phpBB

Code Changes

File: includes/functions_user.php

  Unmodified   Added   Modified   Removed
Line 330Line 330

/**
* Remove User


/**
* Remove User

 
 *
* @param string $mode 'retain' or 'remove'
* @param int $user_id
* @param mixed $post_username
* @return bool

*/
function user_delete($mode, $user_id, $post_username = false)
{

*/
function user_delete($mode, $user_id, $post_username = false)
{

	global $cache, $config, $db, $user, $auth;

	global $cache, $config, $db, $user;

	global $phpbb_root_path, $phpEx;

$sql = 'SELECT *

	global $phpbb_root_path, $phpEx;

$sql = 'SELECT *

Line 437Line 442
				$sql = 'UPDATE ' . POSTS_TABLE . '
SET poster_id = ' . ANONYMOUS . ", post_username = '" . $db->sql_escape($post_username) . "'
WHERE poster_id = $user_id";

				$sql = 'UPDATE ' . POSTS_TABLE . '
SET poster_id = ' . ANONYMOUS . ", post_username = '" . $db->sql_escape($post_username) . "'
WHERE poster_id = $user_id";

				$db->sql_query($sql);

$sql = 'UPDATE ' . POSTS_TABLE . '
SET post_edit_user = ' . ANONYMOUS . "
WHERE post_edit_user = $user_id";

 
				$db->sql_query($sql);

$sql = 'UPDATE ' . TOPICS_TABLE . '

				$db->sql_query($sql);

$sql = 'UPDATE ' . TOPICS_TABLE . '

Line 480Line 480
			if (!function_exists('delete_posts'))
{
include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);

			if (!function_exists('delete_posts'))
{
include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);

			}

$sql = 'SELECT topic_id, COUNT(post_id) AS total_posts
FROM ' . POSTS_TABLE . "
WHERE poster_id = $user_id
GROUP BY topic_id";
$result = $db->sql_query($sql);

$topic_id_ary = array();
while ($row = $db->sql_fetchrow($result))
{
$topic_id_ary[$row['topic_id']] = $row['total_posts'];
}
$db->sql_freeresult($result);

if (sizeof($topic_id_ary))
{
$sql = 'SELECT topic_id, topic_replies, topic_replies_real
FROM ' . TOPICS_TABLE . '
WHERE ' . $db->sql_in_set('topic_id', array_keys($topic_id_ary));
$result = $db->sql_query($sql);

$del_topic_ary = array();
while ($row = $db->sql_fetchrow($result))
{
if (max($row['topic_replies'], $row['topic_replies_real']) + 1 == $topic_id_ary[$row['topic_id']])
{
$del_topic_ary[] = $row['topic_id'];
}
}
$db->sql_freeresult($result);

if (sizeof($del_topic_ary))
{
$sql = 'DELETE FROM ' . TOPICS_TABLE . '
WHERE ' . $db->sql_in_set('topic_id', $del_topic_ary);
$db->sql_query($sql);
}

 
			}

// Delete posts, attachments, etc.

			}

// Delete posts, attachments, etc.

Line 538Line 500
	}

$cache->destroy('sql', MODERATOR_CACHE_TABLE);

	}

$cache->destroy('sql', MODERATOR_CACHE_TABLE);

 

// Change user_id to anonymous for posts edited by this user
$sql = 'UPDATE ' . POSTS_TABLE . '
SET post_edit_user = ' . ANONYMOUS . '
WHERE post_edit_user = ' . $user_id;
$db->sql_query($sql);

// Change user_id to anonymous for pms edited by this user
$sql = 'UPDATE ' . PRIVMSGS_TABLE . '
SET message_edit_user = ' . ANONYMOUS . '
WHERE message_edit_user = ' . $user_id;
$db->sql_query($sql);


// Delete user log entries about this user
$sql = 'DELETE FROM ' . LOG_TABLE . '


// Delete user log entries about this user
$sql = 'DELETE FROM ' . LOG_TABLE . '

Line 566Line 540
		WHERE session_user_id = ' . $user_id;
$db->sql_query($sql);


		WHERE session_user_id = ' . $user_id;
$db->sql_query($sql);


	// Remove any undelivered mails...
$sql = 'SELECT msg_id, user_id
FROM ' . PRIVMSGS_TO_TABLE . '
WHERE author_id = ' . $user_id . '
AND folder_id = ' . PRIVMSGS_NO_BOX;
$result = $db->sql_query($sql);

$undelivered_msg = $undelivered_user = array();
while ($row = $db->sql_fetchrow($result))

	// Clean the private messages tables from the user
if (!function_exists('phpbb_delete_user_pms'))








	{

	{

		$undelivered_msg[] = $row['msg_id'];
$undelivered_user[$row['user_id']][] = true;
}
$db->sql_freeresult($result);

if (sizeof($undelivered_msg))
{
$sql = 'DELETE FROM ' . PRIVMSGS_TABLE . '
WHERE ' . $db->sql_in_set('msg_id', $undelivered_msg);
$db->sql_query($sql);
}

$sql = 'DELETE FROM ' . PRIVMSGS_TO_TABLE . '
WHERE author_id = ' . $user_id . '
AND folder_id = ' . PRIVMSGS_NO_BOX;
$db->sql_query($sql);

// Delete all to-information
$sql = 'DELETE FROM ' . PRIVMSGS_TO_TABLE . '
WHERE user_id = ' . $user_id;
$db->sql_query($sql);

// Set the remaining author id to anonymous - this way users are still able to read messages from users being removed
$sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . '
SET author_id = ' . ANONYMOUS . '
WHERE author_id = ' . $user_id;
$db->sql_query($sql);

$sql = 'UPDATE ' . PRIVMSGS_TABLE . '
SET author_id = ' . ANONYMOUS . '
WHERE author_id = ' . $user_id;
$db->sql_query($sql);

foreach ($undelivered_user as $_user_id => $ary)
{
if ($_user_id == $user_id)
{
continue;
}

$sql = 'UPDATE ' . USERS_TABLE . '
SET user_new_privmsg = user_new_privmsg - ' . sizeof($ary) . ',
user_unread_privmsg = user_unread_privmsg - ' . sizeof($ary) . '
WHERE user_id = ' . $_user_id;
$db->sql_query($sql);

		include($phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx);













































	}

	}

 
	phpbb_delete_user_pms($user_id);


$db->sql_transaction('commit');



$db->sql_transaction('commit');


Line 771Line 695
			}
else
{

			}
else
{

				trigger_error('LENGTH_BAN_INVALID');

				trigger_error('LENGTH_BAN_INVALID', E_USER_WARNING);

			}
}
}

			}
}
}

Line 831Line 755
			// Make sure we have been given someone to ban
if (!sizeof($sql_usernames))
{

			// Make sure we have been given someone to ban
if (!sizeof($sql_usernames))
{

				trigger_error('NO_USER_SPECIFIED');

				trigger_error('NO_USER_SPECIFIED', E_USER_WARNING);

			}

$sql = 'SELECT user_id

			}

$sql = 'SELECT user_id

Line 862Line 786
			else
{
$db->sql_freeresult($result);

			else
{
$db->sql_freeresult($result);

				trigger_error('NO_USERS');

				trigger_error('NO_USERS', E_USER_WARNING);

			}
$db->sql_freeresult($result);
break;

			}
$db->sql_freeresult($result);
break;

Line 964Line 888

if (empty($banlist_ary))
{


if (empty($banlist_ary))
{

					trigger_error('NO_IPS_DEFINED');

					trigger_error('NO_IPS_DEFINED', E_USER_WARNING);

				}
}
break;

				}
}
break;

Line 992Line 916

if (sizeof($ban_list) == 0)
{


if (sizeof($ban_list) == 0)
{

				trigger_error('NO_EMAILS_DEFINED');

				trigger_error('NO_EMAILS_DEFINED', E_USER_WARNING);

			}
break;

default:

			}
break;

default:

			trigger_error('NO_MODE');

			trigger_error('NO_MODE', E_USER_WARNING);

		break;
}


		break;
}


Line 1335Line 1259
		{
$function = array_shift($validate);
array_unshift($validate, $data[$var]);

		{
$function = array_shift($validate);
array_unshift($validate, $data[$var]);

 
			$function_prefix = (function_exists('phpbb_validate_' . $function)) ? 'phpbb_validate_' : 'validate_';





			if ($result = call_user_func_array('validate_' . $function, $validate))

			if ($result = call_user_func_array($function_prefix . $function, $validate))

			{
// Since errors are checked later for their language file existence, we need to make sure custom errors are not adjusted.
$error[] = (empty($user->lang[$result . '_' . strtoupper($var)])) ? $result : $result . '_' . strtoupper($var);

			{
// Since errors are checked later for their language file existence, we need to make sure custom errors are not adjusted.
$error[] = (empty($user->lang[$result . '_' . strtoupper($var)])) ? $result : $result . '_' . strtoupper($var);

Line 1457Line 1382
	}

return false;

	}

return false;

 
}

/**
* Validate Language Pack ISO Name
*
* Tests whether a language name is valid and installed
*
* @param string $lang_iso The language string to test
*
* @return bool|string Either false if validation succeeded or
* a string which will be used as the error message
* (with the variable name appended)
*/
function validate_language_iso_name($lang_iso)
{
global $db;

$sql = 'SELECT lang_id
FROM ' . LANG_TABLE . "
WHERE lang_iso = '" . $db->sql_escape($lang_iso) . "'";
$result = $db->sql_query($sql);
$lang_id = (int) $db->sql_fetchfield('lang_id');
$db->sql_freeresult($result);

return ($lang_id) ? false : 'WRONG_DATA';

}

/**

}

/**

Line 1616Line 1566
*/
function validate_password($password)
{

*/
function validate_password($password)
{

	global $config, $db, $user;

	global $config;





	if (!$password)

	if ($password === '' || $config['pass_complex'] === 'PASS_TYPE_ANY')

	{

	{

 
		// Password empty or no password complexity required.

		return false;
}


		return false;
}


Line 1630Line 1581
	{
$upp = '\p{Lu}';
$low = '\p{Ll}';

	{
$upp = '\p{Lu}';
$low = '\p{Ll}';

		$let = '\p{L}';

 
		$num = '\p{N}';
$sym = '[^\p{Lu}\p{Ll}\p{N}]';
$pcre = true;

		$num = '\p{N}';
$sym = '[^\p{Lu}\p{Ll}\p{N}]';
$pcre = true;

Line 1640Line 1590
		mb_regex_encoding('UTF-8');
$upp = '[[:upper:]]';
$low = '[[:lower:]]';

		mb_regex_encoding('UTF-8');
$upp = '[[:upper:]]';
$low = '[[:lower:]]';

		$let = '[[:lower:][:upper:]]';

 
		$num = '[[:digit:]]';
$sym = '[^[:upper:][:lower:][:digit:]]';
$mbstring = true;

		$num = '[[:digit:]]';
$sym = '[^[:upper:][:lower:][:digit:]]';
$mbstring = true;

Line 1649Line 1598
	{
$upp = '[A-Z]';
$low = '[a-z]';

	{
$upp = '[A-Z]';
$low = '[a-z]';

		$let = '[a-zA-Z]';

 
		$num = '[0-9]';
$sym = '[^A-Za-z0-9]';
$pcre = true;

		$num = '[0-9]';
$sym = '[^A-Za-z0-9]';
$pcre = true;

Line 1659Line 1607

switch ($config['pass_complex'])
{


switch ($config['pass_complex'])
{

		case 'PASS_TYPE_CASE':
$chars[] = $low;
$chars[] = $upp;
break;




		// No break statements below ...
// We require strong passwords in case pass_complex is not set or is invalid
default:

// Require mixed case letters, numbers and symbols
case 'PASS_TYPE_SYMBOL':
$chars[] = $sym;





 
		// Require mixed case letters and numbers

		case 'PASS_TYPE_ALPHA':

		case 'PASS_TYPE_ALPHA':

			$chars[] = $let;

 
			$chars[] = $num;

			$chars[] = $num;

		break;

 




		case 'PASS_TYPE_SYMBOL':


		// Require mixed case letters
case 'PASS_TYPE_CASE':

			$chars[] = $low;
$chars[] = $upp;

			$chars[] = $low;
$chars[] = $upp;

			$chars[] = $num;
$chars[] = $sym;
break;

 
	}

if ($pcre)

	}

if ($pcre)

Line 1961Line 1909
	}

return false;

	}

return false;

 
}

/**
* Validate hex colour value
*
* @param string $colour The hex colour value
* @param bool $optional Whether the colour value is optional. True if an empty
* string will be accepted as correct input, false if not.
* @return bool|string Error message if colour value is incorrect, false if it
* fits the hex colour code
*/
function phpbb_validate_hex_colour($colour, $optional = false)
{
if ($colour === '')
{
return (($optional) ? false : 'WRONG_DATA');
}

if (!preg_match('/^([0-9a-fA-F]{6}|[0-9a-fA-F]{3})$/', $colour))
{
return 'WRONG_DATA';
}

return false;
}

/**
* Verifies whether a style ID corresponds to an active style.
*
* @param int $style_id The style_id of a style which should be checked if activated or not.
* @return boolean
*/
function phpbb_style_is_active($style_id)
{
global $db;

$sql = 'SELECT style_active
FROM ' . STYLES_TABLE . '
WHERE style_id = '. (int) $style_id;
$result = $db->sql_query($sql);

$style_is_active = (bool) $db->sql_fetchfield('style_active');
$db->sql_freeresult($result);

return $style_is_active;

}

/**

}

/**

Line 2080Line 2073

// Init upload class
include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);


// Init upload class
include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);

	$upload = new fileupload('AVATAR_', array('jpg', 'jpeg', 'gif', 'png'), $config['avatar_filesize'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], explode('|', $config['mime_triggers']));

	$upload = new fileupload('AVATAR_', array('jpg', 'jpeg', 'gif', 'png'), $config['avatar_filesize'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], (isset($config['mime_triggers']) ? explode('|', $config['mime_triggers']) : false));


if (!empty($_FILES['uploadfile']['name']))
{


if (!empty($_FILES['uploadfile']['name']))
{

Line 3600Line 3593
	}

return $user_data['group_id'];

	}

return $user_data['group_id'];

 
}

/**
* Gets user ids of currently banned registered users.
*
* @param array $user_ids Array of users' ids to check for banning,
* leave empty to get complete list of banned ids
* @return array Array of banned users' ids if any, empty array otherwise
*/
function phpbb_get_banned_user_ids($user_ids = array())
{
global $db;

$sql_user_ids = (!empty($user_ids)) ? $db->sql_in_set('ban_userid', $user_ids) : 'ban_userid <> 0';

// Get banned User ID's
// Ignore stale bans which were not wiped yet
$banned_ids_list = array();
$sql = 'SELECT ban_userid
FROM ' . BANLIST_TABLE . "
WHERE $sql_user_ids
AND ban_exclude <> 1
AND (ban_end > " . time() . '
OR ban_end = 0)';
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
$user_id = (int) $row['ban_userid'];
$banned_ids_list[$user_id] = $user_id;
}
$db->sql_freeresult($result);

return $banned_ids_list;

}

?>

}

?>