# Selima Website Content Management System # Public.pm: The base guestbook form checker. # Copyright (c) 2004-2018 imacat. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # Author: imacat # First written: 2004-10-23 package Selima::Checker::Guestbook::Public; use 5.008; use strict; use warnings; use base qw(Selima::Checker::Guestbook); use URI::Find qw(); use Selima::DataVars qw($DBH :lninfo); use Selima::GetLang; use Selima::HTTP; use Selima::ShortCut; use vars qw($uri_finder); # _check_name: Check the name sub _check_name : method { local ($_, %_); my ($self, $form, $error); $self = $_[0]; $form = $self->{"form"}; # Check if it exists $error = $self->_missing("name"); return $error if defined $error; # Regularize it $self->_trim("name"); # Skip if it is not filled return if $form->param("name") eq ""; # Check the length return {"msg"=>N_("Your signature is too long. (Max. length [#,_1])"), "margs"=>[${$self->{"maxlens"}}{"name"}]} if length $form->param("name") > ${$self->{"maxlens"}}{"name"}; # OK return; } # _check_name_req: Check the name (required) sub _check_name_req : method { local ($_, %_); my ($self, $form, $error); $self = $_[0]; $form = $self->{"form"}; # Check if it exists $error = $self->_missing("name"); return $error if defined $error; # Regularize it $self->_trim("name"); # Check if it is filled return {"msg"=>N_("Please fill in your signature.")} if $form->param("name") eq ""; # Check the length return {"msg"=>N_("Your signature is too long. (Max. length [#,_1])"), "margs"=>[${$self->{"maxlens"}}{"name"}]} if length $form->param("name") > ${$self->{"maxlens"}}{"name"}; # OK return; } # _check_identity: Check the identity sub _check_identity : method { local ($_, %_); my ($self, $form, $error); $self = $_[0]; $form = $self->{"form"}; # Check if it exists $error = $self->_missing("identity"); return $error if defined $error; # Regularize it $self->_trim("identity"); # Skip if it is not filled return if $form->param("identity") eq ""; # Check the length return {"msg"=>N_("Your identity is too long. (Max. length [#,_1])"), "margs"=>[${$self->{"maxlens"}}{"identity"}]} if length $form->param("identity") > ${$self->{"maxlens"}}{"identity"}; # OK return; } # _check_location: Check the location sub _check_location : method { local ($_, %_); my ($self, $form, $error); $self = $_[0]; $form = $self->{"form"}; # Check if it exists $error = $self->_missing("location"); return $error if defined $error; # Regularize it $self->_trim("location"); # Skip if it is not filled return if $form->param("location") eq ""; # Check the length return {"msg"=>N_("Your location is too long. (Max. length [#,_1])"), "margs"=>[${$self->{"maxlens"}}{"location"}]} if length $form->param("location") > ${$self->{"maxlens"}}{"location"}; # OK return; } # _check_email: Check the e-mail sub _check_email : method { local ($_, %_); my ($self, $form, $error); $self = $_[0]; $form = $self->{"form"}; # Check if it exists $error = $self->_missing("email"); return $error if defined $error; # Regularize it $self->_trim("email"); # Skip if it is not filled return if $form->param("email") eq ""; # Check the length return {"msg"=>N_("Your e-mail is too long. (Max. length [#,_1])"), "margs"=>[${$self->{"maxlens"}}{"email"}]} if length $form->param("email") > ${$self->{"maxlens"}}{"email"}; # OK return; } # _check_url: Check the URL sub _check_url : method { local ($_, %_); my ($self, $form, $error); $self = $_[0]; $form = $self->{"form"}; # Check if it exists $error = $self->_missing("url"); return $error if defined $error; # Regularize it $self->_trim("url"); # Skip if it is not filled return if $form->param("url") eq ""; # Check the length return {"msg"=>N_("Your website URL is too long. (Max. length [#,_1])"), "margs"=>[${$self->{"maxlens"}}{"url"}]} if length $form->param("url") > ${$self->{"maxlens"}}{"url"}; # OK return; } # _check_message: The default message checker sub _check_message : method { local ($_, %_); my ($self, $form, $error); $self = $_[0]; $form = $self->{"form"}; # Check if it exists $error = $self->_missing("message"); return $error if defined $error; # Regularize it $self->_trimtext("message"); # Check if it is filled $form->param("message", "") if $form->param("message") eq C_("Fill in your message here."); return {"msg"=>N_("Please fill in your message.")} if $form->param("message") eq ""; # Check the length return {"msg"=>N_("Your message is too long. (Max. length [#,_1])"), "margs"=>[${$self->{"maxlens"}}{"message"}]} if length $form->param("message") > ${$self->{"maxlens"}}{"message"}; # OK return; } # _check_flood: Check the flooding attack sub _check_flood : method { local ($_, %_); my ($self, $form, $sth, $sql); $self = $_[0]; $form = $self->{"form"}; # At most 5 posts/hours from a single IP $sql = "SELECT count(*) AS count FROM " . $DBH->quote_identifier($self->{"table"}) . " WHERE created > now() - cast('1 hour' AS interval)" . " AND ip='" . $ENV{"REMOTE_ADDR"} . "';\n"; $sth = $DBH->prepare($sql); $sth->execute; return {"msg"=>N_("You can post at most 5 messages in 1 hour.")} if ${$sth->fetch}[0] > 5; # OK return; } # _check_dup: Check the duplicated message sub _check_dup : method { local ($_, %_); my ($self, $form, $sth, $sql); $self = $_[0]; $form = $self->{"form"}; # No duplicated message in the recent 5 posts $sql = "SELECT message FROM " . $DBH->quote_identifier($self->{"table"}) . " ORDER BY created DESC LIMIT 5;\n"; $sth = $DBH->prepare($sql); $sth->execute; for ($_ = 0; $_ < $sth->rows; $_++) { return {"msg"=>N_("Your message is already posted.")} if ${$sth->fetch}[0] eq $form->param("message"); } # OK return; } return 1;