Chris@76: <?php
Chris@76: 
Chris@76: /**
Chris@76:  * Simple Machines Forum (SMF)
Chris@76:  *
Chris@76:  * @package SMF
Chris@76:  * @author Simple Machines http://www.simplemachines.org
Chris@76:  * @copyright 2011 Simple Machines
Chris@76:  * @license http://www.simplemachines.org/about/smf/license.php BSD
Chris@76:  *
Chris@76:  * @version 2.0.3
Chris@76:  */
Chris@76: 
Chris@76: if (!defined('SMF'))
Chris@76: 	die('Hacking attempt...');
Chris@76: 
Chris@76: /*	This file has the very important job of insuring forum security.  This
Chris@76: 	task includes banning and permissions, namely.  It does this by providing
Chris@76: 	the following functions:
Chris@76: 
Chris@76: 	void validateSession()
Chris@76: 		- makes sure the user is who they claim to be by requiring a
Chris@76: 		  password to be typed in every hour.
Chris@76: 		- is turned on and off by the securityDisable setting.
Chris@76: 		- uses the adminLogin() function of Subs-Auth.php if they need to
Chris@76: 		  login, which saves all request (post and get) data.
Chris@76: 
Chris@76: 	void is_not_guest(string message = '')
Chris@76: 		- checks if the user is currently a guest, and if so asks them to
Chris@76: 		  login with a message telling them why.
Chris@76: 		- message is what to tell them when asking them to login.
Chris@76: 
Chris@76: 	void is_not_banned(bool force_check = false)
Chris@76: 		- checks if the user is banned, and if so dies with an error.
Chris@76: 		- caches this information for optimization purposes.
Chris@76: 		- forces a recheck if force_check is true.
Chris@76: 
Chris@76: 	void banPermissions()
Chris@76: 		- applies any states of banning by removing permissions the user
Chris@76: 		  cannot have.
Chris@76: 
Chris@76: 	void log_ban(array ban_ids = array(), string email = null)
Chris@76: 		- log the current user in the ban logs.
Chris@76: 		- increment the hit counters for the specified ban ID's (if any.)
Chris@76: 
Chris@76: 	void isBannedEmail(string email, string restriction, string error)
Chris@76: 		- check if a given email is banned.
Chris@76: 		- performs an immediate ban if the turns turns out positive.
Chris@76: 
Chris@76: 	string checkSession(string type = 'post', string from_action = none,
Chris@76: 			is_fatal = true)
Chris@76: 		- checks the current session, verifying that the person is who he or
Chris@76: 		  she should be.
Chris@76: 		- also checks the referrer to make sure they didn't get sent here.
Chris@76: 		- depends on the disableCheckUA setting, which is usually missing.
Chris@76: 		- will check GET, POST, or REQUEST depending on the passed type.
Chris@76: 		- also optionally checks the referring action if passed. (note that
Chris@76: 		  the referring action must be by GET.)
Chris@76: 		- returns the error message if is_fatal is false.
Chris@76: 
Chris@76: 	bool checkSubmitOnce(string action, bool is_fatal = true)
Chris@76: 		- registers a sequence number for a form.
Chris@76: 		- checks whether a submitted sequence number is registered in the
Chris@76: 		  current session.
Chris@76: 		- depending on the value of is_fatal shows an error or returns true or
Chris@76: 		  false.
Chris@76: 		- frees a sequence number from the stack after it's been checked.
Chris@76: 		- frees a sequence number without checking if action == 'free'.
Chris@76: 
Chris@76: 	bool allowedTo(string permission, array boards = current)
Chris@76: 		- checks whether the user is allowed to do permission. (ie. post_new.)
Chris@76: 		- if boards is specified, checks those boards instead of the current
Chris@76: 		  one.
Chris@76: 		- always returns true if the user is an administrator.
Chris@76: 		- returns true if he or she can do it, false otherwise.
Chris@76: 
Chris@76: 	void isAllowedTo(string permission, array boards = current)
Chris@76: 		- uses allowedTo() to check if the user is allowed to do permission.
Chris@76: 		- checks the passed boards or current board for the permission.
Chris@76: 		- if they are not, it loads the Errors language file and shows an
Chris@76: 		  error using $txt['cannot_' . $permission].
Chris@76: 		- if they are a guest and cannot do it, this calls is_not_guest().
Chris@76: 
Chris@76: 	array boardsAllowedTo(string permission, bool check_access = false)
Chris@76: 		- returns a list of boards on which the user is allowed to do the
Chris@76: 		  specified permission.
Chris@76: 		- returns an array with only a 0 in it if the user has permission
Chris@76: 		  to do this on every board.
Chris@76: 		- returns an empty array if he or she cannot do this on any board.
Chris@76: 		- if check_access is true will also make sure the group has proper access to that board.
Chris@76: 
Chris@76: 	string showEmailAddress(string userProfile_hideEmail, int userProfile_id)
Chris@76: 		- returns whether an email address should be shown and how.
Chris@76: 		- possible outcomes are
Chris@76: 			'yes': show the full email address
Chris@76: 			'yes_permission_override': show the full email address, either you
Chris@76: 			  are a moderator or it's your own email address.
Chris@76: 			'no_through_forum': don't show the email address, but do allow
Chris@76: 			  things to be mailed using the built-in forum mailer.
Chris@76: 			'no': keep the email address hidden.
Chris@76: */
Chris@76: 
Chris@76: // Check if the user is who he/she says he is
Chris@76: function validateSession()
Chris@76: {
Chris@76: 	global $modSettings, $sourcedir, $user_info, $sc, $user_settings;
Chris@76: 
Chris@76: 	// We don't care if the option is off, because Guests should NEVER get past here.
Chris@76: 	is_not_guest();
Chris@76: 
Chris@76: 	// If we're using XML give an additional ten minutes grace as an admin can't log on in XML mode.
Chris@76: 	$refreshTime = isset($_GET['xml']) ? 4200 : 3600;
Chris@76: 
Chris@76: 	// Is the security option off?  Or are they already logged in?
Chris@76: 	if (!empty($modSettings['securityDisable']) || (!empty($_SESSION['admin_time']) && $_SESSION['admin_time'] + $refreshTime >= time()))
Chris@76: 		return;
Chris@76: 
Chris@76: 	require_once($sourcedir . '/Subs-Auth.php');
Chris@76: 
Chris@76: 	// Hashed password, ahoy!
Chris@76: 	if (isset($_POST['admin_hash_pass']) && strlen($_POST['admin_hash_pass']) == 40)
Chris@76: 	{
Chris@76: 		checkSession();
Chris@76: 
Chris@76: 		$good_password = in_array(true, call_integration_hook('integrate_verify_password', array($user_info['username'], $_POST['admin_hash_pass'], true)), true);
Chris@76: 
Chris@76: 		if ($good_password || $_POST['admin_hash_pass'] == sha1($user_info['passwd'] . $sc))
Chris@76: 		{
Chris@76: 			$_SESSION['admin_time'] = time();
Chris@76: 			unset($_SESSION['request_referer']);
Chris@76: 			return;
Chris@76: 		}
Chris@76: 	}
Chris@76: 	// Posting the password... check it.
Chris@76: 	if (isset($_POST['admin_pass']))
Chris@76: 	{
Chris@76: 		checkSession();
Chris@76: 
Chris@76: 		$good_password = in_array(true, call_integration_hook('integrate_verify_password', array($user_info['username'], $_POST['admin_pass'], false)), true);
Chris@76: 
Chris@76: 		// Password correct?
Chris@76: 		if ($good_password || sha1(strtolower($user_info['username']) . $_POST['admin_pass']) == $user_info['passwd'])
Chris@76: 		{
Chris@76: 			$_SESSION['admin_time'] = time();
Chris@76: 			unset($_SESSION['request_referer']);
Chris@76: 			return;
Chris@76: 		}
Chris@76: 	}
Chris@76: 	// OpenID?
Chris@76: 	if (!empty($user_settings['openid_uri']))
Chris@76: 	{
Chris@76: 		require_once($sourcedir . '/Subs-OpenID.php');
Chris@76: 		smf_openID_revalidate();
Chris@76: 
Chris@76: 		$_SESSION['admin_time'] = time();
Chris@76: 		unset($_SESSION['request_referer']);
Chris@76: 		return;
Chris@76: 	}
Chris@76: 
Chris@76: 	// Better be sure to remember the real referer
Chris@76: 	if (empty($_SESSION['request_referer']))
Chris@76: 		$_SESSION['request_referer'] = isset($_SERVER['HTTP_REFERER']) ? @parse_url($_SERVER['HTTP_REFERER']) : array();
Chris@76: 	elseif (empty($_POST))
Chris@76: 		unset($_SESSION['request_referer']);
Chris@76: 	// Need to type in a password for that, man.
Chris@76: 	adminLogin();
Chris@76: }
Chris@76: 
Chris@76: // Require a user who is logged in. (not a guest.)
Chris@76: function is_not_guest($message = '')
Chris@76: {
Chris@76: 	global $user_info, $txt, $context, $scripturl;
Chris@76: 
Chris@76: 	// Luckily, this person isn't a guest.
Chris@76: 	if (!$user_info['is_guest'])
Chris@76: 		return;
Chris@76: 
Chris@76: 	// People always worry when they see people doing things they aren't actually doing...
Chris@76: 	$_GET['action'] = '';
Chris@76: 	$_GET['board'] = '';
Chris@76: 	$_GET['topic'] = '';
Chris@76: 	writeLog(true);
Chris@76: 
Chris@76: 	// Just die.
Chris@76: 	if (isset($_REQUEST['xml']))
Chris@76: 		obExit(false);
Chris@76: 
Chris@76: 	// Attempt to detect if they came from dlattach.
Chris@76: 	if (!WIRELESS && SMF != 'SSI' && empty($context['theme_loaded']))
Chris@76: 		loadTheme();
Chris@76: 
Chris@76: 	// Never redirect to an attachment
Chris@76: 	if (strpos($_SERVER['REQUEST_URL'], 'dlattach') === false)
Chris@76: 		$_SESSION['login_url'] = $_SERVER['REQUEST_URL'];
Chris@76: 
Chris@76: 	// Load the Login template and language file.
Chris@76: 	loadLanguage('Login');
Chris@76: 
Chris@76: 	// Are we in wireless mode?
Chris@76: 	if (WIRELESS)
Chris@76: 	{
Chris@76: 		$context['login_error'] = $message ? $message : $txt['only_members_can_access'];
Chris@76: 		$context['sub_template'] = WIRELESS_PROTOCOL . '_login';
Chris@76: 	}
Chris@76: 	// Apparently we're not in a position to handle this now. Let's go to a safer location for now.
Chris@76: 	elseif (empty($context['template_layers']))
Chris@76: 	{
Chris@76: 		$_SESSION['login_url'] = $scripturl . '?' . $_SERVER['QUERY_STRING'];
Chris@76: 		redirectexit('action=login');
Chris@76: 	}
Chris@76: 	else
Chris@76: 	{
Chris@76: 		loadTemplate('Login');
Chris@76: 		$context['sub_template'] = 'kick_guest';
Chris@76: 		$context['robot_no_index'] = true;
Chris@76: 	}
Chris@76: 
Chris@76: 	// Use the kick_guest sub template...
Chris@76: 	$context['kick_message'] = $message;
Chris@76: 	$context['page_title'] = $txt['login'];
Chris@76: 
Chris@76: 	obExit();
Chris@76: 
Chris@76: 	// We should never get to this point, but if we did we wouldn't know the user isn't a guest.
Chris@76: 	trigger_error('Hacking attempt...', E_USER_ERROR);
Chris@76: }
Chris@76: 
Chris@76: // Do banning related stuff.  (ie. disallow access....)
Chris@76: function is_not_banned($forceCheck = false)
Chris@76: {
Chris@76: 	global $txt, $modSettings, $context, $user_info;
Chris@76: 	global $sourcedir, $cookiename, $user_settings, $smcFunc;
Chris@76: 
Chris@76: 	// You cannot be banned if you are an admin - doesn't help if you log out.
Chris@76: 	if ($user_info['is_admin'])
Chris@76: 		return;
Chris@76: 
Chris@76: 	// Only check the ban every so often. (to reduce load.)
Chris@76: 	if ($forceCheck || !isset($_SESSION['ban']) || empty($modSettings['banLastUpdated']) || ($_SESSION['ban']['last_checked'] < $modSettings['banLastUpdated']) || $_SESSION['ban']['id_member'] != $user_info['id'] || $_SESSION['ban']['ip'] != $user_info['ip'] || $_SESSION['ban']['ip2'] != $user_info['ip2'] || (isset($user_info['email'], $_SESSION['ban']['email']) && $_SESSION['ban']['email'] != $user_info['email']))
Chris@76: 	{
Chris@76: 		// Innocent until proven guilty.  (but we know you are! :P)
Chris@76: 		$_SESSION['ban'] = array(
Chris@76: 			'last_checked' => time(),
Chris@76: 			'id_member' => $user_info['id'],
Chris@76: 			'ip' => $user_info['ip'],
Chris@76: 			'ip2' => $user_info['ip2'],
Chris@76: 			'email' => $user_info['email'],
Chris@76: 		);
Chris@76: 
Chris@76: 		$ban_query = array();
Chris@76: 		$ban_query_vars = array('current_time' => time());
Chris@76: 		$flag_is_activated = false;
Chris@76: 
Chris@76: 		// Check both IP addresses.
Chris@76: 		foreach (array('ip', 'ip2') as $ip_number)
Chris@76: 		{
Chris@76: 			// Check if we have a valid IP address.
Chris@76: 			if (preg_match('/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/', $user_info[$ip_number], $ip_parts) == 1)
Chris@76: 			{
Chris@76: 				$ban_query[] = '((' . $ip_parts[1] . ' BETWEEN bi.ip_low1 AND bi.ip_high1)
Chris@76: 							AND (' . $ip_parts[2] . ' BETWEEN bi.ip_low2 AND bi.ip_high2)
Chris@76: 							AND (' . $ip_parts[3] . ' BETWEEN bi.ip_low3 AND bi.ip_high3)
Chris@76: 							AND (' . $ip_parts[4] . ' BETWEEN bi.ip_low4 AND bi.ip_high4))';
Chris@76: 
Chris@76: 				// IP was valid, maybe there's also a hostname...
Chris@76: 				if (empty($modSettings['disableHostnameLookup']))
Chris@76: 				{
Chris@76: 					$hostname = host_from_ip($user_info[$ip_number]);
Chris@76: 					if (strlen($hostname) > 0)
Chris@76: 					{
Chris@76: 						$ban_query[] = '({string:hostname} LIKE bi.hostname)';
Chris@76: 						$ban_query_vars['hostname'] = $hostname;
Chris@76: 					}
Chris@76: 				}
Chris@76: 			}
Chris@76: 			// We use '255.255.255.255' for 'unknown' since it's not valid anyway.
Chris@76: 			elseif ($user_info['ip'] == 'unknown')
Chris@76: 				$ban_query[] = '(bi.ip_low1 = 255 AND bi.ip_high1 = 255
Chris@76: 							AND bi.ip_low2 = 255 AND bi.ip_high2 = 255
Chris@76: 							AND bi.ip_low3 = 255 AND bi.ip_high3 = 255
Chris@76: 							AND bi.ip_low4 = 255 AND bi.ip_high4 = 255)';
Chris@76: 		}
Chris@76: 
Chris@76: 		// Is their email address banned?
Chris@76: 		if (strlen($user_info['email']) != 0)
Chris@76: 		{
Chris@76: 			$ban_query[] = '({string:email} LIKE bi.email_address)';
Chris@76: 			$ban_query_vars['email'] = $user_info['email'];
Chris@76: 		}
Chris@76: 
Chris@76: 		// How about this user?
Chris@76: 		if (!$user_info['is_guest'] && !empty($user_info['id']))
Chris@76: 		{
Chris@76: 			$ban_query[] = 'bi.id_member = {int:id_member}';
Chris@76: 			$ban_query_vars['id_member'] = $user_info['id'];
Chris@76: 		}
Chris@76: 
Chris@76: 		// Check the ban, if there's information.
Chris@76: 		if (!empty($ban_query))
Chris@76: 		{
Chris@76: 			$restrictions = array(
Chris@76: 				'cannot_access',
Chris@76: 				'cannot_login',
Chris@76: 				'cannot_post',
Chris@76: 				'cannot_register',
Chris@76: 			);
Chris@76: 			$request = $smcFunc['db_query']('', '
Chris@76: 				SELECT bi.id_ban, bi.email_address, bi.id_member, bg.cannot_access, bg.cannot_register,
Chris@76: 					bg.cannot_post, bg.cannot_login, bg.reason, IFNULL(bg.expire_time, 0) AS expire_time
Chris@76: 				FROM {db_prefix}ban_items AS bi
Chris@76: 					INNER JOIN {db_prefix}ban_groups AS bg ON (bg.id_ban_group = bi.id_ban_group AND (bg.expire_time IS NULL OR bg.expire_time > {int:current_time}))
Chris@76: 				WHERE
Chris@76: 					(' . implode(' OR ', $ban_query) . ')',
Chris@76: 				$ban_query_vars
Chris@76: 			);
Chris@76: 			// Store every type of ban that applies to you in your session.
Chris@76: 			while ($row = $smcFunc['db_fetch_assoc']($request))
Chris@76: 			{
Chris@76: 				foreach ($restrictions as $restriction)
Chris@76: 					if (!empty($row[$restriction]))
Chris@76: 					{
Chris@76: 						$_SESSION['ban'][$restriction]['reason'] = $row['reason'];
Chris@76: 						$_SESSION['ban'][$restriction]['ids'][] = $row['id_ban'];
Chris@76: 						if (!isset($_SESSION['ban']['expire_time']) || ($_SESSION['ban']['expire_time'] != 0 && ($row['expire_time'] == 0 || $row['expire_time'] > $_SESSION['ban']['expire_time'])))
Chris@76: 							$_SESSION['ban']['expire_time'] = $row['expire_time'];
Chris@76: 
Chris@76: 						if (!$user_info['is_guest'] && $restriction == 'cannot_access' && ($row['id_member'] == $user_info['id'] || $row['email_address'] == $user_info['email']))
Chris@76: 							$flag_is_activated = true;
Chris@76: 					}
Chris@76: 			}
Chris@76: 			$smcFunc['db_free_result']($request);
Chris@76: 		}
Chris@76: 
Chris@76: 		// Mark the cannot_access and cannot_post bans as being 'hit'.
Chris@76: 		if (isset($_SESSION['ban']['cannot_access']) || isset($_SESSION['ban']['cannot_post']) || isset($_SESSION['ban']['cannot_login']))
Chris@76: 			log_ban(array_merge(isset($_SESSION['ban']['cannot_access']) ? $_SESSION['ban']['cannot_access']['ids'] : array(), isset($_SESSION['ban']['cannot_post']) ? $_SESSION['ban']['cannot_post']['ids'] : array(), isset($_SESSION['ban']['cannot_login']) ? $_SESSION['ban']['cannot_login']['ids'] : array()));
Chris@76: 
Chris@76: 		// If for whatever reason the is_activated flag seems wrong, do a little work to clear it up.
Chris@76: 		if ($user_info['id'] && (($user_settings['is_activated'] >= 10 && !$flag_is_activated)
Chris@76: 			|| ($user_settings['is_activated'] < 10 && $flag_is_activated)))
Chris@76: 		{
Chris@76: 			require_once($sourcedir . '/ManageBans.php');
Chris@76: 			updateBanMembers();
Chris@76: 		}
Chris@76: 	}
Chris@76: 
Chris@76: 	// Hey, I know you! You're ehm...
Chris@76: 	if (!isset($_SESSION['ban']['cannot_access']) && !empty($_COOKIE[$cookiename . '_']))
Chris@76: 	{
Chris@76: 		$bans = explode(',', $_COOKIE[$cookiename . '_']);
Chris@76: 		foreach ($bans as $key => $value)
Chris@76: 			$bans[$key] = (int) $value;
Chris@76: 		$request = $smcFunc['db_query']('', '
Chris@76: 			SELECT bi.id_ban, bg.reason
Chris@76: 			FROM {db_prefix}ban_items AS bi
Chris@76: 				INNER JOIN {db_prefix}ban_groups AS bg ON (bg.id_ban_group = bi.id_ban_group)
Chris@76: 			WHERE bi.id_ban IN ({array_int:ban_list})
Chris@76: 				AND (bg.expire_time IS NULL OR bg.expire_time > {int:current_time})
Chris@76: 				AND bg.cannot_access = {int:cannot_access}
Chris@76: 			LIMIT ' . count($bans),
Chris@76: 			array(
Chris@76: 				'cannot_access' => 1,
Chris@76: 				'ban_list' => $bans,
Chris@76: 				'current_time' => time(),
Chris@76: 			)
Chris@76: 		);
Chris@76: 		while ($row = $smcFunc['db_fetch_assoc']($request))
Chris@76: 		{
Chris@76: 			$_SESSION['ban']['cannot_access']['ids'][] = $row['id_ban'];
Chris@76: 			$_SESSION['ban']['cannot_access']['reason'] = $row['reason'];
Chris@76: 		}
Chris@76: 		$smcFunc['db_free_result']($request);
Chris@76: 
Chris@76: 		// My mistake. Next time better.
Chris@76: 		if (!isset($_SESSION['ban']['cannot_access']))
Chris@76: 		{
Chris@76: 			require_once($sourcedir . '/Subs-Auth.php');
Chris@76: 			$cookie_url = url_parts(!empty($modSettings['localCookies']), !empty($modSettings['globalCookies']));
Chris@76: 			setcookie($cookiename . '_', '', time() - 3600, $cookie_url[1], $cookie_url[0], 0);
Chris@76: 		}
Chris@76: 	}
Chris@76: 
Chris@76: 	// If you're fully banned, it's end of the story for you.
Chris@76: 	if (isset($_SESSION['ban']['cannot_access']))
Chris@76: 	{
Chris@76: 		// We don't wanna see you!
Chris@76: 		if (!$user_info['is_guest'])
Chris@76: 			$smcFunc['db_query']('', '
Chris@76: 				DELETE FROM {db_prefix}log_online
Chris@76: 				WHERE id_member = {int:current_member}',
Chris@76: 				array(
Chris@76: 					'current_member' => $user_info['id'],
Chris@76: 				)
Chris@76: 			);
Chris@76: 
Chris@76: 		// 'Log' the user out.  Can't have any funny business... (save the name!)
Chris@76: 		$old_name = isset($user_info['name']) && $user_info['name'] != '' ? $user_info['name'] : $txt['guest_title'];
Chris@76: 		$user_info['name'] = '';
Chris@76: 		$user_info['username'] = '';
Chris@76: 		$user_info['is_guest'] = true;
Chris@76: 		$user_info['is_admin'] = false;
Chris@76: 		$user_info['permissions'] = array();
Chris@76: 		$user_info['id'] = 0;
Chris@76: 		$context['user'] = array(
Chris@76: 			'id' => 0,
Chris@76: 			'username' => '',
Chris@76: 			'name' => $txt['guest_title'],
Chris@76: 			'is_guest' => true,
Chris@76: 			'is_logged' => false,
Chris@76: 			'is_admin' => false,
Chris@76: 			'is_mod' => false,
Chris@76: 			'can_mod' => false,
Chris@76: 			'language' => $user_info['language'],
Chris@76: 		);
Chris@76: 
Chris@76: 		// A goodbye present.
Chris@76: 		require_once($sourcedir . '/Subs-Auth.php');
Chris@76: 		$cookie_url = url_parts(!empty($modSettings['localCookies']), !empty($modSettings['globalCookies']));
Chris@76: 		setcookie($cookiename . '_', implode(',', $_SESSION['ban']['cannot_access']['ids']), time() + 3153600, $cookie_url[1], $cookie_url[0], 0);
Chris@76: 
Chris@76: 		// Don't scare anyone, now.
Chris@76: 		$_GET['action'] = '';
Chris@76: 		$_GET['board'] = '';
Chris@76: 		$_GET['topic'] = '';
Chris@76: 		writeLog(true);
Chris@76: 
Chris@76: 		// You banned, sucka!
Chris@76: 		fatal_error(sprintf($txt['your_ban'], $old_name) . (empty($_SESSION['ban']['cannot_access']['reason']) ? '' : '<br />' . $_SESSION['ban']['cannot_access']['reason']) . '<br />' . (!empty($_SESSION['ban']['expire_time']) ? sprintf($txt['your_ban_expires'], timeformat($_SESSION['ban']['expire_time'], false)) : $txt['your_ban_expires_never']), 'user');
Chris@76: 
Chris@76: 		// If we get here, something's gone wrong.... but let's try anyway.
Chris@76: 		trigger_error('Hacking attempt...', E_USER_ERROR);
Chris@76: 	}
Chris@76: 	// You're not allowed to log in but yet you are. Let's fix that.
Chris@76: 	elseif (isset($_SESSION['ban']['cannot_login']) && !$user_info['is_guest'])
Chris@76: 	{
Chris@76: 		// We don't wanna see you!
Chris@76: 		$smcFunc['db_query']('', '
Chris@76: 			DELETE FROM {db_prefix}log_online
Chris@76: 			WHERE id_member = {int:current_member}',
Chris@76: 			array(
Chris@76: 				'current_member' => $user_info['id'],
Chris@76: 			)
Chris@76: 		);
Chris@76: 
Chris@76: 		// 'Log' the user out.  Can't have any funny business... (save the name!)
Chris@76: 		$old_name = isset($user_info['name']) && $user_info['name'] != '' ? $user_info['name'] : $txt['guest_title'];
Chris@76: 		$user_info['name'] = '';
Chris@76: 		$user_info['username'] = '';
Chris@76: 		$user_info['is_guest'] = true;
Chris@76: 		$user_info['is_admin'] = false;
Chris@76: 		$user_info['permissions'] = array();
Chris@76: 		$user_info['id'] = 0;
Chris@76: 		$context['user'] = array(
Chris@76: 			'id' => 0,
Chris@76: 			'username' => '',
Chris@76: 			'name' => $txt['guest_title'],
Chris@76: 			'is_guest' => true,
Chris@76: 			'is_logged' => false,
Chris@76: 			'is_admin' => false,
Chris@76: 			'is_mod' => false,
Chris@76: 			'can_mod' => false,
Chris@76: 			'language' => $user_info['language'],
Chris@76: 		);
Chris@76: 
Chris@76: 		// SMF's Wipe 'n Clean(r) erases all traces.
Chris@76: 		$_GET['action'] = '';
Chris@76: 		$_GET['board'] = '';
Chris@76: 		$_GET['topic'] = '';
Chris@76: 		writeLog(true);
Chris@76: 
Chris@76: 		require_once($sourcedir . '/LogInOut.php');
Chris@76: 		Logout(true, false);
Chris@76: 
Chris@76: 		fatal_error(sprintf($txt['your_ban'], $old_name) . (empty($_SESSION['ban']['cannot_login']['reason']) ? '' : '<br />' . $_SESSION['ban']['cannot_login']['reason']) . '<br />' . (!empty($_SESSION['ban']['expire_time']) ? sprintf($txt['your_ban_expires'], timeformat($_SESSION['ban']['expire_time'], false)) : $txt['your_ban_expires_never']) . '<br />' . $txt['ban_continue_browse'], 'user');
Chris@76: 	}
Chris@76: 
Chris@76: 	// Fix up the banning permissions.
Chris@76: 	if (isset($user_info['permissions']))
Chris@76: 		banPermissions();
Chris@76: }
Chris@76: 
Chris@76: // Fix permissions according to ban status.
Chris@76: function banPermissions()
Chris@76: {
Chris@76: 	global $user_info, $sourcedir, $modSettings, $context;
Chris@76: 
Chris@76: 	// Somehow they got here, at least take away all permissions...
Chris@76: 	if (isset($_SESSION['ban']['cannot_access']))
Chris@76: 		$user_info['permissions'] = array();
Chris@76: 	// Okay, well, you can watch, but don't touch a thing.
Chris@76: 	elseif (isset($_SESSION['ban']['cannot_post']) || (!empty($modSettings['warning_mute']) && $modSettings['warning_mute'] <= $user_info['warning']))
Chris@76: 	{
Chris@76: 		$denied_permissions = array(
Chris@76: 			'pm_send',
Chris@76: 			'calendar_post', 'calendar_edit_own', 'calendar_edit_any',
Chris@76: 			'poll_post',
Chris@76: 			'poll_add_own', 'poll_add_any',
Chris@76: 			'poll_edit_own', 'poll_edit_any',
Chris@76: 			'poll_lock_own', 'poll_lock_any',
Chris@76: 			'poll_remove_own', 'poll_remove_any',
Chris@76: 			'manage_attachments', 'manage_smileys', 'manage_boards', 'admin_forum', 'manage_permissions',
Chris@76: 			'moderate_forum', 'manage_membergroups', 'manage_bans', 'send_mail', 'edit_news',
Chris@76: 			'profile_identity_any', 'profile_extra_any', 'profile_title_any',
Chris@76: 			'post_new', 'post_reply_own', 'post_reply_any',
Chris@76: 			'delete_own', 'delete_any', 'delete_replies',
Chris@76: 			'make_sticky',
Chris@76: 			'merge_any', 'split_any',
Chris@76: 			'modify_own', 'modify_any', 'modify_replies',
Chris@76: 			'move_any',
Chris@76: 			'send_topic',
Chris@76: 			'lock_own', 'lock_any',
Chris@76: 			'remove_own', 'remove_any',
Chris@76: 			'post_unapproved_topics', 'post_unapproved_replies_own', 'post_unapproved_replies_any',
Chris@76: 		);
Chris@76: 		$user_info['permissions'] = array_diff($user_info['permissions'], $denied_permissions);
Chris@76: 	}
Chris@76: 	// Are they absolutely under moderation?
Chris@76: 	elseif (!empty($modSettings['warning_moderate']) && $modSettings['warning_moderate'] <= $user_info['warning'])
Chris@76: 	{
Chris@76: 		// Work out what permissions should change...
Chris@76: 		$permission_change = array(
Chris@76: 			'post_new' => 'post_unapproved_topics',
Chris@76: 			'post_reply_own' => 'post_unapproved_replies_own',
Chris@76: 			'post_reply_any' => 'post_unapproved_replies_any',
Chris@76: 			'post_attachment' => 'post_unapproved_attachments',
Chris@76: 		);
Chris@76: 		foreach ($permission_change as $old => $new)
Chris@76: 		{
Chris@76: 			if (!in_array($old, $user_info['permissions']))
Chris@76: 				unset($permission_change[$old]);
Chris@76: 			else
Chris@76: 				$user_info['permissions'][] = $new;
Chris@76: 		}
Chris@76: 		$user_info['permissions'] = array_diff($user_info['permissions'], array_keys($permission_change));
Chris@76: 	}
Chris@76: 
Chris@76: 	//!!! Find a better place to call this? Needs to be after permissions loaded!
Chris@76: 	// Finally, some bits we cache in the session because it saves queries.
Chris@76: 	if (isset($_SESSION['mc']) && $_SESSION['mc']['time'] > $modSettings['settings_updated'] && $_SESSION['mc']['id'] == $user_info['id'])
Chris@76: 		$user_info['mod_cache'] = $_SESSION['mc'];
Chris@76: 	else
Chris@76: 	{
Chris@76: 		require_once($sourcedir . '/Subs-Auth.php');
Chris@76: 		rebuildModCache();
Chris@76: 	}
Chris@76: 
Chris@76: 	// Now that we have the mod cache taken care of lets setup a cache for the number of mod reports still open
Chris@76: 	if (isset($_SESSION['rc']) && $_SESSION['rc']['time'] > $modSettings['last_mod_report_action'] && $_SESSION['rc']['id'] == $user_info['id'])
Chris@76: 		$context['open_mod_reports'] = $_SESSION['rc']['reports'];
Chris@76: 	elseif ($_SESSION['mc']['bq'] != '0=1')
Chris@76: 	{
Chris@76: 		require_once($sourcedir . '/ModerationCenter.php');
Chris@76: 		recountOpenReports();
Chris@76: 	}
Chris@76: 	else
Chris@76: 		$context['open_mod_reports'] = 0;
Chris@76: }
Chris@76: 
Chris@76: // Log a ban in the database.
Chris@76: function log_ban($ban_ids = array(), $email = null)
Chris@76: {
Chris@76: 	global $user_info, $smcFunc;
Chris@76: 
Chris@76: 	// Don't log web accelerators, it's very confusing...
Chris@76: 	if (isset($_SERVER['HTTP_X_MOZ']) && $_SERVER['HTTP_X_MOZ'] == 'prefetch')
Chris@76: 		return;
Chris@76: 
Chris@76: 	$smcFunc['db_insert']('',
Chris@76: 		'{db_prefix}log_banned',
Chris@76: 		array('id_member' => 'int', 'ip' => 'string-16', 'email' => 'string', 'log_time' => 'int'),
Chris@76: 		array($user_info['id'], $user_info['ip'], ($email === null ? ($user_info['is_guest'] ? '' : $user_info['email']) : $email), time()),
Chris@76: 		array('id_ban_log')
Chris@76: 	);
Chris@76: 
Chris@76: 	// One extra point for these bans.
Chris@76: 	if (!empty($ban_ids))
Chris@76: 		$smcFunc['db_query']('', '
Chris@76: 			UPDATE {db_prefix}ban_items
Chris@76: 			SET hits = hits + 1
Chris@76: 			WHERE id_ban IN ({array_int:ban_ids})',
Chris@76: 			array(
Chris@76: 				'ban_ids' => $ban_ids,
Chris@76: 			)
Chris@76: 		);
Chris@76: }
Chris@76: 
Chris@76: // Checks if a given email address might be banned.
Chris@76: function isBannedEmail($email, $restriction, $error)
Chris@76: {
Chris@76: 	global $txt, $smcFunc;
Chris@76: 
Chris@76: 	// Can't ban an empty email
Chris@76: 	if (empty($email) || trim($email) == '')
Chris@76: 		return;
Chris@76: 
Chris@76: 	// Let's start with the bans based on your IP/hostname/memberID...
Chris@76: 	$ban_ids = isset($_SESSION['ban'][$restriction]) ? $_SESSION['ban'][$restriction]['ids'] : array();
Chris@76: 	$ban_reason = isset($_SESSION['ban'][$restriction]) ? $_SESSION['ban'][$restriction]['reason'] : '';
Chris@76: 
Chris@76: 	// ...and add to that the email address you're trying to register.
Chris@76: 	$request = $smcFunc['db_query']('', '
Chris@76: 		SELECT bi.id_ban, bg.' . $restriction . ', bg.cannot_access, bg.reason
Chris@76: 		FROM {db_prefix}ban_items AS bi
Chris@76: 			INNER JOIN {db_prefix}ban_groups AS bg ON (bg.id_ban_group = bi.id_ban_group)
Chris@76: 		WHERE {string:email} LIKE bi.email_address
Chris@76: 			AND (bg.' . $restriction . ' = {int:cannot_access} OR bg.cannot_access = {int:cannot_access})
Chris@76: 			AND (bg.expire_time IS NULL OR bg.expire_time >= {int:now})',
Chris@76: 		array(
Chris@76: 			'email' => $email,
Chris@76: 			'cannot_access' => 1,
Chris@76: 			'now' => time(),
Chris@76: 		)
Chris@76: 	);
Chris@76: 	while ($row = $smcFunc['db_fetch_assoc']($request))
Chris@76: 	{
Chris@76: 		if (!empty($row['cannot_access']))
Chris@76: 		{
Chris@76: 			$_SESSION['ban']['cannot_access']['ids'][] = $row['id_ban'];
Chris@76: 			$_SESSION['ban']['cannot_access']['reason'] = $row['reason'];
Chris@76: 		}
Chris@76: 		if (!empty($row[$restriction]))
Chris@76: 		{
Chris@76: 			$ban_ids[] = $row['id_ban'];
Chris@76: 			$ban_reason = $row['reason'];
Chris@76: 		}
Chris@76: 	}
Chris@76: 	$smcFunc['db_free_result']($request);
Chris@76: 
Chris@76: 	// You're in biiig trouble.  Banned for the rest of this session!
Chris@76: 	if (isset($_SESSION['ban']['cannot_access']))
Chris@76: 	{
Chris@76: 		log_ban($_SESSION['ban']['cannot_access']['ids']);
Chris@76: 		$_SESSION['ban']['last_checked'] = time();
Chris@76: 
Chris@76: 		fatal_error(sprintf($txt['your_ban'], $txt['guest_title']) . $_SESSION['ban']['cannot_access']['reason'], false);
Chris@76: 	}
Chris@76: 
Chris@76: 	if (!empty($ban_ids))
Chris@76: 	{
Chris@76: 		// Log this ban for future reference.
Chris@76: 		log_ban($ban_ids, $email);
Chris@76: 		fatal_error($error . $ban_reason, false);
Chris@76: 	}
Chris@76: }
Chris@76: 
Chris@76: // Make sure the user's correct session was passed, and they came from here. (type can be post, get, or request.)
Chris@76: function checkSession($type = 'post', $from_action = '', $is_fatal = true)
Chris@76: {
Chris@76: 	global $sc, $modSettings, $boardurl;
Chris@76: 
Chris@76: 	// Is it in as $_POST['sc']?
Chris@76: 	if ($type == 'post')
Chris@76: 	{
Chris@76: 		$check = isset($_POST[$_SESSION['session_var']]) ? $_POST[$_SESSION['session_var']] : (empty($modSettings['strictSessionCheck']) && isset($_POST['sc']) ? $_POST['sc'] : null);
Chris@76: 		if ($check !== $sc)
Chris@76: 			$error = 'session_timeout';
Chris@76: 	}
Chris@76: 
Chris@76: 	// How about $_GET['sesc']?
Chris@76: 	elseif ($type == 'get')
Chris@76: 	{
Chris@76: 		$check = isset($_GET[$_SESSION['session_var']]) ? $_GET[$_SESSION['session_var']] : (empty($modSettings['strictSessionCheck']) && isset($_GET['sesc']) ? $_GET['sesc'] : null);
Chris@76: 		if ($check !== $sc)
Chris@76: 			$error = 'session_verify_fail';
Chris@76: 	}
Chris@76: 
Chris@76: 	// Or can it be in either?
Chris@76: 	elseif ($type == 'request')
Chris@76: 	{
Chris@76: 		$check = isset($_GET[$_SESSION['session_var']]) ? $_GET[$_SESSION['session_var']] : (empty($modSettings['strictSessionCheck']) && isset($_GET['sesc']) ? $_GET['sesc'] : (isset($_POST[$_SESSION['session_var']]) ? $_POST[$_SESSION['session_var']] : (empty($modSettings['strictSessionCheck']) && isset($_POST['sc']) ? $_POST['sc'] : null)));
Chris@76: 
Chris@76: 		if ($check !== $sc)
Chris@76: 			$error = 'session_verify_fail';
Chris@76: 	}
Chris@76: 
Chris@76: 	// Verify that they aren't changing user agents on us - that could be bad.
Chris@76: 	if ((!isset($_SESSION['USER_AGENT']) || $_SESSION['USER_AGENT'] != $_SERVER['HTTP_USER_AGENT']) && empty($modSettings['disableCheckUA']))
Chris@76: 		$error = 'session_verify_fail';
Chris@76: 
Chris@76: 	// Make sure a page with session check requirement is not being prefetched.
Chris@76: 	if (isset($_SERVER['HTTP_X_MOZ']) && $_SERVER['HTTP_X_MOZ'] == 'prefetch')
Chris@76: 	{
Chris@76: 		ob_end_clean();
Chris@76: 		header('HTTP/1.1 403 Forbidden');
Chris@76: 		die;
Chris@76: 	}
Chris@76: 
Chris@76: 	// Check the referring site - it should be the same server at least!
Chris@76: 	if (isset($_SESSION['request_referer']))
Chris@76: 		$referrer = $_SESSION['request_referer'];
Chris@76: 	else
Chris@76: 		$referrer = isset($_SERVER['HTTP_REFERER']) ? @parse_url($_SERVER['HTTP_REFERER']) : array();
Chris@76: 	if (!empty($referrer['host']))
Chris@76: 	{
Chris@76: 		if (strpos($_SERVER['HTTP_HOST'], ':') !== false)
Chris@76: 			$real_host = substr($_SERVER['HTTP_HOST'], 0, strpos($_SERVER['HTTP_HOST'], ':'));
Chris@76: 		else
Chris@76: 			$real_host = $_SERVER['HTTP_HOST'];
Chris@76: 
Chris@76: 		$parsed_url = parse_url($boardurl);
Chris@76: 
Chris@76: 		// Are global cookies on?  If so, let's check them ;).
Chris@76: 		if (!empty($modSettings['globalCookies']))
Chris@76: 		{
Chris@76: 			if (preg_match('~(?:[^\.]+\.)?([^\.]{3,}\..+)\z~i', $parsed_url['host'], $parts) == 1)
Chris@76: 				$parsed_url['host'] = $parts[1];
Chris@76: 
Chris@76: 			if (preg_match('~(?:[^\.]+\.)?([^\.]{3,}\..+)\z~i', $referrer['host'], $parts) == 1)
Chris@76: 				$referrer['host'] = $parts[1];
Chris@76: 
Chris@76: 			if (preg_match('~(?:[^\.]+\.)?([^\.]{3,}\..+)\z~i', $real_host, $parts) == 1)
Chris@76: 				$real_host = $parts[1];
Chris@76: 		}
Chris@76: 
Chris@76: 		// Okay: referrer must either match parsed_url or real_host.
Chris@76: 		if (isset($parsed_url['host']) && strtolower($referrer['host']) != strtolower($parsed_url['host']) && strtolower($referrer['host']) != strtolower($real_host))
Chris@76: 		{
Chris@76: 			$error = 'verify_url_fail';
Chris@76: 			$log_error = true;
Chris@76: 		}
Chris@76: 	}
Chris@76: 
Chris@76: 	// Well, first of all, if a from_action is specified you'd better have an old_url.
Chris@76: 	if (!empty($from_action) && (!isset($_SESSION['old_url']) || preg_match('~[?;&]action=' . $from_action . '([;&]|$)~', $_SESSION['old_url']) == 0))
Chris@76: 	{
Chris@76: 		$error = 'verify_url_fail';
Chris@76: 		$log_error = true;
Chris@76: 	}
Chris@76: 
Chris@76: 	if (strtolower($_SERVER['HTTP_USER_AGENT']) == 'hacker')
Chris@76: 		fatal_error('Sound the alarm!  It\'s a hacker!  Close the castle gates!!', false);
Chris@76: 
Chris@76: 	// Everything is ok, return an empty string.
Chris@76: 	if (!isset($error))
Chris@76: 		return '';
Chris@76: 	// A session error occurred, show the error.
Chris@76: 	elseif ($is_fatal)
Chris@76: 	{
Chris@76: 		if (isset($_GET['xml']))
Chris@76: 		{
Chris@76: 			ob_end_clean();
Chris@76: 			header('HTTP/1.1 403 Forbidden - Session timeout');
Chris@76: 			die;
Chris@76: 		}
Chris@76: 		else
Chris@76: 			fatal_lang_error($error, isset($log_error) ? 'user' : false);
Chris@76: 	}
Chris@76: 	// A session error occurred, return the error to the calling function.
Chris@76: 	else
Chris@76: 		return $error;
Chris@76: 
Chris@76: 	// We really should never fall through here, for very important reasons.  Let's make sure.
Chris@76: 	trigger_error('Hacking attempt...', E_USER_ERROR);
Chris@76: }
Chris@76: 
Chris@76: // Check if a specific confirm parameter was given.
Chris@76: function checkConfirm($action)
Chris@76: {
Chris@76: 	global $modSettings;
Chris@76: 
Chris@76: 	if (isset($_GET['confirm']) && isset($_SESSION['confirm_' . $action]) && md5($_GET['confirm'] . $_SERVER['HTTP_USER_AGENT']) == $_SESSION['confirm_' . $action])
Chris@76: 		return true;
Chris@76: 
Chris@76: 	else
Chris@76: 	{
Chris@76: 		$token = md5(mt_rand() . session_id() . (string) microtime() . $modSettings['rand_seed']);
Chris@76: 		$_SESSION['confirm_' . $action] = md5($token . $_SERVER['HTTP_USER_AGENT']);
Chris@76: 
Chris@76: 		return $token;
Chris@76: 	}
Chris@76: }
Chris@76: 
Chris@76: // Check whether a form has been submitted twice.
Chris@76: function checkSubmitOnce($action, $is_fatal = true)
Chris@76: {
Chris@76: 	global $context;
Chris@76: 
Chris@76: 	if (!isset($_SESSION['forms']))
Chris@76: 		$_SESSION['forms'] = array();
Chris@76: 
Chris@76: 	// Register a form number and store it in the session stack. (use this on the page that has the form.)
Chris@76: 	if ($action == 'register')
Chris@76: 	{
Chris@76: 		$context['form_sequence_number'] = 0;
Chris@76: 		while (empty($context['form_sequence_number']) || in_array($context['form_sequence_number'], $_SESSION['forms']))
Chris@76: 			$context['form_sequence_number'] = mt_rand(1, 16000000);
Chris@76: 	}
Chris@76: 	// Check whether the submitted number can be found in the session.
Chris@76: 	elseif ($action == 'check')
Chris@76: 	{
Chris@76: 		if (!isset($_REQUEST['seqnum']))
Chris@76: 			return true;
Chris@76: 		elseif (!in_array($_REQUEST['seqnum'], $_SESSION['forms']))
Chris@76: 		{
Chris@76: 			$_SESSION['forms'][] = (int) $_REQUEST['seqnum'];
Chris@76: 			return true;
Chris@76: 		}
Chris@76: 		elseif ($is_fatal)
Chris@76: 			fatal_lang_error('error_form_already_submitted', false);
Chris@76: 		else
Chris@76: 			return false;
Chris@76: 	}
Chris@76: 	// Don't check, just free the stack number.
Chris@76: 	elseif ($action == 'free' && isset($_REQUEST['seqnum']) && in_array($_REQUEST['seqnum'], $_SESSION['forms']))
Chris@76: 		$_SESSION['forms'] = array_diff($_SESSION['forms'], array($_REQUEST['seqnum']));
Chris@76: 	elseif ($action != 'free')
Chris@76: 		trigger_error('checkSubmitOnce(): Invalid action \'' . $action . '\'', E_USER_WARNING);
Chris@76: }
Chris@76: 
Chris@76: // Check the user's permissions.
Chris@76: function allowedTo($permission, $boards = null)
Chris@76: {
Chris@76: 	global $user_info, $modSettings, $smcFunc;
Chris@76: 
Chris@76: 	// You're always allowed to do nothing. (unless you're a working man, MR. LAZY :P!)
Chris@76: 	if (empty($permission))
Chris@76: 		return true;
Chris@76: 
Chris@76: 	// You're never allowed to do something if your data hasn't been loaded yet!
Chris@76: 	if (empty($user_info))
Chris@76: 		return false;
Chris@76: 
Chris@76: 	// Administrators are supermen :P.
Chris@76: 	if ($user_info['is_admin'])
Chris@76: 		return true;
Chris@76: 
Chris@76: 	// Are we checking the _current_ board, or some other boards?
Chris@76: 	if ($boards === null)
Chris@76: 	{
Chris@76: 		// Check if they can do it.
Chris@76: 		if (!is_array($permission) && in_array($permission, $user_info['permissions']))
Chris@76: 			return true;
Chris@76: 		// Search for any of a list of permissions.
Chris@76: 		elseif (is_array($permission) && count(array_intersect($permission, $user_info['permissions'])) != 0)
Chris@76: 			return true;
Chris@76: 		// You aren't allowed, by default.
Chris@76: 		else
Chris@76: 			return false;
Chris@76: 	}
Chris@76: 	elseif (!is_array($boards))
Chris@76: 		$boards = array($boards);
Chris@76: 
Chris@76: 	$request = $smcFunc['db_query']('', '
Chris@76: 		SELECT MIN(bp.add_deny) AS add_deny
Chris@76: 		FROM {db_prefix}boards AS b
Chris@76: 			INNER JOIN {db_prefix}board_permissions AS bp ON (bp.id_profile = b.id_profile)
Chris@76: 			LEFT JOIN {db_prefix}moderators AS mods ON (mods.id_board = b.id_board AND mods.id_member = {int:current_member})
Chris@76: 		WHERE b.id_board IN ({array_int:board_list})
Chris@76: 			AND bp.id_group IN ({array_int:group_list}, {int:moderator_group})
Chris@76: 			AND bp.permission {raw:permission_list}
Chris@76: 			AND (mods.id_member IS NOT NULL OR bp.id_group != {int:moderator_group})
Chris@76: 		GROUP BY b.id_board',
Chris@76: 		array(
Chris@76: 			'current_member' => $user_info['id'],
Chris@76: 			'board_list' => $boards,
Chris@76: 			'group_list' => $user_info['groups'],
Chris@76: 			'moderator_group' => 3,
Chris@76: 			'permission_list' => (is_array($permission) ? 'IN (\'' . implode('\', \'', $permission) . '\')' : ' = \'' . $permission . '\''),
Chris@76: 		)
Chris@76: 	);
Chris@76: 
Chris@76: 	// Make sure they can do it on all of the boards.
Chris@76: 	if ($smcFunc['db_num_rows']($request) != count($boards))
Chris@76: 		return false;
Chris@76: 
Chris@76: 	$result = true;
Chris@76: 	while ($row = $smcFunc['db_fetch_assoc']($request))
Chris@76: 		$result &= !empty($row['add_deny']);
Chris@76: 	$smcFunc['db_free_result']($request);
Chris@76: 
Chris@76: 	// If the query returned 1, they can do it... otherwise, they can't.
Chris@76: 	return $result;
Chris@76: }
Chris@76: 
Chris@76: // Fatal error if they cannot...
Chris@76: function isAllowedTo($permission, $boards = null)
Chris@76: {
Chris@76: 	global $user_info, $txt;
Chris@76: 
Chris@76: 	static $heavy_permissions = array(
Chris@76: 		'admin_forum',
Chris@76: 		'manage_attachments',
Chris@76: 		'manage_smileys',
Chris@76: 		'manage_boards',
Chris@76: 		'edit_news',
Chris@76: 		'moderate_forum',
Chris@76: 		'manage_bans',
Chris@76: 		'manage_membergroups',
Chris@76: 		'manage_permissions',
Chris@76: 	);
Chris@76: 
Chris@76: 	// Make it an array, even if a string was passed.
Chris@76: 	$permission = is_array($permission) ? $permission : array($permission);
Chris@76: 
Chris@76: 	// Check the permission and return an error...
Chris@76: 	if (!allowedTo($permission, $boards))
Chris@76: 	{
Chris@76: 		// Pick the last array entry as the permission shown as the error.
Chris@76: 		$error_permission = array_shift($permission);
Chris@76: 
Chris@76: 		// If they are a guest, show a login. (because the error might be gone if they do!)
Chris@76: 		if ($user_info['is_guest'])
Chris@76: 		{
Chris@76: 			loadLanguage('Errors');
Chris@76: 			is_not_guest($txt['cannot_' . $error_permission]);
Chris@76: 		}
Chris@76: 
Chris@76: 		// Clear the action because they aren't really doing that!
Chris@76: 		$_GET['action'] = '';
Chris@76: 		$_GET['board'] = '';
Chris@76: 		$_GET['topic'] = '';
Chris@76: 		writeLog(true);
Chris@76: 
Chris@76: 		fatal_lang_error('cannot_' . $error_permission, false);
Chris@76: 
Chris@76: 		// Getting this far is a really big problem, but let's try our best to prevent any cases...
Chris@76: 		trigger_error('Hacking attempt...', E_USER_ERROR);
Chris@76: 	}
Chris@76: 
Chris@76: 	// If you're doing something on behalf of some "heavy" permissions, validate your session.
Chris@76: 	// (take out the heavy permissions, and if you can't do anything but those, you need a validated session.)
Chris@76: 	if (!allowedTo(array_diff($permission, $heavy_permissions), $boards))
Chris@76: 		validateSession();
Chris@76: }
Chris@76: 
Chris@76: // Return the boards a user has a certain (board) permission on. (array(0) if all.)
Chris@76: function boardsAllowedTo($permissions, $check_access = true)
Chris@76: {
Chris@76: 	global $user_info, $modSettings, $smcFunc;
Chris@76: 
Chris@76: 	// Administrators are all powerful, sorry.
Chris@76: 	if ($user_info['is_admin'])
Chris@76: 		return array(0);
Chris@76: 
Chris@76: 	// Arrays are nice, most of the time.
Chris@76: 	if (!is_array($permissions))
Chris@76: 		$permissions = array($permissions);
Chris@76: 
Chris@76: 	// All groups the user is in except 'moderator'.
Chris@76: 	$groups = array_diff($user_info['groups'], array(3));
Chris@76: 
Chris@76: 	$request = $smcFunc['db_query']('', '
Chris@76: 		SELECT b.id_board, bp.add_deny
Chris@76: 		FROM {db_prefix}board_permissions AS bp
Chris@76: 			INNER JOIN {db_prefix}boards AS b ON (b.id_profile = bp.id_profile)
Chris@76: 			LEFT JOIN {db_prefix}moderators AS mods ON (mods.id_board = b.id_board AND mods.id_member = {int:current_member})
Chris@76: 		WHERE bp.id_group IN ({array_int:group_list}, {int:moderator_group})
Chris@76: 			AND bp.permission IN ({array_string:permissions})
Chris@76: 			AND (mods.id_member IS NOT NULL OR bp.id_group != {int:moderator_group})' .
Chris@76: 			($check_access ? ' AND {query_see_board}' : ''),
Chris@76: 		array(
Chris@76: 			'current_member' => $user_info['id'],
Chris@76: 			'group_list' => $groups,
Chris@76: 			'moderator_group' => 3,
Chris@76: 			'permissions' => $permissions,
Chris@76: 		)
Chris@76: 	);
Chris@76: 	$boards = array();
Chris@76: 	$deny_boards = array();
Chris@76: 	while ($row = $smcFunc['db_fetch_assoc']($request))
Chris@76: 	{
Chris@76: 		if (empty($row['add_deny']))
Chris@76: 			$deny_boards[] = $row['id_board'];
Chris@76: 		else
Chris@76: 			$boards[] = $row['id_board'];
Chris@76: 	}
Chris@76: 	$smcFunc['db_free_result']($request);
Chris@76: 
Chris@76: 	$boards = array_unique(array_values(array_diff($boards, $deny_boards)));
Chris@76: 
Chris@76: 	return $boards;
Chris@76: }
Chris@76: 
Chris@76: function showEmailAddress($userProfile_hideEmail, $userProfile_id)
Chris@76: {
Chris@76: 	global $modSettings, $user_info;
Chris@76: 
Chris@76: 	// Should this users email address be shown?
Chris@76: 	// If you're guest and the forum is set to hide email for guests: no.
Chris@76: 	// If the user is post-banned: no.
Chris@76: 	// If it's your own profile and you've set your address hidden: yes_permission_override.
Chris@76: 	// If you're a moderator with sufficient permissions: yes_permission_override.
Chris@76: 	// If the user has set their email address to be hidden: no.
Chris@76: 	// If the forum is set to show full email addresses: yes.
Chris@76: 	// Otherwise: no_through_forum.
Chris@76: 
Chris@76: 	return (!empty($modSettings['guest_hideContacts']) && $user_info['is_guest']) || isset($_SESSION['ban']['cannot_post']) ? 'no' : ((!$user_info['is_guest'] && $user_info['id'] == $userProfile_id && !$userProfile_hideEmail) || allowedTo('moderate_forum') ? 'yes_permission_override' : ($userProfile_hideEmail ? 'no' : (!empty($modSettings['make_email_viewable']) ? 'yes' : 'no_through_forum')));
Chris@76: }
Chris@76: 
Chris@76: ?>