Line 330 | Line 330 |
---|
/** * Remove User
|
/** * Remove User
|
| * * @param string $mode 'retain' or 'remove' * @param int $user_id * @param mixed $post_username * @return bool
|
*/ function user_delete($mode, $user_id, $post_username = false) {
|
*/ function user_delete($mode, $user_id, $post_username = false) {
|
global $cache, $config, $db, $user, $auth;
| global $cache, $config, $db, $user;
|
global $phpbb_root_path, $phpEx;
$sql = 'SELECT *
| global $phpbb_root_path, $phpEx;
$sql = 'SELECT *
|
Line 437 | Line 442 |
---|
$sql = 'UPDATE ' . POSTS_TABLE . ' SET poster_id = ' . ANONYMOUS . ", post_username = '" . $db->sql_escape($post_username) . "' WHERE poster_id = $user_id";
|
$sql = 'UPDATE ' . POSTS_TABLE . ' SET poster_id = ' . ANONYMOUS . ", post_username = '" . $db->sql_escape($post_username) . "' WHERE poster_id = $user_id";
|
$db->sql_query($sql);
$sql = 'UPDATE ' . POSTS_TABLE . ' SET post_edit_user = ' . ANONYMOUS . " WHERE post_edit_user = $user_id";
| |
$db->sql_query($sql);
$sql = 'UPDATE ' . TOPICS_TABLE . '
| $db->sql_query($sql);
$sql = 'UPDATE ' . TOPICS_TABLE . '
|
Line 480 | Line 480 |
---|
if (!function_exists('delete_posts')) { include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
|
if (!function_exists('delete_posts')) { include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
|
}
$sql = 'SELECT topic_id, COUNT(post_id) AS total_posts FROM ' . POSTS_TABLE . " WHERE poster_id = $user_id GROUP BY topic_id"; $result = $db->sql_query($sql);
$topic_id_ary = array(); while ($row = $db->sql_fetchrow($result)) { $topic_id_ary[$row['topic_id']] = $row['total_posts']; } $db->sql_freeresult($result);
if (sizeof($topic_id_ary)) { $sql = 'SELECT topic_id, topic_replies, topic_replies_real FROM ' . TOPICS_TABLE . ' WHERE ' . $db->sql_in_set('topic_id', array_keys($topic_id_ary)); $result = $db->sql_query($sql);
$del_topic_ary = array(); while ($row = $db->sql_fetchrow($result)) { if (max($row['topic_replies'], $row['topic_replies_real']) + 1 == $topic_id_ary[$row['topic_id']]) { $del_topic_ary[] = $row['topic_id']; } } $db->sql_freeresult($result);
if (sizeof($del_topic_ary)) { $sql = 'DELETE FROM ' . TOPICS_TABLE . ' WHERE ' . $db->sql_in_set('topic_id', $del_topic_ary); $db->sql_query($sql); }
| |
}
// Delete posts, attachments, etc.
| }
// Delete posts, attachments, etc.
|
Line 538 | Line 500 |
---|
}
$cache->destroy('sql', MODERATOR_CACHE_TABLE);
|
}
$cache->destroy('sql', MODERATOR_CACHE_TABLE);
|
| // Change user_id to anonymous for posts edited by this user $sql = 'UPDATE ' . POSTS_TABLE . ' SET post_edit_user = ' . ANONYMOUS . ' WHERE post_edit_user = ' . $user_id; $db->sql_query($sql);
// Change user_id to anonymous for pms edited by this user $sql = 'UPDATE ' . PRIVMSGS_TABLE . ' SET message_edit_user = ' . ANONYMOUS . ' WHERE message_edit_user = ' . $user_id; $db->sql_query($sql);
|
// Delete user log entries about this user $sql = 'DELETE FROM ' . LOG_TABLE . '
| // Delete user log entries about this user $sql = 'DELETE FROM ' . LOG_TABLE . '
|
Line 566 | Line 540 |
---|
WHERE session_user_id = ' . $user_id; $db->sql_query($sql);
|
WHERE session_user_id = ' . $user_id; $db->sql_query($sql);
|
// Remove any undelivered mails... $sql = 'SELECT msg_id, user_id FROM ' . PRIVMSGS_TO_TABLE . ' WHERE author_id = ' . $user_id . ' AND folder_id = ' . PRIVMSGS_NO_BOX; $result = $db->sql_query($sql);
$undelivered_msg = $undelivered_user = array(); while ($row = $db->sql_fetchrow($result))
| // Clean the private messages tables from the user if (!function_exists('phpbb_delete_user_pms'))
|
{
|
{
|
$undelivered_msg[] = $row['msg_id']; $undelivered_user[$row['user_id']][] = true; } $db->sql_freeresult($result);
if (sizeof($undelivered_msg)) { $sql = 'DELETE FROM ' . PRIVMSGS_TABLE . ' WHERE ' . $db->sql_in_set('msg_id', $undelivered_msg); $db->sql_query($sql); }
$sql = 'DELETE FROM ' . PRIVMSGS_TO_TABLE . ' WHERE author_id = ' . $user_id . ' AND folder_id = ' . PRIVMSGS_NO_BOX; $db->sql_query($sql);
// Delete all to-information $sql = 'DELETE FROM ' . PRIVMSGS_TO_TABLE . ' WHERE user_id = ' . $user_id; $db->sql_query($sql);
// Set the remaining author id to anonymous - this way users are still able to read messages from users being removed $sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . ' SET author_id = ' . ANONYMOUS . ' WHERE author_id = ' . $user_id; $db->sql_query($sql);
$sql = 'UPDATE ' . PRIVMSGS_TABLE . ' SET author_id = ' . ANONYMOUS . ' WHERE author_id = ' . $user_id; $db->sql_query($sql);
foreach ($undelivered_user as $_user_id => $ary) { if ($_user_id == $user_id) { continue; }
$sql = 'UPDATE ' . USERS_TABLE . ' SET user_new_privmsg = user_new_privmsg - ' . sizeof($ary) . ', user_unread_privmsg = user_unread_privmsg - ' . sizeof($ary) . ' WHERE user_id = ' . $_user_id; $db->sql_query($sql);
| include($phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx);
|
}
|
}
|
| phpbb_delete_user_pms($user_id);
|
$db->sql_transaction('commit');
| $db->sql_transaction('commit');
|
Line 771 | Line 695 |
---|
} else {
|
} else {
|
trigger_error('LENGTH_BAN_INVALID');
| trigger_error('LENGTH_BAN_INVALID', E_USER_WARNING);
|
} } }
| } } }
|
Line 831 | Line 755 |
---|
// Make sure we have been given someone to ban if (!sizeof($sql_usernames)) {
|
// Make sure we have been given someone to ban if (!sizeof($sql_usernames)) {
|
trigger_error('NO_USER_SPECIFIED');
| trigger_error('NO_USER_SPECIFIED', E_USER_WARNING);
|
}
$sql = 'SELECT user_id
| }
$sql = 'SELECT user_id
|
Line 862 | Line 786 |
---|
else { $db->sql_freeresult($result);
|
else { $db->sql_freeresult($result);
|
trigger_error('NO_USERS');
| trigger_error('NO_USERS', E_USER_WARNING);
|
} $db->sql_freeresult($result); break;
| } $db->sql_freeresult($result); break;
|
Line 964 | Line 888 |
---|
if (empty($banlist_ary)) {
|
if (empty($banlist_ary)) {
|
trigger_error('NO_IPS_DEFINED');
| trigger_error('NO_IPS_DEFINED', E_USER_WARNING);
|
} } break;
| } } break;
|
Line 992 | Line 916 |
---|
if (sizeof($ban_list) == 0) {
|
if (sizeof($ban_list) == 0) {
|
trigger_error('NO_EMAILS_DEFINED');
| trigger_error('NO_EMAILS_DEFINED', E_USER_WARNING);
|
} break;
default:
|
} break;
default:
|
trigger_error('NO_MODE');
| trigger_error('NO_MODE', E_USER_WARNING);
|
break; }
| break; }
|
Line 1335 | Line 1259 |
---|
{ $function = array_shift($validate); array_unshift($validate, $data[$var]);
|
{ $function = array_shift($validate); array_unshift($validate, $data[$var]);
|
| $function_prefix = (function_exists('phpbb_validate_' . $function)) ? 'phpbb_validate_' : 'validate_';
|
|
|
if ($result = call_user_func_array('validate_' . $function, $validate))
| if ($result = call_user_func_array($function_prefix . $function, $validate))
|
{ // Since errors are checked later for their language file existence, we need to make sure custom errors are not adjusted. $error[] = (empty($user->lang[$result . '_' . strtoupper($var)])) ? $result : $result . '_' . strtoupper($var);
| { // Since errors are checked later for their language file existence, we need to make sure custom errors are not adjusted. $error[] = (empty($user->lang[$result . '_' . strtoupper($var)])) ? $result : $result . '_' . strtoupper($var);
|
Line 1457 | Line 1382 |
---|
}
return false;
|
}
return false;
|
| }
/** * Validate Language Pack ISO Name * * Tests whether a language name is valid and installed * * @param string $lang_iso The language string to test * * @return bool|string Either false if validation succeeded or * a string which will be used as the error message * (with the variable name appended) */ function validate_language_iso_name($lang_iso) { global $db;
$sql = 'SELECT lang_id FROM ' . LANG_TABLE . " WHERE lang_iso = '" . $db->sql_escape($lang_iso) . "'"; $result = $db->sql_query($sql); $lang_id = (int) $db->sql_fetchfield('lang_id'); $db->sql_freeresult($result);
return ($lang_id) ? false : 'WRONG_DATA';
|
}
/**
| }
/**
|
Line 1616 | Line 1566 |
---|
*/ function validate_password($password) {
|
*/ function validate_password($password) {
|
global $config, $db, $user;
| global $config;
|
|
|
if (!$password)
| if ($password === '' || $config['pass_complex'] === 'PASS_TYPE_ANY')
|
{
|
{
|
| // Password empty or no password complexity required.
|
return false; }
| return false; }
|
Line 1630 | Line 1581 |
---|
{ $upp = '\p{Lu}'; $low = '\p{Ll}';
|
{ $upp = '\p{Lu}'; $low = '\p{Ll}';
|
$let = '\p{L}';
| |
$num = '\p{N}'; $sym = '[^\p{Lu}\p{Ll}\p{N}]'; $pcre = true;
| $num = '\p{N}'; $sym = '[^\p{Lu}\p{Ll}\p{N}]'; $pcre = true;
|
Line 1640 | Line 1590 |
---|
mb_regex_encoding('UTF-8'); $upp = '[[:upper:]]'; $low = '[[:lower:]]';
|
mb_regex_encoding('UTF-8'); $upp = '[[:upper:]]'; $low = '[[:lower:]]';
|
$let = '[[:lower:][:upper:]]';
| |
$num = '[[:digit:]]'; $sym = '[^[:upper:][:lower:][:digit:]]'; $mbstring = true;
| $num = '[[:digit:]]'; $sym = '[^[:upper:][:lower:][:digit:]]'; $mbstring = true;
|
Line 1649 | Line 1598 |
---|
{ $upp = '[A-Z]'; $low = '[a-z]';
|
{ $upp = '[A-Z]'; $low = '[a-z]';
|
$let = '[a-zA-Z]';
| |
$num = '[0-9]'; $sym = '[^A-Za-z0-9]'; $pcre = true;
| $num = '[0-9]'; $sym = '[^A-Za-z0-9]'; $pcre = true;
|
Line 1659 | Line 1607 |
---|
switch ($config['pass_complex']) {
|
switch ($config['pass_complex']) {
|
case 'PASS_TYPE_CASE': $chars[] = $low; $chars[] = $upp; break;
| // No break statements below ... // We require strong passwords in case pass_complex is not set or is invalid default:
// Require mixed case letters, numbers and symbols case 'PASS_TYPE_SYMBOL': $chars[] = $sym;
|
|
|
| // Require mixed case letters and numbers
|
case 'PASS_TYPE_ALPHA':
|
case 'PASS_TYPE_ALPHA':
|
$chars[] = $let;
| |
$chars[] = $num;
|
$chars[] = $num;
|
break;
| |
|
|
case 'PASS_TYPE_SYMBOL':
| // Require mixed case letters case 'PASS_TYPE_CASE':
|
$chars[] = $low; $chars[] = $upp;
|
$chars[] = $low; $chars[] = $upp;
|
$chars[] = $num; $chars[] = $sym; break;
| |
}
if ($pcre)
| }
if ($pcre)
|
Line 1961 | Line 1909 |
---|
}
return false;
|
}
return false;
|
| }
/** * Validate hex colour value * * @param string $colour The hex colour value * @param bool $optional Whether the colour value is optional. True if an empty * string will be accepted as correct input, false if not. * @return bool|string Error message if colour value is incorrect, false if it * fits the hex colour code */ function phpbb_validate_hex_colour($colour, $optional = false) { if ($colour === '') { return (($optional) ? false : 'WRONG_DATA'); }
if (!preg_match('/^([0-9a-fA-F]{6}|[0-9a-fA-F]{3})$/', $colour)) { return 'WRONG_DATA'; }
return false; }
/** * Verifies whether a style ID corresponds to an active style. * * @param int $style_id The style_id of a style which should be checked if activated or not. * @return boolean */ function phpbb_style_is_active($style_id) { global $db;
$sql = 'SELECT style_active FROM ' . STYLES_TABLE . ' WHERE style_id = '. (int) $style_id; $result = $db->sql_query($sql);
$style_is_active = (bool) $db->sql_fetchfield('style_active'); $db->sql_freeresult($result);
return $style_is_active;
|
}
/**
| }
/**
|
Line 2080 | Line 2073 |
---|
// Init upload class include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);
|
// Init upload class include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);
|
$upload = new fileupload('AVATAR_', array('jpg', 'jpeg', 'gif', 'png'), $config['avatar_filesize'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], explode('|', $config['mime_triggers']));
| $upload = new fileupload('AVATAR_', array('jpg', 'jpeg', 'gif', 'png'), $config['avatar_filesize'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], (isset($config['mime_triggers']) ? explode('|', $config['mime_triggers']) : false));
|
if (!empty($_FILES['uploadfile']['name'])) {
| if (!empty($_FILES['uploadfile']['name'])) {
|
Line 3600 | Line 3593 |
---|
}
return $user_data['group_id'];
|
}
return $user_data['group_id'];
|
| }
/** * Gets user ids of currently banned registered users. * * @param array $user_ids Array of users' ids to check for banning, * leave empty to get complete list of banned ids * @return array Array of banned users' ids if any, empty array otherwise */ function phpbb_get_banned_user_ids($user_ids = array()) { global $db;
$sql_user_ids = (!empty($user_ids)) ? $db->sql_in_set('ban_userid', $user_ids) : 'ban_userid <> 0';
// Get banned User ID's // Ignore stale bans which were not wiped yet $banned_ids_list = array(); $sql = 'SELECT ban_userid FROM ' . BANLIST_TABLE . " WHERE $sql_user_ids AND ban_exclude <> 1 AND (ban_end > " . time() . ' OR ban_end = 0)'; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $user_id = (int) $row['ban_userid']; $banned_ids_list[$user_id] = $user_id; } $db->sql_freeresult($result);
return $banned_ids_list;
|
}
?>
| }
?>
|