public function check_errors_before_edit($id, $can_edit_subject, $errors) { global $lang_post, $pd; // If it's a topic it must contain a subject if ($can_edit_subject) { $subject = feather_trim($this->request->post('req_subject')); if ($this->config['o_censoring'] == '1') { $censored_subject = feather_trim(censor_words($subject)); } if ($subject == '') { $errors[] = $lang_post['No subject']; } elseif ($this->config['o_censoring'] == '1' && $censored_subject == '') { $errors[] = $lang_post['No subject after censoring']; } elseif (feather_strlen($subject) > 70) { $errors[] = $lang_post['Too long subject']; } elseif ($this->config['p_subject_all_caps'] == '0' && is_all_uppercase($subject) && !$this->user->is_admmod) { $errors[] = $lang_post['All caps subject']; } } // Clean up message from POST $message = feather_linebreaks(feather_trim($this->request->post('req_message'))); // Here we use strlen() not feather_strlen() as we want to limit the post to FEATHER_MAX_POSTSIZE bytes, not characters if (strlen($message) > FEATHER_MAX_POSTSIZE) { $errors[] = sprintf($lang_post['Too long message'], forum_number_format(FEATHER_MAX_POSTSIZE)); } elseif ($this->config['p_message_all_caps'] == '0' && is_all_uppercase($message) && !$this->user->is_admmod) { $errors[] = $lang_post['All caps message']; } // Validate BBCode syntax if ($this->config['p_message_bbcode'] == '1') { require FEATHER_ROOT . 'include/parser.php'; $message = preparse_bbcode($message, $errors); } if (empty($errors)) { if ($message == '') { $errors[] = $lang_post['No message']; } elseif ($this->config['o_censoring'] == '1') { // Censor message to see if that causes problems $censored_message = feather_trim(censor_words($message)); if ($censored_message == '') { $errors[] = $lang_post['No message after censoring']; } } } return $errors; }
message($lang_prof_reg['Bad ICQ']); } break; case 'personality': $form = array(); // Clean up signature from POST if ($pun_config['o_signatures'] == '1') { $form['signature'] = pun_linebreaks(pun_trim($_POST['signature'])); // Validate signature if (pun_strlen($form['signature']) > $pun_config['p_sig_length']) { message(sprintf($lang_prof_reg['Sig too long'], $pun_config['p_sig_length'], pun_strlen($form['signature']) - $pun_config['p_sig_length'])); } else { if (substr_count($form['signature'], "\n") > $pun_config['p_sig_lines'] - 1) { message(sprintf($lang_prof_reg['Sig too many lines'], $pun_config['p_sig_lines'])); } else { if ($form['signature'] && $pun_config['p_sig_all_caps'] == '0' && is_all_uppercase($form['signature']) && !$pun_user['is_admmod']) { $form['signature'] = utf8_ucwords(utf8_strtolower($form['signature'])); } } } // Validate BBCode syntax if ($pun_config['p_sig_bbcode'] == '1') { require PUN_ROOT . 'include/parser.php'; $errors = array(); $form['signature'] = preparse_bbcode($form['signature'], $errors, true); if (count($errors) > 0) { message('<ul><li>' . implode('</li><li>', $errors) . '</li></ul>'); } } } break;
$errors[] = $lang_post['Too long subject']; } else { if ($panther_config['p_subject_all_caps'] == '0' && is_all_uppercase($subject) && !$panther_user['is_admmod']) { $errors[] = $lang_post['All caps subject']; } } } } } // Clean up message from POST $message = isset($_POST['req_message']) ? panther_linebreaks(panther_trim($_POST['req_message'])) : ''; // Here we use strlen() not panther_strlen() as we want to limit the post to PANTHER_MAX_POSTSIZE bytes, not characters if (strlen($message) > PANTHER_MAX_POSTSIZE) { $errors[] = sprintf($lang_post['Too long message'], forum_number_format(PANTHER_MAX_POSTSIZE)); } else { if ($panther_config['p_message_all_caps'] == '0' && is_all_uppercase($message) && !$panther_user['is_admmod']) { $errors[] = $lang_post['All caps message']; } } // Validate BBCode syntax if ($panther_config['p_message_bbcode'] == '1') { require PANTHER_ROOT . 'include/parser.php'; $message = $parser->preparse_bbcode($message, $errors); } if (empty($errors)) { if ($message == '') { $errors[] = $lang_post['No message']; } else { if ($panther_config['o_censoring'] == '1') { // Censor message to see if that causes problems $censored_message = panther_trim(censor_words($message));
// we should only check guests because members' addresses are already verified if ($luna_user['is_guest'] && is_banned_email($email)) { if ($luna_config['p_allow_banned_email'] == '0') { $errors[] = __('The email address you entered is banned in this forum. Please choose another email address.', 'luna'); } $banned_email = true; // Used later when we send an alert email } } } // Clean up message from POST $orig_message = $message = luna_linebreaks(luna_trim($_POST['req_message'])); // Here we use strlen() not luna_strlen() as we want to limit the comment to FORUM_MAX_POSTSIZE bytes, not characters if (strlen($message) > FORUM_MAX_POSTSIZE) { $errors[] = sprintf(__('Comments cannot be longer than %s bytes.', 'luna'), forum_number_format(FORUM_MAX_POSTSIZE)); } elseif ($luna_config['p_message_all_caps'] == '0' && is_all_uppercase($message) && !$luna_user['is_admmod']) { $errors[] = __('Comments cannot contain only capital letters.', 'luna'); } // Validate BBCode syntax require FORUM_ROOT . 'include/parser.php'; $message = preparse_bbcode($message, $errors); if (empty($errors)) { if ($message == '') { $errors[] = __('You must enter a message.', 'luna'); } elseif ($luna_config['o_censoring'] == '1') { // Censor message to see if that causes problems $censored_message = luna_trim(censor_words($message)); if ($censored_message == '') { $errors[] = __('You must enter a message. After applying censoring filters, your message was empty.', 'luna'); } }
$errors[] = $lang_poll['All caps question']; } } } if (empty($options)) { $errors[] = $lang_poll['No options']; } $option_data = array(); for ($i = 0; $i <= $panther_config['o_max_poll_fields']; $i++) { if (!empty($errors)) { break; } if (panther_strlen($options[$i]) > 55) { $errors[] = $lang_poll['Too long option']; } else { if ($panther_config['p_subject_all_caps'] == '0' && is_all_uppercase($options[$i]) && !$panther_user['is_admmod']) { $errors[] = $lang_poll['All caps option']; } else { if ($options[$i] != '') { $option_data[] = $options[$i]; } } } } if (count($options) < 2) { $errors[] = $lang_poll['Low options']; } ($hook = get_extensions('edit_poll_after_validation')) ? eval($hook) : null; $now = time(); if (empty($errors)) { $update = array('question' => $question);
public function check_errors_before_post($fid, $tid, $qid, $pid, $page, $errors) { global $lang_post, $lang_common, $lang_prof_reg, $lang_register, $lang_antispam, $lang_antispam_questions, $pd; // Antispam feature if ($this->user->is_guest) { // It's a guest, so we have to validate the username $errors = check_username(feather_trim($this->request->post('req_username')), $errors); $question = $this->request->post('captcha_q') ? trim($this->request->post('captcha_q')) : ''; $answer = $this->request->post('captcha') ? strtoupper(trim($this->request->post('captcha'))) : ''; $lang_antispam_questions_array = array(); foreach ($lang_antispam_questions as $k => $v) { $lang_antispam_questions_array[md5($k)] = strtoupper($v); } if (empty($lang_antispam_questions_array[$question]) || $lang_antispam_questions_array[$question] != $answer) { $errors[] = $lang_antispam['Robot test fail']; } } // Flood protection if ($this->request->post('preview') != '' && $this->user->last_post != '' && time() - $this->user->last_post < $this->user->g_post_flood) { $errors[] = sprintf($lang_post['Flood start'], $this->user->g_post_flood, $this->user->g_post_flood - (time() - $this->user->last_post)); } if ($tid) { $subject_tid = DB::for_table('topics')->where('id', $tid)->find_one_col('subject'); if (!$subject_tid) { message($lang_common['Bad request'], '404'); } $url_subject = url_friendly($subject_tid); } else { $url_subject = ''; } // If it's a new topic if ($fid) { $subject = feather_trim($this->request->post('req_subject')); if ($this->config['o_censoring'] == '1') { $censored_subject = feather_trim(censor_words($subject)); } if ($subject == '') { $errors[] = $lang_post['No subject']; } elseif ($this->config['o_censoring'] == '1' && $censored_subject == '') { $errors[] = $lang_post['No subject after censoring']; } elseif (feather_strlen($subject) > 70) { $errors[] = $lang_post['Too long subject']; } elseif ($this->config['p_subject_all_caps'] == '0' && is_all_uppercase($subject) && !$this->user->is_admmod) { $errors[] = $lang_post['All caps subject']; } } if ($this->user->is_guest) { $email = strtolower(feather_trim($this->config['p_force_guest_email'] == '1' ? $this->request->post('req_email') : $this->request->post('email'))); // Load the register.php/prof_reg.php language files require FEATHER_ROOT . 'lang/' . $this->user->language . '/prof_reg.php'; require FEATHER_ROOT . 'lang/' . $this->user->language . '/register.php'; if ($this->config['p_force_guest_email'] == '1' || $email != '') { require FEATHER_ROOT . 'include/email.php'; if (!is_valid_email($email)) { $errors[] = $lang_common['Invalid email']; } // Check if it's a banned email address // we should only check guests because members' addresses are already verified if ($this->user->is_guest && is_banned_email($email)) { if ($this->config['p_allow_banned_email'] == '0') { $errors[] = $lang_prof_reg['Banned email']; } $errors['banned_email'] = 1; // Used later when we send an alert email } } } // Clean up message from POST $message = feather_linebreaks(feather_trim($this->request->post('req_message'))); // Here we use strlen() not feather_strlen() as we want to limit the post to FEATHER_MAX_POSTSIZE bytes, not characters if (strlen($message) > FEATHER_MAX_POSTSIZE) { $errors[] = sprintf($lang_post['Too long message'], forum_number_format(FEATHER_MAX_POSTSIZE)); } elseif ($this->config['p_message_all_caps'] == '0' && is_all_uppercase($message) && !$this->user->is_admmod) { $errors[] = $lang_post['All caps message']; } // Validate BBCode syntax if ($this->config['p_message_bbcode'] == '1') { require FEATHER_ROOT . 'include/parser.php'; $message = preparse_bbcode($message, $errors); } if (empty($errors)) { if ($message == '') { $errors[] = $lang_post['No message']; } elseif ($this->config['o_censoring'] == '1') { // Censor message to see if that causes problems $censored_message = feather_trim(censor_words($message)); if ($censored_message == '') { $errors[] = $lang_post['No message after censoring']; } } } return $errors; }
public function update_profile($id, $info, $section) { global $lang_common, $lang_profile, $lang_prof_reg, $pd; $username_updated = false; // Validate input depending on section switch ($section) { case 'essentials': $form = array('timezone' => floatval($this->request->post('form_timezone')), 'dst' => $this->request->post('form_dst') ? '1' : '0', 'time_format' => intval($this->request->post('form_time_format')), 'date_format' => intval($this->request->post('form_date_format'))); // Make sure we got a valid language string if ($this->request->post('form_language')) { $languages = forum_list_langs(); $form['language'] = feather_trim($this->request->post('form_language')); if (!in_array($form['language'], $languages)) { message($lang_common['Bad request'], '404'); } } if ($this->user->is_admmod) { $form['admin_note'] = feather_trim($this->request->post('admin_note')); // Are we allowed to change usernames? if ($this->user->g_id == FEATHER_ADMIN || $this->user->g_moderator == '1' && $this->user->g_mod_rename_users == '1') { $form['username'] = feather_trim($this->request->post('req_username')); if ($form['username'] != $info['old_username']) { // Check username require FEATHER_ROOT . 'lang/' . $this->user->language . '/register.php'; $errors = ''; $errors = check_username($form['username'], $errors, $id); if (!empty($errors)) { message($errors[0]); } $username_updated = true; } } // We only allow administrators to update the post count if ($this->user->g_id == FEATHER_ADMIN) { $form['num_posts'] = intval($this->request->post('num_posts')); } } if ($this->config['o_regs_verify'] == '0' || $this->user->is_admmod) { require FEATHER_ROOT . 'include/email.php'; // Validate the email address $form['email'] = strtolower(feather_trim($this->request->post('req_email'))); if (!is_valid_email($form['email'])) { message($lang_common['Invalid email']); } } break; case 'personal': $form = array('realname' => $this->request->post('form_realname') ? feather_trim($this->request->post('form_realname')) : '', 'url' => $this->request->post('form_url') ? feather_trim($this->request->post('form_url')) : '', 'location' => $this->request->post('form_location') ? feather_trim($this->request->post('form_location')) : ''); // Add http:// if the URL doesn't contain it already (while allowing https://, too) if ($this->user->g_post_links == '1') { if ($form['url'] != '') { $url = url_valid($form['url']); if ($url === false) { message($lang_profile['Invalid website URL']); } $form['url'] = $url['url']; } } else { if (!empty($form['url'])) { message($lang_profile['Website not allowed']); } $form['url'] = ''; } if ($this->user->g_id == FEATHER_ADMIN) { $form['title'] = feather_trim($this->request->post('title')); } elseif ($this->user->g_set_title == '1') { $form['title'] = feather_trim($this->request->post('title')); if ($form['title'] != '') { // A list of words that the title may not contain // If the language is English, there will be some duplicates, but it's not the end of the world $forbidden = array('member', 'moderator', 'administrator', 'banned', 'guest', utf8_strtolower($lang_common['Member']), utf8_strtolower($lang_common['Moderator']), utf8_strtolower($lang_common['Administrator']), utf8_strtolower($lang_common['Banned']), utf8_strtolower($lang_common['Guest'])); if (in_array(utf8_strtolower($form['title']), $forbidden)) { message($lang_profile['Forbidden title']); } } } break; case 'messaging': $form = array('jabber' => feather_trim($this->request->post('form_jabber')), 'icq' => feather_trim($this->request->post('form_icq')), 'msn' => feather_trim($this->request->post('form_msn')), 'aim' => feather_trim($this->request->post('form_aim')), 'yahoo' => feather_trim($this->request->post('form_yahoo'))); // If the ICQ UIN contains anything other than digits it's invalid if (preg_match('%[^0-9]%', $form['icq'])) { message($lang_prof_reg['Bad ICQ']); } break; case 'personality': $form = array(); // Clean up signature from POST if ($this->config['o_signatures'] == '1') { $form['signature'] = feather_linebreaks(feather_trim($this->request->post('signature'))); // Validate signature if (feather_strlen($form['signature']) > $this->config['p_sig_length']) { message(sprintf($lang_prof_reg['Sig too long'], $this->config['p_sig_length'], feather_strlen($form['signature']) - $this->config['p_sig_length'])); } elseif (substr_count($form['signature'], "\n") > $this->config['p_sig_lines'] - 1) { message(sprintf($lang_prof_reg['Sig too many lines'], $this->config['p_sig_lines'])); } elseif ($form['signature'] && $this->config['p_sig_all_caps'] == '0' && is_all_uppercase($form['signature']) && !$this->user->is_admmod) { $form['signature'] = utf8_ucwords(utf8_strtolower($form['signature'])); } // Validate BBCode syntax if ($this->config['p_sig_bbcode'] == '1') { require FEATHER_ROOT . 'include/parser.php'; $errors = array(); $form['signature'] = preparse_bbcode($form['signature'], $errors, true); if (count($errors) > 0) { message('<ul><li>' . implode('</li><li>', $errors) . '</li></ul>'); } } } break; case 'display': $form = array('disp_topics' => feather_trim($this->request->post('form_disp_topics')), 'disp_posts' => feather_trim($this->request->post('form_disp_posts')), 'show_smilies' => $this->request->post('form_show_smilies') ? '1' : '0', 'show_img' => $this->request->post('form_show_img') ? '1' : '0', 'show_img_sig' => $this->request->post('form_show_img_sig') ? '1' : '0', 'show_avatars' => $this->request->post('form_show_avatars') ? '1' : '0', 'show_sig' => $this->request->post('form_show_sig') ? '1' : '0'); if ($form['disp_topics'] != '') { $form['disp_topics'] = intval($form['disp_topics']); if ($form['disp_topics'] < 3) { $form['disp_topics'] = 3; } elseif ($form['disp_topics'] > 75) { $form['disp_topics'] = 75; } } if ($form['disp_posts'] != '') { $form['disp_posts'] = intval($form['disp_posts']); if ($form['disp_posts'] < 3) { $form['disp_posts'] = 3; } elseif ($form['disp_posts'] > 75) { $form['disp_posts'] = 75; } } // Make sure we got a valid style string if ($this->request->post('form_style')) { $styles = forum_list_styles(); $form['style'] = feather_trim($this->request->post('form_style')); if (!in_array($form['style'], $styles)) { message($lang_common['Bad request'], '404'); } } break; case 'privacy': $form = array('email_setting' => intval($this->request->post('form_email_setting')), 'notify_with_post' => $this->request->post('form_notify_with_post') ? '1' : '0', 'auto_notify' => $this->request->post('form_auto_notify') ? '1' : '0'); if ($form['email_setting'] < 0 || $form['email_setting'] > 2) { $form['email_setting'] = $this->config['o_default_email_setting']; } break; default: message($lang_common['Bad request'], '404'); } // Single quotes around non-empty values and nothing for empty values $temp = array(); foreach ($form as $key => $input) { $temp[$key] = $input; } if (empty($temp)) { message($lang_common['Bad request'], '404'); } DB::for_table('users')->where('id', $id)->find_one()->set($temp)->save(); // If we changed the username we have to update some stuff if ($username_updated) { $bans_updated = DB::for_table('bans')->where('username', $info['old_username'])->update_many('username', $form['username']); DB::for_table('posts')->where('poster_id', $id)->update_many('poster', $form['username']); DB::for_table('posts')->where('edited_by', $info['old_username'])->update_many('edited_by', $form['username']); DB::for_table('topics')->where('poster', $info['old_username'])->update_many('poster', $form['username']); DB::for_table('topics')->where('last_poster', $info['old_username'])->update_many('last_poster', $form['username']); DB::for_table('forums')->where('last_poster', $info['old_username'])->update_many('last_poster', $form['username']); DB::for_table('online')->where('ident', $info['old_username'])->update_many('ident', $form['username']); // If the user is a moderator or an administrator we have to update the moderator lists $group_id = DB::for_table('users')->where('id', $id)->find_one_col('group_id'); $group_mod = DB::for_table('groups')->where('g_id', $group_id)->find_one_col('g_moderator'); if ($group_id == FEATHER_ADMIN || $group_mod == '1') { $select_mods = array('id', 'moderators'); $result = DB::for_table('forums')->select_many($select_mods)->find_many(); foreach ($result as $cur_forum) { $cur_moderators = $cur_forum['moderators'] != '' ? unserialize($cur_forum['moderators']) : array(); if (in_array($id, $cur_moderators)) { unset($cur_moderators[$info['old_username']]); $cur_moderators[$form['username']] = $id; uksort($cur_moderators, 'utf8_strcasecmp'); DB::for_table('forums')->where('id', $cur_forum['id'])->find_one()->set('moderators', serialize($cur_moderators))->save(); } } } // Regenerate the users info cache if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) { require FEATHER_ROOT . 'include/cache.php'; } generate_users_info_cache(); // Check if the bans table was updated and regenerate the bans cache when needed if ($bans_updated) { generate_bans_cache(); } } redirect(get_link('user/' . $id . '/section/' . $section . '/'), $lang_profile['Profile redirect']); }