| [ Index ] |
PHP Cross Reference of Nuke-Evolution v2.0.5 |
[Summary view] [Print] [Text view]
1 <?php 2 /*======================================================================= 3 Nuke-Evolution Basic: Enhanced PHP-Nuke Web Portal System 4 =======================================================================*/ 5 6 /*************************************************************************** 7 * functions_validate.php 8 * ------------------- 9 * begin : Saturday, Feb 13, 2001 10 * copyright : (C) 2001 The phpBB Group 11 * email : support@phpbb.com 12 * 13 * Id: functions_validate.php,v 1.6.2.13 2005/07/19 20:01:15 acydburn Exp 14 * 15 ***************************************************************************/ 16 17 /*************************************************************************** 18 * phpbb2 forums port version 2.0.5 (c) 2003 - Nuke Cops (http://nukecops.com) 19 * 20 * Ported by Nuke Cops to phpbb2 standalone 2.0.5 Test 21 * and debugging completed by the Elite Nukers and site members. 22 * 23 * You run this package at your sole risk. Nuke Cops and affiliates cannot 24 * be held liable if anything goes wrong. You are advised to test this 25 * package on a development system. Backup everything before implementing 26 * in a production environment. If something goes wrong, you can always 27 * backout and restore your backups. 28 * 29 * Installing and running this also means you agree to the terms of the AUP 30 * found at Nuke Cops. 31 * 32 * This is version 2.0.5 of the phpbb2 forum port for PHP-Nuke. Work is based 33 * on Tom Nitzschner's forum port version 2.0.6. Tom's 2.0.6 port was based 34 * on the phpbb2 standalone version 2.0.3. Our version 2.0.5 from Nuke Cops is 35 * now reflecting phpbb2 standalone 2.0.5 that fixes some bugs and the 36 * invalid_session error message. 37 ***************************************************************************/ 38 39 /*************************************************************************** 40 * This file is part of the phpBB2 port to Nuke 6.0 (c) copyright 2002 41 * by Tom Nitzschner (tom@toms-home.com) 42 * http://bbtonuke.sourceforge.net (or http://www.toms-home.com) 43 * 44 * As always, make a backup before messing with anything. All code 45 * release by me is considered sample code only. It may be fully 46 * functual, but you use it at your own risk, if you break it, 47 * you get to fix it too. No waranty is given or implied. 48 * 49 * Please post all questions/request about this port on http://bbtonuke.sourceforge.net first, 50 * then on my site. All original header code and copyright messages will be maintained 51 * to give credit where credit is due. If you modify this, the only requirement is 52 * that you also maintain all original copyright messages. All my work is released 53 * under the GNU GENERAL PUBLIC LICENSE. Please see the README for more information. 54 * 55 ***************************************************************************/ 56 57 /*************************************************************************** 58 * 59 * This program is free software; you can redistribute it and/or modify 60 * it under the terms of the GNU General Public License as published by 61 * the Free Software Foundation; either version 2 of the License, or 62 * (at your option) any later version. 63 * 64 ***************************************************************************/ 65 66 /*****[CHANGES]********************************************************** 67 -=[Mod]=- 68 Custom mass PM v1.4.7 07/04/2005 69 ************************************************************************/ 70 71 if (!defined('IN_PHPBB')) 72 { 73 die('Hacking attempt'); 74 } 75 76 // 77 // Check to see if the username has been taken, or if it is disallowed. 78 // Also checks if it includes the " character, which we don't allow in usernames. 79 // Used for registering, changing names, and posting anonymously with a username 80 // 81 function validate_username($username) 82 { 83 global $db, $lang, $userdata; 84 85 // Remove doubled up spaces 86 $username = preg_replace('#\s+#', ' ', trim($username)); 87 $username = phpbb_clean_username($username); 88 89 $sql = "SELECT username 90 FROM " . USERS_TABLE . " 91 WHERE LOWER(username) = '" . strtolower($username) . "'"; 92 if ($result = $db->sql_query($sql)) 93 { 94 while ($row = $db->sql_fetchrow($result)) 95 { 96 if (($userdata['session_logged_in'] && $row['username'] != $userdata['username']) || !$userdata['session_logged_in']) 97 { 98 $db->sql_freeresult($result); 99 return array('error' => true, 'error_msg' => $lang['Username_taken']); 100 } 101 } 102 } 103 $db->sql_freeresult($result); 104 105 $sql = "SELECT group_name 106 FROM " . GROUPS_TABLE . " 107 WHERE LOWER(group_name) = '" . strtolower($username) . "'"; 108 if ($result = $db->sql_query($sql)) 109 { 110 if ($row = $db->sql_fetchrow($result)) 111 { 112 $db->sql_freeresult($result); 113 return array('error' => true, 'error_msg' => $lang['Username_taken']); 114 } 115 } 116 $db->sql_freeresult($result); 117 118 global $prefix; 119 $sql = "SELECT config_value FROM `".$prefix."_cnbya_config` WHERE config_name='bad_nick'"; 120 $result = $db->sql_query($sql); 121 $row = $db->sql_fetchrowset($result); 122 $BadNickList = explode("\r\n",trim($row[0]["config_value"])); 123 $db->sql_freeresult($result); 124 for ($i=0; $i < count($BadNickList); $i++) { 125 if(!empty($BadNickList[$i])) { 126 if (preg_match("#\b(" . str_replace("\*", ".*?", preg_quote($BadNickList[$i], '#')) . ")\b#i", $username)) 127 { 128 return array('error' => true, 'error_msg' => $lang['Username_disallowed']); 129 } 130 } 131 } 132 133 $sql = "SELECT disallow_username 134 FROM " . DISALLOW_TABLE; 135 if ($result = $db->sql_query($sql)) 136 { 137 if ($row = $db->sql_fetchrow($result)) 138 { 139 do 140 { 141 if (preg_match("#\b(" . str_replace("\*", ".*?", preg_quote($row['disallow_username'], '#')) . ")\b#i", $username)) 142 { 143 $db->sql_freeresult($result); 144 return array('error' => true, 'error_msg' => $lang['Username_disallowed']); 145 } 146 } 147 while($row = $db->sql_fetchrow($result)); 148 } 149 } 150 $db->sql_freeresult($result); 151 152 $sql = "SELECT word 153 FROM " . WORDS_TABLE; 154 if ($result = $db->sql_query($sql)) 155 { 156 if ($row = $db->sql_fetchrow($result)) 157 { 158 do 159 { 160 if (preg_match("#\b(" . str_replace("\*", ".*?", preg_quote($row['word'], '#')) . ")\b#i", $username)) 161 { 162 $db->sql_freeresult($result); 163 return array('error' => true, 'error_msg' => $lang['Username_disallowed']); 164 } 165 } 166 while ($row = $db->sql_fetchrow($result)); 167 } 168 } 169 $db->sql_freeresult($result); 170 171 // Don't allow " and ALT-255 in username. 172 /*****[BEGIN]****************************************** 173 [ Mod: Custom mass PM v1.4.7 ] 174 ******************************************************/ 175 if (strstr($username, '"') || strstr($username, '"') || strstr($username, chr(160)) || strstr($username, ';')) 176 /*****[END]******************************************** 177 [ Mod: Custom mass PM v1.4.7 ] 178 ******************************************************/ 179 { 180 return array('error' => true, 'error_msg' => $lang['Username_invalid']); 181 } 182 183 return array('error' => false, 'error_msg' => ''); 184 } 185 186 // 187 // Check to see if email address is banned 188 // or already present in the DB 189 // 190 function validate_email($email) 191 { 192 global $db, $lang; 193 194 if (!empty($email)) 195 { 196 if (preg_match('/^[a-z0-9&\'\.\-_\+]+@[a-z0-9\-]+\.([a-z0-9\-]+\.)*?[a-z]+$/is', $email)) 197 { 198 $sql = "SELECT ban_email 199 FROM " . BANLIST_TABLE; 200 if ($result = $db->sql_query($sql)) 201 { 202 if ($row = $db->sql_fetchrow($result)) 203 { 204 do 205 { 206 $match_email = str_replace('*', '.*?', $row['ban_email']); 207 if (preg_match('/^' . $match_email . '$/is', $email)) 208 { 209 $db->sql_freeresult($result); 210 return array('error' => true, 'error_msg' => $lang['Email_banned']); 211 } 212 } 213 while($row = $db->sql_fetchrow($result)); 214 } 215 } 216 $db->sql_freeresult($result); 217 218 $sql = "SELECT user_email 219 FROM " . USERS_TABLE . " 220 WHERE user_email = '" . str_replace("\'", "''", $email) . "'"; 221 if (!($result = $db->sql_query($sql))) 222 { 223 message_die(GENERAL_ERROR, "Couldn't obtain user email information.", "", __LINE__, __FILE__, $sql); 224 } 225 226 if ($row = $db->sql_fetchrow($result)) 227 { 228 return array('error' => true, 'error_msg' => $lang['Email_taken']); 229 } 230 $db->sql_freeresult($result); 231 232 return array('error' => false, 'error_msg' => ''); 233 } 234 } 235 236 return array('error' => true, 'error_msg' => $lang['Email_invalid']); 237 } 238 239 // 240 // Does supplementary validation of optional profile fields. This expects common stuff like trim() and strip_tags() 241 // to have already been run. Params are passed by-ref, so we can set them to the empty string if they fail. 242 // 243 function validate_optional_fields(&$icq, &$aim, &$msnm, &$yim, &$website, &$location, &$occupation, &$interests, &$sig) 244 { 245 $check_var_length = array('aim', 'msnm', 'yim', 'location', 'occupation', 'interests', 'sig'); 246 247 for($i = 0; $i < count($check_var_length); $i++) 248 { 249 if (strlen($$check_var_length[$i]) < 2) 250 { 251 $$check_var_length[$i] = ''; 252 } 253 } 254 255 // ICQ number has to be only numbers. 256 if (!preg_match('/^[0-9]+$/', $icq)) 257 { 258 $icq = ''; 259 } 260 261 // website has to start with http://, followed by something with length at least 3 that 262 // contains at least one dot. 263 if ($website != "") 264 { 265 if (!preg_match('#^http[s]?:\/\/#i', $website)) 266 { 267 $website = 'http://' . $website; 268 } 269 270 if (!preg_match('#^http[s]?\\:\\/\\/[a-z0-9\-]+\.([a-z0-9\-]+\.)?[a-z]+#i', $website)) 271 { 272 $website = ''; 273 } 274 } 275 276 return; 277 } 278 279 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Wed Jun 6 11:38:01 2007 | Cross-referenced by PHPXref 0.7 |