Context Navigation

← Previous Revision
Next Revision →
Blame
Revision Log

functions_user.php

Last change on this file was 702, checked in by george, 15 years ago
Upraveno: Aktualizace fóra.
File size: 91.3 KB

Line
1	<?php
2	/**
3	*
4	* @package phpBB3
5	* @version $Id$
6	* @copyright (c) 2005 phpBB Group
7	* @license http://opensource.org/licenses/gpl-license.php GNU Public License
8	*
9	*/
10
11	/**
12	* @ignore
13	*/
14	if (!defined('IN_PHPBB'))
15	{
16	exit;
17	}
18
19	/**
20	* Obtain user_ids from usernames or vice versa. Returns false on
21	* success else the error string
22	*
23	* @param array &$user_id_ary The user ids to check or empty if usernames used
24	* @param array &$username_ary The usernames to check or empty if user ids used
25	* @param mixed $user_type Array of user types to check, false if not restricting by user type
26	*/
27	function user_get_id_name(&$user_id_ary, &$username_ary, $user_type = false)
28	{
29	global $db;
30
31	// Are both arrays already filled? Yep, return else
32	// are neither array filled?
33	if ($user_id_ary && $username_ary)
34	{
35	return false;
36	}
37	else if (!$user_id_ary && !$username_ary)
38	{
39	return 'NO_USERS';
40	}
41
42	$which_ary = ($user_id_ary) ? 'user_id_ary' : 'username_ary';
43
44	if ($$which_ary && !is_array($$which_ary))
45	{
46	$$which_ary = array($$which_ary);
47	}
48
49	$sql_in = ($which_ary == 'user_id_ary') ? array_map('intval', $$which_ary) : array_map('utf8_clean_string', $$which_ary);
50	unset($$which_ary);
51
52	$user_id_ary = $username_ary = array();
53
54	// Grab the user id/username records
55	$sql_where = ($which_ary == 'user_id_ary') ? 'user_id' : 'username_clean';
56	$sql = 'SELECT user_id, username
57	FROM ' . USERS_TABLE . '
58	WHERE ' . $db->sql_in_set($sql_where, $sql_in);
59
60	if ($user_type !== false && !empty($user_type))
61	{
62	$sql .= ' AND ' . $db->sql_in_set('user_type', $user_type);
63	}
64
65	$result = $db->sql_query($sql);
66
67	if (!($row = $db->sql_fetchrow($result)))
68	{
69	$db->sql_freeresult($result);
70	return 'NO_USERS';
71	}
72
73	do
74	{
75	$username_ary[$row['user_id']] = $row['username'];
76	$user_id_ary[] = $row['user_id'];
77	}
78	while ($row = $db->sql_fetchrow($result));
79	$db->sql_freeresult($result);
80
81	return false;
82	}
83
84	/**
85	* Get latest registered username and update database to reflect it
86	*/
87	function update_last_username()
88	{
89	global $db;
90
91	// Get latest username
92	$sql = 'SELECT user_id, username, user_colour
93	FROM ' . USERS_TABLE . '
94	WHERE user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')
95	ORDER BY user_id DESC';
96	$result = $db->sql_query_limit($sql, 1);
97	$row = $db->sql_fetchrow($result);
98	$db->sql_freeresult($result);
99
100	if ($row)
101	{
102	set_config('newest_user_id', $row['user_id'], true);
103	set_config('newest_username', $row['username'], true);
104	set_config('newest_user_colour', $row['user_colour'], true);
105	}
106	}
107
108	/**
109	* Updates a username across all relevant tables/fields
110	*
111	* @param string $old_name the old/current username
112	* @param string $new_name the new username
113	*/
114	function user_update_name($old_name, $new_name)
115	{
116	global $config, $db, $cache;
117
118	$update_ary = array(
119	FORUMS_TABLE => array('forum_last_poster_name'),
120	MODERATOR_CACHE_TABLE => array('username'),
121	POSTS_TABLE => array('post_username'),
122	TOPICS_TABLE => array('topic_first_poster_name', 'topic_last_poster_name'),
123	);
124
125	foreach ($update_ary as $table => $field_ary)
126	{
127	foreach ($field_ary as $field)
128	{
129	$sql = "UPDATE $table
130	SET $field = '" . $db->sql_escape($new_name) . "'
131	WHERE $field = '" . $db->sql_escape($old_name) . "'";
132	$db->sql_query($sql);
133	}
134	}
135
136	if ($config['newest_username'] == $old_name)
137	{
138	set_config('newest_username', $new_name, true);
139	}
140
141	// Because some tables/caches use username-specific data we need to purge this here.
142	$cache->destroy('sql', MODERATOR_CACHE_TABLE);
143	}
144
145	/**
146	* Adds an user
147	*
148	* @param mixed $user_row An array containing the following keys (and the appropriate values): username, group_id (the group to place the user in), user_email and the user_type(usually 0). Additional entries not overridden by defaults will be forwarded.
149	* @param string $cp_data custom profile fields, see custom_profile::build_insert_sql_array
150	* @return the new user's ID.
151	*/
152	function user_add($user_row, $cp_data = false)
153	{
154	global $db, $user, $auth, $config, $phpbb_root_path, $phpEx;
155
156	if (empty($user_row['username']) \|\| !isset($user_row['group_id']) \|\| !isset($user_row['user_email']) \|\| !isset($user_row['user_type']))
157	{
158	return false;
159	}
160
161	$username_clean = utf8_clean_string($user_row['username']);
162
163	if (empty($username_clean))
164	{
165	return false;
166	}
167
168	$sql_ary = array(
169	'username' => $user_row['username'],
170	'username_clean' => $username_clean,
171	'user_password' => (isset($user_row['user_password'])) ? $user_row['user_password'] : '',
172	'user_pass_convert' => 0,
173	'user_email' => strtolower($user_row['user_email']),
174	'user_email_hash' => phpbb_email_hash($user_row['user_email']),
175	'group_id' => $user_row['group_id'],
176	'user_type' => $user_row['user_type'],
177	);
178
179	// These are the additional vars able to be specified
180	$additional_vars = array(
181	'user_permissions' => '',
182	'user_timezone' => $config['board_timezone'],
183	'user_dateformat' => $config['default_dateformat'],
184	'user_lang' => $config['default_lang'],
185	'user_style' => (int) $config['default_style'],
186	'user_actkey' => '',
187	'user_ip' => '',
188	'user_regdate' => time(),
189	'user_passchg' => time(),
190	'user_options' => 230271,
191	// We do not set the new flag here - registration scripts need to specify it
192	'user_new' => 0,
193
194	'user_inactive_reason' => 0,
195	'user_inactive_time' => 0,
196	'user_lastmark' => time(),
197	'user_lastvisit' => 0,
198	'user_lastpost_time' => 0,
199	'user_lastpage' => '',
200	'user_posts' => 0,
201	'user_dst' => (int) $config['board_dst'],
202	'user_colour' => '',
203	'user_occ' => '',
204	'user_interests' => '',
205	'user_avatar' => '',
206	'user_avatar_type' => 0,
207	'user_avatar_width' => 0,
208	'user_avatar_height' => 0,
209	'user_new_privmsg' => 0,
210	'user_unread_privmsg' => 0,
211	'user_last_privmsg' => 0,
212	'user_message_rules' => 0,
213	'user_full_folder' => PRIVMSGS_NO_BOX,
214	'user_emailtime' => 0,
215
216	'user_notify' => 0,
217	'user_notify_pm' => 1,
218	'user_notify_type' => NOTIFY_EMAIL,
219	'user_allow_pm' => 1,
220	'user_allow_viewonline' => 1,
221	'user_allow_viewemail' => 1,
222	'user_allow_massemail' => 1,
223
224	'user_sig' => '',
225	'user_sig_bbcode_uid' => '',
226	'user_sig_bbcode_bitfield' => '',
227
228	'user_form_salt' => unique_id(),
229	);
230
231	// Now fill the sql array with not required variables
232	foreach ($additional_vars as $key => $default_value)
233	{
234	$sql_ary[$key] = (isset($user_row[$key])) ? $user_row[$key] : $default_value;
235	}
236
237	// Any additional variables in $user_row not covered above?
238	$remaining_vars = array_diff(array_keys($user_row), array_keys($sql_ary));
239
240	// Now fill our sql array with the remaining vars
241	if (sizeof($remaining_vars))
242	{
243	foreach ($remaining_vars as $key)
244	{
245	$sql_ary[$key] = $user_row[$key];
246	}
247	}
248
249	$sql = 'INSERT INTO ' . USERS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
250	$db->sql_query($sql);
251
252	$user_id = $db->sql_nextid();
253
254	// Insert Custom Profile Fields
255	if ($cp_data !== false && sizeof($cp_data))
256	{
257	$cp_data['user_id'] = (int) $user_id;
258
259	if (!class_exists('custom_profile'))
260	{
261	include_once($phpbb_root_path . 'includes/functions_profile_fields.' . $phpEx);
262	}
263
264	$sql = 'INSERT INTO ' . PROFILE_FIELDS_DATA_TABLE . ' ' .
265	$db->sql_build_array('INSERT', custom_profile::build_insert_sql_array($cp_data));
266	$db->sql_query($sql);
267	}
268
269	// Place into appropriate group...
270	$sql = 'INSERT INTO ' . USER_GROUP_TABLE . ' ' . $db->sql_build_array('INSERT', array(
271	'user_id' => (int) $user_id,
272	'group_id' => (int) $user_row['group_id'],
273	'user_pending' => 0)
274	);
275	$db->sql_query($sql);
276
277	// Now make it the users default group...
278	group_set_user_default($user_row['group_id'], array($user_id), false);
279
280	// Add to newly registered users group if user_new is 1
281	if ($config['new_member_post_limit'] && $sql_ary['user_new'])
282	{
283	$sql = 'SELECT group_id
284	FROM ' . GROUPS_TABLE . "
285	WHERE group_name = 'NEWLY_REGISTERED'
286	AND group_type = " . GROUP_SPECIAL;
287	$result = $db->sql_query($sql);
288	$add_group_id = (int) $db->sql_fetchfield('group_id');
289	$db->sql_freeresult($result);
290
291	if ($add_group_id)
292	{
293	// Because these actions only fill the log unneccessarily we skip the add_log() entry with a little hack. :/
294	$GLOBALS['skip_add_log'] = true;
295
296	// Add user to "newly registered users" group and set to default group if admin specified so.
297	if ($config['new_member_group_default'])
298	{
299	group_user_add($add_group_id, $user_id, false, false, true);
300	}
301	else
302	{
303	group_user_add($add_group_id, $user_id);
304	}
305
306	unset($GLOBALS['skip_add_log']);
307	}
308	}
309
310	// set the newest user and adjust the user count if the user is a normal user and no activation mail is sent
311	if ($user_row['user_type'] == USER_NORMAL \|\| $user_row['user_type'] == USER_FOUNDER)
312	{
313	set_config('newest_user_id', $user_id, true);
314	set_config('newest_username', $user_row['username'], true);
315	set_config_count('num_users', 1, true);
316
317	$sql = 'SELECT group_colour
318	FROM ' . GROUPS_TABLE . '
319	WHERE group_id = ' . (int) $user_row['group_id'];
320	$result = $db->sql_query_limit($sql, 1);
321	$row = $db->sql_fetchrow($result);
322	$db->sql_freeresult($result);
323
324	set_config('newest_user_colour', $row['group_colour'], true);
325	}
326
327	return $user_id;
328	}
329
330	/**
331	* Remove User
332	*/
333	function user_delete($mode, $user_id, $post_username = false)
334	{
335	global $cache, $config, $db, $user, $auth;
336	global $phpbb_root_path, $phpEx;
337
338	$sql = 'SELECT *
339	FROM ' . USERS_TABLE . '
340	WHERE user_id = ' . $user_id;
341	$result = $db->sql_query($sql);
342	$user_row = $db->sql_fetchrow($result);
343	$db->sql_freeresult($result);
344
345	if (!$user_row)
346	{
347	return false;
348	}
349
350	// Before we begin, we will remove the reports the user issued.
351	$sql = 'SELECT r.post_id, p.topic_id
352	FROM ' . REPORTS_TABLE . ' r, ' . POSTS_TABLE . ' p
353	WHERE r.user_id = ' . $user_id . '
354	AND p.post_id = r.post_id';
355	$result = $db->sql_query($sql);
356
357	$report_posts = $report_topics = array();
358	while ($row = $db->sql_fetchrow($result))
359	{
360	$report_posts[] = $row['post_id'];
361	$report_topics[] = $row['topic_id'];
362	}
363	$db->sql_freeresult($result);
364
365	if (sizeof($report_posts))
366	{
367	$report_posts = array_unique($report_posts);
368	$report_topics = array_unique($report_topics);
369
370	// Get a list of topics that still contain reported posts
371	$sql = 'SELECT DISTINCT topic_id
372	FROM ' . POSTS_TABLE . '
373	WHERE ' . $db->sql_in_set('topic_id', $report_topics) . '
374	AND post_reported = 1
375	AND ' . $db->sql_in_set('post_id', $report_posts, true);
376	$result = $db->sql_query($sql);
377
378	$keep_report_topics = array();
379	while ($row = $db->sql_fetchrow($result))
380	{
381	$keep_report_topics[] = $row['topic_id'];
382	}
383	$db->sql_freeresult($result);
384
385	if (sizeof($keep_report_topics))
386	{
387	$report_topics = array_diff($report_topics, $keep_report_topics);
388	}
389	unset($keep_report_topics);
390
391	// Now set the flags back
392	$sql = 'UPDATE ' . POSTS_TABLE . '
393	SET post_reported = 0
394	WHERE ' . $db->sql_in_set('post_id', $report_posts);
395	$db->sql_query($sql);
396
397	if (sizeof($report_topics))
398	{
399	$sql = 'UPDATE ' . TOPICS_TABLE . '
400	SET topic_reported = 0
401	WHERE ' . $db->sql_in_set('topic_id', $report_topics);
402	$db->sql_query($sql);
403	}
404	}
405
406	// Remove reports
407	$db->sql_query('DELETE FROM ' . REPORTS_TABLE . ' WHERE user_id = ' . $user_id);
408
409	if ($user_row['user_avatar'] && $user_row['user_avatar_type'] == AVATAR_UPLOAD)
410	{
411	avatar_delete('user', $user_row);
412	}
413
414	switch ($mode)
415	{
416	case 'retain':
417
418	$db->sql_transaction('begin');
419
420	if ($post_username === false)
421	{
422	$post_username = $user->lang['GUEST'];
423	}
424
425	// If the user is inactive and newly registered we assume no posts from this user being there...
426	if ($user_row['user_type'] == USER_INACTIVE && $user_row['user_inactive_reason'] == INACTIVE_REGISTER && !$user_row['user_posts'])
427	{
428	}
429	else
430	{
431	$sql = 'UPDATE ' . FORUMS_TABLE . '
432	SET forum_last_poster_id = ' . ANONYMOUS . ", forum_last_poster_name = '" . $db->sql_escape($post_username) . "', forum_last_poster_colour = ''
433	WHERE forum_last_poster_id = $user_id";
434	$db->sql_query($sql);
435
436	$sql = 'UPDATE ' . POSTS_TABLE . '
437	SET poster_id = ' . ANONYMOUS . ", post_username = '" . $db->sql_escape($post_username) . "'
438	WHERE poster_id = $user_id";
439	$db->sql_query($sql);
440
441	$sql = 'UPDATE ' . POSTS_TABLE . '
442	SET post_edit_user = ' . ANONYMOUS . "
443	WHERE post_edit_user = $user_id";
444	$db->sql_query($sql);
445
446	$sql = 'UPDATE ' . TOPICS_TABLE . '
447	SET topic_poster = ' . ANONYMOUS . ", topic_first_poster_name = '" . $db->sql_escape($post_username) . "', topic_first_poster_colour = ''
448	WHERE topic_poster = $user_id";
449	$db->sql_query($sql);
450
451	$sql = 'UPDATE ' . TOPICS_TABLE . '
452	SET topic_last_poster_id = ' . ANONYMOUS . ", topic_last_poster_name = '" . $db->sql_escape($post_username) . "', topic_last_poster_colour = ''
453	WHERE topic_last_poster_id = $user_id";
454	$db->sql_query($sql);
455
456	$sql = 'UPDATE ' . ATTACHMENTS_TABLE . '
457	SET poster_id = ' . ANONYMOUS . "
458	WHERE poster_id = $user_id";
459	$db->sql_query($sql);
460
461	// Since we change every post by this author, we need to count this amount towards the anonymous user
462
463	// Update the post count for the anonymous user
464	if ($user_row['user_posts'])
465	{
466	$sql = 'UPDATE ' . USERS_TABLE . '
467	SET user_posts = user_posts + ' . $user_row['user_posts'] . '
468	WHERE user_id = ' . ANONYMOUS;
469	$db->sql_query($sql);
470	}
471	}
472
473	$db->sql_transaction('commit');
474
475	break;
476
477	case 'remove':
478
479	if (!function_exists('delete_posts'))
480	{
481	include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
482	}
483
484	$sql = 'SELECT topic_id, COUNT(post_id) AS total_posts
485	FROM ' . POSTS_TABLE . "
486	WHERE poster_id = $user_id
487	GROUP BY topic_id";
488	$result = $db->sql_query($sql);
489
490	$topic_id_ary = array();
491	while ($row = $db->sql_fetchrow($result))
492	{
493	$topic_id_ary[$row['topic_id']] = $row['total_posts'];
494	}
495	$db->sql_freeresult($result);
496
497	if (sizeof($topic_id_ary))
498	{
499	$sql = 'SELECT topic_id, topic_replies, topic_replies_real
500	FROM ' . TOPICS_TABLE . '
501	WHERE ' . $db->sql_in_set('topic_id', array_keys($topic_id_ary));
502	$result = $db->sql_query($sql);
503
504	$del_topic_ary = array();
505	while ($row = $db->sql_fetchrow($result))
506	{
507	if (max($row['topic_replies'], $row['topic_replies_real']) + 1 == $topic_id_ary[$row['topic_id']])
508	{
509	$del_topic_ary[] = $row['topic_id'];
510	}
511	}
512	$db->sql_freeresult($result);
513
514	if (sizeof($del_topic_ary))
515	{
516	$sql = 'DELETE FROM ' . TOPICS_TABLE . '
517	WHERE ' . $db->sql_in_set('topic_id', $del_topic_ary);
518	$db->sql_query($sql);
519	}
520	}
521
522	// Delete posts, attachments, etc.
523	delete_posts('poster_id', $user_id);
524
525	break;
526	}
527
528	$db->sql_transaction('begin');
529
530	$table_ary = array(USERS_TABLE, USER_GROUP_TABLE, TOPICS_WATCH_TABLE, FORUMS_WATCH_TABLE, ACL_USERS_TABLE, TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, FORUMS_TRACK_TABLE, PROFILE_FIELDS_DATA_TABLE, MODERATOR_CACHE_TABLE, DRAFTS_TABLE, BOOKMARKS_TABLE, SESSIONS_KEYS_TABLE);
531
532	foreach ($table_ary as $table)
533	{
534	$sql = "DELETE FROM $table
535	WHERE user_id = $user_id";
536	$db->sql_query($sql);
537	}
538
539	$cache->destroy('sql', MODERATOR_CACHE_TABLE);
540
541	// Delete user log entries about this user
542	$sql = 'DELETE FROM ' . LOG_TABLE . '
543	WHERE reportee_id = ' . $user_id;
544	$db->sql_query($sql);
545
546	// Change user_id to anonymous for this users triggered events
547	$sql = 'UPDATE ' . LOG_TABLE . '
548	SET user_id = ' . ANONYMOUS . '
549	WHERE user_id = ' . $user_id;
550	$db->sql_query($sql);
551
552	// Delete the user_id from the zebra table
553	$sql = 'DELETE FROM ' . ZEBRA_TABLE . '
554	WHERE user_id = ' . $user_id . '
555	OR zebra_id = ' . $user_id;
556	$db->sql_query($sql);
557
558	// Delete the user_id from the banlist
559	$sql = 'DELETE FROM ' . BANLIST_TABLE . '
560	WHERE ban_userid = ' . $user_id;
561	$db->sql_query($sql);
562
563	// Delete the user_id from the session table
564	$sql = 'DELETE FROM ' . SESSIONS_TABLE . '
565	WHERE session_user_id = ' . $user_id;
566	$db->sql_query($sql);
567
568	// Remove any undelivered mails...
569	$sql = 'SELECT msg_id, user_id
570	FROM ' . PRIVMSGS_TO_TABLE . '
571	WHERE author_id = ' . $user_id . '
572	AND folder_id = ' . PRIVMSGS_NO_BOX;
573	$result = $db->sql_query($sql);
574
575	$undelivered_msg = $undelivered_user = array();
576	while ($row = $db->sql_fetchrow($result))
577	{
578	$undelivered_msg[] = $row['msg_id'];
579	$undelivered_user[$row['user_id']][] = true;
580	}
581	$db->sql_freeresult($result);
582
583	if (sizeof($undelivered_msg))
584	{
585	$sql = 'DELETE FROM ' . PRIVMSGS_TABLE . '
586	WHERE ' . $db->sql_in_set('msg_id', $undelivered_msg);
587	$db->sql_query($sql);
588	}
589
590	$sql = 'DELETE FROM ' . PRIVMSGS_TO_TABLE . '
591	WHERE author_id = ' . $user_id . '
592	AND folder_id = ' . PRIVMSGS_NO_BOX;
593	$db->sql_query($sql);
594
595	// Delete all to-information
596	$sql = 'DELETE FROM ' . PRIVMSGS_TO_TABLE . '
597	WHERE user_id = ' . $user_id;
598	$db->sql_query($sql);
599
600	// Set the remaining author id to anonymous - this way users are still able to read messages from users being removed
601	$sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . '
602	SET author_id = ' . ANONYMOUS . '
603	WHERE author_id = ' . $user_id;
604	$db->sql_query($sql);
605
606	$sql = 'UPDATE ' . PRIVMSGS_TABLE . '
607	SET author_id = ' . ANONYMOUS . '
608	WHERE author_id = ' . $user_id;
609	$db->sql_query($sql);
610
611	foreach ($undelivered_user as $_user_id => $ary)
612	{
613	if ($_user_id == $user_id)
614	{
615	continue;
616	}
617
618	$sql = 'UPDATE ' . USERS_TABLE . '
619	SET user_new_privmsg = user_new_privmsg - ' . sizeof($ary) . ',
620	user_unread_privmsg = user_unread_privmsg - ' . sizeof($ary) . '
621	WHERE user_id = ' . $_user_id;
622	$db->sql_query($sql);
623	}
624
625	$db->sql_transaction('commit');
626
627	// Reset newest user info if appropriate
628	if ($config['newest_user_id'] == $user_id)
629	{
630	update_last_username();
631	}
632
633	// Decrement number of users if this user is active
634	if ($user_row['user_type'] != USER_INACTIVE && $user_row['user_type'] != USER_IGNORE)
635	{
636	set_config_count('num_users', -1, true);
637	}
638
639	return false;
640	}
641
642	/**
643	* Flips user_type from active to inactive and vice versa, handles group membership updates
644	*
645	* @param string $mode can be flip for flipping from active/inactive, activate or deactivate
646	*/
647	function user_active_flip($mode, $user_id_ary, $reason = INACTIVE_MANUAL)
648	{
649	global $config, $db, $user, $auth;
650
651	$deactivated = $activated = 0;
652	$sql_statements = array();
653
654	if (!is_array($user_id_ary))
655	{
656	$user_id_ary = array($user_id_ary);
657	}
658
659	if (!sizeof($user_id_ary))
660	{
661	return;
662	}
663
664	$sql = 'SELECT user_id, group_id, user_type, user_inactive_reason
665	FROM ' . USERS_TABLE . '
666	WHERE ' . $db->sql_in_set('user_id', $user_id_ary);
667	$result = $db->sql_query($sql);
668
669	while ($row = $db->sql_fetchrow($result))
670	{
671	$sql_ary = array();
672
673	if ($row['user_type'] == USER_IGNORE \|\| $row['user_type'] == USER_FOUNDER \|\|
674	($mode == 'activate' && $row['user_type'] != USER_INACTIVE) \|\|
675	($mode == 'deactivate' && $row['user_type'] == USER_INACTIVE))
676	{
677	continue;
678	}
679
680	if ($row['user_type'] == USER_INACTIVE)
681	{
682	$activated++;
683	}
684	else
685	{
686	$deactivated++;
687
688	// Remove the users session key...
689	$user->reset_login_keys($row['user_id']);
690	}
691
692	$sql_ary += array(
693	'user_type' => ($row['user_type'] == USER_NORMAL) ? USER_INACTIVE : USER_NORMAL,
694	'user_inactive_time' => ($row['user_type'] == USER_NORMAL) ? time() : 0,
695	'user_inactive_reason' => ($row['user_type'] == USER_NORMAL) ? $reason : 0,
696	);
697
698	$sql_statements[$row['user_id']] = $sql_ary;
699	}
700	$db->sql_freeresult($result);
701
702	if (sizeof($sql_statements))
703	{
704	foreach ($sql_statements as $user_id => $sql_ary)
705	{
706	$sql = 'UPDATE ' . USERS_TABLE . '
707	SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
708	WHERE user_id = ' . $user_id;
709	$db->sql_query($sql);
710	}
711
712	$auth->acl_clear_prefetch(array_keys($sql_statements));
713	}
714
715	if ($deactivated)
716	{
717	set_config_count('num_users', $deactivated * (-1), true);
718	}
719
720	if ($activated)
721	{
722	set_config_count('num_users', $activated, true);
723	}
724
725	// Update latest username
726	update_last_username();
727	}
728
729	/**
730	* Add a ban or ban exclusion to the banlist. Bans either a user, an IP or an email address
731	*
732	* @param string $mode Type of ban. One of the following: user, ip, email
733	* @param mixed $ban Banned entity. Either string or array with usernames, ips or email addresses
734	* @param int $ban_len Ban length in minutes
735	* @param string $ban_len_other Ban length as a date (YYYY-MM-DD)
736	* @param boolean $ban_exclude Exclude these entities from banning?
737	* @param string $ban_reason String describing the reason for this ban
738	* @return boolean
739	*/
740	function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reason, $ban_give_reason = '')
741	{
742	global $db, $user, $auth, $cache;
743
744	// Delete stale bans
745	$sql = 'DELETE FROM ' . BANLIST_TABLE . '
746	WHERE ban_end < ' . time() . '
747	AND ban_end <> 0';
748	$db->sql_query($sql);
749
750	$ban_list = (!is_array($ban)) ? array_unique(explode("\n", $ban)) : $ban;
751	$ban_list_log = implode(', ', $ban_list);
752
753	$current_time = time();
754
755	// Set $ban_end to the unix time when the ban should end. 0 is a permanent ban.
756	if ($ban_len)
757	{
758	if ($ban_len != -1 \|\| !$ban_len_other)
759	{
760	$ban_end = max($current_time, $current_time + ($ban_len) * 60);
761	}
762	else
763	{
764	$ban_other = explode('-', $ban_len_other);
765	if (sizeof($ban_other) == 3 && ((int)$ban_other[0] < 9999) &&
766	(strlen($ban_other[0]) == 4) && (strlen($ban_other[1]) == 2) && (strlen($ban_other[2]) == 2))
767	{
768	$ban_end = max($current_time, gmmktime(0, 0, 0, (int)$ban_other[1], (int)$ban_other[2], (int)$ban_other[0]));
769	}
770	else
771	{
772	trigger_error('LENGTH_BAN_INVALID');
773	}
774	}
775	}
776	else
777	{
778	$ban_end = 0;
779	}
780
781	$founder = $founder_names = array();
782
783	if (!$ban_exclude)
784	{
785	// Create a list of founder...
786	$sql = 'SELECT user_id, user_email, username_clean
787	FROM ' . USERS_TABLE . '
788	WHERE user_type = ' . USER_FOUNDER;
789	$result = $db->sql_query($sql);
790
791	while ($row = $db->sql_fetchrow($result))
792	{
793	$founder[$row['user_id']] = $row['user_email'];
794	$founder_names[$row['user_id']] = $row['username_clean'];
795	}
796	$db->sql_freeresult($result);
797	}
798
799	$banlist_ary = array();
800
801	switch ($mode)
802	{
803	case 'user':
804	$type = 'ban_userid';
805
806	// At the moment we do not support wildcard username banning
807
808	// Select the relevant user_ids.
809	$sql_usernames = array();
810
811	foreach ($ban_list as $username)
812	{
813	$username = trim($username);
814	if ($username != '')
815	{
816	$clean_name = utf8_clean_string($username);
817	if ($clean_name == $user->data['username_clean'])
818	{
819	trigger_error('CANNOT_BAN_YOURSELF', E_USER_WARNING);
820	}
821	if (in_array($clean_name, $founder_names))
822	{
823	trigger_error('CANNOT_BAN_FOUNDER', E_USER_WARNING);
824	}
825	$sql_usernames[] = $clean_name;
826	}
827	}
828
829	// Make sure we have been given someone to ban
830	if (!sizeof($sql_usernames))
831	{
832	trigger_error('NO_USER_SPECIFIED');
833	}
834
835	$sql = 'SELECT user_id
836	FROM ' . USERS_TABLE . '
837	WHERE ' . $db->sql_in_set('username_clean', $sql_usernames);
838
839	// Do not allow banning yourself
840	if (sizeof($founder))
841	{
842	$sql .= ' AND ' . $db->sql_in_set('user_id', array_merge(array_keys($founder), array($user->data['user_id'])), true);
843	}
844	else
845	{
846	$sql .= ' AND user_id <> ' . $user->data['user_id'];
847	}
848
849	$result = $db->sql_query($sql);
850
851	if ($row = $db->sql_fetchrow($result))
852	{
853	do
854	{
855	$banlist_ary[] = (int) $row['user_id'];
856	}
857	while ($row = $db->sql_fetchrow($result));
858	}
859	else
860	{
861	$db->sql_freeresult($result);
862	trigger_error('NO_USERS');
863	}
864	$db->sql_freeresult($result);
865	break;
866
867	case 'ip':
868	$type = 'ban_ip';
869
870	foreach ($ban_list as $ban_item)
871	{
872	if (preg_match('#^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})[ ]\-[ ]([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$#', trim($ban_item), $ip_range_explode))
873	{
874	// This is an IP range
875	// Don't ask about all this, just don't ask ... !
876	$ip_1_counter = $ip_range_explode[1];
877	$ip_1_end = $ip_range_explode[5];
878
879	while ($ip_1_counter <= $ip_1_end)
880	{
881	$ip_2_counter = ($ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[2] : 0;
882	$ip_2_end = ($ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[6];
883
884	if ($ip_2_counter == 0 && $ip_2_end == 254)
885	{
886	$ip_2_counter = 256;
887	$ip_2_fragment = 256;
888
889	$banlist_ary[] = "$ip_1_counter.*";
890	}
891
892	while ($ip_2_counter <= $ip_2_end)
893	{
894	$ip_3_counter = ($ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[3] : 0;
895	$ip_3_end = ($ip_2_counter < $ip_2_end \|\| $ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[7];
896
897	if ($ip_3_counter == 0 && $ip_3_end == 254)
898	{
899	$ip_3_counter = 256;
900	$ip_3_fragment = 256;
901
902	$banlist_ary[] = "$ip_1_counter.$ip_2_counter.*";
903	}
904
905	while ($ip_3_counter <= $ip_3_end)
906	{
907	$ip_4_counter = ($ip_3_counter == $ip_range_explode[3] && $ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[4] : 0;
908	$ip_4_end = ($ip_3_counter < $ip_3_end \|\| $ip_2_counter < $ip_2_end) ? 254 : $ip_range_explode[8];
909
910	if ($ip_4_counter == 0 && $ip_4_end == 254)
911	{
912	$ip_4_counter = 256;
913	$ip_4_fragment = 256;
914
915	$banlist_ary[] = "$ip_1_counter.$ip_2_counter.$ip_3_counter.*";
916	}
917
918	while ($ip_4_counter <= $ip_4_end)
919	{
920	$banlist_ary[] = "$ip_1_counter.$ip_2_counter.$ip_3_counter.$ip_4_counter";
921	$ip_4_counter++;
922	}
923	$ip_3_counter++;
924	}
925	$ip_2_counter++;
926	}
927	$ip_1_counter++;
928	}
929	}
930	else if (preg_match('#^([0-9]{1,3})\.([0-9\]{1,3})\.([0-9\]{1,3})\.([0-9\]{1,3})$#', trim($ban_item)) \|\| preg_match('#^[a-f0-9:]+\?$#i', trim($ban_item)))
931	{
932	// Normal IP address
933	$banlist_ary[] = trim($ban_item);
934	}
935	else if (preg_match('#^\*$#', trim($ban_item)))
936	{
937	// Ban all IPs
938	$banlist_ary[] = '*';
939	}
940	else if (preg_match('#^([\w\-_]\.?){2,}$#is', trim($ban_item)))
941	{
942	// hostname
943	$ip_ary = gethostbynamel(trim($ban_item));
944
945	if (!empty($ip_ary))
946	{
947	foreach ($ip_ary as $ip)
948	{
949	if ($ip)
950	{
951	if (strlen($ip) > 40)
952	{
953	continue;
954	}
955
956	$banlist_ary[] = $ip;
957	}
958	}
959	}
960	}
961
962	if (empty($banlist_ary))
963	{
964	trigger_error('NO_IPS_DEFINED');
965	}
966	}
967	break;
968
969	case 'email':
970	$type = 'ban_email';
971
972	foreach ($ban_list as $ban_item)
973	{
974	$ban_item = trim($ban_item);
975
976	if (preg_match('#^.?@\|(([a-z0-9\-]+\.)+([a-z]{2,3}))$#i', $ban_item))
977	{
978	if (strlen($ban_item) > 100)
979	{
980	continue;
981	}
982
983	if (!sizeof($founder) \|\| !in_array($ban_item, $founder))
984	{
985	$banlist_ary[] = $ban_item;
986	}
987	}
988	}
989
990	if (sizeof($ban_list) == 0)
991	{
992	trigger_error('NO_EMAILS_DEFINED');
993	}
994	break;
995
996	default:
997	trigger_error('NO_MODE');
998	break;
999	}
1000
1001	// Fetch currently set bans of the specified type and exclude state. Prevent duplicate bans.
1002	$sql_where = ($type == 'ban_userid') ? 'ban_userid <> 0' : "$type <> ''";
1003
1004	$sql = "SELECT $type
1005	FROM " . BANLIST_TABLE . "
1006	WHERE $sql_where
1007	AND ban_exclude = " . (int) $ban_exclude;
1008	$result = $db->sql_query($sql);
1009
1010	// Reset $sql_where, because we use it later...
1011	$sql_where = '';
1012
1013	if ($row = $db->sql_fetchrow($result))
1014	{
1015	$banlist_ary_tmp = array();
1016	do
1017	{
1018	switch ($mode)
1019	{
1020	case 'user':
1021	$banlist_ary_tmp[] = $row['ban_userid'];
1022	break;
1023
1024	case 'ip':
1025	$banlist_ary_tmp[] = $row['ban_ip'];
1026	break;
1027
1028	case 'email':
1029	$banlist_ary_tmp[] = $row['ban_email'];
1030	break;
1031	}
1032	}
1033	while ($row = $db->sql_fetchrow($result));
1034
1035	$banlist_ary_tmp = array_intersect($banlist_ary, $banlist_ary_tmp);
1036
1037	if (sizeof($banlist_ary_tmp))
1038	{
1039	// One or more entities are already banned/excluded, delete the existing bans, so they can be re-inserted with the given new length
1040	$sql = 'DELETE FROM ' . BANLIST_TABLE . '
1041	WHERE ' . $db->sql_in_set($type, $banlist_ary_tmp) . '
1042	AND ban_exclude = ' . (int) $ban_exclude;
1043	$db->sql_query($sql);
1044	}
1045
1046	unset($banlist_ary_tmp);
1047	}
1048	$db->sql_freeresult($result);
1049
1050	// We have some entities to ban
1051	if (sizeof($banlist_ary))
1052	{
1053	$sql_ary = array();
1054
1055	foreach ($banlist_ary as $ban_entry)
1056	{
1057	$sql_ary[] = array(
1058	$type => $ban_entry,
1059	'ban_start' => (int) $current_time,
1060	'ban_end' => (int) $ban_end,
1061	'ban_exclude' => (int) $ban_exclude,
1062	'ban_reason' => (string) $ban_reason,
1063	'ban_give_reason' => (string) $ban_give_reason,
1064	);
1065	}
1066
1067	$db->sql_multi_insert(BANLIST_TABLE, $sql_ary);
1068
1069	// If we are banning we want to logout anyone matching the ban
1070	if (!$ban_exclude)
1071	{
1072	switch ($mode)
1073	{
1074	case 'user':
1075	$sql_where = 'WHERE ' . $db->sql_in_set('session_user_id', $banlist_ary);
1076	break;
1077
1078	case 'ip':
1079	$sql_where = 'WHERE ' . $db->sql_in_set('session_ip', $banlist_ary);
1080	break;
1081
1082	case 'email':
1083	$banlist_ary_sql = array();
1084
1085	foreach ($banlist_ary as $ban_entry)
1086	{
1087	$banlist_ary_sql[] = (string) str_replace('*', '%', $ban_entry);
1088	}
1089
1090	$sql = 'SELECT user_id
1091	FROM ' . USERS_TABLE . '
1092	WHERE ' . $db->sql_in_set('user_email', $banlist_ary_sql);
1093	$result = $db->sql_query($sql);
1094
1095	$sql_in = array();
1096
1097	if ($row = $db->sql_fetchrow($result))
1098	{
1099	do
1100	{
1101	$sql_in[] = $row['user_id'];
1102	}
1103	while ($row = $db->sql_fetchrow($result));
1104
1105	$sql_where = 'WHERE ' . $db->sql_in_set('session_user_id', $sql_in);
1106	}
1107	$db->sql_freeresult($result);
1108	break;
1109	}
1110
1111	if (isset($sql_where) && $sql_where)
1112	{
1113	$sql = 'DELETE FROM ' . SESSIONS_TABLE . "
1114	$sql_where";
1115	$db->sql_query($sql);
1116
1117	if ($mode == 'user')
1118	{
1119	$sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' ' . ((in_array('*', $banlist_ary)) ? '' : 'WHERE ' . $db->sql_in_set('user_id', $banlist_ary));
1120	$db->sql_query($sql);
1121	}
1122	}
1123	}
1124
1125	// Update log
1126	$log_entry = ($ban_exclude) ? 'LOG_BAN_EXCLUDE_' : 'LOG_BAN_';
1127
1128	// Add to moderator log, admin log and user notes
1129	add_log('admin', $log_entry . strtoupper($mode), $ban_reason, $ban_list_log);
1130	add_log('mod', 0, 0, $log_entry . strtoupper($mode), $ban_reason, $ban_list_log);
1131	if ($mode == 'user')
1132	{
1133	foreach ($banlist_ary as $user_id)
1134	{
1135	add_log('user', $user_id, $log_entry . strtoupper($mode), $ban_reason, $ban_list_log);
1136	}
1137	}
1138
1139	$cache->destroy('sql', BANLIST_TABLE);
1140
1141	return true;
1142	}
1143
1144	// There was nothing to ban/exclude. But destroying the cache because of the removal of stale bans.
1145	$cache->destroy('sql', BANLIST_TABLE);
1146
1147	return false;
1148	}
1149
1150	/**
1151	* Unban User
1152	*/
1153	function user_unban($mode, $ban)
1154	{
1155	global $db, $user, $auth, $cache;
1156
1157	// Delete stale bans
1158	$sql = 'DELETE FROM ' . BANLIST_TABLE . '
1159	WHERE ban_end < ' . time() . '
1160	AND ban_end <> 0';
1161	$db->sql_query($sql);
1162
1163	if (!is_array($ban))
1164	{
1165	$ban = array($ban);
1166	}
1167
1168	$unban_sql = array_map('intval', $ban);
1169
1170	if (sizeof($unban_sql))
1171	{
1172	// Grab details of bans for logging information later
1173	switch ($mode)
1174	{
1175	case 'user':
1176	$sql = 'SELECT u.username AS unban_info, u.user_id
1177	FROM ' . USERS_TABLE . ' u, ' . BANLIST_TABLE . ' b
1178	WHERE ' . $db->sql_in_set('b.ban_id', $unban_sql) . '
1179	AND u.user_id = b.ban_userid';
1180	break;
1181
1182	case 'email':
1183	$sql = 'SELECT ban_email AS unban_info
1184	FROM ' . BANLIST_TABLE . '
1185	WHERE ' . $db->sql_in_set('ban_id', $unban_sql);
1186	break;
1187
1188	case 'ip':
1189	$sql = 'SELECT ban_ip AS unban_info
1190	FROM ' . BANLIST_TABLE . '
1191	WHERE ' . $db->sql_in_set('ban_id', $unban_sql);
1192	break;
1193	}
1194	$result = $db->sql_query($sql);
1195
1196	$l_unban_list = '';
1197	$user_ids_ary = array();
1198	while ($row = $db->sql_fetchrow($result))
1199	{
1200	$l_unban_list .= (($l_unban_list != '') ? ', ' : '') . $row['unban_info'];
1201	if ($mode == 'user')
1202	{
1203	$user_ids_ary[] = $row['user_id'];
1204	}
1205	}
1206	$db->sql_freeresult($result);
1207
1208	$sql = 'DELETE FROM ' . BANLIST_TABLE . '
1209	WHERE ' . $db->sql_in_set('ban_id', $unban_sql);
1210	$db->sql_query($sql);
1211
1212	// Add to moderator log, admin log and user notes
1213	add_log('admin', 'LOG_UNBAN_' . strtoupper($mode), $l_unban_list);
1214	add_log('mod', 0, 0, 'LOG_UNBAN_' . strtoupper($mode), $l_unban_list);
1215	if ($mode == 'user')
1216	{
1217	foreach ($user_ids_ary as $user_id)
1218	{
1219	add_log('user', $user_id, 'LOG_UNBAN_' . strtoupper($mode), $l_unban_list);
1220	}
1221	}
1222	}
1223
1224	$cache->destroy('sql', BANLIST_TABLE);
1225
1226	return false;
1227	}
1228
1229	/**
1230	* Whois facility
1231	*
1232	* @link http://tools.ietf.org/html/rfc3912 RFC3912: WHOIS Protocol Specification
1233	*/
1234	function user_ipwhois($ip)
1235	{
1236	$ipwhois = '';
1237
1238	// Check IP
1239	// Only supporting IPv4 at the moment...
1240	if (empty($ip) \|\| !preg_match(get_preg_expression('ipv4'), $ip))
1241	{
1242	return '';
1243	}
1244
1245	if (($fsk = @fsockopen('whois.arin.net', 43)))
1246	{
1247	// CRLF as per RFC3912
1248	fputs($fsk, "$ip\r\n");
1249	while (!feof($fsk))
1250	{
1251	$ipwhois .= fgets($fsk, 1024);
1252	}
1253	@fclose($fsk);
1254	}
1255
1256	$match = array();
1257
1258	// Test for referrals from ARIN to other whois databases, roll on rwhois
1259	if (preg_match('#ReferralServer: whois://(.+)#im', $ipwhois, $match))
1260	{
1261	if (strpos($match[1], ':') !== false)
1262	{
1263	$pos = strrpos($match[1], ':');
1264	$server = substr($match[1], 0, $pos);
1265	$port = (int) substr($match[1], $pos + 1);
1266	unset($pos);
1267	}
1268	else
1269	{
1270	$server = $match[1];
1271	$port = 43;
1272	}
1273
1274	$buffer = '';
1275
1276	if (($fsk = @fsockopen($server, $port)))
1277	{
1278	fputs($fsk, "$ip\r\n");
1279	while (!feof($fsk))
1280	{
1281	$buffer .= fgets($fsk, 1024);
1282	}
1283	@fclose($fsk);
1284	}
1285
1286	// Use the result from ARIN if we don't get any result here
1287	$ipwhois = (empty($buffer)) ? $ipwhois : $buffer;
1288	}
1289
1290	$ipwhois = htmlspecialchars($ipwhois);
1291
1292	// Magic URL ;)
1293	return trim(make_clickable($ipwhois, false, ''));
1294	}
1295
1296	/**
1297	* Data validation ... used primarily but not exclusively by ucp modules
1298	*
1299	* "Master" function for validating a range of data types
1300	*/
1301	function validate_data($data, $val_ary)
1302	{
1303	global $user;
1304
1305	$error = array();
1306
1307	foreach ($val_ary as $var => $val_seq)
1308	{
1309	if (!is_array($val_seq[0]))
1310	{
1311	$val_seq = array($val_seq);
1312	}
1313
1314	foreach ($val_seq as $validate)
1315	{
1316	$function = array_shift($validate);
1317	array_unshift($validate, $data[$var]);
1318
1319	if ($result = call_user_func_array('validate_' . $function, $validate))
1320	{
1321	// Since errors are checked later for their language file existence, we need to make sure custom errors are not adjusted.
1322	$error[] = (empty($user->lang[$result . '_' . strtoupper($var)])) ? $result : $result . '_' . strtoupper($var);
1323	}
1324	}
1325	}
1326
1327	return $error;
1328	}
1329
1330	/**
1331	* Validate String
1332	*
1333	* @return boolean\|string Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
1334	*/
1335	function validate_string($string, $optional = false, $min = 0, $max = 0)
1336	{
1337	if (empty($string) && $optional)
1338	{
1339	return false;
1340	}
1341
1342	if ($min && utf8_strlen(htmlspecialchars_decode($string)) < $min)
1343	{
1344	return 'TOO_SHORT';
1345	}
1346	else if ($max && utf8_strlen(htmlspecialchars_decode($string)) > $max)
1347	{
1348	return 'TOO_LONG';
1349	}
1350
1351	return false;
1352	}
1353
1354	/**
1355	* Validate Number
1356	*
1357	* @return boolean\|string Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
1358	*/
1359	function validate_num($num, $optional = false, $min = 0, $max = 1E99)
1360	{
1361	if (empty($num) && $optional)
1362	{
1363	return false;
1364	}
1365
1366	if ($num < $min)
1367	{
1368	return 'TOO_SMALL';
1369	}
1370	else if ($num > $max)
1371	{
1372	return 'TOO_LARGE';
1373	}
1374
1375	return false;
1376	}
1377
1378	/**
1379	* Validate Date
1380	* @param String $string a date in the dd-mm-yyyy format
1381	* @return boolean
1382	*/
1383	function validate_date($date_string, $optional = false)
1384	{
1385	$date = explode('-', $date_string);
1386	if ((empty($date) \|\| sizeof($date) != 3) && $optional)
1387	{
1388	return false;
1389	}
1390	else if ($optional)
1391	{
1392	for ($field = 0; $field <= 1; $field++)
1393	{
1394	$date[$field] = (int) $date[$field];
1395	if (empty($date[$field]))
1396	{
1397	$date[$field] = 1;
1398	}
1399	}
1400	$date[2] = (int) $date[2];
1401	// assume an arbitrary leap year
1402	if (empty($date[2]))
1403	{
1404	$date[2] = 1980;
1405	}
1406	}
1407
1408	if (sizeof($date) != 3 \|\| !checkdate($date[1], $date[0], $date[2]))
1409	{
1410	return 'INVALID';
1411	}
1412
1413	return false;
1414	}
1415
1416
1417	/**
1418	* Validate Match
1419	*
1420	* @return boolean\|string Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
1421	*/
1422	function validate_match($string, $optional = false, $match = '')
1423	{
1424	if (empty($string) && $optional)
1425	{
1426	return false;
1427	}
1428
1429	if (empty($match))
1430	{
1431	return false;
1432	}
1433
1434	if (!preg_match($match, $string))
1435	{
1436	return 'WRONG_DATA';
1437	}
1438
1439	return false;
1440	}
1441
1442	/**
1443	* Check to see if the username has been taken, or if it is disallowed.
1444	* Also checks if it includes the " character, which we don't allow in usernames.
1445	* Used for registering, changing names, and posting anonymously with a username
1446	*
1447	* @param string $username The username to check
1448	* @param string $allowed_username An allowed username, default being $user->data['username']
1449	*
1450	* @return mixed Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
1451	*/
1452	function validate_username($username, $allowed_username = false)
1453	{
1454	global $config, $db, $user, $cache;
1455
1456	$clean_username = utf8_clean_string($username);
1457	$allowed_username = ($allowed_username === false) ? $user->data['username_clean'] : utf8_clean_string($allowed_username);
1458
1459	if ($allowed_username == $clean_username)
1460	{
1461	return false;
1462	}
1463
1464	// ... fast checks first.
1465	if (strpos($username, '"') !== false \|\| strpos($username, '"') !== false \|\| empty($clean_username))
1466	{
1467	return 'INVALID_CHARS';
1468	}
1469
1470	$mbstring = $pcre = false;
1471
1472	// generic UTF-8 character types supported?
1473	if ((version_compare(PHP_VERSION, '5.1.0', '>=') \|\| (version_compare(PHP_VERSION, '5.0.0-dev', '<=') && version_compare(PHP_VERSION, '4.4.0', '>='))) && @preg_match('/\p{L}/u', 'a') !== false)
1474	{
1475	$pcre = true;
1476	}
1477	else if (function_exists('mb_ereg_match'))
1478	{
1479	mb_regex_encoding('UTF-8');
1480	$mbstring = true;
1481	}
1482
1483	switch ($config['allow_name_chars'])
1484	{
1485	case 'USERNAME_CHARS_ANY':
1486	$pcre = true;
1487	$regex = '.+';
1488	break;
1489
1490	case 'USERNAME_ALPHA_ONLY':
1491	$pcre = true;
1492	$regex = '[A-Za-z0-9]+';
1493	break;
1494
1495	case 'USERNAME_ALPHA_SPACERS':
1496	$pcre = true;
1497	$regex = '[A-Za-z0-9-[\]_+ ]+';
1498	break;
1499
1500	case 'USERNAME_LETTER_NUM':
1501	if ($pcre)
1502	{
1503	$regex = '[\p{Lu}\p{Ll}\p{N}]+';
1504	}
1505	else if ($mbstring)
1506	{
1507	$regex = '[[:upper:][:lower:][:digit:]]+';
1508	}
1509	else
1510	{
1511	$pcre = true;
1512	$regex = '[a-zA-Z0-9]+';
1513	}
1514	break;
1515
1516	case 'USERNAME_LETTER_NUM_SPACERS':
1517	if ($pcre)
1518	{
1519	$regex = '[-\]_+ [\p{Lu}\p{Ll}\p{N}]+';
1520	}
1521	else if ($mbstring)
1522	{
1523	$regex = '[-\]_+ \[[:upper:][:lower:][:digit:]]+';
1524	}
1525	else
1526	{
1527	$pcre = true;
1528	$regex = '[-\]_+ [a-zA-Z0-9]+';
1529	}
1530	break;
1531
1532	case 'USERNAME_ASCII':
1533	default:
1534	$pcre = true;
1535	$regex = '[\x01-\x7F]+';
1536	break;
1537	}
1538
1539	if ($pcre)
1540	{
1541	if (!preg_match('#^' . $regex . '$#u', $username))
1542	{
1543	return 'INVALID_CHARS';
1544	}
1545	}
1546	else if ($mbstring)
1547	{
1548	mb_ereg_search_init($username, '^' . $regex . '$');
1549	if (!mb_ereg_search())
1550	{
1551	return 'INVALID_CHARS';
1552	}
1553	}
1554
1555	$sql = 'SELECT username
1556	FROM ' . USERS_TABLE . "
1557	WHERE username_clean = '" . $db->sql_escape($clean_username) . "'";
1558	$result = $db->sql_query($sql);
1559	$row = $db->sql_fetchrow($result);
1560	$db->sql_freeresult($result);
1561
1562	if ($row)
1563	{
1564	return 'USERNAME_TAKEN';
1565	}
1566
1567	$sql = 'SELECT group_name
1568	FROM ' . GROUPS_TABLE . "
1569	WHERE LOWER(group_name) = '" . $db->sql_escape(utf8_strtolower($username)) . "'";
1570	$result = $db->sql_query($sql);
1571	$row = $db->sql_fetchrow($result);
1572	$db->sql_freeresult($result);
1573
1574	if ($row)
1575	{
1576	return 'USERNAME_TAKEN';
1577	}
1578
1579	$bad_usernames = $cache->obtain_disallowed_usernames();
1580
1581	foreach ($bad_usernames as $bad_username)
1582	{
1583	if (preg_match('#^' . $bad_username . '$#', $clean_username))
1584	{
1585	return 'USERNAME_DISALLOWED';
1586	}
1587	}
1588
1589	return false;
1590	}
1591
1592	/**
1593	* Check to see if the password meets the complexity settings
1594	*
1595	* @return boolean\|string Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
1596	*/
1597	function validate_password($password)
1598	{
1599	global $config, $db, $user;
1600
1601	if (!$password)
1602	{
1603	return false;
1604	}
1605
1606	$pcre = $mbstring = false;
1607
1608	// generic UTF-8 character types supported?
1609	if ((version_compare(PHP_VERSION, '5.1.0', '>=') \|\| (version_compare(PHP_VERSION, '5.0.0-dev', '<=') && version_compare(PHP_VERSION, '4.4.0', '>='))) && @preg_match('/\p{L}/u', 'a') !== false)
1610	{
1611	$upp = '\p{Lu}';
1612	$low = '\p{Ll}';
1613	$let = '\p{L}';
1614	$num = '\p{N}';
1615	$sym = '[^\p{Lu}\p{Ll}\p{N}]';
1616	$pcre = true;
1617	}
1618	else if (function_exists('mb_ereg_match'))
1619	{
1620	mb_regex_encoding('UTF-8');
1621	$upp = '[[:upper:]]';
1622	$low = '[[:lower:]]';
1623	$let = '[[:lower:][:upper:]]';
1624	$num = '[[:digit:]]';
1625	$sym = '[^[:upper:][:lower:][:digit:]]';
1626	$mbstring = true;
1627	}
1628	else
1629	{
1630	$upp = '[A-Z]';
1631	$low = '[a-z]';
1632	$let = '[a-zA-Z]';
1633	$num = '[0-9]';
1634	$sym = '[^A-Za-z0-9]';
1635	$pcre = true;
1636	}
1637
1638	$chars = array();
1639
1640	switch ($config['pass_complex'])
1641	{
1642	case 'PASS_TYPE_CASE':
1643	$chars[] = $low;
1644	$chars[] = $upp;
1645	break;
1646
1647	case 'PASS_TYPE_ALPHA':
1648	$chars[] = $let;
1649	$chars[] = $num;
1650	break;
1651
1652	case 'PASS_TYPE_SYMBOL':
1653	$chars[] = $low;
1654	$chars[] = $upp;
1655	$chars[] = $num;
1656	$chars[] = $sym;
1657	break;
1658	}
1659
1660	if ($pcre)
1661	{
1662	foreach ($chars as $char)
1663	{
1664	if (!preg_match('#' . $char . '#u', $password))
1665	{
1666	return 'INVALID_CHARS';
1667	}
1668	}
1669	}
1670	else if ($mbstring)
1671	{
1672	foreach ($chars as $char)
1673	{
1674	if (mb_ereg($char, $password) === false)
1675	{
1676	return 'INVALID_CHARS';
1677	}
1678	}
1679	}
1680
1681	return false;
1682	}
1683
1684	/**
1685	* Check to see if email address is banned or already present in the DB
1686	*
1687	* @param string $email The email to check
1688	* @param string $allowed_email An allowed email, default being $user->data['user_email']
1689	*
1690	* @return mixed Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
1691	*/
1692	function validate_email($email, $allowed_email = false)
1693	{
1694	global $config, $db, $user;
1695
1696	$email = strtolower($email);
1697	$allowed_email = ($allowed_email === false) ? strtolower($user->data['user_email']) : strtolower($allowed_email);
1698
1699	if ($allowed_email == $email)
1700	{
1701	return false;
1702	}
1703
1704	if (!preg_match('/^' . get_preg_expression('email') . '$/i', $email))
1705	{
1706	return 'EMAIL_INVALID';
1707	}
1708
1709	// Check MX record.
1710	// The idea for this is from reading the UseBB blog/announcement. :)
1711	if ($config['email_check_mx'])
1712	{
1713	list(, $domain) = explode('@', $email);
1714
1715	if (phpbb_checkdnsrr($domain, 'A') === false && phpbb_checkdnsrr($domain, 'MX') === false)
1716	{
1717	return 'DOMAIN_NO_MX_RECORD';
1718	}
1719	}
1720
1721	if (($ban_reason = $user->check_ban(false, false, $email, true)) !== false)
1722	{
1723	return ($ban_reason === true) ? 'EMAIL_BANNED' : $ban_reason;
1724	}
1725
1726	if (!$config['allow_emailreuse'])
1727	{
1728	$sql = 'SELECT user_email_hash
1729	FROM ' . USERS_TABLE . "
1730	WHERE user_email_hash = " . $db->sql_escape(phpbb_email_hash($email));
1731	$result = $db->sql_query($sql);
1732	$row = $db->sql_fetchrow($result);
1733	$db->sql_freeresult($result);
1734
1735	if ($row)
1736	{
1737	return 'EMAIL_TAKEN';
1738	}
1739	}
1740
1741	return false;
1742	}
1743
1744	/**
1745	* Validate jabber address
1746	* Taken from the jabber class within flyspray (see author notes)
1747	*
1748	* @author flyspray.org
1749	*/
1750	function validate_jabber($jid)
1751	{
1752	if (!$jid)
1753	{
1754	return false;
1755	}
1756
1757	$seperator_pos = strpos($jid, '@');
1758
1759	if ($seperator_pos === false)
1760	{
1761	return 'WRONG_DATA';
1762	}
1763
1764	$username = substr($jid, 0, $seperator_pos);
1765	$realm = substr($jid, $seperator_pos + 1);
1766
1767	if (strlen($username) == 0 \|\| strlen($realm) < 3)
1768	{
1769	return 'WRONG_DATA';
1770	}
1771
1772	$arr = explode('.', $realm);
1773
1774	if (sizeof($arr) == 0)
1775	{
1776	return 'WRONG_DATA';
1777	}
1778
1779	foreach ($arr as $part)
1780	{
1781	if (substr($part, 0, 1) == '-' \|\| substr($part, -1, 1) == '-')
1782	{
1783	return 'WRONG_DATA';
1784	}
1785
1786	if (!preg_match("@^[a-zA-Z0-9-.]+$@", $part))
1787	{
1788	return 'WRONG_DATA';
1789	}
1790	}
1791
1792	$boundary = array(array(0, 127), array(192, 223), array(224, 239), array(240, 247), array(248, 251), array(252, 253));
1793
1794	// Prohibited Characters RFC3454 + RFC3920
1795	$prohibited = array(
1796	// Table C.1.1
1797	array(0x0020, 0x0020), // SPACE
1798	// Table C.1.2
1799	array(0x00A0, 0x00A0), // NO-BREAK SPACE
1800	array(0x1680, 0x1680), // OGHAM SPACE MARK
1801	array(0x2000, 0x2001), // EN QUAD
1802	array(0x2001, 0x2001), // EM QUAD
1803	array(0x2002, 0x2002), // EN SPACE
1804	array(0x2003, 0x2003), // EM SPACE
1805	array(0x2004, 0x2004), // THREE-PER-EM SPACE
1806	array(0x2005, 0x2005), // FOUR-PER-EM SPACE
1807	array(0x2006, 0x2006), // SIX-PER-EM SPACE
1808	array(0x2007, 0x2007), // FIGURE SPACE
1809	array(0x2008, 0x2008), // PUNCTUATION SPACE
1810	array(0x2009, 0x2009), // THIN SPACE
1811	array(0x200A, 0x200A), // HAIR SPACE
1812	array(0x200B, 0x200B), // ZERO WIDTH SPACE
1813	array(0x202F, 0x202F), // NARROW NO-BREAK SPACE
1814	array(0x205F, 0x205F), // MEDIUM MATHEMATICAL SPACE
1815	array(0x3000, 0x3000), // IDEOGRAPHIC SPACE
1816	// Table C.2.1
1817	array(0x0000, 0x001F), // [CONTROL CHARACTERS]
1818	array(0x007F, 0x007F), // DELETE
1819	// Table C.2.2
1820	array(0x0080, 0x009F), // [CONTROL CHARACTERS]
1821	array(0x06DD, 0x06DD), // ARABIC END OF AYAH
1822	array(0x070F, 0x070F), // SYRIAC ABBREVIATION MARK
1823	array(0x180E, 0x180E), // MONGOLIAN VOWEL SEPARATOR
1824	array(0x200C, 0x200C), // ZERO WIDTH NON-JOINER
1825	array(0x200D, 0x200D), // ZERO WIDTH JOINER
1826	array(0x2028, 0x2028), // LINE SEPARATOR
1827	array(0x2029, 0x2029), // PARAGRAPH SEPARATOR
1828	array(0x2060, 0x2060), // WORD JOINER
1829	array(0x2061, 0x2061), // FUNCTION APPLICATION
1830	array(0x2062, 0x2062), // INVISIBLE TIMES
1831	array(0x2063, 0x2063), // INVISIBLE SEPARATOR
1832	array(0x206A, 0x206F), // [CONTROL CHARACTERS]
1833	array(0xFEFF, 0xFEFF), // ZERO WIDTH NO-BREAK SPACE
1834	array(0xFFF9, 0xFFFC), // [CONTROL CHARACTERS]
1835	array(0x1D173, 0x1D17A), // [MUSICAL CONTROL CHARACTERS]
1836	// Table C.3
1837	array(0xE000, 0xF8FF), // [PRIVATE USE, PLANE 0]
1838	array(0xF0000, 0xFFFFD), // [PRIVATE USE, PLANE 15]
1839	array(0x100000, 0x10FFFD), // [PRIVATE USE, PLANE 16]
1840	// Table C.4
1841	array(0xFDD0, 0xFDEF), // [NONCHARACTER CODE POINTS]
1842	array(0xFFFE, 0xFFFF), // [NONCHARACTER CODE POINTS]
1843	array(0x1FFFE, 0x1FFFF), // [NONCHARACTER CODE POINTS]
1844	array(0x2FFFE, 0x2FFFF), // [NONCHARACTER CODE POINTS]
1845	array(0x3FFFE, 0x3FFFF), // [NONCHARACTER CODE POINTS]
1846	array(0x4FFFE, 0x4FFFF), // [NONCHARACTER CODE POINTS]
1847	array(0x5FFFE, 0x5FFFF), // [NONCHARACTER CODE POINTS]
1848	array(0x6FFFE, 0x6FFFF), // [NONCHARACTER CODE POINTS]
1849	array(0x7FFFE, 0x7FFFF), // [NONCHARACTER CODE POINTS]
1850	array(0x8FFFE, 0x8FFFF), // [NONCHARACTER CODE POINTS]
1851	array(0x9FFFE, 0x9FFFF), // [NONCHARACTER CODE POINTS]
1852	array(0xAFFFE, 0xAFFFF), // [NONCHARACTER CODE POINTS]
1853	array(0xBFFFE, 0xBFFFF), // [NONCHARACTER CODE POINTS]
1854	array(0xCFFFE, 0xCFFFF), // [NONCHARACTER CODE POINTS]
1855	array(0xDFFFE, 0xDFFFF), // [NONCHARACTER CODE POINTS]
1856	array(0xEFFFE, 0xEFFFF), // [NONCHARACTER CODE POINTS]
1857	array(0xFFFFE, 0xFFFFF), // [NONCHARACTER CODE POINTS]
1858	array(0x10FFFE, 0x10FFFF), // [NONCHARACTER CODE POINTS]
1859	// Table C.5
1860	array(0xD800, 0xDFFF), // [SURROGATE CODES]
1861	// Table C.6
1862	array(0xFFF9, 0xFFF9), // INTERLINEAR ANNOTATION ANCHOR
1863	array(0xFFFA, 0xFFFA), // INTERLINEAR ANNOTATION SEPARATOR
1864	array(0xFFFB, 0xFFFB), // INTERLINEAR ANNOTATION TERMINATOR
1865	array(0xFFFC, 0xFFFC), // OBJECT REPLACEMENT CHARACTER
1866	array(0xFFFD, 0xFFFD), // REPLACEMENT CHARACTER
1867	// Table C.7
1868	array(0x2FF0, 0x2FFB), // [IDEOGRAPHIC DESCRIPTION CHARACTERS]
1869	// Table C.8
1870	array(0x0340, 0x0340), // COMBINING GRAVE TONE MARK
1871	array(0x0341, 0x0341), // COMBINING ACUTE TONE MARK
1872	array(0x200E, 0x200E), // LEFT-TO-RIGHT MARK
1873	array(0x200F, 0x200F), // RIGHT-TO-LEFT MARK
1874	array(0x202A, 0x202A), // LEFT-TO-RIGHT EMBEDDING
1875	array(0x202B, 0x202B), // RIGHT-TO-LEFT EMBEDDING
1876	array(0x202C, 0x202C), // POP DIRECTIONAL FORMATTING
1877	array(0x202D, 0x202D), // LEFT-TO-RIGHT OVERRIDE
1878	array(0x202E, 0x202E), // RIGHT-TO-LEFT OVERRIDE
1879	array(0x206A, 0x206A), // INHIBIT SYMMETRIC SWAPPING
1880	array(0x206B, 0x206B), // ACTIVATE SYMMETRIC SWAPPING
1881	array(0x206C, 0x206C), // INHIBIT ARABIC FORM SHAPING
1882	array(0x206D, 0x206D), // ACTIVATE ARABIC FORM SHAPING
1883	array(0x206E, 0x206E), // NATIONAL DIGIT SHAPES
1884	array(0x206F, 0x206F), // NOMINAL DIGIT SHAPES
1885	// Table C.9
1886	array(0xE0001, 0xE0001), // LANGUAGE TAG
1887	array(0xE0020, 0xE007F), // [TAGGING CHARACTERS]
1888	// RFC3920
1889	array(0x22, 0x22), // "
1890	array(0x26, 0x26), // &
1891	array(0x27, 0x27), // '
1892	array(0x2F, 0x2F), // /
1893	array(0x3A, 0x3A), // :
1894	array(0x3C, 0x3C), // <
1895	array(0x3E, 0x3E), // >
1896	array(0x40, 0x40) // @
1897	);
1898
1899	$pos = 0;
1900	$result = true;
1901
1902	while ($pos < strlen($username))
1903	{
1904	$len = $uni = 0;
1905	for ($i = 0; $i <= 5; $i++)
1906	{
1907	if (ord($username[$pos]) >= $boundary[$i][0] && ord($username[$pos]) <= $boundary[$i][1])
1908	{
1909	$len = $i + 1;
1910	$uni = (ord($username[$pos]) - $boundary[$i][0]) * pow(2, $i * 6);
1911
1912	for ($k = 1; $k < $len; $k++)
1913	{
1914	$uni += (ord($username[$pos + $k]) - 128) * pow(2, ($i - $k) * 6);
1915	}
1916
1917	break;
1918	}
1919	}
1920
1921	if ($len == 0)
1922	{
1923	return 'WRONG_DATA';
1924	}
1925
1926	foreach ($prohibited as $pval)
1927	{
1928	if ($uni >= $pval[0] && $uni <= $pval[1])
1929	{
1930	$result = false;
1931	break 2;
1932	}
1933	}
1934
1935	$pos = $pos + $len;
1936	}
1937
1938	if (!$result)
1939	{
1940	return 'WRONG_DATA';
1941	}
1942
1943	return false;
1944	}
1945
1946	/**
1947	* Remove avatar
1948	*/
1949	function avatar_delete($mode, $row, $clean_db = false)
1950	{
1951	global $phpbb_root_path, $config, $db, $user;
1952
1953	// Check if the users avatar is actually not a group avatar
1954	if ($mode == 'user')
1955	{
1956	if (strpos($row['user_avatar'], 'g') === 0 \|\| (((int)$row['user_avatar'] !== 0) && ((int)$row['user_avatar'] !== (int)$row['user_id'])))
1957	{
1958	return false;
1959	}
1960	}
1961
1962	if ($clean_db)
1963	{
1964	avatar_remove_db($row[$mode . '_avatar']);
1965	}
1966	$filename = get_avatar_filename($row[$mode . '_avatar']);
1967	if (file_exists($phpbb_root_path . $config['avatar_path'] . '/' . $filename))
1968	{
1969	@unlink($phpbb_root_path . $config['avatar_path'] . '/' . $filename);
1970	return true;
1971	}
1972
1973	return false;
1974	}
1975
1976	/**
1977	* Remote avatar linkage
1978	*/
1979	function avatar_remote($data, &$error)
1980	{
1981	global $config, $db, $user, $phpbb_root_path, $phpEx;
1982
1983	if (!preg_match('#^(http\|https\|ftp)://#i', $data['remotelink']))
1984	{
1985	$data['remotelink'] = 'http://' . $data['remotelink'];
1986	}
1987	if (!preg_match('#^(http\|https\|ftp)://(?:(.?\.)?[a-z0-9\-]+?\.[a-z]{2,4}\|(?:\d{1,3}\.){3,5}\d{1,3}):?([0-9]?).?\.(gif\|jpg\|jpeg\|png)$#i', $data['remotelink']))
1988	{
1989	$error[] = $user->lang['AVATAR_URL_INVALID'];
1990	return false;
1991	}
1992
1993	// Make sure getimagesize works...
1994	if (($image_data = @getimagesize($data['remotelink'])) === false && (empty($data['width']) \|\| empty($data['height'])))
1995	{
1996	$error[] = $user->lang['UNABLE_GET_IMAGE_SIZE'];
1997	return false;
1998	}
1999
2000	if (!empty($image_data) && ($image_data[0] < 2 \|\| $image_data[1] < 2))
2001	{
2002	$error[] = $user->lang['AVATAR_NO_SIZE'];
2003	return false;
2004	}
2005
2006	$width = ($data['width'] && $data['height']) ? $data['width'] : $image_data[0];
2007	$height = ($data['width'] && $data['height']) ? $data['height'] : $image_data[1];
2008
2009	if ($width < 2 \|\| $height < 2)
2010	{
2011	$error[] = $user->lang['AVATAR_NO_SIZE'];
2012	return false;
2013	}
2014
2015	// Check image type
2016	include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);
2017	$types = fileupload::image_types();
2018	$extension = strtolower(filespec::get_extension($data['remotelink']));
2019
2020	if (!empty($image_data) && (!isset($types[$image_data[2]]) \|\| !in_array($extension, $types[$image_data[2]])))
2021	{
2022	if (!isset($types[$image_data[2]]))
2023	{
2024	$error[] = $user->lang['UNABLE_GET_IMAGE_SIZE'];
2025	}
2026	else
2027	{
2028	$error[] = sprintf($user->lang['IMAGE_FILETYPE_MISMATCH'], $types[$image_data[2]][0], $extension);
2029	}
2030	return false;
2031	}
2032
2033	if ($config['avatar_max_width'] \|\| $config['avatar_max_height'])
2034	{
2035	if ($width > $config['avatar_max_width'] \|\| $height > $config['avatar_max_height'])
2036	{
2037	$error[] = sprintf($user->lang['AVATAR_WRONG_SIZE'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], $width, $height);
2038	return false;
2039	}
2040	}
2041
2042	if ($config['avatar_min_width'] \|\| $config['avatar_min_height'])
2043	{
2044	if ($width < $config['avatar_min_width'] \|\| $height < $config['avatar_min_height'])
2045	{
2046	$error[] = sprintf($user->lang['AVATAR_WRONG_SIZE'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], $width, $height);
2047	return false;
2048	}
2049	}
2050
2051	return array(AVATAR_REMOTE, $data['remotelink'], $width, $height);
2052	}
2053
2054	/**
2055	* Avatar upload using the upload class
2056	*/
2057	function avatar_upload($data, &$error)
2058	{
2059	global $phpbb_root_path, $config, $db, $user, $phpEx;
2060
2061	// Init upload class
2062	include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);
2063	$upload = new fileupload('AVATAR_', array('jpg', 'jpeg', 'gif', 'png'), $config['avatar_filesize'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], explode('\|', $config['mime_triggers']));
2064
2065	if (!empty($_FILES['uploadfile']['name']))
2066	{
2067	$file = $upload->form_upload('uploadfile');
2068	}
2069	else
2070	{
2071	$file = $upload->remote_upload($data['uploadurl']);
2072	}
2073
2074	$prefix = $config['avatar_salt'] . '_';
2075	$file->clean_filename('avatar', $prefix, $data['user_id']);
2076
2077	$destination = $config['avatar_path'];
2078
2079	// Adjust destination path (no trailing slash)
2080	if (substr($destination, -1, 1) == '/' \|\| substr($destination, -1, 1) == '\\')
2081	{
2082	$destination = substr($destination, 0, -1);
2083	}
2084
2085	$destination = str_replace(array('../', '..\\', './', '.\\'), '', $destination);
2086	if ($destination && ($destination[0] == '/' \|\| $destination[0] == "\\"))
2087	{
2088	$destination = '';
2089	}
2090
2091	// Move file and overwrite any existing image
2092	$file->move_file($destination, true);
2093
2094	if (sizeof($file->error))
2095	{
2096	$file->remove();
2097	$error = array_merge($error, $file->error);
2098	}
2099
2100	return array(AVATAR_UPLOAD, $data['user_id'] . '_' . time() . '.' . $file->get('extension'), $file->get('width'), $file->get('height'));
2101	}
2102
2103	/**
2104	* Generates avatar filename from the database entry
2105	*/
2106	function get_avatar_filename($avatar_entry)
2107	{
2108	global $config;
2109
2110
2111	if ($avatar_entry[0] === 'g')
2112	{
2113	$avatar_group = true;
2114	$avatar_entry = substr($avatar_entry, 1);
2115	}
2116	else
2117	{
2118	$avatar_group = false;
2119	}
2120	$ext = substr(strrchr($avatar_entry, '.'), 1);
2121	$avatar_entry = intval($avatar_entry);
2122	return $config['avatar_salt'] . '_' . (($avatar_group) ? 'g' : '') . $avatar_entry . '.' . $ext;
2123	}
2124
2125	/**
2126	* Avatar Gallery
2127	*/
2128	function avatar_gallery($category, $avatar_select, $items_per_column, $block_var = 'avatar_row')
2129	{
2130	global $user, $cache, $template;
2131	global $config, $phpbb_root_path;
2132
2133	$avatar_list = array();
2134
2135	$path = $phpbb_root_path . $config['avatar_gallery_path'];
2136
2137	if (!file_exists($path) \|\| !is_dir($path))
2138	{
2139	$avatar_list = array($user->lang['NO_AVATAR_CATEGORY'] => array());
2140	}
2141	else
2142	{
2143	// Collect images
2144	$dp = @opendir($path);
2145
2146	if (!$dp)
2147	{
2148	return array($user->lang['NO_AVATAR_CATEGORY'] => array());
2149	}
2150
2151	while (($file = readdir($dp)) !== false)
2152	{
2153	if ($file[0] != '.' && preg_match('#^[^&"\'<>]+$#i', $file) && is_dir("$path/$file"))
2154	{
2155	$avatar_row_count = $avatar_col_count = 0;
2156
2157	if ($dp2 = @opendir("$path/$file"))
2158	{
2159	while (($sub_file = readdir($dp2)) !== false)
2160	{
2161	if (preg_match('#^[^&\'"<>]+\.(?:gif\|png\|jpe?g)$#i', $sub_file))
2162	{
2163	$avatar_list[$file][$avatar_row_count][$avatar_col_count] = array(
2164	'file' => rawurlencode($file) . '/' . rawurlencode($sub_file),
2165	'filename' => rawurlencode($sub_file),
2166	'name' => ucfirst(str_replace('_', ' ', preg_replace('#^(.)\..$#', '\1', $sub_file))),
2167	);
2168	$avatar_col_count++;
2169	if ($avatar_col_count == $items_per_column)
2170	{
2171	$avatar_row_count++;
2172	$avatar_col_count = 0;
2173	}
2174	}
2175	}
2176	closedir($dp2);
2177	}
2178	}
2179	}
2180	closedir($dp);
2181	}
2182
2183	if (!sizeof($avatar_list))
2184	{
2185	$avatar_list = array($user->lang['NO_AVATAR_CATEGORY'] => array());
2186	}
2187
2188	@ksort($avatar_list);
2189
2190	$category = (!$category) ? key($avatar_list) : $category;
2191	$avatar_categories = array_keys($avatar_list);
2192
2193	$s_category_options = '';
2194	foreach ($avatar_categories as $cat)
2195	{
2196	$s_category_options .= '<option value="' . $cat . '"' . (($cat == $category) ? ' selected="selected"' : '') . '>' . $cat . '</option>';
2197	}
2198
2199	$template->assign_vars(array(
2200	'S_AVATARS_ENABLED' => true,
2201	'S_IN_AVATAR_GALLERY' => true,
2202	'S_CAT_OPTIONS' => $s_category_options)
2203	);
2204
2205	$avatar_list = (isset($avatar_list[$category])) ? $avatar_list[$category] : array();
2206
2207	foreach ($avatar_list as $avatar_row_ary)
2208	{
2209	$template->assign_block_vars($block_var, array());
2210
2211	foreach ($avatar_row_ary as $avatar_col_ary)
2212	{
2213	$template->assign_block_vars($block_var . '.avatar_column', array(
2214	'AVATAR_IMAGE' => $phpbb_root_path . $config['avatar_gallery_path'] . '/' . $avatar_col_ary['file'],
2215	'AVATAR_NAME' => $avatar_col_ary['name'],
2216	'AVATAR_FILE' => $avatar_col_ary['filename'])
2217	);
2218
2219	$template->assign_block_vars($block_var . '.avatar_option_column', array(
2220	'AVATAR_IMAGE' => $phpbb_root_path . $config['avatar_gallery_path'] . '/' . $avatar_col_ary['file'],
2221	'S_OPTIONS_AVATAR' => $avatar_col_ary['filename'])
2222	);
2223	}
2224	}
2225
2226	return $avatar_list;
2227	}
2228
2229
2230	/**
2231	* Tries to (re-)establish avatar dimensions
2232	*/
2233	function avatar_get_dimensions($avatar, $avatar_type, &$error, $current_x = 0, $current_y = 0)
2234	{
2235	global $config, $phpbb_root_path, $user;
2236
2237	switch ($avatar_type)
2238	{
2239	case AVATAR_REMOTE :
2240	break;
2241
2242	case AVATAR_UPLOAD :
2243	$avatar = $phpbb_root_path . $config['avatar_path'] . '/' . get_avatar_filename($avatar);
2244	break;
2245
2246	case AVATAR_GALLERY :
2247	$avatar = $phpbb_root_path . $config['avatar_gallery_path'] . '/' . $avatar ;
2248	break;
2249	}
2250
2251	// Make sure getimagesize works...
2252	if (($image_data = @getimagesize($avatar)) === false)
2253	{
2254	$error[] = $user->lang['UNABLE_GET_IMAGE_SIZE'];
2255	return false;
2256	}
2257
2258	if ($image_data[0] < 2 \|\| $image_data[1] < 2)
2259	{
2260	$error[] = $user->lang['AVATAR_NO_SIZE'];
2261	return false;
2262	}
2263
2264	// try to maintain ratio
2265	if (!(empty($current_x) && empty($current_y)))
2266	{
2267	if ($current_x != 0)
2268	{
2269	$image_data[1] = (int) floor(($current_x / $image_data[0]) * $image_data[1]);
2270	$image_data[1] = min($config['avatar_max_height'], $image_data[1]);
2271	$image_data[1] = max($config['avatar_min_height'], $image_data[1]);
2272	}
2273	if ($current_y != 0)
2274	{
2275	$image_data[0] = (int) floor(($current_y / $image_data[1]) * $image_data[0]);
2276	$image_data[0] = min($config['avatar_max_width'], $image_data[1]);
2277	$image_data[0] = max($config['avatar_min_width'], $image_data[1]);
2278	}
2279	}
2280	return array($image_data[0], $image_data[1]);
2281	}
2282
2283	/**
2284	* Uploading/Changing user avatar
2285	*/
2286	function avatar_process_user(&$error, $custom_userdata = false)
2287	{
2288	global $config, $phpbb_root_path, $auth, $user, $db;
2289
2290	$data = array(
2291	'uploadurl' => request_var('uploadurl', ''),
2292	'remotelink' => request_var('remotelink', ''),
2293	'width' => request_var('width', 0),
2294	'height' => request_var('height', 0),
2295	);
2296
2297	$error = validate_data($data, array(
2298	'uploadurl' => array('string', true, 5, 255),
2299	'remotelink' => array('string', true, 5, 255),
2300	'width' => array('string', true, 1, 3),
2301	'height' => array('string', true, 1, 3),
2302	));
2303
2304	if (sizeof($error))
2305	{
2306	return false;
2307	}
2308
2309	$sql_ary = array();
2310
2311	if ($custom_userdata === false)
2312	{
2313	$userdata = &$user->data;
2314	}
2315	else
2316	{
2317	$userdata = &$custom_userdata;
2318	}
2319
2320	$data['user_id'] = $userdata['user_id'];
2321	$change_avatar = ($custom_userdata === false) ? $auth->acl_get('u_chgavatar') : true;
2322	$avatar_select = basename(request_var('avatar_select', ''));
2323
2324	// Can we upload?
2325	$can_upload = ($config['allow_avatar_upload'] && file_exists($phpbb_root_path . $config['avatar_path']) && @is_writable($phpbb_root_path . $config['avatar_path']) && $change_avatar && (@ini_get('file_uploads') \|\| strtolower(@ini_get('file_uploads')) == 'on')) ? true : false;
2326
2327	if ((!empty($_FILES['uploadfile']['name']) \|\| $data['uploadurl']) && $can_upload)
2328	{
2329	list($sql_ary['user_avatar_type'], $sql_ary['user_avatar'], $sql_ary['user_avatar_width'], $sql_ary['user_avatar_height']) = avatar_upload($data, $error);
2330	}
2331	else if ($data['remotelink'] && $change_avatar && $config['allow_avatar_remote'])
2332	{
2333	list($sql_ary['user_avatar_type'], $sql_ary['user_avatar'], $sql_ary['user_avatar_width'], $sql_ary['user_avatar_height']) = avatar_remote($data, $error);
2334	}
2335	else if ($avatar_select && $change_avatar && $config['allow_avatar_local'])
2336	{
2337	$category = basename(request_var('category', ''));
2338
2339	$sql_ary['user_avatar_type'] = AVATAR_GALLERY;
2340	$sql_ary['user_avatar'] = $avatar_select;
2341
2342	// check avatar gallery
2343	if (!is_dir($phpbb_root_path . $config['avatar_gallery_path'] . '/' . $category))
2344	{
2345	$sql_ary['user_avatar'] = '';
2346	$sql_ary['user_avatar_type'] = $sql_ary['user_avatar_width'] = $sql_ary['user_avatar_height'] = 0;
2347	}
2348	else
2349	{
2350	list($sql_ary['user_avatar_width'], $sql_ary['user_avatar_height']) = getimagesize($phpbb_root_path . $config['avatar_gallery_path'] . '/' . $category . '/' . $sql_ary['user_avatar']);
2351	$sql_ary['user_avatar'] = $category . '/' . $sql_ary['user_avatar'];
2352	}
2353	}
2354	else if (isset($_POST['delete']) && $change_avatar)
2355	{
2356	$sql_ary['user_avatar'] = '';
2357	$sql_ary['user_avatar_type'] = $sql_ary['user_avatar_width'] = $sql_ary['user_avatar_height'] = 0;
2358	}
2359	else if (!empty($userdata['user_avatar']))
2360	{
2361	// Only update the dimensions
2362
2363	if (empty($data['width']) \|\| empty($data['height']))
2364	{
2365	if ($dims = avatar_get_dimensions($userdata['user_avatar'], $userdata['user_avatar_type'], $error, $data['width'], $data['height']))
2366	{
2367	list($guessed_x, $guessed_y) = $dims;
2368	if (empty($data['width']))
2369	{
2370	$data['width'] = $guessed_x;
2371	}
2372	if (empty($data['height']))
2373	{
2374	$data['height'] = $guessed_y;
2375	}
2376	}
2377	}
2378	if (($config['avatar_max_width'] \|\| $config['avatar_max_height']) &&
2379	(($data['width'] != $userdata['user_avatar_width']) \|\| $data['height'] != $userdata['user_avatar_height']))
2380	{
2381	if ($data['width'] > $config['avatar_max_width'] \|\| $data['height'] > $config['avatar_max_height'])
2382	{
2383	$error[] = sprintf($user->lang['AVATAR_WRONG_SIZE'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], $data['width'], $data['height']);
2384	}
2385	}
2386
2387	if (!sizeof($error))
2388	{
2389	if ($config['avatar_min_width'] \|\| $config['avatar_min_height'])
2390	{
2391	if ($data['width'] < $config['avatar_min_width'] \|\| $data['height'] < $config['avatar_min_height'])
2392	{
2393	$error[] = sprintf($user->lang['AVATAR_WRONG_SIZE'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], $data['width'], $data['height']);
2394	}
2395	}
2396	}
2397
2398	if (!sizeof($error))
2399	{
2400	$sql_ary['user_avatar_width'] = $data['width'];
2401	$sql_ary['user_avatar_height'] = $data['height'];
2402	}
2403	}
2404
2405	if (!sizeof($error))
2406	{
2407	// Do we actually have any data to update?
2408	if (sizeof($sql_ary))
2409	{
2410	$ext_new = $ext_old = '';
2411	if (isset($sql_ary['user_avatar']))
2412	{
2413	$userdata = ($custom_userdata === false) ? $user->data : $custom_userdata;
2414	$ext_new = (empty($sql_ary['user_avatar'])) ? '' : substr(strrchr($sql_ary['user_avatar'], '.'), 1);
2415	$ext_old = (empty($userdata['user_avatar'])) ? '' : substr(strrchr($userdata['user_avatar'], '.'), 1);
2416
2417	if ($userdata['user_avatar_type'] == AVATAR_UPLOAD)
2418	{
2419	// Delete old avatar if present
2420	if ((!empty($userdata['user_avatar']) && empty($sql_ary['user_avatar']))
2421	\|\| ( !empty($userdata['user_avatar']) && !empty($sql_ary['user_avatar']) && $ext_new !== $ext_old))
2422	{
2423	avatar_delete('user', $userdata);
2424	}
2425	}
2426	}
2427
2428	$sql = 'UPDATE ' . USERS_TABLE . '
2429	SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
2430	WHERE user_id = ' . (($custom_userdata === false) ? $user->data['user_id'] : $custom_userdata['user_id']);
2431	$db->sql_query($sql);
2432
2433	}
2434	}
2435
2436	return (sizeof($error)) ? false : true;
2437	}
2438
2439	//
2440	// Usergroup functions
2441	//
2442
2443	/**
2444	* Add or edit a group. If we're editing a group we only update user
2445	* parameters such as rank, etc. if they are changed
2446	*/
2447	function group_create(&$group_id, $type, $name, $desc, $group_attributes, $allow_desc_bbcode = false, $allow_desc_urls = false, $allow_desc_smilies = false)
2448	{
2449	global $phpbb_root_path, $config, $db, $user, $file_upload;
2450
2451	$error = array();
2452
2453	// Attributes which also affect the users table
2454	$user_attribute_ary = array('group_colour', 'group_rank', 'group_avatar', 'group_avatar_type', 'group_avatar_width', 'group_avatar_height');
2455
2456	// Check data. Limit group name length.
2457	if (!utf8_strlen($name) \|\| utf8_strlen($name) > 60)
2458	{
2459	$error[] = (!utf8_strlen($name)) ? $user->lang['GROUP_ERR_USERNAME'] : $user->lang['GROUP_ERR_USER_LONG'];
2460	}
2461
2462	$err = group_validate_groupname($group_id, $name);
2463	if (!empty($err))
2464	{
2465	$error[] = $user->lang[$err];
2466	}
2467
2468	if (!in_array($type, array(GROUP_OPEN, GROUP_CLOSED, GROUP_HIDDEN, GROUP_SPECIAL, GROUP_FREE)))
2469	{
2470	$error[] = $user->lang['GROUP_ERR_TYPE'];
2471	}
2472
2473	if (!sizeof($error))
2474	{
2475	$user_ary = array();
2476	$sql_ary = array(
2477	'group_name' => (string) $name,
2478	'group_desc' => (string) $desc,
2479	'group_desc_uid' => '',
2480	'group_desc_bitfield' => '',
2481	'group_type' => (int) $type,
2482	);
2483
2484	// Parse description
2485	if ($desc)
2486	{
2487	generate_text_for_storage($sql_ary['group_desc'], $sql_ary['group_desc_uid'], $sql_ary['group_desc_bitfield'], $sql_ary['group_desc_options'], $allow_desc_bbcode, $allow_desc_urls, $allow_desc_smilies);
2488	}
2489
2490	if (sizeof($group_attributes))
2491	{
2492	// Merge them with $sql_ary to properly update the group
2493	$sql_ary = array_merge($sql_ary, $group_attributes);
2494	}
2495
2496	// Setting the log message before we set the group id (if group gets added)
2497	$log = ($group_id) ? 'LOG_GROUP_UPDATED' : 'LOG_GROUP_CREATED';
2498
2499	$query = '';
2500
2501	if ($group_id)
2502	{
2503	$sql = 'SELECT user_id
2504	FROM ' . USERS_TABLE . '
2505	WHERE group_id = ' . $group_id;
2506	$result = $db->sql_query($sql);
2507
2508	while ($row = $db->sql_fetchrow($result))
2509	{
2510	$user_ary[] = $row['user_id'];
2511	}
2512	$db->sql_freeresult($result);
2513
2514	if (isset($sql_ary['group_avatar']) && !$sql_ary['group_avatar'])
2515	{
2516	remove_default_avatar($group_id, $user_ary);
2517	}
2518
2519	if (isset($sql_ary['group_rank']) && !$sql_ary['group_rank'])
2520	{
2521	remove_default_rank($group_id, $user_ary);
2522	}
2523
2524	$sql = 'UPDATE ' . GROUPS_TABLE . '
2525	SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
2526	WHERE group_id = $group_id";
2527	$db->sql_query($sql);
2528
2529	// Since we may update the name too, we need to do this on other tables too...
2530	$sql = 'UPDATE ' . MODERATOR_CACHE_TABLE . "
2531	SET group_name = '" . $db->sql_escape($sql_ary['group_name']) . "'
2532	WHERE group_id = $group_id";
2533	$db->sql_query($sql);
2534
2535	// One special case is the group skip auth setting. If this was changed we need to purge permissions for this group
2536	if (isset($group_attributes['group_skip_auth']))
2537	{
2538	// Get users within this group...
2539	$sql = 'SELECT user_id
2540	FROM ' . USER_GROUP_TABLE . '
2541	WHERE group_id = ' . $group_id . '
2542	AND user_pending = 0';
2543	$result = $db->sql_query($sql);
2544
2545	$user_id_ary = array();
2546	while ($row = $db->sql_fetchrow($result))
2547	{
2548	$user_id_ary[] = $row['user_id'];
2549	}
2550	$db->sql_freeresult($result);
2551
2552	if (!empty($user_id_ary))
2553	{
2554	global $auth;
2555
2556	// Clear permissions cache of relevant users
2557	$auth->acl_clear_prefetch($user_id_ary);
2558	}
2559	}
2560	}
2561	else
2562	{
2563	$sql = 'INSERT INTO ' . GROUPS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
2564	$db->sql_query($sql);
2565	}
2566
2567	if (!$group_id)
2568	{
2569	$group_id = $db->sql_nextid();
2570
2571	if (isset($sql_ary['group_avatar_type']) && $sql_ary['group_avatar_type'] == AVATAR_UPLOAD)
2572	{
2573	group_correct_avatar($group_id, $sql_ary['group_avatar']);
2574	}
2575	}
2576
2577	// Set user attributes
2578	$sql_ary = array();
2579	if (sizeof($group_attributes))
2580	{
2581	// Go through the user attributes array, check if a group attribute matches it and then set it. ;)
2582	foreach ($user_attribute_ary as $attribute)
2583	{
2584	if (!isset($group_attributes[$attribute]))
2585	{
2586	continue;
2587	}
2588
2589	// If we are about to set an avatar, we will not overwrite user avatars if no group avatar is set...
2590	if (strpos($attribute, 'group_avatar') === 0 && !$group_attributes[$attribute])
2591	{
2592	continue;
2593	}
2594
2595	$sql_ary[$attribute] = $group_attributes[$attribute];
2596	}
2597	}
2598
2599	if (sizeof($sql_ary) && sizeof($user_ary))
2600	{
2601	group_set_user_default($group_id, $user_ary, $sql_ary);
2602	}
2603
2604	$name = ($type == GROUP_SPECIAL) ? $user->lang['G_' . $name] : $name;
2605	add_log('admin', $log, $name);
2606
2607	group_update_listings($group_id);
2608	}
2609
2610	return (sizeof($error)) ? $error : false;
2611	}
2612
2613
2614	/**
2615	* Changes a group avatar's filename to conform to the naming scheme
2616	*/
2617	function group_correct_avatar($group_id, $old_entry)
2618	{
2619	global $config, $db, $phpbb_root_path;
2620
2621	$group_id = (int)$group_id;
2622	$ext = substr(strrchr($old_entry, '.'), 1);
2623	$old_filename = get_avatar_filename($old_entry);
2624	$new_filename = $config['avatar_salt'] . "_g$group_id.$ext";
2625	$new_entry = 'g' . $group_id . '_' . substr(time(), -5) . ".$ext";
2626
2627	$avatar_path = $phpbb_root_path . $config['avatar_path'];
2628	if (@rename($avatar_path . '/'. $old_filename, $avatar_path . '/' . $new_filename))
2629	{
2630	$sql = 'UPDATE ' . GROUPS_TABLE . '
2631	SET group_avatar = \'' . $db->sql_escape($new_entry) . "'
2632	WHERE group_id = $group_id";
2633	$db->sql_query($sql);
2634	}
2635	}
2636
2637
2638	/**
2639	* Remove avatar also for users not having the group as default
2640	*/
2641	function avatar_remove_db($avatar_name)
2642	{
2643	global $config, $db;
2644
2645	$sql = 'UPDATE ' . USERS_TABLE . "
2646	SET user_avatar = '',
2647	user_avatar_type = 0
2648	WHERE user_avatar = '" . $db->sql_escape($avatar_name) . '\'';
2649	$db->sql_query($sql);
2650	}
2651
2652
2653	/**
2654	* Group Delete
2655	*/
2656	function group_delete($group_id, $group_name = false)
2657	{
2658	global $db, $phpbb_root_path, $phpEx;
2659
2660	if (!$group_name)
2661	{
2662	$group_name = get_group_name($group_id);
2663	}
2664
2665	$start = 0;
2666
2667	do
2668	{
2669	$user_id_ary = $username_ary = array();
2670
2671	// Batch query for group members, call group_user_del
2672	$sql = 'SELECT u.user_id, u.username
2673	FROM ' . USER_GROUP_TABLE . ' ug, ' . USERS_TABLE . " u
2674	WHERE ug.group_id = $group_id
2675	AND u.user_id = ug.user_id";
2676	$result = $db->sql_query_limit($sql, 200, $start);
2677
2678	if ($row = $db->sql_fetchrow($result))
2679	{
2680	do
2681	{
2682	$user_id_ary[] = $row['user_id'];
2683	$username_ary[] = $row['username'];
2684
2685	$start++;
2686	}
2687	while ($row = $db->sql_fetchrow($result));
2688
2689	group_user_del($group_id, $user_id_ary, $username_ary, $group_name);
2690	}
2691	else
2692	{
2693	$start = 0;
2694	}
2695	$db->sql_freeresult($result);
2696	}
2697	while ($start);
2698
2699	// Delete group
2700	$sql = 'DELETE FROM ' . GROUPS_TABLE . "
2701	WHERE group_id = $group_id";
2702	$db->sql_query($sql);
2703
2704	// Delete auth entries from the groups table
2705	$sql = 'DELETE FROM ' . ACL_GROUPS_TABLE . "
2706	WHERE group_id = $group_id";
2707	$db->sql_query($sql);
2708
2709	// Re-cache moderators
2710	if (!function_exists('cache_moderators'))
2711	{
2712	include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
2713	}
2714
2715	cache_moderators();
2716
2717	add_log('admin', 'LOG_GROUP_DELETE', $group_name);
2718
2719	// Return false - no error
2720	return false;
2721	}
2722
2723	/**
2724	* Add user(s) to group
2725	*
2726	* @return mixed false if no errors occurred, else the user lang string for the relevant error, for example 'NO_USER'
2727	*/
2728	function group_user_add($group_id, $user_id_ary = false, $username_ary = false, $group_name = false, $default = false, $leader = 0, $pending = 0, $group_attributes = false)
2729	{
2730	global $db, $auth;
2731
2732	// We need both username and user_id info
2733	$result = user_get_id_name($user_id_ary, $username_ary);
2734
2735	if (!sizeof($user_id_ary) \|\| $result !== false)
2736	{
2737	return 'NO_USER';
2738	}
2739
2740	// Remove users who are already members of this group
2741	$sql = 'SELECT user_id, group_leader
2742	FROM ' . USER_GROUP_TABLE . '
2743	WHERE ' . $db->sql_in_set('user_id', $user_id_ary) . "
2744	AND group_id = $group_id";
2745	$result = $db->sql_query($sql);
2746
2747	$add_id_ary = $update_id_ary = array();
2748	while ($row = $db->sql_fetchrow($result))
2749	{
2750	$add_id_ary[] = (int) $row['user_id'];
2751
2752	if ($leader && !$row['group_leader'])
2753	{
2754	$update_id_ary[] = (int) $row['user_id'];
2755	}
2756	}
2757	$db->sql_freeresult($result);
2758
2759	// Do all the users exist in this group?
2760	$add_id_ary = array_diff($user_id_ary, $add_id_ary);
2761
2762	// If we have no users
2763	if (!sizeof($add_id_ary) && !sizeof($update_id_ary))
2764	{
2765	return 'GROUP_USERS_EXIST';
2766	}
2767
2768	$db->sql_transaction('begin');
2769
2770	// Insert the new users
2771	if (sizeof($add_id_ary))
2772	{
2773	$sql_ary = array();
2774
2775	foreach ($add_id_ary as $user_id)
2776	{
2777	$sql_ary[] = array(
2778	'user_id' => (int) $user_id,
2779	'group_id' => (int) $group_id,
2780	'group_leader' => (int) $leader,
2781	'user_pending' => (int) $pending,
2782	);
2783	}
2784
2785	$db->sql_multi_insert(USER_GROUP_TABLE, $sql_ary);
2786	}
2787
2788	if (sizeof($update_id_ary))
2789	{
2790	$sql = 'UPDATE ' . USER_GROUP_TABLE . '
2791	SET group_leader = 1
2792	WHERE ' . $db->sql_in_set('user_id', $update_id_ary) . "
2793	AND group_id = $group_id";
2794	$db->sql_query($sql);
2795	}
2796
2797	if ($default)
2798	{
2799	group_user_attributes('default', $group_id, $user_id_ary, false, $group_name, $group_attributes);
2800	}
2801
2802	$db->sql_transaction('commit');
2803
2804	// Clear permissions cache of relevant users
2805	$auth->acl_clear_prefetch($user_id_ary);
2806
2807	if (!$group_name)
2808	{
2809	$group_name = get_group_name($group_id);
2810	}
2811
2812	$log = ($leader) ? 'LOG_MODS_ADDED' : (($pending) ? 'LOG_USERS_PENDING' : 'LOG_USERS_ADDED');
2813
2814	add_log('admin', $log, $group_name, implode(', ', $username_ary));
2815
2816	group_update_listings($group_id);
2817
2818	// Return false - no error
2819	return false;
2820	}
2821
2822	/**
2823	* Remove a user/s from a given group. When we remove users we update their
2824	* default group_id. We do this by examining which "special" groups they belong
2825	* to. The selection is made based on a reasonable priority system
2826	*
2827	* @return false if no errors occurred, else the user lang string for the relevant error, for example 'NO_USER'
2828	*/
2829	function group_user_del($group_id, $user_id_ary = false, $username_ary = false, $group_name = false)
2830	{
2831	global $db, $auth, $config;
2832
2833	if ($config['coppa_enable'])
2834	{
2835	$group_order = array('ADMINISTRATORS', 'GLOBAL_MODERATORS', 'NEWLY_REGISTERED', 'REGISTERED_COPPA', 'REGISTERED', 'BOTS', 'GUESTS');
2836	}
2837	else
2838	{
2839	$group_order = array('ADMINISTRATORS', 'GLOBAL_MODERATORS', 'NEWLY_REGISTERED', 'REGISTERED', 'BOTS', 'GUESTS');
2840	}
2841
2842	// We need both username and user_id info
2843	$result = user_get_id_name($user_id_ary, $username_ary);
2844
2845	if (!sizeof($user_id_ary) \|\| $result !== false)
2846	{
2847	return 'NO_USER';
2848	}
2849
2850	$sql = 'SELECT *
2851	FROM ' . GROUPS_TABLE . '
2852	WHERE ' . $db->sql_in_set('group_name', $group_order);
2853	$result = $db->sql_query($sql);
2854
2855	$group_order_id = $special_group_data = array();
2856	while ($row = $db->sql_fetchrow($result))
2857	{
2858	$group_order_id[$row['group_name']] = $row['group_id'];
2859
2860	$special_group_data[$row['group_id']] = array(
2861	'group_colour' => $row['group_colour'],
2862	'group_rank' => $row['group_rank'],
2863	);
2864
2865	// Only set the group avatar if one is defined...
2866	if ($row['group_avatar'])
2867	{
2868	$special_group_data[$row['group_id']] = array_merge($special_group_data[$row['group_id']], array(
2869	'group_avatar' => $row['group_avatar'],
2870	'group_avatar_type' => $row['group_avatar_type'],
2871	'group_avatar_width' => $row['group_avatar_width'],
2872	'group_avatar_height' => $row['group_avatar_height'])
2873	);
2874	}
2875	}
2876	$db->sql_freeresult($result);
2877
2878	// Get users default groups - we only need to reset default group membership if the group from which the user gets removed is set as default
2879	$sql = 'SELECT user_id, group_id
2880	FROM ' . USERS_TABLE . '
2881	WHERE ' . $db->sql_in_set('user_id', $user_id_ary);
2882	$result = $db->sql_query($sql);
2883
2884	$default_groups = array();
2885	while ($row = $db->sql_fetchrow($result))
2886	{
2887	$default_groups[$row['user_id']] = $row['group_id'];
2888	}
2889	$db->sql_freeresult($result);
2890
2891	// What special group memberships exist for these users?
2892	$sql = 'SELECT g.group_id, g.group_name, ug.user_id
2893	FROM ' . USER_GROUP_TABLE . ' ug, ' . GROUPS_TABLE . ' g
2894	WHERE ' . $db->sql_in_set('ug.user_id', $user_id_ary) . "
2895	AND g.group_id = ug.group_id
2896	AND g.group_id <> $group_id
2897	AND g.group_type = " . GROUP_SPECIAL . '
2898	ORDER BY ug.user_id, g.group_id';
2899	$result = $db->sql_query($sql);
2900
2901	$temp_ary = array();
2902	while ($row = $db->sql_fetchrow($result))
2903	{
2904	if ($default_groups[$row['user_id']] == $group_id && (!isset($temp_ary[$row['user_id']]) \|\| $group_order_id[$row['group_name']] < $temp_ary[$row['user_id']]))
2905	{
2906	$temp_ary[$row['user_id']] = $row['group_id'];
2907	}
2908	}
2909	$db->sql_freeresult($result);
2910
2911	// sql_where_ary holds the new default groups and their users
2912	$sql_where_ary = array();
2913	foreach ($temp_ary as $uid => $gid)
2914	{
2915	$sql_where_ary[$gid][] = $uid;
2916	}
2917	unset($temp_ary);
2918
2919	foreach ($special_group_data as $gid => $default_data_ary)
2920	{
2921	if (isset($sql_where_ary[$gid]) && sizeof($sql_where_ary[$gid]))
2922	{
2923	remove_default_rank($group_id, $sql_where_ary[$gid]);
2924	remove_default_avatar($group_id, $sql_where_ary[$gid]);
2925	group_set_user_default($gid, $sql_where_ary[$gid], $default_data_ary);
2926	}
2927	}
2928	unset($special_group_data);
2929
2930	$sql = 'DELETE FROM ' . USER_GROUP_TABLE . "
2931	WHERE group_id = $group_id
2932	AND " . $db->sql_in_set('user_id', $user_id_ary);
2933	$db->sql_query($sql);
2934
2935	// Clear permissions cache of relevant users
2936	$auth->acl_clear_prefetch($user_id_ary);
2937
2938	if (!$group_name)
2939	{
2940	$group_name = get_group_name($group_id);
2941	}
2942
2943	$log = 'LOG_GROUP_REMOVE';
2944
2945	if ($group_name)
2946	{
2947	add_log('admin', $log, $group_name, implode(', ', $username_ary));
2948	}
2949
2950	group_update_listings($group_id);
2951
2952	// Return false - no error
2953	return false;
2954	}
2955
2956
2957	/**
2958	* Removes the group avatar of the default group from the users in user_ids who have that group as default.
2959	*/
2960	function remove_default_avatar($group_id, $user_ids)
2961	{
2962	global $db;
2963
2964	if (!is_array($user_ids))
2965	{
2966	$user_ids = array($user_ids);
2967	}
2968	if (empty($user_ids))
2969	{
2970	return false;
2971	}
2972
2973	$user_ids = array_map('intval', $user_ids);
2974
2975	$sql = 'SELECT *
2976	FROM ' . GROUPS_TABLE . '
2977	WHERE group_id = ' . (int)$group_id;
2978	$result = $db->sql_query($sql);
2979	if (!$row = $db->sql_fetchrow($result))
2980	{
2981	$db->sql_freeresult($result);
2982	return false;
2983	}
2984	$db->sql_freeresult($result);
2985
2986	$sql = 'UPDATE ' . USERS_TABLE . "
2987	SET user_avatar = '',
2988	user_avatar_type = 0,
2989	user_avatar_width = 0,
2990	user_avatar_height = 0
2991	WHERE group_id = " . (int) $group_id . "
2992	AND user_avatar = '" . $db->sql_escape($row['group_avatar']) . "'
2993	AND " . $db->sql_in_set('user_id', $user_ids);
2994
2995	$db->sql_query($sql);
2996	}
2997
2998	/**
2999	* Removes the group rank of the default group from the users in user_ids who have that group as default.
3000	*/
3001	function remove_default_rank($group_id, $user_ids)
3002	{
3003	global $db;
3004
3005	if (!is_array($user_ids))
3006	{
3007	$user_ids = array($user_ids);
3008	}
3009	if (empty($user_ids))
3010	{
3011	return false;
3012	}
3013
3014	$user_ids = array_map('intval', $user_ids);
3015
3016	$sql = 'SELECT *
3017	FROM ' . GROUPS_TABLE . '
3018	WHERE group_id = ' . (int)$group_id;
3019	$result = $db->sql_query($sql);
3020	if (!$row = $db->sql_fetchrow($result))
3021	{
3022	$db->sql_freeresult($result);
3023	return false;
3024	}
3025	$db->sql_freeresult($result);
3026
3027	$sql = 'UPDATE ' . USERS_TABLE . '
3028	SET user_rank = 0
3029	WHERE group_id = ' . (int)$group_id . '
3030	AND user_rank <> 0
3031	AND user_rank = ' . (int)$row['group_rank'] . '
3032	AND ' . $db->sql_in_set('user_id', $user_ids);
3033	$db->sql_query($sql);
3034	}
3035
3036	/**
3037	* This is used to promote (to leader), demote or set as default a member/s
3038	*/
3039	function group_user_attributes($action, $group_id, $user_id_ary = false, $username_ary = false, $group_name = false, $group_attributes = false)
3040	{
3041	global $db, $auth, $phpbb_root_path, $phpEx, $config;
3042
3043	// We need both username and user_id info
3044	$result = user_get_id_name($user_id_ary, $username_ary);
3045
3046	if (!sizeof($user_id_ary) \|\| $result !== false)
3047	{
3048	return 'NO_USERS';
3049	}
3050
3051	if (!$group_name)
3052	{
3053	$group_name = get_group_name($group_id);
3054	}
3055
3056	switch ($action)
3057	{
3058	case 'demote':
3059	case 'promote':
3060
3061	$sql = 'SELECT user_id FROM ' . USER_GROUP_TABLE . "
3062	WHERE group_id = $group_id
3063	AND user_pending = 1
3064	AND " . $db->sql_in_set('user_id', $user_id_ary);
3065	$result = $db->sql_query_limit($sql, 1);
3066	$not_empty = ($db->sql_fetchrow($result));
3067	$db->sql_freeresult($result);
3068	if ($not_empty)
3069	{
3070	return 'NO_VALID_USERS';
3071	}
3072
3073	$sql = 'UPDATE ' . USER_GROUP_TABLE . '
3074	SET group_leader = ' . (($action == 'promote') ? 1 : 0) . "
3075	WHERE group_id = $group_id
3076	AND user_pending = 0
3077	AND " . $db->sql_in_set('user_id', $user_id_ary);
3078	$db->sql_query($sql);
3079
3080	$log = ($action == 'promote') ? 'LOG_GROUP_PROMOTED' : 'LOG_GROUP_DEMOTED';
3081	break;
3082
3083	case 'approve':
3084	// Make sure we only approve those which are pending ;)
3085	$sql = 'SELECT u.user_id, u.user_email, u.username, u.username_clean, u.user_notify_type, u.user_jabber, u.user_lang
3086	FROM ' . USERS_TABLE . ' u, ' . USER_GROUP_TABLE . ' ug
3087	WHERE ug.group_id = ' . $group_id . '
3088	AND ug.user_pending = 1
3089	AND ug.user_id = u.user_id
3090	AND ' . $db->sql_in_set('ug.user_id', $user_id_ary);
3091	$result = $db->sql_query($sql);
3092
3093	$user_id_ary = $email_users = array();
3094	while ($row = $db->sql_fetchrow($result))
3095	{
3096	$user_id_ary[] = $row['user_id'];
3097	$email_users[] = $row;
3098	}
3099	$db->sql_freeresult($result);
3100
3101	if (!sizeof($user_id_ary))
3102	{
3103	return false;
3104	}
3105
3106	$sql = 'UPDATE ' . USER_GROUP_TABLE . "
3107	SET user_pending = 0
3108	WHERE group_id = $group_id
3109	AND " . $db->sql_in_set('user_id', $user_id_ary);
3110	$db->sql_query($sql);
3111
3112	// Send approved email to users...
3113	include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
3114	$messenger = new messenger();
3115
3116	foreach ($email_users as $row)
3117	{
3118	$messenger->template('group_approved', $row['user_lang']);
3119
3120	$messenger->to($row['user_email'], $row['username']);
3121	$messenger->im($row['user_jabber'], $row['username']);
3122
3123	$messenger->assign_vars(array(
3124	'USERNAME' => htmlspecialchars_decode($row['username']),
3125	'GROUP_NAME' => htmlspecialchars_decode($group_name),
3126	'U_GROUP' => generate_board_url() . "/ucp.$phpEx?i=groups&mode=membership")
3127	);
3128
3129	$messenger->send($row['user_notify_type']);
3130	}
3131
3132	$messenger->save_queue();
3133
3134	$log = 'LOG_USERS_APPROVED';
3135	break;
3136
3137	case 'default':
3138	// We only set default group for approved members of the group
3139	$sql = 'SELECT user_id
3140	FROM ' . USER_GROUP_TABLE . "
3141	WHERE group_id = $group_id
3142	AND user_pending = 0
3143	AND " . $db->sql_in_set('user_id', $user_id_ary);
3144	$result = $db->sql_query($sql);
3145
3146	$user_id_ary = $username_ary = array();
3147	while ($row = $db->sql_fetchrow($result))
3148	{
3149	$user_id_ary[] = $row['user_id'];
3150	}
3151	$db->sql_freeresult($result);
3152
3153	$result = user_get_id_name($user_id_ary, $username_ary);
3154	if (!sizeof($user_id_ary) \|\| $result !== false)
3155	{
3156	return 'NO_USERS';
3157	}
3158
3159	$sql = 'SELECT user_id, group_id FROM ' . USERS_TABLE . '
3160	WHERE ' . $db->sql_in_set('user_id', $user_id_ary, false, true);
3161	$result = $db->sql_query($sql);
3162
3163	$groups = array();
3164	while ($row = $db->sql_fetchrow($result))
3165	{
3166	if (!isset($groups[$row['group_id']]))
3167	{
3168	$groups[$row['group_id']] = array();
3169	}
3170	$groups[$row['group_id']][] = $row['user_id'];
3171	}
3172	$db->sql_freeresult($result);
3173
3174	foreach ($groups as $gid => $uids)
3175	{
3176	remove_default_rank($gid, $uids);
3177	remove_default_avatar($gid, $uids);
3178	}
3179	group_set_user_default($group_id, $user_id_ary, $group_attributes);
3180	$log = 'LOG_GROUP_DEFAULTS';
3181	break;
3182	}
3183
3184	// Clear permissions cache of relevant users
3185	$auth->acl_clear_prefetch($user_id_ary);
3186
3187	add_log('admin', $log, $group_name, implode(', ', $username_ary));
3188
3189	group_update_listings($group_id);
3190
3191	return false;
3192	}
3193
3194	/**
3195	* A small version of validate_username to check for a group name's existence. To be called directly.
3196	*/
3197	function group_validate_groupname($group_id, $group_name)
3198	{
3199	global $config, $db;
3200
3201	$group_name = utf8_clean_string($group_name);
3202
3203	if (!empty($group_id))
3204	{
3205	$sql = 'SELECT group_name
3206	FROM ' . GROUPS_TABLE . '
3207	WHERE group_id = ' . (int) $group_id;
3208	$result = $db->sql_query($sql);
3209	$row = $db->sql_fetchrow($result);
3210	$db->sql_freeresult($result);
3211
3212	if (!$row)
3213	{
3214	return false;
3215	}
3216
3217	$allowed_groupname = utf8_clean_string($row['group_name']);
3218
3219	if ($allowed_groupname == $group_name)
3220	{
3221	return false;
3222	}
3223	}
3224
3225	$sql = 'SELECT group_name
3226	FROM ' . GROUPS_TABLE . "
3227	WHERE LOWER(group_name) = '" . $db->sql_escape(utf8_strtolower($group_name)) . "'";
3228	$result = $db->sql_query($sql);
3229	$row = $db->sql_fetchrow($result);
3230	$db->sql_freeresult($result);
3231
3232	if ($row)
3233	{
3234	return 'GROUP_NAME_TAKEN';
3235	}
3236
3237	return false;
3238	}
3239
3240	/**
3241	* Set users default group
3242	*
3243	* @access private
3244	*/
3245	function group_set_user_default($group_id, $user_id_ary, $group_attributes = false, $update_listing = false)
3246	{
3247	global $cache, $db;
3248
3249	if (empty($user_id_ary))
3250	{
3251	return;
3252	}
3253
3254	$attribute_ary = array(
3255	'group_colour' => 'string',
3256	'group_rank' => 'int',
3257	'group_avatar' => 'string',
3258	'group_avatar_type' => 'int',
3259	'group_avatar_width' => 'int',
3260	'group_avatar_height' => 'int',
3261	);
3262
3263	$sql_ary = array(
3264	'group_id' => $group_id
3265	);
3266
3267	// Were group attributes passed to the function? If not we need to obtain them
3268	if ($group_attributes === false)
3269	{
3270	$sql = 'SELECT ' . implode(', ', array_keys($attribute_ary)) . '
3271	FROM ' . GROUPS_TABLE . "
3272	WHERE group_id = $group_id";
3273	$result = $db->sql_query($sql);
3274	$group_attributes = $db->sql_fetchrow($result);
3275	$db->sql_freeresult($result);
3276	}
3277
3278	foreach ($attribute_ary as $attribute => $type)
3279	{
3280	if (isset($group_attributes[$attribute]))
3281	{
3282	// If we are about to set an avatar or rank, we will not overwrite with empty, unless we are not actually changing the default group
3283	if ((strpos($attribute, 'group_avatar') === 0 \|\| strpos($attribute, 'group_rank') === 0) && !$group_attributes[$attribute])
3284	{
3285	continue;
3286	}
3287
3288	settype($group_attributes[$attribute], $type);
3289	$sql_ary[str_replace('group_', 'user_', $attribute)] = $group_attributes[$attribute];
3290	}
3291	}
3292
3293	// Before we update the user attributes, we will make a list of those having now the group avatar assigned
3294	if (isset($sql_ary['user_avatar']))
3295	{
3296	// Ok, get the original avatar data from users having an uploaded one (we need to remove these from the filesystem)
3297	$sql = 'SELECT user_id, group_id, user_avatar
3298	FROM ' . USERS_TABLE . '
3299	WHERE ' . $db->sql_in_set('user_id', $user_id_ary) . '
3300	AND user_avatar_type = ' . AVATAR_UPLOAD;
3301	$result = $db->sql_query($sql);
3302
3303	while ($row = $db->sql_fetchrow($result))
3304	{
3305	avatar_delete('user', $row);
3306	}
3307	$db->sql_freeresult($result);
3308	}
3309	else
3310	{
3311	unset($sql_ary['user_avatar_type']);
3312	unset($sql_ary['user_avatar_height']);
3313	unset($sql_ary['user_avatar_width']);
3314	}
3315
3316	$sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
3317	WHERE ' . $db->sql_in_set('user_id', $user_id_ary);
3318	$db->sql_query($sql);
3319
3320	if (isset($sql_ary['user_colour']))
3321	{
3322	// Update any cached colour information for these users
3323	$sql = 'UPDATE ' . FORUMS_TABLE . " SET forum_last_poster_colour = '" . $db->sql_escape($sql_ary['user_colour']) . "'
3324	WHERE " . $db->sql_in_set('forum_last_poster_id', $user_id_ary);
3325	$db->sql_query($sql);
3326
3327	$sql = 'UPDATE ' . TOPICS_TABLE . " SET topic_first_poster_colour = '" . $db->sql_escape($sql_ary['user_colour']) . "'
3328	WHERE " . $db->sql_in_set('topic_poster', $user_id_ary);
3329	$db->sql_query($sql);
3330
3331	$sql = 'UPDATE ' . TOPICS_TABLE . " SET topic_last_poster_colour = '" . $db->sql_escape($sql_ary['user_colour']) . "'
3332	WHERE " . $db->sql_in_set('topic_last_poster_id', $user_id_ary);
3333	$db->sql_query($sql);
3334
3335	global $config;
3336
3337	if (in_array($config['newest_user_id'], $user_id_ary))
3338	{
3339	set_config('newest_user_colour', $sql_ary['user_colour'], true);
3340	}
3341	}
3342
3343	if ($update_listing)
3344	{
3345	group_update_listings($group_id);
3346	}
3347
3348	// Because some tables/caches use usercolour-specific data we need to purge this here.
3349	$cache->destroy('sql', MODERATOR_CACHE_TABLE);
3350	}
3351
3352	/**
3353	* Get group name
3354	*/
3355	function get_group_name($group_id)
3356	{
3357	global $db, $user;
3358
3359	$sql = 'SELECT group_name, group_type
3360	FROM ' . GROUPS_TABLE . '
3361	WHERE group_id = ' . (int) $group_id;
3362	$result = $db->sql_query($sql);
3363	$row = $db->sql_fetchrow($result);
3364	$db->sql_freeresult($result);
3365
3366	if (!$row \|\| ($row['group_type'] == GROUP_SPECIAL && empty($user->lang)))
3367	{
3368	return '';
3369	}
3370
3371	return ($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name'];
3372	}
3373
3374	/**
3375	* Obtain either the members of a specified group, the groups the specified user is subscribed to
3376	* or checking if a specified user is in a specified group. This function does not return pending memberships.
3377	*
3378	* Note: Never use this more than once... first group your users/groups
3379	*/
3380	function group_memberships($group_id_ary = false, $user_id_ary = false, $return_bool = false)
3381	{
3382	global $db;
3383
3384	if (!$group_id_ary && !$user_id_ary)
3385	{
3386	return true;
3387	}
3388
3389	if ($user_id_ary)
3390	{
3391	$user_id_ary = (!is_array($user_id_ary)) ? array($user_id_ary) : $user_id_ary;
3392	}
3393
3394	if ($group_id_ary)
3395	{
3396	$group_id_ary = (!is_array($group_id_ary)) ? array($group_id_ary) : $group_id_ary;
3397	}
3398
3399	$sql = 'SELECT ug.*, u.username, u.username_clean, u.user_email
3400	FROM ' . USER_GROUP_TABLE . ' ug, ' . USERS_TABLE . ' u
3401	WHERE ug.user_id = u.user_id
3402	AND ug.user_pending = 0 AND ';
3403
3404	if ($group_id_ary)
3405	{
3406	$sql .= ' ' . $db->sql_in_set('ug.group_id', $group_id_ary);
3407	}
3408
3409	if ($user_id_ary)
3410	{
3411	$sql .= ($group_id_ary) ? ' AND ' : ' ';
3412	$sql .= $db->sql_in_set('ug.user_id', $user_id_ary);
3413	}
3414
3415	$result = ($return_bool) ? $db->sql_query_limit($sql, 1) : $db->sql_query($sql);
3416
3417	$row = $db->sql_fetchrow($result);
3418
3419	if ($return_bool)
3420	{
3421	$db->sql_freeresult($result);
3422	return ($row) ? true : false;
3423	}
3424
3425	if (!$row)
3426	{
3427	return false;
3428	}
3429
3430	$return = array();
3431
3432	do
3433	{
3434	$return[] = $row;
3435	}
3436	while ($row = $db->sql_fetchrow($result));
3437
3438	$db->sql_freeresult($result);
3439
3440	return $return;
3441	}
3442
3443	/**
3444	* Re-cache moderators and foes if group has a_ or m_ permissions
3445	*/
3446	function group_update_listings($group_id)
3447	{
3448	global $auth;
3449
3450	$hold_ary = $auth->acl_group_raw_data($group_id, array('a_', 'm_'));
3451
3452	if (!sizeof($hold_ary))
3453	{
3454	return;
3455	}
3456
3457	$mod_permissions = $admin_permissions = false;
3458
3459	foreach ($hold_ary as $g_id => $forum_ary)
3460	{
3461	foreach ($forum_ary as $forum_id => $auth_ary)
3462	{
3463	foreach ($auth_ary as $auth_option => $setting)
3464	{
3465	if ($mod_permissions && $admin_permissions)
3466	{
3467	break 3;
3468	}
3469
3470	if ($setting != ACL_YES)
3471	{
3472	continue;
3473	}
3474
3475	if ($auth_option == 'm_')
3476	{
3477	$mod_permissions = true;
3478	}
3479
3480	if ($auth_option == 'a_')
3481	{
3482	$admin_permissions = true;
3483	}
3484	}
3485	}
3486	}
3487
3488	if ($mod_permissions)
3489	{
3490	if (!function_exists('cache_moderators'))
3491	{
3492	global $phpbb_root_path, $phpEx;
3493	include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
3494	}
3495	cache_moderators();
3496	}
3497
3498	if ($mod_permissions \|\| $admin_permissions)
3499	{
3500	if (!function_exists('update_foes'))
3501	{
3502	global $phpbb_root_path, $phpEx;
3503	include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
3504	}
3505	update_foes(array($group_id));
3506	}
3507	}
3508
3509
3510
3511	/**
3512	* Funtion to make a user leave the NEWLY_REGISTERED system group.
3513	* @access public
3514	* @param $user_id The id of the user to remove from the group
3515	*/
3516	function remove_newly_registered($user_id, $user_data = false)
3517	{
3518	global $db;
3519
3520	if ($user_data === false)
3521	{
3522	$sql = 'SELECT *
3523	FROM ' . USERS_TABLE . '
3524	WHERE user_id = ' . $user_id;
3525	$result = $db->sql_query($sql);
3526	$user_row = $db->sql_fetchrow($result);
3527	$db->sql_freeresult($result);
3528
3529	if (!$user_row)
3530	{
3531	return false;
3532	}
3533	else
3534	{
3535	$user_data = $user_row;
3536	}
3537	}
3538
3539	if (empty($user_data['user_new']))
3540	{
3541	return false;
3542	}
3543
3544	$sql = 'SELECT group_id
3545	FROM ' . GROUPS_TABLE . "
3546	WHERE group_name = 'NEWLY_REGISTERED'
3547	AND group_type = " . GROUP_SPECIAL;
3548	$result = $db->sql_query($sql);
3549	$group_id = (int) $db->sql_fetchfield('group_id');
3550	$db->sql_freeresult($result);
3551
3552	if (!$group_id)
3553	{
3554	return false;
3555	}
3556
3557	// We need to call group_user_del here, because this function makes sure everything is correctly changed.
3558	// A downside for a call within the session handler is that the language is not set up yet - so no log entry
3559	group_user_del($group_id, $user_id);
3560
3561	// Set user_new to 0 to let this not be triggered again
3562	$sql = 'UPDATE ' . USERS_TABLE . '
3563	SET user_new = 0
3564	WHERE user_id = ' . $user_id;
3565	$db->sql_query($sql);
3566
3567	// The new users group was the users default group?
3568	if ($user_data['group_id'] == $group_id)
3569	{
3570	// Which group is now the users default one?
3571	$sql = 'SELECT group_id
3572	FROM ' . USERS_TABLE . '
3573	WHERE user_id = ' . $user_id;
3574	$result = $db->sql_query($sql);
3575	$user_data['group_id'] = $db->sql_fetchfield('group_id');
3576	$db->sql_freeresult($result);
3577	}
3578
3579	return $user_data['group_id'];
3580	}
3581
3582	?>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: branches/posledni/forum/includes/functions_user.php

Download in other formats: