| [ Index ] |
PHP Cross Reference of MyBB |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * MyBB 1.6 4 * Copyright 2010 MyBB Group, All Rights Reserved 5 * 6 * Website: http://mybb.com 7 * License: http://mybb.com/about/license 8 * 9 * $Id$ 10 */ 11 12 // Disallow direct access to this file for security reasons 13 if(!defined("IN_MYBB")) 14 { 15 die("Direct initialization of this file is not allowed.<br /><br />Please make sure IN_MYBB is defined."); 16 } 17 18 /** 19 * User handling class, provides common structure to handle user data. 20 * 21 */ 22 class UserDataHandler extends DataHandler 23 { 24 /** 25 * The language file used in the data handler. 26 * 27 * @var string 28 */ 29 public $language_file = 'datahandler_user'; 30 31 /** 32 * The prefix for the language variables used in the data handler. 33 * 34 * @var string 35 */ 36 public $language_prefix = 'userdata'; 37 38 /** 39 * Array of data inserted in to a user. 40 * 41 * @var array 42 */ 43 public $user_insert_data = array(); 44 45 /** 46 * Array of data used to update a user. 47 * 48 * @var array 49 */ 50 public $user_update_data = array(); 51 52 /** 53 * User ID currently being manipulated by the datahandlers. 54 * 55 * @var int 56 */ 57 public $uid = 0; 58 59 /** 60 * Verifies if a username is valid or invalid. 61 * 62 * @param boolean True when valid, false when invalid. 63 */ 64 function verify_username() 65 { 66 global $mybb; 67 68 $username = &$this->data['username']; 69 require_once MYBB_ROOT.'inc/functions_user.php'; 70 71 // Fix bad characters 72 $username = trim_blank_chrs($username); 73 $username = str_replace(array(unichr(160), unichr(173), unichr(0xCA), dec_to_utf8(8238), dec_to_utf8(8237), dec_to_utf8(8203)), array(" ", "-", "", "", "", ""), $username); 74 75 // Remove multiple spaces from the username 76 $username = preg_replace("#\s{2,}#", " ", $username); 77 78 // Check if the username is not empty. 79 if($username == '') 80 { 81 $this->set_error('missing_username'); 82 return false; 83 } 84 85 // Check if the username belongs to the list of banned usernames. 86 if(is_banned_username($username, true)) 87 { 88 $this->set_error('banned_username'); 89 return false; 90 } 91 92 // Check for certain characters in username (<, >, &, commas and slashes) 93 if(strpos($username, "<") !== false || strpos($username, ">") !== false || strpos($username, "&") !== false || my_strpos($username, "\\") !== false || strpos($username, ";") !== false || strpos($username, ",") !== false || utf8_handle_4byte_string($username, false) == false) 94 { 95 $this->set_error("bad_characters_username"); 96 return false; 97 } 98 99 // Check if the username is of the correct length. 100 if(($mybb->settings['maxnamelength'] != 0 && my_strlen($username) > $mybb->settings['maxnamelength']) || ($mybb->settings['minnamelength'] != 0 && my_strlen($username) < $mybb->settings['minnamelength'])) 101 { 102 $this->set_error('invalid_username_length', array($mybb->settings['minnamelength'], $mybb->settings['maxnamelength'])); 103 return false; 104 } 105 106 return true; 107 } 108 109 /** 110 * Verifies if a usertitle is valid or invalid. 111 * 112 * @param boolean True when valid, false when invalid. 113 */ 114 function verify_usertitle() 115 { 116 global $mybb; 117 118 $usertitle = &$this->data['usertitle']; 119 $usertitle = utf8_handle_4byte_string($usertitle); 120 121 // Check if the usertitle is of the correct length. 122 if($mybb->settings['customtitlemaxlength'] != 0 && my_strlen($usertitle) > $mybb->settings['customtitlemaxlength']) 123 { 124 $this->set_error('invalid_usertitle_length', $mybb->settings['customtitlemaxlength']); 125 return false; 126 } 127 128 return true; 129 } 130 131 /** 132 * Verifies if a username is already in use or not. 133 * 134 * @return boolean False when the username is not in use, true when it is. 135 */ 136 function verify_username_exists() 137 { 138 global $db; 139 140 $username = &$this->data['username']; 141 142 $uid_check = ""; 143 if($this->data['uid']) 144 { 145 $uid_check = " AND uid!='{$this->data['uid']}'"; 146 } 147 148 $query = $db->simple_select("users", "COUNT(uid) AS count", "LOWER(username)='".$db->escape_string(strtolower(trim($username)))."'{$uid_check}"); 149 150 $user_count = $db->fetch_field($query, "count"); 151 if($user_count > 0) 152 { 153 $this->set_error("username_exists", array($username)); 154 return true; 155 } 156 else 157 { 158 return false; 159 } 160 } 161 162 /** 163 * Verifies if a new password is valid or not. 164 * 165 * @return boolean True when valid, false when invalid. 166 */ 167 function verify_password() 168 { 169 global $mybb; 170 171 $user = &$this->data; 172 173 // Always check for the length of the password. 174 if(my_strlen($user['password']) < $mybb->settings['minpasswordlength'] || my_strlen($user['password']) > $mybb->settings['maxpasswordlength']) 175 { 176 $this->set_error('invalid_password_length', array($mybb->settings['minpasswordlength'], $mybb->settings['maxpasswordlength'])); 177 return false; 178 } 179 180 // See if the board has "require complex passwords" enabled. 181 if($mybb->settings['requirecomplexpasswords'] == 1) 182 { 183 // Complex passwords required, do some extra checks. 184 // First, see if there is one or more complex character(s) in the password. 185 if(!preg_match("/^.*(?=.{".$mybb->settings['minpasswordlength'].",})(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).*$/", $user['password'])) 186 { 187 $this->set_error('no_complex_characters', array($mybb->settings['minpasswordlength'])); 188 return false; 189 } 190 } 191 192 // If we have a "password2" check if they both match 193 if(isset($user['password2']) && $user['password'] != $user['password2']) 194 { 195 $this->set_error("passwords_dont_match"); 196 return false; 197 } 198 199 // MD5 the password 200 $user['md5password'] = md5($user['password']); 201 202 // Generate our salt 203 $user['salt'] = generate_salt(); 204 205 // Combine the password and salt 206 $user['saltedpw'] = salt_password($user['md5password'], $user['salt']); 207 208 // Generate the user login key 209 $user['loginkey'] = generate_loginkey(); 210 211 return true; 212 } 213 214 /** 215 * Verifies usergroup selections and other group details. 216 * 217 * @return boolean True when valid, false when invalid. 218 */ 219 function verify_usergroup() 220 { 221 $user = &$this->data; 222 return true; 223 } 224 /** 225 * Verifies if an email address is valid or not. 226 * 227 * @return boolean True when valid, false when invalid. 228 */ 229 function verify_email() 230 { 231 global $mybb; 232 233 $user = &$this->data; 234 235 // Check if an email address has actually been entered. 236 if(trim_blank_chrs($user['email']) == '') 237 { 238 $this->set_error('missing_email'); 239 return false; 240 } 241 242 // Check if this is a proper email address. 243 if(!validate_email_format($user['email'])) 244 { 245 $this->set_error('invalid_email_format'); 246 return false; 247 } 248 249 // Check banned emails 250 if(is_banned_email($user['email'], true)) 251 { 252 $this->set_error('banned_email'); 253 return false; 254 } 255 256 // Check signed up emails 257 // Ignore the ACP because the Merge System sometimes produces users with duplicate email addresses (Not A Bug) 258 if($mybb->settings['allowmultipleemails'] == 0 && !defined("IN_ADMINCP")) 259 { 260 if(email_already_in_use($user['email'], $user['uid'])) 261 { 262 $this->set_error('email_already_in_use'); 263 return false; 264 } 265 } 266 267 // If we have an "email2", verify it matches the existing email 268 if(isset($user['email2']) && $user['email'] != $user['email2']) 269 { 270 $this->set_error("emails_dont_match"); 271 return false; 272 } 273 274 return true; 275 } 276 277 /** 278 * Verifies if a website is valid or not. 279 * 280 * @return boolean True when valid, false when invalid. 281 */ 282 function verify_website() 283 { 284 $website = &$this->data['website']; 285 286 if(empty($website) || my_strtolower($website) == 'http://' || my_strtolower($website) == 'https://' || utf8_handle_4byte_string($website, false) == false) 287 { 288 $website = ''; 289 return true; 290 } 291 292 // Does the website start with http(s)://? 293 if(my_strtolower(substr($website, 0, 4)) != "http") 294 { 295 // Website does not start with http://, let's see if the user forgot. 296 $website = "http://".$website; 297 } 298 299 return true; 300 } 301 302 /** 303 * Verifies if an ICQ number is valid or not. 304 * 305 * @return boolean True when valid, false when invalid. 306 */ 307 function verify_icq() 308 { 309 $icq = &$this->data['icq']; 310 311 if($icq != '' && !is_numeric($icq)) 312 { 313 $this->set_error("invalid_icq_number"); 314 return false; 315 } 316 $icq = intval($icq); 317 return true; 318 } 319 320 /** 321 * Verifies if an MSN Messenger address is valid or not. 322 * 323 * @return boolean True when valid, false when invalid. 324 */ 325 function verify_msn() 326 { 327 $msn = &$this->data['msn']; 328 329 if($msn != '' && validate_email_format($msn) == false) 330 { 331 $this->set_error("invalid_msn_address"); 332 return false; 333 } 334 return true; 335 } 336 337 /** 338 * Verifies if a birthday is valid or not. 339 * 340 * @return boolean True when valid, false when invalid. 341 */ 342 function verify_birthday() 343 { 344 global $mybb; 345 346 $user = &$this->data; 347 $birthday = &$user['birthday']; 348 349 if(!is_array($birthday)) 350 { 351 return true; 352 } 353 354 // Sanitize any input we have 355 $birthday['day'] = intval($birthday['day']); 356 $birthday['month'] = intval($birthday['month']); 357 $birthday['year'] = intval($birthday['year']); 358 359 // Error if a day and month exists, and the birthday day and range is not in range 360 if($birthday['day'] != 0 || $birthday['month'] != 0) 361 { 362 if($birthday['day'] < 1 || $birthday['day'] > 31 || $birthday['month'] < 1 || $birthday['month'] > 12 || ($birthday['month'] == 2 && $birthday['day'] > 29)) 363 { 364 $this->set_error("invalid_birthday"); 365 return false; 366 } 367 } 368 369 // Check if the day actually exists. 370 $months = get_bdays($birthday['year']); 371 if($birthday['day'] > $months[$birthday['month']-1]) 372 { 373 $this->set_error("invalid_birthday"); 374 return false; 375 } 376 377 // Error if a year exists and the year is out of range 378 if($birthday['year'] != 0 && ($birthday['year'] < (date("Y")-100)) || $birthday['year'] > date("Y")) 379 { 380 $this->set_error("invalid_birthday"); 381 return false; 382 } 383 else if($birthday['year'] == date("Y")) 384 { 385 // Error if birth date is in future 386 if($birthday['month'] > date("m") || ($birthday['month'] == date("m") && $birthday['day'] > date("d"))) 387 { 388 $this->set_error("invalid_birthday"); 389 return false; 390 } 391 } 392 393 // Error if COPPA is on, and the user hasn't verified their age / under 13 394 if($mybb->settings['coppa'] == "enabled" && ($birthday['year'] == 0 || !$birthday['year'])) 395 { 396 $this->set_error("invalid_birthday_coppa"); 397 return false; 398 } 399 elseif($mybb->settings['coppa'] == "deny" && $birthday['year'] > (date("Y")-13)) 400 { 401 $this->set_error("invalid_birthday_coppa2"); 402 return false; 403 } 404 405 // Make the user's birthday field 406 if($birthday['year'] != 0) 407 { 408 // If the year is specified, put together a d-m-y string 409 $user['bday'] = $birthday['day']."-".$birthday['month']."-".$birthday['year']; 410 } 411 elseif($birthday['day'] && $birthday['month']) 412 { 413 // If only a day and month are specified, put together a d-m string 414 $user['bday'] = $birthday['day']."-".$birthday['month']."-"; 415 } 416 else 417 { 418 // No field is specified, so return an empty string for an unknown birthday 419 $user['bday'] = ''; 420 } 421 return true; 422 } 423 424 /** 425 * Verifies if the birthday privacy option is valid or not. 426 * 427 * @return boolean True when valid, false when invalid. 428 */ 429 function verify_birthday_privacy() 430 { 431 $birthdayprivacy = &$this->data['birthdayprivacy']; 432 $accepted = array( 433 'none', 434 'age', 435 'all'); 436 437 if(!in_array($birthdayprivacy, $accepted)) 438 { 439 $this->set_error("invalid_birthday_privacy"); 440 return false; 441 } 442 return true; 443 } 444 445 /** 446 * Verifies if the post count field is filled in correctly. 447 * 448 * @return boolean True when valid, false when invalid. 449 */ 450 function verify_postnum() 451 { 452 $user = &$this->data; 453 454 if($user['postnum'] < 0) 455 { 456 $this->set_error("invalid_postnum"); 457 return false; 458 } 459 460 return true; 461 } 462 463 /** 464 * Verifies if a profile fields are filled in correctly. 465 * 466 * @return boolean True when valid, false when invalid. 467 */ 468 function verify_profile_fields() 469 { 470 global $db; 471 472 $user = &$this->data; 473 $profile_fields = &$this->data['profile_fields']; 474 475 // Loop through profile fields checking if they exist or not and are filled in. 476 $userfields = array(); 477 $comma = ''; 478 $editable = ''; 479 480 if(!$this->data['profile_fields_editable']) 481 { 482 $editable = "editable=1"; 483 } 484 485 // Fetch all profile fields first. 486 $options = array( 487 'order_by' => 'disporder' 488 ); 489 $query = $db->simple_select('profilefields', 'name, type, fid, required, maxlength', $editable, $options); 490 491 // Then loop through the profile fields. 492 while($profilefield = $db->fetch_array($query)) 493 { 494 $profilefield['type'] = htmlspecialchars_uni($profilefield['type']); 495 $thing = explode("\n", $profilefield['type'], "2"); 496 $type = trim($thing[0]); 497 $field = "fid{$profilefield['fid']}"; 498 499 // If the profile field is required, but not filled in, present error. 500 if($type != "multiselect" && $type != "checkbox") 501 { 502 if(trim($profile_fields[$field]) == "" && $profilefield['required'] == 1 && !defined('IN_ADMINCP') && THIS_SCRIPT != "modcp.php") 503 { 504 $this->set_error('missing_required_profile_field', array($profilefield['name'])); 505 } 506 } 507 elseif(($type == "multiselect" || $type == "checkbox") && $profile_fields[$field] == "" && $profilefield['required'] == 1 && !defined('IN_ADMINCP') && THIS_SCRIPT != "modcp.php") 508 { 509 $this->set_error('missing_required_profile_field', array($profilefield['name'])); 510 } 511 512 // Sort out multiselect/checkbox profile fields. 513 $options = ''; 514 if(($type == "multiselect" || $type == "checkbox") && is_array($profile_fields[$field])) 515 { 516 $expoptions = explode("\n", $thing[1]); 517 $expoptions = array_map('trim', $expoptions); 518 foreach($profile_fields[$field] as $value) 519 { 520 if(!in_array(htmlspecialchars_uni($value), $expoptions)) 521 { 522 $this->set_error('bad_profile_field_values', array($profilefield['name'])); 523 } 524 if($options) 525 { 526 $options .= "\n"; 527 } 528 $options .= $db->escape_string($value); 529 } 530 } 531 elseif($type == "select" || $type == "radio") 532 { 533 $expoptions = explode("\n", $thing[1]); 534 $expoptions = array_map('trim', $expoptions); 535 if(!in_array(htmlspecialchars_uni($profile_fields[$field]), $expoptions) && trim($profile_fields[$field]) != "") 536 { 537 $this->set_error('bad_profile_field_values', array($profilefield['name'])); 538 } 539 $options = $db->escape_string($profile_fields[$field]); 540 } 541 elseif($type == "textarea") 542 { 543 if($profilefield['maxlength'] > 0 && my_strlen($profile_fields[$field]) > $profilefield['maxlength']) 544 { 545 $this->set_error('max_limit_reached', array($profilefield['name'], $profilefield['maxlength'])); 546 } 547 548 $profile_fields[$field] = utf8_handle_4byte_string($profile_fields[$field]); 549 550 $options = $db->escape_string($profile_fields[$field]); 551 } 552 else 553 { 554 $profile_fields[$field] = utf8_handle_4byte_string($profile_fields[$field]); 555 if($profilefield['maxlength'] > 0 && my_strlen($profile_fields[$field]) > $profilefield['maxlength']) 556 { 557 $this->set_error('max_limit_reached', array($profilefield['name'], $profilefield['maxlength'])); 558 } 559 560 $options = $db->escape_string($profile_fields[$field]); 561 } 562 $user['user_fields'][$field] = $options; 563 } 564 565 return true; 566 } 567 568 /** 569 * Verifies if an optionally entered referrer exists or not. 570 * 571 * @return boolean True when valid, false when invalid. 572 */ 573 function verify_referrer() 574 { 575 global $db, $mybb; 576 577 $user = &$this->data; 578 579 // Does the referrer exist or not? 580 if($mybb->settings['usereferrals'] == 1 && $user['referrer'] != '') 581 { 582 $query = $db->simple_select('users', 'uid', "username='".$db->escape_string($user['referrer'])."'", array('limit' => 1)); 583 $referrer = $db->fetch_array($query); 584 if(!$referrer['uid']) 585 { 586 $this->set_error('invalid_referrer', array($user['referrer'])); 587 return false; 588 } 589 } 590 $user['referrer_uid'] = $referrer['uid']; 591 592 return true; 593 } 594 595 /** 596 * Verifies user options. 597 * 598 * @return boolean True when valid, false when invalid. 599 */ 600 function verify_options() 601 { 602 global $mybb; 603 604 $options = &$this->data['options']; 605 606 // Verify yes/no options. 607 $this->verify_yesno_option($options, 'allownotices', 1); 608 $this->verify_yesno_option($options, 'hideemail', 0); 609 $this->verify_yesno_option($options, 'emailpmnotify', 0); 610 $this->verify_yesno_option($options, 'receivepms', 1); 611 $this->verify_yesno_option($options, 'receivefrombuddy', 0); 612 $this->verify_yesno_option($options, 'pmnotice', 1); 613 $this->verify_yesno_option($options, 'pmnotify', 1); 614 $this->verify_yesno_option($options, 'invisible', 0); 615 $this->verify_yesno_option($options, 'showsigs', 1); 616 $this->verify_yesno_option($options, 'showavatars', 1); 617 $this->verify_yesno_option($options, 'showquickreply', 1); 618 $this->verify_yesno_option($options, 'showredirect', 1); 619 620 if($mybb->settings['postlayout'] == 'classic') 621 { 622 $this->verify_yesno_option($options, 'classicpostbit', 1); 623 } 624 else 625 { 626 $this->verify_yesno_option($options, 'classicpostbit', 0); 627 } 628 629 if(array_key_exists('subscriptionmethod', $options)) 630 { 631 // Value out of range 632 $options['subscriptionmethod'] = intval($options['subscriptionmethod']); 633 if($options['subscriptionmethod'] < 0 || $options['subscriptionmethod'] > 2) 634 { 635 $options['subscriptionmethod'] = 0; 636 } 637 } 638 639 if(array_key_exists('dstcorrection', $options)) 640 { 641 // Value out of range 642 $options['dstcorrection'] = intval($options['dstcorrection']); 643 if($options['dstcorrection'] < 0 || $options['dstcorrection'] > 2) 644 { 645 $options['dstcorrection'] = 0; 646 } 647 } 648 649 if($options['dstcorrection'] == 1) 650 { 651 $options['dst'] = 1; 652 } 653 else if($options['dstcorrection'] == 0) 654 { 655 $options['dst'] = 0; 656 } 657 658 if(isset($options['showcodebuttons'])) 659 { 660 $options['showcodebuttons'] = intval($options['showcodebuttons']); 661 if($options['showcodebuttons'] != 0) 662 { 663 $options['showcodebuttons'] = 1; 664 } 665 } 666 else if($this->method == "insert") 667 { 668 $options['showcodebuttons'] = 1; 669 } 670 671 if($this->method == "insert" || (isset($options['threadmode']) && $options['threadmode'] != "linear" && $options['threadmode'] != "threaded")) 672 { 673 if($mybb->settings['threadusenetstyle']) 674 { 675 $options['threadmode'] = 'threaded'; 676 } 677 else 678 { 679 $options['threadmode'] = 'linear'; 680 } 681 } 682 683 // Verify the "threads per page" option. 684 if($this->method == "insert" || (array_key_exists('tpp', $options) && $mybb->settings['usertppoptions'])) 685 { 686 $explodedtpp = explode(",", $mybb->settings['usertppoptions']); 687 if(is_array($explodedtpp)) 688 { 689 @asort($explodedtpp); 690 $biggest = $explodedtpp[count($explodedtpp)-1]; 691 // Is the selected option greater than the allowed options? 692 if($options['tpp'] > $biggest) 693 { 694 $options['tpp'] = $biggest; 695 } 696 } 697 $options['tpp'] = intval($options['tpp']); 698 } 699 // Verify the "posts per page" option. 700 if($this->method == "insert" || (array_key_exists('ppp', $options) && $mybb->settings['userpppoptions'])) 701 { 702 $explodedppp = explode(",", $mybb->settings['userpppoptions']); 703 if(is_array($explodedppp)) 704 { 705 @asort($explodedppp); 706 $biggest = $explodedppp[count($explodedppp)-1]; 707 // Is the selected option greater than the allowed options? 708 if($options['ppp'] > $biggest) 709 { 710 $options['ppp'] = $biggest; 711 } 712 } 713 $options['ppp'] = intval($options['ppp']); 714 } 715 // Is our selected "days prune" option valid or not? 716 if($this->method == "insert" || array_key_exists('daysprune', $options)) 717 { 718 $options['daysprune'] = intval($options['daysprune']); 719 if($options['daysprune'] < 0) 720 { 721 $options['daysprune'] = 0; 722 } 723 } 724 $this->data['options'] = $options; 725 } 726 727 /** 728 * Verifies if a registration date is valid or not. 729 * 730 * @return boolean True when valid, false when invalid. 731 */ 732 function verify_regdate() 733 { 734 $regdate = &$this->data['regdate']; 735 736 $regdate = intval($regdate); 737 // If the timestamp is below 0, set it to the current time. 738 if($regdate <= 0) 739 { 740 $regdate = TIME_NOW; 741 } 742 return true; 743 } 744 745 /** 746 * Verifies if a last visit date is valid or not. 747 * 748 * @return boolean True when valid, false when invalid. 749 */ 750 function verify_lastvisit() 751 { 752 $lastvisit = &$this->data['lastvisit']; 753 754 $lastvisit = intval($lastvisit); 755 // If the timestamp is below 0, set it to the current time. 756 if($lastvisit <= 0) 757 { 758 $lastvisit = TIME_NOW; 759 } 760 return true; 761 762 } 763 764 /** 765 * Verifies if a last active date is valid or not. 766 * 767 * @return boolean True when valid, false when invalid. 768 */ 769 function verify_lastactive() 770 { 771 $lastactive = &$this->data['lastactive']; 772 773 $lastactive = intval($lastactive); 774 // If the timestamp is below 0, set it to the current time. 775 if($lastactive <= 0) 776 { 777 $lastactive = TIME_NOW; 778 } 779 return true; 780 781 } 782 783 /** 784 * Verifies if an away mode status is valid or not. 785 * 786 * @return boolean True when valid, false when invalid. 787 */ 788 function verify_away() 789 { 790 global $mybb; 791 792 $user = &$this->data; 793 // If the board does not allow "away mode" or the user is marking as not away, set defaults. 794 if($mybb->settings['allowaway'] == 0 || $user['away']['away'] != 1) 795 { 796 $user['away']['away'] = 0; 797 $user['away']['date'] = 0; 798 $user['away']['returndate'] = 0; 799 $user['away']['reason'] = ''; 800 return true; 801 } 802 else if($user['away']['returndate']) 803 { 804 list($returnday, $returnmonth, $returnyear) = explode('-', $user['away']['returndate']); 805 if(!$returnday || !$returnmonth || !$returnyear) 806 { 807 $this->set_error("missing_returndate"); 808 return false; 809 } 810 811 // Validate the return date lengths 812 $user['away']['returndate'] = substr($returnday, 0, 2).'-'.substr($returnmonth, 0, 2).'-'.substr($returnyear, 0, 4); 813 } 814 return true; 815 } 816 817 /** 818 * Verifies if a langage is valid for this user or not. 819 * 820 * @return boolean True when valid, false when invalid. 821 */ 822 function verify_language() 823 { 824 global $lang; 825 826 $language = &$this->data['language']; 827 828 // An invalid language has been specified? 829 if($language != '' && !$lang->language_exists($language)) 830 { 831 $this->set_error("invalid_language"); 832 return false; 833 } 834 return true; 835 } 836 837 /** 838 * Verifies if this is coming from a spam bot or not 839 * 840 * @return boolean True when valid, false when invalid. 841 */ 842 function verify_checkfields() 843 { 844 $user = &$this->data; 845 846 // An invalid language has been specified? 847 if($user['regcheck1'] !== "" || $user['regcheck2'] !== "true") 848 { 849 $this->set_error("invalid_checkfield"); 850 return false; 851 } 852 return true; 853 } 854 855 /** 856 * Validate all user assets. 857 * 858 * @return boolean True when valid, false when invalid. 859 */ 860 function validate_user() 861 { 862 global $mybb, $plugins; 863 864 $user = &$this->data; 865 866 // First, grab the old user details if this user exists 867 if($user['uid']) 868 { 869 $old_user = get_user($user['uid']); 870 } 871 872 if($this->method == "insert" || array_key_exists('username', $user)) 873 { 874 // If the username is the same - no need to verify 875 if(!$old_user['username'] || $user['username'] != $old_user['username']) 876 { 877 $this->verify_username(); 878 $this->verify_username_exists(); 879 } 880 else 881 { 882 unset($user['username']); 883 } 884 } 885 if($this->method == "insert" || array_key_exists('usertitle', $user)) 886 { 887 $this->verify_usertitle(); 888 } 889 if($this->method == "insert" || array_key_exists('password', $user)) 890 { 891 $this->verify_password(); 892 } 893 if($this->method == "insert" || array_key_exists('usergroup', $user)) 894 { 895 $this->verify_usergroup(); 896 } 897 if($this->method == "insert" || array_key_exists('email', $user)) 898 { 899 $this->verify_email(); 900 } 901 if($this->method == "insert" || array_key_exists('website', $user)) 902 { 903 $this->verify_website(); 904 } 905 if($this->method == "insert" || array_key_exists('icq', $user)) 906 { 907 $this->verify_icq(); 908 } 909 if($this->method == "insert" || array_key_exists('msn', $user)) 910 { 911 $this->verify_msn(); 912 } 913 if($this->method == "insert" || is_array($user['birthday'])) 914 { 915 $this->verify_birthday(); 916 } 917 if($this->method == "insert" || array_key_exists('postnum', $user)) 918 { 919 $this->verify_postnum(); 920 } 921 if($this->method == "insert" || array_key_exists('profile_fields', $user)) 922 { 923 $this->verify_profile_fields(); 924 } 925 if($this->method == "insert" || array_key_exists('referrer', $user)) 926 { 927 $this->verify_referrer(); 928 } 929 if($this->method == "insert" || array_key_exists('options', $user)) 930 { 931 $this->verify_options(); 932 } 933 if($this->method == "insert" || array_key_exists('regdate', $user)) 934 { 935 $this->verify_regdate(); 936 } 937 if($this->method == "insert" || array_key_exists('lastvisit', $user)) 938 { 939 $this->verify_lastvisit(); 940 } 941 if($this->method == "insert" || array_key_exists('lastactive', $user)) 942 { 943 $this->verify_lastactive(); 944 } 945 if($this->method == "insert" || array_key_exists('away', $user)) 946 { 947 $this->verify_away(); 948 } 949 if($this->method == "insert" || array_key_exists('language', $user)) 950 { 951 $this->verify_language(); 952 } 953 if($this->method == "insert" && array_key_exists('regcheck1', $user) && array_key_exists('regcheck2', $user)) 954 { 955 $this->verify_checkfields(); 956 } 957 if(array_key_exists('birthdayprivacy', $user)) 958 { 959 $this->verify_birthday_privacy(); 960 } 961 962 $plugins->run_hooks("datahandler_user_validate", $this); 963 964 // We are done validating, return. 965 $this->set_validated(true); 966 if(count($this->get_errors()) > 0) 967 { 968 return false; 969 } 970 else 971 { 972 return true; 973 } 974 } 975 976 /** 977 * Inserts a user into the database. 978 */ 979 function insert_user() 980 { 981 global $db, $cache, $plugins; 982 983 // Yes, validating is required. 984 if(!$this->get_validated()) 985 { 986 die("The user needs to be validated before inserting it into the DB."); 987 } 988 if(count($this->get_errors()) > 0) 989 { 990 die("The user is not valid."); 991 } 992 993 $user = &$this->data; 994 995 $this->user_insert_data = array( 996 "username" => $db->escape_string($user['username']), 997 "password" => $user['saltedpw'], 998 "salt" => $user['salt'], 999 "loginkey" => $user['loginkey'], 1000 "email" => $db->escape_string($user['email']), 1001 "postnum" => intval($user['postnum']), 1002 "avatar" => $db->escape_string($user['avatar']), 1003 "avatartype" => $db->escape_string($user['avatartype']), 1004 "usergroup" => intval($user['usergroup']), 1005 "additionalgroups" => $db->escape_string($user['additionalgroups']), 1006 "displaygroup" => intval($user['displaygroup']), 1007 "usertitle" => $db->escape_string(htmlspecialchars_uni($user['usertitle'])), 1008 "regdate" => intval($user['regdate']), 1009 "lastactive" => intval($user['lastactive']), 1010 "lastvisit" => intval($user['lastvisit']), 1011 "website" => $db->escape_string(htmlspecialchars_uni($user['website'])), 1012 "icq" => intval($user['icq']), 1013 "aim" => $db->escape_string(htmlspecialchars_uni($user['aim'])), 1014 "yahoo" => $db->escape_string(htmlspecialchars_uni($user['yahoo'])), 1015 "msn" => $db->escape_string(htmlspecialchars_uni($user['msn'])), 1016 "birthday" => $user['bday'], 1017 "signature" => $db->escape_string($user['signature']), 1018 "allownotices" => $user['options']['allownotices'], 1019 "hideemail" => $user['options']['hideemail'], 1020 "subscriptionmethod" => intval($user['options']['subscriptionmethod']), 1021 "receivepms" => $user['options']['receivepms'], 1022 "receivefrombuddy" => $user['options']['receivefrombuddy'], 1023 "pmnotice" => $user['options']['pmnotice'], 1024 "pmnotify" => $user['options']['emailpmnotify'], 1025 "showsigs" => $user['options']['showsigs'], 1026 "showavatars" => $user['options']['showavatars'], 1027 "showquickreply" => $user['options']['showquickreply'], 1028 "showredirect" => $user['options']['showredirect'], 1029 "tpp" => intval($user['options']['tpp']), 1030 "ppp" => intval($user['options']['ppp']), 1031 "invisible" => $user['options']['invisible'], 1032 "style" => intval($user['style']), 1033 "timezone" => $db->escape_string($user['timezone']), 1034 "dstcorrection" => intval($user['options']['dstcorrection']), 1035 "threadmode" => $user['options']['threadmode'], 1036 "daysprune" => intval($user['options']['daysprune']), 1037 "dateformat" => $db->escape_string($user['dateformat']), 1038 "timeformat" => $db->escape_string($user['timeformat']), 1039 "regip" => $db->escape_string($user['regip']), 1040 "longregip" => intval(my_ip2long($user['regip'])), 1041 "language" => $db->escape_string($user['language']), 1042 "showcodebuttons" => $user['options']['showcodebuttons'], 1043 "away" => $user['away']['away'], 1044 "awaydate" => $user['away']['date'], 1045 "returndate" => $user['away']['returndate'], 1046 "awayreason" => $db->escape_string($user['away']['awayreason']), 1047 "notepad" => $db->escape_string($user['notepad']), 1048 "referrer" => intval($user['referrer_uid']), 1049 "referrals" => 0, 1050 "buddylist" => '', 1051 "ignorelist" => '', 1052 "pmfolders" => '', 1053 "notepad" => '', 1054 "warningpoints" => 0, 1055 "moderateposts" => 0, 1056 "moderationtime" => 0, 1057 "suspendposting" => 0, 1058 "suspensiontime" => 0, 1059 "coppauser" => intval($user['coppa_user']), 1060 "classicpostbit" => $user['options']['classicpostbit'], 1061 "usernotes" => '' 1062 ); 1063 1064 if($user['options']['dstcorrection'] == 1) 1065 { 1066 $this->user_insert_data['dst'] = 1; 1067 } 1068 else if($user['options']['dstcorrection'] == 0) 1069 { 1070 $this->user_insert_data['dst'] = 0; 1071 } 1072 1073 $plugins->run_hooks("datahandler_user_insert", $this); 1074 1075 $this->uid = $db->insert_query("users", $this->user_insert_data); 1076 1077 $user['user_fields']['ufid'] = $this->uid; 1078 1079 $query = $db->simple_select("profilefields", "fid"); 1080 while($profile_field = $db->fetch_array($query)) 1081 { 1082 if(array_key_exists("fid{$profile_field['fid']}", $user['user_fields'])) 1083 { 1084 continue; 1085 } 1086 $user['user_fields']["fid{$profile_field['fid']}"] = ''; 1087 } 1088 1089 $db->insert_query("userfields", $user['user_fields'], false); 1090 1091 if($this->user_insert_data['referrer'] != 0) 1092 { 1093 $db->write_query(" 1094 UPDATE ".TABLE_PREFIX."users 1095 SET referrals=referrals+1 1096 WHERE uid='{$this->user_insert_data['referrer']}' 1097 "); 1098 } 1099 1100 // Update forum stats 1101 update_stats(array('numusers' => '+1')); 1102 1103 return array( 1104 "uid" => $this->uid, 1105 "username" => $user['username'], 1106 "loginkey" => $user['loginkey'], 1107 "email" => $user['email'], 1108 "password" => $user['password'], 1109 "usergroup" => $user['usergroup'] 1110 ); 1111 } 1112 1113 /** 1114 * Updates a user in the database. 1115 */ 1116 function update_user() 1117 { 1118 global $db, $plugins, $cache; 1119 1120 // Yes, validating is required. 1121 if(!$this->get_validated()) 1122 { 1123 die("The user needs to be validated before inserting it into the DB."); 1124 } 1125 if(count($this->get_errors()) > 0) 1126 { 1127 die("The user is not valid."); 1128 } 1129 1130 $user = &$this->data; 1131 $user['uid'] = intval($user['uid']); 1132 $this->uid = $user['uid']; 1133 1134 // Set up the update data. 1135 if(isset($user['username'])) 1136 { 1137 $this->user_update_data['username'] = $db->escape_string($user['username']); 1138 } 1139 if(isset($user['saltedpw'])) 1140 { 1141 $this->user_update_data['password'] = $user['saltedpw']; 1142 $this->user_update_data['salt'] = $user['salt']; 1143 $this->user_update_data['loginkey'] = $user['loginkey']; 1144 } 1145 if(isset($user['email'])) 1146 { 1147 $this->user_update_data['email'] = $user['email']; 1148 } 1149 if(isset($user['postnum'])) 1150 { 1151 $this->user_update_data['postnum'] = intval($user['postnum']); 1152 } 1153 if(isset($user['avatar'])) 1154 { 1155 $this->user_update_data['avatar'] = $db->escape_string($user['avatar']); 1156 $this->user_update_data['avatartype'] = $db->escape_string($user['avatartype']); 1157 } 1158 if(isset($user['usergroup'])) 1159 { 1160 $this->user_update_data['usergroup'] = intval($user['usergroup']); 1161 } 1162 if(isset($user['additionalgroups'])) 1163 { 1164 $this->user_update_data['additionalgroups'] = $db->escape_string($user['additionalgroups']); 1165 } 1166 if(isset($user['displaygroup'])) 1167 { 1168 $this->user_update_data['displaygroup'] = intval($user['displaygroup']); 1169 } 1170 if(isset($user['usertitle'])) 1171 { 1172 $this->user_update_data['usertitle'] = $db->escape_string(htmlspecialchars_uni($user['usertitle'])); 1173 } 1174 if(isset($user['regdate'])) 1175 { 1176 $this->user_update_data['regdate'] = intval($user['regdate']); 1177 } 1178 if(isset($user['lastactive'])) 1179 { 1180 $this->user_update_data['lastactive'] = intval($user['lastactive']); 1181 } 1182 if(isset($user['lastvisit'])) 1183 { 1184 $this->user_update_data['lastvisit'] = intval($user['lastvisit']); 1185 } 1186 if(isset($user['signature'])) 1187 { 1188 $this->user_update_data['signature'] = $db->escape_string($user['signature']); 1189 } 1190 if(isset($user['website'])) 1191 { 1192 $this->user_update_data['website'] = $db->escape_string(htmlspecialchars_uni($user['website'])); 1193 } 1194 if(isset($user['icq'])) 1195 { 1196 $this->user_update_data['icq'] = intval($user['icq']); 1197 } 1198 if(isset($user['aim'])) 1199 { 1200 $this->user_update_data['aim'] = $db->escape_string(htmlspecialchars_uni($user['aim'])); 1201 } 1202 if(isset($user['yahoo'])) 1203 { 1204 $this->user_update_data['yahoo'] = $db->escape_string(htmlspecialchars_uni($user['yahoo'])); 1205 } 1206 if(isset($user['msn'])) 1207 { 1208 $this->user_update_data['msn'] = $db->escape_string(htmlspecialchars_uni($user['msn'])); 1209 } 1210 if(isset($user['bday'])) 1211 { 1212 $this->user_update_data['birthday'] = $user['bday']; 1213 } 1214 if(isset($user['birthdayprivacy'])) 1215 { 1216 $this->user_update_data['birthdayprivacy'] = $db->escape_string($user['birthdayprivacy']); 1217 } 1218 if(isset($user['style'])) 1219 { 1220 $this->user_update_data['style'] = intval($user['style']); 1221 } 1222 if(isset($user['timezone'])) 1223 { 1224 $this->user_update_data['timezone'] = $db->escape_string($user['timezone']); 1225 } 1226 if(isset($user['dateformat'])) 1227 { 1228 $this->user_update_data['dateformat'] = $db->escape_string($user['dateformat']); 1229 } 1230 if(isset($user['timeformat'])) 1231 { 1232 $this->user_update_data['timeformat'] = $db->escape_string($user['timeformat']); 1233 } 1234 if(isset($user['regip'])) 1235 { 1236 $this->user_update_data['regip'] = $db->escape_string($user['regip']); 1237 } 1238 if(isset($user['language'])) 1239 { 1240 $this->user_update_data['language'] = $db->escape_string($user['language']); 1241 } 1242 if(isset($user['away'])) 1243 { 1244 $this->user_update_data['away'] = $user['away']['away']; 1245 $this->user_update_data['awaydate'] = $db->escape_string($user['away']['date']); 1246 $this->user_update_data['returndate'] = $db->escape_string($user['away']['returndate']); 1247 $this->user_update_data['awayreason'] = $db->escape_string($user['away']['awayreason']); 1248 } 1249 if(isset($user['notepad'])) 1250 { 1251 $this->user_update_data['notepad'] = $db->escape_string($user['notepad']); 1252 } 1253 if(isset($user['usernotes'])) 1254 { 1255 $this->user_update_data['usernotes'] = $db->escape_string($user['usernotes']); 1256 } 1257 if(is_array($user['options'])) 1258 { 1259 foreach($user['options'] as $option => $value) 1260 { 1261 $this->user_update_data[$option] = $value; 1262 } 1263 } 1264 if(array_key_exists('coppa_user', $user)) 1265 { 1266 $this->user_update_data['coppauser'] = intval($user['coppa_user']); 1267 } 1268 // First, grab the old user details for later use. 1269 $old_user = get_user($user['uid']); 1270 1271 // If old user has new pmnotice and new user has = yes, keep old value 1272 if($old_user['pmnotice'] == "2" && $this->user_update_data['pmnotice'] == 1) 1273 { 1274 unset($this->user_update_data['pmnotice']); 1275 } 1276 1277 $plugins->run_hooks("datahandler_user_update", $this); 1278 1279 if(count($this->user_update_data) < 1 && empty($user['user_fields'])) 1280 { 1281 return false; 1282 } 1283 1284 if(count($this->user_update_data) > 0) 1285 { 1286 // Actual updating happens here. 1287 $db->update_query("users", $this->user_update_data, "uid='{$user['uid']}'"); 1288 } 1289 1290 $cache->update_moderators(); 1291 if(isset($user['bday']) || isset($user['username'])) 1292 { 1293 $cache->update_birthdays(); 1294 } 1295 1296 // Maybe some userfields need to be updated? 1297 if(is_array($user['user_fields'])) 1298 { 1299 $query = $db->simple_select("userfields", "*", "ufid='{$user['uid']}'"); 1300 $fields = $db->fetch_array($query); 1301 if(!$fields['ufid']) 1302 { 1303 $user_fields = array( 1304 'ufid' => $user['uid'] 1305 ); 1306 1307 $fields_array = $db->show_fields_from("userfields"); 1308 foreach($fields_array as $field) 1309 { 1310 if($field['Field'] == 'ufid') 1311 { 1312 continue; 1313 } 1314 $user_fields[$field['Field']] = ''; 1315 } 1316 $db->insert_query("userfields", $user_fields); 1317 } 1318 $db->update_query("userfields", $user['user_fields'], "ufid='{$user['uid']}'", false); 1319 } 1320 1321 // Let's make sure the user's name gets changed everywhere in the db if it changed. 1322 if($this->user_update_data['username'] != $old_user['username'] && $this->user_update_data['username'] != '') 1323 { 1324 $username_update = array( 1325 "username" => $this->user_update_data['username'] 1326 ); 1327 $lastposter_update = array( 1328 "lastposter" => $this->user_update_data['username'] 1329 ); 1330 1331 $db->update_query("posts", $username_update, "uid='{$user['uid']}'"); 1332 $db->update_query("threads", $username_update, "uid='{$user['uid']}'"); 1333 $db->update_query("threads", $lastposter_update, "lastposteruid='{$user['uid']}'"); 1334 $db->update_query("forums", $lastposter_update, "lastposteruid='{$user['uid']}'"); 1335 1336 $stats = $cache->read("stats"); 1337 if($stats['lastuid'] == $user['uid']) 1338 { 1339 // User was latest to register, update stats 1340 update_stats(array("numusers" => "+0")); 1341 } 1342 } 1343 } 1344 } 1345 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Tue Oct 8 19:19:50 2013 | Cross-referenced by PHPXref 0.7.1 |