Zeile 3 | Zeile 3 |
---|
* MyBB 1.2 * Copyright � 2006 MyBB Group, All Rights Reserved *
|
* MyBB 1.2 * Copyright � 2006 MyBB Group, All Rights Reserved *
|
* Website: http://www.mybboard.com * License: http://www.mybboard.com/eula.html
| * Website: http://www.mybboard.net * License: http://www.mybboard.net/eula.html
|
*
|
*
|
* $Id: user.php 2458 2006-11-29 07:27:32Z chris $
| * $Id: user.php 3856 2008-05-20 23:35:25Z Tikitiki $
|
*/
|
*/
|
| // Disallow direct access to this file for security reasons if(!defined("IN_MYBB")) { die("Direct initialization of this file is not allowed.<br /><br />Please make sure IN_MYBB is defined."); }
|
/** * User handling class, provides common structure to handle user data.
| /** * User handling class, provides common structure to handle user data.
|
Zeile 56 | Zeile 62 |
---|
* @param boolean True when valid, false when invalid. */ function verify_username()
|
* @param boolean True when valid, false when invalid. */ function verify_username()
|
{ global $mybb;
| { global $mybb;
|
$username = &$this->data['username']; require_once MYBB_ROOT.'inc/functions_user.php';
// Fix bad characters
|
$username = &$this->data['username']; require_once MYBB_ROOT.'inc/functions_user.php';
// Fix bad characters
|
$username = str_replace(array(chr(160), chr(173)), array(" ", "-"), $username);
| $username = trim($username); $username = str_replace(array(unicode_chr(160), unicode_chr(173), unicode_chr(0xCA), dec_to_utf8(8238), dec_to_utf8(8237)), array(" ", "-", "", "", ""), $username);
|
// Remove multiple spaces from the username $username = preg_replace("#\s{2,}#", " ", $username);
// Check if the username is not empty.
|
// Remove multiple spaces from the username $username = preg_replace("#\s{2,}#", " ", $username);
// Check if the username is not empty.
|
if(trim($username) == '')
| if($username == '')
|
{ $this->set_error('missing_username'); return false; }
// Check if the username belongs to the list of banned usernames.
|
{ $this->set_error('missing_username'); return false; }
// Check if the username belongs to the list of banned usernames.
|
$bannedusernames = get_banned_usernames(); if(in_array($username, $bannedusernames))
| if(is_banned_username($username))
|
{ $this->set_error('banned_username'); return false;
| { $this->set_error('banned_username'); return false;
|
Zeile 91 | Zeile 97 |
---|
}
// Check if the username is of the correct length.
|
}
// Check if the username is of the correct length.
|
if(($mybb->settings['maxnamelength'] != 0 && my_strlen($username) > $mybb->settings['maxnamelength']) || ($mybb->settings['minnamelength'] != 0 && my_strlen($username) < $mybb->settings['minnamelength']) && !$bannedusername && !$missingname)
| if(($mybb->settings['maxnamelength'] != 0 && my_strlen($username) > $mybb->settings['maxnamelength']) || ($mybb->settings['minnamelength'] != 0 && my_strlen($username) < $mybb->settings['minnamelength']))
|
{ $this->set_error('invalid_username_length', array($mybb->settings['minnamelength'], $mybb->settings['maxnamelength']));
|
{ $this->set_error('invalid_username_length', array($mybb->settings['minnamelength'], $mybb->settings['maxnamelength']));
|
return false; }
| return false; }
|
return true; }
| return true; }
|
Zeile 111 | Zeile 117 |
---|
$username = &$this->data['username'];
|
$username = &$this->data['username'];
|
$query = $db->simple_select(TABLE_PREFIX."users", "COUNT(uid) AS count", "LOWER(username)='".$db->escape_string(strtolower($username))."'");
| $query = $db->simple_select(TABLE_PREFIX."users", "COUNT(uid) AS count", "LOWER(username)='".$db->escape_string(strtolower(trim($username)))."' AND uid!='{$this->data['uid']}'");
|
$user_count = $db->fetch_field($query, "count"); if($user_count > 0) {
| $user_count = $db->fetch_field($query, "count"); if($user_count > 0) {
|
Zeile 144 | Zeile 150 |
---|
// See if the board has "require complex passwords" enabled. if($mybb->settings['requirecomplexpasswords'] == "yes")
|
// See if the board has "require complex passwords" enabled. if($mybb->settings['requirecomplexpasswords'] == "yes")
|
{
| {
|
// Complex passwords required, do some extra checks. // First, see if there is one or more complex character(s) in the password. if(!preg_match('#[\W]+#', $user['password']))
| // Complex passwords required, do some extra checks. // First, see if there is one or more complex character(s) in the password. if(!preg_match('#[\W]+#', $user['password']))
|
Zeile 158 | Zeile 164 |
---|
if(isset($user['password2']) && $user['password'] != $user['password2']) { $this->set_error("passwords_dont_match");
|
if(isset($user['password2']) && $user['password'] != $user['password2']) { $this->set_error("passwords_dont_match");
|
return false; }
| return false; }
|
// MD5 the password $user['md5password'] = md5($user['password']);
| // MD5 the password $user['md5password'] = md5($user['password']);
|
Zeile 204 | Zeile 210 |
---|
if(trim($user['email']) == '') { $this->set_error('missing_email');
|
if(trim($user['email']) == '') { $this->set_error('missing_email');
|
return false; }
| return false; }
|
// Check if this is a proper email address.
|
// Check if this is a proper email address.
|
if(validate_email_format($user['email']) === false) {
| if(!validate_email_format($user['email'])) {
|
$this->set_error('invalid_email_format'); return false; }
// Check banned emails
|
$this->set_error('invalid_email_format'); return false; }
// Check banned emails
|
$bannedemails = explode(" ", $mybb->settings['bannedemails']); if(is_array($bannedemails))
| if(is_banned_email($user['email']))
|
{
|
{
|
foreach($bannedemails as $bannedemail) { $bannedemail = strtolower(trim($bannedemail)); if($bannedemail != '') { if(strstr($user['email'], $bannedemail) != '') { $this->set_error('banned_email'); return false; } } }
| $this->set_error('banned_email'); return false;
|
}
// If we have an "email2", verify it matches the existing email
| }
// If we have an "email2", verify it matches the existing email
|
Zeile 250 | Zeile 245 |
---|
$website = &$this->data['website'];
if($website == '' || $website == 'http://')
|
$website = &$this->data['website'];
if($website == '' || $website == 'http://')
|
{
| {
|
$website = ''; return true;
|
$website = ''; return true;
|
}
| }
|
// Does the website start with http://? if(substr_count($website, 'http://') == 0)
| // Does the website start with http://? if(substr_count($website, 'http://') == 0)
|
Zeile 266 | Zeile 261 |
---|
return false; } }
|
return false; } }
|
|
|
return true; }
| return true; }
|
Zeile 282 | Zeile 277 |
---|
if($icq != '' && !is_numeric($icq)) { $this->set_error("invalid_icq_number");
|
if($icq != '' && !is_numeric($icq)) { $this->set_error("invalid_icq_number");
|
return false;
| return false;
|
} $icq = intval($icq); return true;
| } $icq = intval($icq); return true;
|
Zeile 406 | Zeile 401 |
---|
$field = "fid{$profilefield['fid']}";
// If the profile field is required, but not filled in, present error.
|
$field = "fid{$profilefield['fid']}";
// If the profile field is required, but not filled in, present error.
|
if(!$profile_fields[$field] && $profilefield['required'] == "yes" && !$proferror)
| if(trim($profile_fields[$field]) == "" && $profilefield['required'] == "yes" && !defined('IN_ADMINCP'))
|
{ $this->set_error('missing_required_profile_field', array($profilefield['name'])); }
| { $this->set_error('missing_required_profile_field', array($profilefield['name'])); }
|
Zeile 457 | Zeile 452 |
---|
*/ function verify_referrer() {
|
*/ function verify_referrer() {
|
global $db;
| global $db, $mybb;
|
$user = &$this->data;
| $user = &$this->data;
|
Zeile 493 | Zeile 488 |
---|
$this->verify_yesno_option($options, 'allownotices', 'yes'); $this->verify_yesno_option($options, 'hideemail', 'no'); $this->verify_yesno_option($options, 'emailnotify', 'no');
|
$this->verify_yesno_option($options, 'allownotices', 'yes'); $this->verify_yesno_option($options, 'hideemail', 'no'); $this->verify_yesno_option($options, 'emailnotify', 'no');
|
| $this->verify_yesno_option($options, 'emailpmnotify', 'no');
|
$this->verify_yesno_option($options, 'receivepms', 'yes'); $this->verify_yesno_option($options, 'pmpopup', 'yes'); $this->verify_yesno_option($options, 'pmnotify', 'yes');
| $this->verify_yesno_option($options, 'receivepms', 'yes'); $this->verify_yesno_option($options, 'pmpopup', 'yes'); $this->verify_yesno_option($options, 'pmnotify', 'yes');
|
Zeile 670 | Zeile 666 |
---|
return false; } return true;
|
return false; } return true;
|
}
| }
|
/** * Validate all user assets. *
| /** * Validate all user assets. *
|
Zeile 680 | Zeile 676 |
---|
function validate_user() { global $mybb, $plugins;
|
function validate_user() { global $mybb, $plugins;
|
|
|
$user = &$this->data;
// First, grab the old user details if this user exists if($user['uid']) { $old_user = get_user($user['uid']);
|
$user = &$this->data;
// First, grab the old user details if this user exists if($user['uid']) { $old_user = get_user($user['uid']);
|
}
| }
|
if($this->method == "insert" || array_key_exists('username', $user)) { // If the username is the same - no need to verify
| if($this->method == "insert" || array_key_exists('username', $user)) { // If the username is the same - no need to verify
|
Zeile 767 | Zeile 763 |
---|
// We are done validating, return. $this->set_validated(true);
|
// We are done validating, return. $this->set_validated(true);
|
if(count($this->get_errors()) > 0) {
| if(count($this->get_errors()) > 0) {
|
return false; } else
| return false; } else
|
Zeile 800 | Zeile 796 |
---|
"username" => $db->escape_string($user['username']), "password" => $user['saltedpw'], "salt" => $user['salt'],
|
"username" => $db->escape_string($user['username']), "password" => $user['saltedpw'], "salt" => $user['salt'],
|
"loginkey" => $user['loginkey'],
| "loginkey" => $user['loginkey'],
|
"email" => $db->escape_string($user['email']), "postnum" => intval($user['postnum']), "avatar" => $db->escape_string($user['avatar']),
| "email" => $db->escape_string($user['email']), "postnum" => intval($user['postnum']), "avatar" => $db->escape_string($user['avatar']),
|
Zeile 840 | Zeile 836 |
---|
"daysprune" => intval($user['options']['daysprune']), "dateformat" => $db->escape_string($user['dateformat']), "timeformat" => $db->escape_string($user['timeformat']),
|
"daysprune" => intval($user['options']['daysprune']), "dateformat" => $db->escape_string($user['dateformat']), "timeformat" => $db->escape_string($user['timeformat']),
|
"regip" => $user['regip'],
| "regip" => $db->escape_string($user['regip']),
|
"language" => $db->escape_string($user['language']), "showcodebuttons" => $user['options']['showcodebuttons'], "away" => $user['away']['away'],
| "language" => $db->escape_string($user['language']), "showcodebuttons" => $user['options']['showcodebuttons'], "away" => $user['away']['away'],
|
Zeile 860 | Zeile 856 |
---|
$db->insert_query(TABLE_PREFIX."users", $this->user_insert_data); $this->uid = $db->insert_id();
|
$db->insert_query(TABLE_PREFIX."users", $this->user_insert_data); $this->uid = $db->insert_id();
|
$user['user_fields'] = array( 'ufid' => $this->uid, 'fid1' => '', 'fid2' => '', 'fid3' => '' );
| $user['user_fields']['ufid'] = $this->uid; $query = $db->query("SHOW FIELDS FROM ".TABLE_PREFIX."userfields"); while($field = $db->fetch_array($query)) { if($field['Field'] == 'ufid' || array_key_exists($field['Field'], $user['user_fields'])) { continue; } $user['user_fields'][$field['Field']] = ''; }
|
$db->insert_query(TABLE_PREFIX."userfields", $user['user_fields']);
// Update forum stats
|
$db->insert_query(TABLE_PREFIX."userfields", $user['user_fields']);
// Update forum stats
|
$cache->updatestats();
| update_stats(array('numusers' => '+1'));
|
return array( "uid" => $this->uid,
| return array( "uid" => $this->uid,
|
Zeile 887 | Zeile 889 |
---|
function update_user() { global $db, $plugins;
|
function update_user() { global $db, $plugins;
|
|
|
// Yes, validating is required. if(!$this->get_validated()) {
| // Yes, validating is required. if(!$this->get_validated()) {
|
Zeile 936 | Zeile 937 |
---|
$this->user_update_data['additionalgroups'] = $db->escape_string($user['additionalgroups']); } if(isset($user['displaygroup']))
|
$this->user_update_data['additionalgroups'] = $db->escape_string($user['additionalgroups']); } if(isset($user['displaygroup']))
|
{
| {
|
$this->user_update_data['displaygroup'] = intval($user['displaygroup']); } if(isset($user['usertitle']))
| $this->user_update_data['displaygroup'] = intval($user['displaygroup']); } if(isset($user['usertitle']))
|
Zeile 1005 | Zeile 1006 |
---|
} if(isset($user['language'])) {
|
} if(isset($user['language'])) {
|
$this->user_update_data['language'] = $user['language'];
| $this->user_update_data['language'] = $db->escape_string($user['language']);
|
} if(isset($user['away'])) {
| } if(isset($user['away'])) {
|
Zeile 1034 | Zeile 1035 |
---|
if(count($this->user_update_data) < 1) { return false;
|
if(count($this->user_update_data) < 1) { return false;
|
}
| }
|
// Actual updating happens here. $db->update_query(TABLE_PREFIX."users", $this->user_update_data, "uid='{$user['uid']}'");
|
// Actual updating happens here. $db->update_query(TABLE_PREFIX."users", $this->user_update_data, "uid='{$user['uid']}'");
|
|
|
// Maybe some userfields need to be updated? if(is_array($user['user_fields'])) {
| // Maybe some userfields need to be updated? if(is_array($user['user_fields'])) {
|
Zeile 1047 | Zeile 1048 |
---|
if(!$fields['ufid']) { $user_fields = array(
|
if(!$fields['ufid']) { $user_fields = array(
|
'ufid' => $user['uid'], 'fid1' => '', 'fid2' => '', 'fid3' => ''
| 'ufid' => $user['uid']
|
);
|
);
|
| $query = $db->query("SHOW FIELDS FROM ".TABLE_PREFIX."userfields"); while($field = $db->fetch_array($query)) { if($field['Field'] == 'ufid') { continue; } $user_fields[$field['Field']] = ''; }
|
$db->insert_query(TABLE_PREFIX."userfields", $user_fields); } $db->update_query(TABLE_PREFIX."userfields", $user['user_fields'], "ufid='{$user['uid']}'");
| $db->insert_query(TABLE_PREFIX."userfields", $user_fields); } $db->update_query(TABLE_PREFIX."userfields", $user['user_fields'], "ufid='{$user['uid']}'");
|
Zeile 1071 | Zeile 1079 |
---|
$db->update_query(TABLE_PREFIX."threads", $username_update, "uid='{$user['uid']}'"); $db->update_query(TABLE_PREFIX."threads", $lastposter_update, "lastposteruid='{$user['uid']}'"); $db->update_query(TABLE_PREFIX."forums", $lastposter_update, "lastposteruid='{$user['uid']}'");
|
$db->update_query(TABLE_PREFIX."threads", $username_update, "uid='{$user['uid']}'"); $db->update_query(TABLE_PREFIX."threads", $lastposter_update, "lastposteruid='{$user['uid']}'"); $db->update_query(TABLE_PREFIX."forums", $lastposter_update, "lastposteruid='{$user['uid']}'");
|
| global $cache; $stats = $cache->read("stats"); if($stats['lastuid'] == $user['uid']) { // User was latest to register, update stats update_stats(array("numusers" => "+0")); }
|
}
}
| }
}
|