Line 171 | Line 171 |
---|
'user_password' => (isset($user_row['user_password'])) ? $user_row['user_password'] : '', 'user_pass_convert' => 0, 'user_email' => strtolower($user_row['user_email']),
|
'user_password' => (isset($user_row['user_password'])) ? $user_row['user_password'] : '', 'user_pass_convert' => 0, 'user_email' => strtolower($user_row['user_email']),
|
'user_email_hash' => crc32(strtolower($user_row['user_email'])) . strlen($user_row['user_email']),
| 'user_email_hash' => phpbb_email_hash($user_row['user_email']),
|
'group_id' => $user_row['group_id'], 'user_type' => $user_row['user_type'], );
| 'group_id' => $user_row['group_id'], 'user_type' => $user_row['user_type'], );
|
Line 187 | Line 187 |
---|
'user_ip' => '', 'user_regdate' => time(), 'user_passchg' => time(),
|
'user_ip' => '', 'user_regdate' => time(), 'user_passchg' => time(),
|
'user_options' => 895,
| 'user_options' => 230271, // We do not set the new flag here - registration scripts need to specify it 'user_new' => 0,
|
'user_inactive_reason' => 0, 'user_inactive_time' => 0,
| 'user_inactive_reason' => 0, 'user_inactive_time' => 0,
|
Line 274 | Line 276 |
---|
// Now make it the users default group... group_set_user_default($user_row['group_id'], array($user_id), false);
|
// Now make it the users default group... group_set_user_default($user_row['group_id'], array($user_id), false);
|
| // Add to newly registered users group if user_new is 1 if ($config['new_member_post_limit'] && $sql_ary['user_new']) { $sql = 'SELECT group_id FROM ' . GROUPS_TABLE . " WHERE group_name = 'NEWLY_REGISTERED' AND group_type = " . GROUP_SPECIAL; $result = $db->sql_query($sql); $add_group_id = (int) $db->sql_fetchfield('group_id'); $db->sql_freeresult($result);
if ($add_group_id) { // Because these actions only fill the log unneccessarily we skip the add_log() entry with a little hack. :/ $GLOBALS['skip_add_log'] = true;
// Add user to "newly registered users" group and set to default group if admin specified so. if ($config['new_member_group_default']) { group_user_add($add_group_id, $user_id, false, false, true); $user_row['group_id'] = $add_group_id; } else { group_user_add($add_group_id, $user_id); }
unset($GLOBALS['skip_add_log']); } }
|
// set the newest user and adjust the user count if the user is a normal user and no activation mail is sent
|
// set the newest user and adjust the user count if the user is a normal user and no activation mail is sent
|
if ($user_row['user_type'] == USER_NORMAL)
| if ($user_row['user_type'] == USER_NORMAL || $user_row['user_type'] == USER_FOUNDER)
|
{ set_config('newest_user_id', $user_id, true); set_config('newest_username', $user_row['username'], true);
|
{ set_config('newest_user_id', $user_id, true); set_config('newest_username', $user_row['username'], true);
|
set_config('num_users', $config['num_users'] + 1, true);
| set_config_count('num_users', 1, true);
|
$sql = 'SELECT group_colour FROM ' . GROUPS_TABLE . '
| $sql = 'SELECT group_colour FROM ' . GROUPS_TABLE . '
|
Line 297 | Line 330 |
---|
/** * Remove User
|
/** * Remove User
|
| * * @param string $mode 'retain' or 'remove' * @param int $user_id * @param mixed $post_username * @return bool
|
*/ function user_delete($mode, $user_id, $post_username = false) {
|
*/ function user_delete($mode, $user_id, $post_username = false) {
|
global $cache, $config, $db, $user, $auth;
| global $cache, $config, $db, $user;
|
global $phpbb_root_path, $phpEx;
$sql = 'SELECT *
| global $phpbb_root_path, $phpEx;
$sql = 'SELECT *
|
Line 404 | Line 442 |
---|
$sql = 'UPDATE ' . POSTS_TABLE . ' SET poster_id = ' . ANONYMOUS . ", post_username = '" . $db->sql_escape($post_username) . "' WHERE poster_id = $user_id";
|
$sql = 'UPDATE ' . POSTS_TABLE . ' SET poster_id = ' . ANONYMOUS . ", post_username = '" . $db->sql_escape($post_username) . "' WHERE poster_id = $user_id";
|
$db->sql_query($sql);
$sql = 'UPDATE ' . POSTS_TABLE . ' SET post_edit_user = ' . ANONYMOUS . " WHERE post_edit_user = $user_id";
| |
$db->sql_query($sql);
$sql = 'UPDATE ' . TOPICS_TABLE . '
| $db->sql_query($sql);
$sql = 'UPDATE ' . TOPICS_TABLE . '
|
Line 419 | Line 452 |
---|
$sql = 'UPDATE ' . TOPICS_TABLE . ' SET topic_last_poster_id = ' . ANONYMOUS . ", topic_last_poster_name = '" . $db->sql_escape($post_username) . "', topic_last_poster_colour = '' WHERE topic_last_poster_id = $user_id";
|
$sql = 'UPDATE ' . TOPICS_TABLE . ' SET topic_last_poster_id = ' . ANONYMOUS . ", topic_last_poster_name = '" . $db->sql_escape($post_username) . "', topic_last_poster_colour = '' WHERE topic_last_poster_id = $user_id";
|
| $db->sql_query($sql);
$sql = 'UPDATE ' . ATTACHMENTS_TABLE . ' SET poster_id = ' . ANONYMOUS . " WHERE poster_id = $user_id";
|
$db->sql_query($sql);
// Since we change every post by this author, we need to count this amount towards the anonymous user
| $db->sql_query($sql);
// Since we change every post by this author, we need to count this amount towards the anonymous user
|
Line 442 | Line 480 |
---|
if (!function_exists('delete_posts')) { include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
|
if (!function_exists('delete_posts')) { include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
|
}
$sql = 'SELECT topic_id, COUNT(post_id) AS total_posts FROM ' . POSTS_TABLE . " WHERE poster_id = $user_id GROUP BY topic_id"; $result = $db->sql_query($sql);
$topic_id_ary = array(); while ($row = $db->sql_fetchrow($result)) { $topic_id_ary[$row['topic_id']] = $row['total_posts']; } $db->sql_freeresult($result);
if (sizeof($topic_id_ary)) { $sql = 'SELECT topic_id, topic_replies, topic_replies_real FROM ' . TOPICS_TABLE . ' WHERE ' . $db->sql_in_set('topic_id', array_keys($topic_id_ary)); $result = $db->sql_query($sql);
$del_topic_ary = array(); while ($row = $db->sql_fetchrow($result)) { if (max($row['topic_replies'], $row['topic_replies_real']) + 1 == $topic_id_ary[$row['topic_id']]) { $del_topic_ary[] = $row['topic_id']; } } $db->sql_freeresult($result);
if (sizeof($del_topic_ary)) { $sql = 'DELETE FROM ' . TOPICS_TABLE . ' WHERE ' . $db->sql_in_set('topic_id', $del_topic_ary); $db->sql_query($sql); }
| |
}
// Delete posts, attachments, etc.
| }
// Delete posts, attachments, etc.
|
Line 490 | Line 490 |
---|
$db->sql_transaction('begin');
|
$db->sql_transaction('begin');
|
$table_ary = array(USERS_TABLE, USER_GROUP_TABLE, TOPICS_WATCH_TABLE, FORUMS_WATCH_TABLE, ACL_USERS_TABLE, TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, FORUMS_TRACK_TABLE, PROFILE_FIELDS_DATA_TABLE, MODERATOR_CACHE_TABLE, DRAFTS_TABLE, BOOKMARKS_TABLE);
| $table_ary = array(USERS_TABLE, USER_GROUP_TABLE, TOPICS_WATCH_TABLE, FORUMS_WATCH_TABLE, ACL_USERS_TABLE, TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, FORUMS_TRACK_TABLE, PROFILE_FIELDS_DATA_TABLE, MODERATOR_CACHE_TABLE, DRAFTS_TABLE, BOOKMARKS_TABLE, SESSIONS_KEYS_TABLE, PRIVMSGS_FOLDER_TABLE, PRIVMSGS_RULES_TABLE);
|
foreach ($table_ary as $table) {
| foreach ($table_ary as $table) {
|
Line 501 | Line 501 |
---|
$cache->destroy('sql', MODERATOR_CACHE_TABLE);
|
$cache->destroy('sql', MODERATOR_CACHE_TABLE);
|
// Remove any undelivered mails... $sql = 'SELECT msg_id, user_id FROM ' . PRIVMSGS_TO_TABLE . ' WHERE author_id = ' . $user_id . ' AND folder_id = ' . PRIVMSGS_NO_BOX; $result = $db->sql_query($sql);
| // Change user_id to anonymous for posts edited by this user $sql = 'UPDATE ' . POSTS_TABLE . ' SET post_edit_user = ' . ANONYMOUS . ' WHERE post_edit_user = ' . $user_id; $db->sql_query($sql);
|
|
|
$undelivered_msg = $undelivered_user = array(); while ($row = $db->sql_fetchrow($result)) { $undelivered_msg[] = $row['msg_id']; $undelivered_user[$row['user_id']][] = true; } $db->sql_freeresult($result);
if (sizeof($undelivered_msg)) { $sql = 'DELETE FROM ' . PRIVMSGS_TABLE . ' WHERE ' . $db->sql_in_set('msg_id', $undelivered_msg);
| // Change user_id to anonymous for pms edited by this user $sql = 'UPDATE ' . PRIVMSGS_TABLE . ' SET message_edit_user = ' . ANONYMOUS . ' WHERE message_edit_user = ' . $user_id;
|
$db->sql_query($sql);
|
$db->sql_query($sql);
|
}
| |
|
|
$sql = 'DELETE FROM ' . PRIVMSGS_TO_TABLE . ' WHERE author_id = ' . $user_id . ' AND folder_id = ' . PRIVMSGS_NO_BOX;
| // Delete user log entries about this user $sql = 'DELETE FROM ' . LOG_TABLE . ' WHERE reportee_id = ' . $user_id;
|
$db->sql_query($sql);
|
$db->sql_query($sql);
|
// Delete all to-information $sql = 'DELETE FROM ' . PRIVMSGS_TO_TABLE . '
| // Change user_id to anonymous for this users triggered events $sql = 'UPDATE ' . LOG_TABLE . ' SET user_id = ' . ANONYMOUS . '
|
WHERE user_id = ' . $user_id; $db->sql_query($sql);
|
WHERE user_id = ' . $user_id; $db->sql_query($sql);
|
// Set the remaining author id to anonymous - this way users are still able to read messages from users being removed $sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . ' SET author_id = ' . ANONYMOUS . ' WHERE author_id = ' . $user_id;
| // Delete the user_id from the zebra table $sql = 'DELETE FROM ' . ZEBRA_TABLE . ' WHERE user_id = ' . $user_id . ' OR zebra_id = ' . $user_id;
|
$db->sql_query($sql);
|
$db->sql_query($sql);
|
$sql = 'UPDATE ' . PRIVMSGS_TABLE . ' SET author_id = ' . ANONYMOUS . ' WHERE author_id = ' . $user_id;
| // Delete the user_id from the banlist $sql = 'DELETE FROM ' . BANLIST_TABLE . ' WHERE ban_userid = ' . $user_id;
|
$db->sql_query($sql);
|
$db->sql_query($sql);
|
foreach ($undelivered_user as $_user_id => $ary)
| // Delete the user_id from the session table $sql = 'DELETE FROM ' . SESSIONS_TABLE . ' WHERE session_user_id = ' . $user_id; $db->sql_query($sql);
// Clean the private messages tables from the user if (!function_exists('phpbb_delete_user_pms'))
|
{
|
{
|
if ($_user_id == $user_id) { continue; }
$sql = 'UPDATE ' . USERS_TABLE . ' SET user_new_privmsg = user_new_privmsg - ' . sizeof($ary) . ', user_unread_privmsg = user_unread_privmsg - ' . sizeof($ary) . ' WHERE user_id = ' . $_user_id; $db->sql_query($sql);
| include($phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx);
|
}
|
}
|
| phpbb_delete_user_pms($user_id);
|
$db->sql_transaction('commit');
| $db->sql_transaction('commit');
|
Line 569 | Line 558 |
---|
// Decrement number of users if this user is active if ($user_row['user_type'] != USER_INACTIVE && $user_row['user_type'] != USER_IGNORE) {
|
// Decrement number of users if this user is active if ($user_row['user_type'] != USER_INACTIVE && $user_row['user_type'] != USER_IGNORE) {
|
set_config('num_users', $config['num_users'] - 1, true);
| set_config_count('num_users', -1, true);
|
}
return false;
| }
return false;
|
Line 650 | Line 639 |
---|
if ($deactivated) {
|
if ($deactivated) {
|
set_config('num_users', $config['num_users'] - $deactivated, true);
| set_config_count('num_users', $deactivated * (-1), true);
|
}
if ($activated) {
|
}
if ($activated) {
|
set_config('num_users', $config['num_users'] + $activated, true);
| set_config_count('num_users', $activated, true);
|
}
// Update latest username
| }
// Update latest username
|
Line 701 | Line 690 |
---|
if (sizeof($ban_other) == 3 && ((int)$ban_other[0] < 9999) && (strlen($ban_other[0]) == 4) && (strlen($ban_other[1]) == 2) && (strlen($ban_other[2]) == 2)) {
|
if (sizeof($ban_other) == 3 && ((int)$ban_other[0] < 9999) && (strlen($ban_other[0]) == 4) && (strlen($ban_other[1]) == 2) && (strlen($ban_other[2]) == 2)) {
|
$ban_end = max($current_time, gmmktime(0, 0, 0, (int)$ban_other[1], (int)$ban_other[2], (int)$ban_other[0]));
| $time_offset = (isset($user->timezone) && isset($user->dst)) ? (int) $user->timezone + (int) $user->dst : 0; $ban_end = max($current_time, gmmktime(0, 0, 0, (int)$ban_other[1], (int)$ban_other[2], (int)$ban_other[0]) - $time_offset);
|
} else {
|
} else {
|
trigger_error('LENGTH_BAN_INVALID');
| trigger_error('LENGTH_BAN_INVALID', E_USER_WARNING);
|
} } }
| } } }
|
Line 765 | Line 755 |
---|
// Make sure we have been given someone to ban if (!sizeof($sql_usernames)) {
|
// Make sure we have been given someone to ban if (!sizeof($sql_usernames)) {
|
trigger_error('NO_USER_SPECIFIED');
| trigger_error('NO_USER_SPECIFIED', E_USER_WARNING);
|
}
$sql = 'SELECT user_id FROM ' . USERS_TABLE . ' WHERE ' . $db->sql_in_set('username_clean', $sql_usernames);
|
}
$sql = 'SELECT user_id FROM ' . USERS_TABLE . ' WHERE ' . $db->sql_in_set('username_clean', $sql_usernames);
|
// Do not allow banning yourself
| // Do not allow banning yourself, the guest account, or founders. $non_bannable = array($user->data['user_id'], ANONYMOUS);
|
if (sizeof($founder)) {
|
if (sizeof($founder)) {
|
$sql .= ' AND ' . $db->sql_in_set('user_id', array_merge(array_keys($founder), array($user->data['user_id'])), true);
| $sql .= ' AND ' . $db->sql_in_set('user_id', array_merge(array_keys($founder), $non_bannable), true);
|
} else {
|
} else {
|
$sql .= ' AND user_id <> ' . $user->data['user_id'];
| $sql .= ' AND ' . $db->sql_in_set('user_id', $non_bannable, true);
|
}
$result = $db->sql_query($sql);
| }
$result = $db->sql_query($sql);
|
Line 795 | Line 786 |
---|
else { $db->sql_freeresult($result);
|
else { $db->sql_freeresult($result);
|
trigger_error('NO_USERS');
| trigger_error('NO_USERS', E_USER_WARNING);
|
} $db->sql_freeresult($result); break;
| } $db->sql_freeresult($result); break;
|
Line 894 | Line 885 |
---|
} } }
|
} } }
|
else
| if (empty($banlist_ary))
|
{
|
{
|
trigger_error('NO_IPS_DEFINED');
| trigger_error('NO_IPS_DEFINED', E_USER_WARNING);
|
} } break;
| } } break;
|
Line 924 | Line 916 |
---|
if (sizeof($ban_list) == 0) {
|
if (sizeof($ban_list) == 0) {
|
trigger_error('NO_EMAILS_DEFINED');
| trigger_error('NO_EMAILS_DEFINED', E_USER_WARNING);
|
} break;
default:
|
} break;
default:
|
trigger_error('NO_MODE');
| trigger_error('NO_MODE', E_USER_WARNING);
|
break; }
| break; }
|
Line 967 | Line 959 |
---|
} while ($row = $db->sql_fetchrow($result));
|
} while ($row = $db->sql_fetchrow($result));
|
$banlist_ary = array_unique(array_diff($banlist_ary, $banlist_ary_tmp));
| $banlist_ary_tmp = array_intersect($banlist_ary, $banlist_ary_tmp);
if (sizeof($banlist_ary_tmp)) { // One or more entities are already banned/excluded, delete the existing bans, so they can be re-inserted with the given new length $sql = 'DELETE FROM ' . BANLIST_TABLE . ' WHERE ' . $db->sql_in_set($type, $banlist_ary_tmp) . ' AND ban_exclude = ' . (int) $ban_exclude; $db->sql_query($sql); }
|
unset($banlist_ary_tmp); } $db->sql_freeresult($result);
| unset($banlist_ary_tmp); } $db->sql_freeresult($result);
|
Line 1050 | Line 1052 |
---|
// Update log $log_entry = ($ban_exclude) ? 'LOG_BAN_EXCLUDE_' : 'LOG_BAN_';
|
// Update log $log_entry = ($ban_exclude) ? 'LOG_BAN_EXCLUDE_' : 'LOG_BAN_';
|
// Add to moderator and admin log
| // Add to moderator log, admin log and user notes
|
add_log('admin', $log_entry . strtoupper($mode), $ban_reason, $ban_list_log); add_log('mod', 0, 0, $log_entry . strtoupper($mode), $ban_reason, $ban_list_log);
|
add_log('admin', $log_entry . strtoupper($mode), $ban_reason, $ban_list_log); add_log('mod', 0, 0, $log_entry . strtoupper($mode), $ban_reason, $ban_list_log);
|
| if ($mode == 'user') { foreach ($banlist_ary as $user_id) { add_log('user', $user_id, $log_entry . strtoupper($mode), $ban_reason, $ban_list_log); } }
|
$cache->destroy('sql', BANLIST_TABLE);
| $cache->destroy('sql', BANLIST_TABLE);
|
Line 1091 | Line 1100 |
---|
switch ($mode) { case 'user':
|
switch ($mode) { case 'user':
|
$sql = 'SELECT u.username AS unban_info
| $sql = 'SELECT u.username AS unban_info, u.user_id
|
FROM ' . USERS_TABLE . ' u, ' . BANLIST_TABLE . ' b WHERE ' . $db->sql_in_set('b.ban_id', $unban_sql) . ' AND u.user_id = b.ban_userid';
| FROM ' . USERS_TABLE . ' u, ' . BANLIST_TABLE . ' b WHERE ' . $db->sql_in_set('b.ban_id', $unban_sql) . ' AND u.user_id = b.ban_userid';
|
Line 1112 | Line 1121 |
---|
$result = $db->sql_query($sql);
$l_unban_list = '';
|
$result = $db->sql_query($sql);
$l_unban_list = '';
|
| $user_ids_ary = array();
|
while ($row = $db->sql_fetchrow($result)) { $l_unban_list .= (($l_unban_list != '') ? ', ' : '') . $row['unban_info'];
|
while ($row = $db->sql_fetchrow($result)) { $l_unban_list .= (($l_unban_list != '') ? ', ' : '') . $row['unban_info'];
|
| if ($mode == 'user') { $user_ids_ary[] = $row['user_id']; }
|
} $db->sql_freeresult($result);
| } $db->sql_freeresult($result);
|
Line 1122 | Line 1136 |
---|
WHERE ' . $db->sql_in_set('ban_id', $unban_sql); $db->sql_query($sql);
|
WHERE ' . $db->sql_in_set('ban_id', $unban_sql); $db->sql_query($sql);
|
// Add to moderator and admin log
| // Add to moderator log, admin log and user notes
|
add_log('admin', 'LOG_UNBAN_' . strtoupper($mode), $l_unban_list); add_log('mod', 0, 0, 'LOG_UNBAN_' . strtoupper($mode), $l_unban_list);
|
add_log('admin', 'LOG_UNBAN_' . strtoupper($mode), $l_unban_list); add_log('mod', 0, 0, 'LOG_UNBAN_' . strtoupper($mode), $l_unban_list);
|
| if ($mode == 'user') { foreach ($user_ids_ary as $user_id) { add_log('user', $user_id, 'LOG_UNBAN_' . strtoupper($mode), $l_unban_list); } }
|
}
$cache->destroy('sql', BANLIST_TABLE);
| }
$cache->destroy('sql', BANLIST_TABLE);
|
Line 1133 | Line 1154 |
---|
}
/**
|
}
/**
|
* Whois facility
| * Internet Protocol Address Whois * RFC3912: WHOIS Protocol Specification * * @param string $ip Ip address, either IPv4 or IPv6. * * @return string Empty string if not a valid ip address. * Otherwise make_clickable()'ed whois result.
|
*/ function user_ipwhois($ip) {
|
*/ function user_ipwhois($ip) {
|
$ipwhois = '';
| if (empty($ip)) { return ''; }
|
|
|
// Check IP // Only supporting IPv4 at the moment... if (empty($ip) || !preg_match(get_preg_expression('ipv4'), $ip))
| if (preg_match(get_preg_expression('ipv4'), $ip)) { // IPv4 address $whois_host = 'whois.arin.net.'; } else if (preg_match(get_preg_expression('ipv6'), $ip)) { // IPv6 address $whois_host = 'whois.sixxs.net.'; } else
|
{ return ''; }
|
{ return ''; }
|
$match = array( '#RIPE\.NET#is' => 'whois.ripe.net', '#whois\.apnic\.net#is' => 'whois.apnic.net', '#nic\.ad\.jp#is' => 'whois.nic.ad.jp', '#whois\.registro\.br#is' => 'whois.registro.br' );
| $ipwhois = '';
|
|
|
if (($fsk = @fsockopen('whois.arin.net', 43)))
| if (($fsk = @fsockopen($whois_host, 43)))
|
{
|
{
|
fputs($fsk, "$ip\n");
| // CRLF as per RFC3912 fputs($fsk, "$ip\r\n");
|
while (!feof($fsk)) { $ipwhois .= fgets($fsk, 1024);
| while (!feof($fsk)) { $ipwhois .= fgets($fsk, 1024);
|
Line 1163 | Line 1197 |
---|
@fclose($fsk); }
|
@fclose($fsk); }
|
foreach (array_keys($match) as $server)
| $match = array();
// Test for referrals from $whois_host to other whois databases, roll on rwhois if (preg_match('#ReferralServer: whois://(.+)#im', $ipwhois, $match))
|
{
|
{
|
if (preg_match($server, $ipwhois))
| if (strpos($match[1], ':') !== false)
|
{
|
{
|
$ipwhois = ''; if (($fsk = @fsockopen($match[$server], 43)))
| $pos = strrpos($match[1], ':'); $server = substr($match[1], 0, $pos); $port = (int) substr($match[1], $pos + 1); unset($pos); } else
|
{
|
{
|
fputs($fsk, "$ip\n");
| $server = $match[1]; $port = 43; }
$buffer = '';
if (($fsk = @fsockopen($server, $port))) { fputs($fsk, "$ip\r\n");
|
while (!feof($fsk)) {
|
while (!feof($fsk)) {
|
$ipwhois .= fgets($fsk, 1024);
| $buffer .= fgets($fsk, 1024);
|
} @fclose($fsk); }
|
} @fclose($fsk); }
|
break; }
| // Use the result from $whois_host if we don't get any result here $ipwhois = (empty($buffer)) ? $ipwhois : $buffer;
|
}
$ipwhois = htmlspecialchars($ipwhois);
| }
$ipwhois = htmlspecialchars($ipwhois);
|
Line 1209 | Line 1259 |
---|
{ $function = array_shift($validate); array_unshift($validate, $data[$var]);
|
{ $function = array_shift($validate); array_unshift($validate, $data[$var]);
|
| $function_prefix = (function_exists('phpbb_validate_' . $function)) ? 'phpbb_validate_' : 'validate_';
|
|
|
if ($result = call_user_func_array('validate_' . $function, $validate))
| if ($result = call_user_func_array($function_prefix . $function, $validate))
|
{ // Since errors are checked later for their language file existence, we need to make sure custom errors are not adjusted. $error[] = (empty($user->lang[$result . '_' . strtoupper($var)])) ? $result : $result . '_' . strtoupper($var);
| { // Since errors are checked later for their language file existence, we need to make sure custom errors are not adjusted. $error[] = (empty($user->lang[$result . '_' . strtoupper($var)])) ? $result : $result . '_' . strtoupper($var);
|
Line 1331 | Line 1382 |
---|
}
return false;
|
}
return false;
|
| }
/** * Validate Language Pack ISO Name * * Tests whether a language name is valid and installed * * @param string $lang_iso The language string to test * * @return bool|string Either false if validation succeeded or * a string which will be used as the error message * (with the variable name appended) */ function validate_language_iso_name($lang_iso) { global $db;
$sql = 'SELECT lang_id FROM ' . LANG_TABLE . " WHERE lang_iso = '" . $db->sql_escape($lang_iso) . "'"; $result = $db->sql_query($sql); $lang_id = (int) $db->sql_fetchfield('lang_id'); $db->sql_freeresult($result);
return ($lang_id) ? false : 'WRONG_DATA';
|
}
/**
| }
/**
|
Line 1414 | Line 1490 |
---|
} else if ($mbstring) {
|
} else if ($mbstring) {
|
$regex = '[-\]_+ [[:upper:][:lower:][:digit:]]+';
| $regex = '[-\]_+ \[[:upper:][:lower:][:digit:]]+';
|
} else {
| } else {
|
Line 1439 | Line 1515 |
---|
} else if ($mbstring) {
|
} else if ($mbstring) {
|
$matches = array(); mb_ereg_search_init('^' . $username . '$', $regex, $matches);
| mb_ereg_search_init($username, '^' . $regex . '$');
|
if (!mb_ereg_search()) { return 'INVALID_CHARS';
| if (!mb_ereg_search()) { return 'INVALID_CHARS';
|
Line 1491 | Line 1566 |
---|
*/ function validate_password($password) {
|
*/ function validate_password($password) {
|
global $config, $db, $user;
| global $config;
|
|
|
if (!$password)
| if ($password === '' || $config['pass_complex'] === 'PASS_TYPE_ANY')
|
{
|
{
|
| // Password empty or no password complexity required.
|
return false; }
| return false; }
|
Line 1505 | Line 1581 |
---|
{ $upp = '\p{Lu}'; $low = '\p{Ll}';
|
{ $upp = '\p{Lu}'; $low = '\p{Ll}';
|
$let = '\p{L}';
| |
$num = '\p{N}'; $sym = '[^\p{Lu}\p{Ll}\p{N}]'; $pcre = true;
| $num = '\p{N}'; $sym = '[^\p{Lu}\p{Ll}\p{N}]'; $pcre = true;
|
Line 1515 | Line 1590 |
---|
mb_regex_encoding('UTF-8'); $upp = '[[:upper:]]'; $low = '[[:lower:]]';
|
mb_regex_encoding('UTF-8'); $upp = '[[:upper:]]'; $low = '[[:lower:]]';
|
$let = '[[:lower:][:upper:]]';
| |
$num = '[[:digit:]]'; $sym = '[^[:upper:][:lower:][:digit:]]'; $mbstring = true;
| $num = '[[:digit:]]'; $sym = '[^[:upper:][:lower:][:digit:]]'; $mbstring = true;
|
Line 1524 | Line 1598 |
---|
{ $upp = '[A-Z]'; $low = '[a-z]';
|
{ $upp = '[A-Z]'; $low = '[a-z]';
|
$let = '[a-zA-Z]';
| |
$num = '[0-9]'; $sym = '[^A-Za-z0-9]'; $pcre = true;
| $num = '[0-9]'; $sym = '[^A-Za-z0-9]'; $pcre = true;
|
Line 1534 | Line 1607 |
---|
switch ($config['pass_complex']) {
|
switch ($config['pass_complex']) {
|
case 'PASS_TYPE_CASE': $chars[] = $low; $chars[] = $upp; break;
| // No break statements below ... // We require strong passwords in case pass_complex is not set or is invalid default:
// Require mixed case letters, numbers and symbols case 'PASS_TYPE_SYMBOL': $chars[] = $sym;
|
|
|
| // Require mixed case letters and numbers
|
case 'PASS_TYPE_ALPHA':
|
case 'PASS_TYPE_ALPHA':
|
$chars[] = $let;
| |
$chars[] = $num;
|
$chars[] = $num;
|
break;
| |
|
|
case 'PASS_TYPE_SYMBOL':
| // Require mixed case letters case 'PASS_TYPE_CASE':
|
$chars[] = $low; $chars[] = $upp;
|
$chars[] = $low; $chars[] = $upp;
|
$chars[] = $num; $chars[] = $sym; break;
| |
}
if ($pcre)
| }
if ($pcre)
|
Line 1622 | Line 1695 |
---|
{ $sql = 'SELECT user_email_hash FROM ' . USERS_TABLE . "
|
{ $sql = 'SELECT user_email_hash FROM ' . USERS_TABLE . "
|
WHERE user_email_hash = " . (crc32($email) . strlen($email));
| WHERE user_email_hash = " . $db->sql_escape(phpbb_email_hash($email));
|
$result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result);
| $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result);
|
Line 1836 | Line 1909 |
---|
}
return false;
|
}
return false;
|
| }
/** * Validate hex colour value * * @param string $colour The hex colour value * @param bool $optional Whether the colour value is optional. True if an empty * string will be accepted as correct input, false if not. * @return bool|string Error message if colour value is incorrect, false if it * fits the hex colour code */ function phpbb_validate_hex_colour($colour, $optional = false) { if ($colour === '') { return (($optional) ? false : 'WRONG_DATA'); }
if (!preg_match('/^([0-9a-fA-F]{6}|[0-9a-fA-F]{3})$/', $colour)) { return 'WRONG_DATA'; }
return false; }
/** * Verifies whether a style ID corresponds to an active style. * * @param int $style_id The style_id of a style which should be checked if activated or not. * @return boolean */ function phpbb_style_is_active($style_id) { global $db;
$sql = 'SELECT style_active FROM ' . STYLES_TABLE . ' WHERE style_id = '. (int) $style_id; $result = $db->sql_query($sql);
$style_is_active = (bool) $db->sql_fetchfield('style_active'); $db->sql_freeresult($result);
return $style_is_active;
|
}
/**
| }
/**
|
Line 1955 | Line 2073 |
---|
// Init upload class include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);
|
// Init upload class include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);
|
$upload = new fileupload('AVATAR_', array('jpg', 'jpeg', 'gif', 'png'), $config['avatar_filesize'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], explode('|', $config['mime_triggers']));
| $upload = new fileupload('AVATAR_', array('jpg', 'jpeg', 'gif', 'png'), $config['avatar_filesize'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], (isset($config['mime_triggers']) ? explode('|', $config['mime_triggers']) : false));
|
if (!empty($_FILES['uploadfile']['name'])) {
| if (!empty($_FILES['uploadfile']['name'])) {
|
Line 2056 | Line 2174 |
---|
if (preg_match('#^[^&\'"<>]+\.(?:gif|png|jpe?g)$#i', $sub_file)) { $avatar_list[$file][$avatar_row_count][$avatar_col_count] = array(
|
if (preg_match('#^[^&\'"<>]+\.(?:gif|png|jpe?g)$#i', $sub_file)) { $avatar_list[$file][$avatar_row_count][$avatar_col_count] = array(
|
'file' => "$file/$sub_file", 'filename' => $sub_file,
| 'file' => rawurlencode($file) . '/' . rawurlencode($sub_file), 'filename' => rawurlencode($sub_file),
|
'name' => ucfirst(str_replace('_', ' ', preg_replace('#^(.*)\..*$#', '\1', $sub_file))), ); $avatar_col_count++;
| 'name' => ucfirst(str_replace('_', ' ', preg_replace('#^(.*)\..*$#', '\1', $sub_file))), ); $avatar_col_count++;
|
Line 2178 | Line 2296 |
---|
/** * Uploading/Changing user avatar */
|
/** * Uploading/Changing user avatar */
|
function avatar_process_user(&$error, $custom_userdata = false)
| function avatar_process_user(&$error, $custom_userdata = false, $can_upload = null)
|
{ global $config, $phpbb_root_path, $auth, $user, $db;
| { global $config, $phpbb_root_path, $auth, $user, $db;
|
Line 2217 | Line 2335 |
---|
$avatar_select = basename(request_var('avatar_select', ''));
// Can we upload?
|
$avatar_select = basename(request_var('avatar_select', ''));
// Can we upload?
|
$can_upload = ($config['allow_avatar_upload'] && file_exists($phpbb_root_path . $config['avatar_path']) && @is_writable($phpbb_root_path . $config['avatar_path']) && $change_avatar && (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on')) ? true : false;
| if (is_null($can_upload)) { $can_upload = ($config['allow_avatar_upload'] && file_exists($phpbb_root_path . $config['avatar_path']) && phpbb_is_writable($phpbb_root_path . $config['avatar_path']) && $change_avatar && (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on')) ? true : false; }
|
if ((!empty($_FILES['uploadfile']['name']) || $data['uploadurl']) && $can_upload) {
| if ((!empty($_FILES['uploadfile']['name']) || $data['uploadurl']) && $can_upload) {
|
Line 2242 | Line 2363 |
---|
} else {
|
} else {
|
list($sql_ary['user_avatar_width'], $sql_ary['user_avatar_height']) = getimagesize($phpbb_root_path . $config['avatar_gallery_path'] . '/' . $category . '/' . $sql_ary['user_avatar']);
| list($sql_ary['user_avatar_width'], $sql_ary['user_avatar_height']) = getimagesize($phpbb_root_path . $config['avatar_gallery_path'] . '/' . $category . '/' . urldecode($sql_ary['user_avatar']));
|
$sql_ary['user_avatar'] = $category . '/' . $sql_ary['user_avatar']; } }
| $sql_ary['user_avatar'] = $category . '/' . $sql_ary['user_avatar']; } }
|
Line 2344 | Line 2465 |
---|
global $phpbb_root_path, $config, $db, $user, $file_upload;
$error = array();
|
global $phpbb_root_path, $config, $db, $user, $file_upload;
$error = array();
|
$attribute_ary = array( 'group_colour' => 'string', 'group_rank' => 'int', 'group_avatar' => 'string', 'group_avatar_type' => 'int', 'group_avatar_width' => 'int', 'group_avatar_height' => 'int',
'group_receive_pm' => 'int', 'group_legend' => 'int', 'group_message_limit' => 'int', 'group_max_recipients' => 'int',
'group_founder_manage' => 'int', );
| |
|
|
// Those are group-only attributes $group_only_ary = array('group_receive_pm', 'group_legend', 'group_message_limit', 'group_max_recipients', 'group_founder_manage');
| // Attributes which also affect the users table $user_attribute_ary = array('group_colour', 'group_rank', 'group_avatar', 'group_avatar_type', 'group_avatar_width', 'group_avatar_height');
|
// Check data. Limit group name length. if (!utf8_strlen($name) || utf8_strlen($name) > 60)
| // Check data. Limit group name length. if (!utf8_strlen($name) || utf8_strlen($name) > 60)
|
Line 2399 | Line 2505 |
---|
if (sizeof($group_attributes)) {
|
if (sizeof($group_attributes)) {
|
foreach ($attribute_ary as $attribute => $_type) { if (isset($group_attributes[$attribute])) { settype($group_attributes[$attribute], $_type); $sql_ary[$attribute] = $group_attributes[$attribute]; } }
| // Merge them with $sql_ary to properly update the group $sql_ary = array_merge($sql_ary, $group_attributes);
|
}
// Setting the log message before we set the group id (if group gets added)
| }
// Setting the log message before we set the group id (if group gets added)
|
Line 2431 | Line 2531 |
---|
{ remove_default_avatar($group_id, $user_ary); }
|
{ remove_default_avatar($group_id, $user_ary); }
|
|
|
if (isset($sql_ary['group_rank']) && !$sql_ary['group_rank']) { remove_default_rank($group_id, $user_ary);
| if (isset($sql_ary['group_rank']) && !$sql_ary['group_rank']) { remove_default_rank($group_id, $user_ary);
|
Line 2446 | Line 2547 |
---|
SET group_name = '" . $db->sql_escape($sql_ary['group_name']) . "' WHERE group_id = $group_id"; $db->sql_query($sql);
|
SET group_name = '" . $db->sql_escape($sql_ary['group_name']) . "' WHERE group_id = $group_id"; $db->sql_query($sql);
|
| // One special case is the group skip auth setting. If this was changed we need to purge permissions for this group if (isset($group_attributes['group_skip_auth'])) { // Get users within this group... $sql = 'SELECT user_id FROM ' . USER_GROUP_TABLE . ' WHERE group_id = ' . $group_id . ' AND user_pending = 0'; $result = $db->sql_query($sql);
$user_id_ary = array(); while ($row = $db->sql_fetchrow($result)) { $user_id_ary[] = $row['user_id']; } $db->sql_freeresult($result);
if (!empty($user_id_ary)) { global $auth;
// Clear permissions cache of relevant users $auth->acl_clear_prefetch($user_id_ary); } }
|
} else {
| } else {
|
Line 2456 | Line 2583 |
---|
if (!$group_id) { $group_id = $db->sql_nextid();
|
if (!$group_id) { $group_id = $db->sql_nextid();
|
|
|
if (isset($sql_ary['group_avatar_type']) && $sql_ary['group_avatar_type'] == AVATAR_UPLOAD) { group_correct_avatar($group_id, $sql_ary['group_avatar']);
| if (isset($sql_ary['group_avatar_type']) && $sql_ary['group_avatar_type'] == AVATAR_UPLOAD) { group_correct_avatar($group_id, $sql_ary['group_avatar']);
|
Line 2466 | Line 2594 |
---|
$sql_ary = array(); if (sizeof($group_attributes)) {
|
$sql_ary = array(); if (sizeof($group_attributes)) {
|
foreach ($attribute_ary as $attribute => $_type)
| // Go through the user attributes array, check if a group attribute matches it and then set it. ;) foreach ($user_attribute_ary as $attribute)
|
{
|
{
|
if (isset($group_attributes[$attribute]) && !in_array($attribute, $group_only_ary))
| if (!isset($group_attributes[$attribute]))
|
{
|
{
|
| continue; }
|
// If we are about to set an avatar, we will not overwrite user avatars if no group avatar is set... if (strpos($attribute, 'group_avatar') === 0 && !$group_attributes[$attribute]) {
| // If we are about to set an avatar, we will not overwrite user avatars if no group avatar is set... if (strpos($attribute, 'group_avatar') === 0 && !$group_attributes[$attribute]) {
|
Line 2477 | Line 2609 |
---|
}
$sql_ary[$attribute] = $group_attributes[$attribute];
|
}
$sql_ary[$attribute] = $group_attributes[$attribute];
|
}
| |
} }
| } }
|
Line 2681 | Line 2812 |
---|
if ($default) {
|
if ($default) {
|
group_set_user_default($group_id, $user_id_ary, $group_attributes);
| group_user_attributes('default', $group_id, $user_id_ary, false, $group_name, $group_attributes);
|
}
$db->sql_transaction('commit');
| }
$db->sql_transaction('commit');
|
Line 2694 | Line 2825 |
---|
$group_name = get_group_name($group_id); }
|
$group_name = get_group_name($group_id); }
|
$log = ($leader) ? 'LOG_MODS_ADDED' : 'LOG_USERS_ADDED';
| $log = ($leader) ? 'LOG_MODS_ADDED' : (($pending) ? 'LOG_USERS_PENDING' : 'LOG_USERS_ADDED');
|
add_log('admin', $log, $group_name, implode(', ', $username_ary));
| add_log('admin', $log, $group_name, implode(', ', $username_ary));
|
Line 2713 | Line 2844 |
---|
*/ function group_user_del($group_id, $user_id_ary = false, $username_ary = false, $group_name = false) {
|
*/ function group_user_del($group_id, $user_id_ary = false, $username_ary = false, $group_name = false) {
|
global $db, $auth;
| global $db, $auth, $config;
|
|
|
$group_order = array('ADMINISTRATORS', 'GLOBAL_MODERATORS', 'REGISTERED_COPPA', 'REGISTERED', 'BOTS', 'GUESTS');
| if ($config['coppa_enable']) { $group_order = array('ADMINISTRATORS', 'GLOBAL_MODERATORS', 'NEWLY_REGISTERED', 'REGISTERED_COPPA', 'REGISTERED', 'BOTS', 'GUESTS'); } else { $group_order = array('ADMINISTRATORS', 'GLOBAL_MODERATORS', 'NEWLY_REGISTERED', 'REGISTERED', 'BOTS', 'GUESTS'); }
|
// We need both username and user_id info $result = user_get_id_name($user_id_ary, $username_ary);
| // We need both username and user_id info $result = user_get_id_name($user_id_ary, $username_ary);
|
Line 2779 | Line 2917 |
---|
$temp_ary = array(); while ($row = $db->sql_fetchrow($result)) {
|
$temp_ary = array(); while ($row = $db->sql_fetchrow($result)) {
|
if ($default_groups[$row['user_id']] == $group_id && (!isset($temp_ary[$row['user_id']]) || array_search($row['group_name'], $group_order) < $temp_ary[$row['user_id']]))
| if ($default_groups[$row['user_id']] == $group_id && (!isset($temp_ary[$row['user_id']]) || $group_order_id[$row['group_name']] < $temp_ary[$row['user_id']]))
|
{ $temp_ary[$row['user_id']] = $row['group_id']; } } $db->sql_freeresult($result);
|
{ $temp_ary[$row['user_id']] = $row['group_id']; } } $db->sql_freeresult($result);
|
| // sql_where_ary holds the new default groups and their users
|
$sql_where_ary = array(); foreach ($temp_ary as $uid => $gid) {
| $sql_where_ary = array(); foreach ($temp_ary as $uid => $gid) {
|
Line 2819 | Line 2958 |
---|
$log = 'LOG_GROUP_REMOVE';
|
$log = 'LOG_GROUP_REMOVE';
|
| if ($group_name) {
|
add_log('admin', $log, $group_name, implode(', ', $username_ary));
|
add_log('admin', $log, $group_name, implode(', ', $username_ary));
|
| }
|
group_update_listings($group_id);
| group_update_listings($group_id);
|
Line 3009 | Line 3151 |
---|
break;
case 'default':
|
break;
case 'default':
|
| // We only set default group for approved members of the group $sql = 'SELECT user_id FROM ' . USER_GROUP_TABLE . " WHERE group_id = $group_id AND user_pending = 0 AND " . $db->sql_in_set('user_id', $user_id_ary); $result = $db->sql_query($sql);
$user_id_ary = $username_ary = array(); while ($row = $db->sql_fetchrow($result)) { $user_id_ary[] = $row['user_id']; } $db->sql_freeresult($result);
$result = user_get_id_name($user_id_ary, $username_ary); if (!sizeof($user_id_ary) || $result !== false) { return 'NO_USERS'; }
|
$sql = 'SELECT user_id, group_id FROM ' . USERS_TABLE . ' WHERE ' . $db->sql_in_set('user_id', $user_id_ary, false, true); $result = $db->sql_query($sql);
| $sql = 'SELECT user_id, group_id FROM ' . USERS_TABLE . ' WHERE ' . $db->sql_in_set('user_id', $user_id_ary, false, true); $result = $db->sql_query($sql);
|
Line 3097 | Line 3260 |
---|
*/ function group_set_user_default($group_id, $user_id_ary, $group_attributes = false, $update_listing = false) {
|
*/ function group_set_user_default($group_id, $user_id_ary, $group_attributes = false, $update_listing = false) {
|
global $db;
| global $cache, $db;
|
if (empty($user_id_ary)) {
| if (empty($user_id_ary)) {
|
Line 3197 | Line 3360 |
---|
{ group_update_listings($group_id); }
|
{ group_update_listings($group_id); }
|
| // Because some tables/caches use usercolour-specific data we need to purge this here. $cache->destroy('sql', MODERATOR_CACHE_TABLE);
|
}
/**
| }
/**
|
Line 3213 | Line 3379 |
---|
$row = $db->sql_fetchrow($result); $db->sql_freeresult($result);
|
$row = $db->sql_fetchrow($result); $db->sql_freeresult($result);
|
if (!$row)
| if (!$row || ($row['group_type'] == GROUP_SPECIAL && empty($user->lang)))
|
{ return ''; }
| { return ''; }
|
Line 3354 | Line 3520 |
---|
} update_foes(array($group_id)); }
|
} update_foes(array($group_id)); }
|
| }
/** * Funtion to make a user leave the NEWLY_REGISTERED system group. * @access public * @param $user_id The id of the user to remove from the group */ function remove_newly_registered($user_id, $user_data = false) { global $db;
if ($user_data === false) { $sql = 'SELECT * FROM ' . USERS_TABLE . ' WHERE user_id = ' . $user_id; $result = $db->sql_query($sql); $user_row = $db->sql_fetchrow($result); $db->sql_freeresult($result);
if (!$user_row) { return false; } else { $user_data = $user_row; } }
if (empty($user_data['user_new'])) { return false; }
$sql = 'SELECT group_id FROM ' . GROUPS_TABLE . " WHERE group_name = 'NEWLY_REGISTERED' AND group_type = " . GROUP_SPECIAL; $result = $db->sql_query($sql); $group_id = (int) $db->sql_fetchfield('group_id'); $db->sql_freeresult($result);
if (!$group_id) { return false; }
// We need to call group_user_del here, because this function makes sure everything is correctly changed. // A downside for a call within the session handler is that the language is not set up yet - so no log entry group_user_del($group_id, $user_id);
// Set user_new to 0 to let this not be triggered again $sql = 'UPDATE ' . USERS_TABLE . ' SET user_new = 0 WHERE user_id = ' . $user_id; $db->sql_query($sql);
// The new users group was the users default group? if ($user_data['group_id'] == $group_id) { // Which group is now the users default one? $sql = 'SELECT group_id FROM ' . USERS_TABLE . ' WHERE user_id = ' . $user_id; $result = $db->sql_query($sql); $user_data['group_id'] = $db->sql_fetchfield('group_id'); $db->sql_freeresult($result); }
return $user_data['group_id']; }
/** * Gets user ids of currently banned registered users. * * @param array $user_ids Array of users' ids to check for banning, * leave empty to get complete list of banned ids * @return array Array of banned users' ids if any, empty array otherwise */ function phpbb_get_banned_user_ids($user_ids = array()) { global $db;
$sql_user_ids = (!empty($user_ids)) ? $db->sql_in_set('ban_userid', $user_ids) : 'ban_userid <> 0';
// Get banned User ID's // Ignore stale bans which were not wiped yet $banned_ids_list = array(); $sql = 'SELECT ban_userid FROM ' . BANLIST_TABLE . " WHERE $sql_user_ids AND ban_exclude <> 1 AND (ban_end > " . time() . ' OR ban_end = 0)'; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $user_id = (int) $row['ban_userid']; $banned_ids_list[$user_id] = $user_id; } $db->sql_freeresult($result);
return $banned_ids_list;
|
}
?>
| }
?>
|