/**
* Handle flood control for members.
*
* @param MEMBER The member ID that just got detected
*/
function ocf_flood_control($id)
{
global $NON_PAGE_SCRIPT;
if ($NON_PAGE_SCRIPT == 1) {
return;
}
global $FLOOD_CONTROL_ONCE;
if ($FLOOD_CONTROL_ONCE) {
return;
}
$FLOOD_CONTROL_ONCE = true;
if (get_page_name() == 'join') {
return;
}
if (!running_script('index') && !running_script('iframe')) {
return;
}
require_code('ocf_groups');
// Set last visit time session cookie if it doesn't exist
if (!array_key_exists('last_visit', $_COOKIE) && $GLOBALS['FORUM_DRIVER']->get_guest_id() != $id) {
require_code('users_active_actions');
$lvt = $this->get_member_row_field($id, 'm_last_visit_time');
ocp_setcookie('last_visit', is_null($lvt) ? strval(time()) : strval($lvt), true);
$new_visit = true;
} else {
$new_visit = false;
}
// Do some flood control
$submitting = count($_POST) > 0 && get_param('type', NULL) !== 'ed' && get_param('type', NULL) !== 'ec' && !running_script('preview');
$restrict = $submitting ? 'flood_control_submit_secs' : 'flood_control_access_secs';
$restrict_setting = $submitting ? 'm_last_submit_time' : 'm_last_visit_time';
$restrict_answer = ocf_get_best_group_property($this->get_members_groups($id), $restrict);
if (!$submitting && array_key_exists('redirect', $_GET)) {
$restrict_answer = 0;
}
if ($restrict_answer < 0) {
$restrict_answer = 0;
}
$last = $this->get_member_row_field($id, $restrict_setting);
if ($last > time()) {
$last = time() - $restrict_answer;
}
// Weird clock problem
$wait_time = $restrict_answer - time() + $last;
if ($wait_time > 0 && addon_installed('stats')) {
require_code('site');
log_stats('/flood', 0);
$time_threshold = 30;
$count_threshold = 50;
$query = 'SELECT COUNT(*) FROM ' . $GLOBALS['SITE_DB']->get_table_prefix() . 'stats WHERE date_and_time>' . strval(time() - $time_threshold) . ' AND date_and_time<' . strval(time()) . ' AND ' . db_string_equal_to('ip', get_ip_address());
$count = $GLOBALS['SITE_DB']->query_value_null_ok_full($query);
if ($count >= $count_threshold && addon_installed('securitylogging')) {
$ip = get_ip_address();
require_code('failure');
add_ip_ban($ip);
require_code('notifications');
dispatch_notification('auto_ban', NULL, do_lang('AUTO_BAN_SUBJECT', $ip, NULL, NULL, get_site_default_lang()), do_lang('AUTO_BAN_DOS_MESSAGE', $ip, integer_format($count_threshold), integer_format($time_threshold), get_site_default_lang()), NULL, A_FROM_SYSTEM_PRIVILEGED);
}
if (!function_exists('require_lang')) {
require_code('lang');
}
if (!function_exists('do_lang_tempcode')) {
require_code('tempcode');
}
require_lang('ocf');
warn_exit(do_lang_tempcode('FLOOD_CONTROL_RESTRICT', integer_format($wait_time)));
}
$extra = $submitting ? array('m_last_submit_time' => time()) : array();
$dif = time() - $this->get_member_row_field($id, 'm_last_visit_time');
if ($dif < 0) {
$dif = 0;
}
// can happen if system clock changes
if (is_guest($id)) {
if (get_value('session_prudence') !== '1') {
global $SESSION_CACHE;
$num_guests = 0;
foreach ($SESSION_CACHE as $c) {
if (!array_key_exists('the_user', $c)) {
continue;
}
// Workaround to HipHop PHP weird bug
if ($c['last_activity'] > time() - 60 * 4 && is_guest($c['the_user'])) {
$num_guests++;
}
}
$dif *= $num_guests;
} else {
$restrict_answer = 0;
}
}
if ($submitting || count($_POST) == 0 && $dif > $wait_time) {
if ($restrict_answer != 0 || $dif > 180 || $new_visit) {
$old_ip = $this->get_member_row_field($id, 'm_ip_address');
$change_map = array('m_last_visit_time' => time());
if (get_ip_address() != $old_ip) {
$change_map['m_ip_address'] = get_ip_address();
}
if (get_db_type() != 'xml') {
$this->connection->query_update('f_members', $change_map + $extra, array('id' => $id), '', 1, NULL, false, true);
}
}
}
}
/**
* Get the best value of all values of a property for a member (due to members being in multiple usergroups).
*
* @param MEMBER The ID of the member.
* @param ID_TEXT The identifier of the property.
* @return mixed The property value.
*/
function ocf_get_member_best_group_property($member_id, $property)
{
return ocf_get_best_group_property($GLOBALS['OCF_DRIVER']->get_members_groups($member_id, false, true), $property);
}
/**
* Do a terminal execution on a defined page type
*
* @param mixed The error message (string or tempcode)
* @param ID_TEXT Name of the terminal page template
*/
function _generic_exit($text, $template)
{
@ob_end_clean();
// Incase in minimodule
if (get_param_integer('keep_fatalistic', 0) == 1) {
fatal_exit($text);
}
@header('Content-type: text/html; charset=' . get_charset());
@header('Content-Disposition: inline');
//$x=@ob_get_contents(); @ob_end_clean(); //if (is_string($x)) @print($x); Disabled as causes weird crashes
$text_eval = is_object($text) ? $text->evaluate() : $text;
if ($GLOBALS['HTTP_STATUS_CODE'] == '200') {
if ($text_eval == do_lang('ocf:NO_MARKERS_SELECTED') || $text_eval == do_lang('NOTHING_SELECTED')) {
if (!headers_sent()) {
$GLOBALS['HTTP_STATUS_CODE'] = '400';
if (!browser_matches('ie') && strpos(ocp_srv('SERVER_SOFTWARE'), 'IIS') === false) {
header('HTTP/1.0 400 Bad Request');
}
}
} elseif ($text_eval == do_lang('MISSING_RESOURCE') || $text_eval == do_lang('USER_NO_EXIST')) {
if (!headers_sent()) {
$GLOBALS['HTTP_STATUS_CODE'] = '404';
if (!browser_matches('ie') && strpos(ocp_srv('SERVER_SOFTWARE'), 'IIS') === false) {
header('HTTP/1.0 404 Not Found');
}
}
if (ocp_srv('HTTP_REFERER') != '') {
relay_error_notification($text_eval . ' ' . do_lang('REFERRER', ocp_srv('HTTP_REFERER'), substr(get_browser_string(), 0, 255)), false, 'error_occurred_missing_resource');
}
} elseif ($template == 'WARN_SCREEN') {
if (!headers_sent()) {
$GLOBALS['HTTP_STATUS_CODE'] = '500';
if (!browser_matches('ie') && strpos(ocp_srv('SERVER_SOFTWARE'), 'IIS') === false) {
header('HTTP/1.0 500 Internal server error');
}
}
}
}
if (array_key_exists('MSN_DB', $GLOBALS) && !is_null($GLOBALS['MSN_DB'])) {
$GLOBALS['FORUM_DB'] = $GLOBALS['MSN_DB'];
$GLOBALS['MSN_DB'] = NULL;
}
global $EXITING;
if (running_script('upgrader') || !function_exists('get_page_title')) {
critical_error('PASSON', is_object($text) ? $text->evaluate() : $text);
}
if ($EXITING >= 1 || !function_exists('get_member')) {
critical_error('EMERGENCY', is_object($text) ? $text->evaluate() : escape_html($text));
}
$EXITING++;
if (!function_exists('do_header')) {
require_code('site');
}
if (get_forum_type() == 'ocf' && get_db_type() != 'xml') {
require_code('ocf_groups');
$restrict_answer = ocf_get_best_group_property($GLOBALS['FORUM_DRIVER']->get_members_groups(get_member()), 'flood_control_submit_secs');
$GLOBALS['NO_DB_SCOPE_CHECK'] = true;
$GLOBALS['SITE_DB']->query_update('f_members', array('m_last_submit_time' => time() - $restrict_answer - 1), array('id' => get_member()), '', 1);
$GLOBALS['NO_DB_SCOPE_CHECK'] = false;
}
global $DONE_HEADER;
$bail_out = isset($DONE_HEADER) && $DONE_HEADER;
$echo = $bail_out ? new ocp_tempcode() : do_header(running_script('preview') || running_script('iframe') || running_script('shoutbox'));
if ($template == 'INFORM_SCREEN' && is_object($GLOBALS['DISPLAYED_TITLE'])) {
$title = get_page_title($GLOBALS['DISPLAYED_TITLE'], false);
} else {
$title = get_page_title($template == 'INFORM_SCREEN' ? 'MESSAGE' : 'ERROR_OCCURRED');
}
if (running_script('preview') || running_script('iframe') || running_script('shoutbox')) {
$echo = do_template('STYLED_HTML_WRAP', array('TITLE' => do_lang_tempcode($template == 'INFORM_SCREEN' ? 'MESSAGE' : 'ERROR_OCCURRED'), 'FRAME' => true, 'TARGET' => '_top', 'CONTENT' => $text));
$echo->handle_symbol_preprocessing();
$echo->evaluate_echo();
exit;
}
$inside = do_template($template, array('TITLE' => $title, 'TEXT' => $text, 'PROVIDE_BACK' => true));
$echo->attach(running_script('preview') || running_script('iframe') || running_script('shoutbox') ? $inside : globalise($inside));
$echo->attach(do_footer($bail_out));
$echo->handle_symbol_preprocessing();
$echo->evaluate_echo();
exit;
}
/**
* Assign a page refresh to the specified URL.
*
* @param mixed Refresh to this URL (URLPATH or Tempcode URL)
* @param float Take this many times longer than a 'standard ocPortal refresh'
*/
function assign_refresh($url, $multiplier)
{
if (is_object($url)) {
$url = $url->evaluate();
}
if (strpos($url, 'keep_session') !== false) {
$url = enforce_sessioned_url($url);
}
// In case the session changed in transit (this refresh URL may well have been relayed from a much earlier point)
$special_page_type = get_param('special_page_type', 'view');
$must_show_message = $multiplier != 0.0;
// Fudge so that redirects can't count as flooding
if (get_forum_type() == 'ocf') {
require_code('ocf_groups');
$restrict_answer = ocf_get_best_group_property($GLOBALS['FORUM_DRIVER']->get_members_groups(get_member()), 'flood_control_access_secs');
if ($restrict_answer != 0) {
$restrict_setting = 'm_last_visit_time';
$GLOBALS['FORUM_DB']->query_update('f_members', array('m_last_visit_time' => time() - $restrict_answer - 1), array('id' => get_member()), '', 1);
}
}
if (!$must_show_message) {
// Preferably server is gonna redirect before page is shown. This is for accessibility reasons
if (strpos($url, chr(10)) !== false || strpos($url, chr(13)) !== false) {
log_hack_attack_and_exit('HEADER_SPLIT_HACK');
}
global $FORCE_META_REFRESH;
if ($special_page_type == 'view' && $GLOBALS['NON_PAGE_SCRIPT'] == 0 && !headers_sent() && !$FORCE_META_REFRESH) {
header('Location: ' . $url);
if (strpos($url, '#') === false) {
$GLOBALS['QUICK_REDIRECT'] = true;
}
}
}
if ($special_page_type == 'view') {
global $REFRESH_URL;
$REFRESH_URL[0] = $url;
$REFRESH_URL[1] = 2.5 * $multiplier;
}
}
