phpBB

Code Changes

File: includes/functions_user.php

  Unmodified   Added   Modified   Removed
Line 26Line 26
* @param array &$user_id_ary The user ids to check or empty if usernames used
* @param array &$username_ary The usernames to check or empty if user ids used
* @param mixed $user_type Array of user types to check, false if not restricting by user type

* @param array &$user_id_ary The user ids to check or empty if usernames used
* @param array &$username_ary The usernames to check or empty if user ids used
* @param mixed $user_type Array of user types to check, false if not restricting by user type

 
* @param boolean $update_references If false, the supplied array is unset and appears unchanged from where it was called
* @return boolean|string Returns false on success, error string on failure

*/

*/

function user_get_id_name(&$user_id_ary, &$username_ary, $user_type = false)

function user_get_id_name(&$user_id_ary, &$username_ary, $user_type = false, $update_references = false)

{
global $db;


{
global $db;


Line 50Line 52
	}

$sql_in = ($which_ary == 'user_id_ary') ? array_map('intval', ${$which_ary}) : array_map('utf8_clean_string', ${$which_ary});

	}

$sql_in = ($which_ary == 'user_id_ary') ? array_map('intval', ${$which_ary}) : array_map('utf8_clean_string', ${$which_ary});

 

// By unsetting the array here, the values passed in at the point user_get_id_name() was called will be retained.
// Otherwise, if we don't unset (as the array was passed by reference) the original array will be updated below.
if ($update_references === false)
{

	unset(${$which_ary});

	unset(${$which_ary});

 
	}


$user_id_ary = $username_ary = array();



$user_id_ary = $username_ary = array();


Line 684Line 692
		PRIVMSGS_RULES_TABLE,
$phpbb_container->getParameter('tables.auth_provider_oauth_token_storage'),
$phpbb_container->getParameter('tables.auth_provider_oauth_states'),

		PRIVMSGS_RULES_TABLE,
$phpbb_container->getParameter('tables.auth_provider_oauth_token_storage'),
$phpbb_container->getParameter('tables.auth_provider_oauth_states'),

		$phpbb_container->getParameter('tables.auth_provider_oauth_account_assoc')


		$phpbb_container->getParameter('tables.auth_provider_oauth_account_assoc'),
$phpbb_container->getParameter('tables.user_notifications')

	];

// Ignore errors on deleting from non-existent tables, e.g. when migrating

	];

// Ignore errors on deleting from non-existent tables, e.g. when migrating

Line 1709Line 1718
	return (in_array($timezone, phpbb_get_timezone_identifiers($timezone))) ? false : 'TIMEZONE_INVALID';
}


	return (in_array($timezone, phpbb_get_timezone_identifiers($timezone))) ? false : 'TIMEZONE_INVALID';
}


/**



/***
* Validate Username
*

* Check to see if the username has been taken, or if it is disallowed.

* Check to see if the username has been taken, or if it is disallowed.

* Also checks if it includes the " character, which we don't allow in usernames.


 * Also checks if it includes the " character or the 4-bytes Unicode ones
* (aka emojis) which we don't allow in usernames.

* Used for registering, changing names, and posting anonymously with a username
*

* Used for registering, changing names, and posting anonymously with a username
*

* @param string $username The username to check
* @param string $allowed_username An allowed username, default being $user->data['username']

 * @param string	$username				The username to check
* @param string $allowed_username An allowed username, default being $user->data['username']

*

*

* @return	mixed	Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)


 * @return mixed							Either false if validation succeeded or a string which will be
* used as the error message (with the variable name appended)

*/

*/

function validate_username($username, $allowed_username = false)

function validate_username($username, $allowed_username = false, $allow_all_names = false)

{
global $config, $db, $user, $cache;


{
global $config, $db, $user, $cache;


Line 1729Line 1742
	if ($allowed_username == $clean_username)
{
return false;

	if ($allowed_username == $clean_username)
{
return false;

 
	}

// The very first check is for
// out-of-bounds characters that are currently
// not supported by utf8_bin in MySQL
if (preg_match('/[\x{10000}-\x{10FFFF}]/u', $username))
{
return 'INVALID_EMOJIS';

	}

// ... fast checks first.

	}

// ... fast checks first.

Line 1794Line 1815
		return 'USERNAME_TAKEN';
}


		return 'USERNAME_TAKEN';
}


 
	if (!$allow_all_names)
{

	$bad_usernames = $cache->obtain_disallowed_usernames();

foreach ($bad_usernames as $bad_username)

	$bad_usernames = $cache->obtain_disallowed_usernames();

foreach ($bad_usernames as $bad_username)

Line 1801Line 1824
		if (preg_match('#^' . $bad_username . '$#', $clean_username))
{
return 'USERNAME_DISALLOWED';

		if (preg_match('#^' . $bad_username . '$#', $clean_username))
{
return 'USERNAME_DISALLOWED';

 
			}

		}
}


		}
}


Line 1921Line 1945
		return $validate_email;
}


		return $validate_email;
}


	if (($ban_reason = $user->check_ban(false, false, $email, true)) !== false)


	$ban = $user->check_ban(false, false, $email, true);
if (!empty($ban))

	{

	{

		return ($ban_reason === true) ? 'EMAIL_BANNED' : $ban_reason;

		return !empty($ban['ban_give_reason']) ? $ban['ban_give_reason'] : 'EMAIL_BANNED';

	}

if (!$config['allow_emailreuse'])

	}

if (!$config['allow_emailreuse'])

Line 2696Line 2721
	if (empty($user_id_ary) || $result !== false)
{
return 'NO_USER';

	if (empty($user_id_ary) || $result !== false)
{
return 'NO_USER';

 
	}

// Because the item that gets passed into the previous function is unset, the reference is lost and our original
// array is retained - so we know there's a problem if there's a different number of ids to usernames now.
if (count($user_id_ary) != count($username_ary))
{
return 'GROUP_USERS_INVALID';

	}

// Remove users who are already members of this group

	}

// Remove users who are already members of this group