phpBB

Code Changes

File: includes/functions_user.php

  Unmodified   Added   Modified   Removed
Line 26Line 26
* @param array &$user_id_ary The user ids to check or empty if usernames used
* @param array &$username_ary The usernames to check or empty if user ids used
* @param mixed $user_type Array of user types to check, false if not restricting by user type

* @param array &$user_id_ary The user ids to check or empty if usernames used
* @param array &$username_ary The usernames to check or empty if user ids used
* @param mixed $user_type Array of user types to check, false if not restricting by user type

 
* @param boolean $update_references If false, the supplied array is unset and appears unchanged from where it was called
* @return boolean|string Returns false on success, error string on failure

*/

*/

function user_get_id_name(&$user_id_ary, &$username_ary, $user_type = false)

function user_get_id_name(&$user_id_ary, &$username_ary, $user_type = false, $update_references = false)

{
global $db;


{
global $db;


Line 50Line 52
	}

$sql_in = ($which_ary == 'user_id_ary') ? array_map('intval', ${$which_ary}) : array_map('utf8_clean_string', ${$which_ary});

	}

$sql_in = ($which_ary == 'user_id_ary') ? array_map('intval', ${$which_ary}) : array_map('utf8_clean_string', ${$which_ary});

 

// By unsetting the array here, the values passed in at the point user_get_id_name() was called will be retained.
// Otherwise, if we don't unset (as the array was passed by reference) the original array will be updated below.
if ($update_references === false)
{

	unset(${$which_ary});

	unset(${$which_ary});

 
	}


$user_id_ary = $username_ary = array();



$user_id_ary = $username_ary = array();


Line 416Line 424
}

/**

}

/**

 * Remove User

 * Delete user(s) and their related data

 *

 *

 * @param string	$mode		Either 'retain' or 'remove'
* @param mixed $user_ids Either an array of integers or an integer
* @param bool $retain_username

 * @param string	$mode				Mode of posts deletion (retain|delete)
* @param mixed $user_ids Either an array of integers or an integer
* @param bool $retain_username True if username should be retained, false otherwise

 * @return bool
*/
function user_delete($mode, $user_ids, $retain_username = true)

 * @return bool
*/
function user_delete($mode, $user_ids, $retain_username = true)

Line 454Line 462
	}

/**

	}

/**

	* Event before a user is deleted

	 * Event before of the performing of the user(s) delete action

	*
* @event core.delete_user_before

	*
* @event core.delete_user_before

	* @var	string	mode		Mode of deletion (retain/delete posts)
* @var array user_ids IDs of the deleted user
* @var mixed retain_username True if username should be retained
* or false if not
* @var array user_rows Array containing data of the deleted users

	 * @var string	mode				Mode of posts deletion (retain|delete)
* @var array user_ids ID(s) of the user(s) bound to be deleted
* @var bool retain_username True if username should be retained, false otherwise
* @var array user_rows Array containing data of the user(s) bound to be deleted


	* @since 3.1.0-a1
* @changed 3.2.4-RC1 Added user_rows
*/

	* @since 3.1.0-a1
* @changed 3.2.4-RC1 Added user_rows
*/

Line 684Line 691
		PRIVMSGS_RULES_TABLE,
$phpbb_container->getParameter('tables.auth_provider_oauth_token_storage'),
$phpbb_container->getParameter('tables.auth_provider_oauth_states'),

		PRIVMSGS_RULES_TABLE,
$phpbb_container->getParameter('tables.auth_provider_oauth_token_storage'),
$phpbb_container->getParameter('tables.auth_provider_oauth_states'),

		$phpbb_container->getParameter('tables.auth_provider_oauth_account_assoc')


		$phpbb_container->getParameter('tables.auth_provider_oauth_account_assoc'),
$phpbb_container->getParameter('tables.user_notifications')

	];

// Ignore errors on deleting from non-existent tables, e.g. when migrating

	];

// Ignore errors on deleting from non-existent tables, e.g. when migrating

Line 752Line 760
	$db->sql_query($sql);

// Clean the private messages tables from the user

	$db->sql_query($sql);

// Clean the private messages tables from the user

	if (!function_exists('phpbb_delete_user_pms'))

	if (!function_exists('phpbb_delete_users_pms'))

	{
include($phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx);
}

	{
include($phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx);
}

Line 764Line 772
	$db->sql_transaction('commit');

/**

	$db->sql_transaction('commit');

/**

	* Event after a user is deleted

	 * Event after the user(s) delete action has been performed

	*
* @event core.delete_user_after

	*
* @event core.delete_user_after

	* @var	string	mode		Mode of deletion (retain/delete posts)
* @var array user_ids IDs of the deleted user
* @var mixed retain_username True if username should be retained
* or false if not
* @var array user_rows Array containing data of the deleted users

	 * @var string	mode				Mode of posts deletion (retain|delete)
* @var array user_ids ID(s) of the deleted user(s)
* @var bool retain_username True if username should be retained, false otherwise
* @var array user_rows Array containing data of the deleted user(s)


	* @since 3.1.0-a1
* @changed 3.2.2-RC1 Added user_rows
*/

	* @since 3.1.0-a1
* @changed 3.2.2-RC1 Added user_rows
*/

Line 1037Line 1044
					$banlist_ary[] = (int) $row['user_id'];
}
while ($row = $db->sql_fetchrow($result));

					$banlist_ary[] = (int) $row['user_id'];
}
while ($row = $db->sql_fetchrow($result));

 

$db->sql_freeresult($result);

			}
else
{
$db->sql_freeresult($result);

			}
else
{
$db->sql_freeresult($result);

 


				trigger_error('NO_USERS', E_USER_WARNING);
}

				trigger_error('NO_USERS', E_USER_WARNING);
}

			$db->sql_freeresult($result);

 
		break;

case 'ip':

		break;

case 'ip':

Line 1464Line 1473
	if (($fsk = @fsockopen($whois_host, 43)))
{
// CRLF as per RFC3912

	if (($fsk = @fsockopen($whois_host, 43)))
{
// CRLF as per RFC3912

		fputs($fsk, "$ip\r\n");


		// Z to limit the query to all possible flags (whois.arin.net)
fputs($fsk, "z $ip\r\n");

		while (!feof($fsk))
{
$ipwhois .= fgets($fsk, 1024);

		while (!feof($fsk))
{
$ipwhois .= fgets($fsk, 1024);

Line 1709Line 1719
	return (in_array($timezone, phpbb_get_timezone_identifiers($timezone))) ? false : 'TIMEZONE_INVALID';
}


	return (in_array($timezone, phpbb_get_timezone_identifiers($timezone))) ? false : 'TIMEZONE_INVALID';
}


/**



/***
* Validate Username
*

* Check to see if the username has been taken, or if it is disallowed.

* Check to see if the username has been taken, or if it is disallowed.

* Also checks if it includes the " character, which we don't allow in usernames.


 * Also checks if it includes the " character or the 4-bytes Unicode ones
* (aka emojis) which we don't allow in usernames.

* Used for registering, changing names, and posting anonymously with a username
*

* Used for registering, changing names, and posting anonymously with a username
*

* @param string $username The username to check
* @param string $allowed_username An allowed username, default being $user->data['username']

 * @param string	$username				The username to check
* @param string $allowed_username An allowed username, default being $user->data['username']

*

*

* @return	mixed	Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)


 * @return mixed							Either false if validation succeeded or a string which will be
* used as the error message (with the variable name appended)

*/

*/

function validate_username($username, $allowed_username = false)

function validate_username($username, $allowed_username = false, $allow_all_names = false)

{
global $config, $db, $user, $cache;


{
global $config, $db, $user, $cache;


Line 1729Line 1743
	if ($allowed_username == $clean_username)
{
return false;

	if ($allowed_username == $clean_username)
{
return false;

 
	}

// The very first check is for
// out-of-bounds characters that are currently
// not supported by utf8_bin in MySQL
if (preg_match('/[\x{10000}-\x{10FFFF}]/u', $username))
{
return 'INVALID_EMOJIS';

	}

// ... fast checks first.

	}

// ... fast checks first.

Line 1794Line 1816
		return 'USERNAME_TAKEN';
}


		return 'USERNAME_TAKEN';
}


 
	if (!$allow_all_names)
{

	$bad_usernames = $cache->obtain_disallowed_usernames();

foreach ($bad_usernames as $bad_username)

	$bad_usernames = $cache->obtain_disallowed_usernames();

foreach ($bad_usernames as $bad_username)

Line 1801Line 1825
		if (preg_match('#^' . $bad_username . '$#', $clean_username))
{
return 'USERNAME_DISALLOWED';

		if (preg_match('#^' . $bad_username . '$#', $clean_username))
{
return 'USERNAME_DISALLOWED';

 
			}

		}
}


		}
}


Line 1921Line 1946
		return $validate_email;
}


		return $validate_email;
}


	if (($ban_reason = $user->check_ban(false, false, $email, true)) !== false)


	$ban = $user->check_ban(false, false, $email, true);
if (!empty($ban))

	{

	{

		return ($ban_reason === true) ? 'EMAIL_BANNED' : $ban_reason;

		return !empty($ban['ban_give_reason']) ? $ban['ban_give_reason'] : 'EMAIL_BANNED';

	}

if (!$config['allow_emailreuse'])

	}

if (!$config['allow_emailreuse'])

Line 2696Line 2722
	if (empty($user_id_ary) || $result !== false)
{
return 'NO_USER';

	if (empty($user_id_ary) || $result !== false)
{
return 'NO_USER';

 
	}

// Because the item that gets passed into the previous function is unset, the reference is lost and our original
// array is retained - so we know there's a problem if there's a different number of ids to usernames now.
if (count($user_id_ary) != count($username_ary))
{
return 'GROUP_USERS_INVALID';

	}

// Remove users who are already members of this group

	}

// Remove users who are already members of this group