functions_check.php

Revision 313, 14.6 kB (checked in by Nafania, 2 years ago)
мелки фиксы. решены следующие тикеты: http://svn.tbdevsz.ru/ticket/5 http://svn.tbdevsz.ru/ticket/17 http://svn.tbdevsz.ru/ticket/22

Line
1	<?php
2	function check_username($username, $allowed_all = false)</span>
3	<span class="code-keyword">{
4	global $db, $lang;
5
6	if( !$allowed_all && !preg_match("/^[a-zA-Z0-9]+$/", $username) ) {
7	return array('error' => true, 'error_msg' => $lang['invalid_username']);
8	}
9
10	$sql = "SELECT name AS username
11	FROM " . USERS_TABLE . "
12	WHERE LOWER(name) = '" . $db->sql_escape(utf_strtolower($username)) . "'";
13	$result = $db->sql_query($sql);
14	if ( $row = $db->sql_fetchrow($result) ) {
15	return array('error' => true, 'error_msg' => sprintf($lang['username_already_in_use'], $username) );
16	}
17
18	$sql = "SELECT group_name
19	FROM " . GROUPS_TABLE . "
20	WHERE LOWER(group_name) = '" . $db->sql_escape(utf_strtolower($username)) . "'";
21	if ( $row = $db->sql_fetchrow($result) ) {
22	return array('error' => true, 'error_msg' => sprintf($lang['username_already_in_use'], $username) );
23	}
24
25	$sql = "SELECT disallow_username FROM " . DISALLOW_TABLE;
26	$result = $db->sql_query($sql);
27	if ( $row = $db->sql_fetchrow($result) ) {
28	do {
29	if (preg_match("#\b(" . str_replace("\", ".?", preg_quote($row['disallow_username'], '#')) . ")\b#i", $username)) {
30	return array('error' => true, 'error_msg' => sprintf($lang['username_disallowed'], $username) );
31	}
32	}
33	while( $row = $db->sql_fetchrow($result) );
34	}
35
36	$sql = 'SELECT word FROM ' . WORDS_TABLE;
37	$result = $db->sql_query($sql);
38	if ( $row = $db->sql_fetchrow($result) ) {
39	do {
40	if (preg_match("#\b(" . str_replace("\", ".?", preg_quote($row['word'], '#')) . ")\b#i", $username)) {
41	return array('error' => true, 'error_msg' => sprintf($lang['username_disallowed'], $username) );
42	}
43	}
44	while ( $row = $db->sql_fetchrow($result) );
45	}
46
47	if( utf_strlen($username) < 3 \|\| utf_strlen($username) > 30 ) {
48	return array('error' => true, 'error_msg' => $lang['username_between_2_and_30']);
49	}
50
51	return;
52	}
53
54	function check_filename($name) {
55	return preg_match('/^[^\0-\x1f:\\\\\/?*\xff#<>\|]+$/si', $name);
56	}
57
58	function check_email($email)
59	{
60	global $db, $lang;
61
62	if ($email != '')
63	{
64	if (preg_match('/^[a-z0-9&\'\.\-_\+]+@[a-z0-9\-]+\.([a-z0-9\-]+\.)*?[a-z]+$/is', $email))
65	{
66	$sql = 'SELECT ban_email
67	FROM ' . BANLIST_TABLE . '
68	WHERE ban_type = ' . BAN_GLOBAL;
69	if ($result = $db->sql_query($sql))
70	{
71	if ($row = $db->sql_fetchrow($result))
72	{
73	do
74	{
75	$match_email = str_replace('', '.?', $row['ban_email']);
76	if (preg_match('/^' . $match_email . '$/is', $email))
77	{
78	$db->sql_freeresult($result);
79	return array('error' => true, 'error_msg' => sprintf($lang['email_banned'], $email) );
80	}
81	}
82	while($row = $db->sql_fetchrow($result));
83	}
84	}
85	$db->sql_freeresult($result);
86
87	$sql = "SELECT email
88	FROM " . USERS_TABLE . "
89	WHERE email = '" . str_replace("\'", "''", $email) . "'";
90	$result = $db->sql_query($sql);
91
92	if ($row = $db->sql_fetchrow($result))
93	{
94	return array('error' => true, 'error_msg' => sprintf($lang['email_already_in_use'], $email) );
95	}
96	$db->sql_freeresult($result);
97
98	return;
99	}
100	}
101
102	return array('error' => true, 'error_msg' => $lang['email_invalid']);
103	}
104
105	function check_user_class($class) {
106	return is_numeric($class) && floor($class) == $class && $class >= UC_PEASANT && $class <= UC_SYSOP;
107	}
108
109	function check_language( $language ) {
110	global $root_path;
111
112	$language = utf_strtolower($language);
113	$dirname = 'languages';
114	$dir = opendir($root_path . $dirname);
115	$valid = array();
116	while ( $file = readdir($dir) ) {
117	if (preg_match('#^lang_#i', $file) && !is_file($root_path . $dirname . '/' . $file) && !is_link($root_path . $dirname . '/' . $file)) {
118	$filename = trim(str_replace("lang_", "", $file));
119	$displayname = preg_replace("/^(.?)_(.)$/", "\\1 [ \\2 ]", $filename);
120	$displayname = preg_replace("/\[(.?)_(.)\]/", "[ \\1 - \\2 ]", $displayname);
121	$valid[] = utf_strtolower($displayname);
122	}
123	}
124	return in_array($language, $valid);
125	}
126
127	function check_style_id ( $style_id ) {
128	global $db;
129
130	if ( is_numeric($style_id) && floor($style_id) == $style_id ) {
131	$sql = 'SELECT themes_id, style_name FROM ' . THEMES_TABLE . ' WHERE themes_id = ' . $style_id;
132	$result = $db->sql_query($sql);
133	if ( !($row = $db->sql_fetchrow($result)) ) {
134	return false;
135	}
136	else {
137	return true;
138	}
139	}
140	else {
141	return false;
142	}
143	}
144
145	function check_remote_avatar($avatar_filename) {
146	global $config, $lang;
147
148	if ( !preg_match("#^((ht\|f)tp://)([^ \?&=\#\"\n\r\t<]*?(\.(jpg\|jpeg\|gif\|png))$)#is", $avatar_filename) ) {
149	return $lang['image_adress_invalid'];
150	}
151
152	if ( strpos($avatar_filename, 'imageshack') ) {
153	return $lang['image_adress_invalid'];
154	}
155
156	$remote_file = @fopen ($avatar_filename, "rb");
157
158	if(!$remote_file)
159	{
160	return $lang['image_adress_invalid'];
161	}
162
163	$user_avatar_size = 0;
164	do
165	{
166	if (strlen(@fread($remote_file, 1)) == 0 \|\| $user_avatar_size > $config['avatar_filesize'])
167	{
168	break;
169	}
170	$user_avatar_size++;
171	}
172	while(true);
173	@fclose($remote_file);
174
175	if($user_avatar_size > $config['avatar_filesize'])
176	{
177	return sprintf($lang['image_avatar_error_filesize'], mksize($config['avatar_filesize']));
178	}
179
180	list($user_avatar_width, $user_avatar_height) = @getimagesize($avatar_filename);
181
182	if( !$user_avatar_width \|\| !$user_avatar_height )
183	{
184	return $lang['avatar_adress_invalid'];
185	}
186
187	if($user_avatar_width > $config['avatar_max_width'] \|\| $user_avatar_height > $config['avatar_max_height'])
188	{
189	return sprintf($lang['image_is_too_big'], $config['avatar_max_width'], $config['avatar_max_height']);
190	}
191	return;
192	}
193
194	function check_ip($ip) {
195	if (!empty($ip) && ip2long($ip)!=-1) {
196	// reserved IANA IPv4 addresses
197	// http://www.iana.org/assignments/ipv4-address-space
198	$reserved_ips = array (
199	array('0.0.0.0','2.255.255.255'),
200	array('10.0.0.0','10.255.255.255'),
201	array('127.0.0.0','127.255.255.255'),
202	array('169.254.0.0','169.254.255.255'),
203	array('172.16.0.0','172.31.255.255'),
204	array('192.0.2.0','192.0.2.255'),
205	array('192.168.0.0','192.168.255.255'),
206	array('255.255.255.0','255.255.255.255')
207	);
208
209	foreach ($reserved_ips as $r) {
210	$min = ip2long($r[0]);
211	$max = ip2long($r[1]);
212	if ((ip2long($ip) >= $min) && (ip2long($ip) <= $max)) {
213	return false;
214	}
215	}
216	return true;
217	}
218	else {
219	return false;
220	}
221	}
222
223	function check_internet_speed( $internet_speed ) {
224	for ( $i = 64; $i <= 1024; $i +=64 ) {
225	if ( $internet_speed == $i * 1024 ) {
226	return true;
227	}
228	}
229	for ( $i = 2; $i <= 101; ++$i ) {
230	if ( $i > 10 ) {
231	$i += 1;
232	}
233	if ( $i > 30 ) {
234	$i += 3;
235	}
236	if ( $internet_speed == $i * 1024 * 1024 ) {
237	return true;
238	}
239	}
240	return false;
241	}
242
243	function check_category_id ( $category_id, $check_allow_upload = false ) {
244	global $db;
245
246	if ( is_numeric($category_id) && floor($category_id) == $category_id ) {
247	$sql = 'SELECT * FROM ' . CATEGORIES_TABLE . ' WHERE id = ' . $category_id . ( $check_allow_upload ? ' AND allow_upload = 1' : '' );
248	$result = $db->sql_query($sql);
249	if ( !($row = $db->sql_fetchrow($result)) ) {
250	return false;
251	}
252	else {
253	return true;
254	}
255	}
256	else {
257	return false;
258	}
259	}
260
261	function check_country_id ( $country_id ) {
262	global $db;
263
264	if ( is_numeric($country_id) && floor($country_id) == $country_id ) {
265	$sql = 'SELECT * FROM ' . COUNTRIES_TABLE . ' WHERE id = ' . $country_id;
266	$result = $db->sql_query($sql);
267	if ( !($row = $db->sql_fetchrow($result)) ) {
268	return false;
269	}
270	else {
271	return true;
272	}
273	}
274	else {
275	return false;
276	}
277	}
278
279	function validate_optional_fields(&$icq, &$aim, &$msnm, &$yim, &$skype, &$sig)
280	{
281	$check_var_length = array('aim', 'msnm', 'yim', 'skype');
282
283	for($i = 0; $i < sizeof($check_var_length); $i++)
284	{
285	if (utf_strlen($$check_var_length[$i]) < 2 \|\| utf_strlen($$check_var_length[$i]) > 66 )
286	{
287	$$check_var_length[$i] = '';
288	}
289	}
290
291	if ( utf_strlen($sig) < 2 ) {
292	$sig = '';
293	}
294
295	// ICQ number has to be only numbers.
296	if (!preg_match('/^[0-9]+$/', $icq))
297	{
298	$icq = '';
299	}
300
301	return;
302	}
303
304	function check_torrent ( $torrent_file ) {
305	global $lang, $config, $root_path;
306
307	require ($root_path . 'include/class.bencode.php');
308
309	$errors = array();
310
311	$torrent_dir = $root_path . ( !empty($config['torrent_dir']) ? $config['torrent_dir'] : 'torrents');
312
313	if ( !check_filename($torrent_file['name']) \|\| empty($torrent_file['name']) ) {
314	$errors[] = $lang['invalid_filename'];
315	}
316
317	if (!preg_match("/^[a-zA-Z0-9_~!@$^()&'`\[\]{}%,.-\s]+$/", $torrent_file['name'])) {
318	$errors[] = $lang['invalid_filename'];
319	}
320
321	if (!preg_match('/^(.+)\.torrent$/si', $torrent_file['name'], $matches)) {
322	$errors[] = $lang['invalid_type_not_torrent'];
323	}
324
325	if ( !@is_uploaded_file($torrent_file['tmp_name']) \|\| !@filesize($torrent_file['tmp_name']) ) {
326	$errors[] = $lang['invalid_file'];
327	}
328
329	if ( $torrent_file['error'] == UPLOAD_ERR_FORM_SIZE ) {
330	trigger_error(sprintf($lang['torrent_is_too_big'], mksize($config['max_torrent_size'])));
331	}
332
333	$torrent = new Torrent($torrent_file['tmp_name']);
334
335	if ( !$torrent->is_torrent($torrent_file['tmp_name']) ) {
336	$errors[] = $lang['you_upload_not_torrent_file'];
337	}
338
339	$site_url = generate_base_url();
340
341	if ( defined('USE_XBTT') ) {
342	$base_announce = $config['xbt_listen_url'] . ':' . $config['listen_port'] . '/announce/';
343	}
344	else {
345	$base_announce = $site_url . '/announce.php';
346	}
347
348	$torrent->announce(array($base_announce));
349
350	$dname = $torrent->name();
351	$plen = $torrent->piece_length();
352
353	$flist = $torrent->content();
354
355	if (!sizeof($flist)) {
356	$errors[] = $lang['no_files'];
357	}
358
359	$totallen = 0;
360	$filelist = array();
361
362	foreach ( $flist AS $file => $size ) {
363	$filelist[] = array($file, $size);
364	$totallen += $size;
365	}
366
367	if ( !$torrent->is_private() ) {
368	$torrent->is_private(true);
369	}
370
371	if ( sizeof($errors) ) {
372	trigger_error($lang['next_errors_occured'] . '<br />' . implode('<br />', $errors) );
373	}
374
375	$infohash = $torrent->hash_info();
376
377	$filename = md5($infohash . time());
378
379	if ( @move_uploaded_file($torrent_file['tmp_name'], $torrent_dir . DIRECTORY_SEPARATOR . $filename . '.torrent') === false ) {
380	trigger_error($lang['file_cannot_be_uploaded']);
381	}
382
383	$torrent->save($torrent_dir . DIRECTORY_SEPARATOR . $filename . '.torrent');
384
385	return array($infohash, $torrent_file['name'], $totallen, $filelist, $dname, $filename);
386	}
387
388	function check_upload_image ( $image_file, $upload_path, $max_size = 0, $max_height = 0, $max_width = 0, $name = '' ) {
389	global $config, $db, $lang, $root_path;
390
391	if ( !$image_file ) {
392	trigger_error($lang['please_select_file']);
393	}
394
395	$upload_name = ( isset($image_file['name']) ? $image_file['name'] : '' );
396	$tmp_name = ( isset($image_file['tmp_name']) && $image_file['tmp_name'] != 'none' ? $image_file['tmp_name'] : '' );
397	$filesize = ( isset($image_file['size']) ? $image_file['size'] : 0 );
398	$filetype = ( isset($image_file['type']) ? $image_file['type'] : '' );
399
400	if ( !$upload_name \|\| !$filesize )
401	{
402	trigger_error($lang['please_select_file']);
403	}
404
405	if ( $max_size && $filesize > $max_size ) {
406	trigger_error(sprintf($lang['remote_image_error_filesize'], mksize($max_size)));
407	}
408
409
410	list($width, $height) = getimagesize($tmp_name);
411
412	if( !$width \|\| !$height )
413	{
414	trigger_error($lang['image_adress_invalid']);
415	}
416
417	if ( $max_width && $width > $max_width ) {
418	trigger_error(sprintf($lang['image_is_too_big'], $max_width, $max_height));
419	}
420
421	if ( $max_height && $height > $max_height ) {
422	trigger_error(sprintf($lang['image_is_too_big'], $max_width, $max_height));
423	}
424
425	$ini_val = ( @phpversion() >= '4.0.0' ) ? 'ini_get' : 'get_cfg_var';
426
427	preg_match('#image\/[x\-]*([a-z]+)#', $filetype, $filetype);
428
429	$filetype = ( isset($filetype[1]) ? $filetype[1] : '' );
430
431	switch( $filetype )
432	{
433	case 'jpeg':
434	case 'pjpeg':
435	case 'jpg':
436	$ext = '.jpg';
437	break;
438	case 'gif':
439	$ext = '.gif';
440	break;
441	case 'png':
442	$ext = '.png';
443	break;
444	default:
445	trigger_error($lang['invalid_image_filetype']);
446	break;
447	}
448
449	$upload_name = ( $name ? $name . $ext : $upload_name );
450
451	if ( !is_dir($root_path . $upload_path) \|\| !is_writable($root_path . $upload_path) ) {
452	trigger_error($lang['dir_not_exist_or_not_writable']);
453	}
454
455	if( file_exists($root_path . $upload_path . $upload_name) && !$name ) {
456	trigger_error($lang['su_file_already']);
457	}
458	else {
459	@unlink($root_path . $upload_path . $upload_name);
460	}
461
462	if ( @$ini_val('open_basedir') != '' ) {
463	if ( @phpversion() < '4.0.3' ) {
464	trigger_error($lang['su_open_basedir']);
465	}
466	$move_file = 'move_uploaded_file';
467	}
468	else {
469	$move_file = 'copy';
470	}
471
472	$file_moved = @$move_file($tmp_name, $root_path . $upload_path . $upload_name);
473
474	if( $file_moved ) {
475	@chmod($root_path . $upload_path . $upload_name, 0777);
476	return array('filename' => $upload_name, 'full_path' => $root_path . $upload_path . $upload_name);
477	}
478	else {
479	trigger_error($lang['upload_failed']);
480	}
481	}
482	?>

Note: See TracBrowser for help on using the browser.

root/include/functions_check.php

Download in other formats: