function validate_username($username, $check_ban_and_taken = true)
{
global $user, $lang;
static $name_chars = 'a-z0-9а-яё_@$%^&;(){}\\#\\-\'.:+ ';
$username = str_compact($username);
$username = clean_username($username);
// Length
if (mb_strlen($username, 'UTF-8') > USERNAME_MAX_LENGTH) {
return $lang['USERNAME_TOO_LONG'];
} else {
if (mb_strlen($username, 'UTF-8') < USERNAME_MIN_LENGTH) {
return $lang['USERNAME_TOO_SMALL'];
}
}
// Allowed symbols
if (!preg_match('#^[' . $name_chars . ']+$#iu', $username, $m)) {
$invalid_chars = preg_replace('#[' . $name_chars . ']#iu', '', $username);
return "{$lang['USERNAME_INVALID']}: <b>" . htmlCHR($invalid_chars) . "</b>";
}
// HTML Entities
if (preg_match_all('/&(#[0-9]+|[a-z]+);/iu', $username, $m)) {
foreach ($m[0] as $ent) {
if (!preg_match('/^(&|<|>)$/iu', $ent)) {
return $lang['USERNAME_INVALID'];
}
}
}
if ($check_ban_and_taken) {
// Занято
$username_sql = DB()->escape($username);
if ($row = DB()->fetch_row("SELECT username FROM " . BB_USERS . " WHERE username = '******' LIMIT 1")) {
if (!IS_GUEST && $row['username'] != $user->name || IS_GUEST) {
return $lang['USERNAME_TAKEN'];
}
}
// Запрещено
$banned_names = array();
foreach (DB()->fetch_rowset("SELECT disallow_username FROM " . BB_DISALLOW . " ORDER BY NULL") as $row) {
$banned_names[] = str_replace('\\*', '.*?', preg_quote($row['disallow_username'], '#u'));
}
if ($banned_names_exp = join('|', $banned_names)) {
if (preg_match("#^({$banned_names_exp})\$#iu", $username)) {
return $lang['USERNAME_DISALLOWED'];
}
}
}
return false;
}
function words_rate()
{
// слова начинающиеся на..
$del_list = file_get_contents(BB_ROOT . '/library/words_rate_del_list.txt');
$del_list = str_compact($del_list);
$del_list = str_replace(' ', '|', preg_quote($del_list, '/'));
$del_exp = '/\\b(' . $del_list . ')[\\w\\-]*/i';
$this->words_del_exp = $del_exp;
}
function build_poll_data($posted_data)
{
$poll_caption = (string) @$posted_data['poll_caption'];
$poll_votes = (string) @$posted_data['poll_votes'];
$this->poll_votes = array();
if (!($poll_caption = str_compact($poll_caption))) {
global $lang;
return $this->err_msg = $lang['EMPTY_POLL_TITLE'];
}
$this->poll_votes[] = $poll_caption;
// заголовок имеет vote_id = 0
foreach (explode("\n", $poll_votes) as $vote) {
if (!($vote = str_compact($vote))) {
continue;
}
$this->poll_votes[] = $vote;
}
// проверять на "< 3" -- 2 варианта ответа + заголовок
if (count($this->poll_votes) < 3 || count($this->poll_votes) > $this->max_votes + 1) {
global $lang;
return $this->err_msg = sprintf($lang['NEW_POLL_VOTES'], $this->max_votes);
}
}
/**
* Explain queries (based on code from phpBB3)
*/
function explain($mode, $html_table = '', $row = '')
{
$query = str_compact($this->cur_query);
// remove comments
$query = preg_replace('#(\\s*)(/\\*)(.*)(\\*/)(\\s*)#', '', $query);
switch ($mode) {
case 'start':
$this->explain_hold = '';
// TODO: добавить поддержку многотабличных запросов
if (preg_match('#UPDATE ([a-z0-9_]+).*?WHERE(.*)/#', $query, $m)) {
$query = "SELECT * FROM {$m['1']} WHERE {$m['2']}";
} else {
if (preg_match('#DELETE FROM ([a-z0-9_]+).*?WHERE(.*)#s', $query, $m)) {
$query = "SELECT * FROM {$m['1']} WHERE {$m['2']}";
}
}
if (preg_match('#^SELECT#', $query)) {
$html_table = false;
if ($result = @mysql_query("EXPLAIN {$query}", $this->link)) {
while ($row = @mysql_fetch_assoc($result)) {
$html_table = $this->explain('add_explain_row', $html_table, $row);
}
}
if ($html_table) {
$this->explain_hold .= '</table>';
}
}
break;
case 'stop':
if (!$this->explain_hold) {
break;
}
$id = $this->dbg_id - 1;
$htid = 'expl-' . intval($this->link) . '-' . $id;
$dbg = $this->dbg[$id];
$this->explain_out .= '
<table width="98%" cellpadding="0" cellspacing="0" class="bodyline row2 bCenter" style="border-bottom: 0px;">
<tr>
<th style="height: 22px; cursor: pointer;" align="left"> ' . $dbg['src'] . ' [' . sprintf('%.4f', $dbg['time']) . ' s] <i>' . $dbg['info'] . '</i></th>
<th style="height: 22px; cursor: pointer;" align="right" title="Copy to clipboard" onclick="$.copyToClipboard( $(\'#' . $htid . '\').text() );">' . "{$this->db_server}.{$this->selected_db}" . ' :: Query #' . ($this->num_queries + 1) . ' </th>
</tr>
<tr><td colspan="2">' . $this->explain_hold . '</td></tr>
</table>
<div class="sqlLog"><div id="' . $htid . '" class="sqlLogRow sqlExplain" style="padding: 0px;">' . short_query($dbg['sql'], true) . ' </div></div>
<br />';
break;
case 'add_explain_row':
if (!$html_table && $row) {
$html_table = true;
$this->explain_hold .= '<table width="100%" cellpadding="3" cellspacing="1" class="bodyline" style="border-width: 0;"><tr>';
foreach (array_keys($row) as $val) {
$this->explain_hold .= '<td class="row3 gensmall" align="center"><b>' . $val . '</b></td>';
}
$this->explain_hold .= '</tr>';
}
$this->explain_hold .= '<tr>';
foreach (array_values($row) as $i => $val) {
$class = !($i % 2) ? 'row1' : 'row2';
$this->explain_hold .= '<td class="' . $class . ' gen">' . str_replace(array("{$this->selected_db}.", ',', ';'), array('', ', ', ';<br />'), $val) . '</td>';
}
$this->explain_hold .= '</tr>';
return $html_table;
break;
case 'display':
echo '<a name="explain"></a><div class="med">' . $this->explain_out . '</div>';
break;
}
}
break;
}
switch ($mode) {
case 'save':
case 'new':
if (!($tpl_name = htmlCHR(str_compact($this->request['tpl_name'])))) {
$this->ajax_die('не заполнено название шаблона');
}
$tpl_name = substr($tpl_name, 0, 60);
if (!($tpl_src_form = htmlCHR($this->request['tpl_src_form']))) {
$this->ajax_die('не заполнен скрипт формы шаблона');
}
if (!($tpl_src_title = htmlCHR($this->request['tpl_src_title']))) {
$this->ajax_die('не заполнен формат названия темы');
}
$tpl_src_title = str_compact($tpl_src_title);
if (!($tpl_src_msg = htmlCHR($this->request['tpl_src_msg']))) {
$this->ajax_die('не заполнен формат создания сообщения');
}
$tpl_comment = htmlCHR($this->request['tpl_comment']);
preg_match('#\\d+#', (string) $this->request['tpl_rules'], $m);
$tpl_rules_post_id = isset($m[0]) ? (int) $m[0] : 0;
$sql_args = array('tpl_name' => (string) $tpl_name, 'tpl_src_form' => (string) $tpl_src_form, 'tpl_src_title' => (string) $tpl_src_title, 'tpl_src_msg' => (string) $tpl_src_msg, 'tpl_comment' => (string) $tpl_comment, 'tpl_rules_post_id' => (int) $tpl_rules_post_id, 'tpl_last_edit_tm' => (int) TIMENOW, 'tpl_last_edit_by' => (int) $userdata['user_id']);
break;
}
// выполнение
switch ($mode) {
// загрузка шаблона
case 'load':
$this->response['val']['tpl-name-save'] = $tpl_data['tpl_name'];
$this->response['val']['tpl-src-form'] = $tpl_data['tpl_src_form'];
/**
* Log error
*/
function log_error()
{
if (!SQL_LOG_ERRORS) {
return;
}
if (!error_reporting()) {
return;
}
$msg = array();
$err = $this->sql_error();
$msg[] = str_compact(sprintf('#%06d %s', $err['code'], $err['message']));
$msg[] = '';
$msg[] = str_compact($this->cur_query);
$msg[] = '';
$msg[] = 'Source : ' . $this->debug_find_source();
$msg[] = 'IP : ' . @$_SERVER['REMOTE_ADDR'];
$msg[] = 'Date : ' . date('Y-m-d H:i:s');
$msg[] = 'Agent : ' . @$_SERVER['HTTP_USER_AGENT'];
$msg[] = 'Req_URI : ' . @$_SERVER['REQUEST_URI'];
$msg[] = 'Referer : ' . @$_SERVER['HTTP_REFERER'];
$msg[] = 'Method : ' . @$_SERVER['REQUEST_METHOD'];
$msg[] = 'Request : ' . trim(print_r($_REQUEST, true)) . str_repeat('_', 78) . LOG_LF;
$msg[] = '';
bb_log($msg, 'sql_error_tr');
}
function log_request($file = '', $prepend_str = false, $add_post = true)
{
global $user;
$file = $file ? $file : 'req/' . date('m-d');
$str = array();
$str[] = date('m-d H:i:s');
if ($prepend_str !== false) {
$str[] = $prepend_str;
}
if (!empty($user->data)) {
$str[] = $user->id . "\t" . html_entity_decode($user->name);
}
$str[] = sprintf('%-15s', $_SERVER['REMOTE_ADDR']);
if (isset($_SERVER['REQUEST_URI'])) {
$str[] = $_SERVER['REQUEST_URI'];
}
if (isset($_SERVER['HTTP_USER_AGENT'])) {
$str[] = $_SERVER['HTTP_USER_AGENT'];
}
if (isset($_SERVER['HTTP_REFERER'])) {
$str[] = $_SERVER['HTTP_REFERER'];
}
if (!empty($_POST) && $add_post) {
$str[] = "post: " . str_compact(urldecode(http_build_query($_POST)));
}
$str = join("\t", $str) . "\n";
bb_log($str, $file);
}
function remove_stopwords($text)
{
static $stopwords = null;
if (is_null($stopwords)) {
$stopwords = explode(' ', str_compact(@file_get_contents(LANG_DIR . 'search_stopwords.txt')));
array_deep($stopwords, 'pad_with_space');
}
return $stopwords ? str_replace($stopwords, ' ', $text) : $text;
}
function clean_filename($fname)
{
static $s = array('\\', '/', ':', '*', '?', '"', '<', '>', '|', ' ');
return str_replace($s, '_', str_compact($fname));
}
