home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
PC World 2005 April
/
PCWorld_2005-04_cd.bin
/
akce
/
web
/
phpnuke
/
PHP-Nuke-7.5.exe
/
html
/
includes
/
functions_validate.php
< prev
next >
Wrap
PHP Script
|
2004-07-22
|
11KB
|
249 lines
<?php
/***************************************************************************
* functions_validate.php
* -------------------
* begin : Saturday, Feb 13, 2001
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
* $Id: functions_validate.php,v 1.6.2.12 2003/06/09 19:13:05 psotfx Exp $
*
*
***************************************************************************/
/***************************************************************************
* phpbb2 forums port version 2.0.5 (c) 2003 - Nuke Cops (http://nukecops.com)
*
* Ported by Nuke Cops to phpbb2 standalone 2.0.5 Test
* and debugging completed by the Elite Nukers and site members.
*
* You run this package at your sole risk. Nuke Cops and affiliates cannot
* be held liable if anything goes wrong. You are advised to test this
* package on a development system. Backup everything before implementing
* in a production environment. If something goes wrong, you can always
* backout and restore your backups.
*
* Installing and running this also means you agree to the terms of the AUP
* found at Nuke Cops.
*
* This is version 2.0.5 of the phpbb2 forum port for PHP-Nuke. Work is based
* on Tom Nitzschner's forum port version 2.0.6. Tom's 2.0.6 port was based
* on the phpbb2 standalone version 2.0.3. Our version 2.0.5 from Nuke Cops is
* now reflecting phpbb2 standalone 2.0.5 that fixes some bugs and the
* invalid_session error message.
***************************************************************************/
/***************************************************************************
* This file is part of the phpBB2 port to Nuke 6.0 (c) copyright 2002
* by Tom Nitzschner (tom@toms-home.com)
* http://bbtonuke.sourceforge.net (or http://www.toms-home.com)
*
* As always, make a backup before messing with anything. All code
* release by me is considered sample code only. It may be fully
* functual, but you use it at your own risk, if you break it,
* you get to fix it too. No waranty is given or implied.
*
* Please post all questions/request about this port on http://bbtonuke.sourceforge.net first,
* then on my site. All original header code and copyright messages will be maintained
* to give credit where credit is due. If you modify this, the only requirement is
* that you also maintain all original copyright messages. All my work is released
* under the GNU GENERAL PUBLIC LICENSE. Please see the README for more information.
*
***************************************************************************/
/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
***************************************************************************/
//
// Check to see if the username has been taken, or if it is disallowed.
// Also checks if it includes the " character, which we don't allow in usernames.
// Used for registering, changing names, and posting anonymously with a username
//
if (!defined('IN_PHPBB')) {
die();
}
function validate_username($username)
{
global $db, $lang, $userdata;
// Remove doubled up spaces
$username = preg_replace('#\s+#', ' ', $username);
// Limit username length
$username = substr(str_replace("\'", "'", $username), 0, 25);
$username = str_replace("'", "''", $username);
$sql = "SELECT username
FROM " . USERS_TABLE . "
WHERE LOWER(username) = '" . strtolower($username) . "'";
if ($result = $db->sql_query($sql))
{
if ($row = $db->sql_fetchrow($result))
{
if (($userdata['session_logged_in'] && $row['username'] != $userdata['username']) || !$userdata['session_logged_in'])
{
$db->sql_freeresult($result);
return array('error' => true, 'error_msg' => $lang['Username_taken']);
}
}
}
$db->sql_freeresult($result);
$sql = "SELECT group_name
FROM " . GROUPS_TABLE . "
WHERE LOWER(group_name) = '" . strtolower($username) . "'";
if ($result = $db->sql_query($sql))
{
if ($row = $db->sql_fetchrow($result))
{
$db->sql_freeresult($result);
return array('error' => true, 'error_msg' => $lang['Username_taken']);
}
}
$db->sql_freeresult($result);
$sql = "SELECT disallow_username
FROM " . DISALLOW_TABLE;
if ($result = $db->sql_query($sql))
{
if ($row = $db->sql_fetchrow($result))
{
do
{
if (preg_match("#\b(" . str_replace("\*", ".*?", phpbb_preg_quote($row['disallow_username'], '#')) . ")\b#i", $username))
{
$db->sql_freeresult($result);
return array('error' => true, 'error_msg' => $lang['Username_disallowed']);
}
}
while($row = $db->sql_fetchrow($result));
}
}
$db->sql_freeresult($result);
$sql = "SELECT word
FROM " . WORDS_TABLE;
if ($result = $db->sql_query($sql))
{
if ($row = $db->sql_fetchrow($result))
{
do
{
if (preg_match("#\b(" . str_replace("\*", ".*?", phpbb_preg_quote($row['word'], '#')) . ")\b#i", $username))
{
$db->sql_freeresult($result);
return array('error' => true, 'error_msg' => $lang['Username_disallowed']);
}
}
while ($row = $db->sql_fetchrow($result));
}
}
$db->sql_freeresult($result);
// Don't allow " and ALT-255 in username.
if (strstr($username, '"') || strstr($username, '"') || strstr($username, chr(160)))
{
return array('error' => true, 'error_msg' => $lang['Username_invalid']);
}
return array('error' => false, 'error_msg' => '');
}
//
// Check to see if email address is banned
// or already present in the DB
//
function validate_email($email)
{
global $db, $lang;
if ($email != '')
{
if (preg_match('/^[a-z0-9&\'\.\-_\+]+@[a-z0-9\-]+\.([a-z0-9\-]+\.)*?[a-z]+$/is', $email))
{
$sql = "SELECT ban_email
FROM " . BANLIST_TABLE;
if ($result = $db->sql_query($sql))
{
if ($row = $db->sql_fetchrow($result))
{
do
{
$match_email = str_replace('*', '.*?', $row['ban_email']);
if (preg_match('/^' . $match_email . '$/is', $email))
{
$db->sql_freeresult($result);
return array('error' => true, 'error_msg' => $lang['Email_banned']);
}
}
while($row = $db->sql_fetchrow($result));
}
}
$db->sql_freeresult($result);
$sql = "SELECT user_email
FROM " . USERS_TABLE . "
WHERE user_email = '" . str_replace("\'", "''", $email) . "'";
if (!($result = $db->sql_query($sql)))
{
message_die(GENERAL_ERROR, "Couldn't obtain user email information.", "", __LINE__, __FILE__, $sql);
}
if ($row = $db->sql_fetchrow($result))
{
return array('error' => true, 'error_msg' => $lang['Email_taken']);
}
$db->sql_freeresult($result);
return array('error' => false, 'error_msg' => '');
}
}
return array('error' => true, 'error_msg' => $lang['Email_invalid']);
}
//
// Does supplementary validation of optional profile fields. This expects common stuff like trim() and strip_tags()
// to have already been run. Params are passed by-ref, so we can set them to the empty string if they fail.
//
function validate_optional_fields(&$icq, &$aim, &$msnm, &$yim, &$website, &$location, &$occupation, &$interests, &$sig)
{
$check_var_length = array('aim', 'msnm', 'yim', 'location', 'occupation', 'interests', 'sig');
for($i = 0; $i < count($check_var_length); $i++)
{
if (strlen($$check_var_length[$i]) < 2)
{
$$check_var_length[$i] = '';
}
}
// ICQ number has to be only numbers.
if (!preg_match('/^[0-9]+$/', $icq))
{
$icq = '';
}
// website has to start with http://, followed by something with length at least 3 that
// contains at least one dot.
if ($website != "")
{
if (!preg_match('#^http[s]?:\/\/#i', $website))
{
$website = 'http://' . $website;
}
if (!preg_match('#^http[s]?\\:\\/\\/[a-z0-9\-]+\.([a-z0-9\-]+\.)?[a-z]+#i', $website))
{
$website = '';
}
}
return;
}
?>
