phpBB

Code Changes

File: includes/functions_user.php

  Unmodified   Added   Modified   Removed
Line 26Line 26
* @param array &$user_id_ary The user ids to check or empty if usernames used
* @param array &$username_ary The usernames to check or empty if user ids used
* @param mixed $user_type Array of user types to check, false if not restricting by user type

* @param array &$user_id_ary The user ids to check or empty if usernames used
* @param array &$username_ary The usernames to check or empty if user ids used
* @param mixed $user_type Array of user types to check, false if not restricting by user type

 
* @param boolean $update_references If false, the supplied array is unset and appears unchanged from where it was called
* @return boolean|string Returns false on success, error string on failure

*/

*/

function user_get_id_name(&$user_id_ary, &$username_ary, $user_type = false)

function user_get_id_name(&$user_id_ary, &$username_ary, $user_type = false, $update_references = false)

{
global $db;


{
global $db;


Line 50Line 52
	}

$sql_in = ($which_ary == 'user_id_ary') ? array_map('intval', ${$which_ary}) : array_map('utf8_clean_string', ${$which_ary});

	}

$sql_in = ($which_ary == 'user_id_ary') ? array_map('intval', ${$which_ary}) : array_map('utf8_clean_string', ${$which_ary});

 

// By unsetting the array here, the values passed in at the point user_get_id_name() was called will be retained.
// Otherwise, if we don't unset (as the array was passed by reference) the original array will be updated below.
if ($update_references === false)
{

	unset(${$which_ary});

	unset(${$which_ary});

 
	}


$user_id_ary = $username_ary = array();



$user_id_ary = $username_ary = array();


Line 416Line 424
}

/**

}

/**

 * Remove User

 * Delete user(s) and their related data

 *

 *

 * @param string	$mode		Either 'retain' or 'remove'
* @param mixed $user_ids Either an array of integers or an integer
* @param bool $retain_username

 * @param string	$mode				Mode of posts deletion (retain|delete)
* @param mixed $user_ids Either an array of integers or an integer
* @param bool $retain_username True if username should be retained, false otherwise

 * @return bool
*/
function user_delete($mode, $user_ids, $retain_username = true)

 * @return bool
*/
function user_delete($mode, $user_ids, $retain_username = true)

Line 454Line 462
	}

/**

	}

/**

	* Event before a user is deleted

	 * Event before of the performing of the user(s) delete action

	*
* @event core.delete_user_before

	*
* @event core.delete_user_before

	* @var	string	mode		Mode of deletion (retain/delete posts)
* @var array user_ids IDs of the deleted user
* @var mixed retain_username True if username should be retained
* or false if not

	 * @var string	mode				Mode of posts deletion (retain|delete)
* @var array user_ids ID(s) of the user(s) bound to be deleted
* @var bool retain_username True if username should be retained, false otherwise
* @var array user_rows Array containing data of the user(s) bound to be deleted

	* @since 3.1.0-a1

	* @since 3.1.0-a1

 
	 * @changed 3.2.4-RC1 Added user_rows

	*/

	*/

	$vars = array('mode', 'user_ids', 'retain_username');

	$vars = array('mode', 'user_ids', 'retain_username', 'user_rows');

	extract($phpbb_dispatcher->trigger_event('core.delete_user_before', compact($vars)));

// Before we begin, we will remove the reports the user issued.

	extract($phpbb_dispatcher->trigger_event('core.delete_user_before', compact($vars)));

// Before we begin, we will remove the reports the user issued.

Line 664Line 673
		delete_posts('poster_id', $user_ids);
}


		delete_posts('poster_id', $user_ids);
}


	$table_ary = array(USERS_TABLE, USER_GROUP_TABLE, TOPICS_WATCH_TABLE, FORUMS_WATCH_TABLE, ACL_USERS_TABLE, TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, FORUMS_TRACK_TABLE, PROFILE_FIELDS_DATA_TABLE, MODERATOR_CACHE_TABLE, DRAFTS_TABLE, BOOKMARKS_TABLE, SESSIONS_KEYS_TABLE, PRIVMSGS_FOLDER_TABLE, PRIVMSGS_RULES_TABLE);





















	$table_ary = [
USERS_TABLE,
USER_GROUP_TABLE,
TOPICS_WATCH_TABLE,
FORUMS_WATCH_TABLE,
ACL_USERS_TABLE,
TOPICS_TRACK_TABLE,
TOPICS_POSTED_TABLE,
FORUMS_TRACK_TABLE,
PROFILE_FIELDS_DATA_TABLE,
MODERATOR_CACHE_TABLE,
DRAFTS_TABLE,
BOOKMARKS_TABLE,
SESSIONS_KEYS_TABLE,
PRIVMSGS_FOLDER_TABLE,
PRIVMSGS_RULES_TABLE,
$phpbb_container->getParameter('tables.auth_provider_oauth_token_storage'),
$phpbb_container->getParameter('tables.auth_provider_oauth_states'),
$phpbb_container->getParameter('tables.auth_provider_oauth_account_assoc'),
$phpbb_container->getParameter('tables.user_notifications')
];





 
	// Ignore errors on deleting from non-existent tables, e.g. when migrating
$db->sql_return_on_error(true);

	// Delete the miscellaneous (non-post) data for the user
foreach ($table_ary as $table)
{

	// Delete the miscellaneous (non-post) data for the user
foreach ($table_ary as $table)
{

Line 673Line 704
			WHERE " . $user_id_sql;
$db->sql_query($sql);
}

			WHERE " . $user_id_sql;
$db->sql_query($sql);
}

 
	$db->sql_return_on_error();


$cache->destroy('sql', MODERATOR_CACHE_TABLE);



$cache->destroy('sql', MODERATOR_CACHE_TABLE);


Line 728Line 760
	$db->sql_query($sql);

// Clean the private messages tables from the user

	$db->sql_query($sql);

// Clean the private messages tables from the user

	if (!function_exists('phpbb_delete_user_pms'))

	if (!function_exists('phpbb_delete_users_pms'))

	{
include($phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx);
}

	{
include($phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx);
}

Line 740Line 772
	$db->sql_transaction('commit');

/**

	$db->sql_transaction('commit');

/**

	* Event after a user is deleted

	 * Event after the user(s) delete action has been performed

	*
* @event core.delete_user_after

	*
* @event core.delete_user_after

	* @var	string	mode		Mode of deletion (retain/delete posts)
* @var array user_ids IDs of the deleted user
* @var mixed retain_username True if username should be retained
* or false if not
* @var array user_rows Array containing data of the deleted users

	 * @var string	mode				Mode of posts deletion (retain|delete)
* @var array user_ids ID(s) of the deleted user(s)
* @var bool retain_username True if username should be retained, false otherwise
* @var array user_rows Array containing data of the deleted user(s)


	* @since 3.1.0-a1
* @changed 3.2.2-RC1 Added user_rows
*/

	* @since 3.1.0-a1
* @changed 3.2.2-RC1 Added user_rows
*/

Line 1013Line 1044
					$banlist_ary[] = (int) $row['user_id'];
}
while ($row = $db->sql_fetchrow($result));

					$banlist_ary[] = (int) $row['user_id'];
}
while ($row = $db->sql_fetchrow($result));

 

$db->sql_freeresult($result);

			}
else
{
$db->sql_freeresult($result);

			}
else
{
$db->sql_freeresult($result);

 


				trigger_error('NO_USERS', E_USER_WARNING);
}

				trigger_error('NO_USERS', E_USER_WARNING);
}

			$db->sql_freeresult($result);

 
		break;

case 'ip':

		break;

case 'ip':

Line 1427Line 1460
		return '';
}


		return '';
}


	if (preg_match(get_preg_expression('ipv4'), $ip))
{
// IPv4 address
$whois_host = 'whois.arin.net.';
}
else if (preg_match(get_preg_expression('ipv6'), $ip))
{
// IPv6 address
$whois_host = 'whois.sixxs.net.';
}
else

	if (!preg_match(get_preg_expression('ipv4'), $ip) && !preg_match(get_preg_expression('ipv6'), $ip))











	{
return '';
}

	{
return '';
}

 

// IPv4 & IPv6 addresses
$whois_host = 'whois.arin.net.';


$ipwhois = '';

if (($fsk = @fsockopen($whois_host, 43)))
{
// CRLF as per RFC3912


$ipwhois = '';

if (($fsk = @fsockopen($whois_host, 43)))
{
// CRLF as per RFC3912

		fputs($fsk, "$ip\r\n");


		// Z to limit the query to all possible flags (whois.arin.net)
fputs($fsk, "z $ip\r\n");

		while (!feof($fsk))
{
$ipwhois .= fgets($fsk, 1024);

		while (!feof($fsk))
{
$ipwhois .= fgets($fsk, 1024);

Line 1692Line 1719
	return (in_array($timezone, phpbb_get_timezone_identifiers($timezone))) ? false : 'TIMEZONE_INVALID';
}


	return (in_array($timezone, phpbb_get_timezone_identifiers($timezone))) ? false : 'TIMEZONE_INVALID';
}


/**



/***
* Validate Username
*

* Check to see if the username has been taken, or if it is disallowed.

* Check to see if the username has been taken, or if it is disallowed.

* Also checks if it includes the " character, which we don't allow in usernames.


 * Also checks if it includes the " character or the 4-bytes Unicode ones
* (aka emojis) which we don't allow in usernames.

* Used for registering, changing names, and posting anonymously with a username
*

* Used for registering, changing names, and posting anonymously with a username
*

* @param string $username The username to check
* @param string $allowed_username An allowed username, default being $user->data['username']

 * @param string	$username				The username to check
* @param string $allowed_username An allowed username, default being $user->data['username']

*

*

* @return	mixed	Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)


 * @return mixed							Either false if validation succeeded or a string which will be
* used as the error message (with the variable name appended)

*/

*/

function validate_username($username, $allowed_username = false)

function validate_username($username, $allowed_username = false, $allow_all_names = false)

{
global $config, $db, $user, $cache;


{
global $config, $db, $user, $cache;


Line 1712Line 1743
	if ($allowed_username == $clean_username)
{
return false;

	if ($allowed_username == $clean_username)
{
return false;

 
	}

// The very first check is for
// out-of-bounds characters that are currently
// not supported by utf8_bin in MySQL
if (preg_match('/[\x{10000}-\x{10FFFF}]/u', $username))
{
return 'INVALID_EMOJIS';

	}

// ... fast checks first.

	}

// ... fast checks first.

Line 1777Line 1816
		return 'USERNAME_TAKEN';
}


		return 'USERNAME_TAKEN';
}


 
	if (!$allow_all_names)
{

	$bad_usernames = $cache->obtain_disallowed_usernames();

foreach ($bad_usernames as $bad_username)

	$bad_usernames = $cache->obtain_disallowed_usernames();

foreach ($bad_usernames as $bad_username)

Line 1784Line 1825
		if (preg_match('#^' . $bad_username . '$#', $clean_username))
{
return 'USERNAME_DISALLOWED';

		if (preg_match('#^' . $bad_username . '$#', $clean_username))
{
return 'USERNAME_DISALLOWED';

 
			}

		}
}


		}
}


Line 1904Line 1946
		return $validate_email;
}


		return $validate_email;
}


	if (($ban_reason = $user->check_ban(false, false, $email, true)) !== false)


	$ban = $user->check_ban(false, false, $email, true);
if (!empty($ban))

	{

	{

		return ($ban_reason === true) ? 'EMAIL_BANNED' : $ban_reason;

		return !empty($ban['ban_give_reason']) ? $ban['ban_give_reason'] : 'EMAIL_BANNED';

	}

if (!$config['allow_emailreuse'])

	}

if (!$config['allow_emailreuse'])

Line 2679Line 2722
	if (empty($user_id_ary) || $result !== false)
{
return 'NO_USER';

	if (empty($user_id_ary) || $result !== false)
{
return 'NO_USER';

 
	}

// Because the item that gets passed into the previous function is unset, the reference is lost and our original
// array is retained - so we know there's a problem if there's a different number of ids to usernames now.
if (count($user_id_ary) != count($username_ary))
{
return 'GROUP_USERS_INVALID';

	}

// Remove users who are already members of this group

	}

// Remove users who are already members of this group

Line 3600Line 3650
		{
$user_data = $user_row;
}

		{
$user_data = $user_row;
}

	}

if (empty($user_data['user_new']))
{
return false;

 
	}

$sql = 'SELECT group_id

	}

$sql = 'SELECT group_id