PageRenderTime 56ms CodeModel.GetById 28ms RepoModel.GetById 1ms app.codeStats 0ms

/source/class/helper/helper_form.php

https://github.com/jinbo51/DiscuzX
PHP | 197 lines | 183 code | 8 blank | 6 comment | 40 complexity | f8d680b083564fcc9927cf2d63813921 MD5 | raw file
Possible License(s): BSD-3-Clause
  1. <?php
  2. /**
  3. * [Discuz!] (C)2001-2099 Comsenz Inc.
  4. * This is NOT a freeware, use is subject to license terms
  5. *
  6. * $Id: helper_form.php 30757 2012-06-18 06:23:23Z chenmengshu $
  7. */
  8. if(!defined('IN_DISCUZ')) {
  9. exit('Access Denied');
  10. }
  11. class helper_form {
  12. public static function submitcheck($var, $allowget = 0, $seccodecheck = 0, $secqaacheck = 0) {
  13. if(!getgpc($var)) {
  14. return FALSE;
  15. } else {
  16. global $_G;
  17. if($allowget || ($_SERVER['REQUEST_METHOD'] == 'POST' && !empty($_GET['formhash']) && $_GET['formhash'] == formhash() && empty($_SERVER['HTTP_X_FLASH_VERSION']) && (empty($_SERVER['HTTP_REFERER']) ||
  18. preg_replace("/https?:\/\/([^\:\/]+).*/i", "\\1", $_SERVER['HTTP_REFERER']) == preg_replace("/([^\:]+).*/", "\\1", $_SERVER['HTTP_HOST'])))) {
  19. if(checkperm('seccode')) {
  20. if($secqaacheck && !check_secqaa($_GET['secanswer'], $_GET['sechash'])) {
  21. showmessage('submit_secqaa_invalid');
  22. }
  23. if($seccodecheck && !check_seccode($_GET['seccodeverify'], $_GET['sechash'])) {
  24. showmessage('submit_seccode_invalid');
  25. }
  26. }
  27. return TRUE;
  28. } else {
  29. showmessage('submit_invalid');
  30. }
  31. }
  32. }
  33. public static function censor($message, $modword = NULL, $return = FALSE) {
  34. global $_G;
  35. $censor = discuz_censor::instance();
  36. $censor->check($message, $modword);
  37. if($censor->modbanned() && empty($_G['group']['ignorecensor'])) {
  38. $wordbanned = implode(', ', $censor->words_found);
  39. if($return) {
  40. return array('message' => lang('message', 'word_banned', array('wordbanned' => $wordbanned)));
  41. }
  42. if(!defined('IN_ADMINCP')) {
  43. showmessage('word_banned', '', array('wordbanned' => $wordbanned));
  44. } else {
  45. cpmsg(lang('message', 'word_banned'), '', 'error', array('wordbanned' => $wordbanned));
  46. }
  47. }
  48. if($_G['group']['allowposturl'] == 0 || $_G['group']['allowposturl'] == 2) {
  49. $urllist = self::get_url_list($message);
  50. if(is_array($urllist[1])) foreach($urllist[1] as $key => $val) {
  51. if(!$val = trim($val)) continue;
  52. if(!iswhitelist($val)) {
  53. if($_G['group']['allowposturl'] == 0) {
  54. if($return) {
  55. return array('message' => 'post_url_nopermission');
  56. }
  57. showmessage('post_url_nopermission');
  58. } elseif($_G['group']['allowposturl'] == 2) {
  59. $message = str_replace('[url]'.$urllist[0][$key].'[/url]', $urllist[0][$key], $message);
  60. $message = preg_replace(
  61. array(
  62. "@\[url=[^\]]*?".preg_quote($urllist[0][$key],'@')."[^\]]*?\](.*?)\[/url\]@is",
  63. "@href=('|\")".preg_quote($urllist[0][$key],'@')."\\1@is",
  64. "@\[url\]([^\]]*?".preg_quote($urllist[0][$key],'@')."[^\]]*?)\[/url\]@is",
  65. ),
  66. array(
  67. '\\1',
  68. '',
  69. '\\1',
  70. ),
  71. $message);
  72. }
  73. }
  74. }
  75. }
  76. return $message;
  77. }
  78. public static function censormod($message) {
  79. global $_G;
  80. if($_G['group']['ignorecensor']) {
  81. return false;
  82. }
  83. $modposturl = false;
  84. if($_G['group']['allowposturl'] == 1) {
  85. $urllist = self::get_url_list($message);
  86. if(is_array($urllist[1])) foreach($urllist[1] as $key => $val) {
  87. if(!$val = trim($val)) continue;
  88. if(!iswhitelist($val)) {
  89. $modposturl = true;
  90. }
  91. }
  92. }
  93. if($modposturl) {
  94. return true;
  95. }
  96. $censor = discuz_censor::instance();
  97. $censor->check($message);
  98. return $censor->modmoderated();
  99. }
  100. public static function check_seccode($value, $idhash) {
  101. global $_G;
  102. if(!$_G['setting']['seccodestatus']) {
  103. return true;
  104. }
  105. if(!is_numeric($_G['setting']['seccodedata']['type'])) {
  106. $etype = explode(':', $_G['setting']['seccodedata']['type']);
  107. if(count($etype) > 1) {
  108. $codefile = DISCUZ_ROOT.'./source/plugin/'.$etype[0].'/seccode/seccode_'.$etype[1].'.php';
  109. $class = $etype[1];
  110. } else {
  111. $codefile = libfile('seccode/'.$_G['setting']['seccodedata']['type'], 'class');
  112. $class = $_G['setting']['seccodedata']['type'];
  113. }
  114. if(file_exists($codefile)) {
  115. @include_once $codefile;
  116. $class = 'seccode_'.$class;
  117. if(class_exists($class)) {
  118. $code = new $class();
  119. if(method_exists($code, 'check')) {
  120. return $code->check($value, $idhash);
  121. }
  122. }
  123. }
  124. return false;
  125. }
  126. if(!isset($_G['cookie']['seccode'.$idhash])) {
  127. return false;
  128. }
  129. list($checkvalue, $checktime, $checkidhash, $checkformhash) = explode("\t", authcode($_G['cookie']['seccode'.$idhash], 'DECODE', $_G['config']['security']['authkey']));
  130. return $checkvalue == strtoupper($value) && TIMESTAMP - 180 > $checktime && $checkidhash == $idhash && FORMHASH == $checkformhash;
  131. }
  132. public static function check_secqaa($value, $idhash) {
  133. global $_G;
  134. if(!$_G['setting']['secqaa']) {
  135. return true;
  136. }
  137. if(!isset($_G['cookie']['secqaa'.$idhash])) {
  138. return false;
  139. }
  140. loadcache('secqaa');
  141. list($checkvalue, $checktime, $checkidhash, $checkformhash) = explode("\t", authcode($_G['cookie']['secqaa'.$idhash], 'DECODE', $_G['config']['security']['authkey']));
  142. return $checkvalue == md5($value) && TIMESTAMP - 180 > $checktime && $checkidhash == $idhash && FORMHASH == $checkformhash;
  143. }
  144. public static function get_url_list($message) {
  145. $return = array();
  146. (strpos($message, '[/img]') || strpos($message, '[/flash]')) && $message = preg_replace("/\[img[^\]]*\]\s*([^\[\<\r\n]+?)\s*\[\/img\]|\[flash[^\]]*\]\s*([^\[\<\r\n]+?)\s*\[\/flash\]/is", '', $message);
  147. if(preg_match_all("/((https?|ftp|gopher|news|telnet|rtsp|mms|callto|bctp|thunder|qqdl|synacast){1}:\/\/|www\.)[^ \[\]\"']+/i", $message, $urllist)) {
  148. foreach($urllist[0] as $key => $val) {
  149. $val = trim($val);
  150. $return[0][$key] = $val;
  151. if(!preg_match('/^http:\/\//is', $val)) $val = 'http://'.$val;
  152. $tmp = parse_url($val);
  153. $return[1][$key] = $tmp['host'];
  154. if($tmp['port']){
  155. $return[1][$key] .= ":$tmp[port]";
  156. }
  157. }
  158. }
  159. return $return;
  160. }
  161. public static function updatemoderate($idtype, $ids, $status = 0) {
  162. $ids = is_array($ids) ? $ids : array($ids);
  163. if(!$ids) {
  164. return;
  165. }
  166. if(!$status) {
  167. foreach($ids as $id) {
  168. C::t('common_moderate')->insert($idtype, array(
  169. 'id' => $id,
  170. 'status' => 0,
  171. 'dateline' => TIMESTAMP,
  172. ), false, true);
  173. }
  174. } elseif($status == 1) {
  175. C::t('common_moderate')->update($ids, $idtype, array('status' => 1));
  176. } elseif($status == 2) {
  177. C::t('common_moderate')->delete($ids, $idtype);
  178. }
  179. }
  180. }
  181. ?>