source: trunk/forum/includes/functions_user.php

Last change on this file was 702, checked in by george, 15 years ago
  • Upraveno: Aktualizace fóra.
File size: 91.3 KB
Line 
1<?php
2/**
3*
4* @package phpBB3
5* @version $Id$
6* @copyright (c) 2005 phpBB Group
7* @license http://opensource.org/licenses/gpl-license.php GNU Public License
8*
9*/
10
11/**
12* @ignore
13*/
14if (!defined('IN_PHPBB'))
15{
16 exit;
17}
18
19/**
20* Obtain user_ids from usernames or vice versa. Returns false on
21* success else the error string
22*
23* @param array &$user_id_ary The user ids to check or empty if usernames used
24* @param array &$username_ary The usernames to check or empty if user ids used
25* @param mixed $user_type Array of user types to check, false if not restricting by user type
26*/
27function user_get_id_name(&$user_id_ary, &$username_ary, $user_type = false)
28{
29 global $db;
30
31 // Are both arrays already filled? Yep, return else
32 // are neither array filled?
33 if ($user_id_ary && $username_ary)
34 {
35 return false;
36 }
37 else if (!$user_id_ary && !$username_ary)
38 {
39 return 'NO_USERS';
40 }
41
42 $which_ary = ($user_id_ary) ? 'user_id_ary' : 'username_ary';
43
44 if ($$which_ary && !is_array($$which_ary))
45 {
46 $$which_ary = array($$which_ary);
47 }
48
49 $sql_in = ($which_ary == 'user_id_ary') ? array_map('intval', $$which_ary) : array_map('utf8_clean_string', $$which_ary);
50 unset($$which_ary);
51
52 $user_id_ary = $username_ary = array();
53
54 // Grab the user id/username records
55 $sql_where = ($which_ary == 'user_id_ary') ? 'user_id' : 'username_clean';
56 $sql = 'SELECT user_id, username
57 FROM ' . USERS_TABLE . '
58 WHERE ' . $db->sql_in_set($sql_where, $sql_in);
59
60 if ($user_type !== false && !empty($user_type))
61 {
62 $sql .= ' AND ' . $db->sql_in_set('user_type', $user_type);
63 }
64
65 $result = $db->sql_query($sql);
66
67 if (!($row = $db->sql_fetchrow($result)))
68 {
69 $db->sql_freeresult($result);
70 return 'NO_USERS';
71 }
72
73 do
74 {
75 $username_ary[$row['user_id']] = $row['username'];
76 $user_id_ary[] = $row['user_id'];
77 }
78 while ($row = $db->sql_fetchrow($result));
79 $db->sql_freeresult($result);
80
81 return false;
82}
83
84/**
85* Get latest registered username and update database to reflect it
86*/
87function update_last_username()
88{
89 global $db;
90
91 // Get latest username
92 $sql = 'SELECT user_id, username, user_colour
93 FROM ' . USERS_TABLE . '
94 WHERE user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')
95 ORDER BY user_id DESC';
96 $result = $db->sql_query_limit($sql, 1);
97 $row = $db->sql_fetchrow($result);
98 $db->sql_freeresult($result);
99
100 if ($row)
101 {
102 set_config('newest_user_id', $row['user_id'], true);
103 set_config('newest_username', $row['username'], true);
104 set_config('newest_user_colour', $row['user_colour'], true);
105 }
106}
107
108/**
109* Updates a username across all relevant tables/fields
110*
111* @param string $old_name the old/current username
112* @param string $new_name the new username
113*/
114function user_update_name($old_name, $new_name)
115{
116 global $config, $db, $cache;
117
118 $update_ary = array(
119 FORUMS_TABLE => array('forum_last_poster_name'),
120 MODERATOR_CACHE_TABLE => array('username'),
121 POSTS_TABLE => array('post_username'),
122 TOPICS_TABLE => array('topic_first_poster_name', 'topic_last_poster_name'),
123 );
124
125 foreach ($update_ary as $table => $field_ary)
126 {
127 foreach ($field_ary as $field)
128 {
129 $sql = "UPDATE $table
130 SET $field = '" . $db->sql_escape($new_name) . "'
131 WHERE $field = '" . $db->sql_escape($old_name) . "'";
132 $db->sql_query($sql);
133 }
134 }
135
136 if ($config['newest_username'] == $old_name)
137 {
138 set_config('newest_username', $new_name, true);
139 }
140
141 // Because some tables/caches use username-specific data we need to purge this here.
142 $cache->destroy('sql', MODERATOR_CACHE_TABLE);
143}
144
145/**
146* Adds an user
147*
148* @param mixed $user_row An array containing the following keys (and the appropriate values): username, group_id (the group to place the user in), user_email and the user_type(usually 0). Additional entries not overridden by defaults will be forwarded.
149* @param string $cp_data custom profile fields, see custom_profile::build_insert_sql_array
150* @return the new user's ID.
151*/
152function user_add($user_row, $cp_data = false)
153{
154 global $db, $user, $auth, $config, $phpbb_root_path, $phpEx;
155
156 if (empty($user_row['username']) || !isset($user_row['group_id']) || !isset($user_row['user_email']) || !isset($user_row['user_type']))
157 {
158 return false;
159 }
160
161 $username_clean = utf8_clean_string($user_row['username']);
162
163 if (empty($username_clean))
164 {
165 return false;
166 }
167
168 $sql_ary = array(
169 'username' => $user_row['username'],
170 'username_clean' => $username_clean,
171 'user_password' => (isset($user_row['user_password'])) ? $user_row['user_password'] : '',
172 'user_pass_convert' => 0,
173 'user_email' => strtolower($user_row['user_email']),
174 'user_email_hash' => phpbb_email_hash($user_row['user_email']),
175 'group_id' => $user_row['group_id'],
176 'user_type' => $user_row['user_type'],
177 );
178
179 // These are the additional vars able to be specified
180 $additional_vars = array(
181 'user_permissions' => '',
182 'user_timezone' => $config['board_timezone'],
183 'user_dateformat' => $config['default_dateformat'],
184 'user_lang' => $config['default_lang'],
185 'user_style' => (int) $config['default_style'],
186 'user_actkey' => '',
187 'user_ip' => '',
188 'user_regdate' => time(),
189 'user_passchg' => time(),
190 'user_options' => 230271,
191 // We do not set the new flag here - registration scripts need to specify it
192 'user_new' => 0,
193
194 'user_inactive_reason' => 0,
195 'user_inactive_time' => 0,
196 'user_lastmark' => time(),
197 'user_lastvisit' => 0,
198 'user_lastpost_time' => 0,
199 'user_lastpage' => '',
200 'user_posts' => 0,
201 'user_dst' => (int) $config['board_dst'],
202 'user_colour' => '',
203 'user_occ' => '',
204 'user_interests' => '',
205 'user_avatar' => '',
206 'user_avatar_type' => 0,
207 'user_avatar_width' => 0,
208 'user_avatar_height' => 0,
209 'user_new_privmsg' => 0,
210 'user_unread_privmsg' => 0,
211 'user_last_privmsg' => 0,
212 'user_message_rules' => 0,
213 'user_full_folder' => PRIVMSGS_NO_BOX,
214 'user_emailtime' => 0,
215
216 'user_notify' => 0,
217 'user_notify_pm' => 1,
218 'user_notify_type' => NOTIFY_EMAIL,
219 'user_allow_pm' => 1,
220 'user_allow_viewonline' => 1,
221 'user_allow_viewemail' => 1,
222 'user_allow_massemail' => 1,
223
224 'user_sig' => '',
225 'user_sig_bbcode_uid' => '',
226 'user_sig_bbcode_bitfield' => '',
227
228 'user_form_salt' => unique_id(),
229 );
230
231 // Now fill the sql array with not required variables
232 foreach ($additional_vars as $key => $default_value)
233 {
234 $sql_ary[$key] = (isset($user_row[$key])) ? $user_row[$key] : $default_value;
235 }
236
237 // Any additional variables in $user_row not covered above?
238 $remaining_vars = array_diff(array_keys($user_row), array_keys($sql_ary));
239
240 // Now fill our sql array with the remaining vars
241 if (sizeof($remaining_vars))
242 {
243 foreach ($remaining_vars as $key)
244 {
245 $sql_ary[$key] = $user_row[$key];
246 }
247 }
248
249 $sql = 'INSERT INTO ' . USERS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
250 $db->sql_query($sql);
251
252 $user_id = $db->sql_nextid();
253
254 // Insert Custom Profile Fields
255 if ($cp_data !== false && sizeof($cp_data))
256 {
257 $cp_data['user_id'] = (int) $user_id;
258
259 if (!class_exists('custom_profile'))
260 {
261 include_once($phpbb_root_path . 'includes/functions_profile_fields.' . $phpEx);
262 }
263
264 $sql = 'INSERT INTO ' . PROFILE_FIELDS_DATA_TABLE . ' ' .
265 $db->sql_build_array('INSERT', custom_profile::build_insert_sql_array($cp_data));
266 $db->sql_query($sql);
267 }
268
269 // Place into appropriate group...
270 $sql = 'INSERT INTO ' . USER_GROUP_TABLE . ' ' . $db->sql_build_array('INSERT', array(
271 'user_id' => (int) $user_id,
272 'group_id' => (int) $user_row['group_id'],
273 'user_pending' => 0)
274 );
275 $db->sql_query($sql);
276
277 // Now make it the users default group...
278 group_set_user_default($user_row['group_id'], array($user_id), false);
279
280 // Add to newly registered users group if user_new is 1
281 if ($config['new_member_post_limit'] && $sql_ary['user_new'])
282 {
283 $sql = 'SELECT group_id
284 FROM ' . GROUPS_TABLE . "
285 WHERE group_name = 'NEWLY_REGISTERED'
286 AND group_type = " . GROUP_SPECIAL;
287 $result = $db->sql_query($sql);
288 $add_group_id = (int) $db->sql_fetchfield('group_id');
289 $db->sql_freeresult($result);
290
291 if ($add_group_id)
292 {
293 // Because these actions only fill the log unneccessarily we skip the add_log() entry with a little hack. :/
294 $GLOBALS['skip_add_log'] = true;
295
296 // Add user to "newly registered users" group and set to default group if admin specified so.
297 if ($config['new_member_group_default'])
298 {
299 group_user_add($add_group_id, $user_id, false, false, true);
300 }
301 else
302 {
303 group_user_add($add_group_id, $user_id);
304 }
305
306 unset($GLOBALS['skip_add_log']);
307 }
308 }
309
310 // set the newest user and adjust the user count if the user is a normal user and no activation mail is sent
311 if ($user_row['user_type'] == USER_NORMAL || $user_row['user_type'] == USER_FOUNDER)
312 {
313 set_config('newest_user_id', $user_id, true);
314 set_config('newest_username', $user_row['username'], true);
315 set_config_count('num_users', 1, true);
316
317 $sql = 'SELECT group_colour
318 FROM ' . GROUPS_TABLE . '
319 WHERE group_id = ' . (int) $user_row['group_id'];
320 $result = $db->sql_query_limit($sql, 1);
321 $row = $db->sql_fetchrow($result);
322 $db->sql_freeresult($result);
323
324 set_config('newest_user_colour', $row['group_colour'], true);
325 }
326
327 return $user_id;
328}
329
330/**
331* Remove User
332*/
333function user_delete($mode, $user_id, $post_username = false)
334{
335 global $cache, $config, $db, $user, $auth;
336 global $phpbb_root_path, $phpEx;
337
338 $sql = 'SELECT *
339 FROM ' . USERS_TABLE . '
340 WHERE user_id = ' . $user_id;
341 $result = $db->sql_query($sql);
342 $user_row = $db->sql_fetchrow($result);
343 $db->sql_freeresult($result);
344
345 if (!$user_row)
346 {
347 return false;
348 }
349
350 // Before we begin, we will remove the reports the user issued.
351 $sql = 'SELECT r.post_id, p.topic_id
352 FROM ' . REPORTS_TABLE . ' r, ' . POSTS_TABLE . ' p
353 WHERE r.user_id = ' . $user_id . '
354 AND p.post_id = r.post_id';
355 $result = $db->sql_query($sql);
356
357 $report_posts = $report_topics = array();
358 while ($row = $db->sql_fetchrow($result))
359 {
360 $report_posts[] = $row['post_id'];
361 $report_topics[] = $row['topic_id'];
362 }
363 $db->sql_freeresult($result);
364
365 if (sizeof($report_posts))
366 {
367 $report_posts = array_unique($report_posts);
368 $report_topics = array_unique($report_topics);
369
370 // Get a list of topics that still contain reported posts
371 $sql = 'SELECT DISTINCT topic_id
372 FROM ' . POSTS_TABLE . '
373 WHERE ' . $db->sql_in_set('topic_id', $report_topics) . '
374 AND post_reported = 1
375 AND ' . $db->sql_in_set('post_id', $report_posts, true);
376 $result = $db->sql_query($sql);
377
378 $keep_report_topics = array();
379 while ($row = $db->sql_fetchrow($result))
380 {
381 $keep_report_topics[] = $row['topic_id'];
382 }
383 $db->sql_freeresult($result);
384
385 if (sizeof($keep_report_topics))
386 {
387 $report_topics = array_diff($report_topics, $keep_report_topics);
388 }
389 unset($keep_report_topics);
390
391 // Now set the flags back
392 $sql = 'UPDATE ' . POSTS_TABLE . '
393 SET post_reported = 0
394 WHERE ' . $db->sql_in_set('post_id', $report_posts);
395 $db->sql_query($sql);
396
397 if (sizeof($report_topics))
398 {
399 $sql = 'UPDATE ' . TOPICS_TABLE . '
400 SET topic_reported = 0
401 WHERE ' . $db->sql_in_set('topic_id', $report_topics);
402 $db->sql_query($sql);
403 }
404 }
405
406 // Remove reports
407 $db->sql_query('DELETE FROM ' . REPORTS_TABLE . ' WHERE user_id = ' . $user_id);
408
409 if ($user_row['user_avatar'] && $user_row['user_avatar_type'] == AVATAR_UPLOAD)
410 {
411 avatar_delete('user', $user_row);
412 }
413
414 switch ($mode)
415 {
416 case 'retain':
417
418 $db->sql_transaction('begin');
419
420 if ($post_username === false)
421 {
422 $post_username = $user->lang['GUEST'];
423 }
424
425 // If the user is inactive and newly registered we assume no posts from this user being there...
426 if ($user_row['user_type'] == USER_INACTIVE && $user_row['user_inactive_reason'] == INACTIVE_REGISTER && !$user_row['user_posts'])
427 {
428 }
429 else
430 {
431 $sql = 'UPDATE ' . FORUMS_TABLE . '
432 SET forum_last_poster_id = ' . ANONYMOUS . ", forum_last_poster_name = '" . $db->sql_escape($post_username) . "', forum_last_poster_colour = ''
433 WHERE forum_last_poster_id = $user_id";
434 $db->sql_query($sql);
435
436 $sql = 'UPDATE ' . POSTS_TABLE . '
437 SET poster_id = ' . ANONYMOUS . ", post_username = '" . $db->sql_escape($post_username) . "'
438 WHERE poster_id = $user_id";
439 $db->sql_query($sql);
440
441 $sql = 'UPDATE ' . POSTS_TABLE . '
442 SET post_edit_user = ' . ANONYMOUS . "
443 WHERE post_edit_user = $user_id";
444 $db->sql_query($sql);
445
446 $sql = 'UPDATE ' . TOPICS_TABLE . '
447 SET topic_poster = ' . ANONYMOUS . ", topic_first_poster_name = '" . $db->sql_escape($post_username) . "', topic_first_poster_colour = ''
448 WHERE topic_poster = $user_id";
449 $db->sql_query($sql);
450
451 $sql = 'UPDATE ' . TOPICS_TABLE . '
452 SET topic_last_poster_id = ' . ANONYMOUS . ", topic_last_poster_name = '" . $db->sql_escape($post_username) . "', topic_last_poster_colour = ''
453 WHERE topic_last_poster_id = $user_id";
454 $db->sql_query($sql);
455
456 $sql = 'UPDATE ' . ATTACHMENTS_TABLE . '
457 SET poster_id = ' . ANONYMOUS . "
458 WHERE poster_id = $user_id";
459 $db->sql_query($sql);
460
461 // Since we change every post by this author, we need to count this amount towards the anonymous user
462
463 // Update the post count for the anonymous user
464 if ($user_row['user_posts'])
465 {
466 $sql = 'UPDATE ' . USERS_TABLE . '
467 SET user_posts = user_posts + ' . $user_row['user_posts'] . '
468 WHERE user_id = ' . ANONYMOUS;
469 $db->sql_query($sql);
470 }
471 }
472
473 $db->sql_transaction('commit');
474
475 break;
476
477 case 'remove':
478
479 if (!function_exists('delete_posts'))
480 {
481 include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
482 }
483
484 $sql = 'SELECT topic_id, COUNT(post_id) AS total_posts
485 FROM ' . POSTS_TABLE . "
486 WHERE poster_id = $user_id
487 GROUP BY topic_id";
488 $result = $db->sql_query($sql);
489
490 $topic_id_ary = array();
491 while ($row = $db->sql_fetchrow($result))
492 {
493 $topic_id_ary[$row['topic_id']] = $row['total_posts'];
494 }
495 $db->sql_freeresult($result);
496
497 if (sizeof($topic_id_ary))
498 {
499 $sql = 'SELECT topic_id, topic_replies, topic_replies_real
500 FROM ' . TOPICS_TABLE . '
501 WHERE ' . $db->sql_in_set('topic_id', array_keys($topic_id_ary));
502 $result = $db->sql_query($sql);
503
504 $del_topic_ary = array();
505 while ($row = $db->sql_fetchrow($result))
506 {
507 if (max($row['topic_replies'], $row['topic_replies_real']) + 1 == $topic_id_ary[$row['topic_id']])
508 {
509 $del_topic_ary[] = $row['topic_id'];
510 }
511 }
512 $db->sql_freeresult($result);
513
514 if (sizeof($del_topic_ary))
515 {
516 $sql = 'DELETE FROM ' . TOPICS_TABLE . '
517 WHERE ' . $db->sql_in_set('topic_id', $del_topic_ary);
518 $db->sql_query($sql);
519 }
520 }
521
522 // Delete posts, attachments, etc.
523 delete_posts('poster_id', $user_id);
524
525 break;
526 }
527
528 $db->sql_transaction('begin');
529
530 $table_ary = array(USERS_TABLE, USER_GROUP_TABLE, TOPICS_WATCH_TABLE, FORUMS_WATCH_TABLE, ACL_USERS_TABLE, TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, FORUMS_TRACK_TABLE, PROFILE_FIELDS_DATA_TABLE, MODERATOR_CACHE_TABLE, DRAFTS_TABLE, BOOKMARKS_TABLE, SESSIONS_KEYS_TABLE);
531
532 foreach ($table_ary as $table)
533 {
534 $sql = "DELETE FROM $table
535 WHERE user_id = $user_id";
536 $db->sql_query($sql);
537 }
538
539 $cache->destroy('sql', MODERATOR_CACHE_TABLE);
540
541 // Delete user log entries about this user
542 $sql = 'DELETE FROM ' . LOG_TABLE . '
543 WHERE reportee_id = ' . $user_id;
544 $db->sql_query($sql);
545
546 // Change user_id to anonymous for this users triggered events
547 $sql = 'UPDATE ' . LOG_TABLE . '
548 SET user_id = ' . ANONYMOUS . '
549 WHERE user_id = ' . $user_id;
550 $db->sql_query($sql);
551
552 // Delete the user_id from the zebra table
553 $sql = 'DELETE FROM ' . ZEBRA_TABLE . '
554 WHERE user_id = ' . $user_id . '
555 OR zebra_id = ' . $user_id;
556 $db->sql_query($sql);
557
558 // Delete the user_id from the banlist
559 $sql = 'DELETE FROM ' . BANLIST_TABLE . '
560 WHERE ban_userid = ' . $user_id;
561 $db->sql_query($sql);
562
563 // Delete the user_id from the session table
564 $sql = 'DELETE FROM ' . SESSIONS_TABLE . '
565 WHERE session_user_id = ' . $user_id;
566 $db->sql_query($sql);
567
568 // Remove any undelivered mails...
569 $sql = 'SELECT msg_id, user_id
570 FROM ' . PRIVMSGS_TO_TABLE . '
571 WHERE author_id = ' . $user_id . '
572 AND folder_id = ' . PRIVMSGS_NO_BOX;
573 $result = $db->sql_query($sql);
574
575 $undelivered_msg = $undelivered_user = array();
576 while ($row = $db->sql_fetchrow($result))
577 {
578 $undelivered_msg[] = $row['msg_id'];
579 $undelivered_user[$row['user_id']][] = true;
580 }
581 $db->sql_freeresult($result);
582
583 if (sizeof($undelivered_msg))
584 {
585 $sql = 'DELETE FROM ' . PRIVMSGS_TABLE . '
586 WHERE ' . $db->sql_in_set('msg_id', $undelivered_msg);
587 $db->sql_query($sql);
588 }
589
590 $sql = 'DELETE FROM ' . PRIVMSGS_TO_TABLE . '
591 WHERE author_id = ' . $user_id . '
592 AND folder_id = ' . PRIVMSGS_NO_BOX;
593 $db->sql_query($sql);
594
595 // Delete all to-information
596 $sql = 'DELETE FROM ' . PRIVMSGS_TO_TABLE . '
597 WHERE user_id = ' . $user_id;
598 $db->sql_query($sql);
599
600 // Set the remaining author id to anonymous - this way users are still able to read messages from users being removed
601 $sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . '
602 SET author_id = ' . ANONYMOUS . '
603 WHERE author_id = ' . $user_id;
604 $db->sql_query($sql);
605
606 $sql = 'UPDATE ' . PRIVMSGS_TABLE . '
607 SET author_id = ' . ANONYMOUS . '
608 WHERE author_id = ' . $user_id;
609 $db->sql_query($sql);
610
611 foreach ($undelivered_user as $_user_id => $ary)
612 {
613 if ($_user_id == $user_id)
614 {
615 continue;
616 }
617
618 $sql = 'UPDATE ' . USERS_TABLE . '
619 SET user_new_privmsg = user_new_privmsg - ' . sizeof($ary) . ',
620 user_unread_privmsg = user_unread_privmsg - ' . sizeof($ary) . '
621 WHERE user_id = ' . $_user_id;
622 $db->sql_query($sql);
623 }
624
625 $db->sql_transaction('commit');
626
627 // Reset newest user info if appropriate
628 if ($config['newest_user_id'] == $user_id)
629 {
630 update_last_username();
631 }
632
633 // Decrement number of users if this user is active
634 if ($user_row['user_type'] != USER_INACTIVE && $user_row['user_type'] != USER_IGNORE)
635 {
636 set_config_count('num_users', -1, true);
637 }
638
639 return false;
640}
641
642/**
643* Flips user_type from active to inactive and vice versa, handles group membership updates
644*
645* @param string $mode can be flip for flipping from active/inactive, activate or deactivate
646*/
647function user_active_flip($mode, $user_id_ary, $reason = INACTIVE_MANUAL)
648{
649 global $config, $db, $user, $auth;
650
651 $deactivated = $activated = 0;
652 $sql_statements = array();
653
654 if (!is_array($user_id_ary))
655 {
656 $user_id_ary = array($user_id_ary);
657 }
658
659 if (!sizeof($user_id_ary))
660 {
661 return;
662 }
663
664 $sql = 'SELECT user_id, group_id, user_type, user_inactive_reason
665 FROM ' . USERS_TABLE . '
666 WHERE ' . $db->sql_in_set('user_id', $user_id_ary);
667 $result = $db->sql_query($sql);
668
669 while ($row = $db->sql_fetchrow($result))
670 {
671 $sql_ary = array();
672
673 if ($row['user_type'] == USER_IGNORE || $row['user_type'] == USER_FOUNDER ||
674 ($mode == 'activate' && $row['user_type'] != USER_INACTIVE) ||
675 ($mode == 'deactivate' && $row['user_type'] == USER_INACTIVE))
676 {
677 continue;
678 }
679
680 if ($row['user_type'] == USER_INACTIVE)
681 {
682 $activated++;
683 }
684 else
685 {
686 $deactivated++;
687
688 // Remove the users session key...
689 $user->reset_login_keys($row['user_id']);
690 }
691
692 $sql_ary += array(
693 'user_type' => ($row['user_type'] == USER_NORMAL) ? USER_INACTIVE : USER_NORMAL,
694 'user_inactive_time' => ($row['user_type'] == USER_NORMAL) ? time() : 0,
695 'user_inactive_reason' => ($row['user_type'] == USER_NORMAL) ? $reason : 0,
696 );
697
698 $sql_statements[$row['user_id']] = $sql_ary;
699 }
700 $db->sql_freeresult($result);
701
702 if (sizeof($sql_statements))
703 {
704 foreach ($sql_statements as $user_id => $sql_ary)
705 {
706 $sql = 'UPDATE ' . USERS_TABLE . '
707 SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
708 WHERE user_id = ' . $user_id;
709 $db->sql_query($sql);
710 }
711
712 $auth->acl_clear_prefetch(array_keys($sql_statements));
713 }
714
715 if ($deactivated)
716 {
717 set_config_count('num_users', $deactivated * (-1), true);
718 }
719
720 if ($activated)
721 {
722 set_config_count('num_users', $activated, true);
723 }
724
725 // Update latest username
726 update_last_username();
727}
728
729/**
730* Add a ban or ban exclusion to the banlist. Bans either a user, an IP or an email address
731*
732* @param string $mode Type of ban. One of the following: user, ip, email
733* @param mixed $ban Banned entity. Either string or array with usernames, ips or email addresses
734* @param int $ban_len Ban length in minutes
735* @param string $ban_len_other Ban length as a date (YYYY-MM-DD)
736* @param boolean $ban_exclude Exclude these entities from banning?
737* @param string $ban_reason String describing the reason for this ban
738* @return boolean
739*/
740function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reason, $ban_give_reason = '')
741{
742 global $db, $user, $auth, $cache;
743
744 // Delete stale bans
745 $sql = 'DELETE FROM ' . BANLIST_TABLE . '
746 WHERE ban_end < ' . time() . '
747 AND ban_end <> 0';
748 $db->sql_query($sql);
749
750 $ban_list = (!is_array($ban)) ? array_unique(explode("\n", $ban)) : $ban;
751 $ban_list_log = implode(', ', $ban_list);
752
753 $current_time = time();
754
755 // Set $ban_end to the unix time when the ban should end. 0 is a permanent ban.
756 if ($ban_len)
757 {
758 if ($ban_len != -1 || !$ban_len_other)
759 {
760 $ban_end = max($current_time, $current_time + ($ban_len) * 60);
761 }
762 else
763 {
764 $ban_other = explode('-', $ban_len_other);
765 if (sizeof($ban_other) == 3 && ((int)$ban_other[0] < 9999) &&
766 (strlen($ban_other[0]) == 4) && (strlen($ban_other[1]) == 2) && (strlen($ban_other[2]) == 2))
767 {
768 $ban_end = max($current_time, gmmktime(0, 0, 0, (int)$ban_other[1], (int)$ban_other[2], (int)$ban_other[0]));
769 }
770 else
771 {
772 trigger_error('LENGTH_BAN_INVALID');
773 }
774 }
775 }
776 else
777 {
778 $ban_end = 0;
779 }
780
781 $founder = $founder_names = array();
782
783 if (!$ban_exclude)
784 {
785 // Create a list of founder...
786 $sql = 'SELECT user_id, user_email, username_clean
787 FROM ' . USERS_TABLE . '
788 WHERE user_type = ' . USER_FOUNDER;
789 $result = $db->sql_query($sql);
790
791 while ($row = $db->sql_fetchrow($result))
792 {
793 $founder[$row['user_id']] = $row['user_email'];
794 $founder_names[$row['user_id']] = $row['username_clean'];
795 }
796 $db->sql_freeresult($result);
797 }
798
799 $banlist_ary = array();
800
801 switch ($mode)
802 {
803 case 'user':
804 $type = 'ban_userid';
805
806 // At the moment we do not support wildcard username banning
807
808 // Select the relevant user_ids.
809 $sql_usernames = array();
810
811 foreach ($ban_list as $username)
812 {
813 $username = trim($username);
814 if ($username != '')
815 {
816 $clean_name = utf8_clean_string($username);
817 if ($clean_name == $user->data['username_clean'])
818 {
819 trigger_error('CANNOT_BAN_YOURSELF', E_USER_WARNING);
820 }
821 if (in_array($clean_name, $founder_names))
822 {
823 trigger_error('CANNOT_BAN_FOUNDER', E_USER_WARNING);
824 }
825 $sql_usernames[] = $clean_name;
826 }
827 }
828
829 // Make sure we have been given someone to ban
830 if (!sizeof($sql_usernames))
831 {
832 trigger_error('NO_USER_SPECIFIED');
833 }
834
835 $sql = 'SELECT user_id
836 FROM ' . USERS_TABLE . '
837 WHERE ' . $db->sql_in_set('username_clean', $sql_usernames);
838
839 // Do not allow banning yourself
840 if (sizeof($founder))
841 {
842 $sql .= ' AND ' . $db->sql_in_set('user_id', array_merge(array_keys($founder), array($user->data['user_id'])), true);
843 }
844 else
845 {
846 $sql .= ' AND user_id <> ' . $user->data['user_id'];
847 }
848
849 $result = $db->sql_query($sql);
850
851 if ($row = $db->sql_fetchrow($result))
852 {
853 do
854 {
855 $banlist_ary[] = (int) $row['user_id'];
856 }
857 while ($row = $db->sql_fetchrow($result));
858 }
859 else
860 {
861 $db->sql_freeresult($result);
862 trigger_error('NO_USERS');
863 }
864 $db->sql_freeresult($result);
865 break;
866
867 case 'ip':
868 $type = 'ban_ip';
869
870 foreach ($ban_list as $ban_item)
871 {
872 if (preg_match('#^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})[ ]*\-[ ]*([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$#', trim($ban_item), $ip_range_explode))
873 {
874 // This is an IP range
875 // Don't ask about all this, just don't ask ... !
876 $ip_1_counter = $ip_range_explode[1];
877 $ip_1_end = $ip_range_explode[5];
878
879 while ($ip_1_counter <= $ip_1_end)
880 {
881 $ip_2_counter = ($ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[2] : 0;
882 $ip_2_end = ($ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[6];
883
884 if ($ip_2_counter == 0 && $ip_2_end == 254)
885 {
886 $ip_2_counter = 256;
887 $ip_2_fragment = 256;
888
889 $banlist_ary[] = "$ip_1_counter.*";
890 }
891
892 while ($ip_2_counter <= $ip_2_end)
893 {
894 $ip_3_counter = ($ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[3] : 0;
895 $ip_3_end = ($ip_2_counter < $ip_2_end || $ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[7];
896
897 if ($ip_3_counter == 0 && $ip_3_end == 254)
898 {
899 $ip_3_counter = 256;
900 $ip_3_fragment = 256;
901
902 $banlist_ary[] = "$ip_1_counter.$ip_2_counter.*";
903 }
904
905 while ($ip_3_counter <= $ip_3_end)
906 {
907 $ip_4_counter = ($ip_3_counter == $ip_range_explode[3] && $ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[4] : 0;
908 $ip_4_end = ($ip_3_counter < $ip_3_end || $ip_2_counter < $ip_2_end) ? 254 : $ip_range_explode[8];
909
910 if ($ip_4_counter == 0 && $ip_4_end == 254)
911 {
912 $ip_4_counter = 256;
913 $ip_4_fragment = 256;
914
915 $banlist_ary[] = "$ip_1_counter.$ip_2_counter.$ip_3_counter.*";
916 }
917
918 while ($ip_4_counter <= $ip_4_end)
919 {
920 $banlist_ary[] = "$ip_1_counter.$ip_2_counter.$ip_3_counter.$ip_4_counter";
921 $ip_4_counter++;
922 }
923 $ip_3_counter++;
924 }
925 $ip_2_counter++;
926 }
927 $ip_1_counter++;
928 }
929 }
930 else if (preg_match('#^([0-9]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})$#', trim($ban_item)) || preg_match('#^[a-f0-9:]+\*?$#i', trim($ban_item)))
931 {
932 // Normal IP address
933 $banlist_ary[] = trim($ban_item);
934 }
935 else if (preg_match('#^\*$#', trim($ban_item)))
936 {
937 // Ban all IPs
938 $banlist_ary[] = '*';
939 }
940 else if (preg_match('#^([\w\-_]\.?){2,}$#is', trim($ban_item)))
941 {
942 // hostname
943 $ip_ary = gethostbynamel(trim($ban_item));
944
945 if (!empty($ip_ary))
946 {
947 foreach ($ip_ary as $ip)
948 {
949 if ($ip)
950 {
951 if (strlen($ip) > 40)
952 {
953 continue;
954 }
955
956 $banlist_ary[] = $ip;
957 }
958 }
959 }
960 }
961
962 if (empty($banlist_ary))
963 {
964 trigger_error('NO_IPS_DEFINED');
965 }
966 }
967 break;
968
969 case 'email':
970 $type = 'ban_email';
971
972 foreach ($ban_list as $ban_item)
973 {
974 $ban_item = trim($ban_item);
975
976 if (preg_match('#^.*?@*|(([a-z0-9\-]+\.)+([a-z]{2,3}))$#i', $ban_item))
977 {
978 if (strlen($ban_item) > 100)
979 {
980 continue;
981 }
982
983 if (!sizeof($founder) || !in_array($ban_item, $founder))
984 {
985 $banlist_ary[] = $ban_item;
986 }
987 }
988 }
989
990 if (sizeof($ban_list) == 0)
991 {
992 trigger_error('NO_EMAILS_DEFINED');
993 }
994 break;
995
996 default:
997 trigger_error('NO_MODE');
998 break;
999 }
1000
1001 // Fetch currently set bans of the specified type and exclude state. Prevent duplicate bans.
1002 $sql_where = ($type == 'ban_userid') ? 'ban_userid <> 0' : "$type <> ''";
1003
1004 $sql = "SELECT $type
1005 FROM " . BANLIST_TABLE . "
1006 WHERE $sql_where
1007 AND ban_exclude = " . (int) $ban_exclude;
1008 $result = $db->sql_query($sql);
1009
1010 // Reset $sql_where, because we use it later...
1011 $sql_where = '';
1012
1013 if ($row = $db->sql_fetchrow($result))
1014 {
1015 $banlist_ary_tmp = array();
1016 do
1017 {
1018 switch ($mode)
1019 {
1020 case 'user':
1021 $banlist_ary_tmp[] = $row['ban_userid'];
1022 break;
1023
1024 case 'ip':
1025 $banlist_ary_tmp[] = $row['ban_ip'];
1026 break;
1027
1028 case 'email':
1029 $banlist_ary_tmp[] = $row['ban_email'];
1030 break;
1031 }
1032 }
1033 while ($row = $db->sql_fetchrow($result));
1034
1035 $banlist_ary_tmp = array_intersect($banlist_ary, $banlist_ary_tmp);
1036
1037 if (sizeof($banlist_ary_tmp))
1038 {
1039 // One or more entities are already banned/excluded, delete the existing bans, so they can be re-inserted with the given new length
1040 $sql = 'DELETE FROM ' . BANLIST_TABLE . '
1041 WHERE ' . $db->sql_in_set($type, $banlist_ary_tmp) . '
1042 AND ban_exclude = ' . (int) $ban_exclude;
1043 $db->sql_query($sql);
1044 }
1045
1046 unset($banlist_ary_tmp);
1047 }
1048 $db->sql_freeresult($result);
1049
1050 // We have some entities to ban
1051 if (sizeof($banlist_ary))
1052 {
1053 $sql_ary = array();
1054
1055 foreach ($banlist_ary as $ban_entry)
1056 {
1057 $sql_ary[] = array(
1058 $type => $ban_entry,
1059 'ban_start' => (int) $current_time,
1060 'ban_end' => (int) $ban_end,
1061 'ban_exclude' => (int) $ban_exclude,
1062 'ban_reason' => (string) $ban_reason,
1063 'ban_give_reason' => (string) $ban_give_reason,
1064 );
1065 }
1066
1067 $db->sql_multi_insert(BANLIST_TABLE, $sql_ary);
1068
1069 // If we are banning we want to logout anyone matching the ban
1070 if (!$ban_exclude)
1071 {
1072 switch ($mode)
1073 {
1074 case 'user':
1075 $sql_where = 'WHERE ' . $db->sql_in_set('session_user_id', $banlist_ary);
1076 break;
1077
1078 case 'ip':
1079 $sql_where = 'WHERE ' . $db->sql_in_set('session_ip', $banlist_ary);
1080 break;
1081
1082 case 'email':
1083 $banlist_ary_sql = array();
1084
1085 foreach ($banlist_ary as $ban_entry)
1086 {
1087 $banlist_ary_sql[] = (string) str_replace('*', '%', $ban_entry);
1088 }
1089
1090 $sql = 'SELECT user_id
1091 FROM ' . USERS_TABLE . '
1092 WHERE ' . $db->sql_in_set('user_email', $banlist_ary_sql);
1093 $result = $db->sql_query($sql);
1094
1095 $sql_in = array();
1096
1097 if ($row = $db->sql_fetchrow($result))
1098 {
1099 do
1100 {
1101 $sql_in[] = $row['user_id'];
1102 }
1103 while ($row = $db->sql_fetchrow($result));
1104
1105 $sql_where = 'WHERE ' . $db->sql_in_set('session_user_id', $sql_in);
1106 }
1107 $db->sql_freeresult($result);
1108 break;
1109 }
1110
1111 if (isset($sql_where) && $sql_where)
1112 {
1113 $sql = 'DELETE FROM ' . SESSIONS_TABLE . "
1114 $sql_where";
1115 $db->sql_query($sql);
1116
1117 if ($mode == 'user')
1118 {
1119 $sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' ' . ((in_array('*', $banlist_ary)) ? '' : 'WHERE ' . $db->sql_in_set('user_id', $banlist_ary));
1120 $db->sql_query($sql);
1121 }
1122 }
1123 }
1124
1125 // Update log
1126 $log_entry = ($ban_exclude) ? 'LOG_BAN_EXCLUDE_' : 'LOG_BAN_';
1127
1128 // Add to moderator log, admin log and user notes
1129 add_log('admin', $log_entry . strtoupper($mode), $ban_reason, $ban_list_log);
1130 add_log('mod', 0, 0, $log_entry . strtoupper($mode), $ban_reason, $ban_list_log);
1131 if ($mode == 'user')
1132 {
1133 foreach ($banlist_ary as $user_id)
1134 {
1135 add_log('user', $user_id, $log_entry . strtoupper($mode), $ban_reason, $ban_list_log);
1136 }
1137 }
1138
1139 $cache->destroy('sql', BANLIST_TABLE);
1140
1141 return true;
1142 }
1143
1144 // There was nothing to ban/exclude. But destroying the cache because of the removal of stale bans.
1145 $cache->destroy('sql', BANLIST_TABLE);
1146
1147 return false;
1148}
1149
1150/**
1151* Unban User
1152*/
1153function user_unban($mode, $ban)
1154{
1155 global $db, $user, $auth, $cache;
1156
1157 // Delete stale bans
1158 $sql = 'DELETE FROM ' . BANLIST_TABLE . '
1159 WHERE ban_end < ' . time() . '
1160 AND ban_end <> 0';
1161 $db->sql_query($sql);
1162
1163 if (!is_array($ban))
1164 {
1165 $ban = array($ban);
1166 }
1167
1168 $unban_sql = array_map('intval', $ban);
1169
1170 if (sizeof($unban_sql))
1171 {
1172 // Grab details of bans for logging information later
1173 switch ($mode)
1174 {
1175 case 'user':
1176 $sql = 'SELECT u.username AS unban_info, u.user_id
1177 FROM ' . USERS_TABLE . ' u, ' . BANLIST_TABLE . ' b
1178 WHERE ' . $db->sql_in_set('b.ban_id', $unban_sql) . '
1179 AND u.user_id = b.ban_userid';
1180 break;
1181
1182 case 'email':
1183 $sql = 'SELECT ban_email AS unban_info
1184 FROM ' . BANLIST_TABLE . '
1185 WHERE ' . $db->sql_in_set('ban_id', $unban_sql);
1186 break;
1187
1188 case 'ip':
1189 $sql = 'SELECT ban_ip AS unban_info
1190 FROM ' . BANLIST_TABLE . '
1191 WHERE ' . $db->sql_in_set('ban_id', $unban_sql);
1192 break;
1193 }
1194 $result = $db->sql_query($sql);
1195
1196 $l_unban_list = '';
1197 $user_ids_ary = array();
1198 while ($row = $db->sql_fetchrow($result))
1199 {
1200 $l_unban_list .= (($l_unban_list != '') ? ', ' : '') . $row['unban_info'];
1201 if ($mode == 'user')
1202 {
1203 $user_ids_ary[] = $row['user_id'];
1204 }
1205 }
1206 $db->sql_freeresult($result);
1207
1208 $sql = 'DELETE FROM ' . BANLIST_TABLE . '
1209 WHERE ' . $db->sql_in_set('ban_id', $unban_sql);
1210 $db->sql_query($sql);
1211
1212 // Add to moderator log, admin log and user notes
1213 add_log('admin', 'LOG_UNBAN_' . strtoupper($mode), $l_unban_list);
1214 add_log('mod', 0, 0, 'LOG_UNBAN_' . strtoupper($mode), $l_unban_list);
1215 if ($mode == 'user')
1216 {
1217 foreach ($user_ids_ary as $user_id)
1218 {
1219 add_log('user', $user_id, 'LOG_UNBAN_' . strtoupper($mode), $l_unban_list);
1220 }
1221 }
1222 }
1223
1224 $cache->destroy('sql', BANLIST_TABLE);
1225
1226 return false;
1227}
1228
1229/**
1230* Whois facility
1231*
1232* @link http://tools.ietf.org/html/rfc3912 RFC3912: WHOIS Protocol Specification
1233*/
1234function user_ipwhois($ip)
1235{
1236 $ipwhois = '';
1237
1238 // Check IP
1239 // Only supporting IPv4 at the moment...
1240 if (empty($ip) || !preg_match(get_preg_expression('ipv4'), $ip))
1241 {
1242 return '';
1243 }
1244
1245 if (($fsk = @fsockopen('whois.arin.net', 43)))
1246 {
1247 // CRLF as per RFC3912
1248 fputs($fsk, "$ip\r\n");
1249 while (!feof($fsk))
1250 {
1251 $ipwhois .= fgets($fsk, 1024);
1252 }
1253 @fclose($fsk);
1254 }
1255
1256 $match = array();
1257
1258 // Test for referrals from ARIN to other whois databases, roll on rwhois
1259 if (preg_match('#ReferralServer: whois://(.+)#im', $ipwhois, $match))
1260 {
1261 if (strpos($match[1], ':') !== false)
1262 {
1263 $pos = strrpos($match[1], ':');
1264 $server = substr($match[1], 0, $pos);
1265 $port = (int) substr($match[1], $pos + 1);
1266 unset($pos);
1267 }
1268 else
1269 {
1270 $server = $match[1];
1271 $port = 43;
1272 }
1273
1274 $buffer = '';
1275
1276 if (($fsk = @fsockopen($server, $port)))
1277 {
1278 fputs($fsk, "$ip\r\n");
1279 while (!feof($fsk))
1280 {
1281 $buffer .= fgets($fsk, 1024);
1282 }
1283 @fclose($fsk);
1284 }
1285
1286 // Use the result from ARIN if we don't get any result here
1287 $ipwhois = (empty($buffer)) ? $ipwhois : $buffer;
1288 }
1289
1290 $ipwhois = htmlspecialchars($ipwhois);
1291
1292 // Magic URL ;)
1293 return trim(make_clickable($ipwhois, false, ''));
1294}
1295
1296/**
1297* Data validation ... used primarily but not exclusively by ucp modules
1298*
1299* "Master" function for validating a range of data types
1300*/
1301function validate_data($data, $val_ary)
1302{
1303 global $user;
1304
1305 $error = array();
1306
1307 foreach ($val_ary as $var => $val_seq)
1308 {
1309 if (!is_array($val_seq[0]))
1310 {
1311 $val_seq = array($val_seq);
1312 }
1313
1314 foreach ($val_seq as $validate)
1315 {
1316 $function = array_shift($validate);
1317 array_unshift($validate, $data[$var]);
1318
1319 if ($result = call_user_func_array('validate_' . $function, $validate))
1320 {
1321 // Since errors are checked later for their language file existence, we need to make sure custom errors are not adjusted.
1322 $error[] = (empty($user->lang[$result . '_' . strtoupper($var)])) ? $result : $result . '_' . strtoupper($var);
1323 }
1324 }
1325 }
1326
1327 return $error;
1328}
1329
1330/**
1331* Validate String
1332*
1333* @return boolean|string Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
1334*/
1335function validate_string($string, $optional = false, $min = 0, $max = 0)
1336{
1337 if (empty($string) && $optional)
1338 {
1339 return false;
1340 }
1341
1342 if ($min && utf8_strlen(htmlspecialchars_decode($string)) < $min)
1343 {
1344 return 'TOO_SHORT';
1345 }
1346 else if ($max && utf8_strlen(htmlspecialchars_decode($string)) > $max)
1347 {
1348 return 'TOO_LONG';
1349 }
1350
1351 return false;
1352}
1353
1354/**
1355* Validate Number
1356*
1357* @return boolean|string Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
1358*/
1359function validate_num($num, $optional = false, $min = 0, $max = 1E99)
1360{
1361 if (empty($num) && $optional)
1362 {
1363 return false;
1364 }
1365
1366 if ($num < $min)
1367 {
1368 return 'TOO_SMALL';
1369 }
1370 else if ($num > $max)
1371 {
1372 return 'TOO_LARGE';
1373 }
1374
1375 return false;
1376}
1377
1378/**
1379* Validate Date
1380* @param String $string a date in the dd-mm-yyyy format
1381* @return boolean
1382*/
1383function validate_date($date_string, $optional = false)
1384{
1385 $date = explode('-', $date_string);
1386 if ((empty($date) || sizeof($date) != 3) && $optional)
1387 {
1388 return false;
1389 }
1390 else if ($optional)
1391 {
1392 for ($field = 0; $field <= 1; $field++)
1393 {
1394 $date[$field] = (int) $date[$field];
1395 if (empty($date[$field]))
1396 {
1397 $date[$field] = 1;
1398 }
1399 }
1400 $date[2] = (int) $date[2];
1401 // assume an arbitrary leap year
1402 if (empty($date[2]))
1403 {
1404 $date[2] = 1980;
1405 }
1406 }
1407
1408 if (sizeof($date) != 3 || !checkdate($date[1], $date[0], $date[2]))
1409 {
1410 return 'INVALID';
1411 }
1412
1413 return false;
1414}
1415
1416
1417/**
1418* Validate Match
1419*
1420* @return boolean|string Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
1421*/
1422function validate_match($string, $optional = false, $match = '')
1423{
1424 if (empty($string) && $optional)
1425 {
1426 return false;
1427 }
1428
1429 if (empty($match))
1430 {
1431 return false;
1432 }
1433
1434 if (!preg_match($match, $string))
1435 {
1436 return 'WRONG_DATA';
1437 }
1438
1439 return false;
1440}
1441
1442/**
1443* Check to see if the username has been taken, or if it is disallowed.
1444* Also checks if it includes the " character, which we don't allow in usernames.
1445* Used for registering, changing names, and posting anonymously with a username
1446*
1447* @param string $username The username to check
1448* @param string $allowed_username An allowed username, default being $user->data['username']
1449*
1450* @return mixed Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
1451*/
1452function validate_username($username, $allowed_username = false)
1453{
1454 global $config, $db, $user, $cache;
1455
1456 $clean_username = utf8_clean_string($username);
1457 $allowed_username = ($allowed_username === false) ? $user->data['username_clean'] : utf8_clean_string($allowed_username);
1458
1459 if ($allowed_username == $clean_username)
1460 {
1461 return false;
1462 }
1463
1464 // ... fast checks first.
1465 if (strpos($username, '&quot;') !== false || strpos($username, '"') !== false || empty($clean_username))
1466 {
1467 return 'INVALID_CHARS';
1468 }
1469
1470 $mbstring = $pcre = false;
1471
1472 // generic UTF-8 character types supported?
1473 if ((version_compare(PHP_VERSION, '5.1.0', '>=') || (version_compare(PHP_VERSION, '5.0.0-dev', '<=') && version_compare(PHP_VERSION, '4.4.0', '>='))) && @preg_match('/\p{L}/u', 'a') !== false)
1474 {
1475 $pcre = true;
1476 }
1477 else if (function_exists('mb_ereg_match'))
1478 {
1479 mb_regex_encoding('UTF-8');
1480 $mbstring = true;
1481 }
1482
1483 switch ($config['allow_name_chars'])
1484 {
1485 case 'USERNAME_CHARS_ANY':
1486 $pcre = true;
1487 $regex = '.+';
1488 break;
1489
1490 case 'USERNAME_ALPHA_ONLY':
1491 $pcre = true;
1492 $regex = '[A-Za-z0-9]+';
1493 break;
1494
1495 case 'USERNAME_ALPHA_SPACERS':
1496 $pcre = true;
1497 $regex = '[A-Za-z0-9-[\]_+ ]+';
1498 break;
1499
1500 case 'USERNAME_LETTER_NUM':
1501 if ($pcre)
1502 {
1503 $regex = '[\p{Lu}\p{Ll}\p{N}]+';
1504 }
1505 else if ($mbstring)
1506 {
1507 $regex = '[[:upper:][:lower:][:digit:]]+';
1508 }
1509 else
1510 {
1511 $pcre = true;
1512 $regex = '[a-zA-Z0-9]+';
1513 }
1514 break;
1515
1516 case 'USERNAME_LETTER_NUM_SPACERS':
1517 if ($pcre)
1518 {
1519 $regex = '[-\]_+ [\p{Lu}\p{Ll}\p{N}]+';
1520 }
1521 else if ($mbstring)
1522 {
1523 $regex = '[-\]_+ \[[:upper:][:lower:][:digit:]]+';
1524 }
1525 else
1526 {
1527 $pcre = true;
1528 $regex = '[-\]_+ [a-zA-Z0-9]+';
1529 }
1530 break;
1531
1532 case 'USERNAME_ASCII':
1533 default:
1534 $pcre = true;
1535 $regex = '[\x01-\x7F]+';
1536 break;
1537 }
1538
1539 if ($pcre)
1540 {
1541 if (!preg_match('#^' . $regex . '$#u', $username))
1542 {
1543 return 'INVALID_CHARS';
1544 }
1545 }
1546 else if ($mbstring)
1547 {
1548 mb_ereg_search_init($username, '^' . $regex . '$');
1549 if (!mb_ereg_search())
1550 {
1551 return 'INVALID_CHARS';
1552 }
1553 }
1554
1555 $sql = 'SELECT username
1556 FROM ' . USERS_TABLE . "
1557 WHERE username_clean = '" . $db->sql_escape($clean_username) . "'";
1558 $result = $db->sql_query($sql);
1559 $row = $db->sql_fetchrow($result);
1560 $db->sql_freeresult($result);
1561
1562 if ($row)
1563 {
1564 return 'USERNAME_TAKEN';
1565 }
1566
1567 $sql = 'SELECT group_name
1568 FROM ' . GROUPS_TABLE . "
1569 WHERE LOWER(group_name) = '" . $db->sql_escape(utf8_strtolower($username)) . "'";
1570 $result = $db->sql_query($sql);
1571 $row = $db->sql_fetchrow($result);
1572 $db->sql_freeresult($result);
1573
1574 if ($row)
1575 {
1576 return 'USERNAME_TAKEN';
1577 }
1578
1579 $bad_usernames = $cache->obtain_disallowed_usernames();
1580
1581 foreach ($bad_usernames as $bad_username)
1582 {
1583 if (preg_match('#^' . $bad_username . '$#', $clean_username))
1584 {
1585 return 'USERNAME_DISALLOWED';
1586 }
1587 }
1588
1589 return false;
1590}
1591
1592/**
1593* Check to see if the password meets the complexity settings
1594*
1595* @return boolean|string Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
1596*/
1597function validate_password($password)
1598{
1599 global $config, $db, $user;
1600
1601 if (!$password)
1602 {
1603 return false;
1604 }
1605
1606 $pcre = $mbstring = false;
1607
1608 // generic UTF-8 character types supported?
1609 if ((version_compare(PHP_VERSION, '5.1.0', '>=') || (version_compare(PHP_VERSION, '5.0.0-dev', '<=') && version_compare(PHP_VERSION, '4.4.0', '>='))) && @preg_match('/\p{L}/u', 'a') !== false)
1610 {
1611 $upp = '\p{Lu}';
1612 $low = '\p{Ll}';
1613 $let = '\p{L}';
1614 $num = '\p{N}';
1615 $sym = '[^\p{Lu}\p{Ll}\p{N}]';
1616 $pcre = true;
1617 }
1618 else if (function_exists('mb_ereg_match'))
1619 {
1620 mb_regex_encoding('UTF-8');
1621 $upp = '[[:upper:]]';
1622 $low = '[[:lower:]]';
1623 $let = '[[:lower:][:upper:]]';
1624 $num = '[[:digit:]]';
1625 $sym = '[^[:upper:][:lower:][:digit:]]';
1626 $mbstring = true;
1627 }
1628 else
1629 {
1630 $upp = '[A-Z]';
1631 $low = '[a-z]';
1632 $let = '[a-zA-Z]';
1633 $num = '[0-9]';
1634 $sym = '[^A-Za-z0-9]';
1635 $pcre = true;
1636 }
1637
1638 $chars = array();
1639
1640 switch ($config['pass_complex'])
1641 {
1642 case 'PASS_TYPE_CASE':
1643 $chars[] = $low;
1644 $chars[] = $upp;
1645 break;
1646
1647 case 'PASS_TYPE_ALPHA':
1648 $chars[] = $let;
1649 $chars[] = $num;
1650 break;
1651
1652 case 'PASS_TYPE_SYMBOL':
1653 $chars[] = $low;
1654 $chars[] = $upp;
1655 $chars[] = $num;
1656 $chars[] = $sym;
1657 break;
1658 }
1659
1660 if ($pcre)
1661 {
1662 foreach ($chars as $char)
1663 {
1664 if (!preg_match('#' . $char . '#u', $password))
1665 {
1666 return 'INVALID_CHARS';
1667 }
1668 }
1669 }
1670 else if ($mbstring)
1671 {
1672 foreach ($chars as $char)
1673 {
1674 if (mb_ereg($char, $password) === false)
1675 {
1676 return 'INVALID_CHARS';
1677 }
1678 }
1679 }
1680
1681 return false;
1682}
1683
1684/**
1685* Check to see if email address is banned or already present in the DB
1686*
1687* @param string $email The email to check
1688* @param string $allowed_email An allowed email, default being $user->data['user_email']
1689*
1690* @return mixed Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
1691*/
1692function validate_email($email, $allowed_email = false)
1693{
1694 global $config, $db, $user;
1695
1696 $email = strtolower($email);
1697 $allowed_email = ($allowed_email === false) ? strtolower($user->data['user_email']) : strtolower($allowed_email);
1698
1699 if ($allowed_email == $email)
1700 {
1701 return false;
1702 }
1703
1704 if (!preg_match('/^' . get_preg_expression('email') . '$/i', $email))
1705 {
1706 return 'EMAIL_INVALID';
1707 }
1708
1709 // Check MX record.
1710 // The idea for this is from reading the UseBB blog/announcement. :)
1711 if ($config['email_check_mx'])
1712 {
1713 list(, $domain) = explode('@', $email);
1714
1715 if (phpbb_checkdnsrr($domain, 'A') === false && phpbb_checkdnsrr($domain, 'MX') === false)
1716 {
1717 return 'DOMAIN_NO_MX_RECORD';
1718 }
1719 }
1720
1721 if (($ban_reason = $user->check_ban(false, false, $email, true)) !== false)
1722 {
1723 return ($ban_reason === true) ? 'EMAIL_BANNED' : $ban_reason;
1724 }
1725
1726 if (!$config['allow_emailreuse'])
1727 {
1728 $sql = 'SELECT user_email_hash
1729 FROM ' . USERS_TABLE . "
1730 WHERE user_email_hash = " . $db->sql_escape(phpbb_email_hash($email));
1731 $result = $db->sql_query($sql);
1732 $row = $db->sql_fetchrow($result);
1733 $db->sql_freeresult($result);
1734
1735 if ($row)
1736 {
1737 return 'EMAIL_TAKEN';
1738 }
1739 }
1740
1741 return false;
1742}
1743
1744/**
1745* Validate jabber address
1746* Taken from the jabber class within flyspray (see author notes)
1747*
1748* @author flyspray.org
1749*/
1750function validate_jabber($jid)
1751{
1752 if (!$jid)
1753 {
1754 return false;
1755 }
1756
1757 $seperator_pos = strpos($jid, '@');
1758
1759 if ($seperator_pos === false)
1760 {
1761 return 'WRONG_DATA';
1762 }
1763
1764 $username = substr($jid, 0, $seperator_pos);
1765 $realm = substr($jid, $seperator_pos + 1);
1766
1767 if (strlen($username) == 0 || strlen($realm) < 3)
1768 {
1769 return 'WRONG_DATA';
1770 }
1771
1772 $arr = explode('.', $realm);
1773
1774 if (sizeof($arr) == 0)
1775 {
1776 return 'WRONG_DATA';
1777 }
1778
1779 foreach ($arr as $part)
1780 {
1781 if (substr($part, 0, 1) == '-' || substr($part, -1, 1) == '-')
1782 {
1783 return 'WRONG_DATA';
1784 }
1785
1786 if (!preg_match("@^[a-zA-Z0-9-.]+$@", $part))
1787 {
1788 return 'WRONG_DATA';
1789 }
1790 }
1791
1792 $boundary = array(array(0, 127), array(192, 223), array(224, 239), array(240, 247), array(248, 251), array(252, 253));
1793
1794 // Prohibited Characters RFC3454 + RFC3920
1795 $prohibited = array(
1796 // Table C.1.1
1797 array(0x0020, 0x0020), // SPACE
1798 // Table C.1.2
1799 array(0x00A0, 0x00A0), // NO-BREAK SPACE
1800 array(0x1680, 0x1680), // OGHAM SPACE MARK
1801 array(0x2000, 0x2001), // EN QUAD
1802 array(0x2001, 0x2001), // EM QUAD
1803 array(0x2002, 0x2002), // EN SPACE
1804 array(0x2003, 0x2003), // EM SPACE
1805 array(0x2004, 0x2004), // THREE-PER-EM SPACE
1806 array(0x2005, 0x2005), // FOUR-PER-EM SPACE
1807 array(0x2006, 0x2006), // SIX-PER-EM SPACE
1808 array(0x2007, 0x2007), // FIGURE SPACE
1809 array(0x2008, 0x2008), // PUNCTUATION SPACE
1810 array(0x2009, 0x2009), // THIN SPACE
1811 array(0x200A, 0x200A), // HAIR SPACE
1812 array(0x200B, 0x200B), // ZERO WIDTH SPACE
1813 array(0x202F, 0x202F), // NARROW NO-BREAK SPACE
1814 array(0x205F, 0x205F), // MEDIUM MATHEMATICAL SPACE
1815 array(0x3000, 0x3000), // IDEOGRAPHIC SPACE
1816 // Table C.2.1
1817 array(0x0000, 0x001F), // [CONTROL CHARACTERS]
1818 array(0x007F, 0x007F), // DELETE
1819 // Table C.2.2
1820 array(0x0080, 0x009F), // [CONTROL CHARACTERS]
1821 array(0x06DD, 0x06DD), // ARABIC END OF AYAH
1822 array(0x070F, 0x070F), // SYRIAC ABBREVIATION MARK
1823 array(0x180E, 0x180E), // MONGOLIAN VOWEL SEPARATOR
1824 array(0x200C, 0x200C), // ZERO WIDTH NON-JOINER
1825 array(0x200D, 0x200D), // ZERO WIDTH JOINER
1826 array(0x2028, 0x2028), // LINE SEPARATOR
1827 array(0x2029, 0x2029), // PARAGRAPH SEPARATOR
1828 array(0x2060, 0x2060), // WORD JOINER
1829 array(0x2061, 0x2061), // FUNCTION APPLICATION
1830 array(0x2062, 0x2062), // INVISIBLE TIMES
1831 array(0x2063, 0x2063), // INVISIBLE SEPARATOR
1832 array(0x206A, 0x206F), // [CONTROL CHARACTERS]
1833 array(0xFEFF, 0xFEFF), // ZERO WIDTH NO-BREAK SPACE
1834 array(0xFFF9, 0xFFFC), // [CONTROL CHARACTERS]
1835 array(0x1D173, 0x1D17A), // [MUSICAL CONTROL CHARACTERS]
1836 // Table C.3
1837 array(0xE000, 0xF8FF), // [PRIVATE USE, PLANE 0]
1838 array(0xF0000, 0xFFFFD), // [PRIVATE USE, PLANE 15]
1839 array(0x100000, 0x10FFFD), // [PRIVATE USE, PLANE 16]
1840 // Table C.4
1841 array(0xFDD0, 0xFDEF), // [NONCHARACTER CODE POINTS]
1842 array(0xFFFE, 0xFFFF), // [NONCHARACTER CODE POINTS]
1843 array(0x1FFFE, 0x1FFFF), // [NONCHARACTER CODE POINTS]
1844 array(0x2FFFE, 0x2FFFF), // [NONCHARACTER CODE POINTS]
1845 array(0x3FFFE, 0x3FFFF), // [NONCHARACTER CODE POINTS]
1846 array(0x4FFFE, 0x4FFFF), // [NONCHARACTER CODE POINTS]
1847 array(0x5FFFE, 0x5FFFF), // [NONCHARACTER CODE POINTS]
1848 array(0x6FFFE, 0x6FFFF), // [NONCHARACTER CODE POINTS]
1849 array(0x7FFFE, 0x7FFFF), // [NONCHARACTER CODE POINTS]
1850 array(0x8FFFE, 0x8FFFF), // [NONCHARACTER CODE POINTS]
1851 array(0x9FFFE, 0x9FFFF), // [NONCHARACTER CODE POINTS]
1852 array(0xAFFFE, 0xAFFFF), // [NONCHARACTER CODE POINTS]
1853 array(0xBFFFE, 0xBFFFF), // [NONCHARACTER CODE POINTS]
1854 array(0xCFFFE, 0xCFFFF), // [NONCHARACTER CODE POINTS]
1855 array(0xDFFFE, 0xDFFFF), // [NONCHARACTER CODE POINTS]
1856 array(0xEFFFE, 0xEFFFF), // [NONCHARACTER CODE POINTS]
1857 array(0xFFFFE, 0xFFFFF), // [NONCHARACTER CODE POINTS]
1858 array(0x10FFFE, 0x10FFFF), // [NONCHARACTER CODE POINTS]
1859 // Table C.5
1860 array(0xD800, 0xDFFF), // [SURROGATE CODES]
1861 // Table C.6
1862 array(0xFFF9, 0xFFF9), // INTERLINEAR ANNOTATION ANCHOR
1863 array(0xFFFA, 0xFFFA), // INTERLINEAR ANNOTATION SEPARATOR
1864 array(0xFFFB, 0xFFFB), // INTERLINEAR ANNOTATION TERMINATOR
1865 array(0xFFFC, 0xFFFC), // OBJECT REPLACEMENT CHARACTER
1866 array(0xFFFD, 0xFFFD), // REPLACEMENT CHARACTER
1867 // Table C.7
1868 array(0x2FF0, 0x2FFB), // [IDEOGRAPHIC DESCRIPTION CHARACTERS]
1869 // Table C.8
1870 array(0x0340, 0x0340), // COMBINING GRAVE TONE MARK
1871 array(0x0341, 0x0341), // COMBINING ACUTE TONE MARK
1872 array(0x200E, 0x200E), // LEFT-TO-RIGHT MARK
1873 array(0x200F, 0x200F), // RIGHT-TO-LEFT MARK
1874 array(0x202A, 0x202A), // LEFT-TO-RIGHT EMBEDDING
1875 array(0x202B, 0x202B), // RIGHT-TO-LEFT EMBEDDING
1876 array(0x202C, 0x202C), // POP DIRECTIONAL FORMATTING
1877 array(0x202D, 0x202D), // LEFT-TO-RIGHT OVERRIDE
1878 array(0x202E, 0x202E), // RIGHT-TO-LEFT OVERRIDE
1879 array(0x206A, 0x206A), // INHIBIT SYMMETRIC SWAPPING
1880 array(0x206B, 0x206B), // ACTIVATE SYMMETRIC SWAPPING
1881 array(0x206C, 0x206C), // INHIBIT ARABIC FORM SHAPING
1882 array(0x206D, 0x206D), // ACTIVATE ARABIC FORM SHAPING
1883 array(0x206E, 0x206E), // NATIONAL DIGIT SHAPES
1884 array(0x206F, 0x206F), // NOMINAL DIGIT SHAPES
1885 // Table C.9
1886 array(0xE0001, 0xE0001), // LANGUAGE TAG
1887 array(0xE0020, 0xE007F), // [TAGGING CHARACTERS]
1888 // RFC3920
1889 array(0x22, 0x22), // "
1890 array(0x26, 0x26), // &
1891 array(0x27, 0x27), // '
1892 array(0x2F, 0x2F), // /
1893 array(0x3A, 0x3A), // :
1894 array(0x3C, 0x3C), // <
1895 array(0x3E, 0x3E), // >
1896 array(0x40, 0x40) // @
1897 );
1898
1899 $pos = 0;
1900 $result = true;
1901
1902 while ($pos < strlen($username))
1903 {
1904 $len = $uni = 0;
1905 for ($i = 0; $i <= 5; $i++)
1906 {
1907 if (ord($username[$pos]) >= $boundary[$i][0] && ord($username[$pos]) <= $boundary[$i][1])
1908 {
1909 $len = $i + 1;
1910 $uni = (ord($username[$pos]) - $boundary[$i][0]) * pow(2, $i * 6);
1911
1912 for ($k = 1; $k < $len; $k++)
1913 {
1914 $uni += (ord($username[$pos + $k]) - 128) * pow(2, ($i - $k) * 6);
1915 }
1916
1917 break;
1918 }
1919 }
1920
1921 if ($len == 0)
1922 {
1923 return 'WRONG_DATA';
1924 }
1925
1926 foreach ($prohibited as $pval)
1927 {
1928 if ($uni >= $pval[0] && $uni <= $pval[1])
1929 {
1930 $result = false;
1931 break 2;
1932 }
1933 }
1934
1935 $pos = $pos + $len;
1936 }
1937
1938 if (!$result)
1939 {
1940 return 'WRONG_DATA';
1941 }
1942
1943 return false;
1944}
1945
1946/**
1947* Remove avatar
1948*/
1949function avatar_delete($mode, $row, $clean_db = false)
1950{
1951 global $phpbb_root_path, $config, $db, $user;
1952
1953 // Check if the users avatar is actually *not* a group avatar
1954 if ($mode == 'user')
1955 {
1956 if (strpos($row['user_avatar'], 'g') === 0 || (((int)$row['user_avatar'] !== 0) && ((int)$row['user_avatar'] !== (int)$row['user_id'])))
1957 {
1958 return false;
1959 }
1960 }
1961
1962 if ($clean_db)
1963 {
1964 avatar_remove_db($row[$mode . '_avatar']);
1965 }
1966 $filename = get_avatar_filename($row[$mode . '_avatar']);
1967 if (file_exists($phpbb_root_path . $config['avatar_path'] . '/' . $filename))
1968 {
1969 @unlink($phpbb_root_path . $config['avatar_path'] . '/' . $filename);
1970 return true;
1971 }
1972
1973 return false;
1974}
1975
1976/**
1977* Remote avatar linkage
1978*/
1979function avatar_remote($data, &$error)
1980{
1981 global $config, $db, $user, $phpbb_root_path, $phpEx;
1982
1983 if (!preg_match('#^(http|https|ftp)://#i', $data['remotelink']))
1984 {
1985 $data['remotelink'] = 'http://' . $data['remotelink'];
1986 }
1987 if (!preg_match('#^(http|https|ftp)://(?:(.*?\.)*?[a-z0-9\-]+?\.[a-z]{2,4}|(?:\d{1,3}\.){3,5}\d{1,3}):?([0-9]*?).*?\.(gif|jpg|jpeg|png)$#i', $data['remotelink']))
1988 {
1989 $error[] = $user->lang['AVATAR_URL_INVALID'];
1990 return false;
1991 }
1992
1993 // Make sure getimagesize works...
1994 if (($image_data = @getimagesize($data['remotelink'])) === false && (empty($data['width']) || empty($data['height'])))
1995 {
1996 $error[] = $user->lang['UNABLE_GET_IMAGE_SIZE'];
1997 return false;
1998 }
1999
2000 if (!empty($image_data) && ($image_data[0] < 2 || $image_data[1] < 2))
2001 {
2002 $error[] = $user->lang['AVATAR_NO_SIZE'];
2003 return false;
2004 }
2005
2006 $width = ($data['width'] && $data['height']) ? $data['width'] : $image_data[0];
2007 $height = ($data['width'] && $data['height']) ? $data['height'] : $image_data[1];
2008
2009 if ($width < 2 || $height < 2)
2010 {
2011 $error[] = $user->lang['AVATAR_NO_SIZE'];
2012 return false;
2013 }
2014
2015 // Check image type
2016 include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);
2017 $types = fileupload::image_types();
2018 $extension = strtolower(filespec::get_extension($data['remotelink']));
2019
2020 if (!empty($image_data) && (!isset($types[$image_data[2]]) || !in_array($extension, $types[$image_data[2]])))
2021 {
2022 if (!isset($types[$image_data[2]]))
2023 {
2024 $error[] = $user->lang['UNABLE_GET_IMAGE_SIZE'];
2025 }
2026 else
2027 {
2028 $error[] = sprintf($user->lang['IMAGE_FILETYPE_MISMATCH'], $types[$image_data[2]][0], $extension);
2029 }
2030 return false;
2031 }
2032
2033 if ($config['avatar_max_width'] || $config['avatar_max_height'])
2034 {
2035 if ($width > $config['avatar_max_width'] || $height > $config['avatar_max_height'])
2036 {
2037 $error[] = sprintf($user->lang['AVATAR_WRONG_SIZE'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], $width, $height);
2038 return false;
2039 }
2040 }
2041
2042 if ($config['avatar_min_width'] || $config['avatar_min_height'])
2043 {
2044 if ($width < $config['avatar_min_width'] || $height < $config['avatar_min_height'])
2045 {
2046 $error[] = sprintf($user->lang['AVATAR_WRONG_SIZE'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], $width, $height);
2047 return false;
2048 }
2049 }
2050
2051 return array(AVATAR_REMOTE, $data['remotelink'], $width, $height);
2052}
2053
2054/**
2055* Avatar upload using the upload class
2056*/
2057function avatar_upload($data, &$error)
2058{
2059 global $phpbb_root_path, $config, $db, $user, $phpEx;
2060
2061 // Init upload class
2062 include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);
2063 $upload = new fileupload('AVATAR_', array('jpg', 'jpeg', 'gif', 'png'), $config['avatar_filesize'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], explode('|', $config['mime_triggers']));
2064
2065 if (!empty($_FILES['uploadfile']['name']))
2066 {
2067 $file = $upload->form_upload('uploadfile');
2068 }
2069 else
2070 {
2071 $file = $upload->remote_upload($data['uploadurl']);
2072 }
2073
2074 $prefix = $config['avatar_salt'] . '_';
2075 $file->clean_filename('avatar', $prefix, $data['user_id']);
2076
2077 $destination = $config['avatar_path'];
2078
2079 // Adjust destination path (no trailing slash)
2080 if (substr($destination, -1, 1) == '/' || substr($destination, -1, 1) == '\\')
2081 {
2082 $destination = substr($destination, 0, -1);
2083 }
2084
2085 $destination = str_replace(array('../', '..\\', './', '.\\'), '', $destination);
2086 if ($destination && ($destination[0] == '/' || $destination[0] == "\\"))
2087 {
2088 $destination = '';
2089 }
2090
2091 // Move file and overwrite any existing image
2092 $file->move_file($destination, true);
2093
2094 if (sizeof($file->error))
2095 {
2096 $file->remove();
2097 $error = array_merge($error, $file->error);
2098 }
2099
2100 return array(AVATAR_UPLOAD, $data['user_id'] . '_' . time() . '.' . $file->get('extension'), $file->get('width'), $file->get('height'));
2101}
2102
2103/**
2104* Generates avatar filename from the database entry
2105*/
2106function get_avatar_filename($avatar_entry)
2107{
2108 global $config;
2109
2110
2111 if ($avatar_entry[0] === 'g')
2112 {
2113 $avatar_group = true;
2114 $avatar_entry = substr($avatar_entry, 1);
2115 }
2116 else
2117 {
2118 $avatar_group = false;
2119 }
2120 $ext = substr(strrchr($avatar_entry, '.'), 1);
2121 $avatar_entry = intval($avatar_entry);
2122 return $config['avatar_salt'] . '_' . (($avatar_group) ? 'g' : '') . $avatar_entry . '.' . $ext;
2123}
2124
2125/**
2126* Avatar Gallery
2127*/
2128function avatar_gallery($category, $avatar_select, $items_per_column, $block_var = 'avatar_row')
2129{
2130 global $user, $cache, $template;
2131 global $config, $phpbb_root_path;
2132
2133 $avatar_list = array();
2134
2135 $path = $phpbb_root_path . $config['avatar_gallery_path'];
2136
2137 if (!file_exists($path) || !is_dir($path))
2138 {
2139 $avatar_list = array($user->lang['NO_AVATAR_CATEGORY'] => array());
2140 }
2141 else
2142 {
2143 // Collect images
2144 $dp = @opendir($path);
2145
2146 if (!$dp)
2147 {
2148 return array($user->lang['NO_AVATAR_CATEGORY'] => array());
2149 }
2150
2151 while (($file = readdir($dp)) !== false)
2152 {
2153 if ($file[0] != '.' && preg_match('#^[^&"\'<>]+$#i', $file) && is_dir("$path/$file"))
2154 {
2155 $avatar_row_count = $avatar_col_count = 0;
2156
2157 if ($dp2 = @opendir("$path/$file"))
2158 {
2159 while (($sub_file = readdir($dp2)) !== false)
2160 {
2161 if (preg_match('#^[^&\'"<>]+\.(?:gif|png|jpe?g)$#i', $sub_file))
2162 {
2163 $avatar_list[$file][$avatar_row_count][$avatar_col_count] = array(
2164 'file' => rawurlencode($file) . '/' . rawurlencode($sub_file),
2165 'filename' => rawurlencode($sub_file),
2166 'name' => ucfirst(str_replace('_', ' ', preg_replace('#^(.*)\..*$#', '\1', $sub_file))),
2167 );
2168 $avatar_col_count++;
2169 if ($avatar_col_count == $items_per_column)
2170 {
2171 $avatar_row_count++;
2172 $avatar_col_count = 0;
2173 }
2174 }
2175 }
2176 closedir($dp2);
2177 }
2178 }
2179 }
2180 closedir($dp);
2181 }
2182
2183 if (!sizeof($avatar_list))
2184 {
2185 $avatar_list = array($user->lang['NO_AVATAR_CATEGORY'] => array());
2186 }
2187
2188 @ksort($avatar_list);
2189
2190 $category = (!$category) ? key($avatar_list) : $category;
2191 $avatar_categories = array_keys($avatar_list);
2192
2193 $s_category_options = '';
2194 foreach ($avatar_categories as $cat)
2195 {
2196 $s_category_options .= '<option value="' . $cat . '"' . (($cat == $category) ? ' selected="selected"' : '') . '>' . $cat . '</option>';
2197 }
2198
2199 $template->assign_vars(array(
2200 'S_AVATARS_ENABLED' => true,
2201 'S_IN_AVATAR_GALLERY' => true,
2202 'S_CAT_OPTIONS' => $s_category_options)
2203 );
2204
2205 $avatar_list = (isset($avatar_list[$category])) ? $avatar_list[$category] : array();
2206
2207 foreach ($avatar_list as $avatar_row_ary)
2208 {
2209 $template->assign_block_vars($block_var, array());
2210
2211 foreach ($avatar_row_ary as $avatar_col_ary)
2212 {
2213 $template->assign_block_vars($block_var . '.avatar_column', array(
2214 'AVATAR_IMAGE' => $phpbb_root_path . $config['avatar_gallery_path'] . '/' . $avatar_col_ary['file'],
2215 'AVATAR_NAME' => $avatar_col_ary['name'],
2216 'AVATAR_FILE' => $avatar_col_ary['filename'])
2217 );
2218
2219 $template->assign_block_vars($block_var . '.avatar_option_column', array(
2220 'AVATAR_IMAGE' => $phpbb_root_path . $config['avatar_gallery_path'] . '/' . $avatar_col_ary['file'],
2221 'S_OPTIONS_AVATAR' => $avatar_col_ary['filename'])
2222 );
2223 }
2224 }
2225
2226 return $avatar_list;
2227}
2228
2229
2230/**
2231* Tries to (re-)establish avatar dimensions
2232*/
2233function avatar_get_dimensions($avatar, $avatar_type, &$error, $current_x = 0, $current_y = 0)
2234{
2235 global $config, $phpbb_root_path, $user;
2236
2237 switch ($avatar_type)
2238 {
2239 case AVATAR_REMOTE :
2240 break;
2241
2242 case AVATAR_UPLOAD :
2243 $avatar = $phpbb_root_path . $config['avatar_path'] . '/' . get_avatar_filename($avatar);
2244 break;
2245
2246 case AVATAR_GALLERY :
2247 $avatar = $phpbb_root_path . $config['avatar_gallery_path'] . '/' . $avatar ;
2248 break;
2249 }
2250
2251 // Make sure getimagesize works...
2252 if (($image_data = @getimagesize($avatar)) === false)
2253 {
2254 $error[] = $user->lang['UNABLE_GET_IMAGE_SIZE'];
2255 return false;
2256 }
2257
2258 if ($image_data[0] < 2 || $image_data[1] < 2)
2259 {
2260 $error[] = $user->lang['AVATAR_NO_SIZE'];
2261 return false;
2262 }
2263
2264 // try to maintain ratio
2265 if (!(empty($current_x) && empty($current_y)))
2266 {
2267 if ($current_x != 0)
2268 {
2269 $image_data[1] = (int) floor(($current_x / $image_data[0]) * $image_data[1]);
2270 $image_data[1] = min($config['avatar_max_height'], $image_data[1]);
2271 $image_data[1] = max($config['avatar_min_height'], $image_data[1]);
2272 }
2273 if ($current_y != 0)
2274 {
2275 $image_data[0] = (int) floor(($current_y / $image_data[1]) * $image_data[0]);
2276 $image_data[0] = min($config['avatar_max_width'], $image_data[1]);
2277 $image_data[0] = max($config['avatar_min_width'], $image_data[1]);
2278 }
2279 }
2280 return array($image_data[0], $image_data[1]);
2281}
2282
2283/**
2284* Uploading/Changing user avatar
2285*/
2286function avatar_process_user(&$error, $custom_userdata = false)
2287{
2288 global $config, $phpbb_root_path, $auth, $user, $db;
2289
2290 $data = array(
2291 'uploadurl' => request_var('uploadurl', ''),
2292 'remotelink' => request_var('remotelink', ''),
2293 'width' => request_var('width', 0),
2294 'height' => request_var('height', 0),
2295 );
2296
2297 $error = validate_data($data, array(
2298 'uploadurl' => array('string', true, 5, 255),
2299 'remotelink' => array('string', true, 5, 255),
2300 'width' => array('string', true, 1, 3),
2301 'height' => array('string', true, 1, 3),
2302 ));
2303
2304 if (sizeof($error))
2305 {
2306 return false;
2307 }
2308
2309 $sql_ary = array();
2310
2311 if ($custom_userdata === false)
2312 {
2313 $userdata = &$user->data;
2314 }
2315 else
2316 {
2317 $userdata = &$custom_userdata;
2318 }
2319
2320 $data['user_id'] = $userdata['user_id'];
2321 $change_avatar = ($custom_userdata === false) ? $auth->acl_get('u_chgavatar') : true;
2322 $avatar_select = basename(request_var('avatar_select', ''));
2323
2324 // Can we upload?
2325 $can_upload = ($config['allow_avatar_upload'] && file_exists($phpbb_root_path . $config['avatar_path']) && @is_writable($phpbb_root_path . $config['avatar_path']) && $change_avatar && (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on')) ? true : false;
2326
2327 if ((!empty($_FILES['uploadfile']['name']) || $data['uploadurl']) && $can_upload)
2328 {
2329 list($sql_ary['user_avatar_type'], $sql_ary['user_avatar'], $sql_ary['user_avatar_width'], $sql_ary['user_avatar_height']) = avatar_upload($data, $error);
2330 }
2331 else if ($data['remotelink'] && $change_avatar && $config['allow_avatar_remote'])
2332 {
2333 list($sql_ary['user_avatar_type'], $sql_ary['user_avatar'], $sql_ary['user_avatar_width'], $sql_ary['user_avatar_height']) = avatar_remote($data, $error);
2334 }
2335 else if ($avatar_select && $change_avatar && $config['allow_avatar_local'])
2336 {
2337 $category = basename(request_var('category', ''));
2338
2339 $sql_ary['user_avatar_type'] = AVATAR_GALLERY;
2340 $sql_ary['user_avatar'] = $avatar_select;
2341
2342 // check avatar gallery
2343 if (!is_dir($phpbb_root_path . $config['avatar_gallery_path'] . '/' . $category))
2344 {
2345 $sql_ary['user_avatar'] = '';
2346 $sql_ary['user_avatar_type'] = $sql_ary['user_avatar_width'] = $sql_ary['user_avatar_height'] = 0;
2347 }
2348 else
2349 {
2350 list($sql_ary['user_avatar_width'], $sql_ary['user_avatar_height']) = getimagesize($phpbb_root_path . $config['avatar_gallery_path'] . '/' . $category . '/' . $sql_ary['user_avatar']);
2351 $sql_ary['user_avatar'] = $category . '/' . $sql_ary['user_avatar'];
2352 }
2353 }
2354 else if (isset($_POST['delete']) && $change_avatar)
2355 {
2356 $sql_ary['user_avatar'] = '';
2357 $sql_ary['user_avatar_type'] = $sql_ary['user_avatar_width'] = $sql_ary['user_avatar_height'] = 0;
2358 }
2359 else if (!empty($userdata['user_avatar']))
2360 {
2361 // Only update the dimensions
2362
2363 if (empty($data['width']) || empty($data['height']))
2364 {
2365 if ($dims = avatar_get_dimensions($userdata['user_avatar'], $userdata['user_avatar_type'], $error, $data['width'], $data['height']))
2366 {
2367 list($guessed_x, $guessed_y) = $dims;
2368 if (empty($data['width']))
2369 {
2370 $data['width'] = $guessed_x;
2371 }
2372 if (empty($data['height']))
2373 {
2374 $data['height'] = $guessed_y;
2375 }
2376 }
2377 }
2378 if (($config['avatar_max_width'] || $config['avatar_max_height']) &&
2379 (($data['width'] != $userdata['user_avatar_width']) || $data['height'] != $userdata['user_avatar_height']))
2380 {
2381 if ($data['width'] > $config['avatar_max_width'] || $data['height'] > $config['avatar_max_height'])
2382 {
2383 $error[] = sprintf($user->lang['AVATAR_WRONG_SIZE'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], $data['width'], $data['height']);
2384 }
2385 }
2386
2387 if (!sizeof($error))
2388 {
2389 if ($config['avatar_min_width'] || $config['avatar_min_height'])
2390 {
2391 if ($data['width'] < $config['avatar_min_width'] || $data['height'] < $config['avatar_min_height'])
2392 {
2393 $error[] = sprintf($user->lang['AVATAR_WRONG_SIZE'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], $data['width'], $data['height']);
2394 }
2395 }
2396 }
2397
2398 if (!sizeof($error))
2399 {
2400 $sql_ary['user_avatar_width'] = $data['width'];
2401 $sql_ary['user_avatar_height'] = $data['height'];
2402 }
2403 }
2404
2405 if (!sizeof($error))
2406 {
2407 // Do we actually have any data to update?
2408 if (sizeof($sql_ary))
2409 {
2410 $ext_new = $ext_old = '';
2411 if (isset($sql_ary['user_avatar']))
2412 {
2413 $userdata = ($custom_userdata === false) ? $user->data : $custom_userdata;
2414 $ext_new = (empty($sql_ary['user_avatar'])) ? '' : substr(strrchr($sql_ary['user_avatar'], '.'), 1);
2415 $ext_old = (empty($userdata['user_avatar'])) ? '' : substr(strrchr($userdata['user_avatar'], '.'), 1);
2416
2417 if ($userdata['user_avatar_type'] == AVATAR_UPLOAD)
2418 {
2419 // Delete old avatar if present
2420 if ((!empty($userdata['user_avatar']) && empty($sql_ary['user_avatar']))
2421 || ( !empty($userdata['user_avatar']) && !empty($sql_ary['user_avatar']) && $ext_new !== $ext_old))
2422 {
2423 avatar_delete('user', $userdata);
2424 }
2425 }
2426 }
2427
2428 $sql = 'UPDATE ' . USERS_TABLE . '
2429 SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
2430 WHERE user_id = ' . (($custom_userdata === false) ? $user->data['user_id'] : $custom_userdata['user_id']);
2431 $db->sql_query($sql);
2432
2433 }
2434 }
2435
2436 return (sizeof($error)) ? false : true;
2437}
2438
2439//
2440// Usergroup functions
2441//
2442
2443/**
2444* Add or edit a group. If we're editing a group we only update user
2445* parameters such as rank, etc. if they are changed
2446*/
2447function group_create(&$group_id, $type, $name, $desc, $group_attributes, $allow_desc_bbcode = false, $allow_desc_urls = false, $allow_desc_smilies = false)
2448{
2449 global $phpbb_root_path, $config, $db, $user, $file_upload;
2450
2451 $error = array();
2452
2453 // Attributes which also affect the users table
2454 $user_attribute_ary = array('group_colour', 'group_rank', 'group_avatar', 'group_avatar_type', 'group_avatar_width', 'group_avatar_height');
2455
2456 // Check data. Limit group name length.
2457 if (!utf8_strlen($name) || utf8_strlen($name) > 60)
2458 {
2459 $error[] = (!utf8_strlen($name)) ? $user->lang['GROUP_ERR_USERNAME'] : $user->lang['GROUP_ERR_USER_LONG'];
2460 }
2461
2462 $err = group_validate_groupname($group_id, $name);
2463 if (!empty($err))
2464 {
2465 $error[] = $user->lang[$err];
2466 }
2467
2468 if (!in_array($type, array(GROUP_OPEN, GROUP_CLOSED, GROUP_HIDDEN, GROUP_SPECIAL, GROUP_FREE)))
2469 {
2470 $error[] = $user->lang['GROUP_ERR_TYPE'];
2471 }
2472
2473 if (!sizeof($error))
2474 {
2475 $user_ary = array();
2476 $sql_ary = array(
2477 'group_name' => (string) $name,
2478 'group_desc' => (string) $desc,
2479 'group_desc_uid' => '',
2480 'group_desc_bitfield' => '',
2481 'group_type' => (int) $type,
2482 );
2483
2484 // Parse description
2485 if ($desc)
2486 {
2487 generate_text_for_storage($sql_ary['group_desc'], $sql_ary['group_desc_uid'], $sql_ary['group_desc_bitfield'], $sql_ary['group_desc_options'], $allow_desc_bbcode, $allow_desc_urls, $allow_desc_smilies);
2488 }
2489
2490 if (sizeof($group_attributes))
2491 {
2492 // Merge them with $sql_ary to properly update the group
2493 $sql_ary = array_merge($sql_ary, $group_attributes);
2494 }
2495
2496 // Setting the log message before we set the group id (if group gets added)
2497 $log = ($group_id) ? 'LOG_GROUP_UPDATED' : 'LOG_GROUP_CREATED';
2498
2499 $query = '';
2500
2501 if ($group_id)
2502 {
2503 $sql = 'SELECT user_id
2504 FROM ' . USERS_TABLE . '
2505 WHERE group_id = ' . $group_id;
2506 $result = $db->sql_query($sql);
2507
2508 while ($row = $db->sql_fetchrow($result))
2509 {
2510 $user_ary[] = $row['user_id'];
2511 }
2512 $db->sql_freeresult($result);
2513
2514 if (isset($sql_ary['group_avatar']) && !$sql_ary['group_avatar'])
2515 {
2516 remove_default_avatar($group_id, $user_ary);
2517 }
2518
2519 if (isset($sql_ary['group_rank']) && !$sql_ary['group_rank'])
2520 {
2521 remove_default_rank($group_id, $user_ary);
2522 }
2523
2524 $sql = 'UPDATE ' . GROUPS_TABLE . '
2525 SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
2526 WHERE group_id = $group_id";
2527 $db->sql_query($sql);
2528
2529 // Since we may update the name too, we need to do this on other tables too...
2530 $sql = 'UPDATE ' . MODERATOR_CACHE_TABLE . "
2531 SET group_name = '" . $db->sql_escape($sql_ary['group_name']) . "'
2532 WHERE group_id = $group_id";
2533 $db->sql_query($sql);
2534
2535 // One special case is the group skip auth setting. If this was changed we need to purge permissions for this group
2536 if (isset($group_attributes['group_skip_auth']))
2537 {
2538 // Get users within this group...
2539 $sql = 'SELECT user_id
2540 FROM ' . USER_GROUP_TABLE . '
2541 WHERE group_id = ' . $group_id . '
2542 AND user_pending = 0';
2543 $result = $db->sql_query($sql);
2544
2545 $user_id_ary = array();
2546 while ($row = $db->sql_fetchrow($result))
2547 {
2548 $user_id_ary[] = $row['user_id'];
2549 }
2550 $db->sql_freeresult($result);
2551
2552 if (!empty($user_id_ary))
2553 {
2554 global $auth;
2555
2556 // Clear permissions cache of relevant users
2557 $auth->acl_clear_prefetch($user_id_ary);
2558 }
2559 }
2560 }
2561 else
2562 {
2563 $sql = 'INSERT INTO ' . GROUPS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
2564 $db->sql_query($sql);
2565 }
2566
2567 if (!$group_id)
2568 {
2569 $group_id = $db->sql_nextid();
2570
2571 if (isset($sql_ary['group_avatar_type']) && $sql_ary['group_avatar_type'] == AVATAR_UPLOAD)
2572 {
2573 group_correct_avatar($group_id, $sql_ary['group_avatar']);
2574 }
2575 }
2576
2577 // Set user attributes
2578 $sql_ary = array();
2579 if (sizeof($group_attributes))
2580 {
2581 // Go through the user attributes array, check if a group attribute matches it and then set it. ;)
2582 foreach ($user_attribute_ary as $attribute)
2583 {
2584 if (!isset($group_attributes[$attribute]))
2585 {
2586 continue;
2587 }
2588
2589 // If we are about to set an avatar, we will not overwrite user avatars if no group avatar is set...
2590 if (strpos($attribute, 'group_avatar') === 0 && !$group_attributes[$attribute])
2591 {
2592 continue;
2593 }
2594
2595 $sql_ary[$attribute] = $group_attributes[$attribute];
2596 }
2597 }
2598
2599 if (sizeof($sql_ary) && sizeof($user_ary))
2600 {
2601 group_set_user_default($group_id, $user_ary, $sql_ary);
2602 }
2603
2604 $name = ($type == GROUP_SPECIAL) ? $user->lang['G_' . $name] : $name;
2605 add_log('admin', $log, $name);
2606
2607 group_update_listings($group_id);
2608 }
2609
2610 return (sizeof($error)) ? $error : false;
2611}
2612
2613
2614/**
2615* Changes a group avatar's filename to conform to the naming scheme
2616*/
2617function group_correct_avatar($group_id, $old_entry)
2618{
2619 global $config, $db, $phpbb_root_path;
2620
2621 $group_id = (int)$group_id;
2622 $ext = substr(strrchr($old_entry, '.'), 1);
2623 $old_filename = get_avatar_filename($old_entry);
2624 $new_filename = $config['avatar_salt'] . "_g$group_id.$ext";
2625 $new_entry = 'g' . $group_id . '_' . substr(time(), -5) . ".$ext";
2626
2627 $avatar_path = $phpbb_root_path . $config['avatar_path'];
2628 if (@rename($avatar_path . '/'. $old_filename, $avatar_path . '/' . $new_filename))
2629 {
2630 $sql = 'UPDATE ' . GROUPS_TABLE . '
2631 SET group_avatar = \'' . $db->sql_escape($new_entry) . "'
2632 WHERE group_id = $group_id";
2633 $db->sql_query($sql);
2634 }
2635}
2636
2637
2638/**
2639* Remove avatar also for users not having the group as default
2640*/
2641function avatar_remove_db($avatar_name)
2642{
2643 global $config, $db;
2644
2645 $sql = 'UPDATE ' . USERS_TABLE . "
2646 SET user_avatar = '',
2647 user_avatar_type = 0
2648 WHERE user_avatar = '" . $db->sql_escape($avatar_name) . '\'';
2649 $db->sql_query($sql);
2650}
2651
2652
2653/**
2654* Group Delete
2655*/
2656function group_delete($group_id, $group_name = false)
2657{
2658 global $db, $phpbb_root_path, $phpEx;
2659
2660 if (!$group_name)
2661 {
2662 $group_name = get_group_name($group_id);
2663 }
2664
2665 $start = 0;
2666
2667 do
2668 {
2669 $user_id_ary = $username_ary = array();
2670
2671 // Batch query for group members, call group_user_del
2672 $sql = 'SELECT u.user_id, u.username
2673 FROM ' . USER_GROUP_TABLE . ' ug, ' . USERS_TABLE . " u
2674 WHERE ug.group_id = $group_id
2675 AND u.user_id = ug.user_id";
2676 $result = $db->sql_query_limit($sql, 200, $start);
2677
2678 if ($row = $db->sql_fetchrow($result))
2679 {
2680 do
2681 {
2682 $user_id_ary[] = $row['user_id'];
2683 $username_ary[] = $row['username'];
2684
2685 $start++;
2686 }
2687 while ($row = $db->sql_fetchrow($result));
2688
2689 group_user_del($group_id, $user_id_ary, $username_ary, $group_name);
2690 }
2691 else
2692 {
2693 $start = 0;
2694 }
2695 $db->sql_freeresult($result);
2696 }
2697 while ($start);
2698
2699 // Delete group
2700 $sql = 'DELETE FROM ' . GROUPS_TABLE . "
2701 WHERE group_id = $group_id";
2702 $db->sql_query($sql);
2703
2704 // Delete auth entries from the groups table
2705 $sql = 'DELETE FROM ' . ACL_GROUPS_TABLE . "
2706 WHERE group_id = $group_id";
2707 $db->sql_query($sql);
2708
2709 // Re-cache moderators
2710 if (!function_exists('cache_moderators'))
2711 {
2712 include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
2713 }
2714
2715 cache_moderators();
2716
2717 add_log('admin', 'LOG_GROUP_DELETE', $group_name);
2718
2719 // Return false - no error
2720 return false;
2721}
2722
2723/**
2724* Add user(s) to group
2725*
2726* @return mixed false if no errors occurred, else the user lang string for the relevant error, for example 'NO_USER'
2727*/
2728function group_user_add($group_id, $user_id_ary = false, $username_ary = false, $group_name = false, $default = false, $leader = 0, $pending = 0, $group_attributes = false)
2729{
2730 global $db, $auth;
2731
2732 // We need both username and user_id info
2733 $result = user_get_id_name($user_id_ary, $username_ary);
2734
2735 if (!sizeof($user_id_ary) || $result !== false)
2736 {
2737 return 'NO_USER';
2738 }
2739
2740 // Remove users who are already members of this group
2741 $sql = 'SELECT user_id, group_leader
2742 FROM ' . USER_GROUP_TABLE . '
2743 WHERE ' . $db->sql_in_set('user_id', $user_id_ary) . "
2744 AND group_id = $group_id";
2745 $result = $db->sql_query($sql);
2746
2747 $add_id_ary = $update_id_ary = array();
2748 while ($row = $db->sql_fetchrow($result))
2749 {
2750 $add_id_ary[] = (int) $row['user_id'];
2751
2752 if ($leader && !$row['group_leader'])
2753 {
2754 $update_id_ary[] = (int) $row['user_id'];
2755 }
2756 }
2757 $db->sql_freeresult($result);
2758
2759 // Do all the users exist in this group?
2760 $add_id_ary = array_diff($user_id_ary, $add_id_ary);
2761
2762 // If we have no users
2763 if (!sizeof($add_id_ary) && !sizeof($update_id_ary))
2764 {
2765 return 'GROUP_USERS_EXIST';
2766 }
2767
2768 $db->sql_transaction('begin');
2769
2770 // Insert the new users
2771 if (sizeof($add_id_ary))
2772 {
2773 $sql_ary = array();
2774
2775 foreach ($add_id_ary as $user_id)
2776 {
2777 $sql_ary[] = array(
2778 'user_id' => (int) $user_id,
2779 'group_id' => (int) $group_id,
2780 'group_leader' => (int) $leader,
2781 'user_pending' => (int) $pending,
2782 );
2783 }
2784
2785 $db->sql_multi_insert(USER_GROUP_TABLE, $sql_ary);
2786 }
2787
2788 if (sizeof($update_id_ary))
2789 {
2790 $sql = 'UPDATE ' . USER_GROUP_TABLE . '
2791 SET group_leader = 1
2792 WHERE ' . $db->sql_in_set('user_id', $update_id_ary) . "
2793 AND group_id = $group_id";
2794 $db->sql_query($sql);
2795 }
2796
2797 if ($default)
2798 {
2799 group_user_attributes('default', $group_id, $user_id_ary, false, $group_name, $group_attributes);
2800 }
2801
2802 $db->sql_transaction('commit');
2803
2804 // Clear permissions cache of relevant users
2805 $auth->acl_clear_prefetch($user_id_ary);
2806
2807 if (!$group_name)
2808 {
2809 $group_name = get_group_name($group_id);
2810 }
2811
2812 $log = ($leader) ? 'LOG_MODS_ADDED' : (($pending) ? 'LOG_USERS_PENDING' : 'LOG_USERS_ADDED');
2813
2814 add_log('admin', $log, $group_name, implode(', ', $username_ary));
2815
2816 group_update_listings($group_id);
2817
2818 // Return false - no error
2819 return false;
2820}
2821
2822/**
2823* Remove a user/s from a given group. When we remove users we update their
2824* default group_id. We do this by examining which "special" groups they belong
2825* to. The selection is made based on a reasonable priority system
2826*
2827* @return false if no errors occurred, else the user lang string for the relevant error, for example 'NO_USER'
2828*/
2829function group_user_del($group_id, $user_id_ary = false, $username_ary = false, $group_name = false)
2830{
2831 global $db, $auth, $config;
2832
2833 if ($config['coppa_enable'])
2834 {
2835 $group_order = array('ADMINISTRATORS', 'GLOBAL_MODERATORS', 'NEWLY_REGISTERED', 'REGISTERED_COPPA', 'REGISTERED', 'BOTS', 'GUESTS');
2836 }
2837 else
2838 {
2839 $group_order = array('ADMINISTRATORS', 'GLOBAL_MODERATORS', 'NEWLY_REGISTERED', 'REGISTERED', 'BOTS', 'GUESTS');
2840 }
2841
2842 // We need both username and user_id info
2843 $result = user_get_id_name($user_id_ary, $username_ary);
2844
2845 if (!sizeof($user_id_ary) || $result !== false)
2846 {
2847 return 'NO_USER';
2848 }
2849
2850 $sql = 'SELECT *
2851 FROM ' . GROUPS_TABLE . '
2852 WHERE ' . $db->sql_in_set('group_name', $group_order);
2853 $result = $db->sql_query($sql);
2854
2855 $group_order_id = $special_group_data = array();
2856 while ($row = $db->sql_fetchrow($result))
2857 {
2858 $group_order_id[$row['group_name']] = $row['group_id'];
2859
2860 $special_group_data[$row['group_id']] = array(
2861 'group_colour' => $row['group_colour'],
2862 'group_rank' => $row['group_rank'],
2863 );
2864
2865 // Only set the group avatar if one is defined...
2866 if ($row['group_avatar'])
2867 {
2868 $special_group_data[$row['group_id']] = array_merge($special_group_data[$row['group_id']], array(
2869 'group_avatar' => $row['group_avatar'],
2870 'group_avatar_type' => $row['group_avatar_type'],
2871 'group_avatar_width' => $row['group_avatar_width'],
2872 'group_avatar_height' => $row['group_avatar_height'])
2873 );
2874 }
2875 }
2876 $db->sql_freeresult($result);
2877
2878 // Get users default groups - we only need to reset default group membership if the group from which the user gets removed is set as default
2879 $sql = 'SELECT user_id, group_id
2880 FROM ' . USERS_TABLE . '
2881 WHERE ' . $db->sql_in_set('user_id', $user_id_ary);
2882 $result = $db->sql_query($sql);
2883
2884 $default_groups = array();
2885 while ($row = $db->sql_fetchrow($result))
2886 {
2887 $default_groups[$row['user_id']] = $row['group_id'];
2888 }
2889 $db->sql_freeresult($result);
2890
2891 // What special group memberships exist for these users?
2892 $sql = 'SELECT g.group_id, g.group_name, ug.user_id
2893 FROM ' . USER_GROUP_TABLE . ' ug, ' . GROUPS_TABLE . ' g
2894 WHERE ' . $db->sql_in_set('ug.user_id', $user_id_ary) . "
2895 AND g.group_id = ug.group_id
2896 AND g.group_id <> $group_id
2897 AND g.group_type = " . GROUP_SPECIAL . '
2898 ORDER BY ug.user_id, g.group_id';
2899 $result = $db->sql_query($sql);
2900
2901 $temp_ary = array();
2902 while ($row = $db->sql_fetchrow($result))
2903 {
2904 if ($default_groups[$row['user_id']] == $group_id && (!isset($temp_ary[$row['user_id']]) || $group_order_id[$row['group_name']] < $temp_ary[$row['user_id']]))
2905 {
2906 $temp_ary[$row['user_id']] = $row['group_id'];
2907 }
2908 }
2909 $db->sql_freeresult($result);
2910
2911 // sql_where_ary holds the new default groups and their users
2912 $sql_where_ary = array();
2913 foreach ($temp_ary as $uid => $gid)
2914 {
2915 $sql_where_ary[$gid][] = $uid;
2916 }
2917 unset($temp_ary);
2918
2919 foreach ($special_group_data as $gid => $default_data_ary)
2920 {
2921 if (isset($sql_where_ary[$gid]) && sizeof($sql_where_ary[$gid]))
2922 {
2923 remove_default_rank($group_id, $sql_where_ary[$gid]);
2924 remove_default_avatar($group_id, $sql_where_ary[$gid]);
2925 group_set_user_default($gid, $sql_where_ary[$gid], $default_data_ary);
2926 }
2927 }
2928 unset($special_group_data);
2929
2930 $sql = 'DELETE FROM ' . USER_GROUP_TABLE . "
2931 WHERE group_id = $group_id
2932 AND " . $db->sql_in_set('user_id', $user_id_ary);
2933 $db->sql_query($sql);
2934
2935 // Clear permissions cache of relevant users
2936 $auth->acl_clear_prefetch($user_id_ary);
2937
2938 if (!$group_name)
2939 {
2940 $group_name = get_group_name($group_id);
2941 }
2942
2943 $log = 'LOG_GROUP_REMOVE';
2944
2945 if ($group_name)
2946 {
2947 add_log('admin', $log, $group_name, implode(', ', $username_ary));
2948 }
2949
2950 group_update_listings($group_id);
2951
2952 // Return false - no error
2953 return false;
2954}
2955
2956
2957/**
2958* Removes the group avatar of the default group from the users in user_ids who have that group as default.
2959*/
2960function remove_default_avatar($group_id, $user_ids)
2961{
2962 global $db;
2963
2964 if (!is_array($user_ids))
2965 {
2966 $user_ids = array($user_ids);
2967 }
2968 if (empty($user_ids))
2969 {
2970 return false;
2971 }
2972
2973 $user_ids = array_map('intval', $user_ids);
2974
2975 $sql = 'SELECT *
2976 FROM ' . GROUPS_TABLE . '
2977 WHERE group_id = ' . (int)$group_id;
2978 $result = $db->sql_query($sql);
2979 if (!$row = $db->sql_fetchrow($result))
2980 {
2981 $db->sql_freeresult($result);
2982 return false;
2983 }
2984 $db->sql_freeresult($result);
2985
2986 $sql = 'UPDATE ' . USERS_TABLE . "
2987 SET user_avatar = '',
2988 user_avatar_type = 0,
2989 user_avatar_width = 0,
2990 user_avatar_height = 0
2991 WHERE group_id = " . (int) $group_id . "
2992 AND user_avatar = '" . $db->sql_escape($row['group_avatar']) . "'
2993 AND " . $db->sql_in_set('user_id', $user_ids);
2994
2995 $db->sql_query($sql);
2996}
2997
2998/**
2999* Removes the group rank of the default group from the users in user_ids who have that group as default.
3000*/
3001function remove_default_rank($group_id, $user_ids)
3002{
3003 global $db;
3004
3005 if (!is_array($user_ids))
3006 {
3007 $user_ids = array($user_ids);
3008 }
3009 if (empty($user_ids))
3010 {
3011 return false;
3012 }
3013
3014 $user_ids = array_map('intval', $user_ids);
3015
3016 $sql = 'SELECT *
3017 FROM ' . GROUPS_TABLE . '
3018 WHERE group_id = ' . (int)$group_id;
3019 $result = $db->sql_query($sql);
3020 if (!$row = $db->sql_fetchrow($result))
3021 {
3022 $db->sql_freeresult($result);
3023 return false;
3024 }
3025 $db->sql_freeresult($result);
3026
3027 $sql = 'UPDATE ' . USERS_TABLE . '
3028 SET user_rank = 0
3029 WHERE group_id = ' . (int)$group_id . '
3030 AND user_rank <> 0
3031 AND user_rank = ' . (int)$row['group_rank'] . '
3032 AND ' . $db->sql_in_set('user_id', $user_ids);
3033 $db->sql_query($sql);
3034}
3035
3036/**
3037* This is used to promote (to leader), demote or set as default a member/s
3038*/
3039function group_user_attributes($action, $group_id, $user_id_ary = false, $username_ary = false, $group_name = false, $group_attributes = false)
3040{
3041 global $db, $auth, $phpbb_root_path, $phpEx, $config;
3042
3043 // We need both username and user_id info
3044 $result = user_get_id_name($user_id_ary, $username_ary);
3045
3046 if (!sizeof($user_id_ary) || $result !== false)
3047 {
3048 return 'NO_USERS';
3049 }
3050
3051 if (!$group_name)
3052 {
3053 $group_name = get_group_name($group_id);
3054 }
3055
3056 switch ($action)
3057 {
3058 case 'demote':
3059 case 'promote':
3060
3061 $sql = 'SELECT user_id FROM ' . USER_GROUP_TABLE . "
3062 WHERE group_id = $group_id
3063 AND user_pending = 1
3064 AND " . $db->sql_in_set('user_id', $user_id_ary);
3065 $result = $db->sql_query_limit($sql, 1);
3066 $not_empty = ($db->sql_fetchrow($result));
3067 $db->sql_freeresult($result);
3068 if ($not_empty)
3069 {
3070 return 'NO_VALID_USERS';
3071 }
3072
3073 $sql = 'UPDATE ' . USER_GROUP_TABLE . '
3074 SET group_leader = ' . (($action == 'promote') ? 1 : 0) . "
3075 WHERE group_id = $group_id
3076 AND user_pending = 0
3077 AND " . $db->sql_in_set('user_id', $user_id_ary);
3078 $db->sql_query($sql);
3079
3080 $log = ($action == 'promote') ? 'LOG_GROUP_PROMOTED' : 'LOG_GROUP_DEMOTED';
3081 break;
3082
3083 case 'approve':
3084 // Make sure we only approve those which are pending ;)
3085 $sql = 'SELECT u.user_id, u.user_email, u.username, u.username_clean, u.user_notify_type, u.user_jabber, u.user_lang
3086 FROM ' . USERS_TABLE . ' u, ' . USER_GROUP_TABLE . ' ug
3087 WHERE ug.group_id = ' . $group_id . '
3088 AND ug.user_pending = 1
3089 AND ug.user_id = u.user_id
3090 AND ' . $db->sql_in_set('ug.user_id', $user_id_ary);
3091 $result = $db->sql_query($sql);
3092
3093 $user_id_ary = $email_users = array();
3094 while ($row = $db->sql_fetchrow($result))
3095 {
3096 $user_id_ary[] = $row['user_id'];
3097 $email_users[] = $row;
3098 }
3099 $db->sql_freeresult($result);
3100
3101 if (!sizeof($user_id_ary))
3102 {
3103 return false;
3104 }
3105
3106 $sql = 'UPDATE ' . USER_GROUP_TABLE . "
3107 SET user_pending = 0
3108 WHERE group_id = $group_id
3109 AND " . $db->sql_in_set('user_id', $user_id_ary);
3110 $db->sql_query($sql);
3111
3112 // Send approved email to users...
3113 include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
3114 $messenger = new messenger();
3115
3116 foreach ($email_users as $row)
3117 {
3118 $messenger->template('group_approved', $row['user_lang']);
3119
3120 $messenger->to($row['user_email'], $row['username']);
3121 $messenger->im($row['user_jabber'], $row['username']);
3122
3123 $messenger->assign_vars(array(
3124 'USERNAME' => htmlspecialchars_decode($row['username']),
3125 'GROUP_NAME' => htmlspecialchars_decode($group_name),
3126 'U_GROUP' => generate_board_url() . "/ucp.$phpEx?i=groups&mode=membership")
3127 );
3128
3129 $messenger->send($row['user_notify_type']);
3130 }
3131
3132 $messenger->save_queue();
3133
3134 $log = 'LOG_USERS_APPROVED';
3135 break;
3136
3137 case 'default':
3138 // We only set default group for approved members of the group
3139 $sql = 'SELECT user_id
3140 FROM ' . USER_GROUP_TABLE . "
3141 WHERE group_id = $group_id
3142 AND user_pending = 0
3143 AND " . $db->sql_in_set('user_id', $user_id_ary);
3144 $result = $db->sql_query($sql);
3145
3146 $user_id_ary = $username_ary = array();
3147 while ($row = $db->sql_fetchrow($result))
3148 {
3149 $user_id_ary[] = $row['user_id'];
3150 }
3151 $db->sql_freeresult($result);
3152
3153 $result = user_get_id_name($user_id_ary, $username_ary);
3154 if (!sizeof($user_id_ary) || $result !== false)
3155 {
3156 return 'NO_USERS';
3157 }
3158
3159 $sql = 'SELECT user_id, group_id FROM ' . USERS_TABLE . '
3160 WHERE ' . $db->sql_in_set('user_id', $user_id_ary, false, true);
3161 $result = $db->sql_query($sql);
3162
3163 $groups = array();
3164 while ($row = $db->sql_fetchrow($result))
3165 {
3166 if (!isset($groups[$row['group_id']]))
3167 {
3168 $groups[$row['group_id']] = array();
3169 }
3170 $groups[$row['group_id']][] = $row['user_id'];
3171 }
3172 $db->sql_freeresult($result);
3173
3174 foreach ($groups as $gid => $uids)
3175 {
3176 remove_default_rank($gid, $uids);
3177 remove_default_avatar($gid, $uids);
3178 }
3179 group_set_user_default($group_id, $user_id_ary, $group_attributes);
3180 $log = 'LOG_GROUP_DEFAULTS';
3181 break;
3182 }
3183
3184 // Clear permissions cache of relevant users
3185 $auth->acl_clear_prefetch($user_id_ary);
3186
3187 add_log('admin', $log, $group_name, implode(', ', $username_ary));
3188
3189 group_update_listings($group_id);
3190
3191 return false;
3192}
3193
3194/**
3195* A small version of validate_username to check for a group name's existence. To be called directly.
3196*/
3197function group_validate_groupname($group_id, $group_name)
3198{
3199 global $config, $db;
3200
3201 $group_name = utf8_clean_string($group_name);
3202
3203 if (!empty($group_id))
3204 {
3205 $sql = 'SELECT group_name
3206 FROM ' . GROUPS_TABLE . '
3207 WHERE group_id = ' . (int) $group_id;
3208 $result = $db->sql_query($sql);
3209 $row = $db->sql_fetchrow($result);
3210 $db->sql_freeresult($result);
3211
3212 if (!$row)
3213 {
3214 return false;
3215 }
3216
3217 $allowed_groupname = utf8_clean_string($row['group_name']);
3218
3219 if ($allowed_groupname == $group_name)
3220 {
3221 return false;
3222 }
3223 }
3224
3225 $sql = 'SELECT group_name
3226 FROM ' . GROUPS_TABLE . "
3227 WHERE LOWER(group_name) = '" . $db->sql_escape(utf8_strtolower($group_name)) . "'";
3228 $result = $db->sql_query($sql);
3229 $row = $db->sql_fetchrow($result);
3230 $db->sql_freeresult($result);
3231
3232 if ($row)
3233 {
3234 return 'GROUP_NAME_TAKEN';
3235 }
3236
3237 return false;
3238}
3239
3240/**
3241* Set users default group
3242*
3243* @access private
3244*/
3245function group_set_user_default($group_id, $user_id_ary, $group_attributes = false, $update_listing = false)
3246{
3247 global $cache, $db;
3248
3249 if (empty($user_id_ary))
3250 {
3251 return;
3252 }
3253
3254 $attribute_ary = array(
3255 'group_colour' => 'string',
3256 'group_rank' => 'int',
3257 'group_avatar' => 'string',
3258 'group_avatar_type' => 'int',
3259 'group_avatar_width' => 'int',
3260 'group_avatar_height' => 'int',
3261 );
3262
3263 $sql_ary = array(
3264 'group_id' => $group_id
3265 );
3266
3267 // Were group attributes passed to the function? If not we need to obtain them
3268 if ($group_attributes === false)
3269 {
3270 $sql = 'SELECT ' . implode(', ', array_keys($attribute_ary)) . '
3271 FROM ' . GROUPS_TABLE . "
3272 WHERE group_id = $group_id";
3273 $result = $db->sql_query($sql);
3274 $group_attributes = $db->sql_fetchrow($result);
3275 $db->sql_freeresult($result);
3276 }
3277
3278 foreach ($attribute_ary as $attribute => $type)
3279 {
3280 if (isset($group_attributes[$attribute]))
3281 {
3282 // If we are about to set an avatar or rank, we will not overwrite with empty, unless we are not actually changing the default group
3283 if ((strpos($attribute, 'group_avatar') === 0 || strpos($attribute, 'group_rank') === 0) && !$group_attributes[$attribute])
3284 {
3285 continue;
3286 }
3287
3288 settype($group_attributes[$attribute], $type);
3289 $sql_ary[str_replace('group_', 'user_', $attribute)] = $group_attributes[$attribute];
3290 }
3291 }
3292
3293 // Before we update the user attributes, we will make a list of those having now the group avatar assigned
3294 if (isset($sql_ary['user_avatar']))
3295 {
3296 // Ok, get the original avatar data from users having an uploaded one (we need to remove these from the filesystem)
3297 $sql = 'SELECT user_id, group_id, user_avatar
3298 FROM ' . USERS_TABLE . '
3299 WHERE ' . $db->sql_in_set('user_id', $user_id_ary) . '
3300 AND user_avatar_type = ' . AVATAR_UPLOAD;
3301 $result = $db->sql_query($sql);
3302
3303 while ($row = $db->sql_fetchrow($result))
3304 {
3305 avatar_delete('user', $row);
3306 }
3307 $db->sql_freeresult($result);
3308 }
3309 else
3310 {
3311 unset($sql_ary['user_avatar_type']);
3312 unset($sql_ary['user_avatar_height']);
3313 unset($sql_ary['user_avatar_width']);
3314 }
3315
3316 $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
3317 WHERE ' . $db->sql_in_set('user_id', $user_id_ary);
3318 $db->sql_query($sql);
3319
3320 if (isset($sql_ary['user_colour']))
3321 {
3322 // Update any cached colour information for these users
3323 $sql = 'UPDATE ' . FORUMS_TABLE . " SET forum_last_poster_colour = '" . $db->sql_escape($sql_ary['user_colour']) . "'
3324 WHERE " . $db->sql_in_set('forum_last_poster_id', $user_id_ary);
3325 $db->sql_query($sql);
3326
3327 $sql = 'UPDATE ' . TOPICS_TABLE . " SET topic_first_poster_colour = '" . $db->sql_escape($sql_ary['user_colour']) . "'
3328 WHERE " . $db->sql_in_set('topic_poster', $user_id_ary);
3329 $db->sql_query($sql);
3330
3331 $sql = 'UPDATE ' . TOPICS_TABLE . " SET topic_last_poster_colour = '" . $db->sql_escape($sql_ary['user_colour']) . "'
3332 WHERE " . $db->sql_in_set('topic_last_poster_id', $user_id_ary);
3333 $db->sql_query($sql);
3334
3335 global $config;
3336
3337 if (in_array($config['newest_user_id'], $user_id_ary))
3338 {
3339 set_config('newest_user_colour', $sql_ary['user_colour'], true);
3340 }
3341 }
3342
3343 if ($update_listing)
3344 {
3345 group_update_listings($group_id);
3346 }
3347
3348 // Because some tables/caches use usercolour-specific data we need to purge this here.
3349 $cache->destroy('sql', MODERATOR_CACHE_TABLE);
3350}
3351
3352/**
3353* Get group name
3354*/
3355function get_group_name($group_id)
3356{
3357 global $db, $user;
3358
3359 $sql = 'SELECT group_name, group_type
3360 FROM ' . GROUPS_TABLE . '
3361 WHERE group_id = ' . (int) $group_id;
3362 $result = $db->sql_query($sql);
3363 $row = $db->sql_fetchrow($result);
3364 $db->sql_freeresult($result);
3365
3366 if (!$row || ($row['group_type'] == GROUP_SPECIAL && empty($user->lang)))
3367 {
3368 return '';
3369 }
3370
3371 return ($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name'];
3372}
3373
3374/**
3375* Obtain either the members of a specified group, the groups the specified user is subscribed to
3376* or checking if a specified user is in a specified group. This function does not return pending memberships.
3377*
3378* Note: Never use this more than once... first group your users/groups
3379*/
3380function group_memberships($group_id_ary = false, $user_id_ary = false, $return_bool = false)
3381{
3382 global $db;
3383
3384 if (!$group_id_ary && !$user_id_ary)
3385 {
3386 return true;
3387 }
3388
3389 if ($user_id_ary)
3390 {
3391 $user_id_ary = (!is_array($user_id_ary)) ? array($user_id_ary) : $user_id_ary;
3392 }
3393
3394 if ($group_id_ary)
3395 {
3396 $group_id_ary = (!is_array($group_id_ary)) ? array($group_id_ary) : $group_id_ary;
3397 }
3398
3399 $sql = 'SELECT ug.*, u.username, u.username_clean, u.user_email
3400 FROM ' . USER_GROUP_TABLE . ' ug, ' . USERS_TABLE . ' u
3401 WHERE ug.user_id = u.user_id
3402 AND ug.user_pending = 0 AND ';
3403
3404 if ($group_id_ary)
3405 {
3406 $sql .= ' ' . $db->sql_in_set('ug.group_id', $group_id_ary);
3407 }
3408
3409 if ($user_id_ary)
3410 {
3411 $sql .= ($group_id_ary) ? ' AND ' : ' ';
3412 $sql .= $db->sql_in_set('ug.user_id', $user_id_ary);
3413 }
3414
3415 $result = ($return_bool) ? $db->sql_query_limit($sql, 1) : $db->sql_query($sql);
3416
3417 $row = $db->sql_fetchrow($result);
3418
3419 if ($return_bool)
3420 {
3421 $db->sql_freeresult($result);
3422 return ($row) ? true : false;
3423 }
3424
3425 if (!$row)
3426 {
3427 return false;
3428 }
3429
3430 $return = array();
3431
3432 do
3433 {
3434 $return[] = $row;
3435 }
3436 while ($row = $db->sql_fetchrow($result));
3437
3438 $db->sql_freeresult($result);
3439
3440 return $return;
3441}
3442
3443/**
3444* Re-cache moderators and foes if group has a_ or m_ permissions
3445*/
3446function group_update_listings($group_id)
3447{
3448 global $auth;
3449
3450 $hold_ary = $auth->acl_group_raw_data($group_id, array('a_', 'm_'));
3451
3452 if (!sizeof($hold_ary))
3453 {
3454 return;
3455 }
3456
3457 $mod_permissions = $admin_permissions = false;
3458
3459 foreach ($hold_ary as $g_id => $forum_ary)
3460 {
3461 foreach ($forum_ary as $forum_id => $auth_ary)
3462 {
3463 foreach ($auth_ary as $auth_option => $setting)
3464 {
3465 if ($mod_permissions && $admin_permissions)
3466 {
3467 break 3;
3468 }
3469
3470 if ($setting != ACL_YES)
3471 {
3472 continue;
3473 }
3474
3475 if ($auth_option == 'm_')
3476 {
3477 $mod_permissions = true;
3478 }
3479
3480 if ($auth_option == 'a_')
3481 {
3482 $admin_permissions = true;
3483 }
3484 }
3485 }
3486 }
3487
3488 if ($mod_permissions)
3489 {
3490 if (!function_exists('cache_moderators'))
3491 {
3492 global $phpbb_root_path, $phpEx;
3493 include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
3494 }
3495 cache_moderators();
3496 }
3497
3498 if ($mod_permissions || $admin_permissions)
3499 {
3500 if (!function_exists('update_foes'))
3501 {
3502 global $phpbb_root_path, $phpEx;
3503 include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
3504 }
3505 update_foes(array($group_id));
3506 }
3507}
3508
3509
3510
3511/**
3512* Funtion to make a user leave the NEWLY_REGISTERED system group.
3513* @access public
3514* @param $user_id The id of the user to remove from the group
3515*/
3516function remove_newly_registered($user_id, $user_data = false)
3517{
3518 global $db;
3519
3520 if ($user_data === false)
3521 {
3522 $sql = 'SELECT *
3523 FROM ' . USERS_TABLE . '
3524 WHERE user_id = ' . $user_id;
3525 $result = $db->sql_query($sql);
3526 $user_row = $db->sql_fetchrow($result);
3527 $db->sql_freeresult($result);
3528
3529 if (!$user_row)
3530 {
3531 return false;
3532 }
3533 else
3534 {
3535 $user_data = $user_row;
3536 }
3537 }
3538
3539 if (empty($user_data['user_new']))
3540 {
3541 return false;
3542 }
3543
3544 $sql = 'SELECT group_id
3545 FROM ' . GROUPS_TABLE . "
3546 WHERE group_name = 'NEWLY_REGISTERED'
3547 AND group_type = " . GROUP_SPECIAL;
3548 $result = $db->sql_query($sql);
3549 $group_id = (int) $db->sql_fetchfield('group_id');
3550 $db->sql_freeresult($result);
3551
3552 if (!$group_id)
3553 {
3554 return false;
3555 }
3556
3557 // We need to call group_user_del here, because this function makes sure everything is correctly changed.
3558 // A downside for a call within the session handler is that the language is not set up yet - so no log entry
3559 group_user_del($group_id, $user_id);
3560
3561 // Set user_new to 0 to let this not be triggered again
3562 $sql = 'UPDATE ' . USERS_TABLE . '
3563 SET user_new = 0
3564 WHERE user_id = ' . $user_id;
3565 $db->sql_query($sql);
3566
3567 // The new users group was the users default group?
3568 if ($user_data['group_id'] == $group_id)
3569 {
3570 // Which group is now the users default one?
3571 $sql = 'SELECT group_id
3572 FROM ' . USERS_TABLE . '
3573 WHERE user_id = ' . $user_id;
3574 $result = $db->sql_query($sql);
3575 $user_data['group_id'] = $db->sql_fetchfield('group_id');
3576 $db->sql_freeresult($result);
3577 }
3578
3579 return $user_data['group_id'];
3580}
3581
3582?>
Note: See TracBrowser for help on using the repository browser.