phpBB

Code Changes

File: includes/functions_user.php

  Unmodified   Added   Modified   Removed
Line 171Line 171
		'user_password'		=> (isset($user_row['user_password'])) ? $user_row['user_password'] : '',
'user_pass_convert' => 0,
'user_email' => strtolower($user_row['user_email']),

		'user_password'		=> (isset($user_row['user_password'])) ? $user_row['user_password'] : '',
'user_pass_convert' => 0,
'user_email' => strtolower($user_row['user_email']),

		'user_email_hash'	=> crc32(strtolower($user_row['user_email'])) . strlen($user_row['user_email']),

		'user_email_hash'	=> phpbb_email_hash($user_row['user_email']),

		'group_id'			=> $user_row['group_id'],
'user_type' => $user_row['user_type'],
);

		'group_id'			=> $user_row['group_id'],
'user_type' => $user_row['user_type'],
);

Line 187Line 187
		'user_ip'			=> '',
'user_regdate' => time(),
'user_passchg' => time(),

		'user_ip'			=> '',
'user_regdate' => time(),
'user_passchg' => time(),

		'user_options'		=> 895,



		'user_options'		=> 230271,
// We do not set the new flag here - registration scripts need to specify it
'user_new' => 0,


'user_inactive_reason' => 0,
'user_inactive_time' => 0,


'user_inactive_reason' => 0,
'user_inactive_time' => 0,

Line 274Line 276

// Now make it the users default group...
group_set_user_default($user_row['group_id'], array($user_id), false);


// Now make it the users default group...
group_set_user_default($user_row['group_id'], array($user_id), false);

 

// Add to newly registered users group if user_new is 1
if ($config['new_member_post_limit'] && $sql_ary['user_new'])
{
$sql = 'SELECT group_id
FROM ' . GROUPS_TABLE . "
WHERE group_name = 'NEWLY_REGISTERED'
AND group_type = " . GROUP_SPECIAL;
$result = $db->sql_query($sql);
$add_group_id = (int) $db->sql_fetchfield('group_id');
$db->sql_freeresult($result);

if ($add_group_id)
{
// Because these actions only fill the log unneccessarily we skip the add_log() entry with a little hack. :/
$GLOBALS['skip_add_log'] = true;

// Add user to "newly registered users" group and set to default group if admin specified so.
if ($config['new_member_group_default'])
{
group_user_add($add_group_id, $user_id, false, false, true);
$user_row['group_id'] = $add_group_id;
}
else
{
group_user_add($add_group_id, $user_id);
}

unset($GLOBALS['skip_add_log']);
}
}


// set the newest user and adjust the user count if the user is a normal user and no activation mail is sent


// set the newest user and adjust the user count if the user is a normal user and no activation mail is sent

	if ($user_row['user_type'] == USER_NORMAL)

	if ($user_row['user_type'] == USER_NORMAL || $user_row['user_type'] == USER_FOUNDER)

	{
set_config('newest_user_id', $user_id, true);
set_config('newest_username', $user_row['username'], true);

	{
set_config('newest_user_id', $user_id, true);
set_config('newest_username', $user_row['username'], true);

		set_config('num_users', $config['num_users'] + 1, true);

		set_config_count('num_users', 1, true);


$sql = 'SELECT group_colour
FROM ' . GROUPS_TABLE . '


$sql = 'SELECT group_colour
FROM ' . GROUPS_TABLE . '

Line 297Line 330

/**
* Remove User


/**
* Remove User

 
 *
* @param string $mode 'retain' or 'remove'
* @param int $user_id
* @param mixed $post_username
* @return bool

*/
function user_delete($mode, $user_id, $post_username = false)
{

*/
function user_delete($mode, $user_id, $post_username = false)
{

	global $cache, $config, $db, $user, $auth;

	global $cache, $config, $db, $user;

	global $phpbb_root_path, $phpEx;

$sql = 'SELECT *

	global $phpbb_root_path, $phpEx;

$sql = 'SELECT *

Line 404Line 442
				$sql = 'UPDATE ' . POSTS_TABLE . '
SET poster_id = ' . ANONYMOUS . ", post_username = '" . $db->sql_escape($post_username) . "'
WHERE poster_id = $user_id";

				$sql = 'UPDATE ' . POSTS_TABLE . '
SET poster_id = ' . ANONYMOUS . ", post_username = '" . $db->sql_escape($post_username) . "'
WHERE poster_id = $user_id";

				$db->sql_query($sql);

$sql = 'UPDATE ' . POSTS_TABLE . '
SET post_edit_user = ' . ANONYMOUS . "
WHERE post_edit_user = $user_id";

 
				$db->sql_query($sql);

$sql = 'UPDATE ' . TOPICS_TABLE . '

				$db->sql_query($sql);

$sql = 'UPDATE ' . TOPICS_TABLE . '

Line 419Line 452
				$sql = 'UPDATE ' . TOPICS_TABLE . '
SET topic_last_poster_id = ' . ANONYMOUS . ", topic_last_poster_name = '" . $db->sql_escape($post_username) . "', topic_last_poster_colour = ''
WHERE topic_last_poster_id = $user_id";

				$sql = 'UPDATE ' . TOPICS_TABLE . '
SET topic_last_poster_id = ' . ANONYMOUS . ", topic_last_poster_name = '" . $db->sql_escape($post_username) . "', topic_last_poster_colour = ''
WHERE topic_last_poster_id = $user_id";

 
				$db->sql_query($sql);

$sql = 'UPDATE ' . ATTACHMENTS_TABLE . '
SET poster_id = ' . ANONYMOUS . "
WHERE poster_id = $user_id";

				$db->sql_query($sql);

// Since we change every post by this author, we need to count this amount towards the anonymous user

				$db->sql_query($sql);

// Since we change every post by this author, we need to count this amount towards the anonymous user

Line 442Line 480
			if (!function_exists('delete_posts'))
{
include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);

			if (!function_exists('delete_posts'))
{
include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);

			}

$sql = 'SELECT topic_id, COUNT(post_id) AS total_posts
FROM ' . POSTS_TABLE . "
WHERE poster_id = $user_id
GROUP BY topic_id";
$result = $db->sql_query($sql);

$topic_id_ary = array();
while ($row = $db->sql_fetchrow($result))
{
$topic_id_ary[$row['topic_id']] = $row['total_posts'];
}
$db->sql_freeresult($result);

if (sizeof($topic_id_ary))
{
$sql = 'SELECT topic_id, topic_replies, topic_replies_real
FROM ' . TOPICS_TABLE . '
WHERE ' . $db->sql_in_set('topic_id', array_keys($topic_id_ary));
$result = $db->sql_query($sql);

$del_topic_ary = array();
while ($row = $db->sql_fetchrow($result))
{
if (max($row['topic_replies'], $row['topic_replies_real']) + 1 == $topic_id_ary[$row['topic_id']])
{
$del_topic_ary[] = $row['topic_id'];
}
}
$db->sql_freeresult($result);

if (sizeof($del_topic_ary))
{
$sql = 'DELETE FROM ' . TOPICS_TABLE . '
WHERE ' . $db->sql_in_set('topic_id', $del_topic_ary);
$db->sql_query($sql);
}

 
			}

// Delete posts, attachments, etc.

			}

// Delete posts, attachments, etc.

Line 490Line 490

$db->sql_transaction('begin');



$db->sql_transaction('begin');


	$table_ary = array(USERS_TABLE, USER_GROUP_TABLE, TOPICS_WATCH_TABLE, FORUMS_WATCH_TABLE, ACL_USERS_TABLE, TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, FORUMS_TRACK_TABLE, PROFILE_FIELDS_DATA_TABLE, MODERATOR_CACHE_TABLE, DRAFTS_TABLE, BOOKMARKS_TABLE);

	$table_ary = array(USERS_TABLE, USER_GROUP_TABLE, TOPICS_WATCH_TABLE, FORUMS_WATCH_TABLE, ACL_USERS_TABLE, TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, FORUMS_TRACK_TABLE, PROFILE_FIELDS_DATA_TABLE, MODERATOR_CACHE_TABLE, DRAFTS_TABLE, BOOKMARKS_TABLE, SESSIONS_KEYS_TABLE, PRIVMSGS_FOLDER_TABLE, PRIVMSGS_RULES_TABLE);


foreach ($table_ary as $table)
{


foreach ($table_ary as $table)
{

Line 501Line 501

$cache->destroy('sql', MODERATOR_CACHE_TABLE);



$cache->destroy('sql', MODERATOR_CACHE_TABLE);


	// Remove any undelivered mails...
$sql = 'SELECT msg_id, user_id
FROM ' . PRIVMSGS_TO_TABLE . '
WHERE author_id = ' . $user_id . '
AND folder_id = ' . PRIVMSGS_NO_BOX;
$result = $db->sql_query($sql);

	// Change user_id to anonymous for posts edited by this user
$sql = 'UPDATE ' . POSTS_TABLE . '
SET post_edit_user = ' . ANONYMOUS . '
WHERE post_edit_user = ' . $user_id;
$db->sql_query($sql);






	$undelivered_msg = $undelivered_user = array();
while ($row = $db->sql_fetchrow($result))
{
$undelivered_msg[] = $row['msg_id'];
$undelivered_user[$row['user_id']][] = true;
}
$db->sql_freeresult($result);

if (sizeof($undelivered_msg))
{
$sql = 'DELETE FROM ' . PRIVMSGS_TABLE . '
WHERE ' . $db->sql_in_set('msg_id', $undelivered_msg);

	// Change user_id to anonymous for pms edited by this user
$sql = 'UPDATE ' . PRIVMSGS_TABLE . '
SET message_edit_user = ' . ANONYMOUS . '
WHERE message_edit_user = ' . $user_id;









		$db->sql_query($sql);

		$db->sql_query($sql);

	}

 




	$sql = 'DELETE FROM ' . PRIVMSGS_TO_TABLE . '
WHERE author_id = ' . $user_id . '
AND folder_id = ' . PRIVMSGS_NO_BOX;

	// Delete user log entries about this user
$sql = 'DELETE FROM ' . LOG_TABLE . '
WHERE reportee_id = ' . $user_id;

	$db->sql_query($sql);


	$db->sql_query($sql);


	// Delete all to-information
$sql = 'DELETE FROM ' . PRIVMSGS_TO_TABLE . '


	// Change user_id to anonymous for this users triggered events
$sql = 'UPDATE ' . LOG_TABLE . '
SET user_id = ' . ANONYMOUS . '

		WHERE user_id = ' . $user_id;
$db->sql_query($sql);


		WHERE user_id = ' . $user_id;
$db->sql_query($sql);


	// Set the remaining author id to anonymous - this way users are still able to read messages from users being removed
$sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . '
SET author_id = ' . ANONYMOUS . '
WHERE author_id = ' . $user_id;

	// Delete the user_id from the zebra table
$sql = 'DELETE FROM ' . ZEBRA_TABLE . '
WHERE user_id = ' . $user_id . '
OR zebra_id = ' . $user_id;

	$db->sql_query($sql);


	$db->sql_query($sql);


	$sql = 'UPDATE ' . PRIVMSGS_TABLE . '
SET author_id = ' . ANONYMOUS . '
WHERE author_id = ' . $user_id;

	// Delete the user_id from the banlist
$sql = 'DELETE FROM ' . BANLIST_TABLE . '
WHERE ban_userid = ' . $user_id;

	$db->sql_query($sql);


	$db->sql_query($sql);


	foreach ($undelivered_user as $_user_id => $ary)







	// Delete the user_id from the session table
$sql = 'DELETE FROM ' . SESSIONS_TABLE . '
WHERE session_user_id = ' . $user_id;
$db->sql_query($sql);

// Clean the private messages tables from the user
if (!function_exists('phpbb_delete_user_pms'))

	{

	{

		if ($_user_id == $user_id)
{
continue;
}

$sql = 'UPDATE ' . USERS_TABLE . '
SET user_new_privmsg = user_new_privmsg - ' . sizeof($ary) . ',
user_unread_privmsg = user_unread_privmsg - ' . sizeof($ary) . '
WHERE user_id = ' . $_user_id;
$db->sql_query($sql);

		include($phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx);










	}

	}

 
	phpbb_delete_user_pms($user_id);


$db->sql_transaction('commit');



$db->sql_transaction('commit');


Line 569Line 558
	// Decrement number of users if this user is active
if ($user_row['user_type'] != USER_INACTIVE && $user_row['user_type'] != USER_IGNORE)
{

	// Decrement number of users if this user is active
if ($user_row['user_type'] != USER_INACTIVE && $user_row['user_type'] != USER_IGNORE)
{

		set_config('num_users', $config['num_users'] - 1, true);

		set_config_count('num_users', -1, true);

	}

return false;

	}

return false;

Line 650Line 639

if ($deactivated)
{


if ($deactivated)
{

		set_config('num_users', $config['num_users'] - $deactivated, true);

		set_config_count('num_users', $deactivated * (-1), true);

	}

if ($activated)
{

	}

if ($activated)
{

		set_config('num_users', $config['num_users'] + $activated, true);

		set_config_count('num_users', $activated, true);

	}

// Update latest username

	}

// Update latest username

Line 701Line 690
			if (sizeof($ban_other) == 3 && ((int)$ban_other[0] < 9999) &&
(strlen($ban_other[0]) == 4) && (strlen($ban_other[1]) == 2) && (strlen($ban_other[2]) == 2))
{

			if (sizeof($ban_other) == 3 && ((int)$ban_other[0] < 9999) &&
(strlen($ban_other[0]) == 4) && (strlen($ban_other[1]) == 2) && (strlen($ban_other[2]) == 2))
{

				$ban_end = max($current_time, gmmktime(0, 0, 0, (int)$ban_other[1], (int)$ban_other[2], (int)$ban_other[0]));


				$time_offset = (isset($user->timezone) && isset($user->dst)) ? (int) $user->timezone + (int) $user->dst : 0;
$ban_end = max($current_time, gmmktime(0, 0, 0, (int)$ban_other[1], (int)$ban_other[2], (int)$ban_other[0]) - $time_offset);

			}
else
{

			}
else
{

				trigger_error('LENGTH_BAN_INVALID');

				trigger_error('LENGTH_BAN_INVALID', E_USER_WARNING);

			}
}
}

			}
}
}

Line 765Line 755
			// Make sure we have been given someone to ban
if (!sizeof($sql_usernames))
{

			// Make sure we have been given someone to ban
if (!sizeof($sql_usernames))
{

				trigger_error('NO_USER_SPECIFIED');

				trigger_error('NO_USER_SPECIFIED', E_USER_WARNING);

			}

$sql = 'SELECT user_id
FROM ' . USERS_TABLE . '
WHERE ' . $db->sql_in_set('username_clean', $sql_usernames);


			}

$sql = 'SELECT user_id
FROM ' . USERS_TABLE . '
WHERE ' . $db->sql_in_set('username_clean', $sql_usernames);


			// Do not allow banning yourself


			// Do not allow banning yourself, the guest account, or founders.
$non_bannable = array($user->data['user_id'], ANONYMOUS);

			if (sizeof($founder))
{

			if (sizeof($founder))
{

				$sql .= ' AND ' . $db->sql_in_set('user_id', array_merge(array_keys($founder), array($user->data['user_id'])), true);

				$sql .= ' AND ' . $db->sql_in_set('user_id', array_merge(array_keys($founder), $non_bannable), true);

			}
else
{

			}
else
{

				$sql .= ' AND user_id <> ' . $user->data['user_id'];

				$sql .= ' AND ' . $db->sql_in_set('user_id', $non_bannable, true);

			}

$result = $db->sql_query($sql);

			}

$result = $db->sql_query($sql);

Line 795Line 786
			else
{
$db->sql_freeresult($result);

			else
{
$db->sql_freeresult($result);

				trigger_error('NO_USERS');

				trigger_error('NO_USERS', E_USER_WARNING);

			}
$db->sql_freeresult($result);
break;

			}
$db->sql_freeresult($result);
break;

Line 894Line 885
						}
}
}

						}
}
}

				else



if (empty($banlist_ary))

				{

				{

					trigger_error('NO_IPS_DEFINED');

					trigger_error('NO_IPS_DEFINED', E_USER_WARNING);

				}
}
break;

				}
}
break;

Line 924Line 916

if (sizeof($ban_list) == 0)
{


if (sizeof($ban_list) == 0)
{

				trigger_error('NO_EMAILS_DEFINED');

				trigger_error('NO_EMAILS_DEFINED', E_USER_WARNING);

			}
break;

default:

			}
break;

default:

			trigger_error('NO_MODE');

			trigger_error('NO_MODE', E_USER_WARNING);

		break;
}


		break;
}


Line 967Line 959
		}
while ($row = $db->sql_fetchrow($result));


		}
while ($row = $db->sql_fetchrow($result));


		$banlist_ary = array_unique(array_diff($banlist_ary, $banlist_ary_tmp));











		$banlist_ary_tmp = array_intersect($banlist_ary, $banlist_ary_tmp);

if (sizeof($banlist_ary_tmp))
{
// One or more entities are already banned/excluded, delete the existing bans, so they can be re-inserted with the given new length
$sql = 'DELETE FROM ' . BANLIST_TABLE . '
WHERE ' . $db->sql_in_set($type, $banlist_ary_tmp) . '
AND ban_exclude = ' . (int) $ban_exclude;
$db->sql_query($sql);
}


		unset($banlist_ary_tmp);
}
$db->sql_freeresult($result);

		unset($banlist_ary_tmp);
}
$db->sql_freeresult($result);

Line 1050Line 1052
		// Update log
$log_entry = ($ban_exclude) ? 'LOG_BAN_EXCLUDE_' : 'LOG_BAN_';


		// Update log
$log_entry = ($ban_exclude) ? 'LOG_BAN_EXCLUDE_' : 'LOG_BAN_';


		// Add to moderator and admin log

		// Add to moderator log, admin log and user notes

		add_log('admin', $log_entry . strtoupper($mode), $ban_reason, $ban_list_log);
add_log('mod', 0, 0, $log_entry . strtoupper($mode), $ban_reason, $ban_list_log);

		add_log('admin', $log_entry . strtoupper($mode), $ban_reason, $ban_list_log);
add_log('mod', 0, 0, $log_entry . strtoupper($mode), $ban_reason, $ban_list_log);

 
		if ($mode == 'user')
{
foreach ($banlist_ary as $user_id)
{
add_log('user', $user_id, $log_entry . strtoupper($mode), $ban_reason, $ban_list_log);
}
}


$cache->destroy('sql', BANLIST_TABLE);



$cache->destroy('sql', BANLIST_TABLE);


Line 1091Line 1100
		switch ($mode)
{
case 'user':

		switch ($mode)
{
case 'user':

				$sql = 'SELECT u.username AS unban_info

				$sql = 'SELECT u.username AS unban_info, u.user_id

					FROM ' . USERS_TABLE . ' u, ' . BANLIST_TABLE . ' b
WHERE ' . $db->sql_in_set('b.ban_id', $unban_sql) . '
AND u.user_id = b.ban_userid';

					FROM ' . USERS_TABLE . ' u, ' . BANLIST_TABLE . ' b
WHERE ' . $db->sql_in_set('b.ban_id', $unban_sql) . '
AND u.user_id = b.ban_userid';

Line 1112Line 1121
		$result = $db->sql_query($sql);

$l_unban_list = '';

		$result = $db->sql_query($sql);

$l_unban_list = '';

 
		$user_ids_ary = array();

		while ($row = $db->sql_fetchrow($result))
{
$l_unban_list .= (($l_unban_list != '') ? ', ' : '') . $row['unban_info'];

		while ($row = $db->sql_fetchrow($result))
{
$l_unban_list .= (($l_unban_list != '') ? ', ' : '') . $row['unban_info'];

 
			if ($mode == 'user')
{
$user_ids_ary[] = $row['user_id'];
}

		}
$db->sql_freeresult($result);


		}
$db->sql_freeresult($result);


Line 1122Line 1136
			WHERE ' . $db->sql_in_set('ban_id', $unban_sql);
$db->sql_query($sql);


			WHERE ' . $db->sql_in_set('ban_id', $unban_sql);
$db->sql_query($sql);


		// Add to moderator and admin log

		// Add to moderator log, admin log and user notes

		add_log('admin', 'LOG_UNBAN_' . strtoupper($mode), $l_unban_list);
add_log('mod', 0, 0, 'LOG_UNBAN_' . strtoupper($mode), $l_unban_list);

		add_log('admin', 'LOG_UNBAN_' . strtoupper($mode), $l_unban_list);
add_log('mod', 0, 0, 'LOG_UNBAN_' . strtoupper($mode), $l_unban_list);

 
		if ($mode == 'user')
{
foreach ($user_ids_ary as $user_id)
{
add_log('user', $user_id, 'LOG_UNBAN_' . strtoupper($mode), $l_unban_list);
}
}

	}

$cache->destroy('sql', BANLIST_TABLE);

	}

$cache->destroy('sql', BANLIST_TABLE);

Line 1133Line 1154
}

/**

}

/**

* Whois facility







* Internet Protocol Address Whois
* RFC3912: WHOIS Protocol Specification
*
* @param string $ip Ip address, either IPv4 or IPv6.
*
* @return string Empty string if not a valid ip address.
* Otherwise make_clickable()'ed whois result.

*/
function user_ipwhois($ip)
{

*/
function user_ipwhois($ip)
{

	$ipwhois = '';




	if (empty($ip))
{
return '';
}





	// Check IP
// Only supporting IPv4 at the moment...
if (empty($ip) || !preg_match(get_preg_expression('ipv4'), $ip))









	if (preg_match(get_preg_expression('ipv4'), $ip))
{
// IPv4 address
$whois_host = 'whois.arin.net.';
}
else if (preg_match(get_preg_expression('ipv6'), $ip))
{
// IPv6 address
$whois_host = 'whois.sixxs.net.';
}
else

	{
return '';
}


	{
return '';
}


	$match = array(
'#RIPE\.NET#is' => 'whois.ripe.net',
'#whois\.apnic\.net#is' => 'whois.apnic.net',
'#nic\.ad\.jp#is' => 'whois.nic.ad.jp',
'#whois\.registro\.br#is' => 'whois.registro.br'
);

	$ipwhois = '';










	if (($fsk = @fsockopen('whois.arin.net', 43)))

	if (($fsk = @fsockopen($whois_host, 43)))

	{

	{

		fputs($fsk, "$ip\n");


		// CRLF as per RFC3912
fputs($fsk, "$ip\r\n");

		while (!feof($fsk))
{
$ipwhois .= fgets($fsk, 1024);

		while (!feof($fsk))
{
$ipwhois .= fgets($fsk, 1024);

Line 1163Line 1197
		@fclose($fsk);
}


		@fclose($fsk);
}


	foreach (array_keys($match) as $server)




	$match = array();

// Test for referrals from $whois_host to other whois databases, roll on rwhois
if (preg_match('#ReferralServer: whois://(.+)#im', $ipwhois, $match))

	{

	{

		if (preg_match($server, $ipwhois))

		if (strpos($match[1], ':') !== false)

		{

		{

			$ipwhois = '';
if (($fsk = @fsockopen($match[$server], 43)))





			$pos	= strrpos($match[1], ':');
$server = substr($match[1], 0, $pos);
$port = (int) substr($match[1], $pos + 1);
unset($pos);
}
else

			{

			{

				fputs($fsk, "$ip\n");









			$server	= $match[1];
$port = 43;
}

$buffer = '';

if (($fsk = @fsockopen($server, $port)))
{
fputs($fsk, "$ip\r\n");

				while (!feof($fsk))
{

				while (!feof($fsk))
{

					$ipwhois .= fgets($fsk, 1024);

				$buffer .= fgets($fsk, 1024);

				}
@fclose($fsk);
}

				}
@fclose($fsk);
}

			break;
}



// Use the result from $whois_host if we don't get any result here
$ipwhois = (empty($buffer)) ? $ipwhois : $buffer;

	}

$ipwhois = htmlspecialchars($ipwhois);

	}

$ipwhois = htmlspecialchars($ipwhois);

Line 1209Line 1259
		{
$function = array_shift($validate);
array_unshift($validate, $data[$var]);

		{
$function = array_shift($validate);
array_unshift($validate, $data[$var]);

 
			$function_prefix = (function_exists('phpbb_validate_' . $function)) ? 'phpbb_validate_' : 'validate_';





			if ($result = call_user_func_array('validate_' . $function, $validate))

			if ($result = call_user_func_array($function_prefix . $function, $validate))

			{
// Since errors are checked later for their language file existence, we need to make sure custom errors are not adjusted.
$error[] = (empty($user->lang[$result . '_' . strtoupper($var)])) ? $result : $result . '_' . strtoupper($var);

			{
// Since errors are checked later for their language file existence, we need to make sure custom errors are not adjusted.
$error[] = (empty($user->lang[$result . '_' . strtoupper($var)])) ? $result : $result . '_' . strtoupper($var);

Line 1331Line 1382
	}

return false;

	}

return false;

 
}

/**
* Validate Language Pack ISO Name
*
* Tests whether a language name is valid and installed
*
* @param string $lang_iso The language string to test
*
* @return bool|string Either false if validation succeeded or
* a string which will be used as the error message
* (with the variable name appended)
*/
function validate_language_iso_name($lang_iso)
{
global $db;

$sql = 'SELECT lang_id
FROM ' . LANG_TABLE . "
WHERE lang_iso = '" . $db->sql_escape($lang_iso) . "'";
$result = $db->sql_query($sql);
$lang_id = (int) $db->sql_fetchfield('lang_id');
$db->sql_freeresult($result);

return ($lang_id) ? false : 'WRONG_DATA';

}

/**

}

/**

Line 1414Line 1490
			}
else if ($mbstring)
{

			}
else if ($mbstring)
{

				$regex = '[-\]_+ [[:upper:][:lower:][:digit:]]+';

				$regex = '[-\]_+ \[[:upper:][:lower:][:digit:]]+';

			}
else
{

			}
else
{

Line 1439Line 1515
	}
else if ($mbstring)
{

	}
else if ($mbstring)
{

		$matches = array();
mb_ereg_search_init('^' . $username . '$', $regex, $matches);

		mb_ereg_search_init($username, '^' . $regex . '$');


		if (!mb_ereg_search())
{
return 'INVALID_CHARS';

		if (!mb_ereg_search())
{
return 'INVALID_CHARS';

Line 1491Line 1566
*/
function validate_password($password)
{

*/
function validate_password($password)
{

	global $config, $db, $user;

	global $config;





	if (!$password)

	if ($password === '' || $config['pass_complex'] === 'PASS_TYPE_ANY')

	{

	{

 
		// Password empty or no password complexity required.

		return false;
}


		return false;
}


Line 1505Line 1581
	{
$upp = '\p{Lu}';
$low = '\p{Ll}';

	{
$upp = '\p{Lu}';
$low = '\p{Ll}';

		$let = '\p{L}';

 
		$num = '\p{N}';
$sym = '[^\p{Lu}\p{Ll}\p{N}]';
$pcre = true;

		$num = '\p{N}';
$sym = '[^\p{Lu}\p{Ll}\p{N}]';
$pcre = true;

Line 1515Line 1590
		mb_regex_encoding('UTF-8');
$upp = '[[:upper:]]';
$low = '[[:lower:]]';

		mb_regex_encoding('UTF-8');
$upp = '[[:upper:]]';
$low = '[[:lower:]]';

		$let = '[[:lower:][:upper:]]';

 
		$num = '[[:digit:]]';
$sym = '[^[:upper:][:lower:][:digit:]]';
$mbstring = true;

		$num = '[[:digit:]]';
$sym = '[^[:upper:][:lower:][:digit:]]';
$mbstring = true;

Line 1524Line 1598
	{
$upp = '[A-Z]';
$low = '[a-z]';

	{
$upp = '[A-Z]';
$low = '[a-z]';

		$let = '[a-zA-Z]';

 
		$num = '[0-9]';
$sym = '[^A-Za-z0-9]';
$pcre = true;

		$num = '[0-9]';
$sym = '[^A-Za-z0-9]';
$pcre = true;

Line 1534Line 1607

switch ($config['pass_complex'])
{


switch ($config['pass_complex'])
{

		case 'PASS_TYPE_CASE':
$chars[] = $low;
$chars[] = $upp;
break;




		// No break statements below ...
// We require strong passwords in case pass_complex is not set or is invalid
default:

// Require mixed case letters, numbers and symbols
case 'PASS_TYPE_SYMBOL':
$chars[] = $sym;





 
		// Require mixed case letters and numbers

		case 'PASS_TYPE_ALPHA':

		case 'PASS_TYPE_ALPHA':

			$chars[] = $let;

 
			$chars[] = $num;

			$chars[] = $num;

		break;

 




		case 'PASS_TYPE_SYMBOL':


		// Require mixed case letters
case 'PASS_TYPE_CASE':

			$chars[] = $low;
$chars[] = $upp;

			$chars[] = $low;
$chars[] = $upp;

			$chars[] = $num;
$chars[] = $sym;
break;

 
	}

if ($pcre)

	}

if ($pcre)

Line 1622Line 1695
	{
$sql = 'SELECT user_email_hash
FROM ' . USERS_TABLE . "

	{
$sql = 'SELECT user_email_hash
FROM ' . USERS_TABLE . "

			WHERE user_email_hash = " . (crc32($email) . strlen($email));

			WHERE user_email_hash = " . $db->sql_escape(phpbb_email_hash($email));

		$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);

		$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);

Line 1836Line 1909
	}

return false;

	}

return false;

 
}

/**
* Validate hex colour value
*
* @param string $colour The hex colour value
* @param bool $optional Whether the colour value is optional. True if an empty
* string will be accepted as correct input, false if not.
* @return bool|string Error message if colour value is incorrect, false if it
* fits the hex colour code
*/
function phpbb_validate_hex_colour($colour, $optional = false)
{
if ($colour === '')
{
return (($optional) ? false : 'WRONG_DATA');
}

if (!preg_match('/^([0-9a-fA-F]{6}|[0-9a-fA-F]{3})$/', $colour))
{
return 'WRONG_DATA';
}

return false;
}

/**
* Verifies whether a style ID corresponds to an active style.
*
* @param int $style_id The style_id of a style which should be checked if activated or not.
* @return boolean
*/
function phpbb_style_is_active($style_id)
{
global $db;

$sql = 'SELECT style_active
FROM ' . STYLES_TABLE . '
WHERE style_id = '. (int) $style_id;
$result = $db->sql_query($sql);

$style_is_active = (bool) $db->sql_fetchfield('style_active');
$db->sql_freeresult($result);

return $style_is_active;

}

/**

}

/**

Line 1955Line 2073

// Init upload class
include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);


// Init upload class
include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);

	$upload = new fileupload('AVATAR_', array('jpg', 'jpeg', 'gif', 'png'), $config['avatar_filesize'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], explode('|', $config['mime_triggers']));

	$upload = new fileupload('AVATAR_', array('jpg', 'jpeg', 'gif', 'png'), $config['avatar_filesize'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], (isset($config['mime_triggers']) ? explode('|', $config['mime_triggers']) : false));


if (!empty($_FILES['uploadfile']['name']))
{


if (!empty($_FILES['uploadfile']['name']))
{

Line 2056Line 2174
						if (preg_match('#^[^&\'"<>]+\.(?:gif|png|jpe?g)$#i', $sub_file))
{
$avatar_list[$file][$avatar_row_count][$avatar_col_count] = array(

						if (preg_match('#^[^&\'"<>]+\.(?:gif|png|jpe?g)$#i', $sub_file))
{
$avatar_list[$file][$avatar_row_count][$avatar_col_count] = array(

								'file'		=> "$file/$sub_file",
'filename' => $sub_file,

								'file'		=> rawurlencode($file) . '/' . rawurlencode($sub_file),
'filename' => rawurlencode($sub_file),

								'name'		=> ucfirst(str_replace('_', ' ', preg_replace('#^(.*)\..*$#', '\1', $sub_file))),
);
$avatar_col_count++;

								'name'		=> ucfirst(str_replace('_', ' ', preg_replace('#^(.*)\..*$#', '\1', $sub_file))),
);
$avatar_col_count++;

Line 2178Line 2296
/**
* Uploading/Changing user avatar
*/

/**
* Uploading/Changing user avatar
*/

function avatar_process_user(&$error, $custom_userdata = false)

function avatar_process_user(&$error, $custom_userdata = false, $can_upload = null)

{
global $config, $phpbb_root_path, $auth, $user, $db;


{
global $config, $phpbb_root_path, $auth, $user, $db;


Line 2217Line 2335
	$avatar_select = basename(request_var('avatar_select', ''));

// Can we upload?

	$avatar_select = basename(request_var('avatar_select', ''));

// Can we upload?

	$can_upload = ($config['allow_avatar_upload'] && file_exists($phpbb_root_path . $config['avatar_path']) && @is_writable($phpbb_root_path . $config['avatar_path']) && $change_avatar && (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on')) ? true : false;




	if (is_null($can_upload))
{
$can_upload = ($config['allow_avatar_upload'] && file_exists($phpbb_root_path . $config['avatar_path']) && phpbb_is_writable($phpbb_root_path . $config['avatar_path']) && $change_avatar && (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on')) ? true : false;
}


if ((!empty($_FILES['uploadfile']['name']) || $data['uploadurl']) && $can_upload)
{


if ((!empty($_FILES['uploadfile']['name']) || $data['uploadurl']) && $can_upload)
{

Line 2242Line 2363
		}
else
{

		}
else
{

			list($sql_ary['user_avatar_width'], $sql_ary['user_avatar_height']) = getimagesize($phpbb_root_path . $config['avatar_gallery_path'] . '/' . $category . '/' . $sql_ary['user_avatar']);

			list($sql_ary['user_avatar_width'], $sql_ary['user_avatar_height']) = getimagesize($phpbb_root_path . $config['avatar_gallery_path'] . '/' . $category . '/' . urldecode($sql_ary['user_avatar']));

			$sql_ary['user_avatar'] = $category . '/' . $sql_ary['user_avatar'];
}
}

			$sql_ary['user_avatar'] = $category . '/' . $sql_ary['user_avatar'];
}
}

Line 2344Line 2465
	global $phpbb_root_path, $config, $db, $user, $file_upload;

$error = array();

	global $phpbb_root_path, $config, $db, $user, $file_upload;

$error = array();

	$attribute_ary = array(
'group_colour' => 'string',
'group_rank' => 'int',
'group_avatar' => 'string',
'group_avatar_type' => 'int',
'group_avatar_width' => 'int',
'group_avatar_height' => 'int',

'group_receive_pm' => 'int',
'group_legend' => 'int',
'group_message_limit' => 'int',
'group_max_recipients' => 'int',

'group_founder_manage' => 'int',
);

 




	// Those are group-only attributes
$group_only_ary = array('group_receive_pm', 'group_legend', 'group_message_limit', 'group_max_recipients', 'group_founder_manage');

	// Attributes which also affect the users table
$user_attribute_ary = array('group_colour', 'group_rank', 'group_avatar', 'group_avatar_type', 'group_avatar_width', 'group_avatar_height');


// Check data. Limit group name length.
if (!utf8_strlen($name) || utf8_strlen($name) > 60)


// Check data. Limit group name length.
if (!utf8_strlen($name) || utf8_strlen($name) > 60)

Line 2399Line 2505

if (sizeof($group_attributes))
{


if (sizeof($group_attributes))
{

			foreach ($attribute_ary as $attribute => $_type)
{
if (isset($group_attributes[$attribute]))
{
settype($group_attributes[$attribute], $_type);
$sql_ary[$attribute] = $group_attributes[$attribute];
}
}

			// Merge them with $sql_ary to properly update the group
$sql_ary = array_merge($sql_ary, $group_attributes);







		}

// Setting the log message before we set the group id (if group gets added)

		}

// Setting the log message before we set the group id (if group gets added)

Line 2431Line 2531
			{
remove_default_avatar($group_id, $user_ary);
}

			{
remove_default_avatar($group_id, $user_ary);
}

 


			if (isset($sql_ary['group_rank']) && !$sql_ary['group_rank'])
{
remove_default_rank($group_id, $user_ary);

			if (isset($sql_ary['group_rank']) && !$sql_ary['group_rank'])
{
remove_default_rank($group_id, $user_ary);

Line 2446Line 2547
				SET group_name = '" . $db->sql_escape($sql_ary['group_name']) . "'
WHERE group_id = $group_id";
$db->sql_query($sql);

				SET group_name = '" . $db->sql_escape($sql_ary['group_name']) . "'
WHERE group_id = $group_id";
$db->sql_query($sql);

 

// One special case is the group skip auth setting. If this was changed we need to purge permissions for this group
if (isset($group_attributes['group_skip_auth']))
{
// Get users within this group...
$sql = 'SELECT user_id
FROM ' . USER_GROUP_TABLE . '
WHERE group_id = ' . $group_id . '
AND user_pending = 0';
$result = $db->sql_query($sql);

$user_id_ary = array();
while ($row = $db->sql_fetchrow($result))
{
$user_id_ary[] = $row['user_id'];
}
$db->sql_freeresult($result);

if (!empty($user_id_ary))
{
global $auth;

// Clear permissions cache of relevant users
$auth->acl_clear_prefetch($user_id_ary);
}
}

		}
else
{

		}
else
{

Line 2456Line 2583
		if (!$group_id)
{
$group_id = $db->sql_nextid();

		if (!$group_id)
{
$group_id = $db->sql_nextid();

 


			if (isset($sql_ary['group_avatar_type']) && $sql_ary['group_avatar_type'] == AVATAR_UPLOAD)
{
group_correct_avatar($group_id, $sql_ary['group_avatar']);

			if (isset($sql_ary['group_avatar_type']) && $sql_ary['group_avatar_type'] == AVATAR_UPLOAD)
{
group_correct_avatar($group_id, $sql_ary['group_avatar']);

Line 2466Line 2594
		$sql_ary = array();
if (sizeof($group_attributes))
{

		$sql_ary = array();
if (sizeof($group_attributes))
{

			foreach ($attribute_ary as $attribute => $_type)


			// Go through the user attributes array, check if a group attribute matches it and then set it. ;)
foreach ($user_attribute_ary as $attribute)

			{

			{

				if (isset($group_attributes[$attribute]) && !in_array($attribute, $group_only_ary))

				if (!isset($group_attributes[$attribute]))

				{

				{

 
					continue;
}


					// If we are about to set an avatar, we will not overwrite user avatars if no group avatar is set...
if (strpos($attribute, 'group_avatar') === 0 && !$group_attributes[$attribute])
{

					// If we are about to set an avatar, we will not overwrite user avatars if no group avatar is set...
if (strpos($attribute, 'group_avatar') === 0 && !$group_attributes[$attribute])
{

Line 2477Line 2609
					}

$sql_ary[$attribute] = $group_attributes[$attribute];

					}

$sql_ary[$attribute] = $group_attributes[$attribute];

				}

 
			}
}


			}
}


Line 2681Line 2812

if ($default)
{


if ($default)
{

		group_set_user_default($group_id, $user_id_ary, $group_attributes);

		group_user_attributes('default', $group_id, $user_id_ary, false, $group_name, $group_attributes);

	}

$db->sql_transaction('commit');

	}

$db->sql_transaction('commit');

Line 2694Line 2825
		$group_name = get_group_name($group_id);
}


		$group_name = get_group_name($group_id);
}


	$log = ($leader) ? 'LOG_MODS_ADDED' : 'LOG_USERS_ADDED';

	$log = ($leader) ? 'LOG_MODS_ADDED' : (($pending) ? 'LOG_USERS_PENDING' : 'LOG_USERS_ADDED');


add_log('admin', $log, $group_name, implode(', ', $username_ary));



add_log('admin', $log, $group_name, implode(', ', $username_ary));


Line 2713Line 2844
*/
function group_user_del($group_id, $user_id_ary = false, $username_ary = false, $group_name = false)
{

*/
function group_user_del($group_id, $user_id_ary = false, $username_ary = false, $group_name = false)
{

	global $db, $auth;

	global $db, $auth, $config;





	$group_order = array('ADMINISTRATORS', 'GLOBAL_MODERATORS', 'REGISTERED_COPPA', 'REGISTERED', 'BOTS', 'GUESTS');








	if ($config['coppa_enable'])
{
$group_order = array('ADMINISTRATORS', 'GLOBAL_MODERATORS', 'NEWLY_REGISTERED', 'REGISTERED_COPPA', 'REGISTERED', 'BOTS', 'GUESTS');
}
else
{
$group_order = array('ADMINISTRATORS', 'GLOBAL_MODERATORS', 'NEWLY_REGISTERED', 'REGISTERED', 'BOTS', 'GUESTS');
}


// We need both username and user_id info
$result = user_get_id_name($user_id_ary, $username_ary);


// We need both username and user_id info
$result = user_get_id_name($user_id_ary, $username_ary);

Line 2779Line 2917
	$temp_ary = array();
while ($row = $db->sql_fetchrow($result))
{

	$temp_ary = array();
while ($row = $db->sql_fetchrow($result))
{

		if ($default_groups[$row['user_id']] == $group_id && (!isset($temp_ary[$row['user_id']]) || array_search($row['group_name'], $group_order) < $temp_ary[$row['user_id']]))

		if ($default_groups[$row['user_id']] == $group_id && (!isset($temp_ary[$row['user_id']]) || $group_order_id[$row['group_name']] < $temp_ary[$row['user_id']]))

		{
$temp_ary[$row['user_id']] = $row['group_id'];
}
}
$db->sql_freeresult($result);


		{
$temp_ary[$row['user_id']] = $row['group_id'];
}
}
$db->sql_freeresult($result);


 
	// sql_where_ary holds the new default groups and their users

	$sql_where_ary = array();
foreach ($temp_ary as $uid => $gid)
{

	$sql_where_ary = array();
foreach ($temp_ary as $uid => $gid)
{

Line 2819Line 2958

$log = 'LOG_GROUP_REMOVE';



$log = 'LOG_GROUP_REMOVE';


 
	if ($group_name)
{

	add_log('admin', $log, $group_name, implode(', ', $username_ary));

	add_log('admin', $log, $group_name, implode(', ', $username_ary));

 
	}


group_update_listings($group_id);



group_update_listings($group_id);


Line 3009Line 3151
		break;

case 'default':

		break;

case 'default':

 
			// We only set default group for approved members of the group
$sql = 'SELECT user_id
FROM ' . USER_GROUP_TABLE . "
WHERE group_id = $group_id
AND user_pending = 0
AND " . $db->sql_in_set('user_id', $user_id_ary);
$result = $db->sql_query($sql);

$user_id_ary = $username_ary = array();
while ($row = $db->sql_fetchrow($result))
{
$user_id_ary[] = $row['user_id'];
}
$db->sql_freeresult($result);

$result = user_get_id_name($user_id_ary, $username_ary);
if (!sizeof($user_id_ary) || $result !== false)
{
return 'NO_USERS';
}


			$sql = 'SELECT user_id, group_id FROM ' . USERS_TABLE . '
WHERE ' . $db->sql_in_set('user_id', $user_id_ary, false, true);
$result = $db->sql_query($sql);

			$sql = 'SELECT user_id, group_id FROM ' . USERS_TABLE . '
WHERE ' . $db->sql_in_set('user_id', $user_id_ary, false, true);
$result = $db->sql_query($sql);

Line 3097Line 3260
*/
function group_set_user_default($group_id, $user_id_ary, $group_attributes = false, $update_listing = false)
{

*/
function group_set_user_default($group_id, $user_id_ary, $group_attributes = false, $update_listing = false)
{

	global $db;

	global $cache, $db;


if (empty($user_id_ary))
{


if (empty($user_id_ary))
{

Line 3197Line 3360
	{
group_update_listings($group_id);
}

	{
group_update_listings($group_id);
}

 

// Because some tables/caches use usercolour-specific data we need to purge this here.
$cache->destroy('sql', MODERATOR_CACHE_TABLE);

}

/**

}

/**

Line 3213Line 3379
	$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);


	$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);


	if (!$row)

	if (!$row || ($row['group_type'] == GROUP_SPECIAL && empty($user->lang)))

	{
return '';
}

	{
return '';
}

Line 3354Line 3520
		}
update_foes(array($group_id));
}

		}
update_foes(array($group_id));
}

 
}



/**
* Funtion to make a user leave the NEWLY_REGISTERED system group.
* @access public
* @param $user_id The id of the user to remove from the group
*/
function remove_newly_registered($user_id, $user_data = false)
{
global $db;

if ($user_data === false)
{
$sql = 'SELECT *
FROM ' . USERS_TABLE . '
WHERE user_id = ' . $user_id;
$result = $db->sql_query($sql);
$user_row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);

if (!$user_row)
{
return false;
}
else
{
$user_data = $user_row;
}
}

if (empty($user_data['user_new']))
{
return false;
}

$sql = 'SELECT group_id
FROM ' . GROUPS_TABLE . "
WHERE group_name = 'NEWLY_REGISTERED'
AND group_type = " . GROUP_SPECIAL;
$result = $db->sql_query($sql);
$group_id = (int) $db->sql_fetchfield('group_id');
$db->sql_freeresult($result);

if (!$group_id)
{
return false;
}

// We need to call group_user_del here, because this function makes sure everything is correctly changed.
// A downside for a call within the session handler is that the language is not set up yet - so no log entry
group_user_del($group_id, $user_id);

// Set user_new to 0 to let this not be triggered again
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_new = 0
WHERE user_id = ' . $user_id;
$db->sql_query($sql);

// The new users group was the users default group?
if ($user_data['group_id'] == $group_id)
{
// Which group is now the users default one?
$sql = 'SELECT group_id
FROM ' . USERS_TABLE . '
WHERE user_id = ' . $user_id;
$result = $db->sql_query($sql);
$user_data['group_id'] = $db->sql_fetchfield('group_id');
$db->sql_freeresult($result);
}

return $user_data['group_id'];
}

/**
* Gets user ids of currently banned registered users.
*
* @param array $user_ids Array of users' ids to check for banning,
* leave empty to get complete list of banned ids
* @return array Array of banned users' ids if any, empty array otherwise
*/
function phpbb_get_banned_user_ids($user_ids = array())
{
global $db;

$sql_user_ids = (!empty($user_ids)) ? $db->sql_in_set('ban_userid', $user_ids) : 'ban_userid <> 0';

// Get banned User ID's
// Ignore stale bans which were not wiped yet
$banned_ids_list = array();
$sql = 'SELECT ban_userid
FROM ' . BANLIST_TABLE . "
WHERE $sql_user_ids
AND ban_exclude <> 1
AND (ban_end > " . time() . '
OR ban_end = 0)';
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
$user_id = (int) $row['ban_userid'];
$banned_ids_list[$user_id] = $user_id;
}
$db->sql_freeresult($result);

return $banned_ids_list;

}

?>

}

?>