本文整理匯總了PHP中spamProtection函數的典型用法代碼示例。如果您正苦於以下問題:PHP spamProtection函數的具體用法?PHP spamProtection怎麽用?PHP spamProtection使用的例子?那麽, 這裏精選的函數代碼示例或許可以為您提供幫助。
在下文中一共展示了spamProtection函數的15個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的PHP代碼示例。
示例1: die
die('Hacking attempt...');
}
// The shop action (for the template)
$context['shop_do'] = 'bank';
// Add to the linktree
$context['linktree'][] = array('url' => $scripturl . '?action=shop;do=bank', 'name' => $txt['shop_bank']);
// Are they allowed in the bank?
isAllowedTo('shop_bank');
// If we're in the main page of the bank
if ($_GET['do'] == 'bank') {
// Set the page title
$context['page_title'] = $txt['shop'] . ' - ' . $txt['shop_bank'];
// Load the 'bank' sub template
$context['sub_template'] = 'bank';
} elseif ($_GET['do'] == 'bank2') {
spamProtection('login');
// Make sure the amount of money is numeric
$_POST['amount'] = (double) $_POST['amount'];
// If they're depositing some money
if ($_POST['type'] == 'deposit') {
// If user is trying to deposit more money than they have
if ($_POST['amount'] + $modSettings['shopFeeDeposit'] > $context['user']['money']) {
$context['shop_buy_message'] = $txt['shop_dont_have_much'];
} elseif ($_POST['amount'] <= 0) {
$context['shop_buy_message'] = $txt['shop_no_negative'];
} elseif ($_POST['amount'] < $modSettings['shopMinDeposit']) {
$context['shop_buy_message'] = sprintf($txt['shop_deposit_small'], formatMoney($modSettings['shopMinDeposit']));
} else {
// Add amount to member's bank money, and remove from money in pockey
db_query("\n\t\t\t\tUPDATE {$db_prefix}members\n\t\t\t\tSET moneyBank = moneyBank + {$_POST['amount']},\n\t\t\t\t\tmoney = money - ({$_POST['amount']} + {$modSettings['shopFeeDeposit']})\n\t\t\t\tWHERE ID_MEMBER = {$ID_MEMBER}\n\t\t\t\tLIMIT 1", __FILE__, __LINE__);
cache_put_data('user_settings-' . $ID_MEMBER, null, 60);
示例2: MessagePost2
function MessagePost2()
{
global $txt, $ID_MEMBER, $context, $sourcedir;
global $db_prefix, $user_info, $modSettings, $scripturl, $func;
isAllowedTo('pm_send');
require_once $sourcedir . '/Subs-Auth.php';
if (loadLanguage('PersonalMessage', '', false) === false) {
loadLanguage('InstantMessage');
}
// Extract out the spam settings - it saves database space!
list($modSettings['max_pm_recipients'], $modSettings['pm_posts_verification'], $modSettings['pm_posts_per_hour']) = explode(',', $modSettings['pm_spam_settings']);
// Check whether we've gone over the limit of messages we can send per hour - fatal error if fails!
if (!empty($modSettings['pm_posts_per_hour']) && !allowedTo(array('admin_forum', 'moderate_forum', 'send_mail'))) {
// How many messages have they sent this last hour?
$request = db_query("\n\t\t\tSELECT COUNT(pr.ID_PM) AS postCount\n\t\t\tFROM ({$db_prefix}personal_messages AS pm, {$db_prefix}pm_recipients AS pr)\n\t\t\tWHERE pm.ID_MEMBER_FROM = {$ID_MEMBER}\n\t\t\t\tAND pm.msgtime > " . (time() - 3600) . "\n\t\t\t\tAND pr.ID_PM = pm.ID_PM", __FILE__, __LINE__);
list($postCount) = mysql_fetch_row($request);
mysql_free_result($request);
if (!empty($postCount) && $postCount >= $modSettings['pm_posts_per_hour']) {
// Excempt moderators.
$request = db_query("\n\t\t\t\tSELECT ID_MEMBER\n\t\t\t\tFROM {$db_prefix}moderators\n\t\t\t\tWHERE ID_MEMBER = {$ID_MEMBER}", __FILE__, __LINE__);
if (mysql_num_rows($request) == 0) {
fatal_error(sprintf($txt['pm_too_many_per_hour'], $modSettings['pm_posts_per_hour']));
}
mysql_free_result($request);
}
}
// Initialize the errors we're about to make.
$post_errors = array();
// If your session timed out, show an error, but do allow to re-submit.
if (checkSession('post', '', false) != '') {
$post_errors[] = 'session_timeout';
}
$_REQUEST['subject'] = isset($_REQUEST['subject']) ? trim($_REQUEST['subject']) : '';
$_REQUEST['to'] = empty($_POST['to']) ? empty($_GET['to']) ? '' : $_GET['to'] : stripslashes($_POST['to']);
$_REQUEST['bcc'] = empty($_POST['bcc']) ? empty($_GET['bcc']) ? '' : $_GET['bcc'] : stripslashes($_POST['bcc']);
// Did they make any mistakes?
if ($_REQUEST['subject'] == '') {
$post_errors[] = 'no_subject';
}
if (!isset($_REQUEST['message']) || $_REQUEST['message'] == '') {
$post_errors[] = 'no_message';
} elseif (!empty($modSettings['max_messageLength']) && $func['strlen']($_REQUEST['message']) > $modSettings['max_messageLength']) {
$post_errors[] = 'long_message';
}
if (empty($_REQUEST['to']) && empty($_REQUEST['bcc']) && empty($_REQUEST['u'])) {
$post_errors[] = 'no_to';
}
// Wrong verification code?
if (!$user_info['is_admin'] && !empty($modSettings['pm_posts_verification']) && $user_info['posts'] < $modSettings['pm_posts_verification'] && (empty($_REQUEST['visual_verification_code']) || strtoupper($_REQUEST['visual_verification_code']) !== $_SESSION['visual_verification_code'])) {
$post_errors[] = 'wrong_verification_code';
}
// If they did, give a chance to make ammends.
if (!empty($post_errors)) {
return messagePostError($post_errors, $func['htmlspecialchars']($_REQUEST['to']), $func['htmlspecialchars']($_REQUEST['bcc']));
}
// Want to take a second glance before you send?
if (isset($_REQUEST['preview'])) {
// Set everything up to be displayed.
$context['preview_subject'] = $func['htmlspecialchars'](stripslashes($_REQUEST['subject']));
$context['preview_message'] = $func['htmlspecialchars'](stripslashes($_REQUEST['message']), ENT_QUOTES);
preparsecode($context['preview_message'], true);
// Parse out the BBC if it is enabled.
$context['preview_message'] = parse_bbc($context['preview_message']);
// Censor, as always.
censorText($context['preview_subject']);
censorText($context['preview_message']);
// Set a descriptive title.
$context['page_title'] = $txt[507] . ' - ' . $context['preview_subject'];
// Pretend they messed up :P.
return messagePostError(array(), $func['htmlspecialchars']($_REQUEST['to']), $func['htmlspecialchars']($_REQUEST['bcc']));
}
// Protect from message spamming.
spamProtection('spam');
// Prevent double submission of this form.
checkSubmitOnce('check');
// Initialize member ID array.
$recipients = array('to' => array(), 'bcc' => array());
// Format the to and bcc members.
$input = array('to' => array(), 'bcc' => array());
if (empty($_REQUEST['u'])) {
// To who..?
if (!empty($_REQUEST['to'])) {
// We're going to take out the "s anyway ;).
$_REQUEST['to'] = strtr($_REQUEST['to'], array('\\"' => '"'));
preg_match_all('~"([^"]+)"~', $_REQUEST['to'], $matches);
$input['to'] = array_unique(array_merge($matches[1], explode(',', preg_replace('~"([^"]+)"~', '', $_REQUEST['to']))));
}
// Your secret's safe with me!
if (!empty($_REQUEST['bcc'])) {
// We're going to take out the "s anyway ;).
$_REQUEST['bcc'] = strtr($_REQUEST['bcc'], array('\\"' => '"'));
preg_match_all('~"([^"]+)"~', $_REQUEST['bcc'], $matches);
$input['bcc'] = array_unique(array_merge($matches[1], explode(',', preg_replace('~"([^"]+)"~', '', $_REQUEST['bcc']))));
}
foreach ($input as $rec_type => $rec) {
foreach ($rec as $index => $member) {
if (strlen(trim($member)) > 0) {
$input[$rec_type][$index] = $func['htmlspecialchars']($func['strtolower'](stripslashes(trim($member))));
} else {
unset($input[$rec_type][$index]);
//.........這裏部分代碼省略.........
示例3: method_report_post
function method_report_post()
{
global $context, $mobdb, $modSettings, $scripturl, $user_info, $sourcedir, $txt;
// Get the message ID
if (!isset($context['mob_request']['params'][0])) {
outputRPCResult(false, $txt['smf272']);
}
$id_msg = (int) $context['mob_request']['params'][0][0];
$reason = utf8ToAscii(base64_decode($context['mob_request']['params'][1][0]));
require_once $sourcedir . '/Subs-Post.php';
$mobdb->query("\n SELECT m.subject, m.ID_MEMBER, m.posterName, mem.realName, m.ID_TOPIC, m.ID_BOARD\n FROM {db_prefix}messages AS m\n LEFT JOIN {db_prefix}members AS mem ON (m.ID_MEMBER = mem.ID_MEMBER)\n WHERE m.ID_MSG = {$id_msg}\n LIMIT 1", array());
if ($mobdb->num_rows() == 0) {
outputRPCResult(false, $txt['smf272']);
}
$message_info = $mobdb->fetch_assoc();
global $topic, $board;
list($subject, $member, $posterName, $realName, $topic, $board) = array($message_info['subject'], $message_info['ID_MEMBER'], $message_info['posterName'], $message_info['realName'], $message_info['ID_TOPIC'], $message_info['ID_BOARD']);
$mobdb->free_result();
loadBoard();
loadPermissions();
// You can't use this if it's off or you are not allowed to do it.
if (!allowedTo('report_any')) {
outputRPCResult(false, $txt['cannot_report_any']);
}
spamProtection('spam');
if ($member == $user_info['id']) {
outputRPCResult(false, $txt['rtm_not_own']);
}
$posterName = un_htmlspecialchars($realName) . ($realName != $posterName ? ' (' . $posterName . ')' : '');
$reporterName = un_htmlspecialchars($user_info['name']) . ($user_info['name'] != $user_info['username'] && $user_info['username'] != '' ? ' (' . $user_info['username'] . ')' : '');
$subject = un_htmlspecialchars($subject);
// Get a list of members with the moderate_board permission.
require_once $sourcedir . '/Subs-Members.php';
$moderators = membersAllowedTo('moderate_board', $board);
$mobdb->query("\n SELECT ID_MEMBER, emailAddress, lngfile\n FROM {db_prefix}members\n WHERE ID_MEMBER IN (" . implode(', ', $moderators) . ")\n AND notifyTypes != 4\n ORDER BY lngfile", array());
// Check that moderators do exist!
if ($mobdb->num_rows() == 0) {
outputRPCResult(false, $txt['rtm11']);
}
// Send every moderator an email.
while ($row = $mobdb->fetch_assoc()) {
loadLanguage('Post', empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile'], false);
// Send it to the moderator.
sendmail($row['emailAddress'], $txt['rtm3'] . ': ' . $subject . ' ' . $txt['rtm4'] . ' ' . $posterName, sprintf($txt['rtm_email1'], $subject) . ' ' . $posterName . ' ' . $txt['rtm_email2'] . ' ' . (empty($user_info['id']) ? $txt['guest'] . ' (' . $user_info['ip'] . ')' : $reporterName) . ' ' . $txt['rtm_email3'] . ":\n\n" . $scripturl . '?topic=' . $topic . '.msg' . $id_msg . '#msg' . $id_msg . "\n\n" . $txt['rtm_email_comment'] . ":\n" . $reason . "\n\n" . $txt[130], $user_info['email']);
}
$mobdb->free_result();
outputRPCResult(true);
}
示例4: action_reporttm2
/**
* Send the emails.
*
* - Sends off emails to all the moderators.
* - Sends to administrators and global moderators. (1 and 2)
* - Called by action_reporttm(), and thus has the same permission and setting requirements as it does.
* - Accessed through ?action=reporttm when posting.
*/
public function action_reporttm2()
{
global $txt, $scripturl, $topic, $board, $user_info, $modSettings, $language, $context;
// You must have the proper permissions!
isAllowedTo('report_any');
// Make sure they aren't spamming.
spamProtection('reporttm');
require_once SUBSDIR . '/Mail.subs.php';
// No errors, yet.
$report_errors = Error_Context::context('report', 1);
// Check their session.
if (checkSession('post', '', false) != '') {
$report_errors->addError('session_timeout');
}
// Make sure we have a comment and it's clean.
if (!isset($_POST['comment']) || Util::htmltrim($_POST['comment']) === '') {
$report_errors->addError('no_comment');
}
$poster_comment = strtr(Util::htmlspecialchars($_POST['comment']), array("\r" => '', "\t" => ''));
if (Util::strlen($poster_comment) > 254) {
$report_errors->addError('post_too_long');
}
// Guests need to provide their address!
if ($user_info['is_guest']) {
require_once SUBSDIR . '/DataValidator.class.php';
if (!Data_Validator::is_valid($_POST, array('email' => 'valid_email'), array('email' => 'trim'))) {
empty($_POST['email']) ? $report_errors->addError('no_email') : $report_errors->addError('bad_email');
}
isBannedEmail($_POST['email'], 'cannot_post', sprintf($txt['you_are_post_banned'], $txt['guest_title']));
$user_info['email'] = htmlspecialchars($_POST['email'], ENT_COMPAT, 'UTF-8');
}
// Could they get the right verification code?
if ($user_info['is_guest'] && !empty($modSettings['guests_report_require_captcha'])) {
require_once SUBSDIR . '/VerificationControls.class.php';
$verificationOptions = array('id' => 'report');
$context['require_verification'] = create_control_verification($verificationOptions, true);
if (is_array($context['require_verification'])) {
foreach ($context['require_verification'] as $error) {
$report_errors->addError($error, 0);
}
}
}
// Any errors?
if ($report_errors->hasErrors()) {
return $this->action_reporttm();
}
// Get the basic topic information, and make sure they can see it.
$msg_id = (int) $_POST['msg'];
$message = posterDetails($msg_id, $topic);
if (empty($message)) {
fatal_lang_error('no_board', false);
}
$poster_name = un_htmlspecialchars($message['real_name']) . ($message['real_name'] != $message['poster_name'] ? ' (' . $message['poster_name'] . ')' : '');
$reporterName = un_htmlspecialchars($user_info['name']) . ($user_info['name'] != $user_info['username'] && $user_info['username'] != '' ? ' (' . $user_info['username'] . ')' : '');
$subject = un_htmlspecialchars($message['subject']);
// Get a list of members with the moderate_board permission.
require_once SUBSDIR . '/Members.subs.php';
$moderators = membersAllowedTo('moderate_board', $board);
$result = getBasicMemberData($moderators, array('preferences' => true, 'sort' => 'lngfile'));
$mod_to_notify = array();
foreach ($result as $row) {
if ($row['notify_types'] != 4) {
$mod_to_notify[] = $row;
}
}
// Check that moderators do exist!
if (empty($mod_to_notify)) {
fatal_lang_error('no_mods', false);
}
// If we get here, I believe we should make a record of this, for historical significance, yabber.
if (empty($modSettings['disable_log_report'])) {
require_once SUBSDIR . '/Messages.subs.php';
$id_report = recordReport($message, $poster_comment);
// If we're just going to ignore these, then who gives a monkeys...
if ($id_report === false) {
redirectexit('topic=' . $topic . '.msg' . $msg_id . '#msg' . $msg_id);
}
}
// Find out who the real moderators are - for mod preferences.
require_once SUBSDIR . '/Boards.subs.php';
$real_mods = getBoardModerators($board, true);
// Send every moderator an email.
foreach ($mod_to_notify as $row) {
// Maybe they don't want to know?!
if (!empty($row['mod_prefs'])) {
list(, , $pref_binary) = explode('|', $row['mod_prefs']);
if (!($pref_binary & 1) && (!($pref_binary & 2) || !in_array($row['id_member'], $real_mods))) {
continue;
}
}
$replacements = array('TOPICSUBJECT' => $subject, 'POSTERNAME' => $poster_name, 'REPORTERNAME' => $reporterName, 'TOPICLINK' => $scripturl . '?topic=' . $topic . '.msg' . $msg_id . '#msg' . $msg_id, 'REPORTLINK' => !empty($id_report) ? $scripturl . '?action=moderate;area=reports;report=' . $id_report : '', 'COMMENT' => $_POST['comment']);
$emaildata = loadEmailTemplate('report_to_moderator', $replacements, empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile']);
//.........這裏部分代碼省略.........
示例5: action_contact
/**
* Shows the contact form for the user to fill out
* Needs to be enabled to be used
*/
public function action_contact()
{
global $context, $txt, $user_info, $modSettings;
// Already inside, no need to use this, just send a PM
// Disabled, you cannot enter.
if (!$user_info['is_guest'] || empty($modSettings['enable_contactform']) || $modSettings['enable_contactform'] == 'disabled') {
redirectexit();
}
loadLanguage('Login');
loadTemplate('Register');
if (isset($_REQUEST['send'])) {
checkSession('post');
validateToken('contact');
spamProtection('contact');
// No errors, yet.
$context['errors'] = array();
loadLanguage('Errors');
// Could they get the right send topic verification code?
require_once SUBSDIR . '/VerificationControls.class.php';
require_once SUBSDIR . '/Members.subs.php';
// form validation
require_once SUBSDIR . '/DataValidator.class.php';
$validator = new Data_Validator();
$validator->sanitation_rules(array('emailaddress' => 'trim', 'contactmessage' => 'trim|Util::htmlspecialchars'));
$validator->validation_rules(array('emailaddress' => 'required|valid_email', 'contactmessage' => 'required'));
$validator->text_replacements(array('emailaddress' => $txt['error_email'], 'contactmessage' => $txt['error_message']));
// Any form errors
if (!$validator->validate($_POST)) {
$context['errors'] = $validator->validation_errors();
}
// How about any verification errors
$verificationOptions = array('id' => 'contactform');
$context['require_verification'] = create_control_verification($verificationOptions, true);
if (is_array($context['require_verification'])) {
foreach ($context['require_verification'] as $error) {
$context['errors'][] = $txt['error_' . $error];
}
}
// No errors, then send the PM to the admins
if (empty($context['errors'])) {
$admins = admins();
if (!empty($admins)) {
require_once SUBSDIR . '/PersonalMessage.subs.php';
sendpm(array('to' => array_keys($admins), 'bcc' => array()), $txt['contact_subject'], $_REQUEST['contactmessage'], false, array('id' => 0, 'name' => $validator->emailaddress, 'username' => $validator->emailaddress));
}
// Send the PM
redirectexit('action=contact;sa=done');
} else {
$context['emailaddress'] = $validator->emailaddress;
$context['contactmessage'] = $validator->contactmessage;
}
}
if (isset($_GET['sa']) && $_GET['sa'] == 'done') {
$context['sub_template'] = 'contact_form_done';
} else {
$context['sub_template'] = 'contact_form';
$context['page_title'] = $txt['admin_contact_form'];
require_once SUBSDIR . '/VerificationControls.class.php';
$verificationOptions = array('id' => 'contactform');
$context['require_verification'] = create_control_verification($verificationOptions);
$context['visual_verification_id'] = $verificationOptions['id'];
}
createToken('contact');
}
示例6: MessagePost2
//.........這裏部分代碼省略.........
$post_errors = array_diff($post_errors, array('no_to'));
foreach ($namesNotFound[$recipientType] as $name) {
$context['send_log']['failed'][] = sprintf($txt['pm_error_user_not_found'], $name);
}
}
}
}
// Did they make any mistakes?
if ($_REQUEST['subject'] == '') {
$post_errors[] = 'no_subject';
}
if (!isset($_REQUEST['message']) || $_REQUEST['message'] == '') {
$post_errors[] = 'no_message';
} elseif (!empty($modSettings['max_messageLength']) && $smcFunc['strlen']($_REQUEST['message']) > $modSettings['max_messageLength']) {
$post_errors[] = 'long_message';
} else {
// Preparse the message.
$message = $_REQUEST['message'];
preparsecode($message);
// Make sure there's still some content left without the tags.
if ($smcFunc['htmltrim'](strip_tags(parse_bbc($smcFunc['htmlspecialchars']($message, ENT_QUOTES), false), '<img>')) === '' && (!allowedTo('admin_forum') || strpos($message, '[html]') === false)) {
$post_errors[] = 'no_message';
}
}
// Wrong verification code?
if (!$user_info['is_admin'] && !isset($_REQUEST['xml']) && !empty($modSettings['pm_posts_verification']) && $user_info['posts'] < $modSettings['pm_posts_verification']) {
require_once $sourcedir . '/Subs-Editor.php';
$verificationOptions = array('id' => 'pm');
$context['require_verification'] = create_control_verification($verificationOptions, true);
if (is_array($context['require_verification'])) {
$post_errors = array_merge($post_errors, $context['require_verification']);
}
}
// If they did, give a chance to make ammends.
if (!empty($post_errors) && !$is_recipient_change && !isset($_REQUEST['preview']) && !isset($_REQUEST['xml'])) {
return messagePostError($post_errors, $namedRecipientList, $recipientList);
}
// Want to take a second glance before you send?
if (isset($_REQUEST['preview'])) {
// Set everything up to be displayed.
$context['preview_subject'] = $smcFunc['htmlspecialchars']($_REQUEST['subject']);
$context['preview_message'] = $smcFunc['htmlspecialchars']($_REQUEST['message'], ENT_QUOTES);
preparsecode($context['preview_message'], true);
// Parse out the BBC if it is enabled.
$context['preview_message'] = parse_bbc($context['preview_message']);
// Censor, as always.
censorText($context['preview_subject']);
censorText($context['preview_message']);
// Set a descriptive title.
$context['page_title'] = $txt['preview'] . ' - ' . $context['preview_subject'];
// Pretend they messed up but don't ignore if they really did :P.
return messagePostError($post_errors, $namedRecipientList, $recipientList);
} elseif ($is_recipient_change) {
// Maybe we couldn't find one?
foreach ($namesNotFound as $recipientType => $names) {
$post_errors[] = 'bad_' . $recipientType;
foreach ($names as $name) {
$context['send_log']['failed'][] = sprintf($txt['pm_error_user_not_found'], $name);
}
}
return messagePostError(array(), $namedRecipientList, $recipientList);
}
// Want to save this as a draft and think about it some more?
if (!empty($modSettings['drafts_enabled']) && !empty($modSettings['drafts_pm_enabled']) && isset($_POST['save_draft'])) {
require_once $sourcedir . '/Drafts.php';
SavePMDraft($post_errors, $recipientList);
return messagePostError($post_errors, $namedRecipientList, $recipientList);
} elseif (!empty($modSettings['max_pm_recipients']) && count($recipientList['to']) + count($recipientList['bcc']) > $modSettings['max_pm_recipients'] && !allowedTo(array('moderate_forum', 'send_mail', 'admin_forum'))) {
$context['send_log'] = array('sent' => array(), 'failed' => array(sprintf($txt['pm_too_many_recipients'], $modSettings['max_pm_recipients'])));
return messagePostError($post_errors, $namedRecipientList, $recipientList);
}
// Protect from message spamming.
spamProtection('pm');
// Prevent double submission of this form.
checkSubmitOnce('check');
// Do the actual sending of the PM.
if (!empty($recipientList['to']) || !empty($recipientList['bcc'])) {
$context['send_log'] = sendpm($recipientList, $_REQUEST['subject'], $_REQUEST['message'], !empty($_REQUEST['outbox']), null, !empty($_REQUEST['pm_head']) ? (int) $_REQUEST['pm_head'] : 0);
} else {
$context['send_log'] = array('sent' => array(), 'failed' => array());
}
// Mark the message as "replied to".
if (!empty($context['send_log']['sent']) && !empty($_REQUEST['replied_to']) && isset($_REQUEST['f']) && $_REQUEST['f'] == 'inbox') {
$smcFunc['db_query']('', '
UPDATE {db_prefix}pm_recipients
SET is_read = is_read | 2
WHERE id_pm = {int:replied_to}
AND id_member = {int:current_member}', array('current_member' => $user_info['id'], 'replied_to' => (int) $_REQUEST['replied_to']));
}
// If one or more of the recipient were invalid, go back to the post screen with the failed usernames.
if (!empty($context['send_log']['failed'])) {
return messagePostError($post_errors, $namesNotFound, array('to' => array_intersect($recipientList['to'], $context['send_log']['failed']), 'bcc' => array_intersect($recipientList['bcc'], $context['send_log']['failed'])));
}
// Message sent successfully?
if (!empty($context['send_log']) && empty($context['send_log']['failed'])) {
$context['current_label_redirect'] = $context['current_label_redirect'] . ';done=sent';
}
// Go back to the where they sent from, if possible...
redirectexit($context['current_label_redirect']);
}
示例7: RemindPick
function RemindPick()
{
global $context, $txt, $scripturl, $sourcedir, $user_info, $webmaster_email, $smcFunc, $language, $modSettings;
checkSession();
validateToken('remind');
createToken('remind');
// Coming with a known ID?
if (!empty($_REQUEST['uid'])) {
$where = 'id_member = {int:id_member}';
$where_params['id_member'] = (int) $_REQUEST['uid'];
} elseif (isset($_POST['user']) && $_POST['user'] != '') {
$where = 'member_name = {string:member_name}';
$where_params['member_name'] = $_POST['user'];
$where_params['email_address'] = $_POST['user'];
}
// You must enter a username/email address.
if (empty($where)) {
fatal_lang_error('username_no_exist', false);
}
// Make sure we are not being slammed
spamProtection('remind');
// Find the user!
$request = $smcFunc['db_query']('', '
SELECT id_member, real_name, member_name, email_address, is_activated, validation_code, lngfile, openid_uri, secret_question
FROM {db_prefix}members
WHERE ' . $where . '
LIMIT 1', array_merge($where_params, array()));
// Maybe email?
if ($smcFunc['db_num_rows']($request) == 0 && empty($_REQUEST['uid'])) {
$smcFunc['db_free_result']($request);
$request = $smcFunc['db_query']('', '
SELECT id_member, real_name, member_name, email_address, is_activated, validation_code, lngfile, openid_uri, secret_question
FROM {db_prefix}members
WHERE email_address = {string:email_address}
LIMIT 1', array_merge($where_params, array()));
if ($smcFunc['db_num_rows']($request) == 0) {
fatal_lang_error('no_user_with_email', false);
}
}
$row = $smcFunc['db_fetch_assoc']($request);
$smcFunc['db_free_result']($request);
$context['account_type'] = !empty($row['openid_uri']) ? 'openid' : 'password';
// If the user isn't activated/approved, give them some feedback on what to do next.
if ($row['is_activated'] != 1) {
// Awaiting approval...
if (trim($row['validation_code']) == '') {
fatal_error($txt['registration_not_approved'] . ' <a href="' . $scripturl . '?action=activate;user=' . $_POST['user'] . '">' . $txt['here'] . '</a>.', false);
} else {
fatal_error($txt['registration_not_activated'] . ' <a href="' . $scripturl . '?action=activate;user=' . $_POST['user'] . '">' . $txt['here'] . '</a>.', false);
}
}
// You can't get emailed if you have no email address.
$row['email_address'] = trim($row['email_address']);
if ($row['email_address'] == '') {
fatal_error($txt['no_reminder_email'] . '<br />' . $txt['send_email'] . ' <a href="mailto:' . $webmaster_email . '">webmaster</a> ' . $txt['to_ask_password'] . '.');
}
// If they have no secret question then they can only get emailed the item, or they are requesting the email, send them an email.
if (empty($row['secret_question']) || isset($_POST['reminder_type']) && $_POST['reminder_type'] == 'email') {
// Randomly generate a new password, with only alpha numeric characters that is a max length of 10 chars.
require_once $sourcedir . '/Subs-Members.php';
$password = generateValidationCode();
require_once $sourcedir . '/Subs-Post.php';
$replacements = array('REALNAME' => $row['real_name'], 'REMINDLINK' => $scripturl . '?action=reminder;sa=setpassword;u=' . $row['id_member'] . ';code=' . $password, 'IP' => $user_info['ip'], 'MEMBERNAME' => $row['member_name'], 'OPENID' => $row['openid_uri']);
$emaildata = loadEmailTemplate('forgot_' . $context['account_type'], $replacements, empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile']);
$context['description'] = $txt['reminder_' . (!empty($row['openid_uri']) ? 'openid_' : '') . 'sent'];
// If they were using OpenID simply email them their OpenID identity.
sendmail($row['email_address'], $emaildata['subject'], $emaildata['body'], null, null, false, 1);
if (empty($row['openid_uri'])) {
// Set the password in the database.
updateMemberData($row['id_member'], array('validation_code' => substr(md5($password), 0, 10)));
}
// Set up the template.
$context['sub_template'] = 'sent';
// Dont really.
return;
} elseif (isset($_POST['reminder_type']) && $_POST['reminder_type'] == 'secret') {
return SecretAnswerInput();
}
// No we're here setup the context for template number 2!
$context['sub_template'] = 'reminder_pick';
$context['current_member'] = array('id' => $row['id_member'], 'name' => $row['member_name']);
}
示例8: Post2
//.........這裏部分代碼省略.........
}
// What are you going to vote between with one choice?!?
if (count($_POST['options']) < 2) {
$post_errors[] = 'poll_few';
}
}
if ($posterIsGuest) {
// If user is a guest, make sure the chosen name isn't taken.
require_once $sourcedir . '/Subs-Members.php';
if (isReservedName($_POST['guestname'], 0, true, false) && (!isset($row['poster_name']) || $_POST['guestname'] != $row['poster_name'])) {
$post_errors[] = 'bad_name';
}
} elseif (!isset($_REQUEST['msg'])) {
$_POST['guestname'] = $user_info['username'];
$_POST['email'] = $user_info['email'];
}
// Any mistakes?
if (!empty($post_errors)) {
loadLanguage('Errors');
// Previewing.
$_REQUEST['preview'] = true;
$context['post_error'] = array('messages' => array());
foreach ($post_errors as $post_error) {
$context['post_error'][$post_error] = true;
if ($post_error == 'long_message') {
$txt['error_' . $post_error] = sprintf($txt['error_' . $post_error], $modSettings['max_messageLength']);
}
$context['post_error']['messages'][] = $txt['error_' . $post_error];
}
return Post();
}
// Make sure the user isn't spamming the board.
if (!isset($_REQUEST['msg'])) {
spamProtection('post');
}
// At about this point, we're posting and that's that.
ignore_user_abort(true);
@set_time_limit(300);
// Add special html entities to the subject, name, and email.
$_POST['subject'] = strtr($smcFunc['htmlspecialchars']($_POST['subject']), array("\r" => '', "\n" => '', "\t" => ''));
$_POST['guestname'] = htmlspecialchars($_POST['guestname']);
$_POST['email'] = htmlspecialchars($_POST['email']);
// At this point, we want to make sure the subject isn't too long.
if ($smcFunc['strlen']($_POST['subject']) > 100) {
$_POST['subject'] = $smcFunc['substr']($_POST['subject'], 0, 100);
}
// Make the poll...
if (isset($_REQUEST['poll'])) {
// Make sure that the user has not entered a ridiculous number of options..
if (empty($_POST['poll_max_votes']) || $_POST['poll_max_votes'] <= 0) {
$_POST['poll_max_votes'] = 1;
} elseif ($_POST['poll_max_votes'] > count($_POST['options'])) {
$_POST['poll_max_votes'] = count($_POST['options']);
} else {
$_POST['poll_max_votes'] = (int) $_POST['poll_max_votes'];
}
$_POST['poll_expire'] = (int) $_POST['poll_expire'];
$_POST['poll_expire'] = $_POST['poll_expire'] > 9999 ? 9999 : ($_POST['poll_expire'] < 0 ? 0 : $_POST['poll_expire']);
// Just set it to zero if it's not there..
if (!isset($_POST['poll_hide'])) {
$_POST['poll_hide'] = 0;
} else {
$_POST['poll_hide'] = (int) $_POST['poll_hide'];
}
$_POST['poll_change_vote'] = isset($_POST['poll_change_vote']) ? 1 : 0;
$_POST['poll_guest_vote'] = isset($_POST['poll_guest_vote']) ? 1 : 0;
示例9: Register2
//.........這裏部分代碼省略.........
if ($mc_row = $smcFunc['db_fetch_assoc']($mc_request)) {
$already_taken_memID = $mc_row['id_member'];
}
$smcFunc['db_free_result']($mc_request);
// if custom name is not taken, compare it to account names, or just grab name
$mc_request = $smcFunc['db_query']('', '
SELECT `id_member`, `real_name`
FROM `{db_prefix}members`
WHERE id_member = {int:already_taken_memID} OR
(
(
`real_name` = {string:value}
OR `member_name` = {string:value}
)
)', array('already_taken_memID' => $already_taken_memID, 'value' => strtolower($value)));
if ($mc_row = $smcFunc['db_fetch_assoc']($mc_request)) {
$already_taken_memID = $mc_row['id_member'];
$already_taken_memName = $mc_row['real_name'];
}
$smcFunc['db_free_result']($mc_request);
if ($already_taken_memID != -1) {
// then someone already is using this name
global $boardurl;
$what_name = $row['col_name'] == "cust_minecra" ? 'Minecraft' : 'RSC';
die('<html>Error: <a href="' . $boardurl . '/index.php?action=profile;u=' . $already_taken_memID . "\">{$already_taken_memName}</a> has already registered this {$what_name} name!</html>");
}
}
if ($row['col_name'] == "cust_moparcr" && $value != '' && strlen($value) != 40) {
if (strlen($value) > 30) {
die("<html>Error: Maximum length for MoparCraft server password is 30 characters.</html>");
}
if ($value == $regOptions['password']) {
die("<html>Error: You can't set your MoparCraft server password to be the same as your forum password, if you want to use your forum password, leave this blank.</html>");
}
$value = sha1(strtolower($regOptions['username']) . htmlspecialchars_decode($value));
$_POST['customfield'][$row['col_name']] = $value;
}
// xxx end if we are editing our minecraft name, make sure there are no duplicates
// Is this required but not there?
if (trim($value) == '' && $row['show_reg'] > 1) {
$custom_field_errors[] = array('custom_field_empty', array($row['field_name']));
}
}
$smcFunc['db_free_result']($request);
// Process any errors.
if (!empty($custom_field_errors)) {
loadLanguage('Errors');
foreach ($custom_field_errors as $error) {
$reg_errors[] = vsprintf($txt['error_' . $error[0]], $error[1]);
}
}
// Lets check for other errors before trying to register the member.
if (!empty($reg_errors)) {
$_REQUEST['step'] = 2;
return Register($reg_errors);
}
// If they're wanting to use OpenID we need to validate them first.
if (empty($_SESSION['openid']['verified']) && !empty($_POST['authenticate']) && $_POST['authenticate'] == 'openid') {
// What do we need to save?
$save_variables = array();
foreach ($_POST as $k => $v) {
if (!in_array($k, array('sc', 'sesc', $context['session_var'], 'passwrd1', 'passwrd2', 'regSubmit'))) {
$save_variables[$k] = $v;
}
}
require_once $sourcedir . '/Subs-OpenID.php';
smf_openID_validate($_POST['openid_identifier'], false, $save_variables);
} elseif ($verifiedOpenID || !empty($_POST['openid_identifier']) && $_POST['authenticate'] == 'openid') {
$regOptions['username'] = !empty($_POST['user']) && trim($_POST['user']) != '' ? $_POST['user'] : $_SESSION['openid']['nickname'];
$regOptions['email'] = !empty($_POST['email']) && trim($_POST['email']) != '' ? $_POST['email'] : $_SESSION['openid']['email'];
$regOptions['auth_method'] = 'openid';
$regOptions['openid'] = !empty($_POST['openid_identifier']) ? $_POST['openid_identifier'] : $_SESSION['openid']['openid_uri'];
}
$memberID = registerMember($regOptions, true);
// What there actually an error of some kind dear boy?
if (is_array($memberID)) {
$reg_errors = array_merge($reg_errors, $memberID);
$_REQUEST['step'] = 2;
return Register($reg_errors);
}
// Do our spam protection now.
spamProtection('register');
// We'll do custom fields after as then we get to use the helper function!
if (!empty($_POST['customfield'])) {
require_once $sourcedir . '/Profile.php';
require_once $sourcedir . '/Profile-Modify.php';
makeCustomFieldChanges($memberID, 'register');
}
// If COPPA has been selected then things get complicated, setup the template.
if (!empty($modSettings['coppaAge']) && empty($_SESSION['skip_coppa'])) {
redirectexit('action=coppa;member=' . $memberID);
} elseif (!empty($modSettings['registration_method'])) {
loadTemplate('Register');
$context += array('page_title' => $txt['register'], 'title' => $txt['registration_successful'], 'sub_template' => 'after', 'description' => $modSettings['registration_method'] == 2 ? $txt['approval_after_registration'] : $txt['activate_after_registration']);
} else {
call_integration_hook('integrate_activate', array($row['member_name']));
setLoginCookie(60 * $modSettings['cookieTime'], $memberID, sha1(sha1(strtolower($regOptions['username']) . $regOptions['password']) . $regOptions['register_vars']['password_salt']));
redirectexit('action=login2;sa=check;member=' . $memberID, $context['server']['needs_login_fix']);
}
}
示例10: ReportToModerator2
function ReportToModerator2()
{
global $txt, $scripturl, $db_prefix, $topic, $board, $user_info, $ID_MEMBER, $modSettings, $sourcedir, $language;
// Check their session... don't want them redirected here without their knowledge.
checkSession();
spamProtection('spam');
// You must have the proper permissions!
isAllowedTo('report_any');
require_once $sourcedir . '/Subs-Post.php';
// Get the basic topic information, and make sure they can see it.
$_POST['msg'] = (int) $_POST['msg'];
$request = db_query("\n\t\tSELECT m.subject, m.ID_MEMBER, m.posterName, mem.realName\n\t\tFROM {$db_prefix}messages AS m\n\t\t\tLEFT JOIN {$db_prefix}members AS mem ON (m.ID_MEMBER = mem.ID_MEMBER)\n\t\tWHERE m.ID_MSG = {$_POST['msg']}\n\t\t\tAND m.ID_TOPIC = {$topic}\n\t\tLIMIT 1", __FILE__, __LINE__);
if (mysql_num_rows($request) == 0) {
fatal_lang_error('smf232');
}
list($subject, $member, $posterName, $realName) = mysql_fetch_row($request);
mysql_free_result($request);
if ($member == $ID_MEMBER) {
fatal_lang_error('rtm_not_own', false);
}
$posterName = un_htmlspecialchars($realName) . ($realName != $posterName ? ' (' . $posterName . ')' : '');
$reporterName = un_htmlspecialchars($user_info['name']) . ($user_info['name'] != $user_info['username'] && $user_info['username'] != '' ? ' (' . $user_info['username'] . ')' : '');
$subject = un_htmlspecialchars($subject);
// Get a list of members with the moderate_board permission.
require_once $sourcedir . '/Subs-Members.php';
$moderators = membersAllowedTo('moderate_board', $board);
$request = db_query("\n\t\tSELECT ID_MEMBER, emailAddress, lngfile\n\t\tFROM {$db_prefix}members\n\t\tWHERE ID_MEMBER IN (" . implode(', ', $moderators) . ")\n\t\t\tAND notifyTypes != 4\n\t\tORDER BY lngfile", __FILE__, __LINE__);
// Check that moderators do exist!
if (mysql_num_rows($request) == 0) {
fatal_lang_error('rtm11', false);
}
// Send every moderator an email.
while ($row = mysql_fetch_assoc($request)) {
loadLanguage('Post', empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile'], false);
// Send it to the moderator.
sendmail($row['emailAddress'], $txt['rtm3'] . ': ' . $subject . ' ' . $txt['rtm4'] . ' ' . $posterName, sprintf($txt['rtm_email1'], $subject) . ' ' . $posterName . ' ' . $txt['rtm_email2'] . ' ' . (empty($ID_MEMBER) ? $txt['guest'] . ' (' . $user_info['ip'] . ')' : $reporterName) . ' ' . $txt['rtm_email3'] . ":\n\n" . $scripturl . '?topic=' . $topic . '.msg' . $_POST['msg'] . '#msg' . $_POST['msg'] . "\n\n" . $txt['rtm_email_comment'] . ":\n" . $_POST['comment'] . "\n\n" . $txt[130], $user_info['email']);
}
mysql_free_result($request);
// Back to the board! (you probably don't want to see the post anymore..)
redirectexit('board=' . $board . '.0');
}
示例11: Login2
function Login2()
{
global $txt, $db_prefix, $scripturl, $user_info, $user_settings;
global $cookiename, $maintenance, $ID_MEMBER, $modSettings, $context, $sc;
global $sourcedir;
// Load cookie authentication stuff.
require_once $sourcedir . '/Subs-Auth.php';
if (isset($_GET['sa']) && $_GET['sa'] == 'salt' && !$user_info['is_guest']) {
if (isset($_COOKIE[$cookiename]) && preg_match('~^a:[34]:\\{i:0;(i:\\d{1,6}|s:[1-8]:"\\d{1,8}");i:1;s:(0|40):"([a-fA-F0-9]{40})?";i:2;[id]:\\d{1,14};(i:3;i:\\d;)?\\}$~', $_COOKIE[$cookiename]) === 1) {
list(, , $timeout) = @unserialize($_COOKIE[$cookiename]);
} elseif (isset($_SESSION['login_' . $cookiename])) {
list(, , $timeout) = @unserialize(stripslashes($_SESSION['login_' . $cookiename]));
} else {
trigger_error('Login2(): Cannot be logged in without a session or cookie', E_USER_ERROR);
}
$user_settings['passwordSalt'] = substr(md5(mt_rand()), 0, 4);
updateMemberData($ID_MEMBER, array('passwordSalt' => '\'' . $user_settings['passwordSalt'] . '\''));
setLoginCookie($timeout - time(), $ID_MEMBER, sha1($user_settings['passwd'] . $user_settings['passwordSalt']));
redirectexit('action=login2;sa=check;member=' . $ID_MEMBER, $context['server']['needs_login_fix']);
} elseif (isset($_GET['sa']) && $_GET['sa'] == 'check') {
// Strike! You're outta there!
if ($_GET['member'] != $ID_MEMBER) {
fatal_lang_error('login_cookie_error', false);
}
// Some whitelisting for login_url...
if (empty($_SESSION['login_url'])) {
redirectexit();
} else {
// Best not to clutter the session data too much...
$temp = $_SESSION['login_url'];
unset($_SESSION['login_url']);
redirectexit($temp);
}
}
// Beyond this point you are assumed to be a guest trying to login.
if (!$user_info['is_guest']) {
redirectexit();
}
// Set the login_url if it's not already set.
if (empty($_SESSION['login_url']) && isset($_SESSION['old_url']) && preg_match('~(board|topic)[=,]~', $_SESSION['old_url']) != 0) {
$_SESSION['login_url'] = $_SESSION['old_url'];
}
// Are you guessing with a script that doesn't keep the session id?
spamProtection('login');
// Been guessing a lot, haven't we?
if (isset($_SESSION['failed_login']) && $_SESSION['failed_login'] >= $modSettings['failed_login_threshold'] * 3) {
fatal_lang_error('login_threshold_fail');
}
// Set up the cookie length. (if it's invalid, just fall through and use the default.)
if (isset($_POST['cookieneverexp']) || !empty($_POST['cookielength']) && $_POST['cookielength'] == -1) {
$modSettings['cookieTime'] = 3153600;
} elseif (!empty($_POST['cookielength']) && ($_POST['cookielength'] >= 1 || $_POST['cookielength'] <= 525600)) {
$modSettings['cookieTime'] = (int) $_POST['cookielength'];
}
// Set things up in case an error occurs.
if (!empty($maintenance) || empty($modSettings['allow_guestAccess'])) {
$context['sub_template'] = 'kick_guest';
}
loadLanguage('Login');
// Load the template stuff - wireless or normal.
if (WIRELESS) {
$context['sub_template'] = WIRELESS_PROTOCOL . '_login';
} else {
loadTemplate('Login');
$context['sub_template'] = 'login';
}
// Set up the default/fallback stuff.
$context['default_username'] = isset($_REQUEST['user']) ? htmlspecialchars(stripslashes($_REQUEST['user'])) : '';
$context['default_password'] = '';
$context['never_expire'] = $modSettings['cookieTime'] == 525600 || $modSettings['cookieTime'] == 3153600;
$context['login_error'] =& $txt[106];
$context['page_title'] = $txt[34];
// You forgot to type your username, dummy!
if (!isset($_REQUEST['user']) || $_REQUEST['user'] == '') {
$context['login_error'] =& $txt[37];
return;
}
// Hmm... maybe 'admin' will login with no password. Uhh... NO!
if ((!isset($_REQUEST['passwrd']) || $_REQUEST['passwrd'] == '') && (!isset($_REQUEST['hash_passwrd']) || strlen($_REQUEST['hash_passwrd']) != 40)) {
$context['login_error'] =& $txt[38];
return;
}
// No funky symbols either.
if (preg_match('~[<>&"\'=\\\\]~', $_REQUEST['user']) != 0) {
$context['login_error'] =& $txt[240];
return;
}
// Are we using any sort of integration to validate the login?
if (isset($modSettings['integrate_validate_login']) && function_exists($modSettings['integrate_validate_login'])) {
if (call_user_func($modSettings['integrate_validate_login'], $_REQUEST['user'], isset($_REQUEST['hash_passwrd']) && strlen($_REQUEST['hash_passwrd']) == 40 ? $_REQUEST['hash_passwrd'] : null, $modSettings['cookieTime']) == 'retry') {
$context['login_error'] = $txt['login_hash_error'];
$context['disable_login_hashing'] = true;
return;
}
}
// Load the data up!
$request = db_query("\n\t\tSELECT passwd, ID_MEMBER, ID_GROUP, lngfile, is_activated, emailAddress, additionalGroups, memberName, passwordSalt\n\t\tFROM {$db_prefix}members\n\t\tWHERE memberName = '{$_REQUEST['user']}'\n\t\tLIMIT 1", __FILE__, __LINE__);
// Probably mistyped or their email, try it as an email address. (memberName first, though!)
if (mysql_num_rows($request) == 0) {
mysql_free_result($request);
//.........這裏部分代碼省略.........
示例12: action_post2
//.........這裏部分代碼省略.........
}
if ($posterIsGuest) {
// If user is a guest, make sure the chosen name isn't taken.
require_once SUBSDIR . '/Members.subs.php';
if (isReservedName($_POST['guestname'], 0, true, false) && (!isset($msgInfo['poster_name']) || $_POST['guestname'] != $msgInfo['poster_name'])) {
$post_errors->addError('bad_name');
}
} elseif (!isset($_REQUEST['msg'])) {
$_POST['guestname'] = $user_info['username'];
$_POST['email'] = $user_info['email'];
}
// Posting somewhere else? Are we sure you can?
if (!empty($_REQUEST['post_in_board'])) {
$new_board = (int) $_REQUEST['post_in_board'];
if (!allowedTo('post_new', $new_board)) {
$post_in_board = boardInfo($new_board);
if (!empty($post_in_board)) {
$post_errors->addError(array('post_new_board', array($post_in_board['name'])));
} else {
$post_errors->addError('post_new');
}
}
}
// Any mistakes?
if ($post_errors->hasErrors() || $attach_errors->hasErrors()) {
addInlineJavascript('
$(document).ready(function () {
$("html,body").scrollTop($(\'.category_header:visible:first\').offset().top);
});');
return $this->action_post();
}
// Make sure the user isn't spamming the board.
if (!isset($_REQUEST['msg'])) {
spamProtection('post');
}
// At about this point, we're posting and that's that.
ignore_user_abort(true);
@set_time_limit(300);
// Add special html entities to the subject, name, and email.
$_POST['subject'] = strtr(Util::htmlspecialchars($_POST['subject']), array("\r" => '', "\n" => '', "\t" => ''));
$_POST['guestname'] = htmlspecialchars($_POST['guestname'], ENT_COMPAT, 'UTF-8');
$_POST['email'] = htmlspecialchars($_POST['email'], ENT_COMPAT, 'UTF-8');
// At this point, we want to make sure the subject isn't too long.
if (Util::strlen($_POST['subject']) > 100) {
$_POST['subject'] = Util::substr($_POST['subject'], 0, 100);
}
if (!empty($modSettings['mentions_enabled']) && !empty($_REQUEST['uid'])) {
$query_params = array();
$query_params['member_ids'] = array_unique(array_map('intval', $_REQUEST['uid']));
require_once SUBSDIR . '/Members.subs.php';
$mentioned_members = membersBy('member_ids', $query_params, true);
$replacements = 0;
$actually_mentioned = array();
foreach ($mentioned_members as $member) {
$_POST['message'] = str_replace('@' . $member['real_name'], '[member=' . $member['id_member'] . ']' . $member['real_name'] . '[/member]', $_POST['message'], $replacements);
if ($replacements > 0) {
$actually_mentioned[] = $member['id_member'];
}
}
}
// Make the poll...
if (isset($_REQUEST['poll'])) {
// Make sure that the user has not entered a ridiculous number of options..
if (empty($_POST['poll_max_votes']) || $_POST['poll_max_votes'] <= 0) {
$_POST['poll_max_votes'] = 1;
} elseif ($_POST['poll_max_votes'] > count($_POST['options'])) {
示例13: action_send2
//.........這裏部分代碼省略.........
$context['send_log']['failed'][] = sprintf($txt['pm_error_user_not_found'], $name);
}
}
}
}
// Did they make any mistakes like no subject or message?
if ($_REQUEST['subject'] == '') {
$post_errors->addError('no_subject');
}
if (!isset($_REQUEST['message']) || $_REQUEST['message'] == '') {
$post_errors->addError('no_message');
} elseif (!empty($modSettings['max_messageLength']) && Util::strlen($_REQUEST['message']) > $modSettings['max_messageLength']) {
$post_errors->addError('long_message');
} else {
// Preparse the message.
$message = $_REQUEST['message'];
preparsecode($message);
// Make sure there's still some content left without the tags.
if (Util::htmltrim(strip_tags(parse_bbc(Util::htmlspecialchars($message, ENT_QUOTES), false), '<img>')) === '' && (!allowedTo('admin_forum') || strpos($message, '[html]') === false)) {
$post_errors->addError('no_message');
}
}
// Wrong verification code?
if (!$user_info['is_admin'] && !isset($_REQUEST['xml']) && !empty($modSettings['pm_posts_verification']) && $user_info['posts'] < $modSettings['pm_posts_verification']) {
require_once SUBSDIR . '/VerificationControls.class.php';
$verificationOptions = array('id' => 'pm');
$context['require_verification'] = create_control_verification($verificationOptions, true);
if (is_array($context['require_verification'])) {
foreach ($context['require_verification'] as $error) {
$post_errors->addError($error);
}
}
}
// If they made any errors, give them a chance to make amends.
if ($post_errors->hasErrors() && !$is_recipient_change && !isset($_REQUEST['preview']) && !isset($_REQUEST['xml'])) {
return messagePostError($namedRecipientList, $recipientList);
}
// Want to take a second glance before you send?
if (isset($_REQUEST['preview'])) {
// Set everything up to be displayed.
$context['preview_subject'] = Util::htmlspecialchars($_REQUEST['subject']);
$context['preview_message'] = Util::htmlspecialchars($_REQUEST['message'], ENT_QUOTES, 'UTF-8', true);
preparsecode($context['preview_message'], true);
// Parse out the BBC if it is enabled.
$context['preview_message'] = parse_bbc($context['preview_message']);
// Censor, as always.
censorText($context['preview_subject']);
censorText($context['preview_message']);
// Set a descriptive title.
$context['page_title'] = $txt['preview'] . ' - ' . $context['preview_subject'];
// Pretend they messed up but don't ignore if they really did :P.
return messagePostError($namedRecipientList, $recipientList);
} elseif ($is_recipient_change) {
// Maybe we couldn't find one?
foreach ($namesNotFound as $recipientType => $names) {
$post_errors->addError('bad_' . $recipientType);
foreach ($names as $name) {
$context['send_log']['failed'][] = sprintf($txt['pm_error_user_not_found'], $name);
}
}
return messagePostError($namedRecipientList, $recipientList);
}
// Want to save this as a draft and think about it some more?
if ($context['drafts_pm_save'] && isset($_POST['save_draft'])) {
savePMDraft($recipientList);
return messagePostError($namedRecipientList, $recipientList);
} elseif (!empty($modSettings['max_pm_recipients']) && count($recipientList['to']) + count($recipientList['bcc']) > $modSettings['max_pm_recipients'] && !allowedTo(array('moderate_forum', 'send_mail', 'admin_forum'))) {
$context['send_log'] = array('sent' => array(), 'failed' => array(sprintf($txt['pm_too_many_recipients'], $modSettings['max_pm_recipients'])));
return messagePostError($namedRecipientList, $recipientList);
}
// Protect from message spamming.
spamProtection('pm');
// Prevent double submission of this form.
checkSubmitOnce('check');
// Finally do the actual sending of the PM.
if (!empty($recipientList['to']) || !empty($recipientList['bcc'])) {
$context['send_log'] = sendpm($recipientList, $_REQUEST['subject'], $_REQUEST['message'], true, null, !empty($_REQUEST['pm_head']) ? (int) $_REQUEST['pm_head'] : 0);
} else {
$context['send_log'] = array('sent' => array(), 'failed' => array());
}
// Mark the message as "replied to".
if (!empty($context['send_log']['sent']) && !empty($_REQUEST['replied_to']) && isset($_REQUEST['f']) && $_REQUEST['f'] == 'inbox') {
require_once SUBSDIR . '/PersonalMessage.subs.php';
setPMRepliedStatus($user_info['id'], (int) $_REQUEST['replied_to']);
}
// If one or more of the recipients were invalid, go back to the post screen with the failed usernames.
if (!empty($context['send_log']['failed'])) {
return messagePostError($namesNotFound, array('to' => array_intersect($recipientList['to'], $context['send_log']['failed']), 'bcc' => array_intersect($recipientList['bcc'], $context['send_log']['failed'])));
}
// Message sent successfully?
if (!empty($context['send_log']) && empty($context['send_log']['failed'])) {
$context['current_label_redirect'] = $context['current_label_redirect'] . ';done=sent';
// If we had a PM draft for this one, then its time to remove it since it was just sent
if ($context['drafts_pm_save'] && !empty($_POST['id_pm_draft'])) {
deleteDrafts($_POST['id_pm_draft'], $user_info['id']);
}
}
// Go back to the where they sent from, if possible...
redirectexit($context['current_label_redirect']);
}
示例14: action_login2
/**
* Actually logs you in.
*
* What it does:
* - checks credentials and checks that login was successful.
* - it employs protection against a specific IP or user trying to brute force
* a login to an account.
* - upgrades password encryption on login, if necessary.
* - after successful login, redirects you to $_SESSION['login_url'].
* - accessed from ?action=login2, by forms.
*
* On error, uses the same templates action_login() uses.
*/
public function action_login2()
{
global $txt, $scripturl, $user_info, $user_settings, $modSettings, $context, $sc;
// Load cookie authentication and all stuff.
require_once SUBSDIR . '/Auth.subs.php';
// Beyond this point you are assumed to be a guest trying to login.
if (!$user_info['is_guest']) {
redirectexit();
}
// Are you guessing with a script?
checkSession('post');
validateToken('login');
spamProtection('login');
// Set the login_url if it's not already set (but careful not to send us to an attachment).
if (empty($_SESSION['login_url']) && isset($_SESSION['old_url']) && strpos($_SESSION['old_url'], 'dlattach') === false && preg_match('~(board|topic)[=,]~', $_SESSION['old_url']) != 0 || isset($_GET['quicklogin']) && isset($_SESSION['old_url']) && strpos($_SESSION['old_url'], 'login') === false) {
$_SESSION['login_url'] = $_SESSION['old_url'];
}
// Been guessing a lot, haven't we?
if (isset($_SESSION['failed_login']) && $_SESSION['failed_login'] >= $modSettings['failed_login_threshold'] * 3) {
fatal_lang_error('login_threshold_fail', 'critical');
}
// Set up the cookie length. (if it's invalid, just fall through and use the default.)
if (isset($_POST['cookieneverexp']) || !empty($_POST['cookielength']) && $_POST['cookielength'] == -1) {
$modSettings['cookieTime'] = 3153600;
} elseif (!empty($_POST['cookielength']) && ($_POST['cookielength'] >= 1 || $_POST['cookielength'] <= 525600)) {
$modSettings['cookieTime'] = (int) $_POST['cookielength'];
}
loadLanguage('Login');
// Load the template stuff
loadTemplate('Login');
loadJavascriptFile('sha256.js', array('defer' => true));
$context['sub_template'] = 'login';
// Set up the default/fallback stuff.
$context['default_username'] = isset($_POST['user']) ? preg_replace('~&#(\\d{1,7}|x[0-9a-fA-F]{1,6});~', '&#\\1;', htmlspecialchars($_POST['user'], ENT_COMPAT, 'UTF-8')) : '';
$context['default_password'] = '';
$context['never_expire'] = $modSettings['cookieTime'] == 525600 || $modSettings['cookieTime'] == 3153600;
$context['login_errors'] = array($txt['error_occurred']);
$context['page_title'] = $txt['login'];
// Add the login chain to the link tree.
$context['linktree'][] = array('url' => $scripturl . '?action=login', 'name' => $txt['login']);
// This is an OpenID login. Let's validate...
if (!empty($_POST['openid_identifier']) && !empty($modSettings['enableOpenID'])) {
require_once SUBSDIR . '/OpenID.subs.php';
$open_id = new OpenID();
if ($open_id->validate($_POST['openid_identifier']) !== 'no_data') {
return $open_id;
} else {
$context['login_errors'] = array($txt['openid_not_found']);
return;
}
}
// You forgot to type your username, dummy!
if (!isset($_POST['user']) || $_POST['user'] == '') {
$context['login_errors'] = array($txt['need_username']);
return;
}
// No one needs a username that long, plus we only support 80 chars in the db
if (Util::strlen($_POST['user']) > 80) {
$_POST['user'] = Util::substr($_POST['user'], 0, 80);
}
// Can't use a password > 64 characters sorry, to long and only good for a DoS attack
// Plus we expect a 64 character one from SHA-256
if (isset($_POST['passwrd']) && strlen($_POST['passwrd']) > 64 || isset($_POST['hash_passwrd']) && strlen($_POST['hash_passwrd']) > 64) {
$context['login_errors'] = array($txt['improper_password']);
return;
}
// Hmm... maybe 'admin' will login with no password. Uhh... NO!
if ((!isset($_POST['passwrd']) || $_POST['passwrd'] == '') && (!isset($_POST['hash_passwrd']) || strlen($_POST['hash_passwrd']) != 64)) {
$context['login_errors'] = array($txt['no_password']);
return;
}
// No funky symbols either.
if (preg_match('~[<>&"\'=\\\\]~', preg_replace('~(&#(\\d{1,7}|x[0-9a-fA-F]{1,6});)~', '', $_POST['user'])) != 0) {
$context['login_errors'] = array($txt['error_invalid_characters_username']);
return;
}
// Are we using any sort of integration to validate the login?
if (in_array('retry', call_integration_hook('integrate_validate_login', array($_POST['user'], isset($_POST['hash_passwrd']) && strlen($_POST['hash_passwrd']) == 40 ? $_POST['hash_passwrd'] : null, $modSettings['cookieTime'])), true)) {
$context['login_errors'] = array($txt['login_hash_error']);
$context['disable_login_hashing'] = true;
return;
}
// Find them... if we can
$user_settings = loadExistingMember($_POST['user']);
// Let them try again, it didn't match anything...
if (empty($user_settings)) {
$context['login_errors'] = array($txt['username_no_exist']);
//.........這裏部分代碼省略.........
示例15: registerMember
function registerMember(&$regOptions)
{
global $scripturl, $txt, $modSettings, $db_prefix, $context, $sourcedir;
global $user_info, $options, $settings, $func;
loadLanguage('Login');
// We'll need some external functions.
require_once $sourcedir . '/Subs-Auth.php';
require_once $sourcedir . '/Subs-Post.php';
// Registration from the admin center, let them sweat a little more.
if ($regOptions['interface'] == 'admin') {
is_not_guest();
isAllowedTo('moderate_forum');
} elseif ($regOptions['interface'] == 'guest') {
spamProtection('register');
// You cannot register twice...
if (empty($user_info['is_guest'])) {
redirectexit();
}
// Make sure they didn't just register with this session.
if (!empty($_SESSION['just_registered']) && empty($modSettings['disableRegisterCheck'])) {
fatal_lang_error('register_only_once', false);
}
}
// No name?! How can you register with no name?
if (empty($regOptions['username'])) {
fatal_lang_error(37, false);
}
// Spaces and other odd characters are evil...
$regOptions['username'] = preg_replace('~[\\t\\n\\r\\x0B\\0' . ($context['utf8'] ? $context['server']['complex_preg_chars'] ? '\\x{A0}' : pack('C*', 0xc2, 0xa0) : '\\xA0') . ']+~' . ($context['utf8'] ? 'u' : ''), ' ', $regOptions['username']);
// Don't use too long a name.
if ($func['strlen']($regOptions['username']) > 25) {
$regOptions['username'] = $func['htmltrim']($func['substr']($regOptions['username'], 0, 25));
}
// Only these characters are permitted.
if (preg_match('~[<>&"\'=\\\\]~', $regOptions['username']) != 0 || $regOptions['username'] == '_' || $regOptions['username'] == '|' || strpos($regOptions['username'], '[code') !== false || strpos($regOptions['username'], '[/code') !== false) {
fatal_lang_error(240, false);
}
if (stristr($regOptions['username'], $txt[28]) !== false) {
fatal_lang_error(244, true, array($txt[28]));
}
// !!! Separate the sprintf?
if (empty($regOptions['email']) || preg_match('~^[0-9A-Za-z=_+\\-/][0-9A-Za-z=_\'+\\-/\\.]*@[\\w\\-]+(\\.[\\w\\-]+)*(\\.[\\w]{2,6})$~', stripslashes($regOptions['email'])) === 0 || strlen(stripslashes($regOptions['email'])) > 255) {
fatal_error(sprintf($txt[500], $regOptions['username']), false);
}
if (!empty($regOptions['check_reserved_name']) && isReservedName($regOptions['username'], 0, false)) {
if ($regOptions['password'] == 'chocolate cake') {
fatal_error('Sorry, I don\'t take bribes... you\'ll need to come up with a different name.', false);
}
fatal_error('(' . htmlspecialchars($regOptions['username']) . ') ' . $txt[473], false);
}
// Generate a validation code if it's supposed to be emailed.
$validation_code = '';
if ($regOptions['require'] == 'activation') {
$validation_code = generateValidationCode();
}
// If you haven't put in a password generated one.
if ($regOptions['interface'] == 'admin' && $regOptions['password'] == '') {
mt_srand(time() + 1277);
$regOptions['password'] = generateValidationCode();
$regOptions['password_check'] = $regOptions['password'];
} elseif ($regOptions['password'] != $regOptions['password_check']) {
fatal_lang_error(213, false);
}
// That's kind of easy to guess...
if ($regOptions['password'] == '') {
fatal_lang_error(91, false);
}
// Now perform hard password validation as required.
if (!empty($regOptions['check_password_strength'])) {
$passwordError = validatePassword($regOptions['password'], $regOptions['username'], array($regOptions['email']));
// Password isn't legal?
if ($passwordError != null) {
fatal_lang_error('profile_error_password_' . $passwordError, false);
}
}
// You may not be allowed to register this email.
if (!empty($regOptions['check_email_ban'])) {
isBannedEmail($regOptions['email'], 'cannot_register', $txt['ban_register_prohibited']);
}
// Check if the email address is in use.
$request = db_query("\n\t\tSELECT ID_MEMBER\n\t\tFROM {$db_prefix}members\n\t\tWHERE emailAddress = '{$regOptions['email']}'\n\t\t\tOR emailAddress = '{$regOptions['username']}'\n\t\tLIMIT 1", __FILE__, __LINE__);
// !!! Separate the sprintf?
if (mysql_num_rows($request) != 0) {
fatal_error(sprintf($txt[730], htmlspecialchars($regOptions['email'])), false);
}
mysql_free_result($request);
// Some of these might be overwritten. (the lower ones that are in the arrays below.)
$regOptions['register_vars'] = array('memberName' => "'{$regOptions['username']}'", 'emailAddress' => "'{$regOptions['email']}'", 'passwd' => '\'' . sha1(strtolower($regOptions['username']) . $regOptions['password']) . '\'', 'passwordSalt' => '\'' . substr(md5(mt_rand()), 0, 4) . '\'', 'posts' => 0, 'dateRegistered' => time(), 'memberIP' => "'{$user_info['ip']}'", 'memberIP2' => "'{$_SERVER['BAN_CHECK_IP']}'", 'validation_code' => "'{$validation_code}'", 'realName' => "'{$regOptions['username']}'", 'personalText' => '\'' . addslashes($modSettings['default_personalText']) . '\'', 'pm_email_notify' => 1, 'ID_THEME' => 0, 'ID_POST_GROUP' => 4, 'lngfile' => "''", 'buddy_list' => "''", 'pm_ignore_list' => "''", 'messageLabels' => "''", 'personalText' => "''", 'websiteTitle' => "''", 'websiteUrl' => "''", 'location' => "''", 'ICQ' => "''", 'AIM' => "''", 'YIM' => "''", 'MSN' => "''", 'timeFormat' => "''", 'signature' => "''", 'avatar' => "''", 'usertitle' => "''", 'secretQuestion' => "''", 'secretAnswer' => "''", 'additionalGroups' => "''", 'smileySet' => "''");
// Setup the activation status on this new account so it is correct - firstly is it an under age account?
if ($regOptions['require'] == 'coppa') {
$regOptions['register_vars']['is_activated'] = 5;
// !!! This should be changed. To what should be it be changed??
$regOptions['register_vars']['validation_code'] = "''";
} elseif ($regOptions['require'] == 'nothing') {
$regOptions['register_vars']['is_activated'] = 1;
} elseif ($regOptions['require'] == 'activation') {
$regOptions['register_vars']['is_activated'] = 0;
} else {
$regOptions['register_vars']['is_activated'] = 3;
}
//.........這裏部分代碼省略.........