppercase($subject) && !User::get()->is_admmod) { $errors[] = __('All caps subject'); } $errors = Container::get('hooks')->fire('model.post.check_errors_before_new_topic_errors', $errors); } if (User::get()->is_guest) { $email = strtolower(Utils::trim(ForumSettings::get('p_force_guest_email') == '1' ? Input::post('req_email') : Input::post('email'))); if (ForumSettings::get('p_force_guest_email') == '1' || $email != '') { $errors = Container::get('hooks')->fire('model.post.check_errors_before_post_email', $errors, $email); if (!Container::get('email')->is_valid_email($email)) { $errors[] = __('Invalid email'); } // Check if it's a banned email address // we should only check guests because members' addresses are already verified if (User::get()->is_guest && Container::get('email')->is_banned_email($email)) { if (ForumSettings::get('p_allow_banned_email') == '0') { $errors[] = __('Banned email'); } $errors['banned_email'] = 1; // Used later when we send an alert email } } } // Clean up message from POST $message = Utils::linebreaks(Utils::trim(Input::post('req_message'))); $message = Container::get('hooks')->fire('model.post.check_errors_before_post_message', $message); // Here we use strlen() not Utils::strlen() as we want to limit the post to FEATHER_MAX_POSTSIZE bytes, not characters if (strlen($message) > ForumEnv::get('FEATHER_MAX_POSTSIZE')) { $errors[] = sprintf(__('Too long message'), Utils::forum_number_format(ForumEnv::get('FEATHER_MAX_POSTSIZE'))); } elseif (ForumSettings::get('p_message_all_caps') == '0' && Utils::is_all_uppercase($message) && !User::get()->is_admmod) { $errors[] = __('All caps message'); } // Validate BBCode syntax if (ForumSettings::get('p_message_bbcode') == '1') { $message = Container::get('parser')->preparse_bbcode($message, $errors); $message = Container::get('hooks')->fire('model.post.check_errors_before_post_bbcode', $message); } if (empty($errors)) { $errors = Container::get('hooks')->fire('model.post.check_errors_before_post_no_error', $errors); if ($message == '') { $errors[] = __('No message'); } elseif (ForumSettings::get('o_censoring') == '1') { // Censor message to see if that causes problems $censored_message = Utils::trim(Utils::censor($message)); if ($censored_message == '') { $errors[] = __('No message after censoring'); } } } $errors = Container::get('hooks')->fire('model.post.check_errors_before_post', $errors); return $errors; }