PageRenderTime 50ms CodeModel.GetById 25ms RepoModel.GetById 0ms app.codeStats 0ms

/campsite/src/classes/Phorum_ban_item.php

https://github.com/joechrysler/Campsite
PHP | 449 lines | 231 code | 42 blank | 176 comment | 55 complexity | 6a731ea577a6043b47f54be82dbc77bd MD5 | raw file
Possible License(s): BSD-3-Clause, AGPL-1.0, LGPL-2.1, Apache-2.0
  1. <?php
  2. include_once("Phorum_user.php");
  3. include_once("Phorum_message.php");
  4. class Phorum_ban_item extends DatabaseObject {
  5. var $m_keyColumnNames = array('id');
  6. var $m_keyIsAutoIncrement = true;
  7. var $m_columnNames = array(
  8. "id",
  9. "forum_id",
  10. "type",
  11. "pcre",
  12. "string");
  13. var $m_allowedTypes = array(PHORUM_BAD_IPS,
  14. PHORUM_BAD_NAMES,
  15. PHORUM_BAD_EMAILS,
  16. PHORUM_BAD_WORDS,
  17. PHORUM_BAD_USERID,
  18. PHORUM_BAD_SPAM_WORDS);
  19. /**
  20. * A ban item is string that, if matched, will prevent a message from
  21. * being posted.
  22. *
  23. * @param int $p_banId
  24. *
  25. * @return Phorum_ban
  26. */
  27. public function Phorum_ban_item($p_banId = null)
  28. {
  29. global $PHORUM;
  30. $this->m_dbTableName = $PHORUM['banlist_table'];
  31. $this->m_data['id'] = $p_banId;
  32. if (!is_null($p_banId)) {
  33. $this->fetch();
  34. }
  35. } // fn Phorum_ban_item
  36. /**
  37. * Create a ban item.
  38. *
  39. * @param int $p_type
  40. * Can be one of:
  41. * PHORUM_BAD_IPS
  42. * PHORUM_BAD_NAMES
  43. * PHORUM_BAD_EMAILS
  44. * PHORUM_BAD_WORDS
  45. * PHORUM_BAD_USERID
  46. * PHORUM_BAD_SPAM_WORDS
  47. *
  48. * @param boolean $p_isRegex
  49. * Set to TRUE if $p_matchString is a regular expression,
  50. * set to FALSE if it isnt.
  51. *
  52. * @param string $p_matchString
  53. * String to match to see if something is banned.
  54. *
  55. * @param int $p_forumId
  56. * If the forum ID is set to zero, the ban will apply to all forums.
  57. * If it is set to a number greater that zero (a forum ID),
  58. * then the ban will only apply to that forum.
  59. *
  60. * @return boolean
  61. */
  62. public function create($p_type, $p_isRegex, $p_matchString, $p_forumId = 0) {
  63. global $PHORUM;
  64. if (!is_numeric($p_type) || !is_numeric($p_forumId)
  65. || !in_array($p_type, $this->m_allowedTypes)) {
  66. return false;
  67. }
  68. $p_isRegex = $p_isRegex ? "1": "0";
  69. // if ($p_type == PHORUM_BAD_IPS) {
  70. // // Fetch the settings and pretend they were returned to
  71. // // us instead of setting a global variable.
  72. // phorum_db_load_settings();
  73. // $settings = $PHORUM['SETTINGS'];
  74. //
  75. // // Lookup the IP address, convert to hostname
  76. // if ($settings["dns_lookup"]) {
  77. // $resolved = @gethostbyaddr($p_matchString);
  78. // if (!empty($resolved) && ($resolved != $p_matchString) ) {
  79. // $p_matchString = $resolved;
  80. // }
  81. // }
  82. // }
  83. // Check if this ban item already exists
  84. $repeats = Phorum_ban_item::GetBanItems($p_type, $p_isRegex, $p_matchString, $p_forumId);
  85. // Add it if it doesnt exist
  86. if (count($repeats) == 0) {
  87. $columns = array("type" => $p_type,
  88. "forum_id" => $p_forumId,
  89. "string" => $p_matchString,
  90. "pcre" => $p_isRegex);
  91. $success = parent::create($columns);
  92. return $success;
  93. }
  94. return true;
  95. } // fn create
  96. /**
  97. * For those who want to update the whole record at once.
  98. *
  99. * @param int $p_type
  100. * @param boolean $p_isRegex
  101. * @param string $p_matchString
  102. * @param int $p_forumId
  103. */
  104. public function update($p_type = null, $p_isRegex = null, $p_matchString = null, $p_forumId = null)
  105. {
  106. if (!is_null($p_type)) {
  107. $this->setProperty('type', $p_type, false);
  108. }
  109. if (!is_null($p_isRegex)) {
  110. $this->setProperty('pcre', $p_isRegex, false);
  111. }
  112. if (!is_null($p_matchString)) {
  113. $this->setProperty('string', $p_matchString, false);
  114. }
  115. if (!is_null($p_forumId)) {
  116. $this->setProperty('forum_id', $p_forumId, false);
  117. }
  118. $this->commit();
  119. } // fn update
  120. /**
  121. * Delete the ban items matching the parameters
  122. *
  123. * @param int $p_type
  124. * @param boolean $p_isRegex
  125. * @param string $p_matchString
  126. * @param int $p_forumId
  127. *
  128. * @return boolean
  129. */
  130. public static function DeleteMatching($p_type, $p_isRegex, $p_matchString, $p_forumId = null)
  131. {
  132. global $g_ado_db;
  133. global $PHORUM;
  134. $whereStr = "";
  135. $constraints = array();
  136. if (!is_numeric($p_type) || !is_bool($p_isRegex) || !is_string($p_matchString)) {
  137. return false;
  138. }
  139. $constraints[] = "type = $p_type";
  140. $p_isRegex = $p_isRegex ? '1' : '0';
  141. $constraints[] = "pcre = $p_isRegex";
  142. $constraints[] = "string='".mysql_real_escape_string($p_matchString)."'";
  143. if (!is_null($p_forumId) && is_numeric($p_forumId)) {
  144. $constraints[] = "forum_id = $p_forumId";
  145. }
  146. $whereStr = " WHERE ".implode(" AND ", $constraints);
  147. $sql = "DELETE FROM {$PHORUM['banlist_table']} $whereStr LIMIT 1";
  148. return $g_ado_db->Execute($sql);
  149. } // fn DeleteMatching
  150. /**
  151. * This will return one of these constants:
  152. * PHORUM_BAD_IPS
  153. * PHORUM_BAD_NAMES
  154. * PHORUM_BAD_EMAILS
  155. * PHORUM_BAD_WORDS
  156. * PHORUM_BAD_USERID
  157. * PHORUM_BAD_SPAM_WORDS
  158. *
  159. * @return int
  160. */
  161. public function getType()
  162. {
  163. return $this->m_data['type'];
  164. } // fn getType
  165. /**
  166. * Set the type of the ban item. Can be one of:
  167. * PHORUM_BAD_IPS
  168. * PHORUM_BAD_NAMES
  169. * PHORUM_BAD_EMAILS
  170. * PHORUM_BAD_WORDS
  171. * PHORUM_BAD_USERID
  172. * PHORUM_BAD_SPAM_WORDS
  173. *
  174. * @param int $p_value
  175. *
  176. * @return boolean
  177. */
  178. public function setType($p_value)
  179. {
  180. if (in_array($p_value, $this->m_allowedTypes)) {
  181. return $this->setProperty('type', $p_value);
  182. }
  183. return false;
  184. } // fn setType
  185. /**
  186. * If the forum ID is set to zero, the ban will apply to all forums.
  187. * If it is set to a number greater that zero (a forum ID),
  188. * then the ban will only apply to that forum.
  189. *
  190. * @return int
  191. */
  192. public function getForumId()
  193. {
  194. return $this->m_data['forum_id'];
  195. } // fn getForumId
  196. /**
  197. * If the forum ID is set to zero, the ban will apply to all forums.
  198. * If it is set to a number greater that zero (a forum ID),
  199. * then the ban will only apply to that forum.
  200. *
  201. * @param int $p_value
  202. * @return boolean
  203. */
  204. public function setForumId($p_value)
  205. {
  206. if (is_numeric($p_value)) {
  207. return $this->setProperty('forum_id', $p_value);
  208. }
  209. return false;
  210. } // fn setForumId
  211. /**
  212. * Get the string to match which will determine whether something
  213. * is banned.
  214. *
  215. * @return string
  216. */
  217. public function getMatchString()
  218. {
  219. return $this->m_data['string'];
  220. } // fn getMatchString
  221. /**
  222. * Set the string to match in order for something to be banned.
  223. *
  224. * @param string $p_value
  225. * @return boolean
  226. */
  227. public function setMatchString($p_value)
  228. {
  229. return $this->setProperty('string', $p_value);
  230. } // fn setMatchString
  231. /**
  232. * Return TRUE if the match string is a regular expression.
  233. *
  234. * @return boolean
  235. */
  236. public function isRegex()
  237. {
  238. return $this->m_data['pcre'];
  239. } // fn isRegex
  240. /**
  241. * Set whether the match string is a regular expression or not.
  242. *
  243. * @param boolean $p_value
  244. * @return boolean
  245. */
  246. public function setIsRegex($p_value)
  247. {
  248. $p_value = $p_value ? '1' : '0';
  249. return $this->setProperty('pcre', $p_value);
  250. } // fn setIsRegex
  251. /**
  252. * Return TRUE if the given string is banned according to this ban item.
  253. *
  254. * @param string $p_matchString
  255. * The value to check.
  256. *
  257. * @param int $p_type
  258. * Optional. If this item is not of this type, return value will
  259. * be FALSE (i.e. not banned).
  260. *
  261. * @return boolean
  262. * TRUE if given string matches the ban, FALSE if all is okay.
  263. */
  264. public function isBanned($p_matchString, $p_type = null)
  265. {
  266. $type = $this->m_data['type'];
  267. if (!is_null($p_type) && ($type != $p_type)) {
  268. return false;
  269. }
  270. $p_matchString = trim($p_matchString);
  271. $string = $this->m_data['string'];
  272. $isRegex = $this->m_data['pcre'];
  273. if (!empty($p_matchString)) {
  274. if (!empty($string) && (
  275. ($isRegex && @preg_match("/\b".$string."\b/i", $p_matchString)) ||
  276. (!$isRegex && stristr($p_matchString , $string) && ($type != PHORUM_BAD_USERID) ) ||
  277. ( ($type == PHORUM_BAD_USERID) && ($p_matchString == $string) ) ) ) {
  278. return true;
  279. }
  280. }
  281. return false;
  282. } // fn isBanned
  283. /**
  284. * Retrieve the banlists for the current forum.
  285. *
  286. * @param int $p_type
  287. * @param boolean $p_isRegex
  288. * @param string $p_matchString
  289. * @param int $p_forumId
  290. * @return array
  291. */
  292. public static function GetBanItems($p_type = null, $p_isRegex = null,
  293. $p_matchString = null, $p_forumId = null)
  294. {
  295. global $g_ado_db;
  296. global $PHORUM;
  297. $whereStr = "";
  298. $constraints = array();
  299. if (!is_null($p_type) && is_numeric($p_type)) {
  300. $constraints[] = "type = $p_type";
  301. }
  302. if (!is_null($p_isRegex) && is_bool($p_isRegex)) {
  303. $p_isRegex = $p_isRegex ? '1' : '0';
  304. $constraints[] = "pcre = $p_isRegex";
  305. }
  306. if (!is_null($p_matchString)) {
  307. $constraints[] = "string='".mysql_real_escape_string($p_matchString)."'";
  308. }
  309. if (!is_null($p_forumId) && is_numeric($p_forumId)) {
  310. if ($p_forumId > 0) {
  311. $constraints[] = "(forum_id = $p_forumId OR forum_id = 0)";
  312. }
  313. }
  314. if (count($constraints) > 0) {
  315. $whereStr = " WHERE ".implode(" AND ", $constraints);
  316. }
  317. $sql = "SELECT * FROM {$PHORUM['banlist_table']} $whereStr"
  318. ." ORDER BY type, string";
  319. $rows = $g_ado_db->GetAll($sql);
  320. $retval = array();
  321. if (is_array($rows)) {
  322. foreach ($rows as $row) {
  323. $tmpObj = new Phorum_ban_item();
  324. $tmpObj->fetch($row);
  325. $retval[] = $tmpObj;
  326. }
  327. }
  328. return $retval;
  329. } // fn GetBanItems
  330. /**
  331. * Check if the given message and/or user is banned from posting.
  332. *
  333. * NOTE: This function could probably be optimized by doing most of the
  334. * work in the MySQL database instead of in PHP. In other words,
  335. * do the work that isBanned() is doing in a database query, something
  336. * like:
  337. *
  338. * $sql = "SELECT type FROM {$PHORUM['banlist_table']} "
  339. * ." WHERE pcre=0 "
  340. * ." AND (type=".PHORUM_BAD_IPS." AND string='$p_ip')"
  341. * ." OR (type=".PHORUM_BAD_EMAILS." AND string='".$p_email"')"
  342. * ." OR (type=".PHORUM_BAD_NAMES." AND string='$p_name')";
  343. *
  344. * @param Phorum_message $p_phorumMessage
  345. * @param Phorum_user $p_phorumUser
  346. * @param int $p_forumId
  347. * @return boolean
  348. */
  349. public static function IsPostBanned($p_phorumMessage, $p_phorumUser = null, $p_forumId = null)
  350. {
  351. global $PHORUM;
  352. static $bans;
  353. // Fetch the settings and pretend they were returned to
  354. // us instead of setting a global variable.
  355. phorum_db_load_settings();
  356. $settings = $PHORUM['SETTINGS'];
  357. // Cache the ban list.
  358. if (!isset($bans)) {
  359. // get the bans
  360. $bans = Phorum_ban_item::GetBanItems($p_forumId);
  361. }
  362. // Check if any of them match
  363. $banned = array();
  364. foreach ($bans as $ban) {
  365. switch ($ban->getType()) {
  366. case PHORUM_BAD_NAMES:
  367. if ($ban->isBanned($p_phorumMessage->getAuthor())) {
  368. $banned[PHORUM_BAD_NAMES] = PHORUM_BAD_NAMES;
  369. }
  370. if (!is_null($p_phorumUser) && $ban->isBanned($p_phorumUser->getUserName())) {
  371. $banned[PHORUM_BAD_NAMES] = PHORUM_BAD_NAMES;
  372. }
  373. break;
  374. case PHORUM_BAD_EMAILS:
  375. if ($ban->isBanned($p_phorumMessage->getEmail())) {
  376. $banned[PHORUM_BAD_EMAILS] = PHORUM_BAD_EMAILS;
  377. }
  378. if (!is_null($p_phorumUser) && $ban->isBanned($p_phorumUser->getEmail())) {
  379. $banned[PHORUM_BAD_EMAILS] = PHORUM_BAD_EMAILS;
  380. }
  381. break;
  382. case PHORUM_BAD_USERID:
  383. if (!is_null($p_phorumUser) && $ban->isBanned($p_phorumUser->getUserId())) {
  384. $banned[PHORUM_BAD_USERID] = PHORUM_BAD_USERID;
  385. }
  386. break;
  387. case PHORUM_BAD_IPS:
  388. if ($ban->isBanned($p_phorumMessage->getIpAddress())) {
  389. $banned[PHORUM_BAD_IPS] = PHORUM_BAD_IPS;
  390. }
  391. break;
  392. case PHORUM_BAD_SPAM_WORDS:
  393. if ($ban->isBanned($p_phorumMessage->getSubject())
  394. || $ban->isBanned($p_phorumMessage->getBody())){
  395. $banned[PHORUM_BAD_SPAM_WORDS] = PHORUM_BAD_SPAM_WORDS;
  396. }
  397. break;
  398. }
  399. }
  400. if (count($banned) > 0) {
  401. return $banned;
  402. } else {
  403. return false;
  404. }
  405. } // fn IsPostBanned
  406. } // class Phorum_ban_item
  407. ?>