source: Kopie - forum/includes/functions_validate.php@ 5

Last change on this file since 5 was 5, checked in by george, 18 years ago

import
File size: 5.7 KB
Line 
1<?php
2/***************************************************************************
3 * functions_validate.php
4 * -------------------
5 * begin : Saturday, Feb 13, 2001
6 * copyright : (C) 2001 The phpBB Group
7 * email : support@phpbb.com
8 *
9 * $Id: functions_validate.php,v 1.6.2.15 2005/10/30 15:17:14 acydburn Exp $
10 *
11 *
12 ***************************************************************************/
13
14/***************************************************************************
15 *
16 * This program is free software; you can redistribute it and/or modify
17 * it under the terms of the GNU General Public License as published by
18 * the Free Software Foundation; either version 2 of the License, or
19 * (at your option) any later version.
20 *
21 ***************************************************************************/
22
23//
24// Check to see if the username has been taken, or if it is disallowed.
25// Also checks if it includes the " character, which we don't allow in usernames.
26// Used for registering, changing names, and posting anonymously with a username
27//
28function validate_username($username)
29{
30 global $db, $lang, $userdata;
31
32 // Remove doubled up spaces
33 $username = preg_replace('#\s+#', ' ', trim($username));
34 $username = phpbb_clean_username($username);
35
36 $sql = "SELECT username
37 FROM " . USERS_TABLE . "
38 WHERE LOWER(username) = '" . strtolower($username) . "'";
39 if ($result = $db->sql_query($sql))
40 {
41 while ($row = $db->sql_fetchrow($result))
42 {
43 if (($userdata['session_logged_in'] && $row['username'] != $userdata['username']) || !$userdata['session_logged_in'])
44 {
45 $db->sql_freeresult($result);
46 return array('error' => true, 'error_msg' => $lang['Username_taken']);
47 }
48 }
49 }
50 $db->sql_freeresult($result);
51
52 $sql = "SELECT group_name
53 FROM " . GROUPS_TABLE . "
54 WHERE LOWER(group_name) = '" . strtolower($username) . "'";
55 if ($result = $db->sql_query($sql))
56 {
57 if ($row = $db->sql_fetchrow($result))
58 {
59 $db->sql_freeresult($result);
60 return array('error' => true, 'error_msg' => $lang['Username_taken']);
61 }
62 }
63 $db->sql_freeresult($result);
64
65 $sql = "SELECT disallow_username
66 FROM " . DISALLOW_TABLE;
67 if ($result = $db->sql_query($sql))
68 {
69 if ($row = $db->sql_fetchrow($result))
70 {
71 do
72 {
73 if (preg_match("#\b(" . str_replace("\*", ".*?", preg_quote($row['disallow_username'], '#')) . ")\b#i", $username))
74 {
75 $db->sql_freeresult($result);
76 return array('error' => true, 'error_msg' => $lang['Username_disallowed']);
77 }
78 }
79 while($row = $db->sql_fetchrow($result));
80 }
81 }
82 $db->sql_freeresult($result);
83
84 $sql = "SELECT word
85 FROM " . WORDS_TABLE;
86 if ($result = $db->sql_query($sql))
87 {
88 if ($row = $db->sql_fetchrow($result))
89 {
90 do
91 {
92 if (preg_match("#\b(" . str_replace("\*", ".*?", preg_quote($row['word'], '#')) . ")\b#i", $username))
93 {
94 $db->sql_freeresult($result);
95 return array('error' => true, 'error_msg' => $lang['Username_disallowed']);
96 }
97 }
98 while ($row = $db->sql_fetchrow($result));
99 }
100 }
101 $db->sql_freeresult($result);
102
103 // Don't allow " and ALT-255 in username.
104 if (strstr($username, '"') || strstr($username, '&quot;') || strstr($username, chr(160)))
105 {
106 return array('error' => true, 'error_msg' => $lang['Username_invalid']);
107 }
108
109 return array('error' => false, 'error_msg' => '');
110}
111
112//
113// Check to see if email address is banned
114// or already present in the DB
115//
116function validate_email($email)
117{
118 global $db, $lang;
119
120 if ($email != '')
121 {
122 if (preg_match('/^[a-z0-9&\'\.\-_\+]+@[a-z0-9\-]+\.([a-z0-9\-]+\.)*?[a-z]+$/is', $email))
123 {
124 $sql = "SELECT ban_email
125 FROM " . BANLIST_TABLE;
126 if ($result = $db->sql_query($sql))
127 {
128 if ($row = $db->sql_fetchrow($result))
129 {
130 do
131 {
132 $match_email = str_replace('*', '.*?', $row['ban_email']);
133 if (preg_match('/^' . $match_email . '$/is', $email))
134 {
135 $db->sql_freeresult($result);
136 return array('error' => true, 'error_msg' => $lang['Email_banned']);
137 }
138 }
139 while($row = $db->sql_fetchrow($result));
140 }
141 }
142 $db->sql_freeresult($result);
143
144 $sql = "SELECT user_email
145 FROM " . USERS_TABLE . "
146 WHERE user_email = '" . str_replace("\'", "''", $email) . "'";
147 if (!($result = $db->sql_query($sql)))
148 {
149 message_die(GENERAL_ERROR, "Couldn't obtain user email information.", "", __LINE__, __FILE__, $sql);
150 }
151
152 if ($row = $db->sql_fetchrow($result))
153 {
154 return array('error' => true, 'error_msg' => $lang['Email_taken']);
155 }
156 $db->sql_freeresult($result);
157
158 return array('error' => false, 'error_msg' => '');
159 }
160 }
161
162 return array('error' => true, 'error_msg' => $lang['Email_invalid']);
163}
164
165//
166// Does supplementary validation of optional profile fields. This expects common stuff like trim() and strip_tags()
167// to have already been run. Params are passed by-ref, so we can set them to the empty string if they fail.
168//
169function validate_optional_fields(&$icq, &$aim, &$msnm, &$yim, &$website, &$location, &$occupation, &$interests, &$sig)
170{
171 $check_var_length = array('aim', 'msnm', 'yim', 'location', 'occupation', 'interests', 'sig');
172
173 for($i = 0; $i < count($check_var_length); $i++)
174 {
175 if (strlen($$check_var_length[$i]) < 2)
176 {
177 $$check_var_length[$i] = '';
178 }
179 }
180
181 // ICQ number has to be only numbers.
182 if (!preg_match('/^[0-9]+$/', $icq))
183 {
184 $icq = '';
185 }
186
187 // website has to start with http://, followed by something with length at least 3 that
188 // contains at least one dot.
189 if ($website != "")
190 {
191 if (!preg_match('#^http[s]?:\/\/#i', $website))
192 {
193 $website = 'http://' . $website;
194 }
195
196 if (!preg_match('#^http[s]?\\:\\/\\/[a-z0-9\-]+\.([a-z0-9\-]+\.)?[a-z]+#i', $website))
197 {
198 $website = '';
199 }
200 }
201
202 return;
203}
204
205?>
Note: See TracBrowser for help on using the repository browser.