A lightweight forum engine written in PHP. Repository is now obsolete and read-only. http://www.pioder.pl/uforum.html
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

196 lines
5.4 KiB

  1. <?php
  2. /**
  3. * @package uForum
  4. * @file includes/classes/secure.php
  5. * @version $Id$
  6. * @copyright 2009(c) PioDer <pioder@wp.pl>
  7. * @link http://pioder.gim2przemysl.int.pl/
  8. * @license GNU GPL v3
  9. **/
  10. if ( !defined('IN_uF') )
  11. {
  12. die('Hacking attempt');
  13. }
  14. class Secure
  15. {
  16. function forum_exists($fid)
  17. {
  18. global $lng;
  19. $sql = "SELECT * FROM ".FORUMS_TABLE." WHERE f_id='$fid'";
  20. $query = DataBase::sql_query($sql,GENERAL,'Could not obtain forum information.');
  21. $result = DataBase::fetch($query);
  22. $result = $result['f_id'];
  23. if ($result=='')
  24. {
  25. message_forum($lng['no_forum'],'index.php');
  26. }
  27. }
  28. function UseCensorList($text)
  29. {
  30. global $forum_config;
  31. if ($forum_config['use_censorlist'])
  32. {
  33. $sql = "SELECT * FROM ".CENSORLIST_TABLE.";";
  34. $query = DataBase::sql_query($sql,GENERAL,'Could not obtain censorlist information.');
  35. while($word = DataBase::fetch($query))
  36. {
  37. $text = str_replace($word['word'],'[censored]', $text);
  38. }
  39. }
  40. return $text;
  41. }
  42. function generate_code()
  43. {
  44. $number = array(
  45. 1 => 1,
  46. 2 => 2,
  47. 3 => 4,
  48. 4 => 6,
  49. 5 => 10,
  50. 6 => 20,
  51. 7 => 30,
  52. 8 => 40,
  53. 9 => 50,
  54. 10 => 60,
  55. 11 => 70,
  56. 12 => 80,
  57. 13 => 90,
  58. 14 => 100
  59. );
  60. $first_id = rand(1,14);
  61. $second_id = rand(1,14);
  62. $first_num = $number[$first_id];
  63. $second_num = $number[$second_id];
  64. return array($first_num, $second_num, ($first_num + $second_num));
  65. }
  66. function message_u_exists($mid)
  67. {
  68. global $lng;
  69. $sql = "SELECT * FROM ".PM_INBOX_TABLE." WHERE m_id='$mid'";
  70. $query = DataBase::sql_query($sql,GENERAL,'Could not obtain user information.');
  71. $result = DataBase::fetch($query);
  72. $result = $result['m_id'];
  73. if ($result=='')
  74. {
  75. message_forum($lng['no_message'],'pms.php');
  76. }
  77. }
  78. function message_author_loged($mid)
  79. {
  80. global $lng;
  81. $sql = "SELECT * FROM ".PM_SENTBOX_TABLE." WHERE m_id='$mid'";
  82. $query = DataBase::sql_query($sql,GENERAL,'Could not obtain user information.');
  83. $result = DataBase::fetch($query);
  84. $result = $result['u_n_id'];
  85. if ($result!=$_SESSION['uid'])
  86. {
  87. message_forum($lng['merror_1'],'index.php');
  88. }
  89. }
  90. function message_user_loged($mid)
  91. {
  92. global $lng;
  93. $sql = "SELECT * FROM ".PM_INBOX_TABLE." WHERE m_id='$mid'";
  94. $result = DataBase::fetch(DataBase::sql_query($sql,GENERAL,'Could not obtain user information.'));
  95. $result = $result['u_id'];
  96. if ($result!=$_SESSION['uid'])
  97. {
  98. message_forum($lng['merror_2'],'index.php');
  99. }
  100. }
  101. function message_a_exists($mid)
  102. {
  103. global $lng;
  104. $sql = "SELECT * FROM ".PM_SENTBOX_TABLE." WHERE m_id='$mid'";
  105. $result = DataBase::fetch(DataBase::sql_query($sql,GENERAL,'Could not obtain user information.'));
  106. $result = $result['m_id'];
  107. if ($result=='')
  108. {
  109. message_forum($lng['no_message'],'index.php');
  110. }
  111. }
  112. function topic_exists($tid)
  113. {
  114. global $lng;
  115. $sql = "SELECT * FROM `".TOPICS_TABLE."` WHERE `t_id`='$tid'";
  116. $query = DataBase::sql_query($sql,GENERAL,'Could not obtain topic information.');
  117. $result = DataBase::fetch($query);
  118. $result = $result['t_id'];
  119. if ($result=='')
  120. {
  121. message_forum($lng['no_topic'],'index.php');
  122. }
  123. }
  124. function post_exists($pid)
  125. {
  126. global $lng;
  127. $sql = "SELECT * FROM ".POSTS_TABLE." WHERE p_id='$pid'";
  128. $query = DataBase::sql_query($sql,GENERAL,'Could not obtain topic information.');
  129. $result = DataBase::fetch($query);
  130. $result = $result['p_id'];
  131. if ($result=='')
  132. {
  133. message_forum($lng['no_post'],'pms.php');
  134. }
  135. }
  136. function user_exists($uid)
  137. {
  138. global $lng;
  139. $sql = "SELECT * FROM ".USERS_TABLE." WHERE u_id='$uid'";
  140. $result = DataBase::fetch(DataBase::sql_query($sql,GENERAL,'Could not obtain user information.'));
  141. $result = $result['u_id'];
  142. if (($result=='') or ($result=='-1'))
  143. {
  144. message_forum($lng['no_user'],'index.php');
  145. }
  146. }
  147. function group_exists($gid)
  148. {
  149. global $lng;
  150. if ($gid != 'mods' || $gid!='admins')
  151. {
  152. $sql = "SELECT `g_id` FROM `".GROUPS_TABLE."` WHERE g_id='$gid'";
  153. $result = DataBase::fetch(DataBase::sql_query($sql,GENERAL,'Could not obtain group information.'));
  154. $result = $result['g_id'];
  155. if ($result=='')
  156. {
  157. message_forum($lng['no_group'],'groups.php');
  158. }
  159. }
  160. }
  161. function TagsReplace($text)
  162. {
  163. $text = strip_tags($text,ALLOWED_TAGS);
  164. $text = str_replace('?>', '?&gt;', $text);
  165. $text = str_replace('<?', '&lt;?', $text);
  166. $text = str_replace('javascript:', '', $text);
  167. $text = Secure::UseCensorlist($text);
  168. $text = Post::SmilesReplace($text);
  169. return $text;
  170. }
  171. function TopicLocked($tid)
  172. {
  173. global $lng;
  174. $sql = "SELECT `f_id`,`lock` FROM `".TOPICS_TABLE."` WHERE `t_id`='$tid'";
  175. $result = DataBase::fetch(DataBase::sql_query($sql,GENERAL,'Could not obtain topic information'));
  176. $fid = $result['f_id'];
  177. $sql2 = "SELECT `lock` FROM `".FORUMS_TABLE."` WHERE `f_id`='$fid'";
  178. $result2 = DataBase::fetch(DataBase::sql_query($sql2,GENERAL,'Could not obtain forum information'));
  179. if (($result['lock']=='1') or ($result2['lock']=='1'))
  180. {
  181. message_forum($lng['no_posting_topic_locked'],'topic.php?t='.$tid);
  182. }
  183. }
  184. function ForumLocked($fid)
  185. {
  186. global $lng;
  187. $sql = "SELECT `lock` FROM `".FORUMS_TABLE."` WHERE `f_id`='$fid'";
  188. $result = DataBase::fetch(DataBase::sql_query($sql,GENERAL,'Could not obtain forum information'));
  189. if ($result['lock']=='1')
  190. {
  191. message_forum($lng['no_posting_forum_locked'],'forum.php?f='.$fid);
  192. }
  193. }
  194. }
  195. ?>