/**
* Executes the blacklist.
*/
protected function initBlacklist()
{
$isAjax = isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest';
if (defined('BLACKLIST_IP_ADDRESSES') && BLACKLIST_IP_ADDRESSES != '') {
if (!StringUtil::executeWordFilter(UserUtil::convertIPv6To4(self::getSession()->ipAddress), BLACKLIST_IP_ADDRESSES)) {
if ($isAjax) {
throw new AJAXException(self::getLanguage()->get('wcf.ajax.error.permissionDenied'), AJAXException::INSUFFICIENT_PERMISSIONS);
} else {
throw new PermissionDeniedException();
}
} else {
if (!StringUtil::executeWordFilter(self::getSession()->ipAddress, BLACKLIST_IP_ADDRESSES)) {
if ($isAjax) {
throw new AJAXException(self::getLanguage()->get('wcf.ajax.error.permissionDenied'), AJAXException::INSUFFICIENT_PERMISSIONS);
} else {
throw new PermissionDeniedException();
}
}
}
}
if (defined('BLACKLIST_USER_AGENTS') && BLACKLIST_USER_AGENTS != '') {
if (!StringUtil::executeWordFilter(self::getSession()->userAgent, BLACKLIST_USER_AGENTS)) {
if ($isAjax) {
throw new AJAXException(self::getLanguage()->get('wcf.ajax.error.permissionDenied'), AJAXException::INSUFFICIENT_PERMISSIONS);
} else {
throw new PermissionDeniedException();
}
}
}
if (defined('BLACKLIST_HOSTNAMES') && BLACKLIST_HOSTNAMES != '') {
if (!StringUtil::executeWordFilter(@gethostbyaddr(self::getSession()->ipAddress), BLACKLIST_HOSTNAMES)) {
if ($isAjax) {
throw new AJAXException(self::getLanguage()->get('wcf.ajax.error.permissionDenied'), AJAXException::INSUFFICIENT_PERMISSIONS);
} else {
throw new PermissionDeniedException();
}
}
}
// handle banned users
if (self::getUser()->userID && self::getUser()->banned) {
if ($isAjax) {
throw new AJAXException(self::getLanguage()->getDynamicVariable('wcf.user.error.isBanned'), AJAXException::INSUFFICIENT_PERMISSIONS);
} else {
throw new NamedUserException(self::getLanguage()->getDynamicVariable('wcf.user.error.isBanned'));
}
}
}
/**
* Executes the blacklist.
*/
protected function initBlacklist()
{
if (defined('BLACKLIST_IP_ADDRESSES') && BLACKLIST_IP_ADDRESSES != '') {
if (!util\StringUtil::executeWordFilter(WCF::getSession()->ipAddress, BLACKLIST_IP_ADDRESSES)) {
throw new exception\PermissionDeniedException();
}
}
if (defined('BLACKLIST_USER_AGENTS') && BLACKLIST_USER_AGENTS != '') {
if (!util\StringUtil::executeWordFilter(WCF::getSession()->userAgent, BLACKLIST_USER_AGENTS)) {
throw new exception\PermissionDeniedException();
}
}
if (defined('BLACKLIST_HOSTNAMES') && BLACKLIST_HOSTNAMES != '') {
if (!util\StringUtil::executeWordFilter(@gethostbyaddr(WCF::getSession()->ipAddress), BLACKLIST_HOSTNAMES)) {
throw new exception\PermissionDeniedException();
}
}
}
/**
* @see \wcf\form\IForm::validate()
*/
public function validate()
{
// validate static user options
try {
$this->validateUsername($this->username);
} catch (UserInputException $e) {
$this->errorType[$e->getField()] = $e->getType();
}
try {
$this->validateEmail($this->email, $this->confirmEmail);
} catch (UserInputException $e) {
$this->errorType[$e->getField()] = $e->getType();
}
try {
$this->validatePassword($this->password, $this->confirmPassword);
} catch (UserInputException $e) {
$this->errorType[$e->getField()] = $e->getType();
}
// validate user groups
if (!empty($this->groupIDs)) {
$conditions = new PreparedStatementConditionBuilder();
$conditions->add("groupID IN (?)", array($this->groupIDs));
$conditions->add("groupType NOT IN (?)", array(array(UserGroup::GUESTS, UserGroup::EVERYONE, UserGroup::USERS)));
$sql = "SELECT groupID\n FROM wcf" . WCF_N . "_user_group\n " . $conditions;
$statement = WCF::getDB()->prepareStatement($sql);
$statement->execute($conditions->getParameters());
$this->groupIDs = array();
while ($row = $statement->fetchArray()) {
$this->groupIDs[] = $row['groupID'];
}
}
// validate user language
$language = LanguageFactory::getInstance()->getLanguage($this->languageID);
if ($language === null || !$language->languageID) {
// use default language
$this->languageID = LanguageFactory::getInstance()->getDefaultLanguageID();
}
// validate visible languages
foreach ($this->visibleLanguages as $key => $visibleLanguage) {
$language = LanguageFactory::getInstance()->getLanguage($visibleLanguage);
if (!$language->languageID || !$language->hasContent) {
unset($this->visibleLanguages[$key]);
}
}
if (empty($this->visibleLanguages) && ($language = LanguageFactory::getInstance()->getLanguage($this->languageID)) && $language->hasContent) {
$this->visibleLanguages[] = $this->languageID;
}
// validate user title
try {
if (mb_strlen($this->userTitle) > USER_TITLE_MAX_LENGTH) {
throw new UserInputException('userTitle', 'tooLong');
}
if (!StringUtil::executeWordFilter($this->userTitle, USER_FORBIDDEN_TITLES)) {
throw new UserInputException('userTitle', 'forbidden');
}
} catch (UserInputException $e) {
$this->errorType[$e->getField()] = $e->getType();
}
$this->errorType = array_merge($this->optionHandler->validate(), $this->errorType);
// validate dynamic options
EventHandler::getInstance()->fireAction($this, 'validate');
// validate registration time
if (!empty($this->errorType)) {
throw new UserInputException('options', $this->errorType);
}
if (!$this->isExternalAuthentication && (!WCF::getSession()->getVar('registrationStartTime') || TIME_NOW - WCF::getSession()->getVar('registrationStartTime') < self::$minRegistrationTime)) {
throw new UserInputException('registrationStartTime', array());
}
}
/**
* Saves changes to user profile.
*
* @return array
*/
public function save()
{
$userTitle = null;
if (isset($this->parameters['values']['__userTitle'])) {
$userTitle = StringUtil::trim(MessageUtil::stripCrap($this->parameters['values']['__userTitle']));
unset($this->parameters['values']['__userTitle']);
}
$optionHandler = $this->getOptionHandler($this->userProfile->getDecoratedObject());
$optionHandler->readUserInput($this->parameters);
$errors = $optionHandler->validate();
// validate user title
if ($userTitle !== null) {
try {
if (mb_strlen($userTitle) > USER_TITLE_MAX_LENGTH) {
throw new UserInputException('__userTitle', 'tooLong');
}
if (!StringUtil::executeWordFilter($userTitle, USER_FORBIDDEN_TITLES)) {
throw new UserInputException('__userTitle', 'forbidden');
}
} catch (UserInputException $e) {
$errors[$e->getField()] = $e->getType();
}
}
// validation was successful
if (empty($errors)) {
$saveOptions = $optionHandler->save();
$data = array('options' => $saveOptions);
// save user title
if ($userTitle !== null) {
$data['data'] = array('userTitle' => $userTitle);
}
$userAction = new UserAction(array($this->userProfile->userID), 'update', $data);
$userAction->executeAction();
// check if the user will be automatically added to new
// user groups because of the changed user options
UserGroupAssignmentHandler::getInstance()->checkUsers(array($this->userProfile->userID));
// return parsed template
$user = new User($this->userProfile->userID);
// reload option handler
$optionHandler = $this->getOptionHandler($user, false);
$options = $optionHandler->getOptionTree();
WCF::getTPL()->assign(array('options' => $options, 'userID' => $this->userProfile->userID));
return array('success' => true, 'template' => WCF::getTPL()->fetch('userProfileAbout'));
} else {
// validation failed
WCF::getTPL()->assign(array('errorType' => $errors, 'optionTree' => $optionHandler->getOptionTree(), '__userTitle' => $userTitle !== null ? $userTitle : $this->userProfile->userTitle));
return array('success' => false, 'template' => WCF::getTPL()->fetch('userProfileAboutEditable'));
}
}
/**
* @see \wcf\form\IForm::validate()
*/
public function validate()
{
// validate static user options
try {
$this->validateUsername($this->username);
} catch (UserInputException $e) {
$this->errorType[$e->getField()] = $e->getType();
}
try {
$this->validateEmail($this->email, $this->confirmEmail);
} catch (UserInputException $e) {
$this->errorType[$e->getField()] = $e->getType();
}
try {
$this->validatePassword($this->password, $this->confirmPassword);
} catch (UserInputException $e) {
$this->errorType[$e->getField()] = $e->getType();
}
// validate user groups
if (!empty($this->groupIDs)) {
$conditions = new PreparedStatementConditionBuilder();
$conditions->add("groupID IN (?)", array($this->groupIDs));
$conditions->add("groupType NOT IN (?)", array(array(UserGroup::GUESTS, UserGroup::EVERYONE, UserGroup::USERS)));
$sql = "SELECT\tgroupID\n\t\t\t\tFROM\twcf" . WCF_N . "_user_group\n\t\t\t\t" . $conditions;
$statement = WCF::getDB()->prepareStatement($sql);
$statement->execute($conditions->getParameters());
$this->groupIDs = array();
while ($row = $statement->fetchArray()) {
if (UserGroup::isAccessibleGroup(array($row['groupID']))) {
$this->groupIDs[] = $row['groupID'];
}
}
}
// validate user language
$language = LanguageFactory::getInstance()->getLanguage($this->languageID);
if ($language === null || !$language->languageID) {
// use default language
$this->languageID = LanguageFactory::getInstance()->getDefaultLanguageID();
}
// validate visible languages
foreach ($this->visibleLanguages as $key => $visibleLanguage) {
$language = LanguageFactory::getInstance()->getLanguage($visibleLanguage);
if (!$language->languageID || !$language->hasContent) {
unset($this->visibleLanguages[$key]);
}
}
if (empty($this->visibleLanguages) && ($language = LanguageFactory::getInstance()->getLanguage($this->languageID)) && $language->hasContent) {
$this->visibleLanguages[] = $this->languageID;
}
// validate user title
try {
if (mb_strlen($this->userTitle) > USER_TITLE_MAX_LENGTH) {
throw new UserInputException('userTitle', 'tooLong');
}
if (!StringUtil::executeWordFilter($this->userTitle, USER_FORBIDDEN_TITLES)) {
throw new UserInputException('userTitle', 'forbidden');
}
} catch (UserInputException $e) {
$this->errorType[$e->getField()] = $e->getType();
}
// validate dynamic options
parent::validate();
}
