1 | <?php
|
---|
2 | /**
|
---|
3 | *
|
---|
4 | * @package phpBB3
|
---|
5 | * @version $Id$
|
---|
6 | * @copyright (c) 2005 phpBB Group
|
---|
7 | * @license http://opensource.org/licenses/gpl-license.php GNU Public License
|
---|
8 | *
|
---|
9 | */
|
---|
10 |
|
---|
11 | /**
|
---|
12 | * @ignore
|
---|
13 | */
|
---|
14 | if (!defined('IN_PHPBB'))
|
---|
15 | {
|
---|
16 | exit;
|
---|
17 | }
|
---|
18 |
|
---|
19 | /**
|
---|
20 | * Obtain user_ids from usernames or vice versa. Returns false on
|
---|
21 | * success else the error string
|
---|
22 | *
|
---|
23 | * @param array &$user_id_ary The user ids to check or empty if usernames used
|
---|
24 | * @param array &$username_ary The usernames to check or empty if user ids used
|
---|
25 | * @param mixed $user_type Array of user types to check, false if not restricting by user type
|
---|
26 | */
|
---|
27 | function user_get_id_name(&$user_id_ary, &$username_ary, $user_type = false)
|
---|
28 | {
|
---|
29 | global $db;
|
---|
30 |
|
---|
31 | // Are both arrays already filled? Yep, return else
|
---|
32 | // are neither array filled?
|
---|
33 | if ($user_id_ary && $username_ary)
|
---|
34 | {
|
---|
35 | return false;
|
---|
36 | }
|
---|
37 | else if (!$user_id_ary && !$username_ary)
|
---|
38 | {
|
---|
39 | return 'NO_USERS';
|
---|
40 | }
|
---|
41 |
|
---|
42 | $which_ary = ($user_id_ary) ? 'user_id_ary' : 'username_ary';
|
---|
43 |
|
---|
44 | if ($$which_ary && !is_array($$which_ary))
|
---|
45 | {
|
---|
46 | $$which_ary = array($$which_ary);
|
---|
47 | }
|
---|
48 |
|
---|
49 | $sql_in = ($which_ary == 'user_id_ary') ? array_map('intval', $$which_ary) : array_map('utf8_clean_string', $$which_ary);
|
---|
50 | unset($$which_ary);
|
---|
51 |
|
---|
52 | $user_id_ary = $username_ary = array();
|
---|
53 |
|
---|
54 | // Grab the user id/username records
|
---|
55 | $sql_where = ($which_ary == 'user_id_ary') ? 'user_id' : 'username_clean';
|
---|
56 | $sql = 'SELECT user_id, username
|
---|
57 | FROM ' . USERS_TABLE . '
|
---|
58 | WHERE ' . $db->sql_in_set($sql_where, $sql_in);
|
---|
59 |
|
---|
60 | if ($user_type !== false && !empty($user_type))
|
---|
61 | {
|
---|
62 | $sql .= ' AND ' . $db->sql_in_set('user_type', $user_type);
|
---|
63 | }
|
---|
64 |
|
---|
65 | $result = $db->sql_query($sql);
|
---|
66 |
|
---|
67 | if (!($row = $db->sql_fetchrow($result)))
|
---|
68 | {
|
---|
69 | $db->sql_freeresult($result);
|
---|
70 | return 'NO_USERS';
|
---|
71 | }
|
---|
72 |
|
---|
73 | do
|
---|
74 | {
|
---|
75 | $username_ary[$row['user_id']] = $row['username'];
|
---|
76 | $user_id_ary[] = $row['user_id'];
|
---|
77 | }
|
---|
78 | while ($row = $db->sql_fetchrow($result));
|
---|
79 | $db->sql_freeresult($result);
|
---|
80 |
|
---|
81 | return false;
|
---|
82 | }
|
---|
83 |
|
---|
84 | /**
|
---|
85 | * Get latest registered username and update database to reflect it
|
---|
86 | */
|
---|
87 | function update_last_username()
|
---|
88 | {
|
---|
89 | global $db;
|
---|
90 |
|
---|
91 | // Get latest username
|
---|
92 | $sql = 'SELECT user_id, username, user_colour
|
---|
93 | FROM ' . USERS_TABLE . '
|
---|
94 | WHERE user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')
|
---|
95 | ORDER BY user_id DESC';
|
---|
96 | $result = $db->sql_query_limit($sql, 1);
|
---|
97 | $row = $db->sql_fetchrow($result);
|
---|
98 | $db->sql_freeresult($result);
|
---|
99 |
|
---|
100 | if ($row)
|
---|
101 | {
|
---|
102 | set_config('newest_user_id', $row['user_id'], true);
|
---|
103 | set_config('newest_username', $row['username'], true);
|
---|
104 | set_config('newest_user_colour', $row['user_colour'], true);
|
---|
105 | }
|
---|
106 | }
|
---|
107 |
|
---|
108 | /**
|
---|
109 | * Updates a username across all relevant tables/fields
|
---|
110 | *
|
---|
111 | * @param string $old_name the old/current username
|
---|
112 | * @param string $new_name the new username
|
---|
113 | */
|
---|
114 | function user_update_name($old_name, $new_name)
|
---|
115 | {
|
---|
116 | global $config, $db, $cache;
|
---|
117 |
|
---|
118 | $update_ary = array(
|
---|
119 | FORUMS_TABLE => array('forum_last_poster_name'),
|
---|
120 | MODERATOR_CACHE_TABLE => array('username'),
|
---|
121 | POSTS_TABLE => array('post_username'),
|
---|
122 | TOPICS_TABLE => array('topic_first_poster_name', 'topic_last_poster_name'),
|
---|
123 | );
|
---|
124 |
|
---|
125 | foreach ($update_ary as $table => $field_ary)
|
---|
126 | {
|
---|
127 | foreach ($field_ary as $field)
|
---|
128 | {
|
---|
129 | $sql = "UPDATE $table
|
---|
130 | SET $field = '" . $db->sql_escape($new_name) . "'
|
---|
131 | WHERE $field = '" . $db->sql_escape($old_name) . "'";
|
---|
132 | $db->sql_query($sql);
|
---|
133 | }
|
---|
134 | }
|
---|
135 |
|
---|
136 | if ($config['newest_username'] == $old_name)
|
---|
137 | {
|
---|
138 | set_config('newest_username', $new_name, true);
|
---|
139 | }
|
---|
140 |
|
---|
141 | // Because some tables/caches use username-specific data we need to purge this here.
|
---|
142 | $cache->destroy('sql', MODERATOR_CACHE_TABLE);
|
---|
143 | }
|
---|
144 |
|
---|
145 | /**
|
---|
146 | * Adds an user
|
---|
147 | *
|
---|
148 | * @param mixed $user_row An array containing the following keys (and the appropriate values): username, group_id (the group to place the user in), user_email and the user_type(usually 0). Additional entries not overridden by defaults will be forwarded.
|
---|
149 | * @param string $cp_data custom profile fields, see custom_profile::build_insert_sql_array
|
---|
150 | * @return the new user's ID.
|
---|
151 | */
|
---|
152 | function user_add($user_row, $cp_data = false)
|
---|
153 | {
|
---|
154 | global $db, $user, $auth, $config, $phpbb_root_path, $phpEx;
|
---|
155 |
|
---|
156 | if (empty($user_row['username']) || !isset($user_row['group_id']) || !isset($user_row['user_email']) || !isset($user_row['user_type']))
|
---|
157 | {
|
---|
158 | return false;
|
---|
159 | }
|
---|
160 |
|
---|
161 | $username_clean = utf8_clean_string($user_row['username']);
|
---|
162 |
|
---|
163 | if (empty($username_clean))
|
---|
164 | {
|
---|
165 | return false;
|
---|
166 | }
|
---|
167 |
|
---|
168 | $sql_ary = array(
|
---|
169 | 'username' => $user_row['username'],
|
---|
170 | 'username_clean' => $username_clean,
|
---|
171 | 'user_password' => (isset($user_row['user_password'])) ? $user_row['user_password'] : '',
|
---|
172 | 'user_pass_convert' => 0,
|
---|
173 | 'user_email' => strtolower($user_row['user_email']),
|
---|
174 | 'user_email_hash' => phpbb_email_hash($user_row['user_email']),
|
---|
175 | 'group_id' => $user_row['group_id'],
|
---|
176 | 'user_type' => $user_row['user_type'],
|
---|
177 | );
|
---|
178 |
|
---|
179 | // These are the additional vars able to be specified
|
---|
180 | $additional_vars = array(
|
---|
181 | 'user_permissions' => '',
|
---|
182 | 'user_timezone' => $config['board_timezone'],
|
---|
183 | 'user_dateformat' => $config['default_dateformat'],
|
---|
184 | 'user_lang' => $config['default_lang'],
|
---|
185 | 'user_style' => (int) $config['default_style'],
|
---|
186 | 'user_actkey' => '',
|
---|
187 | 'user_ip' => '',
|
---|
188 | 'user_regdate' => time(),
|
---|
189 | 'user_passchg' => time(),
|
---|
190 | 'user_options' => 230271,
|
---|
191 | // We do not set the new flag here - registration scripts need to specify it
|
---|
192 | 'user_new' => 0,
|
---|
193 |
|
---|
194 | 'user_inactive_reason' => 0,
|
---|
195 | 'user_inactive_time' => 0,
|
---|
196 | 'user_lastmark' => time(),
|
---|
197 | 'user_lastvisit' => 0,
|
---|
198 | 'user_lastpost_time' => 0,
|
---|
199 | 'user_lastpage' => '',
|
---|
200 | 'user_posts' => 0,
|
---|
201 | 'user_dst' => (int) $config['board_dst'],
|
---|
202 | 'user_colour' => '',
|
---|
203 | 'user_occ' => '',
|
---|
204 | 'user_interests' => '',
|
---|
205 | 'user_avatar' => '',
|
---|
206 | 'user_avatar_type' => 0,
|
---|
207 | 'user_avatar_width' => 0,
|
---|
208 | 'user_avatar_height' => 0,
|
---|
209 | 'user_new_privmsg' => 0,
|
---|
210 | 'user_unread_privmsg' => 0,
|
---|
211 | 'user_last_privmsg' => 0,
|
---|
212 | 'user_message_rules' => 0,
|
---|
213 | 'user_full_folder' => PRIVMSGS_NO_BOX,
|
---|
214 | 'user_emailtime' => 0,
|
---|
215 |
|
---|
216 | 'user_notify' => 0,
|
---|
217 | 'user_notify_pm' => 1,
|
---|
218 | 'user_notify_type' => NOTIFY_EMAIL,
|
---|
219 | 'user_allow_pm' => 1,
|
---|
220 | 'user_allow_viewonline' => 1,
|
---|
221 | 'user_allow_viewemail' => 1,
|
---|
222 | 'user_allow_massemail' => 1,
|
---|
223 |
|
---|
224 | 'user_sig' => '',
|
---|
225 | 'user_sig_bbcode_uid' => '',
|
---|
226 | 'user_sig_bbcode_bitfield' => '',
|
---|
227 |
|
---|
228 | 'user_form_salt' => unique_id(),
|
---|
229 | );
|
---|
230 |
|
---|
231 | // Now fill the sql array with not required variables
|
---|
232 | foreach ($additional_vars as $key => $default_value)
|
---|
233 | {
|
---|
234 | $sql_ary[$key] = (isset($user_row[$key])) ? $user_row[$key] : $default_value;
|
---|
235 | }
|
---|
236 |
|
---|
237 | // Any additional variables in $user_row not covered above?
|
---|
238 | $remaining_vars = array_diff(array_keys($user_row), array_keys($sql_ary));
|
---|
239 |
|
---|
240 | // Now fill our sql array with the remaining vars
|
---|
241 | if (sizeof($remaining_vars))
|
---|
242 | {
|
---|
243 | foreach ($remaining_vars as $key)
|
---|
244 | {
|
---|
245 | $sql_ary[$key] = $user_row[$key];
|
---|
246 | }
|
---|
247 | }
|
---|
248 |
|
---|
249 | $sql = 'INSERT INTO ' . USERS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
|
---|
250 | $db->sql_query($sql);
|
---|
251 |
|
---|
252 | $user_id = $db->sql_nextid();
|
---|
253 |
|
---|
254 | // Insert Custom Profile Fields
|
---|
255 | if ($cp_data !== false && sizeof($cp_data))
|
---|
256 | {
|
---|
257 | $cp_data['user_id'] = (int) $user_id;
|
---|
258 |
|
---|
259 | if (!class_exists('custom_profile'))
|
---|
260 | {
|
---|
261 | include_once($phpbb_root_path . 'includes/functions_profile_fields.' . $phpEx);
|
---|
262 | }
|
---|
263 |
|
---|
264 | $sql = 'INSERT INTO ' . PROFILE_FIELDS_DATA_TABLE . ' ' .
|
---|
265 | $db->sql_build_array('INSERT', custom_profile::build_insert_sql_array($cp_data));
|
---|
266 | $db->sql_query($sql);
|
---|
267 | }
|
---|
268 |
|
---|
269 | // Place into appropriate group...
|
---|
270 | $sql = 'INSERT INTO ' . USER_GROUP_TABLE . ' ' . $db->sql_build_array('INSERT', array(
|
---|
271 | 'user_id' => (int) $user_id,
|
---|
272 | 'group_id' => (int) $user_row['group_id'],
|
---|
273 | 'user_pending' => 0)
|
---|
274 | );
|
---|
275 | $db->sql_query($sql);
|
---|
276 |
|
---|
277 | // Now make it the users default group...
|
---|
278 | group_set_user_default($user_row['group_id'], array($user_id), false);
|
---|
279 |
|
---|
280 | // Add to newly registered users group if user_new is 1
|
---|
281 | if ($config['new_member_post_limit'] && $sql_ary['user_new'])
|
---|
282 | {
|
---|
283 | $sql = 'SELECT group_id
|
---|
284 | FROM ' . GROUPS_TABLE . "
|
---|
285 | WHERE group_name = 'NEWLY_REGISTERED'
|
---|
286 | AND group_type = " . GROUP_SPECIAL;
|
---|
287 | $result = $db->sql_query($sql);
|
---|
288 | $add_group_id = (int) $db->sql_fetchfield('group_id');
|
---|
289 | $db->sql_freeresult($result);
|
---|
290 |
|
---|
291 | if ($add_group_id)
|
---|
292 | {
|
---|
293 | // Because these actions only fill the log unneccessarily we skip the add_log() entry with a little hack. :/
|
---|
294 | $GLOBALS['skip_add_log'] = true;
|
---|
295 |
|
---|
296 | // Add user to "newly registered users" group and set to default group if admin specified so.
|
---|
297 | if ($config['new_member_group_default'])
|
---|
298 | {
|
---|
299 | group_user_add($add_group_id, $user_id, false, false, true);
|
---|
300 | }
|
---|
301 | else
|
---|
302 | {
|
---|
303 | group_user_add($add_group_id, $user_id);
|
---|
304 | }
|
---|
305 |
|
---|
306 | unset($GLOBALS['skip_add_log']);
|
---|
307 | }
|
---|
308 | }
|
---|
309 |
|
---|
310 | // set the newest user and adjust the user count if the user is a normal user and no activation mail is sent
|
---|
311 | if ($user_row['user_type'] == USER_NORMAL || $user_row['user_type'] == USER_FOUNDER)
|
---|
312 | {
|
---|
313 | set_config('newest_user_id', $user_id, true);
|
---|
314 | set_config('newest_username', $user_row['username'], true);
|
---|
315 | set_config_count('num_users', 1, true);
|
---|
316 |
|
---|
317 | $sql = 'SELECT group_colour
|
---|
318 | FROM ' . GROUPS_TABLE . '
|
---|
319 | WHERE group_id = ' . (int) $user_row['group_id'];
|
---|
320 | $result = $db->sql_query_limit($sql, 1);
|
---|
321 | $row = $db->sql_fetchrow($result);
|
---|
322 | $db->sql_freeresult($result);
|
---|
323 |
|
---|
324 | set_config('newest_user_colour', $row['group_colour'], true);
|
---|
325 | }
|
---|
326 |
|
---|
327 | return $user_id;
|
---|
328 | }
|
---|
329 |
|
---|
330 | /**
|
---|
331 | * Remove User
|
---|
332 | */
|
---|
333 | function user_delete($mode, $user_id, $post_username = false)
|
---|
334 | {
|
---|
335 | global $cache, $config, $db, $user, $auth;
|
---|
336 | global $phpbb_root_path, $phpEx;
|
---|
337 |
|
---|
338 | $sql = 'SELECT *
|
---|
339 | FROM ' . USERS_TABLE . '
|
---|
340 | WHERE user_id = ' . $user_id;
|
---|
341 | $result = $db->sql_query($sql);
|
---|
342 | $user_row = $db->sql_fetchrow($result);
|
---|
343 | $db->sql_freeresult($result);
|
---|
344 |
|
---|
345 | if (!$user_row)
|
---|
346 | {
|
---|
347 | return false;
|
---|
348 | }
|
---|
349 |
|
---|
350 | // Before we begin, we will remove the reports the user issued.
|
---|
351 | $sql = 'SELECT r.post_id, p.topic_id
|
---|
352 | FROM ' . REPORTS_TABLE . ' r, ' . POSTS_TABLE . ' p
|
---|
353 | WHERE r.user_id = ' . $user_id . '
|
---|
354 | AND p.post_id = r.post_id';
|
---|
355 | $result = $db->sql_query($sql);
|
---|
356 |
|
---|
357 | $report_posts = $report_topics = array();
|
---|
358 | while ($row = $db->sql_fetchrow($result))
|
---|
359 | {
|
---|
360 | $report_posts[] = $row['post_id'];
|
---|
361 | $report_topics[] = $row['topic_id'];
|
---|
362 | }
|
---|
363 | $db->sql_freeresult($result);
|
---|
364 |
|
---|
365 | if (sizeof($report_posts))
|
---|
366 | {
|
---|
367 | $report_posts = array_unique($report_posts);
|
---|
368 | $report_topics = array_unique($report_topics);
|
---|
369 |
|
---|
370 | // Get a list of topics that still contain reported posts
|
---|
371 | $sql = 'SELECT DISTINCT topic_id
|
---|
372 | FROM ' . POSTS_TABLE . '
|
---|
373 | WHERE ' . $db->sql_in_set('topic_id', $report_topics) . '
|
---|
374 | AND post_reported = 1
|
---|
375 | AND ' . $db->sql_in_set('post_id', $report_posts, true);
|
---|
376 | $result = $db->sql_query($sql);
|
---|
377 |
|
---|
378 | $keep_report_topics = array();
|
---|
379 | while ($row = $db->sql_fetchrow($result))
|
---|
380 | {
|
---|
381 | $keep_report_topics[] = $row['topic_id'];
|
---|
382 | }
|
---|
383 | $db->sql_freeresult($result);
|
---|
384 |
|
---|
385 | if (sizeof($keep_report_topics))
|
---|
386 | {
|
---|
387 | $report_topics = array_diff($report_topics, $keep_report_topics);
|
---|
388 | }
|
---|
389 | unset($keep_report_topics);
|
---|
390 |
|
---|
391 | // Now set the flags back
|
---|
392 | $sql = 'UPDATE ' . POSTS_TABLE . '
|
---|
393 | SET post_reported = 0
|
---|
394 | WHERE ' . $db->sql_in_set('post_id', $report_posts);
|
---|
395 | $db->sql_query($sql);
|
---|
396 |
|
---|
397 | if (sizeof($report_topics))
|
---|
398 | {
|
---|
399 | $sql = 'UPDATE ' . TOPICS_TABLE . '
|
---|
400 | SET topic_reported = 0
|
---|
401 | WHERE ' . $db->sql_in_set('topic_id', $report_topics);
|
---|
402 | $db->sql_query($sql);
|
---|
403 | }
|
---|
404 | }
|
---|
405 |
|
---|
406 | // Remove reports
|
---|
407 | $db->sql_query('DELETE FROM ' . REPORTS_TABLE . ' WHERE user_id = ' . $user_id);
|
---|
408 |
|
---|
409 | if ($user_row['user_avatar'] && $user_row['user_avatar_type'] == AVATAR_UPLOAD)
|
---|
410 | {
|
---|
411 | avatar_delete('user', $user_row);
|
---|
412 | }
|
---|
413 |
|
---|
414 | switch ($mode)
|
---|
415 | {
|
---|
416 | case 'retain':
|
---|
417 |
|
---|
418 | $db->sql_transaction('begin');
|
---|
419 |
|
---|
420 | if ($post_username === false)
|
---|
421 | {
|
---|
422 | $post_username = $user->lang['GUEST'];
|
---|
423 | }
|
---|
424 |
|
---|
425 | // If the user is inactive and newly registered we assume no posts from this user being there...
|
---|
426 | if ($user_row['user_type'] == USER_INACTIVE && $user_row['user_inactive_reason'] == INACTIVE_REGISTER && !$user_row['user_posts'])
|
---|
427 | {
|
---|
428 | }
|
---|
429 | else
|
---|
430 | {
|
---|
431 | $sql = 'UPDATE ' . FORUMS_TABLE . '
|
---|
432 | SET forum_last_poster_id = ' . ANONYMOUS . ", forum_last_poster_name = '" . $db->sql_escape($post_username) . "', forum_last_poster_colour = ''
|
---|
433 | WHERE forum_last_poster_id = $user_id";
|
---|
434 | $db->sql_query($sql);
|
---|
435 |
|
---|
436 | $sql = 'UPDATE ' . POSTS_TABLE . '
|
---|
437 | SET poster_id = ' . ANONYMOUS . ", post_username = '" . $db->sql_escape($post_username) . "'
|
---|
438 | WHERE poster_id = $user_id";
|
---|
439 | $db->sql_query($sql);
|
---|
440 |
|
---|
441 | $sql = 'UPDATE ' . POSTS_TABLE . '
|
---|
442 | SET post_edit_user = ' . ANONYMOUS . "
|
---|
443 | WHERE post_edit_user = $user_id";
|
---|
444 | $db->sql_query($sql);
|
---|
445 |
|
---|
446 | $sql = 'UPDATE ' . TOPICS_TABLE . '
|
---|
447 | SET topic_poster = ' . ANONYMOUS . ", topic_first_poster_name = '" . $db->sql_escape($post_username) . "', topic_first_poster_colour = ''
|
---|
448 | WHERE topic_poster = $user_id";
|
---|
449 | $db->sql_query($sql);
|
---|
450 |
|
---|
451 | $sql = 'UPDATE ' . TOPICS_TABLE . '
|
---|
452 | SET topic_last_poster_id = ' . ANONYMOUS . ", topic_last_poster_name = '" . $db->sql_escape($post_username) . "', topic_last_poster_colour = ''
|
---|
453 | WHERE topic_last_poster_id = $user_id";
|
---|
454 | $db->sql_query($sql);
|
---|
455 |
|
---|
456 | $sql = 'UPDATE ' . ATTACHMENTS_TABLE . '
|
---|
457 | SET poster_id = ' . ANONYMOUS . "
|
---|
458 | WHERE poster_id = $user_id";
|
---|
459 | $db->sql_query($sql);
|
---|
460 |
|
---|
461 | // Since we change every post by this author, we need to count this amount towards the anonymous user
|
---|
462 |
|
---|
463 | // Update the post count for the anonymous user
|
---|
464 | if ($user_row['user_posts'])
|
---|
465 | {
|
---|
466 | $sql = 'UPDATE ' . USERS_TABLE . '
|
---|
467 | SET user_posts = user_posts + ' . $user_row['user_posts'] . '
|
---|
468 | WHERE user_id = ' . ANONYMOUS;
|
---|
469 | $db->sql_query($sql);
|
---|
470 | }
|
---|
471 | }
|
---|
472 |
|
---|
473 | $db->sql_transaction('commit');
|
---|
474 |
|
---|
475 | break;
|
---|
476 |
|
---|
477 | case 'remove':
|
---|
478 |
|
---|
479 | if (!function_exists('delete_posts'))
|
---|
480 | {
|
---|
481 | include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
|
---|
482 | }
|
---|
483 |
|
---|
484 | $sql = 'SELECT topic_id, COUNT(post_id) AS total_posts
|
---|
485 | FROM ' . POSTS_TABLE . "
|
---|
486 | WHERE poster_id = $user_id
|
---|
487 | GROUP BY topic_id";
|
---|
488 | $result = $db->sql_query($sql);
|
---|
489 |
|
---|
490 | $topic_id_ary = array();
|
---|
491 | while ($row = $db->sql_fetchrow($result))
|
---|
492 | {
|
---|
493 | $topic_id_ary[$row['topic_id']] = $row['total_posts'];
|
---|
494 | }
|
---|
495 | $db->sql_freeresult($result);
|
---|
496 |
|
---|
497 | if (sizeof($topic_id_ary))
|
---|
498 | {
|
---|
499 | $sql = 'SELECT topic_id, topic_replies, topic_replies_real
|
---|
500 | FROM ' . TOPICS_TABLE . '
|
---|
501 | WHERE ' . $db->sql_in_set('topic_id', array_keys($topic_id_ary));
|
---|
502 | $result = $db->sql_query($sql);
|
---|
503 |
|
---|
504 | $del_topic_ary = array();
|
---|
505 | while ($row = $db->sql_fetchrow($result))
|
---|
506 | {
|
---|
507 | if (max($row['topic_replies'], $row['topic_replies_real']) + 1 == $topic_id_ary[$row['topic_id']])
|
---|
508 | {
|
---|
509 | $del_topic_ary[] = $row['topic_id'];
|
---|
510 | }
|
---|
511 | }
|
---|
512 | $db->sql_freeresult($result);
|
---|
513 |
|
---|
514 | if (sizeof($del_topic_ary))
|
---|
515 | {
|
---|
516 | $sql = 'DELETE FROM ' . TOPICS_TABLE . '
|
---|
517 | WHERE ' . $db->sql_in_set('topic_id', $del_topic_ary);
|
---|
518 | $db->sql_query($sql);
|
---|
519 | }
|
---|
520 | }
|
---|
521 |
|
---|
522 | // Delete posts, attachments, etc.
|
---|
523 | delete_posts('poster_id', $user_id);
|
---|
524 |
|
---|
525 | break;
|
---|
526 | }
|
---|
527 |
|
---|
528 | $db->sql_transaction('begin');
|
---|
529 |
|
---|
530 | $table_ary = array(USERS_TABLE, USER_GROUP_TABLE, TOPICS_WATCH_TABLE, FORUMS_WATCH_TABLE, ACL_USERS_TABLE, TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, FORUMS_TRACK_TABLE, PROFILE_FIELDS_DATA_TABLE, MODERATOR_CACHE_TABLE, DRAFTS_TABLE, BOOKMARKS_TABLE, SESSIONS_KEYS_TABLE);
|
---|
531 |
|
---|
532 | foreach ($table_ary as $table)
|
---|
533 | {
|
---|
534 | $sql = "DELETE FROM $table
|
---|
535 | WHERE user_id = $user_id";
|
---|
536 | $db->sql_query($sql);
|
---|
537 | }
|
---|
538 |
|
---|
539 | $cache->destroy('sql', MODERATOR_CACHE_TABLE);
|
---|
540 |
|
---|
541 | // Delete user log entries about this user
|
---|
542 | $sql = 'DELETE FROM ' . LOG_TABLE . '
|
---|
543 | WHERE reportee_id = ' . $user_id;
|
---|
544 | $db->sql_query($sql);
|
---|
545 |
|
---|
546 | // Change user_id to anonymous for this users triggered events
|
---|
547 | $sql = 'UPDATE ' . LOG_TABLE . '
|
---|
548 | SET user_id = ' . ANONYMOUS . '
|
---|
549 | WHERE user_id = ' . $user_id;
|
---|
550 | $db->sql_query($sql);
|
---|
551 |
|
---|
552 | // Delete the user_id from the zebra table
|
---|
553 | $sql = 'DELETE FROM ' . ZEBRA_TABLE . '
|
---|
554 | WHERE user_id = ' . $user_id . '
|
---|
555 | OR zebra_id = ' . $user_id;
|
---|
556 | $db->sql_query($sql);
|
---|
557 |
|
---|
558 | // Delete the user_id from the banlist
|
---|
559 | $sql = 'DELETE FROM ' . BANLIST_TABLE . '
|
---|
560 | WHERE ban_userid = ' . $user_id;
|
---|
561 | $db->sql_query($sql);
|
---|
562 |
|
---|
563 | // Delete the user_id from the session table
|
---|
564 | $sql = 'DELETE FROM ' . SESSIONS_TABLE . '
|
---|
565 | WHERE session_user_id = ' . $user_id;
|
---|
566 | $db->sql_query($sql);
|
---|
567 |
|
---|
568 | // Remove any undelivered mails...
|
---|
569 | $sql = 'SELECT msg_id, user_id
|
---|
570 | FROM ' . PRIVMSGS_TO_TABLE . '
|
---|
571 | WHERE author_id = ' . $user_id . '
|
---|
572 | AND folder_id = ' . PRIVMSGS_NO_BOX;
|
---|
573 | $result = $db->sql_query($sql);
|
---|
574 |
|
---|
575 | $undelivered_msg = $undelivered_user = array();
|
---|
576 | while ($row = $db->sql_fetchrow($result))
|
---|
577 | {
|
---|
578 | $undelivered_msg[] = $row['msg_id'];
|
---|
579 | $undelivered_user[$row['user_id']][] = true;
|
---|
580 | }
|
---|
581 | $db->sql_freeresult($result);
|
---|
582 |
|
---|
583 | if (sizeof($undelivered_msg))
|
---|
584 | {
|
---|
585 | $sql = 'DELETE FROM ' . PRIVMSGS_TABLE . '
|
---|
586 | WHERE ' . $db->sql_in_set('msg_id', $undelivered_msg);
|
---|
587 | $db->sql_query($sql);
|
---|
588 | }
|
---|
589 |
|
---|
590 | $sql = 'DELETE FROM ' . PRIVMSGS_TO_TABLE . '
|
---|
591 | WHERE author_id = ' . $user_id . '
|
---|
592 | AND folder_id = ' . PRIVMSGS_NO_BOX;
|
---|
593 | $db->sql_query($sql);
|
---|
594 |
|
---|
595 | // Delete all to-information
|
---|
596 | $sql = 'DELETE FROM ' . PRIVMSGS_TO_TABLE . '
|
---|
597 | WHERE user_id = ' . $user_id;
|
---|
598 | $db->sql_query($sql);
|
---|
599 |
|
---|
600 | // Set the remaining author id to anonymous - this way users are still able to read messages from users being removed
|
---|
601 | $sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . '
|
---|
602 | SET author_id = ' . ANONYMOUS . '
|
---|
603 | WHERE author_id = ' . $user_id;
|
---|
604 | $db->sql_query($sql);
|
---|
605 |
|
---|
606 | $sql = 'UPDATE ' . PRIVMSGS_TABLE . '
|
---|
607 | SET author_id = ' . ANONYMOUS . '
|
---|
608 | WHERE author_id = ' . $user_id;
|
---|
609 | $db->sql_query($sql);
|
---|
610 |
|
---|
611 | foreach ($undelivered_user as $_user_id => $ary)
|
---|
612 | {
|
---|
613 | if ($_user_id == $user_id)
|
---|
614 | {
|
---|
615 | continue;
|
---|
616 | }
|
---|
617 |
|
---|
618 | $sql = 'UPDATE ' . USERS_TABLE . '
|
---|
619 | SET user_new_privmsg = user_new_privmsg - ' . sizeof($ary) . ',
|
---|
620 | user_unread_privmsg = user_unread_privmsg - ' . sizeof($ary) . '
|
---|
621 | WHERE user_id = ' . $_user_id;
|
---|
622 | $db->sql_query($sql);
|
---|
623 | }
|
---|
624 |
|
---|
625 | $db->sql_transaction('commit');
|
---|
626 |
|
---|
627 | // Reset newest user info if appropriate
|
---|
628 | if ($config['newest_user_id'] == $user_id)
|
---|
629 | {
|
---|
630 | update_last_username();
|
---|
631 | }
|
---|
632 |
|
---|
633 | // Decrement number of users if this user is active
|
---|
634 | if ($user_row['user_type'] != USER_INACTIVE && $user_row['user_type'] != USER_IGNORE)
|
---|
635 | {
|
---|
636 | set_config_count('num_users', -1, true);
|
---|
637 | }
|
---|
638 |
|
---|
639 | return false;
|
---|
640 | }
|
---|
641 |
|
---|
642 | /**
|
---|
643 | * Flips user_type from active to inactive and vice versa, handles group membership updates
|
---|
644 | *
|
---|
645 | * @param string $mode can be flip for flipping from active/inactive, activate or deactivate
|
---|
646 | */
|
---|
647 | function user_active_flip($mode, $user_id_ary, $reason = INACTIVE_MANUAL)
|
---|
648 | {
|
---|
649 | global $config, $db, $user, $auth;
|
---|
650 |
|
---|
651 | $deactivated = $activated = 0;
|
---|
652 | $sql_statements = array();
|
---|
653 |
|
---|
654 | if (!is_array($user_id_ary))
|
---|
655 | {
|
---|
656 | $user_id_ary = array($user_id_ary);
|
---|
657 | }
|
---|
658 |
|
---|
659 | if (!sizeof($user_id_ary))
|
---|
660 | {
|
---|
661 | return;
|
---|
662 | }
|
---|
663 |
|
---|
664 | $sql = 'SELECT user_id, group_id, user_type, user_inactive_reason
|
---|
665 | FROM ' . USERS_TABLE . '
|
---|
666 | WHERE ' . $db->sql_in_set('user_id', $user_id_ary);
|
---|
667 | $result = $db->sql_query($sql);
|
---|
668 |
|
---|
669 | while ($row = $db->sql_fetchrow($result))
|
---|
670 | {
|
---|
671 | $sql_ary = array();
|
---|
672 |
|
---|
673 | if ($row['user_type'] == USER_IGNORE || $row['user_type'] == USER_FOUNDER ||
|
---|
674 | ($mode == 'activate' && $row['user_type'] != USER_INACTIVE) ||
|
---|
675 | ($mode == 'deactivate' && $row['user_type'] == USER_INACTIVE))
|
---|
676 | {
|
---|
677 | continue;
|
---|
678 | }
|
---|
679 |
|
---|
680 | if ($row['user_type'] == USER_INACTIVE)
|
---|
681 | {
|
---|
682 | $activated++;
|
---|
683 | }
|
---|
684 | else
|
---|
685 | {
|
---|
686 | $deactivated++;
|
---|
687 |
|
---|
688 | // Remove the users session key...
|
---|
689 | $user->reset_login_keys($row['user_id']);
|
---|
690 | }
|
---|
691 |
|
---|
692 | $sql_ary += array(
|
---|
693 | 'user_type' => ($row['user_type'] == USER_NORMAL) ? USER_INACTIVE : USER_NORMAL,
|
---|
694 | 'user_inactive_time' => ($row['user_type'] == USER_NORMAL) ? time() : 0,
|
---|
695 | 'user_inactive_reason' => ($row['user_type'] == USER_NORMAL) ? $reason : 0,
|
---|
696 | );
|
---|
697 |
|
---|
698 | $sql_statements[$row['user_id']] = $sql_ary;
|
---|
699 | }
|
---|
700 | $db->sql_freeresult($result);
|
---|
701 |
|
---|
702 | if (sizeof($sql_statements))
|
---|
703 | {
|
---|
704 | foreach ($sql_statements as $user_id => $sql_ary)
|
---|
705 | {
|
---|
706 | $sql = 'UPDATE ' . USERS_TABLE . '
|
---|
707 | SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
|
---|
708 | WHERE user_id = ' . $user_id;
|
---|
709 | $db->sql_query($sql);
|
---|
710 | }
|
---|
711 |
|
---|
712 | $auth->acl_clear_prefetch(array_keys($sql_statements));
|
---|
713 | }
|
---|
714 |
|
---|
715 | if ($deactivated)
|
---|
716 | {
|
---|
717 | set_config_count('num_users', $deactivated * (-1), true);
|
---|
718 | }
|
---|
719 |
|
---|
720 | if ($activated)
|
---|
721 | {
|
---|
722 | set_config_count('num_users', $activated, true);
|
---|
723 | }
|
---|
724 |
|
---|
725 | // Update latest username
|
---|
726 | update_last_username();
|
---|
727 | }
|
---|
728 |
|
---|
729 | /**
|
---|
730 | * Add a ban or ban exclusion to the banlist. Bans either a user, an IP or an email address
|
---|
731 | *
|
---|
732 | * @param string $mode Type of ban. One of the following: user, ip, email
|
---|
733 | * @param mixed $ban Banned entity. Either string or array with usernames, ips or email addresses
|
---|
734 | * @param int $ban_len Ban length in minutes
|
---|
735 | * @param string $ban_len_other Ban length as a date (YYYY-MM-DD)
|
---|
736 | * @param boolean $ban_exclude Exclude these entities from banning?
|
---|
737 | * @param string $ban_reason String describing the reason for this ban
|
---|
738 | * @return boolean
|
---|
739 | */
|
---|
740 | function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reason, $ban_give_reason = '')
|
---|
741 | {
|
---|
742 | global $db, $user, $auth, $cache;
|
---|
743 |
|
---|
744 | // Delete stale bans
|
---|
745 | $sql = 'DELETE FROM ' . BANLIST_TABLE . '
|
---|
746 | WHERE ban_end < ' . time() . '
|
---|
747 | AND ban_end <> 0';
|
---|
748 | $db->sql_query($sql);
|
---|
749 |
|
---|
750 | $ban_list = (!is_array($ban)) ? array_unique(explode("\n", $ban)) : $ban;
|
---|
751 | $ban_list_log = implode(', ', $ban_list);
|
---|
752 |
|
---|
753 | $current_time = time();
|
---|
754 |
|
---|
755 | // Set $ban_end to the unix time when the ban should end. 0 is a permanent ban.
|
---|
756 | if ($ban_len)
|
---|
757 | {
|
---|
758 | if ($ban_len != -1 || !$ban_len_other)
|
---|
759 | {
|
---|
760 | $ban_end = max($current_time, $current_time + ($ban_len) * 60);
|
---|
761 | }
|
---|
762 | else
|
---|
763 | {
|
---|
764 | $ban_other = explode('-', $ban_len_other);
|
---|
765 | if (sizeof($ban_other) == 3 && ((int)$ban_other[0] < 9999) &&
|
---|
766 | (strlen($ban_other[0]) == 4) && (strlen($ban_other[1]) == 2) && (strlen($ban_other[2]) == 2))
|
---|
767 | {
|
---|
768 | $ban_end = max($current_time, gmmktime(0, 0, 0, (int)$ban_other[1], (int)$ban_other[2], (int)$ban_other[0]));
|
---|
769 | }
|
---|
770 | else
|
---|
771 | {
|
---|
772 | trigger_error('LENGTH_BAN_INVALID');
|
---|
773 | }
|
---|
774 | }
|
---|
775 | }
|
---|
776 | else
|
---|
777 | {
|
---|
778 | $ban_end = 0;
|
---|
779 | }
|
---|
780 |
|
---|
781 | $founder = $founder_names = array();
|
---|
782 |
|
---|
783 | if (!$ban_exclude)
|
---|
784 | {
|
---|
785 | // Create a list of founder...
|
---|
786 | $sql = 'SELECT user_id, user_email, username_clean
|
---|
787 | FROM ' . USERS_TABLE . '
|
---|
788 | WHERE user_type = ' . USER_FOUNDER;
|
---|
789 | $result = $db->sql_query($sql);
|
---|
790 |
|
---|
791 | while ($row = $db->sql_fetchrow($result))
|
---|
792 | {
|
---|
793 | $founder[$row['user_id']] = $row['user_email'];
|
---|
794 | $founder_names[$row['user_id']] = $row['username_clean'];
|
---|
795 | }
|
---|
796 | $db->sql_freeresult($result);
|
---|
797 | }
|
---|
798 |
|
---|
799 | $banlist_ary = array();
|
---|
800 |
|
---|
801 | switch ($mode)
|
---|
802 | {
|
---|
803 | case 'user':
|
---|
804 | $type = 'ban_userid';
|
---|
805 |
|
---|
806 | // At the moment we do not support wildcard username banning
|
---|
807 |
|
---|
808 | // Select the relevant user_ids.
|
---|
809 | $sql_usernames = array();
|
---|
810 |
|
---|
811 | foreach ($ban_list as $username)
|
---|
812 | {
|
---|
813 | $username = trim($username);
|
---|
814 | if ($username != '')
|
---|
815 | {
|
---|
816 | $clean_name = utf8_clean_string($username);
|
---|
817 | if ($clean_name == $user->data['username_clean'])
|
---|
818 | {
|
---|
819 | trigger_error('CANNOT_BAN_YOURSELF', E_USER_WARNING);
|
---|
820 | }
|
---|
821 | if (in_array($clean_name, $founder_names))
|
---|
822 | {
|
---|
823 | trigger_error('CANNOT_BAN_FOUNDER', E_USER_WARNING);
|
---|
824 | }
|
---|
825 | $sql_usernames[] = $clean_name;
|
---|
826 | }
|
---|
827 | }
|
---|
828 |
|
---|
829 | // Make sure we have been given someone to ban
|
---|
830 | if (!sizeof($sql_usernames))
|
---|
831 | {
|
---|
832 | trigger_error('NO_USER_SPECIFIED');
|
---|
833 | }
|
---|
834 |
|
---|
835 | $sql = 'SELECT user_id
|
---|
836 | FROM ' . USERS_TABLE . '
|
---|
837 | WHERE ' . $db->sql_in_set('username_clean', $sql_usernames);
|
---|
838 |
|
---|
839 | // Do not allow banning yourself
|
---|
840 | if (sizeof($founder))
|
---|
841 | {
|
---|
842 | $sql .= ' AND ' . $db->sql_in_set('user_id', array_merge(array_keys($founder), array($user->data['user_id'])), true);
|
---|
843 | }
|
---|
844 | else
|
---|
845 | {
|
---|
846 | $sql .= ' AND user_id <> ' . $user->data['user_id'];
|
---|
847 | }
|
---|
848 |
|
---|
849 | $result = $db->sql_query($sql);
|
---|
850 |
|
---|
851 | if ($row = $db->sql_fetchrow($result))
|
---|
852 | {
|
---|
853 | do
|
---|
854 | {
|
---|
855 | $banlist_ary[] = (int) $row['user_id'];
|
---|
856 | }
|
---|
857 | while ($row = $db->sql_fetchrow($result));
|
---|
858 | }
|
---|
859 | else
|
---|
860 | {
|
---|
861 | $db->sql_freeresult($result);
|
---|
862 | trigger_error('NO_USERS');
|
---|
863 | }
|
---|
864 | $db->sql_freeresult($result);
|
---|
865 | break;
|
---|
866 |
|
---|
867 | case 'ip':
|
---|
868 | $type = 'ban_ip';
|
---|
869 |
|
---|
870 | foreach ($ban_list as $ban_item)
|
---|
871 | {
|
---|
872 | if (preg_match('#^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})[ ]*\-[ ]*([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$#', trim($ban_item), $ip_range_explode))
|
---|
873 | {
|
---|
874 | // This is an IP range
|
---|
875 | // Don't ask about all this, just don't ask ... !
|
---|
876 | $ip_1_counter = $ip_range_explode[1];
|
---|
877 | $ip_1_end = $ip_range_explode[5];
|
---|
878 |
|
---|
879 | while ($ip_1_counter <= $ip_1_end)
|
---|
880 | {
|
---|
881 | $ip_2_counter = ($ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[2] : 0;
|
---|
882 | $ip_2_end = ($ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[6];
|
---|
883 |
|
---|
884 | if ($ip_2_counter == 0 && $ip_2_end == 254)
|
---|
885 | {
|
---|
886 | $ip_2_counter = 256;
|
---|
887 | $ip_2_fragment = 256;
|
---|
888 |
|
---|
889 | $banlist_ary[] = "$ip_1_counter.*";
|
---|
890 | }
|
---|
891 |
|
---|
892 | while ($ip_2_counter <= $ip_2_end)
|
---|
893 | {
|
---|
894 | $ip_3_counter = ($ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[3] : 0;
|
---|
895 | $ip_3_end = ($ip_2_counter < $ip_2_end || $ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[7];
|
---|
896 |
|
---|
897 | if ($ip_3_counter == 0 && $ip_3_end == 254)
|
---|
898 | {
|
---|
899 | $ip_3_counter = 256;
|
---|
900 | $ip_3_fragment = 256;
|
---|
901 |
|
---|
902 | $banlist_ary[] = "$ip_1_counter.$ip_2_counter.*";
|
---|
903 | }
|
---|
904 |
|
---|
905 | while ($ip_3_counter <= $ip_3_end)
|
---|
906 | {
|
---|
907 | $ip_4_counter = ($ip_3_counter == $ip_range_explode[3] && $ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[4] : 0;
|
---|
908 | $ip_4_end = ($ip_3_counter < $ip_3_end || $ip_2_counter < $ip_2_end) ? 254 : $ip_range_explode[8];
|
---|
909 |
|
---|
910 | if ($ip_4_counter == 0 && $ip_4_end == 254)
|
---|
911 | {
|
---|
912 | $ip_4_counter = 256;
|
---|
913 | $ip_4_fragment = 256;
|
---|
914 |
|
---|
915 | $banlist_ary[] = "$ip_1_counter.$ip_2_counter.$ip_3_counter.*";
|
---|
916 | }
|
---|
917 |
|
---|
918 | while ($ip_4_counter <= $ip_4_end)
|
---|
919 | {
|
---|
920 | $banlist_ary[] = "$ip_1_counter.$ip_2_counter.$ip_3_counter.$ip_4_counter";
|
---|
921 | $ip_4_counter++;
|
---|
922 | }
|
---|
923 | $ip_3_counter++;
|
---|
924 | }
|
---|
925 | $ip_2_counter++;
|
---|
926 | }
|
---|
927 | $ip_1_counter++;
|
---|
928 | }
|
---|
929 | }
|
---|
930 | else if (preg_match('#^([0-9]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})$#', trim($ban_item)) || preg_match('#^[a-f0-9:]+\*?$#i', trim($ban_item)))
|
---|
931 | {
|
---|
932 | // Normal IP address
|
---|
933 | $banlist_ary[] = trim($ban_item);
|
---|
934 | }
|
---|
935 | else if (preg_match('#^\*$#', trim($ban_item)))
|
---|
936 | {
|
---|
937 | // Ban all IPs
|
---|
938 | $banlist_ary[] = '*';
|
---|
939 | }
|
---|
940 | else if (preg_match('#^([\w\-_]\.?){2,}$#is', trim($ban_item)))
|
---|
941 | {
|
---|
942 | // hostname
|
---|
943 | $ip_ary = gethostbynamel(trim($ban_item));
|
---|
944 |
|
---|
945 | if (!empty($ip_ary))
|
---|
946 | {
|
---|
947 | foreach ($ip_ary as $ip)
|
---|
948 | {
|
---|
949 | if ($ip)
|
---|
950 | {
|
---|
951 | if (strlen($ip) > 40)
|
---|
952 | {
|
---|
953 | continue;
|
---|
954 | }
|
---|
955 |
|
---|
956 | $banlist_ary[] = $ip;
|
---|
957 | }
|
---|
958 | }
|
---|
959 | }
|
---|
960 | }
|
---|
961 |
|
---|
962 | if (empty($banlist_ary))
|
---|
963 | {
|
---|
964 | trigger_error('NO_IPS_DEFINED');
|
---|
965 | }
|
---|
966 | }
|
---|
967 | break;
|
---|
968 |
|
---|
969 | case 'email':
|
---|
970 | $type = 'ban_email';
|
---|
971 |
|
---|
972 | foreach ($ban_list as $ban_item)
|
---|
973 | {
|
---|
974 | $ban_item = trim($ban_item);
|
---|
975 |
|
---|
976 | if (preg_match('#^.*?@*|(([a-z0-9\-]+\.)+([a-z]{2,3}))$#i', $ban_item))
|
---|
977 | {
|
---|
978 | if (strlen($ban_item) > 100)
|
---|
979 | {
|
---|
980 | continue;
|
---|
981 | }
|
---|
982 |
|
---|
983 | if (!sizeof($founder) || !in_array($ban_item, $founder))
|
---|
984 | {
|
---|
985 | $banlist_ary[] = $ban_item;
|
---|
986 | }
|
---|
987 | }
|
---|
988 | }
|
---|
989 |
|
---|
990 | if (sizeof($ban_list) == 0)
|
---|
991 | {
|
---|
992 | trigger_error('NO_EMAILS_DEFINED');
|
---|
993 | }
|
---|
994 | break;
|
---|
995 |
|
---|
996 | default:
|
---|
997 | trigger_error('NO_MODE');
|
---|
998 | break;
|
---|
999 | }
|
---|
1000 |
|
---|
1001 | // Fetch currently set bans of the specified type and exclude state. Prevent duplicate bans.
|
---|
1002 | $sql_where = ($type == 'ban_userid') ? 'ban_userid <> 0' : "$type <> ''";
|
---|
1003 |
|
---|
1004 | $sql = "SELECT $type
|
---|
1005 | FROM " . BANLIST_TABLE . "
|
---|
1006 | WHERE $sql_where
|
---|
1007 | AND ban_exclude = " . (int) $ban_exclude;
|
---|
1008 | $result = $db->sql_query($sql);
|
---|
1009 |
|
---|
1010 | // Reset $sql_where, because we use it later...
|
---|
1011 | $sql_where = '';
|
---|
1012 |
|
---|
1013 | if ($row = $db->sql_fetchrow($result))
|
---|
1014 | {
|
---|
1015 | $banlist_ary_tmp = array();
|
---|
1016 | do
|
---|
1017 | {
|
---|
1018 | switch ($mode)
|
---|
1019 | {
|
---|
1020 | case 'user':
|
---|
1021 | $banlist_ary_tmp[] = $row['ban_userid'];
|
---|
1022 | break;
|
---|
1023 |
|
---|
1024 | case 'ip':
|
---|
1025 | $banlist_ary_tmp[] = $row['ban_ip'];
|
---|
1026 | break;
|
---|
1027 |
|
---|
1028 | case 'email':
|
---|
1029 | $banlist_ary_tmp[] = $row['ban_email'];
|
---|
1030 | break;
|
---|
1031 | }
|
---|
1032 | }
|
---|
1033 | while ($row = $db->sql_fetchrow($result));
|
---|
1034 |
|
---|
1035 | $banlist_ary_tmp = array_intersect($banlist_ary, $banlist_ary_tmp);
|
---|
1036 |
|
---|
1037 | if (sizeof($banlist_ary_tmp))
|
---|
1038 | {
|
---|
1039 | // One or more entities are already banned/excluded, delete the existing bans, so they can be re-inserted with the given new length
|
---|
1040 | $sql = 'DELETE FROM ' . BANLIST_TABLE . '
|
---|
1041 | WHERE ' . $db->sql_in_set($type, $banlist_ary_tmp) . '
|
---|
1042 | AND ban_exclude = ' . (int) $ban_exclude;
|
---|
1043 | $db->sql_query($sql);
|
---|
1044 | }
|
---|
1045 |
|
---|
1046 | unset($banlist_ary_tmp);
|
---|
1047 | }
|
---|
1048 | $db->sql_freeresult($result);
|
---|
1049 |
|
---|
1050 | // We have some entities to ban
|
---|
1051 | if (sizeof($banlist_ary))
|
---|
1052 | {
|
---|
1053 | $sql_ary = array();
|
---|
1054 |
|
---|
1055 | foreach ($banlist_ary as $ban_entry)
|
---|
1056 | {
|
---|
1057 | $sql_ary[] = array(
|
---|
1058 | $type => $ban_entry,
|
---|
1059 | 'ban_start' => (int) $current_time,
|
---|
1060 | 'ban_end' => (int) $ban_end,
|
---|
1061 | 'ban_exclude' => (int) $ban_exclude,
|
---|
1062 | 'ban_reason' => (string) $ban_reason,
|
---|
1063 | 'ban_give_reason' => (string) $ban_give_reason,
|
---|
1064 | );
|
---|
1065 | }
|
---|
1066 |
|
---|
1067 | $db->sql_multi_insert(BANLIST_TABLE, $sql_ary);
|
---|
1068 |
|
---|
1069 | // If we are banning we want to logout anyone matching the ban
|
---|
1070 | if (!$ban_exclude)
|
---|
1071 | {
|
---|
1072 | switch ($mode)
|
---|
1073 | {
|
---|
1074 | case 'user':
|
---|
1075 | $sql_where = 'WHERE ' . $db->sql_in_set('session_user_id', $banlist_ary);
|
---|
1076 | break;
|
---|
1077 |
|
---|
1078 | case 'ip':
|
---|
1079 | $sql_where = 'WHERE ' . $db->sql_in_set('session_ip', $banlist_ary);
|
---|
1080 | break;
|
---|
1081 |
|
---|
1082 | case 'email':
|
---|
1083 | $banlist_ary_sql = array();
|
---|
1084 |
|
---|
1085 | foreach ($banlist_ary as $ban_entry)
|
---|
1086 | {
|
---|
1087 | $banlist_ary_sql[] = (string) str_replace('*', '%', $ban_entry);
|
---|
1088 | }
|
---|
1089 |
|
---|
1090 | $sql = 'SELECT user_id
|
---|
1091 | FROM ' . USERS_TABLE . '
|
---|
1092 | WHERE ' . $db->sql_in_set('user_email', $banlist_ary_sql);
|
---|
1093 | $result = $db->sql_query($sql);
|
---|
1094 |
|
---|
1095 | $sql_in = array();
|
---|
1096 |
|
---|
1097 | if ($row = $db->sql_fetchrow($result))
|
---|
1098 | {
|
---|
1099 | do
|
---|
1100 | {
|
---|
1101 | $sql_in[] = $row['user_id'];
|
---|
1102 | }
|
---|
1103 | while ($row = $db->sql_fetchrow($result));
|
---|
1104 |
|
---|
1105 | $sql_where = 'WHERE ' . $db->sql_in_set('session_user_id', $sql_in);
|
---|
1106 | }
|
---|
1107 | $db->sql_freeresult($result);
|
---|
1108 | break;
|
---|
1109 | }
|
---|
1110 |
|
---|
1111 | if (isset($sql_where) && $sql_where)
|
---|
1112 | {
|
---|
1113 | $sql = 'DELETE FROM ' . SESSIONS_TABLE . "
|
---|
1114 | $sql_where";
|
---|
1115 | $db->sql_query($sql);
|
---|
1116 |
|
---|
1117 | if ($mode == 'user')
|
---|
1118 | {
|
---|
1119 | $sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' ' . ((in_array('*', $banlist_ary)) ? '' : 'WHERE ' . $db->sql_in_set('user_id', $banlist_ary));
|
---|
1120 | $db->sql_query($sql);
|
---|
1121 | }
|
---|
1122 | }
|
---|
1123 | }
|
---|
1124 |
|
---|
1125 | // Update log
|
---|
1126 | $log_entry = ($ban_exclude) ? 'LOG_BAN_EXCLUDE_' : 'LOG_BAN_';
|
---|
1127 |
|
---|
1128 | // Add to moderator log, admin log and user notes
|
---|
1129 | add_log('admin', $log_entry . strtoupper($mode), $ban_reason, $ban_list_log);
|
---|
1130 | add_log('mod', 0, 0, $log_entry . strtoupper($mode), $ban_reason, $ban_list_log);
|
---|
1131 | if ($mode == 'user')
|
---|
1132 | {
|
---|
1133 | foreach ($banlist_ary as $user_id)
|
---|
1134 | {
|
---|
1135 | add_log('user', $user_id, $log_entry . strtoupper($mode), $ban_reason, $ban_list_log);
|
---|
1136 | }
|
---|
1137 | }
|
---|
1138 |
|
---|
1139 | $cache->destroy('sql', BANLIST_TABLE);
|
---|
1140 |
|
---|
1141 | return true;
|
---|
1142 | }
|
---|
1143 |
|
---|
1144 | // There was nothing to ban/exclude. But destroying the cache because of the removal of stale bans.
|
---|
1145 | $cache->destroy('sql', BANLIST_TABLE);
|
---|
1146 |
|
---|
1147 | return false;
|
---|
1148 | }
|
---|
1149 |
|
---|
1150 | /**
|
---|
1151 | * Unban User
|
---|
1152 | */
|
---|
1153 | function user_unban($mode, $ban)
|
---|
1154 | {
|
---|
1155 | global $db, $user, $auth, $cache;
|
---|
1156 |
|
---|
1157 | // Delete stale bans
|
---|
1158 | $sql = 'DELETE FROM ' . BANLIST_TABLE . '
|
---|
1159 | WHERE ban_end < ' . time() . '
|
---|
1160 | AND ban_end <> 0';
|
---|
1161 | $db->sql_query($sql);
|
---|
1162 |
|
---|
1163 | if (!is_array($ban))
|
---|
1164 | {
|
---|
1165 | $ban = array($ban);
|
---|
1166 | }
|
---|
1167 |
|
---|
1168 | $unban_sql = array_map('intval', $ban);
|
---|
1169 |
|
---|
1170 | if (sizeof($unban_sql))
|
---|
1171 | {
|
---|
1172 | // Grab details of bans for logging information later
|
---|
1173 | switch ($mode)
|
---|
1174 | {
|
---|
1175 | case 'user':
|
---|
1176 | $sql = 'SELECT u.username AS unban_info, u.user_id
|
---|
1177 | FROM ' . USERS_TABLE . ' u, ' . BANLIST_TABLE . ' b
|
---|
1178 | WHERE ' . $db->sql_in_set('b.ban_id', $unban_sql) . '
|
---|
1179 | AND u.user_id = b.ban_userid';
|
---|
1180 | break;
|
---|
1181 |
|
---|
1182 | case 'email':
|
---|
1183 | $sql = 'SELECT ban_email AS unban_info
|
---|
1184 | FROM ' . BANLIST_TABLE . '
|
---|
1185 | WHERE ' . $db->sql_in_set('ban_id', $unban_sql);
|
---|
1186 | break;
|
---|
1187 |
|
---|
1188 | case 'ip':
|
---|
1189 | $sql = 'SELECT ban_ip AS unban_info
|
---|
1190 | FROM ' . BANLIST_TABLE . '
|
---|
1191 | WHERE ' . $db->sql_in_set('ban_id', $unban_sql);
|
---|
1192 | break;
|
---|
1193 | }
|
---|
1194 | $result = $db->sql_query($sql);
|
---|
1195 |
|
---|
1196 | $l_unban_list = '';
|
---|
1197 | $user_ids_ary = array();
|
---|
1198 | while ($row = $db->sql_fetchrow($result))
|
---|
1199 | {
|
---|
1200 | $l_unban_list .= (($l_unban_list != '') ? ', ' : '') . $row['unban_info'];
|
---|
1201 | if ($mode == 'user')
|
---|
1202 | {
|
---|
1203 | $user_ids_ary[] = $row['user_id'];
|
---|
1204 | }
|
---|
1205 | }
|
---|
1206 | $db->sql_freeresult($result);
|
---|
1207 |
|
---|
1208 | $sql = 'DELETE FROM ' . BANLIST_TABLE . '
|
---|
1209 | WHERE ' . $db->sql_in_set('ban_id', $unban_sql);
|
---|
1210 | $db->sql_query($sql);
|
---|
1211 |
|
---|
1212 | // Add to moderator log, admin log and user notes
|
---|
1213 | add_log('admin', 'LOG_UNBAN_' . strtoupper($mode), $l_unban_list);
|
---|
1214 | add_log('mod', 0, 0, 'LOG_UNBAN_' . strtoupper($mode), $l_unban_list);
|
---|
1215 | if ($mode == 'user')
|
---|
1216 | {
|
---|
1217 | foreach ($user_ids_ary as $user_id)
|
---|
1218 | {
|
---|
1219 | add_log('user', $user_id, 'LOG_UNBAN_' . strtoupper($mode), $l_unban_list);
|
---|
1220 | }
|
---|
1221 | }
|
---|
1222 | }
|
---|
1223 |
|
---|
1224 | $cache->destroy('sql', BANLIST_TABLE);
|
---|
1225 |
|
---|
1226 | return false;
|
---|
1227 | }
|
---|
1228 |
|
---|
1229 | /**
|
---|
1230 | * Whois facility
|
---|
1231 | *
|
---|
1232 | * @link http://tools.ietf.org/html/rfc3912 RFC3912: WHOIS Protocol Specification
|
---|
1233 | */
|
---|
1234 | function user_ipwhois($ip)
|
---|
1235 | {
|
---|
1236 | $ipwhois = '';
|
---|
1237 |
|
---|
1238 | // Check IP
|
---|
1239 | // Only supporting IPv4 at the moment...
|
---|
1240 | if (empty($ip) || !preg_match(get_preg_expression('ipv4'), $ip))
|
---|
1241 | {
|
---|
1242 | return '';
|
---|
1243 | }
|
---|
1244 |
|
---|
1245 | if (($fsk = @fsockopen('whois.arin.net', 43)))
|
---|
1246 | {
|
---|
1247 | // CRLF as per RFC3912
|
---|
1248 | fputs($fsk, "$ip\r\n");
|
---|
1249 | while (!feof($fsk))
|
---|
1250 | {
|
---|
1251 | $ipwhois .= fgets($fsk, 1024);
|
---|
1252 | }
|
---|
1253 | @fclose($fsk);
|
---|
1254 | }
|
---|
1255 |
|
---|
1256 | $match = array();
|
---|
1257 |
|
---|
1258 | // Test for referrals from ARIN to other whois databases, roll on rwhois
|
---|
1259 | if (preg_match('#ReferralServer: whois://(.+)#im', $ipwhois, $match))
|
---|
1260 | {
|
---|
1261 | if (strpos($match[1], ':') !== false)
|
---|
1262 | {
|
---|
1263 | $pos = strrpos($match[1], ':');
|
---|
1264 | $server = substr($match[1], 0, $pos);
|
---|
1265 | $port = (int) substr($match[1], $pos + 1);
|
---|
1266 | unset($pos);
|
---|
1267 | }
|
---|
1268 | else
|
---|
1269 | {
|
---|
1270 | $server = $match[1];
|
---|
1271 | $port = 43;
|
---|
1272 | }
|
---|
1273 |
|
---|
1274 | $buffer = '';
|
---|
1275 |
|
---|
1276 | if (($fsk = @fsockopen($server, $port)))
|
---|
1277 | {
|
---|
1278 | fputs($fsk, "$ip\r\n");
|
---|
1279 | while (!feof($fsk))
|
---|
1280 | {
|
---|
1281 | $buffer .= fgets($fsk, 1024);
|
---|
1282 | }
|
---|
1283 | @fclose($fsk);
|
---|
1284 | }
|
---|
1285 |
|
---|
1286 | // Use the result from ARIN if we don't get any result here
|
---|
1287 | $ipwhois = (empty($buffer)) ? $ipwhois : $buffer;
|
---|
1288 | }
|
---|
1289 |
|
---|
1290 | $ipwhois = htmlspecialchars($ipwhois);
|
---|
1291 |
|
---|
1292 | // Magic URL ;)
|
---|
1293 | return trim(make_clickable($ipwhois, false, ''));
|
---|
1294 | }
|
---|
1295 |
|
---|
1296 | /**
|
---|
1297 | * Data validation ... used primarily but not exclusively by ucp modules
|
---|
1298 | *
|
---|
1299 | * "Master" function for validating a range of data types
|
---|
1300 | */
|
---|
1301 | function validate_data($data, $val_ary)
|
---|
1302 | {
|
---|
1303 | global $user;
|
---|
1304 |
|
---|
1305 | $error = array();
|
---|
1306 |
|
---|
1307 | foreach ($val_ary as $var => $val_seq)
|
---|
1308 | {
|
---|
1309 | if (!is_array($val_seq[0]))
|
---|
1310 | {
|
---|
1311 | $val_seq = array($val_seq);
|
---|
1312 | }
|
---|
1313 |
|
---|
1314 | foreach ($val_seq as $validate)
|
---|
1315 | {
|
---|
1316 | $function = array_shift($validate);
|
---|
1317 | array_unshift($validate, $data[$var]);
|
---|
1318 |
|
---|
1319 | if ($result = call_user_func_array('validate_' . $function, $validate))
|
---|
1320 | {
|
---|
1321 | // Since errors are checked later for their language file existence, we need to make sure custom errors are not adjusted.
|
---|
1322 | $error[] = (empty($user->lang[$result . '_' . strtoupper($var)])) ? $result : $result . '_' . strtoupper($var);
|
---|
1323 | }
|
---|
1324 | }
|
---|
1325 | }
|
---|
1326 |
|
---|
1327 | return $error;
|
---|
1328 | }
|
---|
1329 |
|
---|
1330 | /**
|
---|
1331 | * Validate String
|
---|
1332 | *
|
---|
1333 | * @return boolean|string Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
|
---|
1334 | */
|
---|
1335 | function validate_string($string, $optional = false, $min = 0, $max = 0)
|
---|
1336 | {
|
---|
1337 | if (empty($string) && $optional)
|
---|
1338 | {
|
---|
1339 | return false;
|
---|
1340 | }
|
---|
1341 |
|
---|
1342 | if ($min && utf8_strlen(htmlspecialchars_decode($string)) < $min)
|
---|
1343 | {
|
---|
1344 | return 'TOO_SHORT';
|
---|
1345 | }
|
---|
1346 | else if ($max && utf8_strlen(htmlspecialchars_decode($string)) > $max)
|
---|
1347 | {
|
---|
1348 | return 'TOO_LONG';
|
---|
1349 | }
|
---|
1350 |
|
---|
1351 | return false;
|
---|
1352 | }
|
---|
1353 |
|
---|
1354 | /**
|
---|
1355 | * Validate Number
|
---|
1356 | *
|
---|
1357 | * @return boolean|string Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
|
---|
1358 | */
|
---|
1359 | function validate_num($num, $optional = false, $min = 0, $max = 1E99)
|
---|
1360 | {
|
---|
1361 | if (empty($num) && $optional)
|
---|
1362 | {
|
---|
1363 | return false;
|
---|
1364 | }
|
---|
1365 |
|
---|
1366 | if ($num < $min)
|
---|
1367 | {
|
---|
1368 | return 'TOO_SMALL';
|
---|
1369 | }
|
---|
1370 | else if ($num > $max)
|
---|
1371 | {
|
---|
1372 | return 'TOO_LARGE';
|
---|
1373 | }
|
---|
1374 |
|
---|
1375 | return false;
|
---|
1376 | }
|
---|
1377 |
|
---|
1378 | /**
|
---|
1379 | * Validate Date
|
---|
1380 | * @param String $string a date in the dd-mm-yyyy format
|
---|
1381 | * @return boolean
|
---|
1382 | */
|
---|
1383 | function validate_date($date_string, $optional = false)
|
---|
1384 | {
|
---|
1385 | $date = explode('-', $date_string);
|
---|
1386 | if ((empty($date) || sizeof($date) != 3) && $optional)
|
---|
1387 | {
|
---|
1388 | return false;
|
---|
1389 | }
|
---|
1390 | else if ($optional)
|
---|
1391 | {
|
---|
1392 | for ($field = 0; $field <= 1; $field++)
|
---|
1393 | {
|
---|
1394 | $date[$field] = (int) $date[$field];
|
---|
1395 | if (empty($date[$field]))
|
---|
1396 | {
|
---|
1397 | $date[$field] = 1;
|
---|
1398 | }
|
---|
1399 | }
|
---|
1400 | $date[2] = (int) $date[2];
|
---|
1401 | // assume an arbitrary leap year
|
---|
1402 | if (empty($date[2]))
|
---|
1403 | {
|
---|
1404 | $date[2] = 1980;
|
---|
1405 | }
|
---|
1406 | }
|
---|
1407 |
|
---|
1408 | if (sizeof($date) != 3 || !checkdate($date[1], $date[0], $date[2]))
|
---|
1409 | {
|
---|
1410 | return 'INVALID';
|
---|
1411 | }
|
---|
1412 |
|
---|
1413 | return false;
|
---|
1414 | }
|
---|
1415 |
|
---|
1416 |
|
---|
1417 | /**
|
---|
1418 | * Validate Match
|
---|
1419 | *
|
---|
1420 | * @return boolean|string Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
|
---|
1421 | */
|
---|
1422 | function validate_match($string, $optional = false, $match = '')
|
---|
1423 | {
|
---|
1424 | if (empty($string) && $optional)
|
---|
1425 | {
|
---|
1426 | return false;
|
---|
1427 | }
|
---|
1428 |
|
---|
1429 | if (empty($match))
|
---|
1430 | {
|
---|
1431 | return false;
|
---|
1432 | }
|
---|
1433 |
|
---|
1434 | if (!preg_match($match, $string))
|
---|
1435 | {
|
---|
1436 | return 'WRONG_DATA';
|
---|
1437 | }
|
---|
1438 |
|
---|
1439 | return false;
|
---|
1440 | }
|
---|
1441 |
|
---|
1442 | /**
|
---|
1443 | * Check to see if the username has been taken, or if it is disallowed.
|
---|
1444 | * Also checks if it includes the " character, which we don't allow in usernames.
|
---|
1445 | * Used for registering, changing names, and posting anonymously with a username
|
---|
1446 | *
|
---|
1447 | * @param string $username The username to check
|
---|
1448 | * @param string $allowed_username An allowed username, default being $user->data['username']
|
---|
1449 | *
|
---|
1450 | * @return mixed Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
|
---|
1451 | */
|
---|
1452 | function validate_username($username, $allowed_username = false)
|
---|
1453 | {
|
---|
1454 | global $config, $db, $user, $cache;
|
---|
1455 |
|
---|
1456 | $clean_username = utf8_clean_string($username);
|
---|
1457 | $allowed_username = ($allowed_username === false) ? $user->data['username_clean'] : utf8_clean_string($allowed_username);
|
---|
1458 |
|
---|
1459 | if ($allowed_username == $clean_username)
|
---|
1460 | {
|
---|
1461 | return false;
|
---|
1462 | }
|
---|
1463 |
|
---|
1464 | // ... fast checks first.
|
---|
1465 | if (strpos($username, '"') !== false || strpos($username, '"') !== false || empty($clean_username))
|
---|
1466 | {
|
---|
1467 | return 'INVALID_CHARS';
|
---|
1468 | }
|
---|
1469 |
|
---|
1470 | $mbstring = $pcre = false;
|
---|
1471 |
|
---|
1472 | // generic UTF-8 character types supported?
|
---|
1473 | if ((version_compare(PHP_VERSION, '5.1.0', '>=') || (version_compare(PHP_VERSION, '5.0.0-dev', '<=') && version_compare(PHP_VERSION, '4.4.0', '>='))) && @preg_match('/\p{L}/u', 'a') !== false)
|
---|
1474 | {
|
---|
1475 | $pcre = true;
|
---|
1476 | }
|
---|
1477 | else if (function_exists('mb_ereg_match'))
|
---|
1478 | {
|
---|
1479 | mb_regex_encoding('UTF-8');
|
---|
1480 | $mbstring = true;
|
---|
1481 | }
|
---|
1482 |
|
---|
1483 | switch ($config['allow_name_chars'])
|
---|
1484 | {
|
---|
1485 | case 'USERNAME_CHARS_ANY':
|
---|
1486 | $pcre = true;
|
---|
1487 | $regex = '.+';
|
---|
1488 | break;
|
---|
1489 |
|
---|
1490 | case 'USERNAME_ALPHA_ONLY':
|
---|
1491 | $pcre = true;
|
---|
1492 | $regex = '[A-Za-z0-9]+';
|
---|
1493 | break;
|
---|
1494 |
|
---|
1495 | case 'USERNAME_ALPHA_SPACERS':
|
---|
1496 | $pcre = true;
|
---|
1497 | $regex = '[A-Za-z0-9-[\]_+ ]+';
|
---|
1498 | break;
|
---|
1499 |
|
---|
1500 | case 'USERNAME_LETTER_NUM':
|
---|
1501 | if ($pcre)
|
---|
1502 | {
|
---|
1503 | $regex = '[\p{Lu}\p{Ll}\p{N}]+';
|
---|
1504 | }
|
---|
1505 | else if ($mbstring)
|
---|
1506 | {
|
---|
1507 | $regex = '[[:upper:][:lower:][:digit:]]+';
|
---|
1508 | }
|
---|
1509 | else
|
---|
1510 | {
|
---|
1511 | $pcre = true;
|
---|
1512 | $regex = '[a-zA-Z0-9]+';
|
---|
1513 | }
|
---|
1514 | break;
|
---|
1515 |
|
---|
1516 | case 'USERNAME_LETTER_NUM_SPACERS':
|
---|
1517 | if ($pcre)
|
---|
1518 | {
|
---|
1519 | $regex = '[-\]_+ [\p{Lu}\p{Ll}\p{N}]+';
|
---|
1520 | }
|
---|
1521 | else if ($mbstring)
|
---|
1522 | {
|
---|
1523 | $regex = '[-\]_+ \[[:upper:][:lower:][:digit:]]+';
|
---|
1524 | }
|
---|
1525 | else
|
---|
1526 | {
|
---|
1527 | $pcre = true;
|
---|
1528 | $regex = '[-\]_+ [a-zA-Z0-9]+';
|
---|
1529 | }
|
---|
1530 | break;
|
---|
1531 |
|
---|
1532 | case 'USERNAME_ASCII':
|
---|
1533 | default:
|
---|
1534 | $pcre = true;
|
---|
1535 | $regex = '[\x01-\x7F]+';
|
---|
1536 | break;
|
---|
1537 | }
|
---|
1538 |
|
---|
1539 | if ($pcre)
|
---|
1540 | {
|
---|
1541 | if (!preg_match('#^' . $regex . '$#u', $username))
|
---|
1542 | {
|
---|
1543 | return 'INVALID_CHARS';
|
---|
1544 | }
|
---|
1545 | }
|
---|
1546 | else if ($mbstring)
|
---|
1547 | {
|
---|
1548 | mb_ereg_search_init($username, '^' . $regex . '$');
|
---|
1549 | if (!mb_ereg_search())
|
---|
1550 | {
|
---|
1551 | return 'INVALID_CHARS';
|
---|
1552 | }
|
---|
1553 | }
|
---|
1554 |
|
---|
1555 | $sql = 'SELECT username
|
---|
1556 | FROM ' . USERS_TABLE . "
|
---|
1557 | WHERE username_clean = '" . $db->sql_escape($clean_username) . "'";
|
---|
1558 | $result = $db->sql_query($sql);
|
---|
1559 | $row = $db->sql_fetchrow($result);
|
---|
1560 | $db->sql_freeresult($result);
|
---|
1561 |
|
---|
1562 | if ($row)
|
---|
1563 | {
|
---|
1564 | return 'USERNAME_TAKEN';
|
---|
1565 | }
|
---|
1566 |
|
---|
1567 | $sql = 'SELECT group_name
|
---|
1568 | FROM ' . GROUPS_TABLE . "
|
---|
1569 | WHERE LOWER(group_name) = '" . $db->sql_escape(utf8_strtolower($username)) . "'";
|
---|
1570 | $result = $db->sql_query($sql);
|
---|
1571 | $row = $db->sql_fetchrow($result);
|
---|
1572 | $db->sql_freeresult($result);
|
---|
1573 |
|
---|
1574 | if ($row)
|
---|
1575 | {
|
---|
1576 | return 'USERNAME_TAKEN';
|
---|
1577 | }
|
---|
1578 |
|
---|
1579 | $bad_usernames = $cache->obtain_disallowed_usernames();
|
---|
1580 |
|
---|
1581 | foreach ($bad_usernames as $bad_username)
|
---|
1582 | {
|
---|
1583 | if (preg_match('#^' . $bad_username . '$#', $clean_username))
|
---|
1584 | {
|
---|
1585 | return 'USERNAME_DISALLOWED';
|
---|
1586 | }
|
---|
1587 | }
|
---|
1588 |
|
---|
1589 | return false;
|
---|
1590 | }
|
---|
1591 |
|
---|
1592 | /**
|
---|
1593 | * Check to see if the password meets the complexity settings
|
---|
1594 | *
|
---|
1595 | * @return boolean|string Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
|
---|
1596 | */
|
---|
1597 | function validate_password($password)
|
---|
1598 | {
|
---|
1599 | global $config, $db, $user;
|
---|
1600 |
|
---|
1601 | if (!$password)
|
---|
1602 | {
|
---|
1603 | return false;
|
---|
1604 | }
|
---|
1605 |
|
---|
1606 | $pcre = $mbstring = false;
|
---|
1607 |
|
---|
1608 | // generic UTF-8 character types supported?
|
---|
1609 | if ((version_compare(PHP_VERSION, '5.1.0', '>=') || (version_compare(PHP_VERSION, '5.0.0-dev', '<=') && version_compare(PHP_VERSION, '4.4.0', '>='))) && @preg_match('/\p{L}/u', 'a') !== false)
|
---|
1610 | {
|
---|
1611 | $upp = '\p{Lu}';
|
---|
1612 | $low = '\p{Ll}';
|
---|
1613 | $let = '\p{L}';
|
---|
1614 | $num = '\p{N}';
|
---|
1615 | $sym = '[^\p{Lu}\p{Ll}\p{N}]';
|
---|
1616 | $pcre = true;
|
---|
1617 | }
|
---|
1618 | else if (function_exists('mb_ereg_match'))
|
---|
1619 | {
|
---|
1620 | mb_regex_encoding('UTF-8');
|
---|
1621 | $upp = '[[:upper:]]';
|
---|
1622 | $low = '[[:lower:]]';
|
---|
1623 | $let = '[[:lower:][:upper:]]';
|
---|
1624 | $num = '[[:digit:]]';
|
---|
1625 | $sym = '[^[:upper:][:lower:][:digit:]]';
|
---|
1626 | $mbstring = true;
|
---|
1627 | }
|
---|
1628 | else
|
---|
1629 | {
|
---|
1630 | $upp = '[A-Z]';
|
---|
1631 | $low = '[a-z]';
|
---|
1632 | $let = '[a-zA-Z]';
|
---|
1633 | $num = '[0-9]';
|
---|
1634 | $sym = '[^A-Za-z0-9]';
|
---|
1635 | $pcre = true;
|
---|
1636 | }
|
---|
1637 |
|
---|
1638 | $chars = array();
|
---|
1639 |
|
---|
1640 | switch ($config['pass_complex'])
|
---|
1641 | {
|
---|
1642 | case 'PASS_TYPE_CASE':
|
---|
1643 | $chars[] = $low;
|
---|
1644 | $chars[] = $upp;
|
---|
1645 | break;
|
---|
1646 |
|
---|
1647 | case 'PASS_TYPE_ALPHA':
|
---|
1648 | $chars[] = $let;
|
---|
1649 | $chars[] = $num;
|
---|
1650 | break;
|
---|
1651 |
|
---|
1652 | case 'PASS_TYPE_SYMBOL':
|
---|
1653 | $chars[] = $low;
|
---|
1654 | $chars[] = $upp;
|
---|
1655 | $chars[] = $num;
|
---|
1656 | $chars[] = $sym;
|
---|
1657 | break;
|
---|
1658 | }
|
---|
1659 |
|
---|
1660 | if ($pcre)
|
---|
1661 | {
|
---|
1662 | foreach ($chars as $char)
|
---|
1663 | {
|
---|
1664 | if (!preg_match('#' . $char . '#u', $password))
|
---|
1665 | {
|
---|
1666 | return 'INVALID_CHARS';
|
---|
1667 | }
|
---|
1668 | }
|
---|
1669 | }
|
---|
1670 | else if ($mbstring)
|
---|
1671 | {
|
---|
1672 | foreach ($chars as $char)
|
---|
1673 | {
|
---|
1674 | if (mb_ereg($char, $password) === false)
|
---|
1675 | {
|
---|
1676 | return 'INVALID_CHARS';
|
---|
1677 | }
|
---|
1678 | }
|
---|
1679 | }
|
---|
1680 |
|
---|
1681 | return false;
|
---|
1682 | }
|
---|
1683 |
|
---|
1684 | /**
|
---|
1685 | * Check to see if email address is banned or already present in the DB
|
---|
1686 | *
|
---|
1687 | * @param string $email The email to check
|
---|
1688 | * @param string $allowed_email An allowed email, default being $user->data['user_email']
|
---|
1689 | *
|
---|
1690 | * @return mixed Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
|
---|
1691 | */
|
---|
1692 | function validate_email($email, $allowed_email = false)
|
---|
1693 | {
|
---|
1694 | global $config, $db, $user;
|
---|
1695 |
|
---|
1696 | $email = strtolower($email);
|
---|
1697 | $allowed_email = ($allowed_email === false) ? strtolower($user->data['user_email']) : strtolower($allowed_email);
|
---|
1698 |
|
---|
1699 | if ($allowed_email == $email)
|
---|
1700 | {
|
---|
1701 | return false;
|
---|
1702 | }
|
---|
1703 |
|
---|
1704 | if (!preg_match('/^' . get_preg_expression('email') . '$/i', $email))
|
---|
1705 | {
|
---|
1706 | return 'EMAIL_INVALID';
|
---|
1707 | }
|
---|
1708 |
|
---|
1709 | // Check MX record.
|
---|
1710 | // The idea for this is from reading the UseBB blog/announcement. :)
|
---|
1711 | if ($config['email_check_mx'])
|
---|
1712 | {
|
---|
1713 | list(, $domain) = explode('@', $email);
|
---|
1714 |
|
---|
1715 | if (phpbb_checkdnsrr($domain, 'A') === false && phpbb_checkdnsrr($domain, 'MX') === false)
|
---|
1716 | {
|
---|
1717 | return 'DOMAIN_NO_MX_RECORD';
|
---|
1718 | }
|
---|
1719 | }
|
---|
1720 |
|
---|
1721 | if (($ban_reason = $user->check_ban(false, false, $email, true)) !== false)
|
---|
1722 | {
|
---|
1723 | return ($ban_reason === true) ? 'EMAIL_BANNED' : $ban_reason;
|
---|
1724 | }
|
---|
1725 |
|
---|
1726 | if (!$config['allow_emailreuse'])
|
---|
1727 | {
|
---|
1728 | $sql = 'SELECT user_email_hash
|
---|
1729 | FROM ' . USERS_TABLE . "
|
---|
1730 | WHERE user_email_hash = " . $db->sql_escape(phpbb_email_hash($email));
|
---|
1731 | $result = $db->sql_query($sql);
|
---|
1732 | $row = $db->sql_fetchrow($result);
|
---|
1733 | $db->sql_freeresult($result);
|
---|
1734 |
|
---|
1735 | if ($row)
|
---|
1736 | {
|
---|
1737 | return 'EMAIL_TAKEN';
|
---|
1738 | }
|
---|
1739 | }
|
---|
1740 |
|
---|
1741 | return false;
|
---|
1742 | }
|
---|
1743 |
|
---|
1744 | /**
|
---|
1745 | * Validate jabber address
|
---|
1746 | * Taken from the jabber class within flyspray (see author notes)
|
---|
1747 | *
|
---|
1748 | * @author flyspray.org
|
---|
1749 | */
|
---|
1750 | function validate_jabber($jid)
|
---|
1751 | {
|
---|
1752 | if (!$jid)
|
---|
1753 | {
|
---|
1754 | return false;
|
---|
1755 | }
|
---|
1756 |
|
---|
1757 | $seperator_pos = strpos($jid, '@');
|
---|
1758 |
|
---|
1759 | if ($seperator_pos === false)
|
---|
1760 | {
|
---|
1761 | return 'WRONG_DATA';
|
---|
1762 | }
|
---|
1763 |
|
---|
1764 | $username = substr($jid, 0, $seperator_pos);
|
---|
1765 | $realm = substr($jid, $seperator_pos + 1);
|
---|
1766 |
|
---|
1767 | if (strlen($username) == 0 || strlen($realm) < 3)
|
---|
1768 | {
|
---|
1769 | return 'WRONG_DATA';
|
---|
1770 | }
|
---|
1771 |
|
---|
1772 | $arr = explode('.', $realm);
|
---|
1773 |
|
---|
1774 | if (sizeof($arr) == 0)
|
---|
1775 | {
|
---|
1776 | return 'WRONG_DATA';
|
---|
1777 | }
|
---|
1778 |
|
---|
1779 | foreach ($arr as $part)
|
---|
1780 | {
|
---|
1781 | if (substr($part, 0, 1) == '-' || substr($part, -1, 1) == '-')
|
---|
1782 | {
|
---|
1783 | return 'WRONG_DATA';
|
---|
1784 | }
|
---|
1785 |
|
---|
1786 | if (!preg_match("@^[a-zA-Z0-9-.]+$@", $part))
|
---|
1787 | {
|
---|
1788 | return 'WRONG_DATA';
|
---|
1789 | }
|
---|
1790 | }
|
---|
1791 |
|
---|
1792 | $boundary = array(array(0, 127), array(192, 223), array(224, 239), array(240, 247), array(248, 251), array(252, 253));
|
---|
1793 |
|
---|
1794 | // Prohibited Characters RFC3454 + RFC3920
|
---|
1795 | $prohibited = array(
|
---|
1796 | // Table C.1.1
|
---|
1797 | array(0x0020, 0x0020), // SPACE
|
---|
1798 | // Table C.1.2
|
---|
1799 | array(0x00A0, 0x00A0), // NO-BREAK SPACE
|
---|
1800 | array(0x1680, 0x1680), // OGHAM SPACE MARK
|
---|
1801 | array(0x2000, 0x2001), // EN QUAD
|
---|
1802 | array(0x2001, 0x2001), // EM QUAD
|
---|
1803 | array(0x2002, 0x2002), // EN SPACE
|
---|
1804 | array(0x2003, 0x2003), // EM SPACE
|
---|
1805 | array(0x2004, 0x2004), // THREE-PER-EM SPACE
|
---|
1806 | array(0x2005, 0x2005), // FOUR-PER-EM SPACE
|
---|
1807 | array(0x2006, 0x2006), // SIX-PER-EM SPACE
|
---|
1808 | array(0x2007, 0x2007), // FIGURE SPACE
|
---|
1809 | array(0x2008, 0x2008), // PUNCTUATION SPACE
|
---|
1810 | array(0x2009, 0x2009), // THIN SPACE
|
---|
1811 | array(0x200A, 0x200A), // HAIR SPACE
|
---|
1812 | array(0x200B, 0x200B), // ZERO WIDTH SPACE
|
---|
1813 | array(0x202F, 0x202F), // NARROW NO-BREAK SPACE
|
---|
1814 | array(0x205F, 0x205F), // MEDIUM MATHEMATICAL SPACE
|
---|
1815 | array(0x3000, 0x3000), // IDEOGRAPHIC SPACE
|
---|
1816 | // Table C.2.1
|
---|
1817 | array(0x0000, 0x001F), // [CONTROL CHARACTERS]
|
---|
1818 | array(0x007F, 0x007F), // DELETE
|
---|
1819 | // Table C.2.2
|
---|
1820 | array(0x0080, 0x009F), // [CONTROL CHARACTERS]
|
---|
1821 | array(0x06DD, 0x06DD), // ARABIC END OF AYAH
|
---|
1822 | array(0x070F, 0x070F), // SYRIAC ABBREVIATION MARK
|
---|
1823 | array(0x180E, 0x180E), // MONGOLIAN VOWEL SEPARATOR
|
---|
1824 | array(0x200C, 0x200C), // ZERO WIDTH NON-JOINER
|
---|
1825 | array(0x200D, 0x200D), // ZERO WIDTH JOINER
|
---|
1826 | array(0x2028, 0x2028), // LINE SEPARATOR
|
---|
1827 | array(0x2029, 0x2029), // PARAGRAPH SEPARATOR
|
---|
1828 | array(0x2060, 0x2060), // WORD JOINER
|
---|
1829 | array(0x2061, 0x2061), // FUNCTION APPLICATION
|
---|
1830 | array(0x2062, 0x2062), // INVISIBLE TIMES
|
---|
1831 | array(0x2063, 0x2063), // INVISIBLE SEPARATOR
|
---|
1832 | array(0x206A, 0x206F), // [CONTROL CHARACTERS]
|
---|
1833 | array(0xFEFF, 0xFEFF), // ZERO WIDTH NO-BREAK SPACE
|
---|
1834 | array(0xFFF9, 0xFFFC), // [CONTROL CHARACTERS]
|
---|
1835 | array(0x1D173, 0x1D17A), // [MUSICAL CONTROL CHARACTERS]
|
---|
1836 | // Table C.3
|
---|
1837 | array(0xE000, 0xF8FF), // [PRIVATE USE, PLANE 0]
|
---|
1838 | array(0xF0000, 0xFFFFD), // [PRIVATE USE, PLANE 15]
|
---|
1839 | array(0x100000, 0x10FFFD), // [PRIVATE USE, PLANE 16]
|
---|
1840 | // Table C.4
|
---|
1841 | array(0xFDD0, 0xFDEF), // [NONCHARACTER CODE POINTS]
|
---|
1842 | array(0xFFFE, 0xFFFF), // [NONCHARACTER CODE POINTS]
|
---|
1843 | array(0x1FFFE, 0x1FFFF), // [NONCHARACTER CODE POINTS]
|
---|
1844 | array(0x2FFFE, 0x2FFFF), // [NONCHARACTER CODE POINTS]
|
---|
1845 | array(0x3FFFE, 0x3FFFF), // [NONCHARACTER CODE POINTS]
|
---|
1846 | array(0x4FFFE, 0x4FFFF), // [NONCHARACTER CODE POINTS]
|
---|
1847 | array(0x5FFFE, 0x5FFFF), // [NONCHARACTER CODE POINTS]
|
---|
1848 | array(0x6FFFE, 0x6FFFF), // [NONCHARACTER CODE POINTS]
|
---|
1849 | array(0x7FFFE, 0x7FFFF), // [NONCHARACTER CODE POINTS]
|
---|
1850 | array(0x8FFFE, 0x8FFFF), // [NONCHARACTER CODE POINTS]
|
---|
1851 | array(0x9FFFE, 0x9FFFF), // [NONCHARACTER CODE POINTS]
|
---|
1852 | array(0xAFFFE, 0xAFFFF), // [NONCHARACTER CODE POINTS]
|
---|
1853 | array(0xBFFFE, 0xBFFFF), // [NONCHARACTER CODE POINTS]
|
---|
1854 | array(0xCFFFE, 0xCFFFF), // [NONCHARACTER CODE POINTS]
|
---|
1855 | array(0xDFFFE, 0xDFFFF), // [NONCHARACTER CODE POINTS]
|
---|
1856 | array(0xEFFFE, 0xEFFFF), // [NONCHARACTER CODE POINTS]
|
---|
1857 | array(0xFFFFE, 0xFFFFF), // [NONCHARACTER CODE POINTS]
|
---|
1858 | array(0x10FFFE, 0x10FFFF), // [NONCHARACTER CODE POINTS]
|
---|
1859 | // Table C.5
|
---|
1860 | array(0xD800, 0xDFFF), // [SURROGATE CODES]
|
---|
1861 | // Table C.6
|
---|
1862 | array(0xFFF9, 0xFFF9), // INTERLINEAR ANNOTATION ANCHOR
|
---|
1863 | array(0xFFFA, 0xFFFA), // INTERLINEAR ANNOTATION SEPARATOR
|
---|
1864 | array(0xFFFB, 0xFFFB), // INTERLINEAR ANNOTATION TERMINATOR
|
---|
1865 | array(0xFFFC, 0xFFFC), // OBJECT REPLACEMENT CHARACTER
|
---|
1866 | array(0xFFFD, 0xFFFD), // REPLACEMENT CHARACTER
|
---|
1867 | // Table C.7
|
---|
1868 | array(0x2FF0, 0x2FFB), // [IDEOGRAPHIC DESCRIPTION CHARACTERS]
|
---|
1869 | // Table C.8
|
---|
1870 | array(0x0340, 0x0340), // COMBINING GRAVE TONE MARK
|
---|
1871 | array(0x0341, 0x0341), // COMBINING ACUTE TONE MARK
|
---|
1872 | array(0x200E, 0x200E), // LEFT-TO-RIGHT MARK
|
---|
1873 | array(0x200F, 0x200F), // RIGHT-TO-LEFT MARK
|
---|
1874 | array(0x202A, 0x202A), // LEFT-TO-RIGHT EMBEDDING
|
---|
1875 | array(0x202B, 0x202B), // RIGHT-TO-LEFT EMBEDDING
|
---|
1876 | array(0x202C, 0x202C), // POP DIRECTIONAL FORMATTING
|
---|
1877 | array(0x202D, 0x202D), // LEFT-TO-RIGHT OVERRIDE
|
---|
1878 | array(0x202E, 0x202E), // RIGHT-TO-LEFT OVERRIDE
|
---|
1879 | array(0x206A, 0x206A), // INHIBIT SYMMETRIC SWAPPING
|
---|
1880 | array(0x206B, 0x206B), // ACTIVATE SYMMETRIC SWAPPING
|
---|
1881 | array(0x206C, 0x206C), // INHIBIT ARABIC FORM SHAPING
|
---|
1882 | array(0x206D, 0x206D), // ACTIVATE ARABIC FORM SHAPING
|
---|
1883 | array(0x206E, 0x206E), // NATIONAL DIGIT SHAPES
|
---|
1884 | array(0x206F, 0x206F), // NOMINAL DIGIT SHAPES
|
---|
1885 | // Table C.9
|
---|
1886 | array(0xE0001, 0xE0001), // LANGUAGE TAG
|
---|
1887 | array(0xE0020, 0xE007F), // [TAGGING CHARACTERS]
|
---|
1888 | // RFC3920
|
---|
1889 | array(0x22, 0x22), // "
|
---|
1890 | array(0x26, 0x26), // &
|
---|
1891 | array(0x27, 0x27), // '
|
---|
1892 | array(0x2F, 0x2F), // /
|
---|
1893 | array(0x3A, 0x3A), // :
|
---|
1894 | array(0x3C, 0x3C), // <
|
---|
1895 | array(0x3E, 0x3E), // >
|
---|
1896 | array(0x40, 0x40) // @
|
---|
1897 | );
|
---|
1898 |
|
---|
1899 | $pos = 0;
|
---|
1900 | $result = true;
|
---|
1901 |
|
---|
1902 | while ($pos < strlen($username))
|
---|
1903 | {
|
---|
1904 | $len = $uni = 0;
|
---|
1905 | for ($i = 0; $i <= 5; $i++)
|
---|
1906 | {
|
---|
1907 | if (ord($username[$pos]) >= $boundary[$i][0] && ord($username[$pos]) <= $boundary[$i][1])
|
---|
1908 | {
|
---|
1909 | $len = $i + 1;
|
---|
1910 | $uni = (ord($username[$pos]) - $boundary[$i][0]) * pow(2, $i * 6);
|
---|
1911 |
|
---|
1912 | for ($k = 1; $k < $len; $k++)
|
---|
1913 | {
|
---|
1914 | $uni += (ord($username[$pos + $k]) - 128) * pow(2, ($i - $k) * 6);
|
---|
1915 | }
|
---|
1916 |
|
---|
1917 | break;
|
---|
1918 | }
|
---|
1919 | }
|
---|
1920 |
|
---|
1921 | if ($len == 0)
|
---|
1922 | {
|
---|
1923 | return 'WRONG_DATA';
|
---|
1924 | }
|
---|
1925 |
|
---|
1926 | foreach ($prohibited as $pval)
|
---|
1927 | {
|
---|
1928 | if ($uni >= $pval[0] && $uni <= $pval[1])
|
---|
1929 | {
|
---|
1930 | $result = false;
|
---|
1931 | break 2;
|
---|
1932 | }
|
---|
1933 | }
|
---|
1934 |
|
---|
1935 | $pos = $pos + $len;
|
---|
1936 | }
|
---|
1937 |
|
---|
1938 | if (!$result)
|
---|
1939 | {
|
---|
1940 | return 'WRONG_DATA';
|
---|
1941 | }
|
---|
1942 |
|
---|
1943 | return false;
|
---|
1944 | }
|
---|
1945 |
|
---|
1946 | /**
|
---|
1947 | * Remove avatar
|
---|
1948 | */
|
---|
1949 | function avatar_delete($mode, $row, $clean_db = false)
|
---|
1950 | {
|
---|
1951 | global $phpbb_root_path, $config, $db, $user;
|
---|
1952 |
|
---|
1953 | // Check if the users avatar is actually *not* a group avatar
|
---|
1954 | if ($mode == 'user')
|
---|
1955 | {
|
---|
1956 | if (strpos($row['user_avatar'], 'g') === 0 || (((int)$row['user_avatar'] !== 0) && ((int)$row['user_avatar'] !== (int)$row['user_id'])))
|
---|
1957 | {
|
---|
1958 | return false;
|
---|
1959 | }
|
---|
1960 | }
|
---|
1961 |
|
---|
1962 | if ($clean_db)
|
---|
1963 | {
|
---|
1964 | avatar_remove_db($row[$mode . '_avatar']);
|
---|
1965 | }
|
---|
1966 | $filename = get_avatar_filename($row[$mode . '_avatar']);
|
---|
1967 | if (file_exists($phpbb_root_path . $config['avatar_path'] . '/' . $filename))
|
---|
1968 | {
|
---|
1969 | @unlink($phpbb_root_path . $config['avatar_path'] . '/' . $filename);
|
---|
1970 | return true;
|
---|
1971 | }
|
---|
1972 |
|
---|
1973 | return false;
|
---|
1974 | }
|
---|
1975 |
|
---|
1976 | /**
|
---|
1977 | * Remote avatar linkage
|
---|
1978 | */
|
---|
1979 | function avatar_remote($data, &$error)
|
---|
1980 | {
|
---|
1981 | global $config, $db, $user, $phpbb_root_path, $phpEx;
|
---|
1982 |
|
---|
1983 | if (!preg_match('#^(http|https|ftp)://#i', $data['remotelink']))
|
---|
1984 | {
|
---|
1985 | $data['remotelink'] = 'http://' . $data['remotelink'];
|
---|
1986 | }
|
---|
1987 | if (!preg_match('#^(http|https|ftp)://(?:(.*?\.)*?[a-z0-9\-]+?\.[a-z]{2,4}|(?:\d{1,3}\.){3,5}\d{1,3}):?([0-9]*?).*?\.(gif|jpg|jpeg|png)$#i', $data['remotelink']))
|
---|
1988 | {
|
---|
1989 | $error[] = $user->lang['AVATAR_URL_INVALID'];
|
---|
1990 | return false;
|
---|
1991 | }
|
---|
1992 |
|
---|
1993 | // Make sure getimagesize works...
|
---|
1994 | if (($image_data = @getimagesize($data['remotelink'])) === false && (empty($data['width']) || empty($data['height'])))
|
---|
1995 | {
|
---|
1996 | $error[] = $user->lang['UNABLE_GET_IMAGE_SIZE'];
|
---|
1997 | return false;
|
---|
1998 | }
|
---|
1999 |
|
---|
2000 | if (!empty($image_data) && ($image_data[0] < 2 || $image_data[1] < 2))
|
---|
2001 | {
|
---|
2002 | $error[] = $user->lang['AVATAR_NO_SIZE'];
|
---|
2003 | return false;
|
---|
2004 | }
|
---|
2005 |
|
---|
2006 | $width = ($data['width'] && $data['height']) ? $data['width'] : $image_data[0];
|
---|
2007 | $height = ($data['width'] && $data['height']) ? $data['height'] : $image_data[1];
|
---|
2008 |
|
---|
2009 | if ($width < 2 || $height < 2)
|
---|
2010 | {
|
---|
2011 | $error[] = $user->lang['AVATAR_NO_SIZE'];
|
---|
2012 | return false;
|
---|
2013 | }
|
---|
2014 |
|
---|
2015 | // Check image type
|
---|
2016 | include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);
|
---|
2017 | $types = fileupload::image_types();
|
---|
2018 | $extension = strtolower(filespec::get_extension($data['remotelink']));
|
---|
2019 |
|
---|
2020 | if (!empty($image_data) && (!isset($types[$image_data[2]]) || !in_array($extension, $types[$image_data[2]])))
|
---|
2021 | {
|
---|
2022 | if (!isset($types[$image_data[2]]))
|
---|
2023 | {
|
---|
2024 | $error[] = $user->lang['UNABLE_GET_IMAGE_SIZE'];
|
---|
2025 | }
|
---|
2026 | else
|
---|
2027 | {
|
---|
2028 | $error[] = sprintf($user->lang['IMAGE_FILETYPE_MISMATCH'], $types[$image_data[2]][0], $extension);
|
---|
2029 | }
|
---|
2030 | return false;
|
---|
2031 | }
|
---|
2032 |
|
---|
2033 | if ($config['avatar_max_width'] || $config['avatar_max_height'])
|
---|
2034 | {
|
---|
2035 | if ($width > $config['avatar_max_width'] || $height > $config['avatar_max_height'])
|
---|
2036 | {
|
---|
2037 | $error[] = sprintf($user->lang['AVATAR_WRONG_SIZE'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], $width, $height);
|
---|
2038 | return false;
|
---|
2039 | }
|
---|
2040 | }
|
---|
2041 |
|
---|
2042 | if ($config['avatar_min_width'] || $config['avatar_min_height'])
|
---|
2043 | {
|
---|
2044 | if ($width < $config['avatar_min_width'] || $height < $config['avatar_min_height'])
|
---|
2045 | {
|
---|
2046 | $error[] = sprintf($user->lang['AVATAR_WRONG_SIZE'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], $width, $height);
|
---|
2047 | return false;
|
---|
2048 | }
|
---|
2049 | }
|
---|
2050 |
|
---|
2051 | return array(AVATAR_REMOTE, $data['remotelink'], $width, $height);
|
---|
2052 | }
|
---|
2053 |
|
---|
2054 | /**
|
---|
2055 | * Avatar upload using the upload class
|
---|
2056 | */
|
---|
2057 | function avatar_upload($data, &$error)
|
---|
2058 | {
|
---|
2059 | global $phpbb_root_path, $config, $db, $user, $phpEx;
|
---|
2060 |
|
---|
2061 | // Init upload class
|
---|
2062 | include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);
|
---|
2063 | $upload = new fileupload('AVATAR_', array('jpg', 'jpeg', 'gif', 'png'), $config['avatar_filesize'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], explode('|', $config['mime_triggers']));
|
---|
2064 |
|
---|
2065 | if (!empty($_FILES['uploadfile']['name']))
|
---|
2066 | {
|
---|
2067 | $file = $upload->form_upload('uploadfile');
|
---|
2068 | }
|
---|
2069 | else
|
---|
2070 | {
|
---|
2071 | $file = $upload->remote_upload($data['uploadurl']);
|
---|
2072 | }
|
---|
2073 |
|
---|
2074 | $prefix = $config['avatar_salt'] . '_';
|
---|
2075 | $file->clean_filename('avatar', $prefix, $data['user_id']);
|
---|
2076 |
|
---|
2077 | $destination = $config['avatar_path'];
|
---|
2078 |
|
---|
2079 | // Adjust destination path (no trailing slash)
|
---|
2080 | if (substr($destination, -1, 1) == '/' || substr($destination, -1, 1) == '\\')
|
---|
2081 | {
|
---|
2082 | $destination = substr($destination, 0, -1);
|
---|
2083 | }
|
---|
2084 |
|
---|
2085 | $destination = str_replace(array('../', '..\\', './', '.\\'), '', $destination);
|
---|
2086 | if ($destination && ($destination[0] == '/' || $destination[0] == "\\"))
|
---|
2087 | {
|
---|
2088 | $destination = '';
|
---|
2089 | }
|
---|
2090 |
|
---|
2091 | // Move file and overwrite any existing image
|
---|
2092 | $file->move_file($destination, true);
|
---|
2093 |
|
---|
2094 | if (sizeof($file->error))
|
---|
2095 | {
|
---|
2096 | $file->remove();
|
---|
2097 | $error = array_merge($error, $file->error);
|
---|
2098 | }
|
---|
2099 |
|
---|
2100 | return array(AVATAR_UPLOAD, $data['user_id'] . '_' . time() . '.' . $file->get('extension'), $file->get('width'), $file->get('height'));
|
---|
2101 | }
|
---|
2102 |
|
---|
2103 | /**
|
---|
2104 | * Generates avatar filename from the database entry
|
---|
2105 | */
|
---|
2106 | function get_avatar_filename($avatar_entry)
|
---|
2107 | {
|
---|
2108 | global $config;
|
---|
2109 |
|
---|
2110 |
|
---|
2111 | if ($avatar_entry[0] === 'g')
|
---|
2112 | {
|
---|
2113 | $avatar_group = true;
|
---|
2114 | $avatar_entry = substr($avatar_entry, 1);
|
---|
2115 | }
|
---|
2116 | else
|
---|
2117 | {
|
---|
2118 | $avatar_group = false;
|
---|
2119 | }
|
---|
2120 | $ext = substr(strrchr($avatar_entry, '.'), 1);
|
---|
2121 | $avatar_entry = intval($avatar_entry);
|
---|
2122 | return $config['avatar_salt'] . '_' . (($avatar_group) ? 'g' : '') . $avatar_entry . '.' . $ext;
|
---|
2123 | }
|
---|
2124 |
|
---|
2125 | /**
|
---|
2126 | * Avatar Gallery
|
---|
2127 | */
|
---|
2128 | function avatar_gallery($category, $avatar_select, $items_per_column, $block_var = 'avatar_row')
|
---|
2129 | {
|
---|
2130 | global $user, $cache, $template;
|
---|
2131 | global $config, $phpbb_root_path;
|
---|
2132 |
|
---|
2133 | $avatar_list = array();
|
---|
2134 |
|
---|
2135 | $path = $phpbb_root_path . $config['avatar_gallery_path'];
|
---|
2136 |
|
---|
2137 | if (!file_exists($path) || !is_dir($path))
|
---|
2138 | {
|
---|
2139 | $avatar_list = array($user->lang['NO_AVATAR_CATEGORY'] => array());
|
---|
2140 | }
|
---|
2141 | else
|
---|
2142 | {
|
---|
2143 | // Collect images
|
---|
2144 | $dp = @opendir($path);
|
---|
2145 |
|
---|
2146 | if (!$dp)
|
---|
2147 | {
|
---|
2148 | return array($user->lang['NO_AVATAR_CATEGORY'] => array());
|
---|
2149 | }
|
---|
2150 |
|
---|
2151 | while (($file = readdir($dp)) !== false)
|
---|
2152 | {
|
---|
2153 | if ($file[0] != '.' && preg_match('#^[^&"\'<>]+$#i', $file) && is_dir("$path/$file"))
|
---|
2154 | {
|
---|
2155 | $avatar_row_count = $avatar_col_count = 0;
|
---|
2156 |
|
---|
2157 | if ($dp2 = @opendir("$path/$file"))
|
---|
2158 | {
|
---|
2159 | while (($sub_file = readdir($dp2)) !== false)
|
---|
2160 | {
|
---|
2161 | if (preg_match('#^[^&\'"<>]+\.(?:gif|png|jpe?g)$#i', $sub_file))
|
---|
2162 | {
|
---|
2163 | $avatar_list[$file][$avatar_row_count][$avatar_col_count] = array(
|
---|
2164 | 'file' => rawurlencode($file) . '/' . rawurlencode($sub_file),
|
---|
2165 | 'filename' => rawurlencode($sub_file),
|
---|
2166 | 'name' => ucfirst(str_replace('_', ' ', preg_replace('#^(.*)\..*$#', '\1', $sub_file))),
|
---|
2167 | );
|
---|
2168 | $avatar_col_count++;
|
---|
2169 | if ($avatar_col_count == $items_per_column)
|
---|
2170 | {
|
---|
2171 | $avatar_row_count++;
|
---|
2172 | $avatar_col_count = 0;
|
---|
2173 | }
|
---|
2174 | }
|
---|
2175 | }
|
---|
2176 | closedir($dp2);
|
---|
2177 | }
|
---|
2178 | }
|
---|
2179 | }
|
---|
2180 | closedir($dp);
|
---|
2181 | }
|
---|
2182 |
|
---|
2183 | if (!sizeof($avatar_list))
|
---|
2184 | {
|
---|
2185 | $avatar_list = array($user->lang['NO_AVATAR_CATEGORY'] => array());
|
---|
2186 | }
|
---|
2187 |
|
---|
2188 | @ksort($avatar_list);
|
---|
2189 |
|
---|
2190 | $category = (!$category) ? key($avatar_list) : $category;
|
---|
2191 | $avatar_categories = array_keys($avatar_list);
|
---|
2192 |
|
---|
2193 | $s_category_options = '';
|
---|
2194 | foreach ($avatar_categories as $cat)
|
---|
2195 | {
|
---|
2196 | $s_category_options .= '<option value="' . $cat . '"' . (($cat == $category) ? ' selected="selected"' : '') . '>' . $cat . '</option>';
|
---|
2197 | }
|
---|
2198 |
|
---|
2199 | $template->assign_vars(array(
|
---|
2200 | 'S_AVATARS_ENABLED' => true,
|
---|
2201 | 'S_IN_AVATAR_GALLERY' => true,
|
---|
2202 | 'S_CAT_OPTIONS' => $s_category_options)
|
---|
2203 | );
|
---|
2204 |
|
---|
2205 | $avatar_list = (isset($avatar_list[$category])) ? $avatar_list[$category] : array();
|
---|
2206 |
|
---|
2207 | foreach ($avatar_list as $avatar_row_ary)
|
---|
2208 | {
|
---|
2209 | $template->assign_block_vars($block_var, array());
|
---|
2210 |
|
---|
2211 | foreach ($avatar_row_ary as $avatar_col_ary)
|
---|
2212 | {
|
---|
2213 | $template->assign_block_vars($block_var . '.avatar_column', array(
|
---|
2214 | 'AVATAR_IMAGE' => $phpbb_root_path . $config['avatar_gallery_path'] . '/' . $avatar_col_ary['file'],
|
---|
2215 | 'AVATAR_NAME' => $avatar_col_ary['name'],
|
---|
2216 | 'AVATAR_FILE' => $avatar_col_ary['filename'])
|
---|
2217 | );
|
---|
2218 |
|
---|
2219 | $template->assign_block_vars($block_var . '.avatar_option_column', array(
|
---|
2220 | 'AVATAR_IMAGE' => $phpbb_root_path . $config['avatar_gallery_path'] . '/' . $avatar_col_ary['file'],
|
---|
2221 | 'S_OPTIONS_AVATAR' => $avatar_col_ary['filename'])
|
---|
2222 | );
|
---|
2223 | }
|
---|
2224 | }
|
---|
2225 |
|
---|
2226 | return $avatar_list;
|
---|
2227 | }
|
---|
2228 |
|
---|
2229 |
|
---|
2230 | /**
|
---|
2231 | * Tries to (re-)establish avatar dimensions
|
---|
2232 | */
|
---|
2233 | function avatar_get_dimensions($avatar, $avatar_type, &$error, $current_x = 0, $current_y = 0)
|
---|
2234 | {
|
---|
2235 | global $config, $phpbb_root_path, $user;
|
---|
2236 |
|
---|
2237 | switch ($avatar_type)
|
---|
2238 | {
|
---|
2239 | case AVATAR_REMOTE :
|
---|
2240 | break;
|
---|
2241 |
|
---|
2242 | case AVATAR_UPLOAD :
|
---|
2243 | $avatar = $phpbb_root_path . $config['avatar_path'] . '/' . get_avatar_filename($avatar);
|
---|
2244 | break;
|
---|
2245 |
|
---|
2246 | case AVATAR_GALLERY :
|
---|
2247 | $avatar = $phpbb_root_path . $config['avatar_gallery_path'] . '/' . $avatar ;
|
---|
2248 | break;
|
---|
2249 | }
|
---|
2250 |
|
---|
2251 | // Make sure getimagesize works...
|
---|
2252 | if (($image_data = @getimagesize($avatar)) === false)
|
---|
2253 | {
|
---|
2254 | $error[] = $user->lang['UNABLE_GET_IMAGE_SIZE'];
|
---|
2255 | return false;
|
---|
2256 | }
|
---|
2257 |
|
---|
2258 | if ($image_data[0] < 2 || $image_data[1] < 2)
|
---|
2259 | {
|
---|
2260 | $error[] = $user->lang['AVATAR_NO_SIZE'];
|
---|
2261 | return false;
|
---|
2262 | }
|
---|
2263 |
|
---|
2264 | // try to maintain ratio
|
---|
2265 | if (!(empty($current_x) && empty($current_y)))
|
---|
2266 | {
|
---|
2267 | if ($current_x != 0)
|
---|
2268 | {
|
---|
2269 | $image_data[1] = (int) floor(($current_x / $image_data[0]) * $image_data[1]);
|
---|
2270 | $image_data[1] = min($config['avatar_max_height'], $image_data[1]);
|
---|
2271 | $image_data[1] = max($config['avatar_min_height'], $image_data[1]);
|
---|
2272 | }
|
---|
2273 | if ($current_y != 0)
|
---|
2274 | {
|
---|
2275 | $image_data[0] = (int) floor(($current_y / $image_data[1]) * $image_data[0]);
|
---|
2276 | $image_data[0] = min($config['avatar_max_width'], $image_data[1]);
|
---|
2277 | $image_data[0] = max($config['avatar_min_width'], $image_data[1]);
|
---|
2278 | }
|
---|
2279 | }
|
---|
2280 | return array($image_data[0], $image_data[1]);
|
---|
2281 | }
|
---|
2282 |
|
---|
2283 | /**
|
---|
2284 | * Uploading/Changing user avatar
|
---|
2285 | */
|
---|
2286 | function avatar_process_user(&$error, $custom_userdata = false)
|
---|
2287 | {
|
---|
2288 | global $config, $phpbb_root_path, $auth, $user, $db;
|
---|
2289 |
|
---|
2290 | $data = array(
|
---|
2291 | 'uploadurl' => request_var('uploadurl', ''),
|
---|
2292 | 'remotelink' => request_var('remotelink', ''),
|
---|
2293 | 'width' => request_var('width', 0),
|
---|
2294 | 'height' => request_var('height', 0),
|
---|
2295 | );
|
---|
2296 |
|
---|
2297 | $error = validate_data($data, array(
|
---|
2298 | 'uploadurl' => array('string', true, 5, 255),
|
---|
2299 | 'remotelink' => array('string', true, 5, 255),
|
---|
2300 | 'width' => array('string', true, 1, 3),
|
---|
2301 | 'height' => array('string', true, 1, 3),
|
---|
2302 | ));
|
---|
2303 |
|
---|
2304 | if (sizeof($error))
|
---|
2305 | {
|
---|
2306 | return false;
|
---|
2307 | }
|
---|
2308 |
|
---|
2309 | $sql_ary = array();
|
---|
2310 |
|
---|
2311 | if ($custom_userdata === false)
|
---|
2312 | {
|
---|
2313 | $userdata = &$user->data;
|
---|
2314 | }
|
---|
2315 | else
|
---|
2316 | {
|
---|
2317 | $userdata = &$custom_userdata;
|
---|
2318 | }
|
---|
2319 |
|
---|
2320 | $data['user_id'] = $userdata['user_id'];
|
---|
2321 | $change_avatar = ($custom_userdata === false) ? $auth->acl_get('u_chgavatar') : true;
|
---|
2322 | $avatar_select = basename(request_var('avatar_select', ''));
|
---|
2323 |
|
---|
2324 | // Can we upload?
|
---|
2325 | $can_upload = ($config['allow_avatar_upload'] && file_exists($phpbb_root_path . $config['avatar_path']) && @is_writable($phpbb_root_path . $config['avatar_path']) && $change_avatar && (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on')) ? true : false;
|
---|
2326 |
|
---|
2327 | if ((!empty($_FILES['uploadfile']['name']) || $data['uploadurl']) && $can_upload)
|
---|
2328 | {
|
---|
2329 | list($sql_ary['user_avatar_type'], $sql_ary['user_avatar'], $sql_ary['user_avatar_width'], $sql_ary['user_avatar_height']) = avatar_upload($data, $error);
|
---|
2330 | }
|
---|
2331 | else if ($data['remotelink'] && $change_avatar && $config['allow_avatar_remote'])
|
---|
2332 | {
|
---|
2333 | list($sql_ary['user_avatar_type'], $sql_ary['user_avatar'], $sql_ary['user_avatar_width'], $sql_ary['user_avatar_height']) = avatar_remote($data, $error);
|
---|
2334 | }
|
---|
2335 | else if ($avatar_select && $change_avatar && $config['allow_avatar_local'])
|
---|
2336 | {
|
---|
2337 | $category = basename(request_var('category', ''));
|
---|
2338 |
|
---|
2339 | $sql_ary['user_avatar_type'] = AVATAR_GALLERY;
|
---|
2340 | $sql_ary['user_avatar'] = $avatar_select;
|
---|
2341 |
|
---|
2342 | // check avatar gallery
|
---|
2343 | if (!is_dir($phpbb_root_path . $config['avatar_gallery_path'] . '/' . $category))
|
---|
2344 | {
|
---|
2345 | $sql_ary['user_avatar'] = '';
|
---|
2346 | $sql_ary['user_avatar_type'] = $sql_ary['user_avatar_width'] = $sql_ary['user_avatar_height'] = 0;
|
---|
2347 | }
|
---|
2348 | else
|
---|
2349 | {
|
---|
2350 | list($sql_ary['user_avatar_width'], $sql_ary['user_avatar_height']) = getimagesize($phpbb_root_path . $config['avatar_gallery_path'] . '/' . $category . '/' . $sql_ary['user_avatar']);
|
---|
2351 | $sql_ary['user_avatar'] = $category . '/' . $sql_ary['user_avatar'];
|
---|
2352 | }
|
---|
2353 | }
|
---|
2354 | else if (isset($_POST['delete']) && $change_avatar)
|
---|
2355 | {
|
---|
2356 | $sql_ary['user_avatar'] = '';
|
---|
2357 | $sql_ary['user_avatar_type'] = $sql_ary['user_avatar_width'] = $sql_ary['user_avatar_height'] = 0;
|
---|
2358 | }
|
---|
2359 | else if (!empty($userdata['user_avatar']))
|
---|
2360 | {
|
---|
2361 | // Only update the dimensions
|
---|
2362 |
|
---|
2363 | if (empty($data['width']) || empty($data['height']))
|
---|
2364 | {
|
---|
2365 | if ($dims = avatar_get_dimensions($userdata['user_avatar'], $userdata['user_avatar_type'], $error, $data['width'], $data['height']))
|
---|
2366 | {
|
---|
2367 | list($guessed_x, $guessed_y) = $dims;
|
---|
2368 | if (empty($data['width']))
|
---|
2369 | {
|
---|
2370 | $data['width'] = $guessed_x;
|
---|
2371 | }
|
---|
2372 | if (empty($data['height']))
|
---|
2373 | {
|
---|
2374 | $data['height'] = $guessed_y;
|
---|
2375 | }
|
---|
2376 | }
|
---|
2377 | }
|
---|
2378 | if (($config['avatar_max_width'] || $config['avatar_max_height']) &&
|
---|
2379 | (($data['width'] != $userdata['user_avatar_width']) || $data['height'] != $userdata['user_avatar_height']))
|
---|
2380 | {
|
---|
2381 | if ($data['width'] > $config['avatar_max_width'] || $data['height'] > $config['avatar_max_height'])
|
---|
2382 | {
|
---|
2383 | $error[] = sprintf($user->lang['AVATAR_WRONG_SIZE'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], $data['width'], $data['height']);
|
---|
2384 | }
|
---|
2385 | }
|
---|
2386 |
|
---|
2387 | if (!sizeof($error))
|
---|
2388 | {
|
---|
2389 | if ($config['avatar_min_width'] || $config['avatar_min_height'])
|
---|
2390 | {
|
---|
2391 | if ($data['width'] < $config['avatar_min_width'] || $data['height'] < $config['avatar_min_height'])
|
---|
2392 | {
|
---|
2393 | $error[] = sprintf($user->lang['AVATAR_WRONG_SIZE'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], $data['width'], $data['height']);
|
---|
2394 | }
|
---|
2395 | }
|
---|
2396 | }
|
---|
2397 |
|
---|
2398 | if (!sizeof($error))
|
---|
2399 | {
|
---|
2400 | $sql_ary['user_avatar_width'] = $data['width'];
|
---|
2401 | $sql_ary['user_avatar_height'] = $data['height'];
|
---|
2402 | }
|
---|
2403 | }
|
---|
2404 |
|
---|
2405 | if (!sizeof($error))
|
---|
2406 | {
|
---|
2407 | // Do we actually have any data to update?
|
---|
2408 | if (sizeof($sql_ary))
|
---|
2409 | {
|
---|
2410 | $ext_new = $ext_old = '';
|
---|
2411 | if (isset($sql_ary['user_avatar']))
|
---|
2412 | {
|
---|
2413 | $userdata = ($custom_userdata === false) ? $user->data : $custom_userdata;
|
---|
2414 | $ext_new = (empty($sql_ary['user_avatar'])) ? '' : substr(strrchr($sql_ary['user_avatar'], '.'), 1);
|
---|
2415 | $ext_old = (empty($userdata['user_avatar'])) ? '' : substr(strrchr($userdata['user_avatar'], '.'), 1);
|
---|
2416 |
|
---|
2417 | if ($userdata['user_avatar_type'] == AVATAR_UPLOAD)
|
---|
2418 | {
|
---|
2419 | // Delete old avatar if present
|
---|
2420 | if ((!empty($userdata['user_avatar']) && empty($sql_ary['user_avatar']))
|
---|
2421 | || ( !empty($userdata['user_avatar']) && !empty($sql_ary['user_avatar']) && $ext_new !== $ext_old))
|
---|
2422 | {
|
---|
2423 | avatar_delete('user', $userdata);
|
---|
2424 | }
|
---|
2425 | }
|
---|
2426 | }
|
---|
2427 |
|
---|
2428 | $sql = 'UPDATE ' . USERS_TABLE . '
|
---|
2429 | SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
|
---|
2430 | WHERE user_id = ' . (($custom_userdata === false) ? $user->data['user_id'] : $custom_userdata['user_id']);
|
---|
2431 | $db->sql_query($sql);
|
---|
2432 |
|
---|
2433 | }
|
---|
2434 | }
|
---|
2435 |
|
---|
2436 | return (sizeof($error)) ? false : true;
|
---|
2437 | }
|
---|
2438 |
|
---|
2439 | //
|
---|
2440 | // Usergroup functions
|
---|
2441 | //
|
---|
2442 |
|
---|
2443 | /**
|
---|
2444 | * Add or edit a group. If we're editing a group we only update user
|
---|
2445 | * parameters such as rank, etc. if they are changed
|
---|
2446 | */
|
---|
2447 | function group_create(&$group_id, $type, $name, $desc, $group_attributes, $allow_desc_bbcode = false, $allow_desc_urls = false, $allow_desc_smilies = false)
|
---|
2448 | {
|
---|
2449 | global $phpbb_root_path, $config, $db, $user, $file_upload;
|
---|
2450 |
|
---|
2451 | $error = array();
|
---|
2452 |
|
---|
2453 | // Attributes which also affect the users table
|
---|
2454 | $user_attribute_ary = array('group_colour', 'group_rank', 'group_avatar', 'group_avatar_type', 'group_avatar_width', 'group_avatar_height');
|
---|
2455 |
|
---|
2456 | // Check data. Limit group name length.
|
---|
2457 | if (!utf8_strlen($name) || utf8_strlen($name) > 60)
|
---|
2458 | {
|
---|
2459 | $error[] = (!utf8_strlen($name)) ? $user->lang['GROUP_ERR_USERNAME'] : $user->lang['GROUP_ERR_USER_LONG'];
|
---|
2460 | }
|
---|
2461 |
|
---|
2462 | $err = group_validate_groupname($group_id, $name);
|
---|
2463 | if (!empty($err))
|
---|
2464 | {
|
---|
2465 | $error[] = $user->lang[$err];
|
---|
2466 | }
|
---|
2467 |
|
---|
2468 | if (!in_array($type, array(GROUP_OPEN, GROUP_CLOSED, GROUP_HIDDEN, GROUP_SPECIAL, GROUP_FREE)))
|
---|
2469 | {
|
---|
2470 | $error[] = $user->lang['GROUP_ERR_TYPE'];
|
---|
2471 | }
|
---|
2472 |
|
---|
2473 | if (!sizeof($error))
|
---|
2474 | {
|
---|
2475 | $user_ary = array();
|
---|
2476 | $sql_ary = array(
|
---|
2477 | 'group_name' => (string) $name,
|
---|
2478 | 'group_desc' => (string) $desc,
|
---|
2479 | 'group_desc_uid' => '',
|
---|
2480 | 'group_desc_bitfield' => '',
|
---|
2481 | 'group_type' => (int) $type,
|
---|
2482 | );
|
---|
2483 |
|
---|
2484 | // Parse description
|
---|
2485 | if ($desc)
|
---|
2486 | {
|
---|
2487 | generate_text_for_storage($sql_ary['group_desc'], $sql_ary['group_desc_uid'], $sql_ary['group_desc_bitfield'], $sql_ary['group_desc_options'], $allow_desc_bbcode, $allow_desc_urls, $allow_desc_smilies);
|
---|
2488 | }
|
---|
2489 |
|
---|
2490 | if (sizeof($group_attributes))
|
---|
2491 | {
|
---|
2492 | // Merge them with $sql_ary to properly update the group
|
---|
2493 | $sql_ary = array_merge($sql_ary, $group_attributes);
|
---|
2494 | }
|
---|
2495 |
|
---|
2496 | // Setting the log message before we set the group id (if group gets added)
|
---|
2497 | $log = ($group_id) ? 'LOG_GROUP_UPDATED' : 'LOG_GROUP_CREATED';
|
---|
2498 |
|
---|
2499 | $query = '';
|
---|
2500 |
|
---|
2501 | if ($group_id)
|
---|
2502 | {
|
---|
2503 | $sql = 'SELECT user_id
|
---|
2504 | FROM ' . USERS_TABLE . '
|
---|
2505 | WHERE group_id = ' . $group_id;
|
---|
2506 | $result = $db->sql_query($sql);
|
---|
2507 |
|
---|
2508 | while ($row = $db->sql_fetchrow($result))
|
---|
2509 | {
|
---|
2510 | $user_ary[] = $row['user_id'];
|
---|
2511 | }
|
---|
2512 | $db->sql_freeresult($result);
|
---|
2513 |
|
---|
2514 | if (isset($sql_ary['group_avatar']) && !$sql_ary['group_avatar'])
|
---|
2515 | {
|
---|
2516 | remove_default_avatar($group_id, $user_ary);
|
---|
2517 | }
|
---|
2518 |
|
---|
2519 | if (isset($sql_ary['group_rank']) && !$sql_ary['group_rank'])
|
---|
2520 | {
|
---|
2521 | remove_default_rank($group_id, $user_ary);
|
---|
2522 | }
|
---|
2523 |
|
---|
2524 | $sql = 'UPDATE ' . GROUPS_TABLE . '
|
---|
2525 | SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
|
---|
2526 | WHERE group_id = $group_id";
|
---|
2527 | $db->sql_query($sql);
|
---|
2528 |
|
---|
2529 | // Since we may update the name too, we need to do this on other tables too...
|
---|
2530 | $sql = 'UPDATE ' . MODERATOR_CACHE_TABLE . "
|
---|
2531 | SET group_name = '" . $db->sql_escape($sql_ary['group_name']) . "'
|
---|
2532 | WHERE group_id = $group_id";
|
---|
2533 | $db->sql_query($sql);
|
---|
2534 |
|
---|
2535 | // One special case is the group skip auth setting. If this was changed we need to purge permissions for this group
|
---|
2536 | if (isset($group_attributes['group_skip_auth']))
|
---|
2537 | {
|
---|
2538 | // Get users within this group...
|
---|
2539 | $sql = 'SELECT user_id
|
---|
2540 | FROM ' . USER_GROUP_TABLE . '
|
---|
2541 | WHERE group_id = ' . $group_id . '
|
---|
2542 | AND user_pending = 0';
|
---|
2543 | $result = $db->sql_query($sql);
|
---|
2544 |
|
---|
2545 | $user_id_ary = array();
|
---|
2546 | while ($row = $db->sql_fetchrow($result))
|
---|
2547 | {
|
---|
2548 | $user_id_ary[] = $row['user_id'];
|
---|
2549 | }
|
---|
2550 | $db->sql_freeresult($result);
|
---|
2551 |
|
---|
2552 | if (!empty($user_id_ary))
|
---|
2553 | {
|
---|
2554 | global $auth;
|
---|
2555 |
|
---|
2556 | // Clear permissions cache of relevant users
|
---|
2557 | $auth->acl_clear_prefetch($user_id_ary);
|
---|
2558 | }
|
---|
2559 | }
|
---|
2560 | }
|
---|
2561 | else
|
---|
2562 | {
|
---|
2563 | $sql = 'INSERT INTO ' . GROUPS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
|
---|
2564 | $db->sql_query($sql);
|
---|
2565 | }
|
---|
2566 |
|
---|
2567 | if (!$group_id)
|
---|
2568 | {
|
---|
2569 | $group_id = $db->sql_nextid();
|
---|
2570 |
|
---|
2571 | if (isset($sql_ary['group_avatar_type']) && $sql_ary['group_avatar_type'] == AVATAR_UPLOAD)
|
---|
2572 | {
|
---|
2573 | group_correct_avatar($group_id, $sql_ary['group_avatar']);
|
---|
2574 | }
|
---|
2575 | }
|
---|
2576 |
|
---|
2577 | // Set user attributes
|
---|
2578 | $sql_ary = array();
|
---|
2579 | if (sizeof($group_attributes))
|
---|
2580 | {
|
---|
2581 | // Go through the user attributes array, check if a group attribute matches it and then set it. ;)
|
---|
2582 | foreach ($user_attribute_ary as $attribute)
|
---|
2583 | {
|
---|
2584 | if (!isset($group_attributes[$attribute]))
|
---|
2585 | {
|
---|
2586 | continue;
|
---|
2587 | }
|
---|
2588 |
|
---|
2589 | // If we are about to set an avatar, we will not overwrite user avatars if no group avatar is set...
|
---|
2590 | if (strpos($attribute, 'group_avatar') === 0 && !$group_attributes[$attribute])
|
---|
2591 | {
|
---|
2592 | continue;
|
---|
2593 | }
|
---|
2594 |
|
---|
2595 | $sql_ary[$attribute] = $group_attributes[$attribute];
|
---|
2596 | }
|
---|
2597 | }
|
---|
2598 |
|
---|
2599 | if (sizeof($sql_ary) && sizeof($user_ary))
|
---|
2600 | {
|
---|
2601 | group_set_user_default($group_id, $user_ary, $sql_ary);
|
---|
2602 | }
|
---|
2603 |
|
---|
2604 | $name = ($type == GROUP_SPECIAL) ? $user->lang['G_' . $name] : $name;
|
---|
2605 | add_log('admin', $log, $name);
|
---|
2606 |
|
---|
2607 | group_update_listings($group_id);
|
---|
2608 | }
|
---|
2609 |
|
---|
2610 | return (sizeof($error)) ? $error : false;
|
---|
2611 | }
|
---|
2612 |
|
---|
2613 |
|
---|
2614 | /**
|
---|
2615 | * Changes a group avatar's filename to conform to the naming scheme
|
---|
2616 | */
|
---|
2617 | function group_correct_avatar($group_id, $old_entry)
|
---|
2618 | {
|
---|
2619 | global $config, $db, $phpbb_root_path;
|
---|
2620 |
|
---|
2621 | $group_id = (int)$group_id;
|
---|
2622 | $ext = substr(strrchr($old_entry, '.'), 1);
|
---|
2623 | $old_filename = get_avatar_filename($old_entry);
|
---|
2624 | $new_filename = $config['avatar_salt'] . "_g$group_id.$ext";
|
---|
2625 | $new_entry = 'g' . $group_id . '_' . substr(time(), -5) . ".$ext";
|
---|
2626 |
|
---|
2627 | $avatar_path = $phpbb_root_path . $config['avatar_path'];
|
---|
2628 | if (@rename($avatar_path . '/'. $old_filename, $avatar_path . '/' . $new_filename))
|
---|
2629 | {
|
---|
2630 | $sql = 'UPDATE ' . GROUPS_TABLE . '
|
---|
2631 | SET group_avatar = \'' . $db->sql_escape($new_entry) . "'
|
---|
2632 | WHERE group_id = $group_id";
|
---|
2633 | $db->sql_query($sql);
|
---|
2634 | }
|
---|
2635 | }
|
---|
2636 |
|
---|
2637 |
|
---|
2638 | /**
|
---|
2639 | * Remove avatar also for users not having the group as default
|
---|
2640 | */
|
---|
2641 | function avatar_remove_db($avatar_name)
|
---|
2642 | {
|
---|
2643 | global $config, $db;
|
---|
2644 |
|
---|
2645 | $sql = 'UPDATE ' . USERS_TABLE . "
|
---|
2646 | SET user_avatar = '',
|
---|
2647 | user_avatar_type = 0
|
---|
2648 | WHERE user_avatar = '" . $db->sql_escape($avatar_name) . '\'';
|
---|
2649 | $db->sql_query($sql);
|
---|
2650 | }
|
---|
2651 |
|
---|
2652 |
|
---|
2653 | /**
|
---|
2654 | * Group Delete
|
---|
2655 | */
|
---|
2656 | function group_delete($group_id, $group_name = false)
|
---|
2657 | {
|
---|
2658 | global $db, $phpbb_root_path, $phpEx;
|
---|
2659 |
|
---|
2660 | if (!$group_name)
|
---|
2661 | {
|
---|
2662 | $group_name = get_group_name($group_id);
|
---|
2663 | }
|
---|
2664 |
|
---|
2665 | $start = 0;
|
---|
2666 |
|
---|
2667 | do
|
---|
2668 | {
|
---|
2669 | $user_id_ary = $username_ary = array();
|
---|
2670 |
|
---|
2671 | // Batch query for group members, call group_user_del
|
---|
2672 | $sql = 'SELECT u.user_id, u.username
|
---|
2673 | FROM ' . USER_GROUP_TABLE . ' ug, ' . USERS_TABLE . " u
|
---|
2674 | WHERE ug.group_id = $group_id
|
---|
2675 | AND u.user_id = ug.user_id";
|
---|
2676 | $result = $db->sql_query_limit($sql, 200, $start);
|
---|
2677 |
|
---|
2678 | if ($row = $db->sql_fetchrow($result))
|
---|
2679 | {
|
---|
2680 | do
|
---|
2681 | {
|
---|
2682 | $user_id_ary[] = $row['user_id'];
|
---|
2683 | $username_ary[] = $row['username'];
|
---|
2684 |
|
---|
2685 | $start++;
|
---|
2686 | }
|
---|
2687 | while ($row = $db->sql_fetchrow($result));
|
---|
2688 |
|
---|
2689 | group_user_del($group_id, $user_id_ary, $username_ary, $group_name);
|
---|
2690 | }
|
---|
2691 | else
|
---|
2692 | {
|
---|
2693 | $start = 0;
|
---|
2694 | }
|
---|
2695 | $db->sql_freeresult($result);
|
---|
2696 | }
|
---|
2697 | while ($start);
|
---|
2698 |
|
---|
2699 | // Delete group
|
---|
2700 | $sql = 'DELETE FROM ' . GROUPS_TABLE . "
|
---|
2701 | WHERE group_id = $group_id";
|
---|
2702 | $db->sql_query($sql);
|
---|
2703 |
|
---|
2704 | // Delete auth entries from the groups table
|
---|
2705 | $sql = 'DELETE FROM ' . ACL_GROUPS_TABLE . "
|
---|
2706 | WHERE group_id = $group_id";
|
---|
2707 | $db->sql_query($sql);
|
---|
2708 |
|
---|
2709 | // Re-cache moderators
|
---|
2710 | if (!function_exists('cache_moderators'))
|
---|
2711 | {
|
---|
2712 | include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
|
---|
2713 | }
|
---|
2714 |
|
---|
2715 | cache_moderators();
|
---|
2716 |
|
---|
2717 | add_log('admin', 'LOG_GROUP_DELETE', $group_name);
|
---|
2718 |
|
---|
2719 | // Return false - no error
|
---|
2720 | return false;
|
---|
2721 | }
|
---|
2722 |
|
---|
2723 | /**
|
---|
2724 | * Add user(s) to group
|
---|
2725 | *
|
---|
2726 | * @return mixed false if no errors occurred, else the user lang string for the relevant error, for example 'NO_USER'
|
---|
2727 | */
|
---|
2728 | function group_user_add($group_id, $user_id_ary = false, $username_ary = false, $group_name = false, $default = false, $leader = 0, $pending = 0, $group_attributes = false)
|
---|
2729 | {
|
---|
2730 | global $db, $auth;
|
---|
2731 |
|
---|
2732 | // We need both username and user_id info
|
---|
2733 | $result = user_get_id_name($user_id_ary, $username_ary);
|
---|
2734 |
|
---|
2735 | if (!sizeof($user_id_ary) || $result !== false)
|
---|
2736 | {
|
---|
2737 | return 'NO_USER';
|
---|
2738 | }
|
---|
2739 |
|
---|
2740 | // Remove users who are already members of this group
|
---|
2741 | $sql = 'SELECT user_id, group_leader
|
---|
2742 | FROM ' . USER_GROUP_TABLE . '
|
---|
2743 | WHERE ' . $db->sql_in_set('user_id', $user_id_ary) . "
|
---|
2744 | AND group_id = $group_id";
|
---|
2745 | $result = $db->sql_query($sql);
|
---|
2746 |
|
---|
2747 | $add_id_ary = $update_id_ary = array();
|
---|
2748 | while ($row = $db->sql_fetchrow($result))
|
---|
2749 | {
|
---|
2750 | $add_id_ary[] = (int) $row['user_id'];
|
---|
2751 |
|
---|
2752 | if ($leader && !$row['group_leader'])
|
---|
2753 | {
|
---|
2754 | $update_id_ary[] = (int) $row['user_id'];
|
---|
2755 | }
|
---|
2756 | }
|
---|
2757 | $db->sql_freeresult($result);
|
---|
2758 |
|
---|
2759 | // Do all the users exist in this group?
|
---|
2760 | $add_id_ary = array_diff($user_id_ary, $add_id_ary);
|
---|
2761 |
|
---|
2762 | // If we have no users
|
---|
2763 | if (!sizeof($add_id_ary) && !sizeof($update_id_ary))
|
---|
2764 | {
|
---|
2765 | return 'GROUP_USERS_EXIST';
|
---|
2766 | }
|
---|
2767 |
|
---|
2768 | $db->sql_transaction('begin');
|
---|
2769 |
|
---|
2770 | // Insert the new users
|
---|
2771 | if (sizeof($add_id_ary))
|
---|
2772 | {
|
---|
2773 | $sql_ary = array();
|
---|
2774 |
|
---|
2775 | foreach ($add_id_ary as $user_id)
|
---|
2776 | {
|
---|
2777 | $sql_ary[] = array(
|
---|
2778 | 'user_id' => (int) $user_id,
|
---|
2779 | 'group_id' => (int) $group_id,
|
---|
2780 | 'group_leader' => (int) $leader,
|
---|
2781 | 'user_pending' => (int) $pending,
|
---|
2782 | );
|
---|
2783 | }
|
---|
2784 |
|
---|
2785 | $db->sql_multi_insert(USER_GROUP_TABLE, $sql_ary);
|
---|
2786 | }
|
---|
2787 |
|
---|
2788 | if (sizeof($update_id_ary))
|
---|
2789 | {
|
---|
2790 | $sql = 'UPDATE ' . USER_GROUP_TABLE . '
|
---|
2791 | SET group_leader = 1
|
---|
2792 | WHERE ' . $db->sql_in_set('user_id', $update_id_ary) . "
|
---|
2793 | AND group_id = $group_id";
|
---|
2794 | $db->sql_query($sql);
|
---|
2795 | }
|
---|
2796 |
|
---|
2797 | if ($default)
|
---|
2798 | {
|
---|
2799 | group_user_attributes('default', $group_id, $user_id_ary, false, $group_name, $group_attributes);
|
---|
2800 | }
|
---|
2801 |
|
---|
2802 | $db->sql_transaction('commit');
|
---|
2803 |
|
---|
2804 | // Clear permissions cache of relevant users
|
---|
2805 | $auth->acl_clear_prefetch($user_id_ary);
|
---|
2806 |
|
---|
2807 | if (!$group_name)
|
---|
2808 | {
|
---|
2809 | $group_name = get_group_name($group_id);
|
---|
2810 | }
|
---|
2811 |
|
---|
2812 | $log = ($leader) ? 'LOG_MODS_ADDED' : (($pending) ? 'LOG_USERS_PENDING' : 'LOG_USERS_ADDED');
|
---|
2813 |
|
---|
2814 | add_log('admin', $log, $group_name, implode(', ', $username_ary));
|
---|
2815 |
|
---|
2816 | group_update_listings($group_id);
|
---|
2817 |
|
---|
2818 | // Return false - no error
|
---|
2819 | return false;
|
---|
2820 | }
|
---|
2821 |
|
---|
2822 | /**
|
---|
2823 | * Remove a user/s from a given group. When we remove users we update their
|
---|
2824 | * default group_id. We do this by examining which "special" groups they belong
|
---|
2825 | * to. The selection is made based on a reasonable priority system
|
---|
2826 | *
|
---|
2827 | * @return false if no errors occurred, else the user lang string for the relevant error, for example 'NO_USER'
|
---|
2828 | */
|
---|
2829 | function group_user_del($group_id, $user_id_ary = false, $username_ary = false, $group_name = false)
|
---|
2830 | {
|
---|
2831 | global $db, $auth, $config;
|
---|
2832 |
|
---|
2833 | if ($config['coppa_enable'])
|
---|
2834 | {
|
---|
2835 | $group_order = array('ADMINISTRATORS', 'GLOBAL_MODERATORS', 'NEWLY_REGISTERED', 'REGISTERED_COPPA', 'REGISTERED', 'BOTS', 'GUESTS');
|
---|
2836 | }
|
---|
2837 | else
|
---|
2838 | {
|
---|
2839 | $group_order = array('ADMINISTRATORS', 'GLOBAL_MODERATORS', 'NEWLY_REGISTERED', 'REGISTERED', 'BOTS', 'GUESTS');
|
---|
2840 | }
|
---|
2841 |
|
---|
2842 | // We need both username and user_id info
|
---|
2843 | $result = user_get_id_name($user_id_ary, $username_ary);
|
---|
2844 |
|
---|
2845 | if (!sizeof($user_id_ary) || $result !== false)
|
---|
2846 | {
|
---|
2847 | return 'NO_USER';
|
---|
2848 | }
|
---|
2849 |
|
---|
2850 | $sql = 'SELECT *
|
---|
2851 | FROM ' . GROUPS_TABLE . '
|
---|
2852 | WHERE ' . $db->sql_in_set('group_name', $group_order);
|
---|
2853 | $result = $db->sql_query($sql);
|
---|
2854 |
|
---|
2855 | $group_order_id = $special_group_data = array();
|
---|
2856 | while ($row = $db->sql_fetchrow($result))
|
---|
2857 | {
|
---|
2858 | $group_order_id[$row['group_name']] = $row['group_id'];
|
---|
2859 |
|
---|
2860 | $special_group_data[$row['group_id']] = array(
|
---|
2861 | 'group_colour' => $row['group_colour'],
|
---|
2862 | 'group_rank' => $row['group_rank'],
|
---|
2863 | );
|
---|
2864 |
|
---|
2865 | // Only set the group avatar if one is defined...
|
---|
2866 | if ($row['group_avatar'])
|
---|
2867 | {
|
---|
2868 | $special_group_data[$row['group_id']] = array_merge($special_group_data[$row['group_id']], array(
|
---|
2869 | 'group_avatar' => $row['group_avatar'],
|
---|
2870 | 'group_avatar_type' => $row['group_avatar_type'],
|
---|
2871 | 'group_avatar_width' => $row['group_avatar_width'],
|
---|
2872 | 'group_avatar_height' => $row['group_avatar_height'])
|
---|
2873 | );
|
---|
2874 | }
|
---|
2875 | }
|
---|
2876 | $db->sql_freeresult($result);
|
---|
2877 |
|
---|
2878 | // Get users default groups - we only need to reset default group membership if the group from which the user gets removed is set as default
|
---|
2879 | $sql = 'SELECT user_id, group_id
|
---|
2880 | FROM ' . USERS_TABLE . '
|
---|
2881 | WHERE ' . $db->sql_in_set('user_id', $user_id_ary);
|
---|
2882 | $result = $db->sql_query($sql);
|
---|
2883 |
|
---|
2884 | $default_groups = array();
|
---|
2885 | while ($row = $db->sql_fetchrow($result))
|
---|
2886 | {
|
---|
2887 | $default_groups[$row['user_id']] = $row['group_id'];
|
---|
2888 | }
|
---|
2889 | $db->sql_freeresult($result);
|
---|
2890 |
|
---|
2891 | // What special group memberships exist for these users?
|
---|
2892 | $sql = 'SELECT g.group_id, g.group_name, ug.user_id
|
---|
2893 | FROM ' . USER_GROUP_TABLE . ' ug, ' . GROUPS_TABLE . ' g
|
---|
2894 | WHERE ' . $db->sql_in_set('ug.user_id', $user_id_ary) . "
|
---|
2895 | AND g.group_id = ug.group_id
|
---|
2896 | AND g.group_id <> $group_id
|
---|
2897 | AND g.group_type = " . GROUP_SPECIAL . '
|
---|
2898 | ORDER BY ug.user_id, g.group_id';
|
---|
2899 | $result = $db->sql_query($sql);
|
---|
2900 |
|
---|
2901 | $temp_ary = array();
|
---|
2902 | while ($row = $db->sql_fetchrow($result))
|
---|
2903 | {
|
---|
2904 | if ($default_groups[$row['user_id']] == $group_id && (!isset($temp_ary[$row['user_id']]) || $group_order_id[$row['group_name']] < $temp_ary[$row['user_id']]))
|
---|
2905 | {
|
---|
2906 | $temp_ary[$row['user_id']] = $row['group_id'];
|
---|
2907 | }
|
---|
2908 | }
|
---|
2909 | $db->sql_freeresult($result);
|
---|
2910 |
|
---|
2911 | // sql_where_ary holds the new default groups and their users
|
---|
2912 | $sql_where_ary = array();
|
---|
2913 | foreach ($temp_ary as $uid => $gid)
|
---|
2914 | {
|
---|
2915 | $sql_where_ary[$gid][] = $uid;
|
---|
2916 | }
|
---|
2917 | unset($temp_ary);
|
---|
2918 |
|
---|
2919 | foreach ($special_group_data as $gid => $default_data_ary)
|
---|
2920 | {
|
---|
2921 | if (isset($sql_where_ary[$gid]) && sizeof($sql_where_ary[$gid]))
|
---|
2922 | {
|
---|
2923 | remove_default_rank($group_id, $sql_where_ary[$gid]);
|
---|
2924 | remove_default_avatar($group_id, $sql_where_ary[$gid]);
|
---|
2925 | group_set_user_default($gid, $sql_where_ary[$gid], $default_data_ary);
|
---|
2926 | }
|
---|
2927 | }
|
---|
2928 | unset($special_group_data);
|
---|
2929 |
|
---|
2930 | $sql = 'DELETE FROM ' . USER_GROUP_TABLE . "
|
---|
2931 | WHERE group_id = $group_id
|
---|
2932 | AND " . $db->sql_in_set('user_id', $user_id_ary);
|
---|
2933 | $db->sql_query($sql);
|
---|
2934 |
|
---|
2935 | // Clear permissions cache of relevant users
|
---|
2936 | $auth->acl_clear_prefetch($user_id_ary);
|
---|
2937 |
|
---|
2938 | if (!$group_name)
|
---|
2939 | {
|
---|
2940 | $group_name = get_group_name($group_id);
|
---|
2941 | }
|
---|
2942 |
|
---|
2943 | $log = 'LOG_GROUP_REMOVE';
|
---|
2944 |
|
---|
2945 | if ($group_name)
|
---|
2946 | {
|
---|
2947 | add_log('admin', $log, $group_name, implode(', ', $username_ary));
|
---|
2948 | }
|
---|
2949 |
|
---|
2950 | group_update_listings($group_id);
|
---|
2951 |
|
---|
2952 | // Return false - no error
|
---|
2953 | return false;
|
---|
2954 | }
|
---|
2955 |
|
---|
2956 |
|
---|
2957 | /**
|
---|
2958 | * Removes the group avatar of the default group from the users in user_ids who have that group as default.
|
---|
2959 | */
|
---|
2960 | function remove_default_avatar($group_id, $user_ids)
|
---|
2961 | {
|
---|
2962 | global $db;
|
---|
2963 |
|
---|
2964 | if (!is_array($user_ids))
|
---|
2965 | {
|
---|
2966 | $user_ids = array($user_ids);
|
---|
2967 | }
|
---|
2968 | if (empty($user_ids))
|
---|
2969 | {
|
---|
2970 | return false;
|
---|
2971 | }
|
---|
2972 |
|
---|
2973 | $user_ids = array_map('intval', $user_ids);
|
---|
2974 |
|
---|
2975 | $sql = 'SELECT *
|
---|
2976 | FROM ' . GROUPS_TABLE . '
|
---|
2977 | WHERE group_id = ' . (int)$group_id;
|
---|
2978 | $result = $db->sql_query($sql);
|
---|
2979 | if (!$row = $db->sql_fetchrow($result))
|
---|
2980 | {
|
---|
2981 | $db->sql_freeresult($result);
|
---|
2982 | return false;
|
---|
2983 | }
|
---|
2984 | $db->sql_freeresult($result);
|
---|
2985 |
|
---|
2986 | $sql = 'UPDATE ' . USERS_TABLE . "
|
---|
2987 | SET user_avatar = '',
|
---|
2988 | user_avatar_type = 0,
|
---|
2989 | user_avatar_width = 0,
|
---|
2990 | user_avatar_height = 0
|
---|
2991 | WHERE group_id = " . (int) $group_id . "
|
---|
2992 | AND user_avatar = '" . $db->sql_escape($row['group_avatar']) . "'
|
---|
2993 | AND " . $db->sql_in_set('user_id', $user_ids);
|
---|
2994 |
|
---|
2995 | $db->sql_query($sql);
|
---|
2996 | }
|
---|
2997 |
|
---|
2998 | /**
|
---|
2999 | * Removes the group rank of the default group from the users in user_ids who have that group as default.
|
---|
3000 | */
|
---|
3001 | function remove_default_rank($group_id, $user_ids)
|
---|
3002 | {
|
---|
3003 | global $db;
|
---|
3004 |
|
---|
3005 | if (!is_array($user_ids))
|
---|
3006 | {
|
---|
3007 | $user_ids = array($user_ids);
|
---|
3008 | }
|
---|
3009 | if (empty($user_ids))
|
---|
3010 | {
|
---|
3011 | return false;
|
---|
3012 | }
|
---|
3013 |
|
---|
3014 | $user_ids = array_map('intval', $user_ids);
|
---|
3015 |
|
---|
3016 | $sql = 'SELECT *
|
---|
3017 | FROM ' . GROUPS_TABLE . '
|
---|
3018 | WHERE group_id = ' . (int)$group_id;
|
---|
3019 | $result = $db->sql_query($sql);
|
---|
3020 | if (!$row = $db->sql_fetchrow($result))
|
---|
3021 | {
|
---|
3022 | $db->sql_freeresult($result);
|
---|
3023 | return false;
|
---|
3024 | }
|
---|
3025 | $db->sql_freeresult($result);
|
---|
3026 |
|
---|
3027 | $sql = 'UPDATE ' . USERS_TABLE . '
|
---|
3028 | SET user_rank = 0
|
---|
3029 | WHERE group_id = ' . (int)$group_id . '
|
---|
3030 | AND user_rank <> 0
|
---|
3031 | AND user_rank = ' . (int)$row['group_rank'] . '
|
---|
3032 | AND ' . $db->sql_in_set('user_id', $user_ids);
|
---|
3033 | $db->sql_query($sql);
|
---|
3034 | }
|
---|
3035 |
|
---|
3036 | /**
|
---|
3037 | * This is used to promote (to leader), demote or set as default a member/s
|
---|
3038 | */
|
---|
3039 | function group_user_attributes($action, $group_id, $user_id_ary = false, $username_ary = false, $group_name = false, $group_attributes = false)
|
---|
3040 | {
|
---|
3041 | global $db, $auth, $phpbb_root_path, $phpEx, $config;
|
---|
3042 |
|
---|
3043 | // We need both username and user_id info
|
---|
3044 | $result = user_get_id_name($user_id_ary, $username_ary);
|
---|
3045 |
|
---|
3046 | if (!sizeof($user_id_ary) || $result !== false)
|
---|
3047 | {
|
---|
3048 | return 'NO_USERS';
|
---|
3049 | }
|
---|
3050 |
|
---|
3051 | if (!$group_name)
|
---|
3052 | {
|
---|
3053 | $group_name = get_group_name($group_id);
|
---|
3054 | }
|
---|
3055 |
|
---|
3056 | switch ($action)
|
---|
3057 | {
|
---|
3058 | case 'demote':
|
---|
3059 | case 'promote':
|
---|
3060 |
|
---|
3061 | $sql = 'SELECT user_id FROM ' . USER_GROUP_TABLE . "
|
---|
3062 | WHERE group_id = $group_id
|
---|
3063 | AND user_pending = 1
|
---|
3064 | AND " . $db->sql_in_set('user_id', $user_id_ary);
|
---|
3065 | $result = $db->sql_query_limit($sql, 1);
|
---|
3066 | $not_empty = ($db->sql_fetchrow($result));
|
---|
3067 | $db->sql_freeresult($result);
|
---|
3068 | if ($not_empty)
|
---|
3069 | {
|
---|
3070 | return 'NO_VALID_USERS';
|
---|
3071 | }
|
---|
3072 |
|
---|
3073 | $sql = 'UPDATE ' . USER_GROUP_TABLE . '
|
---|
3074 | SET group_leader = ' . (($action == 'promote') ? 1 : 0) . "
|
---|
3075 | WHERE group_id = $group_id
|
---|
3076 | AND user_pending = 0
|
---|
3077 | AND " . $db->sql_in_set('user_id', $user_id_ary);
|
---|
3078 | $db->sql_query($sql);
|
---|
3079 |
|
---|
3080 | $log = ($action == 'promote') ? 'LOG_GROUP_PROMOTED' : 'LOG_GROUP_DEMOTED';
|
---|
3081 | break;
|
---|
3082 |
|
---|
3083 | case 'approve':
|
---|
3084 | // Make sure we only approve those which are pending ;)
|
---|
3085 | $sql = 'SELECT u.user_id, u.user_email, u.username, u.username_clean, u.user_notify_type, u.user_jabber, u.user_lang
|
---|
3086 | FROM ' . USERS_TABLE . ' u, ' . USER_GROUP_TABLE . ' ug
|
---|
3087 | WHERE ug.group_id = ' . $group_id . '
|
---|
3088 | AND ug.user_pending = 1
|
---|
3089 | AND ug.user_id = u.user_id
|
---|
3090 | AND ' . $db->sql_in_set('ug.user_id', $user_id_ary);
|
---|
3091 | $result = $db->sql_query($sql);
|
---|
3092 |
|
---|
3093 | $user_id_ary = $email_users = array();
|
---|
3094 | while ($row = $db->sql_fetchrow($result))
|
---|
3095 | {
|
---|
3096 | $user_id_ary[] = $row['user_id'];
|
---|
3097 | $email_users[] = $row;
|
---|
3098 | }
|
---|
3099 | $db->sql_freeresult($result);
|
---|
3100 |
|
---|
3101 | if (!sizeof($user_id_ary))
|
---|
3102 | {
|
---|
3103 | return false;
|
---|
3104 | }
|
---|
3105 |
|
---|
3106 | $sql = 'UPDATE ' . USER_GROUP_TABLE . "
|
---|
3107 | SET user_pending = 0
|
---|
3108 | WHERE group_id = $group_id
|
---|
3109 | AND " . $db->sql_in_set('user_id', $user_id_ary);
|
---|
3110 | $db->sql_query($sql);
|
---|
3111 |
|
---|
3112 | // Send approved email to users...
|
---|
3113 | include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
|
---|
3114 | $messenger = new messenger();
|
---|
3115 |
|
---|
3116 | foreach ($email_users as $row)
|
---|
3117 | {
|
---|
3118 | $messenger->template('group_approved', $row['user_lang']);
|
---|
3119 |
|
---|
3120 | $messenger->to($row['user_email'], $row['username']);
|
---|
3121 | $messenger->im($row['user_jabber'], $row['username']);
|
---|
3122 |
|
---|
3123 | $messenger->assign_vars(array(
|
---|
3124 | 'USERNAME' => htmlspecialchars_decode($row['username']),
|
---|
3125 | 'GROUP_NAME' => htmlspecialchars_decode($group_name),
|
---|
3126 | 'U_GROUP' => generate_board_url() . "/ucp.$phpEx?i=groups&mode=membership")
|
---|
3127 | );
|
---|
3128 |
|
---|
3129 | $messenger->send($row['user_notify_type']);
|
---|
3130 | }
|
---|
3131 |
|
---|
3132 | $messenger->save_queue();
|
---|
3133 |
|
---|
3134 | $log = 'LOG_USERS_APPROVED';
|
---|
3135 | break;
|
---|
3136 |
|
---|
3137 | case 'default':
|
---|
3138 | // We only set default group for approved members of the group
|
---|
3139 | $sql = 'SELECT user_id
|
---|
3140 | FROM ' . USER_GROUP_TABLE . "
|
---|
3141 | WHERE group_id = $group_id
|
---|
3142 | AND user_pending = 0
|
---|
3143 | AND " . $db->sql_in_set('user_id', $user_id_ary);
|
---|
3144 | $result = $db->sql_query($sql);
|
---|
3145 |
|
---|
3146 | $user_id_ary = $username_ary = array();
|
---|
3147 | while ($row = $db->sql_fetchrow($result))
|
---|
3148 | {
|
---|
3149 | $user_id_ary[] = $row['user_id'];
|
---|
3150 | }
|
---|
3151 | $db->sql_freeresult($result);
|
---|
3152 |
|
---|
3153 | $result = user_get_id_name($user_id_ary, $username_ary);
|
---|
3154 | if (!sizeof($user_id_ary) || $result !== false)
|
---|
3155 | {
|
---|
3156 | return 'NO_USERS';
|
---|
3157 | }
|
---|
3158 |
|
---|
3159 | $sql = 'SELECT user_id, group_id FROM ' . USERS_TABLE . '
|
---|
3160 | WHERE ' . $db->sql_in_set('user_id', $user_id_ary, false, true);
|
---|
3161 | $result = $db->sql_query($sql);
|
---|
3162 |
|
---|
3163 | $groups = array();
|
---|
3164 | while ($row = $db->sql_fetchrow($result))
|
---|
3165 | {
|
---|
3166 | if (!isset($groups[$row['group_id']]))
|
---|
3167 | {
|
---|
3168 | $groups[$row['group_id']] = array();
|
---|
3169 | }
|
---|
3170 | $groups[$row['group_id']][] = $row['user_id'];
|
---|
3171 | }
|
---|
3172 | $db->sql_freeresult($result);
|
---|
3173 |
|
---|
3174 | foreach ($groups as $gid => $uids)
|
---|
3175 | {
|
---|
3176 | remove_default_rank($gid, $uids);
|
---|
3177 | remove_default_avatar($gid, $uids);
|
---|
3178 | }
|
---|
3179 | group_set_user_default($group_id, $user_id_ary, $group_attributes);
|
---|
3180 | $log = 'LOG_GROUP_DEFAULTS';
|
---|
3181 | break;
|
---|
3182 | }
|
---|
3183 |
|
---|
3184 | // Clear permissions cache of relevant users
|
---|
3185 | $auth->acl_clear_prefetch($user_id_ary);
|
---|
3186 |
|
---|
3187 | add_log('admin', $log, $group_name, implode(', ', $username_ary));
|
---|
3188 |
|
---|
3189 | group_update_listings($group_id);
|
---|
3190 |
|
---|
3191 | return false;
|
---|
3192 | }
|
---|
3193 |
|
---|
3194 | /**
|
---|
3195 | * A small version of validate_username to check for a group name's existence. To be called directly.
|
---|
3196 | */
|
---|
3197 | function group_validate_groupname($group_id, $group_name)
|
---|
3198 | {
|
---|
3199 | global $config, $db;
|
---|
3200 |
|
---|
3201 | $group_name = utf8_clean_string($group_name);
|
---|
3202 |
|
---|
3203 | if (!empty($group_id))
|
---|
3204 | {
|
---|
3205 | $sql = 'SELECT group_name
|
---|
3206 | FROM ' . GROUPS_TABLE . '
|
---|
3207 | WHERE group_id = ' . (int) $group_id;
|
---|
3208 | $result = $db->sql_query($sql);
|
---|
3209 | $row = $db->sql_fetchrow($result);
|
---|
3210 | $db->sql_freeresult($result);
|
---|
3211 |
|
---|
3212 | if (!$row)
|
---|
3213 | {
|
---|
3214 | return false;
|
---|
3215 | }
|
---|
3216 |
|
---|
3217 | $allowed_groupname = utf8_clean_string($row['group_name']);
|
---|
3218 |
|
---|
3219 | if ($allowed_groupname == $group_name)
|
---|
3220 | {
|
---|
3221 | return false;
|
---|
3222 | }
|
---|
3223 | }
|
---|
3224 |
|
---|
3225 | $sql = 'SELECT group_name
|
---|
3226 | FROM ' . GROUPS_TABLE . "
|
---|
3227 | WHERE LOWER(group_name) = '" . $db->sql_escape(utf8_strtolower($group_name)) . "'";
|
---|
3228 | $result = $db->sql_query($sql);
|
---|
3229 | $row = $db->sql_fetchrow($result);
|
---|
3230 | $db->sql_freeresult($result);
|
---|
3231 |
|
---|
3232 | if ($row)
|
---|
3233 | {
|
---|
3234 | return 'GROUP_NAME_TAKEN';
|
---|
3235 | }
|
---|
3236 |
|
---|
3237 | return false;
|
---|
3238 | }
|
---|
3239 |
|
---|
3240 | /**
|
---|
3241 | * Set users default group
|
---|
3242 | *
|
---|
3243 | * @access private
|
---|
3244 | */
|
---|
3245 | function group_set_user_default($group_id, $user_id_ary, $group_attributes = false, $update_listing = false)
|
---|
3246 | {
|
---|
3247 | global $cache, $db;
|
---|
3248 |
|
---|
3249 | if (empty($user_id_ary))
|
---|
3250 | {
|
---|
3251 | return;
|
---|
3252 | }
|
---|
3253 |
|
---|
3254 | $attribute_ary = array(
|
---|
3255 | 'group_colour' => 'string',
|
---|
3256 | 'group_rank' => 'int',
|
---|
3257 | 'group_avatar' => 'string',
|
---|
3258 | 'group_avatar_type' => 'int',
|
---|
3259 | 'group_avatar_width' => 'int',
|
---|
3260 | 'group_avatar_height' => 'int',
|
---|
3261 | );
|
---|
3262 |
|
---|
3263 | $sql_ary = array(
|
---|
3264 | 'group_id' => $group_id
|
---|
3265 | );
|
---|
3266 |
|
---|
3267 | // Were group attributes passed to the function? If not we need to obtain them
|
---|
3268 | if ($group_attributes === false)
|
---|
3269 | {
|
---|
3270 | $sql = 'SELECT ' . implode(', ', array_keys($attribute_ary)) . '
|
---|
3271 | FROM ' . GROUPS_TABLE . "
|
---|
3272 | WHERE group_id = $group_id";
|
---|
3273 | $result = $db->sql_query($sql);
|
---|
3274 | $group_attributes = $db->sql_fetchrow($result);
|
---|
3275 | $db->sql_freeresult($result);
|
---|
3276 | }
|
---|
3277 |
|
---|
3278 | foreach ($attribute_ary as $attribute => $type)
|
---|
3279 | {
|
---|
3280 | if (isset($group_attributes[$attribute]))
|
---|
3281 | {
|
---|
3282 | // If we are about to set an avatar or rank, we will not overwrite with empty, unless we are not actually changing the default group
|
---|
3283 | if ((strpos($attribute, 'group_avatar') === 0 || strpos($attribute, 'group_rank') === 0) && !$group_attributes[$attribute])
|
---|
3284 | {
|
---|
3285 | continue;
|
---|
3286 | }
|
---|
3287 |
|
---|
3288 | settype($group_attributes[$attribute], $type);
|
---|
3289 | $sql_ary[str_replace('group_', 'user_', $attribute)] = $group_attributes[$attribute];
|
---|
3290 | }
|
---|
3291 | }
|
---|
3292 |
|
---|
3293 | // Before we update the user attributes, we will make a list of those having now the group avatar assigned
|
---|
3294 | if (isset($sql_ary['user_avatar']))
|
---|
3295 | {
|
---|
3296 | // Ok, get the original avatar data from users having an uploaded one (we need to remove these from the filesystem)
|
---|
3297 | $sql = 'SELECT user_id, group_id, user_avatar
|
---|
3298 | FROM ' . USERS_TABLE . '
|
---|
3299 | WHERE ' . $db->sql_in_set('user_id', $user_id_ary) . '
|
---|
3300 | AND user_avatar_type = ' . AVATAR_UPLOAD;
|
---|
3301 | $result = $db->sql_query($sql);
|
---|
3302 |
|
---|
3303 | while ($row = $db->sql_fetchrow($result))
|
---|
3304 | {
|
---|
3305 | avatar_delete('user', $row);
|
---|
3306 | }
|
---|
3307 | $db->sql_freeresult($result);
|
---|
3308 | }
|
---|
3309 | else
|
---|
3310 | {
|
---|
3311 | unset($sql_ary['user_avatar_type']);
|
---|
3312 | unset($sql_ary['user_avatar_height']);
|
---|
3313 | unset($sql_ary['user_avatar_width']);
|
---|
3314 | }
|
---|
3315 |
|
---|
3316 | $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
|
---|
3317 | WHERE ' . $db->sql_in_set('user_id', $user_id_ary);
|
---|
3318 | $db->sql_query($sql);
|
---|
3319 |
|
---|
3320 | if (isset($sql_ary['user_colour']))
|
---|
3321 | {
|
---|
3322 | // Update any cached colour information for these users
|
---|
3323 | $sql = 'UPDATE ' . FORUMS_TABLE . " SET forum_last_poster_colour = '" . $db->sql_escape($sql_ary['user_colour']) . "'
|
---|
3324 | WHERE " . $db->sql_in_set('forum_last_poster_id', $user_id_ary);
|
---|
3325 | $db->sql_query($sql);
|
---|
3326 |
|
---|
3327 | $sql = 'UPDATE ' . TOPICS_TABLE . " SET topic_first_poster_colour = '" . $db->sql_escape($sql_ary['user_colour']) . "'
|
---|
3328 | WHERE " . $db->sql_in_set('topic_poster', $user_id_ary);
|
---|
3329 | $db->sql_query($sql);
|
---|
3330 |
|
---|
3331 | $sql = 'UPDATE ' . TOPICS_TABLE . " SET topic_last_poster_colour = '" . $db->sql_escape($sql_ary['user_colour']) . "'
|
---|
3332 | WHERE " . $db->sql_in_set('topic_last_poster_id', $user_id_ary);
|
---|
3333 | $db->sql_query($sql);
|
---|
3334 |
|
---|
3335 | global $config;
|
---|
3336 |
|
---|
3337 | if (in_array($config['newest_user_id'], $user_id_ary))
|
---|
3338 | {
|
---|
3339 | set_config('newest_user_colour', $sql_ary['user_colour'], true);
|
---|
3340 | }
|
---|
3341 | }
|
---|
3342 |
|
---|
3343 | if ($update_listing)
|
---|
3344 | {
|
---|
3345 | group_update_listings($group_id);
|
---|
3346 | }
|
---|
3347 |
|
---|
3348 | // Because some tables/caches use usercolour-specific data we need to purge this here.
|
---|
3349 | $cache->destroy('sql', MODERATOR_CACHE_TABLE);
|
---|
3350 | }
|
---|
3351 |
|
---|
3352 | /**
|
---|
3353 | * Get group name
|
---|
3354 | */
|
---|
3355 | function get_group_name($group_id)
|
---|
3356 | {
|
---|
3357 | global $db, $user;
|
---|
3358 |
|
---|
3359 | $sql = 'SELECT group_name, group_type
|
---|
3360 | FROM ' . GROUPS_TABLE . '
|
---|
3361 | WHERE group_id = ' . (int) $group_id;
|
---|
3362 | $result = $db->sql_query($sql);
|
---|
3363 | $row = $db->sql_fetchrow($result);
|
---|
3364 | $db->sql_freeresult($result);
|
---|
3365 |
|
---|
3366 | if (!$row || ($row['group_type'] == GROUP_SPECIAL && empty($user->lang)))
|
---|
3367 | {
|
---|
3368 | return '';
|
---|
3369 | }
|
---|
3370 |
|
---|
3371 | return ($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name'];
|
---|
3372 | }
|
---|
3373 |
|
---|
3374 | /**
|
---|
3375 | * Obtain either the members of a specified group, the groups the specified user is subscribed to
|
---|
3376 | * or checking if a specified user is in a specified group. This function does not return pending memberships.
|
---|
3377 | *
|
---|
3378 | * Note: Never use this more than once... first group your users/groups
|
---|
3379 | */
|
---|
3380 | function group_memberships($group_id_ary = false, $user_id_ary = false, $return_bool = false)
|
---|
3381 | {
|
---|
3382 | global $db;
|
---|
3383 |
|
---|
3384 | if (!$group_id_ary && !$user_id_ary)
|
---|
3385 | {
|
---|
3386 | return true;
|
---|
3387 | }
|
---|
3388 |
|
---|
3389 | if ($user_id_ary)
|
---|
3390 | {
|
---|
3391 | $user_id_ary = (!is_array($user_id_ary)) ? array($user_id_ary) : $user_id_ary;
|
---|
3392 | }
|
---|
3393 |
|
---|
3394 | if ($group_id_ary)
|
---|
3395 | {
|
---|
3396 | $group_id_ary = (!is_array($group_id_ary)) ? array($group_id_ary) : $group_id_ary;
|
---|
3397 | }
|
---|
3398 |
|
---|
3399 | $sql = 'SELECT ug.*, u.username, u.username_clean, u.user_email
|
---|
3400 | FROM ' . USER_GROUP_TABLE . ' ug, ' . USERS_TABLE . ' u
|
---|
3401 | WHERE ug.user_id = u.user_id
|
---|
3402 | AND ug.user_pending = 0 AND ';
|
---|
3403 |
|
---|
3404 | if ($group_id_ary)
|
---|
3405 | {
|
---|
3406 | $sql .= ' ' . $db->sql_in_set('ug.group_id', $group_id_ary);
|
---|
3407 | }
|
---|
3408 |
|
---|
3409 | if ($user_id_ary)
|
---|
3410 | {
|
---|
3411 | $sql .= ($group_id_ary) ? ' AND ' : ' ';
|
---|
3412 | $sql .= $db->sql_in_set('ug.user_id', $user_id_ary);
|
---|
3413 | }
|
---|
3414 |
|
---|
3415 | $result = ($return_bool) ? $db->sql_query_limit($sql, 1) : $db->sql_query($sql);
|
---|
3416 |
|
---|
3417 | $row = $db->sql_fetchrow($result);
|
---|
3418 |
|
---|
3419 | if ($return_bool)
|
---|
3420 | {
|
---|
3421 | $db->sql_freeresult($result);
|
---|
3422 | return ($row) ? true : false;
|
---|
3423 | }
|
---|
3424 |
|
---|
3425 | if (!$row)
|
---|
3426 | {
|
---|
3427 | return false;
|
---|
3428 | }
|
---|
3429 |
|
---|
3430 | $return = array();
|
---|
3431 |
|
---|
3432 | do
|
---|
3433 | {
|
---|
3434 | $return[] = $row;
|
---|
3435 | }
|
---|
3436 | while ($row = $db->sql_fetchrow($result));
|
---|
3437 |
|
---|
3438 | $db->sql_freeresult($result);
|
---|
3439 |
|
---|
3440 | return $return;
|
---|
3441 | }
|
---|
3442 |
|
---|
3443 | /**
|
---|
3444 | * Re-cache moderators and foes if group has a_ or m_ permissions
|
---|
3445 | */
|
---|
3446 | function group_update_listings($group_id)
|
---|
3447 | {
|
---|
3448 | global $auth;
|
---|
3449 |
|
---|
3450 | $hold_ary = $auth->acl_group_raw_data($group_id, array('a_', 'm_'));
|
---|
3451 |
|
---|
3452 | if (!sizeof($hold_ary))
|
---|
3453 | {
|
---|
3454 | return;
|
---|
3455 | }
|
---|
3456 |
|
---|
3457 | $mod_permissions = $admin_permissions = false;
|
---|
3458 |
|
---|
3459 | foreach ($hold_ary as $g_id => $forum_ary)
|
---|
3460 | {
|
---|
3461 | foreach ($forum_ary as $forum_id => $auth_ary)
|
---|
3462 | {
|
---|
3463 | foreach ($auth_ary as $auth_option => $setting)
|
---|
3464 | {
|
---|
3465 | if ($mod_permissions && $admin_permissions)
|
---|
3466 | {
|
---|
3467 | break 3;
|
---|
3468 | }
|
---|
3469 |
|
---|
3470 | if ($setting != ACL_YES)
|
---|
3471 | {
|
---|
3472 | continue;
|
---|
3473 | }
|
---|
3474 |
|
---|
3475 | if ($auth_option == 'm_')
|
---|
3476 | {
|
---|
3477 | $mod_permissions = true;
|
---|
3478 | }
|
---|
3479 |
|
---|
3480 | if ($auth_option == 'a_')
|
---|
3481 | {
|
---|
3482 | $admin_permissions = true;
|
---|
3483 | }
|
---|
3484 | }
|
---|
3485 | }
|
---|
3486 | }
|
---|
3487 |
|
---|
3488 | if ($mod_permissions)
|
---|
3489 | {
|
---|
3490 | if (!function_exists('cache_moderators'))
|
---|
3491 | {
|
---|
3492 | global $phpbb_root_path, $phpEx;
|
---|
3493 | include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
|
---|
3494 | }
|
---|
3495 | cache_moderators();
|
---|
3496 | }
|
---|
3497 |
|
---|
3498 | if ($mod_permissions || $admin_permissions)
|
---|
3499 | {
|
---|
3500 | if (!function_exists('update_foes'))
|
---|
3501 | {
|
---|
3502 | global $phpbb_root_path, $phpEx;
|
---|
3503 | include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
|
---|
3504 | }
|
---|
3505 | update_foes(array($group_id));
|
---|
3506 | }
|
---|
3507 | }
|
---|
3508 |
|
---|
3509 |
|
---|
3510 |
|
---|
3511 | /**
|
---|
3512 | * Funtion to make a user leave the NEWLY_REGISTERED system group.
|
---|
3513 | * @access public
|
---|
3514 | * @param $user_id The id of the user to remove from the group
|
---|
3515 | */
|
---|
3516 | function remove_newly_registered($user_id, $user_data = false)
|
---|
3517 | {
|
---|
3518 | global $db;
|
---|
3519 |
|
---|
3520 | if ($user_data === false)
|
---|
3521 | {
|
---|
3522 | $sql = 'SELECT *
|
---|
3523 | FROM ' . USERS_TABLE . '
|
---|
3524 | WHERE user_id = ' . $user_id;
|
---|
3525 | $result = $db->sql_query($sql);
|
---|
3526 | $user_row = $db->sql_fetchrow($result);
|
---|
3527 | $db->sql_freeresult($result);
|
---|
3528 |
|
---|
3529 | if (!$user_row)
|
---|
3530 | {
|
---|
3531 | return false;
|
---|
3532 | }
|
---|
3533 | else
|
---|
3534 | {
|
---|
3535 | $user_data = $user_row;
|
---|
3536 | }
|
---|
3537 | }
|
---|
3538 |
|
---|
3539 | if (empty($user_data['user_new']))
|
---|
3540 | {
|
---|
3541 | return false;
|
---|
3542 | }
|
---|
3543 |
|
---|
3544 | $sql = 'SELECT group_id
|
---|
3545 | FROM ' . GROUPS_TABLE . "
|
---|
3546 | WHERE group_name = 'NEWLY_REGISTERED'
|
---|
3547 | AND group_type = " . GROUP_SPECIAL;
|
---|
3548 | $result = $db->sql_query($sql);
|
---|
3549 | $group_id = (int) $db->sql_fetchfield('group_id');
|
---|
3550 | $db->sql_freeresult($result);
|
---|
3551 |
|
---|
3552 | if (!$group_id)
|
---|
3553 | {
|
---|
3554 | return false;
|
---|
3555 | }
|
---|
3556 |
|
---|
3557 | // We need to call group_user_del here, because this function makes sure everything is correctly changed.
|
---|
3558 | // A downside for a call within the session handler is that the language is not set up yet - so no log entry
|
---|
3559 | group_user_del($group_id, $user_id);
|
---|
3560 |
|
---|
3561 | // Set user_new to 0 to let this not be triggered again
|
---|
3562 | $sql = 'UPDATE ' . USERS_TABLE . '
|
---|
3563 | SET user_new = 0
|
---|
3564 | WHERE user_id = ' . $user_id;
|
---|
3565 | $db->sql_query($sql);
|
---|
3566 |
|
---|
3567 | // The new users group was the users default group?
|
---|
3568 | if ($user_data['group_id'] == $group_id)
|
---|
3569 | {
|
---|
3570 | // Which group is now the users default one?
|
---|
3571 | $sql = 'SELECT group_id
|
---|
3572 | FROM ' . USERS_TABLE . '
|
---|
3573 | WHERE user_id = ' . $user_id;
|
---|
3574 | $result = $db->sql_query($sql);
|
---|
3575 | $user_data['group_id'] = $db->sql_fetchfield('group_id');
|
---|
3576 | $db->sql_freeresult($result);
|
---|
3577 | }
|
---|
3578 |
|
---|
3579 | return $user_data['group_id'];
|
---|
3580 | }
|
---|
3581 |
|
---|
3582 | ?>
|
---|