A lightweight forum engine written in PHP. Repository is now obsolete and read-only. http://www.pioder.pl/uforum.html
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

196 lines
5.4 KiB

<?php
/**
* @package uForum
* @file includes/classes/secure.php
* @version $Id$
* @copyright 2007-2010 (c) PioDer <[email protected]>
* @link http://www.pioder.pl/
* @license see LICENSE.txt
**/
if ( !defined('IN_uF') )
{
die('Hacking attempt');
}
class Secure
{
function forum_exists($fid)
{
global $lng;
$sql = "SELECT * FROM ".FORUMS_TABLE." WHERE f_id='$fid'";
$query = DataBase::sql_query($sql,GENERAL,'Could not obtain forum information.');
$result = DataBase::fetch($query);
$result = $result['f_id'];
if ($result=='')
{
message_forum($lng['no_forum'],'index.php');
}
}
function UseCensorList($text)
{
global $forum_config;
if ($forum_config['use_censorlist'])
{
$sql = "SELECT * FROM ".CENSORLIST_TABLE.";";
$query = DataBase::sql_query($sql,GENERAL,'Could not obtain censorlist information.');
while($word = DataBase::fetch($query))
{
$text = str_replace($word['word'],$word['replace'], $text);
}
}
return $text;
}
function generate_code()
{
$number = array(
1 => 1,
2 => 2,
3 => 4,
4 => 6,
5 => 10,
6 => 20,
7 => 30,
8 => 40,
9 => 50,
10 => 60,
11 => 70,
12 => 80,
13 => 90,
14 => 100
);
$first_id = rand(1,14);
$second_id = rand(1,14);
$first_num = $number[$first_id];
$second_num = $number[$second_id];
return array($first_num, $second_num, ($first_num + $second_num));
}
function message_u_exists($mid)
{
global $lng;
$sql = "SELECT * FROM ".PM_INBOX_TABLE." WHERE m_id='$mid'";
$query = DataBase::sql_query($sql,GENERAL,'Could not obtain user information.');
$result = DataBase::fetch($query);
$result = $result['m_id'];
if ($result=='')
{
message_forum($lng['no_message'],'pms.php');
}
}
function message_author_loged($mid)
{
global $lng;
$sql = "SELECT * FROM ".PM_SENTBOX_TABLE." WHERE m_id='$mid'";
$query = DataBase::sql_query($sql,GENERAL,'Could not obtain user information.');
$result = DataBase::fetch($query);
$result = $result['u_n_id'];
if ($result!=$_SESSION['uid'])
{
message_forum($lng['merror_1'],'index.php');
}
}
function message_user_loged($mid)
{
global $lng;
$sql = "SELECT * FROM ".PM_INBOX_TABLE." WHERE m_id='$mid'";
$result = DataBase::fetch(DataBase::sql_query($sql,GENERAL,'Could not obtain user information.'));
$result = $result['u_id'];
if ($result!=$_SESSION['uid'])
{
message_forum($lng['merror_2'],'index.php');
}
}
function message_a_exists($mid)
{
global $lng;
$sql = "SELECT * FROM ".PM_SENTBOX_TABLE." WHERE m_id='$mid'";
$result = DataBase::fetch(DataBase::sql_query($sql,GENERAL,'Could not obtain user information.'));
$result = $result['m_id'];
if ($result=='')
{
message_forum($lng['no_message'],'index.php');
}
}
function topic_exists($tid)
{
global $lng;
$sql = "SELECT * FROM `".TOPICS_TABLE."` WHERE `t_id`='$tid'";
$query = DataBase::sql_query($sql,GENERAL,'Could not obtain topic information.');
$result = DataBase::fetch($query);
$result = $result['t_id'];
if ($result=='')
{
message_forum($lng['no_topic'],'index.php');
}
}
function post_exists($pid)
{
global $lng;
$sql = "SELECT * FROM ".POSTS_TABLE." WHERE p_id='$pid'";
$query = DataBase::sql_query($sql,GENERAL,'Could not obtain topic information.');
$result = DataBase::fetch($query);
$result = $result['p_id'];
if ($result=='')
{
message_forum($lng['no_post'],'pms.php');
}
}
function user_exists($uid)
{
global $lng;
$sql = "SELECT * FROM ".USERS_TABLE." WHERE u_id='$uid'";
$result = DataBase::fetch(DataBase::sql_query($sql,GENERAL,'Could not obtain user information.'));
$result = $result['u_id'];
if (($result=='') or ($result=='-1'))
{
message_forum($lng['no_user'],'index.php');
}
}
function group_exists($gid)
{
global $lng;
if ($gid != 'mods' || $gid!='admins')
{
$sql = "SELECT `g_id` FROM `".GROUPS_TABLE."` WHERE g_id='$gid'";
$result = DataBase::fetch(DataBase::sql_query($sql,GENERAL,'Could not obtain group information.'));
$result = $result['g_id'];
if ($result=='')
{
message_forum($lng['no_group'],'groups.php');
}
}
}
function TagsReplace($text)
{
$text = strip_tags($text,ALLOWED_TAGS);
$text = str_replace('?>', '?&gt;', $text);
$text = str_replace('<?', '&lt;?', $text);
$text = str_replace('javascript:', '', $text);
$text = Secure::UseCensorlist($text);
$text = Post::SmilesReplace($text);
return $text;
}
function TopicLocked($tid)
{
global $lng;
$sql = "SELECT `f_id`,`lock` FROM `".TOPICS_TABLE."` WHERE `t_id`='$tid'";
$result = DataBase::fetch(DataBase::sql_query($sql,GENERAL,'Could not obtain topic information'));
$fid = $result['f_id'];
$sql2 = "SELECT `lock` FROM `".FORUMS_TABLE."` WHERE `f_id`='$fid'";
$result2 = DataBase::fetch(DataBase::sql_query($sql2,GENERAL,'Could not obtain forum information'));
if (($result['lock']=='1') or ($result2['lock']=='1'))
{
message_forum($lng['no_posting_topic_locked'],'topic.php?t='.$tid);
}
}
function ForumLocked($fid)
{
global $lng;
$sql = "SELECT `lock` FROM `".FORUMS_TABLE."` WHERE `f_id`='$fid'";
$result = DataBase::fetch(DataBase::sql_query($sql,GENERAL,'Could not obtain forum information'));
if ($result['lock']=='1')
{
message_forum($lng['no_posting_forum_locked'],'forum.php?f='.$fid);
}
}
}
?>