| [ Index ] |
PHP Cross Reference of MyBB |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * MyBB 1.6 4 * Copyright 2010 MyBB Group, All Rights Reserved 5 * 6 * Website: http://mybb.com 7 * License: http://mybb.com/about/license 8 * 9 * $Id$ 10 */ 11 12 /** 13 * Checks if a user with uid $uid exists in the database. 14 * 15 * @param int The uid to check for. 16 * @return boolean True when exists, false when not. 17 */ 18 function user_exists($uid) 19 { 20 global $db; 21 22 $query = $db->simple_select("users", "COUNT(*) as user", "uid='".intval($uid)."'", array('limit' => 1)); 23 if($db->fetch_field($query, 'user') == 1) 24 { 25 return true; 26 } 27 else 28 { 29 return false; 30 } 31 } 32 33 /** 34 * Checks if $username already exists in the database. 35 * 36 * @param string The username for check for. 37 * @return boolean True when exists, false when not. 38 */ 39 function username_exists($username) 40 { 41 global $db; 42 43 $username = $db->escape_string(my_strtolower($username)); 44 $query = $db->simple_select("users", "COUNT(*) as user", "LOWER(username)='".$username."' OR LOWER(email)='".$username."'", array('limit' => 1)); 45 46 if($db->fetch_field($query, 'user') == 1) 47 { 48 return true; 49 } 50 else 51 { 52 return false; 53 } 54 } 55 56 /** 57 * Checks a password with a supplied username. 58 * 59 * @param string The username of the user. 60 * @param string The plain-text password. 61 * @return boolean|array False when no match, array with user info when match. 62 */ 63 function validate_password_from_username($username, $password) 64 { 65 global $db, $mybb; 66 67 $username = $db->escape_string(my_strtolower($username)); 68 switch($mybb->settings['username_method']) 69 { 70 case 0: 71 $query = $db->simple_select("users", "uid,username,password,salt,loginkey,coppauser,usergroup", "LOWER(username)='".$username."'", array('limit' => 1)); 72 break; 73 case 1: 74 $query = $db->simple_select("users", "uid,username,password,salt,loginkey,coppauser,usergroup", "LOWER(email)='".$username."'", array('limit' => 1)); 75 break; 76 case 2: 77 $query = $db->simple_select("users", "uid,username,password,salt,loginkey,coppauser,usergroup", "LOWER(username)='".$username."' OR LOWER(email)='".$username."'", array('limit' => 1)); 78 break; 79 default: 80 $query = $db->simple_select("users", "uid,username,password,salt,loginkey,coppauser,usergroup", "LOWER(username)='".$username."'", array('limit' => 1)); 81 break; 82 } 83 84 $user = $db->fetch_array($query); 85 if(!$user['uid']) 86 { 87 return false; 88 } 89 else 90 { 91 return validate_password_from_uid($user['uid'], $password, $user); 92 } 93 } 94 95 /** 96 * Checks a password with a supplied uid. 97 * 98 * @param int The user id. 99 * @param string The plain-text password. 100 * @param string An optional user data array. 101 * @return boolean|array False when not valid, user data array when valid. 102 */ 103 function validate_password_from_uid($uid, $password, $user = array()) 104 { 105 global $db, $mybb; 106 if(isset($mybb->user['uid']) && $mybb->user['uid'] == $uid) 107 { 108 $user = $mybb->user; 109 } 110 if(!$user['password']) 111 { 112 $query = $db->simple_select("users", "uid,username,password,salt,loginkey,usergroup", "uid='".intval($uid)."'", array('limit' => 1)); 113 $user = $db->fetch_array($query); 114 } 115 if(!$user['salt']) 116 { 117 // Generate a salt for this user and assume the password stored in db is a plain md5 password 118 $user['salt'] = generate_salt(); 119 $user['password'] = salt_password($user['password'], $user['salt']); 120 $sql_array = array( 121 "salt" => $user['salt'], 122 "password" => $user['password'] 123 ); 124 $db->update_query("users", $sql_array, "uid='".$user['uid']."'", 1); 125 } 126 127 if(!$user['loginkey']) 128 { 129 $user['loginkey'] = generate_loginkey(); 130 $sql_array = array( 131 "loginkey" => $user['loginkey'] 132 ); 133 $db->update_query("users", $sql_array, "uid = ".$user['uid'], 1); 134 } 135 if(salt_password(md5($password), $user['salt']) == $user['password']) 136 { 137 return $user; 138 } 139 else 140 { 141 return false; 142 } 143 } 144 145 /** 146 * Updates a user's password. 147 * 148 * @param int The user's id. 149 * @param string The md5()'ed password. 150 * @param string (Optional) The salt of the user. 151 * @return array The new password. 152 */ 153 function update_password($uid, $password, $salt="") 154 { 155 global $db, $plugins; 156 157 $newpassword = array(); 158 159 // If no salt was specified, check in database first, if still doesn't exist, create one 160 if(!$salt) 161 { 162 $query = $db->simple_select("users", "salt", "uid='$uid'", array('limit' => 1)); 163 $user = $db->fetch_array($query); 164 if($user['salt']) 165 { 166 $salt = $user['salt']; 167 } 168 else 169 { 170 $salt = generate_salt(); 171 } 172 $newpassword['salt'] = $salt; 173 } 174 175 // Create new password based on salt 176 $saltedpw = salt_password($password, $salt); 177 178 // Generate new login key 179 $loginkey = generate_loginkey(); 180 181 // Update password and login key in database 182 $newpassword['password'] = $saltedpw; 183 $newpassword['loginkey'] = $loginkey; 184 $db->update_query("users", $newpassword, "uid='$uid'", 1); 185 186 $plugins->run_hooks("password_changed"); 187 188 return $newpassword; 189 } 190 191 /** 192 * Salts a password based on a supplied salt. 193 * 194 * @param string The md5()'ed password. 195 * @param string The salt. 196 * @return string The password hash. 197 */ 198 function salt_password($password, $salt) 199 { 200 return md5(md5($salt).$password); 201 } 202 203 /** 204 * Generates a random salt 205 * 206 * @return string The salt. 207 */ 208 function generate_salt() 209 { 210 return random_str(8); 211 } 212 213 /** 214 * Generates a 50 character random login key. 215 * 216 * @return string The login key. 217 */ 218 function generate_loginkey() 219 { 220 return random_str(50); 221 } 222 223 /** 224 * Updates a user's salt in the database (does not update a password). 225 * 226 * @param int The uid of the user to update. 227 * @return string The new salt. 228 */ 229 function update_salt($uid) 230 { 231 global $db; 232 233 $salt = generate_salt(); 234 $sql_array = array( 235 "salt" => $salt 236 ); 237 $db->update_query("users", $sql_array, "uid='{$uid}'", 1); 238 239 return $salt; 240 } 241 242 /** 243 * Generates a new login key for a user. 244 * 245 * @param int The uid of the user to update. 246 * @return string The new login key. 247 */ 248 function update_loginkey($uid) 249 { 250 global $db; 251 252 $loginkey = generate_loginkey(); 253 $sql_array = array( 254 "loginkey" => $loginkey 255 ); 256 $db->update_query("users", $sql_array, "uid='{$uid}'", 1); 257 258 return $loginkey; 259 260 } 261 262 /** 263 * Adds a thread to a user's thread subscription list. 264 * If no uid is supplied, the currently logged in user's id will be used. 265 * 266 * @param int The tid of the thread to add to the list. 267 * @param int (Optional) The type of notification to receive for replies (0=none, 1=instant) 268 * @param int (Optional) The uid of the user who's list to update. 269 * @return boolean True when success, false when otherwise. 270 */ 271 function add_subscribed_thread($tid, $notification=1, $uid="") 272 { 273 global $mybb, $db; 274 275 if(!$uid) 276 { 277 $uid = $mybb->user['uid']; 278 } 279 280 if(!$uid) 281 { 282 return; 283 } 284 285 $query = $db->simple_select("threadsubscriptions", "*", "tid='".intval($tid)."' AND uid='".intval($uid)."'", array('limit' => 1)); 286 $subscription = $db->fetch_array($query); 287 if(!$subscription['tid']) 288 { 289 $insert_array = array( 290 'uid' => intval($uid), 291 'tid' => intval($tid), 292 'notification' => intval($notification), 293 'dateline' => TIME_NOW, 294 'subscriptionkey' => md5(TIME_NOW.$uid.$tid) 295 296 ); 297 $db->insert_query("threadsubscriptions", $insert_array); 298 } 299 else 300 { 301 // Subscription exists - simply update notification 302 $update_array = array( 303 "notification" => intval($notification) 304 ); 305 $db->update_query("threadsubscriptions", $update_array, "uid='{$uid}' AND tid='{$tid}'"); 306 } 307 return true; 308 } 309 310 /** 311 * Remove a thread from a user's thread subscription list. 312 * If no uid is supplied, the currently logged in user's id will be used. 313 * 314 * @param int The tid of the thread to remove from the list. 315 * @param int (Optional) The uid of the user who's list to update. 316 * @return boolean True when success, false when otherwise. 317 */ 318 function remove_subscribed_thread($tid, $uid="") 319 { 320 global $mybb, $db; 321 322 if(!$uid) 323 { 324 $uid = $mybb->user['uid']; 325 } 326 327 if(!$uid) 328 { 329 return; 330 } 331 $db->delete_query("threadsubscriptions", "tid='".$tid."' AND uid='{$uid}'"); 332 333 return true; 334 } 335 336 /** 337 * Adds a forum to a user's forum subscription list. 338 * If no uid is supplied, the currently logged in user's id will be used. 339 * 340 * @param int The fid of the forum to add to the list. 341 * @param int (Optional) The uid of the user who's list to update. 342 * @return boolean True when success, false when otherwise. 343 */ 344 function add_subscribed_forum($fid, $uid="") 345 { 346 global $mybb, $db; 347 348 if(!$uid) 349 { 350 $uid = $mybb->user['uid']; 351 } 352 353 if(!$uid) 354 { 355 return; 356 } 357 358 $fid = intval($fid); 359 $uid = intval($uid); 360 361 $query = $db->simple_select("forumsubscriptions", "*", "fid='".$fid."' AND uid='{$uid}'", array('limit' => 1)); 362 $fsubscription = $db->fetch_array($query); 363 if(!$fsubscription['fid']) 364 { 365 $insert_array = array( 366 'fid' => $fid, 367 'uid' => $uid 368 ); 369 $db->insert_query("forumsubscriptions", $insert_array); 370 } 371 372 return true; 373 } 374 375 /** 376 * Removes a forum from a user's forum subscription list. 377 * If no uid is supplied, the currently logged in user's id will be used. 378 * 379 * @param int The fid of the forum to remove from the list. 380 * @param int (Optional) The uid of the user who's list to update. 381 * @return boolean True when success, false when otherwise. 382 */ 383 function remove_subscribed_forum($fid, $uid="") 384 { 385 global $mybb, $db; 386 387 if(!$uid) 388 { 389 $uid = $mybb->user['uid']; 390 } 391 392 if(!$uid) 393 { 394 return; 395 } 396 $db->delete_query("forumsubscriptions", "fid='".$fid."' AND uid='{$uid}'"); 397 398 return true; 399 } 400 401 /** 402 * Constructs the usercp navigation menu. 403 * 404 */ 405 function usercp_menu() 406 { 407 global $mybb, $templates, $theme, $plugins, $lang, $usercpnav, $usercpmenu; 408 409 $lang->load("usercpnav"); 410 411 // Add the default items as plugins with separated priorities of 10 412 if($mybb->settings['enablepms'] != 0) 413 { 414 $plugins->add_hook("usercp_menu", "usercp_menu_messenger", 10); 415 } 416 417 $plugins->add_hook("usercp_menu", "usercp_menu_profile", 20); 418 $plugins->add_hook("usercp_menu", "usercp_menu_misc", 30); 419 420 // Run the plugin hooks 421 $plugins->run_hooks("usercp_menu"); 422 global $usercpmenu; 423 424 eval("\$usercpnav = \"".$templates->get("usercp_nav")."\";"); 425 426 $plugins->run_hooks("usercp_menu_built"); 427 } 428 429 /** 430 * Constructs the usercp messenger menu. 431 * 432 */ 433 function usercp_menu_messenger() 434 { 435 global $db, $mybb, $templates, $theme, $usercpmenu, $lang, $collapsed, $collapsedimg; 436 437 $usercp_nav_messenger = $templates->get("usercp_nav_messenger"); 438 // Hide tracking link if no permission 439 $tracking = ''; 440 if($mybb->usergroup['cantrackpms']) 441 { 442 $tracking = $templates->get("usercp_nav_messenger_tracking"); 443 } 444 eval("\$ucp_nav_tracking = \"". $tracking ."\";"); 445 446 $folderlinks = ''; 447 $foldersexploded = explode("$%%$", $mybb->user['pmfolders']); 448 foreach($foldersexploded as $key => $folders) 449 { 450 $folderinfo = explode("**", $folders, 2); 451 $folderinfo[1] = get_pm_folder_name($folderinfo[0], $folderinfo[1]); 452 if($folderinfo[0] == 4) 453 { 454 $class = "usercp_nav_trash_pmfolder"; 455 } 456 else if($folderlinks) 457 { 458 $class = "usercp_nav_sub_pmfolder"; 459 } 460 else 461 { 462 $class = "usercp_nav_pmfolder"; 463 } 464 465 $folderlinks .= "<div><a href=\"private.php?fid=$folderinfo[0]\" class=\"usercp_nav_item {$class}\">$folderinfo[1]</a></div>\n"; 466 } 467 468 eval("\$usercpmenu .= \"".$usercp_nav_messenger."\";"); 469 } 470 471 /** 472 * Constructs the usercp profile menu. 473 * 474 */ 475 function usercp_menu_profile() 476 { 477 global $db, $mybb, $templates, $theme, $usercpmenu, $lang, $collapsed, $collapsedimg; 478 479 if($mybb->usergroup['canchangename'] != 0) 480 { 481 eval("\$changenameop = \"".$templates->get("usercp_nav_changename")."\";"); 482 } 483 484 if($mybb->usergroup['canusesig'] == 1 && ($mybb->usergroup['canusesigxposts'] == 0 || $mybb->usergroup['canusesigxposts'] > 0 && $mybb->user['postnum'] > $mybb->usergroup['canusesigxposts'])) 485 { 486 if($mybb->user['suspendsignature'] == 0 || $mybb->user['suspendsignature'] == 1 && $mybb->user['suspendsigtime'] > 0 && $mybb->user['suspendsigtime'] < TIME_NOW) 487 { 488 eval("\$changesigop = \"".$templates->get("usercp_nav_editsignature")."\";"); 489 } 490 } 491 492 eval("\$usercpmenu .= \"".$templates->get("usercp_nav_profile")."\";"); 493 } 494 495 /** 496 * Constructs the usercp misc menu. 497 * 498 */ 499 function usercp_menu_misc() 500 { 501 global $db, $mybb, $templates, $theme, $usercpmenu, $lang, $collapsed, $collapsedimg; 502 503 $draftstart = $draftend = $draftcount = ''; 504 505 $query = $db->simple_select("posts", "COUNT(*) AS draftcount", "visible='-2' AND uid='".$mybb->user['uid']."'"); 506 $count = $db->fetch_array($query); 507 508 if($count['draftcount'] > 0) 509 { 510 $draftstart = "<strong>"; 511 $draftend = "</strong>"; 512 $draftcount = "(".my_number_format($count['draftcount']).")"; 513 } 514 515 $profile_link = get_profile_link($mybb->user['uid']); 516 eval("\$usercpmenu .= \"".$templates->get("usercp_nav_misc")."\";"); 517 } 518 519 /** 520 * Gets the usertitle for a specific uid. 521 * 522 * @param int The uid of the user to get the usertitle of. 523 * @return string The usertitle of the user. 524 */ 525 function get_usertitle($uid="") 526 { 527 global $db, $mybb; 528 529 if($mybb->user['uid'] == $uid) 530 { 531 $user = $mybb->user; 532 } 533 else 534 { 535 $query = $db->simple_select("users", "usertitle,postnum", "uid='$uid'", array('limit' => 1)); 536 $user = $db->fetch_array($query); 537 } 538 539 if($user['usertitle']) 540 { 541 return $user['usertitle']; 542 } 543 else 544 { 545 $query = $db->simple_select("usertitles", "title", "posts<='".$user['postnum']."'", array('order_by' => 'posts', 'order_dir' => 'desc')); 546 $usertitle = $db->fetch_array($query); 547 548 return $usertitle['title']; 549 } 550 } 551 552 /** 553 * Updates a users private message count in the users table with the number of pms they have. 554 * 555 * @param int The user id to update the count for. If none, assumes currently logged in user. 556 * @param int Bitwise value for what to update. 1 = total, 2 = new, 4 = unread. Combinations accepted. 557 * @param int The unix timestamp the user with uid last visited. If not specified, will be queried. 558 */ 559 function update_pm_count($uid=0, $count_to_update=7) 560 { 561 global $db, $mybb; 562 static $pm_lastvisit_cache; 563 564 // If no user id, assume that we mean the current logged in user. 565 if(intval($uid) == 0) 566 { 567 $uid = $mybb->user['uid']; 568 } 569 570 $uid = intval($uid); 571 $pmcount = array(); 572 if($uid == 0) 573 { 574 return $pmcount; 575 } 576 577 // Update total number of messages. 578 if($count_to_update & 1) 579 { 580 $query = $db->simple_select("privatemessages", "COUNT(pmid) AS pms_total", "uid='".$uid."'"); 581 $total = $db->fetch_array($query); 582 $pmcount['totalpms'] = $total['pms_total']; 583 } 584 585 // Update number of unread messages. 586 if($count_to_update & 2 && $db->field_exists("unreadpms", "users") == true) 587 { 588 $query = $db->simple_select("privatemessages", "COUNT(pmid) AS pms_unread", "uid='".$uid."' AND status='0' AND folder='1'"); 589 $unread = $db->fetch_array($query); 590 $pmcount['unreadpms'] = $unread['pms_unread']; 591 } 592 593 if(!empty($pmcount)) 594 { 595 $db->update_query("users", $pmcount, "uid='".$uid."'"); 596 } 597 return $pmcount; 598 } 599 600 /** 601 * Return the language specific name for a PM folder. 602 * 603 * @param int The ID of the folder. 604 * @param string The folder name - can be blank, will use language default. 605 * @return string The name of the folder. 606 */ 607 function get_pm_folder_name($fid, $name="") 608 { 609 global $lang; 610 611 if($name != '') 612 { 613 return $name; 614 } 615 616 switch($fid) 617 { 618 case 1; 619 return $lang->folder_inbox; 620 break; 621 case 2: 622 return $lang->folder_sent_items; 623 break; 624 case 3: 625 return $lang->folder_drafts; 626 break; 627 case 4: 628 return $lang->folder_trash; 629 break; 630 default: 631 return $lang->folder_untitled; 632 } 633 } 634 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Tue Oct 8 19:19:50 2013 | Cross-referenced by PHPXref 0.7.1 |