5
* @version $Id: functions_user.php,v 1.242 2007/11/10 18:50:35 kellanved Exp $
6
* @copyright (c) 2005 phpBB Group
7
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
14
if (!defined('IN_PHPBB'))
20
* Obtain user_ids from usernames or vice versa. Returns false on
21
* success else the error string
23
* @param array &$user_id_ary The user ids to check or empty if usernames used
24
* @param array &$username_ary The usernames to check or empty if user ids used
25
* @param mixed $user_type Array of user types to check, false if not restricting by user type
27
function user_get_id_name(&$user_id_ary, &$username_ary, $user_type = false)
31
// Are both arrays already filled? Yep, return else
32
// are neither array filled?
33
if ($user_id_ary && $username_ary)
37
else if (!$user_id_ary && !$username_ary)
42
$which_ary = ($user_id_ary) ? 'user_id_ary' : 'username_ary';
44
if ($$which_ary && !is_array($$which_ary))
46
$$which_ary = array($$which_ary);
49
$sql_in = ($which_ary == 'user_id_ary') ? array_map('intval', $$which_ary) : array_map('utf8_clean_string', $$which_ary);
52
$user_id_ary = $username_ary = array();
54
// Grab the user id/username records
55
$sql_where = ($which_ary == 'user_id_ary') ? 'user_id' : 'username_clean';
56
$sql = 'SELECT user_id, username
57
FROM ' . USERS_TABLE . '
58
WHERE ' . $db->sql_in_set($sql_where, $sql_in);
60
if ($user_type !== false && !empty($user_type))
62
$sql .= ' AND ' . $db->sql_in_set('user_type', $user_type);
65
$result = $db->sql_query($sql);
67
if (!($row = $db->sql_fetchrow($result)))
69
$db->sql_freeresult($result);
75
$username_ary[$row['user_id']] = $row['username'];
76
$user_id_ary[] = $row['user_id'];
78
while ($row = $db->sql_fetchrow($result));
79
$db->sql_freeresult($result);
85
* Get latest registered username and update database to reflect it
87
function update_last_username()
91
// Get latest username
92
$sql = 'SELECT user_id, username, user_colour
93
FROM ' . USERS_TABLE . '
94
WHERE user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')
95
ORDER BY user_id DESC';
96
$result = $db->sql_query_limit($sql, 1);
97
$row = $db->sql_fetchrow($result);
98
$db->sql_freeresult($result);
102
set_config('newest_user_id', $row['user_id'], true);
103
set_config('newest_username', $row['username'], true);
104
set_config('newest_user_colour', $row['user_colour'], true);
109
* Updates a username across all relevant tables/fields
111
* @param string $old_name the old/current username
112
* @param string $new_name the new username
114
function user_update_name($old_name, $new_name)
116
global $config, $db, $cache;
119
FORUMS_TABLE => array('forum_last_poster_name'),
120
MODERATOR_CACHE_TABLE => array('username'),
121
POSTS_TABLE => array('post_username'),
122
TOPICS_TABLE => array('topic_first_poster_name', 'topic_last_poster_name'),
125
foreach ($update_ary as $table => $field_ary)
127
foreach ($field_ary as $field)
129
$sql = "UPDATE $table
130
SET $field = '" . $db->sql_escape($new_name) . "'
131
WHERE $field = '" . $db->sql_escape($old_name) . "'";
132
$db->sql_query($sql);
136
if ($config['newest_username'] == $old_name)
138
set_config('newest_username', $new_name, true);
145
function user_add($user_row, $cp_data = false)
147
global $db, $user, $auth, $config, $phpbb_root_path, $phpEx;
149
if (empty($user_row['username']) || !isset($user_row['group_id']) || !isset($user_row['user_email']) || !isset($user_row['user_type']))
154
$username_clean = utf8_clean_string($user_row['username']);
156
if (empty($username_clean))
162
'username' => $user_row['username'],
163
'username_clean' => $username_clean,
164
'user_password' => (isset($user_row['user_password'])) ? $user_row['user_password'] : '',
165
'user_pass_convert' => 0,
166
'user_email' => strtolower($user_row['user_email']),
167
'user_email_hash' => crc32(strtolower($user_row['user_email'])) . strlen($user_row['user_email']),
168
'group_id' => $user_row['group_id'],
169
'user_type' => $user_row['user_type'],
172
// These are the additional vars able to be specified
173
$additional_vars = array(
174
'user_permissions' => '',
175
'user_timezone' => $config['board_timezone'],
176
'user_dateformat' => $config['default_dateformat'],
177
'user_lang' => $config['default_lang'],
178
'user_style' => $config['default_style'],
179
'user_allow_pm' => 1,
182
'user_regdate' => time(),
183
'user_passchg' => time(),
184
'user_options' => 895,
186
'user_inactive_reason' => 0,
187
'user_inactive_time' => 0,
188
'user_lastmark' => time(),
189
'user_lastvisit' => 0,
190
'user_lastpost_time' => 0,
191
'user_lastpage' => '',
193
'user_dst' => (int) $config['board_dst'],
196
'user_interests' => '',
198
'user_avatar_type' => 0,
199
'user_avatar_width' => 0,
200
'user_avatar_height' => 0,
201
'user_new_privmsg' => 0,
202
'user_unread_privmsg' => 0,
203
'user_last_privmsg' => 0,
204
'user_message_rules' => 0,
205
'user_full_folder' => PRIVMSGS_NO_BOX,
206
'user_emailtime' => 0,
209
'user_notify_pm' => 1,
210
'user_notify_type' => NOTIFY_EMAIL,
211
'user_allow_pm' => 1,
212
'user_allow_viewonline' => 1,
213
'user_allow_viewemail' => 1,
214
'user_allow_massemail' => 1,
217
'user_sig_bbcode_uid' => '',
218
'user_sig_bbcode_bitfield' => '',
220
'user_form_salt' => unique_id(),
223
// Now fill the sql array with not required variables
224
foreach ($additional_vars as $key => $default_value)
226
$sql_ary[$key] = (isset($user_row[$key])) ? $user_row[$key] : $default_value;
229
// Any additional variables in $user_row not covered above?
230
$remaining_vars = array_diff(array_keys($user_row), array_keys($sql_ary));
232
// Now fill our sql array with the remaining vars
233
if (sizeof($remaining_vars))
235
foreach ($remaining_vars as $key)
237
$sql_ary[$key] = $user_row[$key];
241
$sql = 'INSERT INTO ' . USERS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
242
$db->sql_query($sql);
244
$user_id = $db->sql_nextid();
246
// Insert Custom Profile Fields
247
if ($cp_data !== false && sizeof($cp_data))
249
$cp_data['user_id'] = (int) $user_id;
251
if (!class_exists('custom_profile'))
253
include_once($phpbb_root_path . 'includes/functions_profile_fields.' . $phpEx);
256
$sql = 'INSERT INTO ' . PROFILE_FIELDS_DATA_TABLE . ' ' .
257
$db->sql_build_array('INSERT', custom_profile::build_insert_sql_array($cp_data));
258
$db->sql_query($sql);
261
// Place into appropriate group...
262
$sql = 'INSERT INTO ' . USER_GROUP_TABLE . ' ' . $db->sql_build_array('INSERT', array(
263
'user_id' => (int) $user_id,
264
'group_id' => (int) $user_row['group_id'],
267
$db->sql_query($sql);
269
// Now make it the users default group...
270
group_set_user_default($user_row['group_id'], array($user_id), false);
272
// set the newest user and adjust the user count if the user is a normal user and no activation mail is sent
273
if ($user_row['user_type'] == USER_NORMAL)
275
set_config('newest_user_id', $user_id, true);
276
set_config('newest_username', $user_row['username'], true);
277
set_config('num_users', $config['num_users'] + 1, true);
279
$sql = 'SELECT group_colour
280
FROM ' . GROUPS_TABLE . '
281
WHERE group_id = ' . $user_row['group_id'];
282
$result = $db->sql_query_limit($sql, 1);
283
$row = $db->sql_fetchrow($result);
284
$db->sql_freeresult($result);
286
set_config('newest_user_colour', $row['group_colour'], true);
295
function user_delete($mode, $user_id, $post_username = false)
297
global $cache, $config, $db, $user, $auth;
298
global $phpbb_root_path, $phpEx;
301
FROM ' . USERS_TABLE . '
302
WHERE user_id = ' . $user_id;
303
$result = $db->sql_query($sql);
304
$user_row = $db->sql_fetchrow($result);
305
$db->sql_freeresult($result);
312
$db->sql_transaction('begin');
314
// Before we begin, we will remove the reports the user issued.
315
$sql = 'SELECT r.post_id, p.topic_id
316
FROM ' . REPORTS_TABLE . ' r, ' . POSTS_TABLE . ' p
317
WHERE r.user_id = ' . $user_id . '
318
AND p.post_id = r.post_id';
319
$result = $db->sql_query($sql);
321
$report_posts = $report_topics = array();
322
while ($row = $db->sql_fetchrow($result))
324
$report_posts[] = $row['post_id'];
325
$report_topics[] = $row['topic_id'];
327
$db->sql_freeresult($result);
329
if (sizeof($report_posts))
331
$report_posts = array_unique($report_posts);
332
$report_topics = array_unique($report_topics);
334
// Get a list of topics that still contain reported posts
335
$sql = 'SELECT DISTINCT topic_id
336
FROM ' . POSTS_TABLE . '
337
WHERE ' . $db->sql_in_set('topic_id', $report_topics) . '
338
AND post_reported = 1
339
AND ' . $db->sql_in_set('post_id', $report_posts, true);
340
$result = $db->sql_query($sql);
342
$keep_report_topics = array();
343
while ($row = $db->sql_fetchrow($result))
345
$keep_report_topics[] = $row['topic_id'];
347
$db->sql_freeresult($result);
349
if (sizeof($keep_report_topics))
351
$report_topics = array_diff($report_topics, $keep_report_topics);
353
unset($keep_report_topics);
355
// Now set the flags back
356
$sql = 'UPDATE ' . POSTS_TABLE . '
357
SET post_reported = 0
358
WHERE ' . $db->sql_in_set('post_id', $report_posts);
359
$db->sql_query($sql);
361
if (sizeof($report_topics))
363
$sql = 'UPDATE ' . TOPICS_TABLE . '
364
SET topic_reported = 0
365
WHERE ' . $db->sql_in_set('topic_id', $report_topics);
366
$db->sql_query($sql);
371
$db->sql_query('DELETE FROM ' . REPORTS_TABLE . ' WHERE user_id = ' . $user_id);
373
if ($user_row['user_avatar'] && $user_row['user_avatar_type'] == AVATAR_UPLOAD)
375
avatar_delete('user', $user_row);
382
if ($post_username === false)
384
$post_username = $user->lang['GUEST'];
387
// If the user is inactive and newly registered we assume no posts from this user being there...
388
if ($user_row['user_type'] == USER_INACTIVE && $user_row['user_inactive_reason'] == INACTIVE_REGISTER && !$user_row['user_posts'])
393
$sql = 'UPDATE ' . FORUMS_TABLE . '
394
SET forum_last_poster_id = ' . ANONYMOUS . ", forum_last_poster_name = '" . $db->sql_escape($post_username) . "', forum_last_poster_colour = ''
395
WHERE forum_last_poster_id = $user_id";
396
$db->sql_query($sql);
398
$sql = 'UPDATE ' . POSTS_TABLE . '
399
SET poster_id = ' . ANONYMOUS . ", post_username = '" . $db->sql_escape($post_username) . "'
400
WHERE poster_id = $user_id";
401
$db->sql_query($sql);
403
$sql = 'UPDATE ' . POSTS_TABLE . '
404
SET post_edit_user = ' . ANONYMOUS . "
405
WHERE post_edit_user = $user_id";
406
$db->sql_query($sql);
408
$sql = 'UPDATE ' . TOPICS_TABLE . '
409
SET topic_poster = ' . ANONYMOUS . ", topic_first_poster_name = '" . $db->sql_escape($post_username) . "', topic_first_poster_colour = ''
410
WHERE topic_poster = $user_id";
411
$db->sql_query($sql);
413
$sql = 'UPDATE ' . TOPICS_TABLE . '
414
SET topic_last_poster_id = ' . ANONYMOUS . ", topic_last_poster_name = '" . $db->sql_escape($post_username) . "', topic_last_poster_colour = ''
415
WHERE topic_last_poster_id = $user_id";
416
$db->sql_query($sql);
418
// Since we change every post by this author, we need to count this amount towards the anonymous user
420
// Update the post count for the anonymous user
421
if ($user_row['user_posts'])
423
$sql = 'UPDATE ' . USERS_TABLE . '
424
SET user_posts = user_posts + ' . $user_row['user_posts'] . '
425
WHERE user_id = ' . ANONYMOUS;
426
$db->sql_query($sql);
433
if (!function_exists('delete_posts'))
435
include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
438
$sql = 'SELECT topic_id, COUNT(post_id) AS total_posts
439
FROM ' . POSTS_TABLE . "
440
WHERE poster_id = $user_id
442
$result = $db->sql_query($sql);
444
$topic_id_ary = array();
445
while ($row = $db->sql_fetchrow($result))
447
$topic_id_ary[$row['topic_id']] = $row['total_posts'];
449
$db->sql_freeresult($result);
451
if (sizeof($topic_id_ary))
453
$sql = 'SELECT topic_id, topic_replies, topic_replies_real
454
FROM ' . TOPICS_TABLE . '
455
WHERE ' . $db->sql_in_set('topic_id', array_keys($topic_id_ary));
456
$result = $db->sql_query($sql);
458
$del_topic_ary = array();
459
while ($row = $db->sql_fetchrow($result))
461
if (max($row['topic_replies'], $row['topic_replies_real']) + 1 == $topic_id_ary[$row['topic_id']])
463
$del_topic_ary[] = $row['topic_id'];
466
$db->sql_freeresult($result);
468
if (sizeof($del_topic_ary))
470
$sql = 'DELETE FROM ' . TOPICS_TABLE . '
471
WHERE ' . $db->sql_in_set('topic_id', $del_topic_ary);
472
$db->sql_query($sql);
476
// Delete posts, attachments, etc.
477
delete_posts('poster_id', $user_id);
482
$table_ary = array(USERS_TABLE, USER_GROUP_TABLE, TOPICS_WATCH_TABLE, FORUMS_WATCH_TABLE, ACL_USERS_TABLE, TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, FORUMS_TRACK_TABLE, PROFILE_FIELDS_DATA_TABLE, MODERATOR_CACHE_TABLE);
484
foreach ($table_ary as $table)
486
$sql = "DELETE FROM $table
487
WHERE user_id = $user_id";
488
$db->sql_query($sql);
491
$cache->destroy('sql', MODERATOR_CACHE_TABLE);
493
// Remove any undelivered mails...
494
$sql = 'SELECT msg_id, user_id
495
FROM ' . PRIVMSGS_TO_TABLE . '
496
WHERE author_id = ' . $user_id . '
497
AND folder_id = ' . PRIVMSGS_NO_BOX;
498
$result = $db->sql_query($sql);
500
$undelivered_msg = $undelivered_user = array();
501
while ($row = $db->sql_fetchrow($result))
503
$undelivered_msg[] = $row['msg_id'];
504
$undelivered_user[$row['user_id']][] = true;
506
$db->sql_freeresult($result);
508
if (sizeof($undelivered_msg))
510
$sql = 'DELETE FROM ' . PRIVMSGS_TABLE . '
511
WHERE ' . $db->sql_in_set('msg_id', $undelivered_msg);
512
$db->sql_query($sql);
515
$sql = 'DELETE FROM ' . PRIVMSGS_TO_TABLE . '
516
WHERE author_id = ' . $user_id . '
517
AND folder_id = ' . PRIVMSGS_NO_BOX;
518
$db->sql_query($sql);
520
// Delete all to-information
521
$sql = 'DELETE FROM ' . PRIVMSGS_TO_TABLE . '
522
WHERE user_id = ' . $user_id;
523
$db->sql_query($sql);
525
// Set the remaining author id to anonymous - this way users are still able to read messages from users being removed
526
$sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . '
527
SET author_id = ' . ANONYMOUS . '
528
WHERE author_id = ' . $user_id;
529
$db->sql_query($sql);
531
$sql = 'UPDATE ' . PRIVMSGS_TABLE . '
532
SET author_id = ' . ANONYMOUS . '
533
WHERE author_id = ' . $user_id;
534
$db->sql_query($sql);
536
foreach ($undelivered_user as $_user_id => $ary)
538
if ($_user_id == $user_id)
543
$sql = 'UPDATE ' . USERS_TABLE . '
544
SET user_new_privmsg = user_new_privmsg - ' . sizeof($ary) . ',
545
user_unread_privmsg = user_unread_privmsg - ' . sizeof($ary) . '
546
WHERE user_id = ' . $_user_id;
547
$db->sql_query($sql);
550
// Reset newest user info if appropriate
551
if ($config['newest_user_id'] == $user_id)
553
update_last_username();
556
// Decrement number of users if this user is active
557
if ($user_row['user_type'] != USER_INACTIVE && $user_row['user_type'] != USER_IGNORE)
559
set_config('num_users', $config['num_users'] - 1, true);
562
$db->sql_transaction('commit');
568
* Flips user_type from active to inactive and vice versa, handles group membership updates
570
* @param string $mode can be flip for flipping from active/inactive, activate or deactivate
572
function user_active_flip($mode, $user_id_ary, $reason = INACTIVE_MANUAL)
574
global $config, $db, $user, $auth;
576
$deactivated = $activated = 0;
577
$sql_statements = array();
579
if (!is_array($user_id_ary))
581
$user_id_ary = array($user_id_ary);
584
if (!sizeof($user_id_ary))
589
$sql = 'SELECT user_id, group_id, user_type, user_inactive_reason
590
FROM ' . USERS_TABLE . '
591
WHERE ' . $db->sql_in_set('user_id', $user_id_ary);
592
$result = $db->sql_query($sql);
594
while ($row = $db->sql_fetchrow($result))
598
if ($row['user_type'] == USER_IGNORE || $row['user_type'] == USER_FOUNDER ||
599
($mode == 'activate' && $row['user_type'] != USER_INACTIVE) ||
600
($mode == 'deactivate' && $row['user_type'] == USER_INACTIVE))
605
if ($row['user_type'] == USER_INACTIVE)
613
// Remove the users session key...
614
$user->reset_login_keys($row['user_id']);
618
'user_type' => ($row['user_type'] == USER_NORMAL) ? USER_INACTIVE : USER_NORMAL,
619
'user_inactive_time' => ($row['user_type'] == USER_NORMAL) ? time() : 0,
620
'user_inactive_reason' => ($row['user_type'] == USER_NORMAL) ? $reason : 0,
623
$sql_statements[$row['user_id']] = $sql_ary;
625
$db->sql_freeresult($result);
627
if (sizeof($sql_statements))
629
foreach ($sql_statements as $user_id => $sql_ary)
631
$sql = 'UPDATE ' . USERS_TABLE . '
632
SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
633
WHERE user_id = ' . $user_id;
634
$db->sql_query($sql);
637
$auth->acl_clear_prefetch(array_keys($sql_statements));
642
set_config('num_users', $config['num_users'] - $deactivated, true);
647
set_config('num_users', $config['num_users'] + $activated, true);
650
// Update latest username
651
update_last_username();
655
* Add a ban or ban exclusion to the banlist. Bans either a user, an IP or an email address
657
* @param string $mode Type of ban. One of the following: user, ip, email
658
* @param mixed $ban Banned entity. Either string or array with usernames, ips or email addresses
659
* @param int $ban_len Ban length in minutes
660
* @param string $ban_len_other Ban length as a date (YYYY-MM-DD)
661
* @param boolean $ban_exclude Exclude these entities from banning?
662
* @param string $ban_reason String describing the reason for this ban
665
function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reason, $ban_give_reason = '')
667
global $db, $user, $auth, $cache;
670
$sql = 'DELETE FROM ' . BANLIST_TABLE . '
671
WHERE ban_end < ' . time() . '
673
$db->sql_query($sql);
675
$ban_list = (!is_array($ban)) ? array_unique(explode("\n", $ban)) : $ban;
676
$ban_list_log = implode(', ', $ban_list);
678
$current_time = time();
680
// Set $ban_end to the unix time when the ban should end. 0 is a permanent ban.
683
if ($ban_len != -1 || !$ban_len_other)
685
$ban_end = max($current_time, $current_time + ($ban_len) * 60);
689
$ban_other = explode('-', $ban_len_other);
690
if (sizeof($ban_other) == 3 && ((int)$ban_other[0] < 9999) &&
691
(strlen($ban_other[0]) == 4) && (strlen($ban_other[1]) == 2) && (strlen($ban_other[2]) == 2))
693
$ban_end = max($current_time, gmmktime(0, 0, 0, (int)$ban_other[1], (int)$ban_other[2], (int)$ban_other[0]));
697
trigger_error('LENGTH_BAN_INVALID');
706
$founder = $founder_names = array();
710
// Create a list of founder...
711
$sql = 'SELECT user_id, user_email, username_clean
712
FROM ' . USERS_TABLE . '
713
WHERE user_type = ' . USER_FOUNDER;
714
$result = $db->sql_query($sql);
716
while ($row = $db->sql_fetchrow($result))
718
$founder[$row['user_id']] = $row['user_email'];
719
$founder_names[$row['user_id']] = $row['username_clean'];
721
$db->sql_freeresult($result);
724
$banlist_ary = array();
729
$type = 'ban_userid';
731
if (in_array('*', $ban_list))
733
// Ban all users (it's a good thing that you can exclude people)
734
$banlist_ary[] = '*';
738
// Select the relevant user_ids.
739
$sql_usernames = array();
741
foreach ($ban_list as $username)
743
$username = trim($username);
746
$clean_name = utf8_clean_string($username);
747
if ($clean_name == $user->data['username_clean'])
749
trigger_error('CANNOT_BAN_YOURSELF', E_USER_WARNING);
751
if (in_array($clean_name, $founder_names))
753
trigger_error('CANNOT_BAN_FOUNDER', E_USER_WARNING);
755
$sql_usernames[] = $clean_name;
759
// Make sure we have been given someone to ban
760
if (!sizeof($sql_usernames))
762
trigger_error('NO_USER_SPECIFIED');
765
$sql = 'SELECT user_id
766
FROM ' . USERS_TABLE . '
767
WHERE ' . $db->sql_in_set('username_clean', $sql_usernames);
769
// Do not allow banning yourself
770
if (sizeof($founder))
772
$sql .= ' AND ' . $db->sql_in_set('user_id', array_merge(array_keys($founder), array($user->data['user_id'])), true);
776
$sql .= ' AND user_id <> ' . $user->data['user_id'];
779
$result = $db->sql_query($sql);
781
if ($row = $db->sql_fetchrow($result))
785
$banlist_ary[] = (int) $row['user_id'];
787
while ($row = $db->sql_fetchrow($result));
791
trigger_error('NO_USERS');
793
$db->sql_freeresult($result);
800
foreach ($ban_list as $ban_item)
802
if (preg_match('#^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})[ ]*\-[ ]*([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$#', trim($ban_item), $ip_range_explode))
804
// This is an IP range
805
// Don't ask about all this, just don't ask ... !
806
$ip_1_counter = $ip_range_explode[1];
807
$ip_1_end = $ip_range_explode[5];
809
while ($ip_1_counter <= $ip_1_end)
811
$ip_2_counter = ($ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[2] : 0;
812
$ip_2_end = ($ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[6];
814
if ($ip_2_counter == 0 && $ip_2_end == 254)
817
$ip_2_fragment = 256;
819
$banlist_ary[] = "$ip_1_counter.*";
822
while ($ip_2_counter <= $ip_2_end)
824
$ip_3_counter = ($ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[3] : 0;
825
$ip_3_end = ($ip_2_counter < $ip_2_end || $ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[7];
827
if ($ip_3_counter == 0 && $ip_3_end == 254)
830
$ip_3_fragment = 256;
832
$banlist_ary[] = "$ip_1_counter.$ip_2_counter.*";
835
while ($ip_3_counter <= $ip_3_end)
837
$ip_4_counter = ($ip_3_counter == $ip_range_explode[3] && $ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[4] : 0;
838
$ip_4_end = ($ip_3_counter < $ip_3_end || $ip_2_counter < $ip_2_end) ? 254 : $ip_range_explode[8];
840
if ($ip_4_counter == 0 && $ip_4_end == 254)
843
$ip_4_fragment = 256;
845
$banlist_ary[] = "$ip_1_counter.$ip_2_counter.$ip_3_counter.*";
848
while ($ip_4_counter <= $ip_4_end)
850
$banlist_ary[] = "$ip_1_counter.$ip_2_counter.$ip_3_counter.$ip_4_counter";
860
else if (preg_match('#^([0-9]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})$#', trim($ban_item)) || preg_match('#^[a-f0-9:]+\*?$#i', trim($ban_item)))
863
$banlist_ary[] = trim($ban_item);
865
else if (preg_match('#^\*$#', trim($ban_item)))
868
$banlist_ary[] = '*';
870
else if (preg_match('#^([\w\-_]\.?){2,}$#is', trim($ban_item)))
873
$ip_ary = gethostbynamel(trim($ban_item));
877
foreach ($ip_ary as $ip)
881
if (strlen($ip) > 40)
886
$banlist_ary[] = $ip;
893
trigger_error('NO_IPS_DEFINED');
901
foreach ($ban_list as $ban_item)
903
$ban_item = trim($ban_item);
905
if (preg_match('#^.*?@*|(([a-z0-9\-]+\.)+([a-z]{2,3}))$#i', $ban_item))
907
if (strlen($ban_item) > 100)
912
if (!sizeof($founder) || !in_array($ban_item, $founder))
914
$banlist_ary[] = $ban_item;
919
if (sizeof($ban_list) == 0)
921
trigger_error('NO_EMAILS_DEFINED');
926
trigger_error('NO_MODE');
930
// Fetch currently set bans of the specified type and exclude state. Prevent duplicate bans.
931
$sql_where = ($type == 'ban_userid') ? 'ban_userid <> 0' : "$type <> ''";
934
FROM " . BANLIST_TABLE . "
936
AND ban_exclude = $ban_exclude";
937
$result = $db->sql_query($sql);
939
// Reset $sql_where, because we use it later...
942
if ($row = $db->sql_fetchrow($result))
944
$banlist_ary_tmp = array();
950
$banlist_ary_tmp[] = $row['ban_userid'];
954
$banlist_ary_tmp[] = $row['ban_ip'];
958
$banlist_ary_tmp[] = $row['ban_email'];
962
while ($row = $db->sql_fetchrow($result));
964
$banlist_ary = array_unique(array_diff($banlist_ary, $banlist_ary_tmp));
965
unset($banlist_ary_tmp);
967
$db->sql_freeresult($result);
969
// We have some entities to ban
970
if (sizeof($banlist_ary))
974
foreach ($banlist_ary as $ban_entry)
978
'ban_start' => (int) $current_time,
979
'ban_end' => (int) $ban_end,
980
'ban_exclude' => (int) $ban_exclude,
981
'ban_reason' => (string) $ban_reason,
982
'ban_give_reason' => (string) $ban_give_reason,
986
$db->sql_multi_insert(BANLIST_TABLE, $sql_ary);
988
// If we are banning we want to logout anyone matching the ban
994
$sql_where = (in_array('*', $banlist_ary)) ? '' : 'WHERE ' . $db->sql_in_set('session_user_id', $banlist_ary);
998
$sql_where = 'WHERE ' . $db->sql_in_set('session_ip', $banlist_ary);
1002
$banlist_ary_sql = array();
1004
foreach ($banlist_ary as $ban_entry)
1006
$banlist_ary_sql[] = (string) str_replace('*', '%', $ban_entry);
1009
$sql = 'SELECT user_id
1010
FROM ' . USERS_TABLE . '
1011
WHERE ' . $db->sql_in_set('user_email', $banlist_ary_sql);
1012
$result = $db->sql_query($sql);
1016
if ($row = $db->sql_fetchrow($result))
1020
$sql_in[] = $row['user_id'];
1022
while ($row = $db->sql_fetchrow($result));
1024
$sql_where = 'WHERE ' . $db->sql_in_set('session_user_id', $sql_in);
1026
$db->sql_freeresult($result);
1030
if (isset($sql_where) && $sql_where)
1032
$sql = 'DELETE FROM ' . SESSIONS_TABLE . "
1034
$db->sql_query($sql);
1036
if ($mode == 'user')
1038
$sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' ' . ((in_array('*', $banlist_ary)) ? '' : 'WHERE ' . $db->sql_in_set('user_id', $banlist_ary));
1039
$db->sql_query($sql);
1045
$log_entry = ($ban_exclude) ? 'LOG_BAN_EXCLUDE_' : 'LOG_BAN_';
1047
// Add to moderator and admin log
1048
add_log('admin', $log_entry . strtoupper($mode), $ban_reason, $ban_list_log);
1049
add_log('mod', 0, 0, $log_entry . strtoupper($mode), $ban_reason, $ban_list_log);
1051
$cache->destroy('sql', BANLIST_TABLE);
1056
// There was nothing to ban/exclude. But destroying the cache because of the removal of stale bans.
1057
$cache->destroy('sql', BANLIST_TABLE);
1065
function user_unban($mode, $ban)
1067
global $db, $user, $auth, $cache;
1069
// Delete stale bans
1070
$sql = 'DELETE FROM ' . BANLIST_TABLE . '
1071
WHERE ban_end < ' . time() . '
1073
$db->sql_query($sql);
1075
if (!is_array($ban))
1080
$unban_sql = array_map('intval', $ban);
1082
if (sizeof($unban_sql))
1084
// Grab details of bans for logging information later
1088
$sql = 'SELECT u.username AS unban_info
1089
FROM ' . USERS_TABLE . ' u, ' . BANLIST_TABLE . ' b
1090
WHERE ' . $db->sql_in_set('b.ban_id', $unban_sql) . '
1091
AND u.user_id = b.ban_userid';
1095
$sql = 'SELECT ban_email AS unban_info
1096
FROM ' . BANLIST_TABLE . '
1097
WHERE ' . $db->sql_in_set('ban_id', $unban_sql);
1101
$sql = 'SELECT ban_ip AS unban_info
1102
FROM ' . BANLIST_TABLE . '
1103
WHERE ' . $db->sql_in_set('ban_id', $unban_sql);
1106
$result = $db->sql_query($sql);
1109
while ($row = $db->sql_fetchrow($result))
1111
$l_unban_list .= (($l_unban_list != '') ? ', ' : '') . $row['unban_info'];
1113
$db->sql_freeresult($result);
1115
$sql = 'DELETE FROM ' . BANLIST_TABLE . '
1116
WHERE ' . $db->sql_in_set('ban_id', $unban_sql);
1117
$db->sql_query($sql);
1119
// Add to moderator and admin log
1120
add_log('admin', 'LOG_UNBAN_' . strtoupper($mode), $l_unban_list);
1121
add_log('mod', 0, 0, 'LOG_UNBAN_' . strtoupper($mode), $l_unban_list);
1124
$cache->destroy('sql', BANLIST_TABLE);
1132
function user_ipwhois($ip)
1137
// Only supporting IPv4 at the moment...
1138
if (empty($ip) || !preg_match(get_preg_expression('ipv4'), $ip))
1144
'#RIPE\.NET#is' => 'whois.ripe.net',
1145
'#whois\.apnic\.net#is' => 'whois.apnic.net',
1146
'#nic\.ad\.jp#is' => 'whois.nic.ad.jp',
1147
'#whois\.registro\.br#is' => 'whois.registro.br'
1150
if (($fsk = @fsockopen('whois.arin.net', 43)))
1152
fputs($fsk, "$ip\n");
1155
$ipwhois .= fgets($fsk, 1024);
1160
foreach (array_keys($match) as $server)
1162
if (preg_match($server, $ipwhois))
1165
if (($fsk = @fsockopen($match[$server], 43)))
1167
fputs($fsk, "$ip\n");
1170
$ipwhois .= fgets($fsk, 1024);
1178
$ipwhois = htmlspecialchars($ipwhois);
1181
return trim(make_clickable($ipwhois, false, ''));
1185
* Data validation ... used primarily but not exclusively by ucp modules
1187
* "Master" function for validating a range of data types
1189
function validate_data($data, $val_ary)
1193
foreach ($val_ary as $var => $val_seq)
1195
if (!is_array($val_seq[0]))
1197
$val_seq = array($val_seq);
1200
foreach ($val_seq as $validate)
1202
$function = array_shift($validate);
1203
array_unshift($validate, $data[$var]);
1205
if ($result = call_user_func_array('validate_' . $function, $validate))
1207
$error[] = $result . '_' . strtoupper($var);
1218
* @return boolean|string Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
1220
function validate_string($string, $optional = false, $min = 0, $max = 0)
1222
if (empty($string) && $optional)
1227
if ($min && utf8_strlen(htmlspecialchars_decode($string)) < $min)
1231
else if ($max && utf8_strlen(htmlspecialchars_decode($string)) > $max)
1242
* @return boolean|string Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
1244
function validate_num($num, $optional = false, $min = 0, $max = 1E99)
1246
if (empty($num) && $optional)
1255
else if ($num > $max)
1266
* @return boolean|string Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
1268
function validate_match($string, $optional = false, $match = '')
1270
if (empty($string) && $optional)
1280
if (!preg_match($match, $string))
1282
return 'WRONG_DATA';
1289
* Check to see if the username has been taken, or if it is disallowed.
1290
* Also checks if it includes the " character, which we don't allow in usernames.
1291
* Used for registering, changing names, and posting anonymously with a username
1293
* @param string $username The username to check
1294
* @param string $allowed_username An allowed username, default being $user->data['username']
1296
* @return mixed Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
1298
function validate_username($username, $allowed_username = false)
1300
global $config, $db, $user, $cache;
1302
$clean_username = utf8_clean_string($username);
1303
$allowed_username = ($allowed_username === false) ? $user->data['username_clean'] : utf8_clean_string($allowed_username);
1305
if ($allowed_username == $clean_username)
1310
// ... fast checks first.
1311
if (strpos($username, '"') !== false || strpos($username, '"') !== false || empty($clean_username))
1313
return 'INVALID_CHARS';
1316
$mbstring = $pcre = false;
1318
// generic UTF-8 character types supported?
1319
if ((version_compare(PHP_VERSION, '5.1.0', '>=') || (version_compare(PHP_VERSION, '5.0.0-dev', '<=') && version_compare(PHP_VERSION, '4.4.0', '>='))) && @preg_match('/\p{L}/u', 'a') !== false)
1323
else if (function_exists('mb_ereg_match'))
1325
mb_regex_encoding('UTF-8');
1329
switch ($config['allow_name_chars'])
1331
case 'USERNAME_CHARS_ANY':
1336
case 'USERNAME_ALPHA_ONLY':
1338
$regex = '[A-Za-z0-9]+';
1341
case 'USERNAME_ALPHA_SPACERS':
1343
$regex = '[A-Za-z0-9-[\]_+ ]+';
1346
case 'USERNAME_LETTER_NUM':
1349
$regex = '[\p{Lu}\p{Ll}\p{N}]+';
1353
$regex = '[[:upper:][:lower:][:digit:]]+';
1358
$regex = '[a-zA-Z0-9]+';
1362
case 'USERNAME_LETTER_NUM_SPACERS':
1365
$regex = '[-\]_+ [\p{Lu}\p{Ll}\p{N}]+';
1369
$regex = '[-\]_+ [[:upper:][:lower:][:digit:]]+';
1374
$regex = '[-\]_+ [a-zA-Z0-9]+';
1378
case 'USERNAME_ASCII':
1381
$regex = '[\x01-\x7F]+';
1387
if (!preg_match('#^' . $regex . '$#u', $username))
1389
return 'INVALID_CHARS';
1395
mb_ereg_search_init('^' . $username . '$', $regex, $matches);
1396
if (!mb_ereg_search())
1398
return 'INVALID_CHARS';
1402
$sql = 'SELECT username
1403
FROM ' . USERS_TABLE . "
1404
WHERE username_clean = '" . $db->sql_escape($clean_username) . "'";
1405
$result = $db->sql_query($sql);
1406
$row = $db->sql_fetchrow($result);
1407
$db->sql_freeresult($result);
1411
return 'USERNAME_TAKEN';
1414
$sql = 'SELECT group_name
1415
FROM ' . GROUPS_TABLE . "
1416
WHERE LOWER(group_name) = '" . $db->sql_escape(utf8_strtolower($username)) . "'";
1417
$result = $db->sql_query($sql);
1418
$row = $db->sql_fetchrow($result);
1419
$db->sql_freeresult($result);
1423
return 'USERNAME_TAKEN';
1426
$bad_usernames = $cache->obtain_disallowed_usernames();
1428
foreach ($bad_usernames as $bad_username)
1430
if (preg_match('#^' . $bad_username . '$#', $clean_username))
1432
return 'USERNAME_DISALLOWED';
1437
FROM ' . WORDS_TABLE;
1438
$result = $db->sql_query($sql);
1440
while ($row = $db->sql_fetchrow($result))
1442
if (preg_match('#(' . str_replace('\*', '.*?', preg_quote($row['word'], '#')) . ')#i', $username))
1444
$db->sql_freeresult($result);
1445
return 'USERNAME_DISALLOWED';
1448
$db->sql_freeresult($result);
1454
* Check to see if the password meets the complexity settings
1456
* @return boolean|string Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
1458
function validate_password($password)
1460
global $config, $db, $user;
1467
$pcre = $mbstring = false;
1469
// generic UTF-8 character types supported?
1470
if ((version_compare(PHP_VERSION, '5.1.0', '>=') || (version_compare(PHP_VERSION, '5.0.0-dev', '<=') && version_compare(PHP_VERSION, '4.4.0', '>='))) && @preg_match('/\p{L}/u', 'a') !== false)
1476
$sym = '[^\p{Lu}\p{Ll}\p{N}]';
1479
else if (function_exists('mb_ereg_match'))
1481
mb_regex_encoding('UTF-8');
1482
$upp = '[[:upper:]]';
1483
$low = '[[:lower:]]';
1484
$let = '[[:lower:][:upper:]]';
1485
$num = '[[:digit:]]';
1486
$sym = '[^[:upper:][:lower:][:digit:]]';
1495
$sym = '[^A-Za-z0-9]';
1501
switch ($config['pass_complex'])
1503
case 'PASS_TYPE_CASE':
1508
case 'PASS_TYPE_ALPHA':
1513
case 'PASS_TYPE_SYMBOL':
1523
foreach ($chars as $char)
1525
if (!preg_match('#' . $char . '#u', $password))
1527
return 'INVALID_CHARS';
1533
foreach ($chars as $char)
1535
if (mb_ereg($char, $password) === false)
1537
return 'INVALID_CHARS';
1546
* Check to see if email address is banned or already present in the DB
1548
* @param string $email The email to check
1549
* @param string $allowed_email An allowed email, default being $user->data['user_email']
1551
* @return mixed Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
1553
function validate_email($email, $allowed_email = false)
1555
global $config, $db, $user;
1557
$email = strtolower($email);
1558
$allowed_email = ($allowed_email === false) ? strtolower($user->data['user_email']) : strtolower($allowed_email);
1560
if ($allowed_email == $email)
1565
if (!preg_match('/^' . get_preg_expression('email') . '$/i', $email))
1567
return 'EMAIL_INVALID';
1571
// The idea for this is from reading the UseBB blog/announcement. :)
1572
if ($config['email_check_mx'])
1574
list(, $domain) = explode('@', $email);
1576
if (phpbb_checkdnsrr($domain, 'A') === false && phpbb_checkdnsrr($domain, 'MX') === false)
1578
return 'DOMAIN_NO_MX_RECORD';
1582
if ($user->check_ban(false, false, $email, true) == true)
1584
return 'EMAIL_BANNED';
1587
if (!$config['allow_emailreuse'])
1589
$sql = 'SELECT user_email_hash
1590
FROM ' . USERS_TABLE . "
1591
WHERE user_email_hash = " . (crc32($email) . strlen($email));
1592
$result = $db->sql_query($sql);
1593
$row = $db->sql_fetchrow($result);
1594
$db->sql_freeresult($result);
1598
return 'EMAIL_TAKEN';
1606
* Validate jabber address
1607
* Taken from the jabber class within flyspray (see author notes)
1609
* @author flyspray.org
1611
function validate_jabber($jid)
1618
$seperator_pos = strpos($jid, '@');
1620
if ($seperator_pos === false)
1622
return 'WRONG_DATA';
1625
$username = substr($jid, 0, $seperator_pos);
1626
$realm = substr($jid, $seperator_pos + 1);
1628
if (strlen($username) == 0 || strlen($realm) < 3)
1630
return 'WRONG_DATA';
1633
$arr = explode('.', $realm);
1635
if (sizeof($arr) == 0)
1637
return 'WRONG_DATA';
1640
foreach ($arr as $part)
1642
if (substr($part, 0, 1) == '-' || substr($part, -1, 1) == '-')
1644
return 'WRONG_DATA';
1647
if (!preg_match("@^[a-zA-Z0-9-.]+$@", $part))
1649
return 'WRONG_DATA';
1653
$boundary = array(array(0, 127), array(192, 223), array(224, 239), array(240, 247), array(248, 251), array(252, 253));
1655
// Prohibited Characters RFC3454 + RFC3920
1656
$prohibited = array(
1658
array(0x0020, 0x0020), // SPACE
1660
array(0x00A0, 0x00A0), // NO-BREAK SPACE
1661
array(0x1680, 0x1680), // OGHAM SPACE MARK
1662
array(0x2000, 0x2001), // EN QUAD
1663
array(0x2001, 0x2001), // EM QUAD
1664
array(0x2002, 0x2002), // EN SPACE
1665
array(0x2003, 0x2003), // EM SPACE
1666
array(0x2004, 0x2004), // THREE-PER-EM SPACE
1667
array(0x2005, 0x2005), // FOUR-PER-EM SPACE
1668
array(0x2006, 0x2006), // SIX-PER-EM SPACE
1669
array(0x2007, 0x2007), // FIGURE SPACE
1670
array(0x2008, 0x2008), // PUNCTUATION SPACE
1671
array(0x2009, 0x2009), // THIN SPACE
1672
array(0x200A, 0x200A), // HAIR SPACE
1673
array(0x200B, 0x200B), // ZERO WIDTH SPACE
1674
array(0x202F, 0x202F), // NARROW NO-BREAK SPACE
1675
array(0x205F, 0x205F), // MEDIUM MATHEMATICAL SPACE
1676
array(0x3000, 0x3000), // IDEOGRAPHIC SPACE
1678
array(0x0000, 0x001F), // [CONTROL CHARACTERS]
1679
array(0x007F, 0x007F), // DELETE
1681
array(0x0080, 0x009F), // [CONTROL CHARACTERS]
1682
array(0x06DD, 0x06DD), // ARABIC END OF AYAH
1683
array(0x070F, 0x070F), // SYRIAC ABBREVIATION MARK
1684
array(0x180E, 0x180E), // MONGOLIAN VOWEL SEPARATOR
1685
array(0x200C, 0x200C), // ZERO WIDTH NON-JOINER
1686
array(0x200D, 0x200D), // ZERO WIDTH JOINER
1687
array(0x2028, 0x2028), // LINE SEPARATOR
1688
array(0x2029, 0x2029), // PARAGRAPH SEPARATOR
1689
array(0x2060, 0x2060), // WORD JOINER
1690
array(0x2061, 0x2061), // FUNCTION APPLICATION
1691
array(0x2062, 0x2062), // INVISIBLE TIMES
1692
array(0x2063, 0x2063), // INVISIBLE SEPARATOR
1693
array(0x206A, 0x206F), // [CONTROL CHARACTERS]
1694
array(0xFEFF, 0xFEFF), // ZERO WIDTH NO-BREAK SPACE
1695
array(0xFFF9, 0xFFFC), // [CONTROL CHARACTERS]
1696
array(0x1D173, 0x1D17A), // [MUSICAL CONTROL CHARACTERS]
1698
array(0xE000, 0xF8FF), // [PRIVATE USE, PLANE 0]
1699
array(0xF0000, 0xFFFFD), // [PRIVATE USE, PLANE 15]
1700
array(0x100000, 0x10FFFD), // [PRIVATE USE, PLANE 16]
1702
array(0xFDD0, 0xFDEF), // [NONCHARACTER CODE POINTS]
1703
array(0xFFFE, 0xFFFF), // [NONCHARACTER CODE POINTS]
1704
array(0x1FFFE, 0x1FFFF), // [NONCHARACTER CODE POINTS]
1705
array(0x2FFFE, 0x2FFFF), // [NONCHARACTER CODE POINTS]
1706
array(0x3FFFE, 0x3FFFF), // [NONCHARACTER CODE POINTS]
1707
array(0x4FFFE, 0x4FFFF), // [NONCHARACTER CODE POINTS]
1708
array(0x5FFFE, 0x5FFFF), // [NONCHARACTER CODE POINTS]
1709
array(0x6FFFE, 0x6FFFF), // [NONCHARACTER CODE POINTS]
1710
array(0x7FFFE, 0x7FFFF), // [NONCHARACTER CODE POINTS]
1711
array(0x8FFFE, 0x8FFFF), // [NONCHARACTER CODE POINTS]
1712
array(0x9FFFE, 0x9FFFF), // [NONCHARACTER CODE POINTS]
1713
array(0xAFFFE, 0xAFFFF), // [NONCHARACTER CODE POINTS]
1714
array(0xBFFFE, 0xBFFFF), // [NONCHARACTER CODE POINTS]
1715
array(0xCFFFE, 0xCFFFF), // [NONCHARACTER CODE POINTS]
1716
array(0xDFFFE, 0xDFFFF), // [NONCHARACTER CODE POINTS]
1717
array(0xEFFFE, 0xEFFFF), // [NONCHARACTER CODE POINTS]
1718
array(0xFFFFE, 0xFFFFF), // [NONCHARACTER CODE POINTS]
1719
array(0x10FFFE, 0x10FFFF), // [NONCHARACTER CODE POINTS]
1721
array(0xD800, 0xDFFF), // [SURROGATE CODES]
1723
array(0xFFF9, 0xFFF9), // INTERLINEAR ANNOTATION ANCHOR
1724
array(0xFFFA, 0xFFFA), // INTERLINEAR ANNOTATION SEPARATOR
1725
array(0xFFFB, 0xFFFB), // INTERLINEAR ANNOTATION TERMINATOR
1726
array(0xFFFC, 0xFFFC), // OBJECT REPLACEMENT CHARACTER
1727
array(0xFFFD, 0xFFFD), // REPLACEMENT CHARACTER
1729
array(0x2FF0, 0x2FFB), // [IDEOGRAPHIC DESCRIPTION CHARACTERS]
1731
array(0x0340, 0x0340), // COMBINING GRAVE TONE MARK
1732
array(0x0341, 0x0341), // COMBINING ACUTE TONE MARK
1733
array(0x200E, 0x200E), // LEFT-TO-RIGHT MARK
1734
array(0x200F, 0x200F), // RIGHT-TO-LEFT MARK
1735
array(0x202A, 0x202A), // LEFT-TO-RIGHT EMBEDDING
1736
array(0x202B, 0x202B), // RIGHT-TO-LEFT EMBEDDING
1737
array(0x202C, 0x202C), // POP DIRECTIONAL FORMATTING
1738
array(0x202D, 0x202D), // LEFT-TO-RIGHT OVERRIDE
1739
array(0x202E, 0x202E), // RIGHT-TO-LEFT OVERRIDE
1740
array(0x206A, 0x206A), // INHIBIT SYMMETRIC SWAPPING
1741
array(0x206B, 0x206B), // ACTIVATE SYMMETRIC SWAPPING
1742
array(0x206C, 0x206C), // INHIBIT ARABIC FORM SHAPING
1743
array(0x206D, 0x206D), // ACTIVATE ARABIC FORM SHAPING
1744
array(0x206E, 0x206E), // NATIONAL DIGIT SHAPES
1745
array(0x206F, 0x206F), // NOMINAL DIGIT SHAPES
1747
array(0xE0001, 0xE0001), // LANGUAGE TAG
1748
array(0xE0020, 0xE007F), // [TAGGING CHARACTERS]
1750
array(0x22, 0x22), // "
1751
array(0x26, 0x26), // &
1752
array(0x27, 0x27), // '
1753
array(0x2F, 0x2F), // /
1754
array(0x3A, 0x3A), // :
1755
array(0x3C, 0x3C), // <
1756
array(0x3E, 0x3E), // >
1757
array(0x40, 0x40) // @
1763
while ($pos < strlen($username))
1766
for ($i = 0; $i <= 5; $i++)
1768
if (ord($username[$pos]) >= $boundary[$i][0] && ord($username[$pos]) <= $boundary[$i][1])
1771
$uni = (ord($username[$pos]) - $boundary[$i][0]) * pow(2, $i * 6);
1773
for ($k = 1; $k < $len; $k++)
1775
$uni += (ord($username[$pos + $k]) - 128) * pow(2, ($i - $k) * 6);
1784
return 'WRONG_DATA';
1787
foreach ($prohibited as $pval)
1789
if ($uni >= $pval[0] && $uni <= $pval[1])
1801
return 'WRONG_DATA';
1810
function avatar_delete($mode, $row, $clean_db = false)
1812
global $phpbb_root_path, $config, $db, $user;
1814
// Check if the users avatar is actually *not* a group avatar
1815
if ($mode == 'user')
1817
if (strpos($row['user_avatar'], 'g') === 0 || (((int)$row['user_avatar'] !== 0) && ((int)$row['user_avatar'] !== (int)$row['user_id'])))
1825
avatar_remove_db($row[$mode . '_avatar']);
1827
$filename = get_avatar_filename($row[$mode . '_avatar']);
1828
if (file_exists($phpbb_root_path . $config['avatar_path'] . '/' . $filename))
1830
@unlink($phpbb_root_path . $config['avatar_path'] . '/' . $filename);
1838
* Remote avatar linkage
1840
function avatar_remote($data, &$error)
1842
global $config, $db, $user, $phpbb_root_path, $phpEx;
1844
if (!preg_match('#^(http|https|ftp)://#i', $data['remotelink']))
1846
$data['remotelink'] = 'http://' . $data['remotelink'];
1848
if (!preg_match('#^(http|https|ftp)://(?:(.*?\.)*?[a-z0-9\-]+?\.[a-z]{2,4}|(?:\d{1,3}\.){3,5}\d{1,3}):?([0-9]*?).*?\.(gif|jpg|jpeg|png)$#i', $data['remotelink']))
1850
$error[] = $user->lang['AVATAR_URL_INVALID'];
1854
// Make sure getimagesize works...
1855
if (($image_data = @getimagesize($data['remotelink'])) === false && (empty($data['width']) || empty($data['height'])))
1857
$error[] = $user->lang['UNABLE_GET_IMAGE_SIZE'];
1861
if (!empty($image_data) && ($image_data[0] < 2 || $image_data[1] < 2))
1863
$error[] = $user->lang['AVATAR_NO_SIZE'];
1867
$width = ($data['width'] && $data['height']) ? $data['width'] : $image_data[0];
1868
$height = ($data['width'] && $data['height']) ? $data['height'] : $image_data[1];
1870
if ($width < 2 || $height < 2)
1872
$error[] = $user->lang['AVATAR_NO_SIZE'];
1877
include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);
1878
$types = fileupload::image_types();
1879
$extension = strtolower(filespec::get_extension($data['remotelink']));
1881
if (!empty($image_data) && (!isset($types[$image_data[2]]) || !in_array($extension, $types[$image_data[2]])))
1883
if (!isset($types[$image_data[2]]))
1885
$error[] = $user->lang['UNABLE_GET_IMAGE_SIZE'];
1889
$error[] = sprintf($user->lang['IMAGE_FILETYPE_MISMATCH'], $types[$image_data[2]][0], $extension);
1894
if ($config['avatar_max_width'] || $config['avatar_max_height'])
1896
if ($width > $config['avatar_max_width'] || $height > $config['avatar_max_height'])
1898
$error[] = sprintf($user->lang['AVATAR_WRONG_SIZE'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], $width, $height);
1903
if ($config['avatar_min_width'] || $config['avatar_min_height'])
1905
if ($width < $config['avatar_min_width'] || $height < $config['avatar_min_height'])
1907
$error[] = sprintf($user->lang['AVATAR_WRONG_SIZE'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], $width, $height);
1912
return array(AVATAR_REMOTE, $data['remotelink'], $width, $height);
1916
* Avatar upload using the upload class
1918
function avatar_upload($data, &$error)
1920
global $phpbb_root_path, $config, $db, $user, $phpEx;
1922
// Init upload class
1923
include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);
1924
$upload = new fileupload('AVATAR_', array('jpg', 'jpeg', 'gif', 'png'), $config['avatar_filesize'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height']);
1926
if (!empty($_FILES['uploadfile']['name']))
1928
$file = $upload->form_upload('uploadfile');
1932
$file = $upload->remote_upload($data['uploadurl']);
1935
$prefix = $config['avatar_salt'] . '_';
1936
$file->clean_filename('avatar', $prefix, $data['user_id']);
1938
$destination = $config['avatar_path'];
1940
// Adjust destination path (no trailing slash)
1941
if (substr($destination, -1, 1) == '/' || substr($destination, -1, 1) == '\\')
1943
$destination = substr($destination, 0, -1);
1946
$destination = str_replace(array('../', '..\\', './', '.\\'), '', $destination);
1947
if ($destination && ($destination[0] == '/' || $destination[0] == "\\"))
1952
// Move file and overwrite any existing image
1953
$file->move_file($destination, true);
1955
if (sizeof($file->error))
1958
$error = array_merge($error, $file->error);
1961
return array(AVATAR_UPLOAD, $data['user_id'] . '_' . time() . '.' . $file->get('extension'), $file->get('width'), $file->get('height'));
1965
* Generates avatar filename from the database entry
1967
function get_avatar_filename($avatar_entry)
1972
if ($avatar_entry[0] === 'g')
1974
$avatar_group = true;
1975
$avatar_entry = substr($avatar_entry, 1);
1979
$avatar_group = false;
1981
$ext = substr(strrchr($avatar_entry, '.'), 1);
1982
$avatar_entry = intval($avatar_entry);
1983
return $config['avatar_salt'] . '_' . (($avatar_group) ? 'g' : '') . $avatar_entry . '.' . $ext;
1989
function avatar_gallery($category, $avatar_select, $items_per_column, $block_var = 'avatar_row')
1991
global $user, $cache, $template;
1992
global $config, $phpbb_root_path;
1994
$avatar_list = array();
1996
$path = $phpbb_root_path . $config['avatar_gallery_path'];
1998
if (!file_exists($path) || !is_dir($path))
2000
$avatar_list = array($user->lang['NO_AVATAR_CATEGORY'] => array());
2005
$dp = @opendir($path);
2009
return array($user->lang['NO_AVATAR_CATEGORY'] => array());
2012
while (($file = readdir($dp)) !== false)
2014
if ($file[0] != '.' && preg_match('#^[^&"\'<>]+$#i', $file) && is_dir("$path/$file"))
2016
$avatar_row_count = $avatar_col_count = 0;
2018
if ($dp2 = @opendir("$path/$file"))
2020
while (($sub_file = readdir($dp2)) !== false)
2022
if (preg_match('#^[^&\'"<>]+\.(?:gif|png|jpe?g)$#i', $sub_file))
2024
$avatar_list[$file][$avatar_row_count][$avatar_col_count] = array(
2025
'file' => "$file/$sub_file",
2026
'filename' => $sub_file,
2027
'name' => ucfirst(str_replace('_', ' ', preg_replace('#^(.*)\..*$#', '\1', $sub_file))),
2029
$avatar_col_count++;
2030
if ($avatar_col_count == $items_per_column)
2032
$avatar_row_count++;
2033
$avatar_col_count = 0;
2044
if (!sizeof($avatar_list))
2046
$avatar_list = array($user->lang['NO_AVATAR_CATEGORY'] => array());
2049
@ksort($avatar_list);
2051
$category = (!$category) ? key($avatar_list) : $category;
2052
$avatar_categories = array_keys($avatar_list);
2054
$s_category_options = '';
2055
foreach ($avatar_categories as $cat)
2057
$s_category_options .= '<option value="' . $cat . '"' . (($cat == $category) ? ' selected="selected"' : '') . '>' . $cat . '</option>';
2060
$template->assign_vars(array(
2061
'S_AVATARS_ENABLED' => true,
2062
'S_IN_AVATAR_GALLERY' => true,
2063
'S_CAT_OPTIONS' => $s_category_options)
2066
$avatar_list = (isset($avatar_list[$category])) ? $avatar_list[$category] : array();
2068
foreach ($avatar_list as $avatar_row_ary)
2070
$template->assign_block_vars($block_var, array());
2072
foreach ($avatar_row_ary as $avatar_col_ary)
2074
$template->assign_block_vars($block_var . '.avatar_column', array(
2075
'AVATAR_IMAGE' => $phpbb_root_path . $config['avatar_gallery_path'] . '/' . $avatar_col_ary['file'],
2076
'AVATAR_NAME' => $avatar_col_ary['name'],
2077
'AVATAR_FILE' => $avatar_col_ary['filename'])
2080
$template->assign_block_vars($block_var . '.avatar_option_column', array(
2081
'AVATAR_IMAGE' => $phpbb_root_path . $config['avatar_gallery_path'] . '/' . $avatar_col_ary['file'],
2082
'S_OPTIONS_AVATAR' => $avatar_col_ary['filename'])
2087
return $avatar_list;
2092
* Tries to (re-)establish avatar dimensions
2094
function avatar_get_dimensions($avatar, $avatar_type, &$error, $current_x = 0, $current_y = 0)
2096
global $config, $phpbb_root_path, $user;
2098
switch ($avatar_type)
2100
case AVATAR_REMOTE :
2103
case AVATAR_UPLOAD :
2104
$avatar = $phpbb_root_path . $config['avatar_path'] . '/' . get_avatar_filename($avatar);
2107
case AVATAR_GALLERY :
2108
$avatar = $phpbb_root_path . $config['avatar_gallery_path'] . '/' . $avatar ;
2112
// Make sure getimagesize works...
2113
if (($image_data = @getimagesize($avatar)) === false)
2115
$error[] = $user->lang['UNABLE_GET_IMAGE_SIZE'];
2119
if ($image_data[0] < 2 || $image_data[1] < 2)
2121
$error[] = $user->lang['AVATAR_NO_SIZE'];
2125
// try to maintain ratio
2126
if (!(empty($current_x) && empty($current_y)))
2128
if ($current_x != 0)
2130
$image_data[1] = (int) floor(($current_x / $image_data[0]) * $image_data[1]);
2131
$image_data[1] = min($config['avatar_max_height'], $image_data[1]);
2132
$image_data[1] = max($config['avatar_min_height'], $image_data[1]);
2134
if ($current_y != 0)
2136
$image_data[0] = (int) floor(($current_y / $image_data[1]) * $image_data[0]);
2137
$image_data[0] = min($config['avatar_max_width'], $image_data[1]);
2138
$image_data[0] = max($config['avatar_min_width'], $image_data[1]);
2141
return array($image_data[0], $image_data[1]);
2145
* Uploading/Changing user avatar
2147
function avatar_process_user(&$error, $custom_userdata = false)
2149
global $config, $phpbb_root_path, $auth, $user, $db;
2152
'uploadurl' => request_var('uploadurl', ''),
2153
'remotelink' => request_var('remotelink', ''),
2154
'width' => request_var('width', 0),
2155
'height' => request_var('height', 0),
2158
$error = validate_data($data, array(
2159
'uploadurl' => array('string', true, 5, 255),
2160
'remotelink' => array('string', true, 5, 255),
2161
'width' => array('string', true, 1, 3),
2162
'height' => array('string', true, 1, 3),
2172
if ($custom_userdata === false)
2174
$userdata = &$user->data;
2178
$userdata = &$custom_userdata;
2181
$data['user_id'] = $userdata['user_id'];
2182
$change_avatar = ($custom_userdata === false) ? $auth->acl_get('u_chgavatar') : true;
2183
$avatar_select = basename(request_var('avatar_select', ''));
2186
$can_upload = ($config['allow_avatar_upload'] && file_exists($phpbb_root_path . $config['avatar_path']) && @is_writable($phpbb_root_path . $config['avatar_path']) && $change_avatar && (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on')) ? true : false;
2188
if ((!empty($_FILES['uploadfile']['name']) || $data['uploadurl']) && $can_upload)
2190
list($sql_ary['user_avatar_type'], $sql_ary['user_avatar'], $sql_ary['user_avatar_width'], $sql_ary['user_avatar_height']) = avatar_upload($data, $error);
2192
else if ($data['remotelink'] && $change_avatar && $config['allow_avatar_remote'])
2194
list($sql_ary['user_avatar_type'], $sql_ary['user_avatar'], $sql_ary['user_avatar_width'], $sql_ary['user_avatar_height']) = avatar_remote($data, $error);
2196
else if ($avatar_select && $change_avatar && $config['allow_avatar_local'])
2198
$category = basename(request_var('category', ''));
2200
$sql_ary['user_avatar_type'] = AVATAR_GALLERY;
2201
$sql_ary['user_avatar'] = $avatar_select;
2203
// check avatar gallery
2204
if (!is_dir($phpbb_root_path . $config['avatar_gallery_path'] . '/' . $category))
2206
$sql_ary['user_avatar'] = '';
2207
$sql_ary['user_avatar_type'] = $sql_ary['user_avatar_width'] = $sql_ary['user_avatar_height'] = 0;
2211
list($sql_ary['user_avatar_width'], $sql_ary['user_avatar_height']) = getimagesize($phpbb_root_path . $config['avatar_gallery_path'] . '/' . $category . '/' . $sql_ary['user_avatar']);
2212
$sql_ary['user_avatar'] = $category . '/' . $sql_ary['user_avatar'];
2215
else if (isset($_POST['delete']) && $change_avatar)
2217
$sql_ary['user_avatar'] = '';
2218
$sql_ary['user_avatar_type'] = $sql_ary['user_avatar_width'] = $sql_ary['user_avatar_height'] = 0;
2220
else if (!empty($userdata['user_avatar']))
2222
// Only update the dimensions
2224
if (empty($data['width']) || empty($data['height']))
2226
if ($dims = avatar_get_dimensions($userdata['user_avatar'], $userdata['user_avatar_type'], $error, $data['width'], $data['height']))
2228
list($guessed_x, $guessed_y) = $dims;
2229
if (empty($data['width']))
2231
$data['width'] = $guessed_x;
2233
if (empty($data['height']))
2235
$data['height'] = $guessed_y;
2239
if (($config['avatar_max_width'] || $config['avatar_max_height']) &&
2240
(($data['width'] != $userdata['user_avatar_width']) || $data['height'] != $userdata['user_avatar_height']))
2242
if ($data['width'] > $config['avatar_max_width'] || $data['height'] > $config['avatar_max_height'])
2244
$error[] = sprintf($user->lang['AVATAR_WRONG_SIZE'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], $data['width'], $data['height']);
2248
if (!sizeof($error))
2250
if ($config['avatar_min_width'] || $config['avatar_min_height'])
2252
if ($data['width'] < $config['avatar_min_width'] || $data['height'] < $config['avatar_min_height'])
2254
$error[] = sprintf($user->lang['AVATAR_WRONG_SIZE'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], $data['width'], $data['height']);
2259
if (!sizeof($error))
2261
$sql_ary['user_avatar_width'] = $data['width'];
2262
$sql_ary['user_avatar_height'] = $data['height'];
2266
if (!sizeof($error))
2268
// Do we actually have any data to update?
2269
if (sizeof($sql_ary))
2271
$sql = 'UPDATE ' . USERS_TABLE . '
2272
SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
2273
WHERE user_id = ' . (($custom_userdata === false) ? $user->data['user_id'] : $custom_userdata['user_id']);
2274
$db->sql_query($sql);
2276
if (isset($sql_ary['user_avatar']))
2278
$userdata = ($custom_userdata === false) ? $user->data : $custom_userdata;
2280
// Delete old avatar if present
2281
if ((!empty($userdata['user_avatar']) && empty($sql_ary['user_avatar']) && $userdata['user_avatar_type'] == AVATAR_UPLOAD)
2282
|| ( !empty($userdata['user_avatar']) && !empty($sql_ary['user_avatar']) && $userdata['user_avatar_type'] == AVATAR_UPLOAD && $sql_ary['user_avatar_type'] != AVATAR_UPLOAD))
2284
avatar_delete('user', $userdata);
2290
return (sizeof($error)) ? false : true;
2294
// Usergroup functions
2298
* Add or edit a group. If we're editing a group we only update user
2299
* parameters such as rank, etc. if they are changed
2301
function group_create(&$group_id, $type, $name, $desc, $group_attributes, $allow_desc_bbcode = false, $allow_desc_urls = false, $allow_desc_smilies = false)
2303
global $phpbb_root_path, $config, $db, $user, $file_upload;
2306
$attribute_ary = array(
2307
'group_colour' => 'string',
2308
'group_rank' => 'int',
2309
'group_avatar' => 'string',
2310
'group_avatar_type' => 'int',
2311
'group_avatar_width' => 'int',
2312
'group_avatar_height' => 'int',
2314
'group_receive_pm' => 'int',
2315
'group_legend' => 'int',
2316
'group_message_limit' => 'int',
2318
'group_founder_manage' => 'int',
2321
// Those are group-only attributes
2322
$group_only_ary = array('group_receive_pm', 'group_legend', 'group_message_limit', 'group_founder_manage');
2324
// Check data. Limit group name length.
2325
if (!utf8_strlen($name) || utf8_strlen($name) > 60)
2327
$error[] = (!utf8_strlen($name)) ? $user->lang['GROUP_ERR_USERNAME'] : $user->lang['GROUP_ERR_USER_LONG'];
2330
$err = group_validate_groupname($group_id, $name);
2333
$error[] = $user->lang[$err];
2336
if (!in_array($type, array(GROUP_OPEN, GROUP_CLOSED, GROUP_HIDDEN, GROUP_SPECIAL, GROUP_FREE)))
2338
$error[] = $user->lang['GROUP_ERR_TYPE'];
2341
if (!sizeof($error))
2343
$user_ary = array();
2345
'group_name' => (string) $name,
2346
'group_desc' => (string) $desc,
2347
'group_desc_uid' => '',
2348
'group_desc_bitfield' => '',
2349
'group_type' => (int) $type,
2352
// Parse description
2355
generate_text_for_storage($sql_ary['group_desc'], $sql_ary['group_desc_uid'], $sql_ary['group_desc_bitfield'], $sql_ary['group_desc_options'], $allow_desc_bbcode, $allow_desc_urls, $allow_desc_smilies);
2358
if (sizeof($group_attributes))
2360
foreach ($attribute_ary as $attribute => $_type)
2362
if (isset($group_attributes[$attribute]))
2364
settype($group_attributes[$attribute], $_type);
2365
$sql_ary[$attribute] = $group_attributes[$attribute];
2370
// Setting the log message before we set the group id (if group gets added)
2371
$log = ($group_id) ? 'LOG_GROUP_UPDATED' : 'LOG_GROUP_CREATED';
2377
$sql = 'SELECT user_id
2378
FROM ' . USERS_TABLE . '
2379
WHERE group_id = ' . $group_id;
2380
$result = $db->sql_query($sql);
2382
while ($row = $db->sql_fetchrow($result))
2384
$user_ary[] = $row['user_id'];
2386
$db->sql_freeresult($result);
2388
if (isset($sql_ary['group_avatar']) && !$sql_ary['group_avatar'])
2390
remove_default_avatar($group_id, $user_ary);
2392
if (isset($sql_ary['group_rank']) && !$sql_ary['group_rank'])
2394
remove_default_rank($group_id, $user_ary);
2397
$sql = 'UPDATE ' . GROUPS_TABLE . '
2398
SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
2399
WHERE group_id = $group_id";
2400
$db->sql_query($sql);
2402
// Since we may update the name too, we need to do this on other tables too...
2403
$sql = 'UPDATE ' . MODERATOR_CACHE_TABLE . "
2404
SET group_name = '" . $db->sql_escape($sql_ary['group_name']) . "'
2405
WHERE group_id = $group_id";
2406
$db->sql_query($sql);
2410
$sql = 'INSERT INTO ' . GROUPS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
2411
$db->sql_query($sql);
2416
$group_id = $db->sql_nextid();
2417
if (isset($sql_ary['group_avatar_type']) && $sql_ary['group_avatar_type'] == AVATAR_UPLOAD)
2419
group_correct_avatar($group_id, $sql_ary['group_avatar']);
2423
// Set user attributes
2425
if (sizeof($group_attributes))
2427
foreach ($attribute_ary as $attribute => $_type)
2429
if (isset($group_attributes[$attribute]) && !in_array($attribute, $group_only_ary))
2431
// If we are about to set an avatar, we will not overwrite user avatars if no group avatar is set...
2432
if (strpos($attribute, 'group_avatar') === 0 && !$group_attributes[$attribute])
2437
$sql_ary[$attribute] = $group_attributes[$attribute];
2442
if (sizeof($sql_ary) && sizeof($user_ary))
2444
group_set_user_default($group_id, $user_ary, $sql_ary);
2447
$name = ($type == GROUP_SPECIAL) ? $user->lang['G_' . $name] : $name;
2448
add_log('admin', $log, $name);
2450
group_update_listings($group_id);
2453
return (sizeof($error)) ? $error : false;
2458
* Changes a group avatar's filename to conform to the naming scheme
2460
function group_correct_avatar($group_id, $old_entry)
2462
global $config, $db, $phpbb_root_path;
2464
$group_id = (int)$group_id;
2465
$ext = substr(strrchr($old_entry, '.'), 1);
2466
$old_filename = get_avatar_filename($old_entry);
2467
$new_filename = $config['avatar_salt'] . "_g$group_id.$ext";
2468
$new_entry = 'g' . $group_id . '_' . substr(time(), -5) . ".$ext";
2470
$avatar_path = $phpbb_root_path . $config['avatar_path'];
2471
if (@rename($avatar_path . '/'. $old_filename, $avatar_path . '/' . $new_filename))
2473
$sql = 'UPDATE ' . GROUPS_TABLE . '
2474
SET group_avatar = \'' . $db->sql_escape($new_entry) . "'
2475
WHERE group_id = $group_id";
2476
$db->sql_query($sql);
2482
* Remove avatar also for users not having the group as default
2484
function avatar_remove_db($avatar_name)
2486
global $config, $db;
2488
$sql = 'UPDATE ' . USERS_TABLE . "
2489
SET user_avatar = '',
2490
user_avatar_type = 0
2491
WHERE user_avatar = '" . $db->sql_escape($avatar_name) . '\'';
2492
$db->sql_query($sql);
2499
function group_delete($group_id, $group_name = false)
2501
global $db, $phpbb_root_path, $phpEx;
2505
$group_name = get_group_name($group_id);
2512
$user_id_ary = $username_ary = array();
2514
// Batch query for group members, call group_user_del
2515
$sql = 'SELECT u.user_id, u.username
2516
FROM ' . USER_GROUP_TABLE . ' ug, ' . USERS_TABLE . " u
2517
WHERE ug.group_id = $group_id
2518
AND u.user_id = ug.user_id";
2519
$result = $db->sql_query_limit($sql, 200, $start);
2521
if ($row = $db->sql_fetchrow($result))
2525
$user_id_ary[] = $row['user_id'];
2526
$username_ary[] = $row['username'];
2530
while ($row = $db->sql_fetchrow($result));
2532
group_user_del($group_id, $user_id_ary, $username_ary, $group_name);
2538
$db->sql_freeresult($result);
2543
$sql = 'DELETE FROM ' . GROUPS_TABLE . "
2544
WHERE group_id = $group_id";
2545
$db->sql_query($sql);
2547
// Delete auth entries from the groups table
2548
$sql = 'DELETE FROM ' . ACL_GROUPS_TABLE . "
2549
WHERE group_id = $group_id";
2550
$db->sql_query($sql);
2552
// Re-cache moderators
2553
if (!function_exists('cache_moderators'))
2555
include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
2560
add_log('admin', 'LOG_GROUP_DELETE', $group_name);
2562
// Return false - no error
2567
* Add user(s) to group
2569
* @return mixed false if no errors occurred, else the user lang string for the relevant error, for example 'NO_USER'
2571
function group_user_add($group_id, $user_id_ary = false, $username_ary = false, $group_name = false, $default = false, $leader = 0, $pending = 0, $group_attributes = false)
2575
// We need both username and user_id info
2576
$result = user_get_id_name($user_id_ary, $username_ary);
2578
if (!sizeof($user_id_ary) || $result !== false)
2583
// Remove users who are already members of this group
2584
$sql = 'SELECT user_id, group_leader
2585
FROM ' . USER_GROUP_TABLE . '
2586
WHERE ' . $db->sql_in_set('user_id', $user_id_ary) . "
2587
AND group_id = $group_id";
2588
$result = $db->sql_query($sql);
2590
$add_id_ary = $update_id_ary = array();
2591
while ($row = $db->sql_fetchrow($result))
2593
$add_id_ary[] = (int) $row['user_id'];
2595
if ($leader && !$row['group_leader'])
2597
$update_id_ary[] = (int) $row['user_id'];
2600
$db->sql_freeresult($result);
2602
// Do all the users exist in this group?
2603
$add_id_ary = array_diff($user_id_ary, $add_id_ary);
2605
// If we have no users
2606
if (!sizeof($add_id_ary) && !sizeof($update_id_ary))
2608
return 'GROUP_USERS_EXIST';
2611
$db->sql_transaction('begin');
2613
// Insert the new users
2614
if (sizeof($add_id_ary))
2618
foreach ($add_id_ary as $user_id)
2621
'user_id' => (int) $user_id,
2622
'group_id' => (int) $group_id,
2623
'group_leader' => (int) $leader,
2624
'user_pending' => (int) $pending,
2628
$db->sql_multi_insert(USER_GROUP_TABLE, $sql_ary);
2631
if (sizeof($update_id_ary))
2633
$sql = 'UPDATE ' . USER_GROUP_TABLE . '
2634
SET group_leader = 1
2635
WHERE ' . $db->sql_in_set('user_id', $update_id_ary) . "
2636
AND group_id = $group_id";
2637
$db->sql_query($sql);
2642
group_set_user_default($group_id, $user_id_ary, $group_attributes);
2645
$db->sql_transaction('commit');
2647
// Clear permissions cache of relevant users
2648
$auth->acl_clear_prefetch($user_id_ary);
2652
$group_name = get_group_name($group_id);
2655
$log = ($leader) ? 'LOG_MODS_ADDED' : 'LOG_USERS_ADDED';
2657
add_log('admin', $log, $group_name, implode(', ', $username_ary));
2659
group_update_listings($group_id);
2661
// Return false - no error
2666
* Remove a user/s from a given group. When we remove users we update their
2667
* default group_id. We do this by examining which "special" groups they belong
2668
* to. The selection is made based on a reasonable priority system
2670
* @return false if no errors occurred, else the user lang string for the relevant error, for example 'NO_USER'
2672
function group_user_del($group_id, $user_id_ary = false, $username_ary = false, $group_name = false)
2676
$group_order = array('ADMINISTRATORS', 'GLOBAL_MODERATORS', 'REGISTERED_COPPA', 'REGISTERED', 'BOTS', 'GUESTS');
2678
// We need both username and user_id info
2679
$result = user_get_id_name($user_id_ary, $username_ary);
2681
if (!sizeof($user_id_ary) || $result !== false)
2687
FROM ' . GROUPS_TABLE . '
2688
WHERE ' . $db->sql_in_set('group_name', $group_order);
2689
$result = $db->sql_query($sql);
2691
$group_order_id = $special_group_data = array();
2692
while ($row = $db->sql_fetchrow($result))
2694
$group_order_id[$row['group_name']] = $row['group_id'];
2696
$special_group_data[$row['group_id']] = array(
2697
'group_colour' => $row['group_colour'],
2698
'group_rank' => $row['group_rank'],
2701
// Only set the group avatar if one is defined...
2702
if ($row['group_avatar'])
2704
$special_group_data[$row['group_id']] = array_merge($special_group_data[$row['group_id']], array(
2705
'group_avatar' => $row['group_avatar'],
2706
'group_avatar_type' => $row['group_avatar_type'],
2707
'group_avatar_width' => $row['group_avatar_width'],
2708
'group_avatar_height' => $row['group_avatar_height'])
2712
$db->sql_freeresult($result);
2714
// Get users default groups - we only need to reset default group membership if the group from which the user gets removed is set as default
2715
$sql = 'SELECT user_id, group_id
2716
FROM ' . USERS_TABLE . '
2717
WHERE ' . $db->sql_in_set('user_id', $user_id_ary);
2718
$result = $db->sql_query($sql);
2720
$default_groups = array();
2721
while ($row = $db->sql_fetchrow($result))
2723
$default_groups[$row['user_id']] = $row['group_id'];
2725
$db->sql_freeresult($result);
2727
// What special group memberships exist for these users?
2728
$sql = 'SELECT g.group_id, g.group_name, ug.user_id
2729
FROM ' . USER_GROUP_TABLE . ' ug, ' . GROUPS_TABLE . ' g
2730
WHERE ' . $db->sql_in_set('ug.user_id', $user_id_ary) . "
2731
AND g.group_id = ug.group_id
2732
AND g.group_id <> $group_id
2733
AND g.group_type = " . GROUP_SPECIAL . '
2734
ORDER BY ug.user_id, g.group_id';
2735
$result = $db->sql_query($sql);
2737
$temp_ary = array();
2738
while ($row = $db->sql_fetchrow($result))
2740
if ($default_groups[$row['user_id']] == $group_id && (!isset($temp_ary[$row['user_id']]) || array_search($row['group_name'], $group_order) < $temp_ary[$row['user_id']]))
2742
$temp_ary[$row['user_id']] = $row['group_id'];
2745
$db->sql_freeresult($result);
2747
$sql_where_ary = array();
2748
foreach ($temp_ary as $uid => $gid)
2750
$sql_where_ary[$gid][] = $uid;
2754
foreach ($special_group_data as $gid => $default_data_ary)
2756
if (isset($sql_where_ary[$gid]) && sizeof($sql_where_ary[$gid]))
2758
remove_default_rank($group_id, $sql_where_ary[$gid]);
2759
remove_default_avatar($group_id, $sql_where_ary[$gid]);
2760
group_set_user_default($gid, $sql_where_ary[$gid], $default_data_ary);
2763
unset($special_group_data);
2765
$sql = 'DELETE FROM ' . USER_GROUP_TABLE . "
2766
WHERE group_id = $group_id
2767
AND " . $db->sql_in_set('user_id', $user_id_ary);
2768
$db->sql_query($sql);
2770
// Clear permissions cache of relevant users
2771
$auth->acl_clear_prefetch($user_id_ary);
2775
$group_name = get_group_name($group_id);
2778
$log = 'LOG_GROUP_REMOVE';
2780
add_log('admin', $log, $group_name, implode(', ', $username_ary));
2782
group_update_listings($group_id);
2784
// Return false - no error
2790
* Removes the group avatar of the default group from the users in user_ids who have that group as default.
2792
function remove_default_avatar($group_id, $user_ids)
2796
if (!is_array($user_ids))
2798
$user_ids = array($user_ids);
2800
if (empty($user_ids))
2805
$user_ids = array_map('intval', $user_ids);
2808
FROM ' . GROUPS_TABLE . '
2809
WHERE group_id = ' . (int)$group_id;
2810
$result = $db->sql_query($sql);
2811
if (!$row = $db->sql_fetchrow($result))
2813
$db->sql_freeresult($result);
2816
$db->sql_freeresult($result);
2818
$sql = 'UPDATE ' . USERS_TABLE . "
2819
SET user_avatar = '',
2820
user_avatar_type = 0,
2821
user_avatar_width = 0,
2822
user_avatar_height = 0
2823
WHERE group_id = " . (int) $group_id . "
2824
AND user_avatar = '" . $db->sql_escape($row['group_avatar']) . "'
2825
AND " . $db->sql_in_set('user_id', $user_ids);
2827
$db->sql_query($sql);
2831
* Removes the group rank of the default group from the users in user_ids who have that group as default.
2833
function remove_default_rank($group_id, $user_ids)
2837
if (!is_array($user_ids))
2839
$user_ids = array($user_ids);
2841
if (empty($user_ids))
2846
$user_ids = array_map('intval', $user_ids);
2849
FROM ' . GROUPS_TABLE . '
2850
WHERE group_id = ' . (int)$group_id;
2851
$result = $db->sql_query($sql);
2852
if (!$row = $db->sql_fetchrow($result))
2854
$db->sql_freeresult($result);
2857
$db->sql_freeresult($result);
2859
$sql = 'UPDATE ' . USERS_TABLE . '
2861
WHERE group_id = ' . (int)$group_id . '
2863
AND user_rank = ' . (int)$row['group_rank'] . '
2864
AND ' . $db->sql_in_set('user_id', $user_ids);
2865
$db->sql_query($sql);
2869
* This is used to promote (to leader), demote or set as default a member/s
2871
function group_user_attributes($action, $group_id, $user_id_ary = false, $username_ary = false, $group_name = false, $group_attributes = false)
2873
global $db, $auth, $phpbb_root_path, $phpEx, $config;
2875
// We need both username and user_id info
2876
$result = user_get_id_name($user_id_ary, $username_ary);
2878
if (!sizeof($user_id_ary) || $result !== false)
2885
$group_name = get_group_name($group_id);
2892
$sql = 'UPDATE ' . USER_GROUP_TABLE . '
2893
SET group_leader = ' . (($action == 'promote') ? 1 : 0) . "
2894
WHERE group_id = $group_id
2895
AND " . $db->sql_in_set('user_id', $user_id_ary);
2896
$db->sql_query($sql);
2898
$log = ($action == 'promote') ? 'LOG_GROUP_PROMOTED' : 'LOG_GROUP_DEMOTED';
2902
// Make sure we only approve those which are pending ;)
2903
$sql = 'SELECT u.user_id, u.user_email, u.username, u.username_clean, u.user_notify_type, u.user_jabber, u.user_lang
2904
FROM ' . USERS_TABLE . ' u, ' . USER_GROUP_TABLE . ' ug
2905
WHERE ug.group_id = ' . $group_id . '
2906
AND ug.user_pending = 1
2907
AND ug.user_id = u.user_id
2908
AND ' . $db->sql_in_set('ug.user_id', $user_id_ary);
2909
$result = $db->sql_query($sql);
2911
$user_id_ary = $email_users = array();
2912
while ($row = $db->sql_fetchrow($result))
2914
$user_id_ary[] = $row['user_id'];
2915
$email_users[] = $row;
2917
$db->sql_freeresult($result);
2919
if (!sizeof($user_id_ary))
2924
$sql = 'UPDATE ' . USER_GROUP_TABLE . "
2925
SET user_pending = 0
2926
WHERE group_id = $group_id
2927
AND " . $db->sql_in_set('user_id', $user_id_ary);
2928
$db->sql_query($sql);
2930
// Send approved email to users...
2931
include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
2932
$messenger = new messenger();
2934
foreach ($email_users as $row)
2936
$messenger->template('group_approved', $row['user_lang']);
2938
$messenger->to($row['user_email'], $row['username']);
2939
$messenger->im($row['user_jabber'], $row['username']);
2941
$messenger->assign_vars(array(
2942
'USERNAME' => htmlspecialchars_decode($row['username']),
2943
'GROUP_NAME' => htmlspecialchars_decode($group_name),
2944
'U_GROUP' => generate_board_url() . "/ucp.$phpEx?i=groups&mode=membership")
2947
$messenger->send($row['user_notify_type']);
2950
$messenger->save_queue();
2952
$log = 'LOG_USERS_APPROVED';
2956
$sql = 'SELECT user_id, group_id FROM ' . USERS_TABLE . '
2957
WHERE ' . $db->sql_in_set('user_id', $user_id_ary, false, true);
2958
$result = $db->sql_query($sql);
2961
while ($row = $db->sql_fetchrow($result))
2963
if (!isset($groups[$row['group_id']]))
2965
$groups[$row['group_id']] = array();
2967
$groups[$row['group_id']][] = $row['user_id'];
2969
$db->sql_freeresult($result);
2971
foreach ($groups as $gid => $uids)
2973
remove_default_rank($gid, $uids);
2974
remove_default_avatar($gid, $uids);
2976
group_set_user_default($group_id, $user_id_ary, $group_attributes);
2977
$log = 'LOG_GROUP_DEFAULTS';
2981
// Clear permissions cache of relevant users
2982
$auth->acl_clear_prefetch($user_id_ary);
2984
add_log('admin', $log, $group_name, implode(', ', $username_ary));
2986
group_update_listings($group_id);
2992
* A small version of validate_username to check for a group name's existence. To be called directly.
2994
function group_validate_groupname($group_id, $group_name)
2996
global $config, $db;
2998
$group_name = utf8_clean_string($group_name);
3000
if (!empty($group_id))
3002
$sql = 'SELECT group_name
3003
FROM ' . GROUPS_TABLE . '
3004
WHERE group_id = ' . (int) $group_id;
3005
$result = $db->sql_query($sql);
3006
$row = $db->sql_fetchrow($result);
3007
$db->sql_freeresult($result);
3014
$allowed_groupname = utf8_clean_string($row['group_name']);
3016
if ($allowed_groupname == $group_name)
3022
$sql = 'SELECT group_name
3023
FROM ' . GROUPS_TABLE . "
3024
WHERE LOWER(group_name) = '" . $db->sql_escape(utf8_strtolower($group_name)) . "'";
3025
$result = $db->sql_query($sql);
3026
$row = $db->sql_fetchrow($result);
3027
$db->sql_freeresult($result);
3031
return 'GROUP_NAME_TAKEN';
3038
* Set users default group
3042
function group_set_user_default($group_id, $user_id_ary, $group_attributes = false, $update_listing = false)
3046
if (empty($user_id_ary))
3051
$attribute_ary = array(
3052
'group_colour' => 'string',
3053
'group_rank' => 'int',
3054
'group_avatar' => 'string',
3055
'group_avatar_type' => 'int',
3056
'group_avatar_width' => 'int',
3057
'group_avatar_height' => 'int',
3061
'group_id' => $group_id
3064
// Were group attributes passed to the function? If not we need to obtain them
3065
if ($group_attributes === false)
3067
$sql = 'SELECT ' . implode(', ', array_keys($attribute_ary)) . '
3068
FROM ' . GROUPS_TABLE . "
3069
WHERE group_id = $group_id";
3070
$result = $db->sql_query($sql);
3071
$group_attributes = $db->sql_fetchrow($result);
3072
$db->sql_freeresult($result);
3075
foreach ($attribute_ary as $attribute => $type)
3077
if (isset($group_attributes[$attribute]))
3079
// If we are about to set an avatar or rank, we will not overwrite with empty, unless we are not actually changing the default group
3080
if ((strpos($attribute, 'group_avatar') === 0 || strpos($attribute, 'group_rank') === 0) && !$group_attributes[$attribute])
3085
settype($group_attributes[$attribute], $type);
3086
$sql_ary[str_replace('group_', 'user_', $attribute)] = $group_attributes[$attribute];
3090
// Before we update the user attributes, we will make a list of those having now the group avatar assigned
3091
if (in_array('user_avatar', array_keys($sql_ary)))
3093
// Ok, get the original avatar data from users having an uploaded one (we need to remove these from the filesystem)
3094
$sql = 'SELECT user_id, group_id, user_avatar
3095
FROM ' . USERS_TABLE . '
3096
WHERE ' . $db->sql_in_set('user_id', $user_id_ary) . '
3097
AND user_avatar_type = ' . AVATAR_UPLOAD;
3098
$result = $db->sql_query($sql);
3100
while ($row = $db->sql_fetchrow($result))
3102
avatar_delete('user', $row);
3104
$db->sql_freeresult($result);
3108
unset($sql_ary['user_avatar_type']);
3109
unset($sql_ary['user_avatar_height']);
3110
unset($sql_ary['user_avatar_width']);
3113
$sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
3114
WHERE ' . $db->sql_in_set('user_id', $user_id_ary);
3115
$db->sql_query($sql);
3117
if (in_array('user_colour', array_keys($sql_ary)))
3119
// Update any cached colour information for these users
3120
$sql = 'UPDATE ' . FORUMS_TABLE . " SET forum_last_poster_colour = '" . $db->sql_escape($sql_ary['user_colour']) . "'
3121
WHERE " . $db->sql_in_set('forum_last_poster_id', $user_id_ary);
3122
$db->sql_query($sql);
3124
$sql = 'UPDATE ' . TOPICS_TABLE . " SET topic_first_poster_colour = '" . $db->sql_escape($sql_ary['user_colour']) . "'
3125
WHERE " . $db->sql_in_set('topic_poster', $user_id_ary);
3126
$db->sql_query($sql);
3128
$sql = 'UPDATE ' . TOPICS_TABLE . " SET topic_last_poster_colour = '" . $db->sql_escape($sql_ary['user_colour']) . "'
3129
WHERE " . $db->sql_in_set('topic_last_poster_id', $user_id_ary);
3130
$db->sql_query($sql);
3134
if (in_array($config['newest_user_id'], $user_id_ary))
3136
set_config('newest_user_colour', $sql_ary['user_colour'], true);
3140
if ($update_listing)
3142
group_update_listings($group_id);
3149
function get_group_name($group_id)
3153
$sql = 'SELECT group_name, group_type
3154
FROM ' . GROUPS_TABLE . '
3155
WHERE group_id = ' . (int) $group_id;
3156
$result = $db->sql_query($sql);
3157
$row = $db->sql_fetchrow($result);
3158
$db->sql_freeresult($result);
3165
return ($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name'];
3169
* Obtain either the members of a specified group, the groups the specified user is subscribed to
3170
* or checking if a specified user is in a specified group. This function does not return pending memberships.
3172
* Note: Never use this more than once... first group your users/groups
3174
function group_memberships($group_id_ary = false, $user_id_ary = false, $return_bool = false)
3178
if (!$group_id_ary && !$user_id_ary)
3185
$user_id_ary = (!is_array($user_id_ary)) ? array($user_id_ary) : $user_id_ary;
3190
$group_id_ary = (!is_array($group_id_ary)) ? array($group_id_ary) : $group_id_ary;
3193
$sql = 'SELECT ug.*, u.username, u.username_clean, u.user_email
3194
FROM ' . USER_GROUP_TABLE . ' ug, ' . USERS_TABLE . ' u
3195
WHERE ug.user_id = u.user_id
3196
AND ug.user_pending = 0 AND ';
3200
$sql .= ' ' . $db->sql_in_set('ug.group_id', $group_id_ary);
3205
$sql .= ($group_id_ary) ? ' AND ' : ' ';
3206
$sql .= $db->sql_in_set('ug.user_id', $user_id_ary);
3209
$result = ($return_bool) ? $db->sql_query_limit($sql, 1) : $db->sql_query($sql);
3211
$row = $db->sql_fetchrow($result);
3215
$db->sql_freeresult($result);
3216
return ($row) ? true : false;
3230
while ($row = $db->sql_fetchrow($result));
3232
$db->sql_freeresult($result);
3238
* Re-cache moderators and foes if group has a_ or m_ permissions
3240
function group_update_listings($group_id)
3244
$hold_ary = $auth->acl_group_raw_data($group_id, array('a_', 'm_'));
3246
if (!sizeof($hold_ary))
3251
$mod_permissions = $admin_permissions = false;
3253
foreach ($hold_ary as $g_id => $forum_ary)
3255
foreach ($forum_ary as $forum_id => $auth_ary)
3257
foreach ($auth_ary as $auth_option => $setting)
3259
if ($mod_permissions && $admin_permissions)
3264
if ($setting != ACL_YES)
3269
if ($auth_option == 'm_')
3271
$mod_permissions = true;
3274
if ($auth_option == 'a_')
3276
$admin_permissions = true;
3282
if ($mod_permissions)
3284
if (!function_exists('cache_moderators'))
3286
global $phpbb_root_path, $phpEx;
3287
include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
3292
if ($mod_permissions || $admin_permissions)
3294
if (!function_exists('update_foes'))
3296
global $phpbb_root_path, $phpEx;
3297
include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
3299
update_foes(array($group_id));
b'\\ No newline at end of file'
added
removed
www/php/phpBB3/includes/functions_user.php
