| Zeile 6 | Zeile 6 |
|---|
* Website: http://www.mybboard.com
* License: http://www.mybboard.com/eula.html
*
|
* Website: http://www.mybboard.com
* License: http://www.mybboard.com/eula.html
*
|
* $Id: user.php 2194 2006-09-03 12:46:22Z chris $
| * $Id: user.php 2458 2006-11-29 07:27:32Z chris $
|
*/
/**
| */
/**
|
| Zeile 57 | Zeile 57 |
|---|
*/
function verify_username()
{
|
*/
function verify_username()
{
|
| | global $mybb;
|
$username = &$this->data['username'];
require_once MYBB_ROOT.'inc/functions_user.php';
| $username = &$this->data['username'];
require_once MYBB_ROOT.'inc/functions_user.php';
|
| Zeile 83 | Zeile 85 |
|---|
// Check for certain characters in username (<, >, &, and slashes)
if(eregi("<", $username) || eregi(">", $username) || eregi("&", $username) || strpos($username, "\\") !== false || eregi(";", $username))
|
// Check for certain characters in username (<, >, &, and slashes)
if(eregi("<", $username) || eregi(">", $username) || eregi("&", $username) || strpos($username, "\\") !== false || eregi(";", $username))
|
{
| {
|
$this->set_error("bad_characters_username");
|
$this->set_error("bad_characters_username");
|
return false;
}
| return false;
}
|
// Check if the username is of the correct length.
if(($mybb->settings['maxnamelength'] != 0 && my_strlen($username) > $mybb->settings['maxnamelength']) || ($mybb->settings['minnamelength'] != 0 && my_strlen($username) < $mybb->settings['minnamelength']) && !$bannedusername && !$missingname)
{
$this->set_error('invalid_username_length', array($mybb->settings['minnamelength'], $mybb->settings['maxnamelength']));
|
// Check if the username is of the correct length.
if(($mybb->settings['maxnamelength'] != 0 && my_strlen($username) > $mybb->settings['maxnamelength']) || ($mybb->settings['minnamelength'] != 0 && my_strlen($username) < $mybb->settings['minnamelength']) && !$bannedusername && !$missingname)
{
$this->set_error('invalid_username_length', array($mybb->settings['minnamelength'], $mybb->settings['maxnamelength']));
|
return false;
}
return true;
}
/**
| return false;
}
return true;
}
/**
|
* Verifies if a username is already in use or not.
*
* @return boolean False when the username is not in use, true when it is.
| * Verifies if a username is already in use or not.
*
* @return boolean False when the username is not in use, true when it is.
|
| Zeile 109 | Zeile 111 |
|---|
$username = &$this->data['username'];
|
$username = &$this->data['username'];
|
$query = $db->simple_select(TABLE_PREFIX."users", "COUNT(uid) AS count", "username='".$db->escape_string($username)."'");
| $query = $db->simple_select(TABLE_PREFIX."users", "COUNT(uid) AS count", "LOWER(username)='".$db->escape_string(strtolower($username))."'");
|
$user_count = $db->fetch_field($query, "count");
if($user_count > 0)
{
| $user_count = $db->fetch_field($query, "count");
if($user_count > 0)
{
|
| Zeile 142 | Zeile 144 |
|---|
// See if the board has "require complex passwords" enabled.
if($mybb->settings['requirecomplexpasswords'] == "yes")
|
// See if the board has "require complex passwords" enabled.
if($mybb->settings['requirecomplexpasswords'] == "yes")
|
{
| {
|
// Complex passwords required, do some extra checks.
// First, see if there is one or more complex character(s) in the password.
if(!preg_match('#[\W]+#', $user['password']))
| // Complex passwords required, do some extra checks.
// First, see if there is one or more complex character(s) in the password.
if(!preg_match('#[\W]+#', $user['password']))
|
| Zeile 163 | Zeile 165 |
|---|
$user['md5password'] = md5($user['password']);
// Generate our salt
|
$user['md5password'] = md5($user['password']);
// Generate our salt
|
$user['salt'] = generate_salt();
| if(!$user['salt'])
{
$user['salt'] = generate_salt();
}
|
// Combine the password and salt
$user['saltedpw'] = salt_password($user['md5password'], $user['salt']);
|
// Combine the password and salt
$user['saltedpw'] = salt_password($user['md5password'], $user['salt']);
|
|
|
// Generate the user login key
$user['loginkey'] = generate_loginkey();
|
// Generate the user login key
$user['loginkey'] = generate_loginkey();
|
return true;
}
/**
|
return true;
}
/**
|
* Verifies usergroup selections and other group details.
|
* Verifies usergroup selections and other group details.
|
*
* @return boolean True when valid, false when invalid.
*/
| *
* @return boolean True when valid, false when invalid.
*/
|
function verify_usergroup()
|
function verify_usergroup()
|
{
| {
|
$user = &$this->data;
return true;
}
| $user = &$this->data;
return true;
}
|
| Zeile 191 | Zeile 196 |
|---|
*/
function verify_email()
{
|
*/
function verify_email()
{
|
| | global $mybb;
|
$user = &$this->data;
// Check if an email address has actually been entered.
| $user = &$this->data;
// Check if an email address has actually been entered.
|
| Zeile 338 | Zeile 345 |
|---|
// Error if a year exists and the year is out of range
if($birthday['year'] != 0 && ($birthday['year'] < (date("Y")-100)) || $birthday['year'] > date("Y"))
|
// Error if a year exists and the year is out of range
if($birthday['year'] != 0 && ($birthday['year'] < (date("Y")-100)) || $birthday['year'] > date("Y"))
|
{
| {
|
$this->set_error("invalid_birthday");
return false;
}
| $this->set_error("invalid_birthday");
return false;
}
|
| Zeile 352 | Zeile 359 |
|---|
elseif($birthday['day'] && $birthday['month'])
{
// If only a day and month are specified, put together a d-m string
|
elseif($birthday['day'] && $birthday['month'])
{
// If only a day and month are specified, put together a d-m string
|
$user['bday'] = $birthday['day']."-".$birthday['month'];
| $user['bday'] = $birthday['day']."-".$birthday['month']."-";
|
}
else
{
| }
else
{
|
| Zeile 373 | Zeile 380 |
|---|
$user = &$this->data;
$profile_fields = &$this->data['profile_fields'];
|
$user = &$this->data;
$profile_fields = &$this->data['profile_fields'];
|
|
|
// Loop through profile fields checking if they exist or not and are filled in.
$userfields = array();
$comma = '';
|
// Loop through profile fields checking if they exist or not and are filled in.
$userfields = array();
$comma = '';
|
| | $editable = '';
if(!$this->data['profile_fields_editable'])
{
$editable = "editable='yes'";
}
|
// Fetch all profile fields first.
$options = array(
'order_by' => 'disporder'
);
|
// Fetch all profile fields first.
$options = array(
'order_by' => 'disporder'
);
|
$query = $db->simple_select(TABLE_PREFIX.'profilefields', 'name, type, fid, required', "editable='yes'", $options);
| $query = $db->simple_select(TABLE_PREFIX.'profilefields', 'name, type, fid, required', $editable, $options);
|
// Then loop through the profile fields.
while($profilefield = $db->fetch_array($query))
{
$profilefield['type'] = htmlspecialchars_uni($profilefield['type']);
$thing = explode("\n", $profilefield['type'], "2");
$type = trim($thing[0]);
|
// Then loop through the profile fields.
while($profilefield = $db->fetch_array($query))
{
$profilefield['type'] = htmlspecialchars_uni($profilefield['type']);
$thing = explode("\n", $profilefield['type'], "2");
$type = trim($thing[0]);
|
$field = "fid$profilefield[fid]";
| $field = "fid{$profilefield['fid']}";
|
// If the profile field is required, but not filled in, present error.
if(!$profile_fields[$field] && $profilefield['required'] == "yes" && !$proferror)
|
// If the profile field is required, but not filled in, present error.
if(!$profile_fields[$field] && $profilefield['required'] == "yes" && !$proferror)
|
| Zeile 409 | Zeile 422 |
|---|
if(!in_array($value, $expoptions))
{
$this->set_error('bad_profile_field_values', array($profilefield['name']));
|
if(!in_array($value, $expoptions))
{
$this->set_error('bad_profile_field_values', array($profilefield['name']));
|
}
| }
|
if($options)
{
$options .= "\n";
| if($options)
{
$options .= "\n";
|
| Zeile 421 | Zeile 434 |
|---|
{
$expoptions = explode("\n", $thing[1]);
$expoptions = array_map('trim', $expoptions);
|
{
$expoptions = explode("\n", $thing[1]);
$expoptions = array_map('trim', $expoptions);
|
if(!in_array($profile_fields[$field], $expoptions) && $profile_fields[$field] != "")
| if(!in_array(htmlspecialchars_uni($profile_fields[$field]), $expoptions) && $profile_fields[$field] != "")
|
{
$this->set_error('bad_profile_field_values', array($profilefield['name']));
}
| {
$this->set_error('bad_profile_field_values', array($profilefield['name']));
}
|
| Zeile 439 | Zeile 452 |
|---|
/**
* Verifies if an optionally entered referrer exists or not.
|
/**
* Verifies if an optionally entered referrer exists or not.
|
*
* @return boolean True when valid, false when invalid.
*/
| *
* @return boolean True when valid, false when invalid.
*/
|
function verify_referrer()
{
global $db;
| function verify_referrer()
{
global $db;
|
| Zeile 491 | Zeile 504 |
|---|
$this->verify_yesno_option($options, 'showquickreply', 'yes');
$this->verify_yesno_option($options, 'showredirect', 'yes');
|
$this->verify_yesno_option($options, 'showquickreply', 'yes');
$this->verify_yesno_option($options, 'showredirect', 'yes');
|
if($this->method == "insert" || (array_key_exists('showcodebuttons', $options) && $options['showcodebuttons'] != 0))
{
$options['showcodebuttons'] = 1;
}
| if(isset($options['showcodebuttons']))
{
$options['showcodebuttons'] = intval($options['showcodebuttons']);
if($options['showcodebuttons'] != 0)
{
$options['showcodebuttons'] = 1;
}
}
else if($this->method == "insert")
{
$options['showcodebuttons'] = 1;
}
|
if($this->method == "insert" || (isset($options['threadmode']) && $options['threadmode'] != "threaded"))
{
$options['threadmode'] = 'linear';
| if($this->method == "insert" || (isset($options['threadmode']) && $options['threadmode'] != "threaded"))
{
$options['threadmode'] = 'linear';
|
| Zeile 517 | Zeile 539 |
|---|
$options['tpp'] = intval($options['tpp']);
}
// Verify the "posts per page" option.
|
$options['tpp'] = intval($options['tpp']);
}
// Verify the "posts per page" option.
|
if($this->method == "insert" || (array_key_exists('ppp', $options) && $mybb->settings['usepppoptions']))
| if($this->method == "insert" || (array_key_exists('ppp', $options) && $mybb->settings['userpppoptions']))
|
{
$explodedppp = explode(",", $mybb->settings['userpppoptions']);
if(is_array($explodedppp))
{
@asort($explodedppp);
|
{
$explodedppp = explode(",", $mybb->settings['userpppoptions']);
if(is_array($explodedppp))
{
@asort($explodedppp);
|
$biggest = $explodedtpp[count($explodedppp)-1];
| $biggest = $explodedppp[count($explodedppp)-1];
|
// Is the selected option greater than the allowed options?
if($options['ppp'] > $biggest)
{
| // Is the selected option greater than the allowed options?
if($options['ppp'] > $biggest)
{
|
| Zeile 533 | Zeile 555 |
|---|
$options['ppp'] = intval($options['ppp']);
}
// Is our selected "days prune" option valid or not?
|
$options['ppp'] = intval($options['ppp']);
}
// Is our selected "days prune" option valid or not?
|
if($this->method == "insert" || isset($options['daysprune']))
| if($this->method == "insert" || array_key_exists('daysprune', $options))
|
{
$options['daysprune'] = intval($options['daysprune']);
if($options['daysprune'] < 0)
| {
$options['daysprune'] = intval($options['daysprune']);
if($options['daysprune'] < 0)
|
| Zeile 667 | Zeile 689 |
|---|
$old_user = get_user($user['uid']);
}
|
$old_user = get_user($user['uid']);
}
|
if($this->method == "insert" || array_key_exists('usernane', $user))
| if($this->method == "insert" || array_key_exists('username', $user))
|
{
// If the username is the same - no need to verify
if(!$old_user['username'] || $user['username'] != $old_user['username'])
| {
// If the username is the same - no need to verify
if(!$old_user['username'] || $user['username'] != $old_user['username'])
|
| Zeile 761 | Zeile 783 |
|---|
function insert_user()
{
global $db, $cache, $plugins;
|
function insert_user()
{
global $db, $cache, $plugins;
|
// Yes, validating is required.
if(!$this->get_validated())
{
|
// Yes, validating is required.
if(!$this->get_validated())
{
|
die("The user needs to be validated before inserting it into the DB.");
}
if(count($this->get_errors()) > 0)
| die("The user needs to be validated before inserting it into the DB.");
}
if(count($this->get_errors()) > 0)
|
| Zeile 826 | Zeile 848 |
|---|
"returndate" => $user['away']['returndate'],
"awayreason" => $db->escape_string($user['away']['awayreason']),
"notepad" => $db->escape_string($user['notepad']),
|
"returndate" => $user['away']['returndate'],
"awayreason" => $db->escape_string($user['away']['awayreason']),
"notepad" => $db->escape_string($user['notepad']),
|
"referrer" => intval($user['referrer_uid'])
| "referrer" => intval($user['referrer_uid']),
"buddylist" => '',
"ignorelist" => '',
"pmfolders" => '',
"notepad" => ''
|
);
$plugins->run_hooks_by_ref("datahandler_user_insert", $this);
| );
$plugins->run_hooks_by_ref("datahandler_user_insert", $this);
|
| Zeile 834 | Zeile 860 |
|---|
$db->insert_query(TABLE_PREFIX."users", $this->user_insert_data);
$this->uid = $db->insert_id();
|
$db->insert_query(TABLE_PREFIX."users", $this->user_insert_data);
$this->uid = $db->insert_id();
|
$user['user_fields']['ufid'] = $this->uid;
| $user['user_fields'] = array(
'ufid' => $this->uid,
'fid1' => '',
'fid2' => '',
'fid3' => ''
);
|
$db->insert_query(TABLE_PREFIX."userfields", $user['user_fields']);
// Update forum stats
| $db->insert_query(TABLE_PREFIX."userfields", $user['user_fields']);
// Update forum stats
|
| Zeile 856 | Zeile 887 |
|---|
function update_user()
{
global $db, $plugins;
|
function update_user()
{
global $db, $plugins;
|
| |
|
// Yes, validating is required.
if(!$this->get_validated())
|
// Yes, validating is required.
if(!$this->get_validated())
|
| Zeile 998 | Zeile 1030 |
|---|
$old_user = get_user($user['uid']);
$plugins->run_hooks_by_ref("datahandler_user_update", $this);
|
$old_user = get_user($user['uid']);
$plugins->run_hooks_by_ref("datahandler_user_update", $this);
|
| |
if(count($this->user_update_data) < 1)
{
return false;
}
|
// Actual updating happens here.
$db->update_query(TABLE_PREFIX."users", $this->user_update_data, "uid='{$user['uid']}'");
|
// Actual updating happens here.
$db->update_query(TABLE_PREFIX."users", $this->user_update_data, "uid='{$user['uid']}'");
|
| Zeile 1009 | Zeile 1046 |
|---|
$fields = $db->fetch_array($query);
if(!$fields['ufid'])
{
|
$fields = $db->fetch_array($query);
if(!$fields['ufid'])
{
|
$db->insert_query(TABLE_PREFIX."userfields", array('ufid' => $user['uid']));
| $user_fields = array(
'ufid' => $user['uid'],
'fid1' => '',
'fid2' => '',
'fid3' => ''
);
$db->insert_query(TABLE_PREFIX."userfields", $user_fields);
|
}
$db->update_query(TABLE_PREFIX."userfields", $user['user_fields'], "ufid='{$user['uid']}'");
}
| }
$db->update_query(TABLE_PREFIX."userfields", $user['user_fields'], "ufid='{$user['uid']}'");
}
|
| Zeile 1018 | Zeile 1061 |
|---|
if($this->user_update_data['username'] != $old_user['username'] && $this->user_update_data['username'] != '')
{
$username_update = array(
|
if($this->user_update_data['username'] != $old_user['username'] && $this->user_update_data['username'] != '')
{
$username_update = array(
|
"username" => $db->escape_string($this->user_update_data['username'])
| "username" => $this->user_update_data['username']
|
);
$lastposter_update = array(
|
);
$lastposter_update = array(
|
"lastposter" => $db->escape_string($this->user_update_data['username'])
| "lastposter" => $this->user_update_data['username']
|
);
$db->update_query(TABLE_PREFIX."posts", $username_update, "uid='{$user['uid']}'");
| );
$db->update_query(TABLE_PREFIX."posts", $username_update, "uid='{$user['uid']}'");
|