225 lines
6.8 KiB
Perl
225 lines
6.8 KiB
Perl
# Selima Website Content Management System
|
|
# Public.pm: The base guestbook form checker.
|
|
|
|
# Copyright (c) 2004-2018 imacat.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
# Author: imacat <imacat@mail.imacat.idv.tw>
|
|
# First written: 2004-10-23
|
|
|
|
package Selima::Checker::Guestbook::Public;
|
|
use 5.008;
|
|
use strict;
|
|
use warnings;
|
|
use base qw(Selima::Checker::Guestbook);
|
|
|
|
use URI::Find qw();
|
|
|
|
use Selima::DataVars qw($DBH :lninfo);
|
|
use Selima::GetLang;
|
|
use Selima::HTTP;
|
|
use Selima::ShortCut;
|
|
|
|
use vars qw($uri_finder);
|
|
|
|
# _check_name: Check the name
|
|
sub _check_name : method {
|
|
local ($_, %_);
|
|
my ($self, $form, $error);
|
|
$self = $_[0];
|
|
$form = $self->{"form"};
|
|
# Check if it exists
|
|
$error = $self->_missing("name");
|
|
return $error if defined $error;
|
|
# Regularize it
|
|
$self->_trim("name");
|
|
# Skip if it is not filled
|
|
return if $form->param("name") eq "";
|
|
# Check the length
|
|
return {"msg"=>N_("Your signature is too long. (Max. length [#,_1])"),
|
|
"margs"=>[${$self->{"maxlens"}}{"name"}]}
|
|
if length $form->param("name") > ${$self->{"maxlens"}}{"name"};
|
|
# OK
|
|
return;
|
|
}
|
|
|
|
# _check_name_req: Check the name (required)
|
|
sub _check_name_req : method {
|
|
local ($_, %_);
|
|
my ($self, $form, $error);
|
|
$self = $_[0];
|
|
$form = $self->{"form"};
|
|
# Check if it exists
|
|
$error = $self->_missing("name");
|
|
return $error if defined $error;
|
|
# Regularize it
|
|
$self->_trim("name");
|
|
# Check if it is filled
|
|
return {"msg"=>N_("Please fill in your signature.")}
|
|
if $form->param("name") eq "";
|
|
# Check the length
|
|
return {"msg"=>N_("Your signature is too long. (Max. length [#,_1])"),
|
|
"margs"=>[${$self->{"maxlens"}}{"name"}]}
|
|
if length $form->param("name") > ${$self->{"maxlens"}}{"name"};
|
|
# OK
|
|
return;
|
|
}
|
|
|
|
# _check_identity: Check the identity
|
|
sub _check_identity : method {
|
|
local ($_, %_);
|
|
my ($self, $form, $error);
|
|
$self = $_[0];
|
|
$form = $self->{"form"};
|
|
# Check if it exists
|
|
$error = $self->_missing("identity");
|
|
return $error if defined $error;
|
|
# Regularize it
|
|
$self->_trim("identity");
|
|
# Skip if it is not filled
|
|
return if $form->param("identity") eq "";
|
|
# Check the length
|
|
return {"msg"=>N_("Your identity is too long. (Max. length [#,_1])"),
|
|
"margs"=>[${$self->{"maxlens"}}{"identity"}]}
|
|
if length $form->param("identity") > ${$self->{"maxlens"}}{"identity"};
|
|
# OK
|
|
return;
|
|
}
|
|
|
|
# _check_location: Check the location
|
|
sub _check_location : method {
|
|
local ($_, %_);
|
|
my ($self, $form, $error);
|
|
$self = $_[0];
|
|
$form = $self->{"form"};
|
|
# Check if it exists
|
|
$error = $self->_missing("location");
|
|
return $error if defined $error;
|
|
# Regularize it
|
|
$self->_trim("location");
|
|
# Skip if it is not filled
|
|
return if $form->param("location") eq "";
|
|
# Check the length
|
|
return {"msg"=>N_("Your location is too long. (Max. length [#,_1])"),
|
|
"margs"=>[${$self->{"maxlens"}}{"location"}]}
|
|
if length $form->param("location") > ${$self->{"maxlens"}}{"location"};
|
|
# OK
|
|
return;
|
|
}
|
|
|
|
# _check_email: Check the e-mail
|
|
sub _check_email : method {
|
|
local ($_, %_);
|
|
my ($self, $form, $error);
|
|
$self = $_[0];
|
|
$form = $self->{"form"};
|
|
# Check if it exists
|
|
$error = $self->_missing("email");
|
|
return $error if defined $error;
|
|
# Regularize it
|
|
$self->_trim("email");
|
|
# Skip if it is not filled
|
|
return if $form->param("email") eq "";
|
|
# Check the length
|
|
return {"msg"=>N_("Your e-mail is too long. (Max. length [#,_1])"),
|
|
"margs"=>[${$self->{"maxlens"}}{"email"}]}
|
|
if length $form->param("email") > ${$self->{"maxlens"}}{"email"};
|
|
# OK
|
|
return;
|
|
}
|
|
|
|
# _check_url: Check the URL
|
|
sub _check_url : method {
|
|
local ($_, %_);
|
|
my ($self, $form, $error);
|
|
$self = $_[0];
|
|
$form = $self->{"form"};
|
|
# Check if it exists
|
|
$error = $self->_missing("url");
|
|
return $error if defined $error;
|
|
# Regularize it
|
|
$self->_trim("url");
|
|
# Skip if it is not filled
|
|
return if $form->param("url") eq "";
|
|
# Check the length
|
|
return {"msg"=>N_("Your website URL is too long. (Max. length [#,_1])"),
|
|
"margs"=>[${$self->{"maxlens"}}{"url"}]}
|
|
if length $form->param("url") > ${$self->{"maxlens"}}{"url"};
|
|
# OK
|
|
return;
|
|
}
|
|
|
|
# _check_message: The default message checker
|
|
sub _check_message : method {
|
|
local ($_, %_);
|
|
my ($self, $form, $error);
|
|
$self = $_[0];
|
|
$form = $self->{"form"};
|
|
# Check if it exists
|
|
$error = $self->_missing("message");
|
|
return $error if defined $error;
|
|
# Regularize it
|
|
$self->_trimtext("message");
|
|
# Check if it is filled
|
|
$form->param("message", "")
|
|
if $form->param("message") eq C_("Fill in your message here.");
|
|
return {"msg"=>N_("Please fill in your message.")}
|
|
if $form->param("message") eq "";
|
|
# Check the length
|
|
return {"msg"=>N_("Your message is too long. (Max. length [#,_1])"),
|
|
"margs"=>[${$self->{"maxlens"}}{"message"}]}
|
|
if length $form->param("message") > ${$self->{"maxlens"}}{"message"};
|
|
# OK
|
|
return;
|
|
}
|
|
|
|
# _check_flood: Check the flooding attack
|
|
sub _check_flood : method {
|
|
local ($_, %_);
|
|
my ($self, $form, $sth, $sql);
|
|
$self = $_[0];
|
|
$form = $self->{"form"};
|
|
# At most 5 posts/hours from a single IP
|
|
$sql = "SELECT count(*) AS count FROM " . $DBH->quote_identifier($self->{"table"})
|
|
. " WHERE created > now() - cast('1 hour' AS interval)"
|
|
. " AND ip='" . $ENV{"REMOTE_ADDR"} . "';\n";
|
|
$sth = $DBH->prepare($sql);
|
|
$sth->execute;
|
|
return {"msg"=>N_("You can post at most 5 messages in 1 hour.")}
|
|
if ${$sth->fetch}[0] > 5;
|
|
# OK
|
|
return;
|
|
}
|
|
|
|
# _check_dup: Check the duplicated message
|
|
sub _check_dup : method {
|
|
local ($_, %_);
|
|
my ($self, $form, $sth, $sql);
|
|
$self = $_[0];
|
|
$form = $self->{"form"};
|
|
# No duplicated message in the recent 5 posts
|
|
$sql = "SELECT message FROM " . $DBH->quote_identifier($self->{"table"})
|
|
. " ORDER BY created DESC LIMIT 5;\n";
|
|
$sth = $DBH->prepare($sql);
|
|
$sth->execute;
|
|
for ($_ = 0; $_ < $sth->rows; $_++) {
|
|
return {"msg"=>N_("Your message is already posted.")}
|
|
if ${$sth->fetch}[0] eq $form->param("message");
|
|
}
|
|
# OK
|
|
return;
|
|
}
|
|
|
|
return 1;
|