Vergleich inc/datahandlers/user.php - 1.8.10 - 1.8.15

  Keine Änderungen   Hinzugefügt   Modifiziert   Entfernt
Zeile 187Zeile 187
		}

// Has the user tried to use their email address or username as a password?

		}

// Has the user tried to use their email address or username as a password?

		if($user['email'] === $user['password'] || $user['username'] === $user['password'])



		if($user['email'] === $user['password'] || $user['username'] === $user['password']
|| strpos($user['password'], $user['email']) !== false || strpos($user['password'], $user['username']) !== false
|| strpos($user['email'], $user['password']) !== false || strpos($user['username'], $user['password']) !== false)

		{
$this->set_error('bad_password_security');
return false;

		{
$this->set_error('bad_password_security');
return false;

Zeile 211Zeile 213
			$this->set_error("passwords_dont_match");
return false;
}

			$this->set_error("passwords_dont_match");
return false;
}


// Generate our salt
$user['salt'] = generate_salt();

// Combine the password and salt
$user['saltedpw'] = create_password_hash($user['password'], $user['salt'], $user);

 

// Generate the user login key
$user['loginkey'] = generate_loginkey();



// Generate the user login key
$user['loginkey'] = generate_loginkey();


		return true;
}






		// Combine the password and salt
$password_fields = create_password($user['password'], false, $user);
$user = array_merge($user, $password_fields);

return true;
}


	/**
* Verifies usergroup selections and other group details.
*
* @return boolean True when valid, false when invalid.
*/
function verify_usergroup()

	/**
* Verifies usergroup selections and other group details.
*
* @return boolean True when valid, false when invalid.
*/
function verify_usergroup()

	{
return true;
}

	{
return true;
}

	/**
* Verifies if an email address is valid or not.
*

	/**
* Verifies if an email address is valid or not.
*

Zeile 248Zeile 248
		if(trim_blank_chrs($user['email']) == '')
{
$this->set_error('missing_email');

		if(trim_blank_chrs($user['email']) == '')
{
$this->set_error('missing_email');

			return false;
}

			return false;
}


// Check if this is a proper email address.
if(!validate_email_format($user['email']))


// Check if this is a proper email address.
if(!validate_email_format($user['email']))

		{

		{

			$this->set_error('invalid_email_format');

			$this->set_error('invalid_email_format');

			return false;
}

			return false;
}


// Check banned emails
if(is_banned_email($user['email'], true))
{
$this->set_error('banned_email');


// Check banned emails
if(is_banned_email($user['email'], true))
{
$this->set_error('banned_email');

			return false;
}


			return false;
}


		// Check signed up emails
// Ignore the ACP because the Merge System sometimes produces users with duplicate email addresses (Not A Bug)
if($mybb->settings['allowmultipleemails'] == 0 && !defined("IN_ADMINCP"))

		// Check signed up emails
// Ignore the ACP because the Merge System sometimes produces users with duplicate email addresses (Not A Bug)
if($mybb->settings['allowmultipleemails'] == 0 && !defined("IN_ADMINCP"))

Zeile 279Zeile 279
				$this->set_error('email_already_in_use');
return false;
}

				$this->set_error('email_already_in_use');
return false;
}

		}


		}


		// If we have an "email2", verify it matches the existing email
if(isset($user['email2']) && $user['email'] != $user['email2'])
{

		// If we have an "email2", verify it matches the existing email
if(isset($user['email2']) && $user['email'] != $user['email2'])
{

Zeile 308Zeile 308
		if(!empty($website) && !my_validate_url($website))
{
$this->set_error('invalid_website');

		if(!empty($website) && !my_validate_url($website))
{
$this->set_error('invalid_website');

			return false;
}

return true;
}

			return false;
}

return true;
}


/**
* Verifies if an ICQ number is valid or not.


/**
* Verifies if an ICQ number is valid or not.

Zeile 345Zeile 345
		$birthday = &$user['birthday'];

if(!is_array($birthday))

		$birthday = &$user['birthday'];

if(!is_array($birthday))

		{

		{

			return true;
}

			return true;
}





		// Sanitize any input we have
$birthday['day'] = (int)$birthday['day'];
$birthday['month'] = (int)$birthday['month'];

		// Sanitize any input we have
$birthday['day'] = (int)$birthday['day'];
$birthday['month'] = (int)$birthday['month'];

Zeile 358Zeile 358
		if($birthday['day'] != 0 || $birthday['month'] != 0)
{
if($birthday['day'] < 1 || $birthday['day'] > 31 || $birthday['month'] < 1 || $birthday['month'] > 12 || ($birthday['month'] == 2 && $birthday['day'] > 29))

		if($birthday['day'] != 0 || $birthday['month'] != 0)
{
if($birthday['day'] < 1 || $birthday['day'] > 31 || $birthday['month'] < 1 || $birthday['month'] > 12 || ($birthday['month'] == 2 && $birthday['day'] > 29))

			{
$this->set_error("invalid_birthday");
return false;

			{
$this->set_error("invalid_birthday");
return false;

			}

			}

		}

		}


// Check if the day actually exists.
$months = get_bdays($birthday['year']);
if($birthday['month'] != 0 && $birthday['day'] > $months[$birthday['month']-1])


// Check if the day actually exists.
$months = get_bdays($birthday['year']);
if($birthday['month'] != 0 && $birthday['day'] > $months[$birthday['month']-1])

		{
$this->set_error("invalid_birthday");

		{
$this->set_error("invalid_birthday");

			return false;
}


			return false;
}


Zeile 376Zeile 376
		if($birthday['year'] != 0 && ($birthday['year'] < (date("Y")-100)) || $birthday['year'] > date("Y"))
{
$this->set_error("invalid_birthday");

		if($birthday['year'] != 0 && ($birthday['year'] < (date("Y")-100)) || $birthday['year'] > date("Y"))
{
$this->set_error("invalid_birthday");

			return false;

			return false;

		}
else if($birthday['year'] == date("Y"))
{

		}
else if($birthday['year'] == date("Y"))
{

Zeile 407Zeile 407
			$user['bday'] = $birthday['day']."-".$birthday['month']."-".$birthday['year'];
}
elseif($birthday['day'] && $birthday['month'])

			$user['bday'] = $birthday['day']."-".$birthday['month']."-".$birthday['year'];
}
elseif($birthday['day'] && $birthday['month'])

		{

		{

			// If only a day and month are specified, put together a d-m string
$user['bday'] = $birthday['day']."-".$birthday['month']."-";
}

			// If only a day and month are specified, put together a d-m string
$user['bday'] = $birthday['day']."-".$birthday['month']."-";
}

Zeile 435Zeile 435
		if(!in_array($birthdayprivacy, $accepted))
{
$this->set_error("invalid_birthday_privacy");

		if(!in_array($birthdayprivacy, $accepted))
{
$this->set_error("invalid_birthday_privacy");

			return false;
}
return true;
}

			return false;
}
return true;
}


/**
* Verifies if the post count field is filled in correctly.


/**
* Verifies if the post count field is filled in correctly.

Zeile 452Zeile 452
		if(isset($user['postnum']) && $user['postnum'] < 0)
{
$this->set_error("invalid_postnum");

		if(isset($user['postnum']) && $user['postnum'] < 0)
{
$this->set_error("invalid_postnum");

			return false;
}

return true;
}

/**

			return false;
}

return true;
}

/**

	* Verifies if the thread count field is filled in correctly.
*
* @return boolean True when valid, false when invalid.

	* Verifies if the thread count field is filled in correctly.
*
* @return boolean True when valid, false when invalid.

Zeile 466Zeile 466
	function verify_threadnum()
{
$user = &$this->data;

	function verify_threadnum()
{
$user = &$this->data;





		if(isset($user['threadnum']) && $user['threadnum'] < 0)
{
$this->set_error("invalid_threadnum");

		if(isset($user['threadnum']) && $user['threadnum'] < 0)
{
$this->set_error("invalid_threadnum");

			return false;
}

return true;
}

/**

			return false;
}

return true;
}

/**

	* Verifies if a profile fields are filled in correctly.
*
* @return boolean True when valid, false when invalid.

	* Verifies if a profile fields are filled in correctly.
*
* @return boolean True when valid, false when invalid.

Zeile 541Zeile 541
				// Sort out multiselect/checkbox profile fields.
$options = '';
if(($type == "multiselect" || $type == "checkbox") && is_array($profile_fields[$field]))

				// Sort out multiselect/checkbox profile fields.
$options = '';
if(($type == "multiselect" || $type == "checkbox") && is_array($profile_fields[$field]))

				{

				{

					$expoptions = explode("\n", $thing[1]);
$expoptions = array_map('trim', $expoptions);
foreach($profile_fields[$field] as $value)

					$expoptions = explode("\n", $thing[1]);
$expoptions = array_map('trim', $expoptions);
foreach($profile_fields[$field] as $value)

Zeile 558Zeile 558
					}
}
elseif($type == "select" || $type == "radio")

					}
}
elseif($type == "select" || $type == "radio")

				{

				{

					$expoptions = explode("\n", $thing[1]);
$expoptions = array_map('trim', $expoptions);
if(!in_array(htmlspecialchars_uni($profile_fields[$field]), $expoptions) && trim($profile_fields[$field]) != "")

					$expoptions = explode("\n", $thing[1]);
$expoptions = array_map('trim', $expoptions);
if(!in_array(htmlspecialchars_uni($profile_fields[$field]), $expoptions) && trim($profile_fields[$field]) != "")

Zeile 574Zeile 574
						$this->set_error('max_limit_reached', array($profilefield['name'], $profilefield['maxlength']));
}


						$this->set_error('max_limit_reached', array($profilefield['name'], $profilefield['maxlength']));
}


					if(!empty($profilefield['regex']) && !preg_match("#".$profilefield['regex']."#i", $profile_fields[$field]))

					if(!empty($profilefield['regex']) && !empty($profile_fields[$field]) && !preg_match("#".$profilefield['regex']."#i", $profile_fields[$field]))

					{
$this->set_error('bad_profile_field_value', array($profilefield['name']));
}

					{
$this->set_error('bad_profile_field_value', array($profilefield['name']));
}

Zeile 607Zeile 607
			if(empty($referrer['uid']))
{
$this->set_error('invalid_referrer', array($user['referrer']));

			if(empty($referrer['uid']))
{
$this->set_error('invalid_referrer', array($user['referrer']));

				return false;

				return false;

			}

$user['referrer_uid'] = $referrer['uid'];

			}

$user['referrer_uid'] = $referrer['uid'];

Zeile 868Zeile 868

/**
* Verifies if a style is valid for this user or not.


/**
* Verifies if a style is valid for this user or not.

	 *
* @return boolean True when valid, false when invalid.

	 *
* @return boolean True when valid, false when invalid.

	 */
function verify_style()
{

	 */
function verify_style()
{

Zeile 916Zeile 916
	 * @return boolean True when timezone was valid, false otherwise
*/
function verify_timezone()

	 * @return boolean True when timezone was valid, false otherwise
*/
function verify_timezone()

	{
global $mybb;


	{



		$user = &$this->data;

$timezones = get_supported_timezones();

		$user = &$this->data;

$timezones = get_supported_timezones();

Zeile 950Zeile 948
		}

if($this->method == "insert" || array_key_exists('username', $user))

		}

if($this->method == "insert" || array_key_exists('username', $user))

		{

		{

			// If the username is the same - no need to verify
if(!isset($old_user['username']) || $user['username'] != $old_user['username'])
{

			// If the username is the same - no need to verify
if(!isset($old_user['username']) || $user['username'] != $old_user['username'])
{

Zeile 999Zeile 997
			$this->verify_threadnum();
}
if($this->method == "insert" || array_key_exists('profile_fields', $user))

			$this->verify_threadnum();
}
if($this->method == "insert" || array_key_exists('profile_fields', $user))

		{

		{

			$this->verify_profile_fields();
}
if($this->method == "insert" || array_key_exists('referrer', $user))

			$this->verify_profile_fields();
}
if($this->method == "insert" || array_key_exists('referrer', $user))

Zeile 1060Zeile 1058
			return false;
}
else

			return false;
}
else

		{

		{

			return true;
}
}

			return true;
}
}

Zeile 1082Zeile 1080
		if(count($this->get_errors()) > 0)
{
die("The user is not valid.");

		if(count($this->get_errors()) > 0)
{
die("The user is not valid.");

		}

$user = &$this->data;

		}

$user = &$this->data;


$array = array('postnum', 'threadnum', 'avatar', 'avatartype', 'additionalgroups', 'displaygroup', 'icq', 'aim', 'yahoo', 'skype', 'google', 'bday', 'signature', 'style', 'dateformat', 'timeformat', 'notepad');
foreach($array as $value)


$array = array('postnum', 'threadnum', 'avatar', 'avatartype', 'additionalgroups', 'displaygroup', 'icq', 'aim', 'yahoo', 'skype', 'google', 'bday', 'signature', 'style', 'dateformat', 'timeformat', 'notepad');
foreach($array as $value)

Zeile 1097Zeile 1095

$this->user_insert_data = array(
"username" => $db->escape_string($user['username']),


$this->user_insert_data = array(
"username" => $db->escape_string($user['username']),

			"password" => $user['saltedpw'],

			"password" => $user['password'],

			"salt" => $user['salt'],
"loginkey" => $user['loginkey'],
"email" => $db->escape_string($user['email']),

			"salt" => $user['salt'],
"loginkey" => $user['loginkey'],
"email" => $db->escape_string($user['email']),

Zeile 1260Zeile 1258
		{
$this->user_update_data['username'] = $db->escape_string($user['username']);
}

		{
$this->user_update_data['username'] = $db->escape_string($user['username']);
}

		if(isset($user['saltedpw']))





		if(isset($user['password']))
{
$this->user_update_data['password'] = $user['password'];
}
if(isset($user['salt']))

		{

		{

			$this->user_update_data['password'] = $user['saltedpw'];

 
			$this->user_update_data['salt'] = $user['salt'];

			$this->user_update_data['salt'] = $user['salt'];

 
		}
if(isset($user['loginkey']))
{

			$this->user_update_data['loginkey'] = $user['loginkey'];
}
if(isset($user['email']))

			$this->user_update_data['loginkey'] = $user['loginkey'];
}
if(isset($user['email']))

Zeile 1585Zeile 1589
		$cache->update_forumsdisplay();
$cache->update_reportedcontent();
$cache->update_awaitingactivation();

		$cache->update_forumsdisplay();
$cache->update_reportedcontent();
$cache->update_awaitingactivation();

 
		$cache->update_birthdays();


return $this->return_values;
}


return $this->return_values;
}