Vergleich inc/datahandlers/user.php - 1.8.8 - 1.8.15

  Keine Änderungen   Hinzugefügt   Modifiziert   Entfernt
Zeile 187Zeile 187
		}

// Has the user tried to use their email address or username as a password?

		}

// Has the user tried to use their email address or username as a password?

		if($user['email'] === $user['password'] || $user['username'] === $user['password'])



		if($user['email'] === $user['password'] || $user['username'] === $user['password']
|| strpos($user['password'], $user['email']) !== false || strpos($user['password'], $user['username']) !== false
|| strpos($user['email'], $user['password']) !== false || strpos($user['username'], $user['password']) !== false)

		{
$this->set_error('bad_password_security');
return false;

		{
$this->set_error('bad_password_security');
return false;

Zeile 211Zeile 213
			$this->set_error("passwords_dont_match");
return false;
}

			$this->set_error("passwords_dont_match");
return false;
}


// MD5 the password
$user['md5password'] = md5($user['password']);

// Generate our salt
$user['salt'] = generate_salt();

// Combine the password and salt
$user['saltedpw'] = salt_password($user['md5password'], $user['salt']);

 

// Generate the user login key
$user['loginkey'] = generate_loginkey();



// Generate the user login key
$user['loginkey'] = generate_loginkey();


		return true;
}






		// Combine the password and salt
$password_fields = create_password($user['password'], false, $user);
$user = array_merge($user, $password_fields);

return true;
}


	/**
* Verifies usergroup selections and other group details.

	/**
* Verifies usergroup selections and other group details.

	*

	*

	* @return boolean True when valid, false when invalid.
*/
function verify_usergroup()

	* @return boolean True when valid, false when invalid.
*/
function verify_usergroup()

Zeile 242Zeile 239
	* @return boolean True when valid, false when invalid.
*/
function verify_email()

	* @return boolean True when valid, false when invalid.
*/
function verify_email()

	{
global $mybb;


	{
global $mybb;


		$user = &$this->data;

// Check if an email address has actually been entered.
if(trim_blank_chrs($user['email']) == '')
{
$this->set_error('missing_email');

		$user = &$this->data;

// Check if an email address has actually been entered.
if(trim_blank_chrs($user['email']) == '')
{
$this->set_error('missing_email');

			return false;
}


			return false;
}


		// Check if this is a proper email address.
if(!validate_email_format($user['email']))

		// Check if this is a proper email address.
if(!validate_email_format($user['email']))

		{

		{

			$this->set_error('invalid_email_format');

			$this->set_error('invalid_email_format');

			return false;
}

			return false;
}


// Check banned emails
if(is_banned_email($user['email'], true))
{
$this->set_error('banned_email');


// Check banned emails
if(is_banned_email($user['email'], true))
{
$this->set_error('banned_email');

			return false;
}


			return false;
}


		// Check signed up emails
// Ignore the ACP because the Merge System sometimes produces users with duplicate email addresses (Not A Bug)
if($mybb->settings['allowmultipleemails'] == 0 && !defined("IN_ADMINCP"))

		// Check signed up emails
// Ignore the ACP because the Merge System sometimes produces users with duplicate email addresses (Not A Bug)
if($mybb->settings['allowmultipleemails'] == 0 && !defined("IN_ADMINCP"))

Zeile 276Zeile 273
			if(isset($user['uid']))
{
$uid = $user['uid'];

			if(isset($user['uid']))
{
$uid = $user['uid'];

			}

			}

			if(email_already_in_use($user['email'], $uid))
{
$this->set_error('email_already_in_use');
return false;
}

			if(email_already_in_use($user['email'], $uid))
{
$this->set_error('email_already_in_use');
return false;
}

		}

		}


// If we have an "email2", verify it matches the existing email
if(isset($user['email2']) && $user['email'] != $user['email2'])
{
$this->set_error("emails_dont_match");


// If we have an "email2", verify it matches the existing email
if(isset($user['email2']) && $user['email'] != $user['email2'])
{
$this->set_error("emails_dont_match");

			return false;
}

return true;
}


			return false;
}

return true;
}


	/**
* Verifies if a website is valid or not.
*

	/**
* Verifies if a website is valid or not.
*

Zeile 302Zeile 299
	function verify_website()
{
$website = &$this->data['website'];

	function verify_website()
{
$website = &$this->data['website'];





		if(!empty($website) && !my_validate_url($website))
{
$website = 'http://'.$website;

		if(!empty($website) && !my_validate_url($website))
{
$website = 'http://'.$website;

Zeile 311Zeile 308
		if(!empty($website) && !my_validate_url($website))
{
$this->set_error('invalid_website');

		if(!empty($website) && !my_validate_url($website))
{
$this->set_error('invalid_website');

			return false;
}

return true;
}

			return false;
}

return true;
}


/**
* Verifies if an ICQ number is valid or not.


/**
* Verifies if an ICQ number is valid or not.

Zeile 361Zeile 358
		if($birthday['day'] != 0 || $birthday['month'] != 0)
{
if($birthday['day'] < 1 || $birthday['day'] > 31 || $birthday['month'] < 1 || $birthday['month'] > 12 || ($birthday['month'] == 2 && $birthday['day'] > 29))

		if($birthday['day'] != 0 || $birthday['month'] != 0)
{
if($birthday['day'] < 1 || $birthday['day'] > 31 || $birthday['month'] < 1 || $birthday['month'] > 12 || ($birthday['month'] == 2 && $birthday['day'] > 29))

			{
$this->set_error("invalid_birthday");
return false;
}

			{
$this->set_error("invalid_birthday");
return false;
}

		}

// Check if the day actually exists.

		}

// Check if the day actually exists.

Zeile 413Zeile 410
		{
// If only a day and month are specified, put together a d-m string
$user['bday'] = $birthday['day']."-".$birthday['month']."-";

		{
// If only a day and month are specified, put together a d-m string
$user['bday'] = $birthday['day']."-".$birthday['month']."-";

		}
else
{

		}
else
{

			// No field is specified, so return an empty string for an unknown birthday
$user['bday'] = '';
}

			// No field is specified, so return an empty string for an unknown birthday
$user['bday'] = '';
}

Zeile 438Zeile 435
		if(!in_array($birthdayprivacy, $accepted))
{
$this->set_error("invalid_birthday_privacy");

		if(!in_array($birthdayprivacy, $accepted))
{
$this->set_error("invalid_birthday_privacy");

			return false;
}
return true;

			return false;
}
return true;

	}

/**

	}

/**

Zeile 463Zeile 460

/**
* Verifies if the thread count field is filled in correctly.


/**
* Verifies if the thread count field is filled in correctly.

	*
* @return boolean True when valid, false when invalid.
*/

	*
* @return boolean True when valid, false when invalid.
*/

	function verify_threadnum()

	function verify_threadnum()

	{
$user = &$this->data;


	{
$user = &$this->data;


		if(isset($user['threadnum']) && $user['threadnum'] < 0)
{
$this->set_error("invalid_threadnum");
return false;
}

		if(isset($user['threadnum']) && $user['threadnum'] < 0)
{
$this->set_error("invalid_threadnum");
return false;
}





		return true;
}

		return true;
}





	/**
* Verifies if a profile fields are filled in correctly.
*

	/**
* Verifies if a profile fields are filled in correctly.
*

Zeile 490Zeile 487

$user = &$this->data;
$profile_fields = &$this->data['profile_fields'];


$user = &$this->data;
$profile_fields = &$this->data['profile_fields'];





		// Loop through profile fields checking if they exist or not and are filled in.

// Fetch all profile fields first.

		// Loop through profile fields checking if they exist or not and are filled in.

// Fetch all profile fields first.

Zeile 539Zeile 536
				elseif(($type == "multiselect" || $type == "checkbox") && $profile_fields[$field] == "" && $profilefield['required'] == 1 && !defined('IN_ADMINCP') && THIS_SCRIPT != "modcp.php")
{
$this->set_error('missing_required_profile_field', array($profilefield['name']));

				elseif(($type == "multiselect" || $type == "checkbox") && $profile_fields[$field] == "" && $profilefield['required'] == 1 && !defined('IN_ADMINCP') && THIS_SCRIPT != "modcp.php")
{
$this->set_error('missing_required_profile_field', array($profilefield['name']));

				}

				}


// Sort out multiselect/checkbox profile fields.
$options = '';


// Sort out multiselect/checkbox profile fields.
$options = '';

Zeile 577Zeile 574
						$this->set_error('max_limit_reached', array($profilefield['name'], $profilefield['maxlength']));
}


						$this->set_error('max_limit_reached', array($profilefield['name'], $profilefield['maxlength']));
}


					if(!empty($profilefield['regex']) && !preg_match("#".$profilefield['regex']."#i", $profile_fields[$field]))

					if(!empty($profilefield['regex']) && !empty($profile_fields[$field]) && !preg_match("#".$profilefield['regex']."#i", $profile_fields[$field]))

					{
$this->set_error('bad_profile_field_value', array($profilefield['name']));
}

					{
$this->set_error('bad_profile_field_value', array($profilefield['name']));
}

Zeile 590Zeile 587

return true;
}


return true;
}





	/**
* Verifies if an optionally entered referrer exists or not.
*

	/**
* Verifies if an optionally entered referrer exists or not.
*

Zeile 599Zeile 596
	function verify_referrer()
{
global $db, $mybb;

	function verify_referrer()
{
global $db, $mybb;





		$user = &$this->data;

// Does the referrer exist or not?

		$user = &$this->data;

// Does the referrer exist or not?

Zeile 614Zeile 611
			}

$user['referrer_uid'] = $referrer['uid'];

			}

$user['referrer_uid'] = $referrer['uid'];

		}

		}

		else
{
$user['referrer_uid'] = 0;

		else
{
$user['referrer_uid'] = 0;

Zeile 687Zeile 684
			$options['dst'] = 1;
}
else if($options['dstcorrection'] == 0)

			$options['dst'] = 1;
}
else if($options['dstcorrection'] == 0)

		{

		{

			$options['dst'] = 0;
}


			$options['dst'] = 0;
}


Zeile 785Zeile 782
	function verify_lastvisit()
{
$lastvisit = &$this->data['lastvisit'];

	function verify_lastvisit()
{
$lastvisit = &$this->data['lastvisit'];





		$lastvisit = (int)$lastvisit;
// If the timestamp is below 0, set it to the current time.
if($lastvisit <= 0)
{
$lastvisit = TIME_NOW;

		$lastvisit = (int)$lastvisit;
// If the timestamp is below 0, set it to the current time.
if($lastvisit <= 0)
{
$lastvisit = TIME_NOW;

		}
return true;

}

		}
return true;

}


/**
* Verifies if a last active date is valid or not.


/**
* Verifies if a last active date is valid or not.

Zeile 810Zeile 807
		if($lastactive <= 0)
{
$lastactive = TIME_NOW;

		if($lastactive <= 0)
{
$lastactive = TIME_NOW;

		}
return true;

}

		}
return true;

}


/**
* Verifies if an away mode status is valid or not.


/**
* Verifies if an away mode status is valid or not.

Zeile 1098Zeile 1095

$this->user_insert_data = array(
"username" => $db->escape_string($user['username']),


$this->user_insert_data = array(
"username" => $db->escape_string($user['username']),

			"password" => $user['saltedpw'],

			"password" => $user['password'],

			"salt" => $user['salt'],
"loginkey" => $user['loginkey'],
"email" => $db->escape_string($user['email']),

			"salt" => $user['salt'],
"loginkey" => $user['loginkey'],
"email" => $db->escape_string($user['email']),

Zeile 1178Zeile 1175
		else if($user['options']['dstcorrection'] == 0)
{
$this->user_insert_data['dst'] = 0;

		else if($user['options']['dstcorrection'] == 0)
{
$this->user_insert_data['dst'] = 0;

		}

$plugins->run_hooks("datahandler_user_insert", $this);


		}

$plugins->run_hooks("datahandler_user_insert", $this);


		$this->uid = $db->insert_query("users", $this->user_insert_data);

$user['user_fields']['ufid'] = $this->uid;

		$this->uid = $db->insert_query("users", $this->user_insert_data);

$user['user_fields']['ufid'] = $this->uid;

Zeile 1209Zeile 1206
				SET referrals=referrals+1
WHERE uid='{$this->user_insert_data['referrer']}'
");

				SET referrals=referrals+1
WHERE uid='{$this->user_insert_data['referrer']}'
");

		}


		}


		// Update forum stats
update_stats(array('numusers' => '+1'));

if((int)$user['usergroup'] == 5)
{
$cache->update_awaitingactivation();

		// Update forum stats
update_stats(array('numusers' => '+1'));

if((int)$user['usergroup'] == 5)
{
$cache->update_awaitingactivation();

		}

		}


$this->return_values = array(
"uid" => $this->uid,


$this->return_values = array(
"uid" => $this->uid,

Zeile 1261Zeile 1258
		{
$this->user_update_data['username'] = $db->escape_string($user['username']);
}

		{
$this->user_update_data['username'] = $db->escape_string($user['username']);
}

		if(isset($user['saltedpw']))





		if(isset($user['password']))
{
$this->user_update_data['password'] = $user['password'];
}
if(isset($user['salt']))

		{

		{

			$this->user_update_data['password'] = $user['saltedpw'];

 
			$this->user_update_data['salt'] = $user['salt'];

			$this->user_update_data['salt'] = $user['salt'];

 
		}
if(isset($user['loginkey']))
{

			$this->user_update_data['loginkey'] = $user['loginkey'];
}
if(isset($user['email']))

			$this->user_update_data['loginkey'] = $user['loginkey'];
}
if(isset($user['email']))

Zeile 1586Zeile 1589
		$cache->update_forumsdisplay();
$cache->update_reportedcontent();
$cache->update_awaitingactivation();

		$cache->update_forumsdisplay();
$cache->update_reportedcontent();
$cache->update_awaitingactivation();

 
		$cache->update_birthdays();


return $this->return_values;
}


return $this->return_values;
}

Zeile 1596Zeile 1600
	 * @param array|bool $delete_uids Array of user ids, false if they're already set (eg when using the delete_user function)
*/
function delete_content($delete_uids=false)

	 * @param array|bool $delete_uids Array of user ids, false if they're already set (eg when using the delete_user function)
*/
function delete_content($delete_uids=false)

	{
global $db, $plugins, $mybb;

if($delete_uids != false)
{
$this->delete_uids = array_map('intval', (array)$delete_uids);

foreach($this->delete_uids as $key => $uid)
{
if(!$uid || is_super_admin($uid) || $uid == $mybb->user['uid'])
{
// Remove super admins
unset($this->delete_uids[$key]);
}

	{
global $db, $plugins, $mybb;

if($delete_uids != false)
{
$this->delete_uids = array_map('intval', (array)$delete_uids);

foreach($this->delete_uids as $key => $uid)
{
if(!$uid || is_super_admin($uid) || $uid == $mybb->user['uid'])
{
// Remove super admins
unset($this->delete_uids[$key]);
}

			}

$this->delete_uids = implode(',', $this->delete_uids);

			}

$this->delete_uids = implode(',', $this->delete_uids);

Zeile 1650Zeile 1654

// Update the reports made by the deleted users by setting the uid to 0
$db->update_query('reportedcontent', array('uid' => 0), "uid IN({$this->delete_uids})");


// Update the reports made by the deleted users by setting the uid to 0
$db->update_query('reportedcontent', array('uid' => 0), "uid IN({$this->delete_uids})");


// Remove any of the user(s) uploaded avatars
require_once MYBB_ROOT.'inc/functions_upload.php';
foreach(explode(',', $this->delete_uids) as $uid)
{
remove_avatars($uid);
}
}

/**


// Remove any of the user(s) uploaded avatars
require_once MYBB_ROOT.'inc/functions_upload.php';
foreach(explode(',', $this->delete_uids) as $uid)
{
remove_avatars($uid);
}
}

/**

	 * Provides a method to delete an users posts and threads
*
* @param array|bool $delete_uids Array of user ids, false if they're already set (eg when using the delete_user function)

	 * Provides a method to delete an users posts and threads
*
* @param array|bool $delete_uids Array of user ids, false if they're already set (eg when using the delete_user function)

Zeile 1706Zeile 1710
		while($pid = $db->fetch_field($query, 'pid'))
{
$moderation->delete_post($pid);

		while($pid = $db->fetch_field($query, 'pid'))
{
$moderation->delete_post($pid);

		}
}


		}
}


	/**
* Provides a method to clear an users profile
*

	/**
* Provides a method to clear an users profile
*

Zeile 1758Zeile 1762
		);

if($gid > 0)

		);

if($gid > 0)

		{

		{

			$update["usergroup"] = (int)$gid;

			$update["usergroup"] = (int)$gid;

		}

$plugins->run_hooks('datahandler_user_clear_profile', $this);

		}

$plugins->run_hooks('datahandler_user_clear_profile', $this);


if(empty($this->delete_uids))


if(empty($this->delete_uids))

		{

		{

			return;

			return;

		}


		}


		$db->update_query("users", $update, "uid IN({$this->delete_uids})");
$db->delete_query('userfields', "ufid IN({$this->delete_uids})");

		$db->update_query("users", $update, "uid IN({$this->delete_uids})");
$db->delete_query('userfields', "ufid IN({$this->delete_uids})");





		// Remove any of the user(s) uploaded avatars
require_once MYBB_ROOT.'inc/functions_upload.php';
foreach(explode(',', $this->delete_uids) as $uid)

		// Remove any of the user(s) uploaded avatars
require_once MYBB_ROOT.'inc/functions_upload.php';
foreach(explode(',', $this->delete_uids) as $uid)

Zeile 1783Zeile 1787
	public function verify_signature()
{
global $mybb, $parser;

	public function verify_signature()
{
global $mybb, $parser;





		if(!isset($parser))
{
require_once MYBB_ROOT."inc/class_parser.php";
$parser = new postParser;
}

		if(!isset($parser))
{
require_once MYBB_ROOT."inc/class_parser.php";
$parser = new postParser;
}





		$parser_options = array(
'allow_html' => $mybb->settings['sightml'],
'filter_badwords' => 1,

		$parser_options = array(
'allow_html' => $mybb->settings['sightml'],
'filter_badwords' => 1,

Zeile 1798Zeile 1802
			'allow_imgcode' => $mybb->settings['sigimgcode'],
"filter_badwords" => 1
);

			'allow_imgcode' => $mybb->settings['sigimgcode'],
"filter_badwords" => 1
);





		$parsed_sig = $parser->parse_message($this->data['signature'], $parser_options);

if((($mybb->settings['sigimgcode'] == 0 && $mybb->settings['sigsmilies'] != 1) &&

		$parsed_sig = $parser->parse_message($this->data['signature'], $parser_options);

if((($mybb->settings['sigimgcode'] == 0 && $mybb->settings['sigsmilies'] != 1) &&

Zeile 1808Zeile 1812
		)
{
$imgsallowed = 0;

		)
{
$imgsallowed = 0;

			



			if($mybb->settings['sigimgcode'] == 1)
{
$imgsallowed = $mybb->settings['maxsigimages'];

			if($mybb->settings['sigimgcode'] == 1)
{
$imgsallowed = $mybb->settings['maxsigimages'];