A lightweight forum engine written in PHP. Repository is now obsolete and read-only.
http://www.pioder.pl/uforum.html
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
196 lines
5.4 KiB
196 lines
5.4 KiB
<?php
|
|
/**
|
|
* @package uForum
|
|
* @file includes/classes/secure.php
|
|
* @version $Id$
|
|
* @copyright 2007-2010 (c) PioDer <[email protected]>
|
|
* @link http://www.pioder.pl/
|
|
* @license see LICENSE.txt
|
|
**/
|
|
if ( !defined('IN_uF') )
|
|
{
|
|
die('Hacking attempt');
|
|
}
|
|
class Secure
|
|
{
|
|
function forum_exists($fid)
|
|
{
|
|
global $lng;
|
|
$sql = "SELECT * FROM ".FORUMS_TABLE." WHERE f_id='$fid'";
|
|
$query = DataBase::sql_query($sql,GENERAL,'Could not obtain forum information.');
|
|
$result = DataBase::fetch($query);
|
|
$result = $result['f_id'];
|
|
if ($result=='')
|
|
{
|
|
message_forum($lng['no_forum'],'index.php');
|
|
}
|
|
}
|
|
function UseCensorList($text)
|
|
{
|
|
global $forum_config;
|
|
if ($forum_config['use_censorlist'])
|
|
{
|
|
$sql = "SELECT * FROM ".CENSORLIST_TABLE.";";
|
|
$query = DataBase::sql_query($sql,GENERAL,'Could not obtain censorlist information.');
|
|
while($word = DataBase::fetch($query))
|
|
{
|
|
$text = str_replace($word['word'],$word['replace'], $text);
|
|
}
|
|
}
|
|
return $text;
|
|
}
|
|
function generate_code()
|
|
{
|
|
$number = array(
|
|
1 => 1,
|
|
2 => 2,
|
|
3 => 4,
|
|
4 => 6,
|
|
5 => 10,
|
|
6 => 20,
|
|
7 => 30,
|
|
8 => 40,
|
|
9 => 50,
|
|
10 => 60,
|
|
11 => 70,
|
|
12 => 80,
|
|
13 => 90,
|
|
14 => 100
|
|
);
|
|
$first_id = rand(1,14);
|
|
$second_id = rand(1,14);
|
|
$first_num = $number[$first_id];
|
|
$second_num = $number[$second_id];
|
|
return array($first_num, $second_num, ($first_num + $second_num));
|
|
}
|
|
|
|
function message_u_exists($mid)
|
|
{
|
|
global $lng;
|
|
$sql = "SELECT * FROM ".PM_INBOX_TABLE." WHERE m_id='$mid'";
|
|
$query = DataBase::sql_query($sql,GENERAL,'Could not obtain user information.');
|
|
$result = DataBase::fetch($query);
|
|
$result = $result['m_id'];
|
|
if ($result=='')
|
|
{
|
|
message_forum($lng['no_message'],'pms.php');
|
|
}
|
|
}
|
|
function message_author_loged($mid)
|
|
{
|
|
global $lng;
|
|
$sql = "SELECT * FROM ".PM_SENTBOX_TABLE." WHERE m_id='$mid'";
|
|
$query = DataBase::sql_query($sql,GENERAL,'Could not obtain user information.');
|
|
$result = DataBase::fetch($query);
|
|
$result = $result['u_n_id'];
|
|
if ($result!=$_SESSION['uid'])
|
|
{
|
|
message_forum($lng['merror_1'],'index.php');
|
|
}
|
|
}
|
|
function message_user_loged($mid)
|
|
{
|
|
global $lng;
|
|
$sql = "SELECT * FROM ".PM_INBOX_TABLE." WHERE m_id='$mid'";
|
|
$result = DataBase::fetch(DataBase::sql_query($sql,GENERAL,'Could not obtain user information.'));
|
|
$result = $result['u_id'];
|
|
if ($result!=$_SESSION['uid'])
|
|
{
|
|
message_forum($lng['merror_2'],'index.php');
|
|
}
|
|
}
|
|
function message_a_exists($mid)
|
|
{
|
|
global $lng;
|
|
$sql = "SELECT * FROM ".PM_SENTBOX_TABLE." WHERE m_id='$mid'";
|
|
$result = DataBase::fetch(DataBase::sql_query($sql,GENERAL,'Could not obtain user information.'));
|
|
$result = $result['m_id'];
|
|
if ($result=='')
|
|
{
|
|
message_forum($lng['no_message'],'index.php');
|
|
}
|
|
}
|
|
function topic_exists($tid)
|
|
{
|
|
global $lng;
|
|
$sql = "SELECT * FROM `".TOPICS_TABLE."` WHERE `t_id`='$tid'";
|
|
$query = DataBase::sql_query($sql,GENERAL,'Could not obtain topic information.');
|
|
$result = DataBase::fetch($query);
|
|
$result = $result['t_id'];
|
|
if ($result=='')
|
|
{
|
|
message_forum($lng['no_topic'],'index.php');
|
|
}
|
|
}
|
|
function post_exists($pid)
|
|
{
|
|
global $lng;
|
|
$sql = "SELECT * FROM ".POSTS_TABLE." WHERE p_id='$pid'";
|
|
$query = DataBase::sql_query($sql,GENERAL,'Could not obtain topic information.');
|
|
$result = DataBase::fetch($query);
|
|
$result = $result['p_id'];
|
|
if ($result=='')
|
|
{
|
|
message_forum($lng['no_post'],'pms.php');
|
|
}
|
|
}
|
|
function user_exists($uid)
|
|
{
|
|
global $lng;
|
|
$sql = "SELECT * FROM ".USERS_TABLE." WHERE u_id='$uid'";
|
|
$result = DataBase::fetch(DataBase::sql_query($sql,GENERAL,'Could not obtain user information.'));
|
|
$result = $result['u_id'];
|
|
if (($result=='') or ($result=='-1'))
|
|
{
|
|
message_forum($lng['no_user'],'index.php');
|
|
}
|
|
}
|
|
function group_exists($gid)
|
|
{
|
|
global $lng;
|
|
if ($gid != 'mods' || $gid!='admins')
|
|
{
|
|
$sql = "SELECT `g_id` FROM `".GROUPS_TABLE."` WHERE g_id='$gid'";
|
|
$result = DataBase::fetch(DataBase::sql_query($sql,GENERAL,'Could not obtain group information.'));
|
|
$result = $result['g_id'];
|
|
if ($result=='')
|
|
{
|
|
message_forum($lng['no_group'],'groups.php');
|
|
}
|
|
}
|
|
}
|
|
function TagsReplace($text)
|
|
{
|
|
$text = strip_tags($text,ALLOWED_TAGS);
|
|
$text = str_replace('?>', '?>', $text);
|
|
$text = str_replace('<?', '<?', $text);
|
|
$text = str_replace('javascript:', '', $text);
|
|
$text = Secure::UseCensorlist($text);
|
|
$text = Post::SmilesReplace($text);
|
|
return $text;
|
|
}
|
|
function TopicLocked($tid)
|
|
{
|
|
global $lng;
|
|
$sql = "SELECT `f_id`,`lock` FROM `".TOPICS_TABLE."` WHERE `t_id`='$tid'";
|
|
$result = DataBase::fetch(DataBase::sql_query($sql,GENERAL,'Could not obtain topic information'));
|
|
$fid = $result['f_id'];
|
|
$sql2 = "SELECT `lock` FROM `".FORUMS_TABLE."` WHERE `f_id`='$fid'";
|
|
$result2 = DataBase::fetch(DataBase::sql_query($sql2,GENERAL,'Could not obtain forum information'));
|
|
if (($result['lock']=='1') or ($result2['lock']=='1'))
|
|
{
|
|
message_forum($lng['no_posting_topic_locked'],'topic.php?t='.$tid);
|
|
}
|
|
}
|
|
function ForumLocked($fid)
|
|
{
|
|
global $lng;
|
|
$sql = "SELECT `lock` FROM `".FORUMS_TABLE."` WHERE `f_id`='$fid'";
|
|
$result = DataBase::fetch(DataBase::sql_query($sql,GENERAL,'Could not obtain forum information'));
|
|
if ($result['lock']=='1')
|
|
{
|
|
message_forum($lng['no_posting_forum_locked'],'forum.php?f='.$fid);
|
|
}
|
|
}
|
|
}
|
|
?>
|