| Zeile 3 | Zeile 3 |
|---|
* MyBB 1.2
* Copyright � 2006 MyBB Group, All Rights Reserved
*
|
* MyBB 1.2
* Copyright � 2006 MyBB Group, All Rights Reserved
*
|
* Website: http://www.mybboard.com
* License: http://www.mybboard.com/eula.html
| * Website: http://www.mybboard.net
* License: http://www.mybboard.net/eula.html
|
*
|
*
|
* $Id: user.php 2458 2006-11-29 07:27:32Z chris $
| * $Id: user.php 3856 2008-05-20 23:35:25Z Tikitiki $
|
*/
|
*/
|
| |
// Disallow direct access to this file for security reasons
if(!defined("IN_MYBB"))
{
die("Direct initialization of this file is not allowed.<br /><br />Please make sure IN_MYBB is defined.");
}
|
/**
* User handling class, provides common structure to handle user data.
|
/**
* User handling class, provides common structure to handle user data.
|
| Zeile 56 | Zeile 62 |
|---|
* @param boolean True when valid, false when invalid.
*/
function verify_username()
|
* @param boolean True when valid, false when invalid.
*/
function verify_username()
|
{
global $mybb;
| {
global $mybb;
|
$username = &$this->data['username'];
require_once MYBB_ROOT.'inc/functions_user.php';
// Fix bad characters
|
$username = &$this->data['username'];
require_once MYBB_ROOT.'inc/functions_user.php';
// Fix bad characters
|
$username = str_replace(array(chr(160), chr(173)), array(" ", "-"), $username);
| $username = trim($username);
$username = str_replace(array(unicode_chr(160), unicode_chr(173), unicode_chr(0xCA), dec_to_utf8(8238), dec_to_utf8(8237)), array(" ", "-", "", "", ""), $username);
|
// Remove multiple spaces from the username
$username = preg_replace("#\s{2,}#", " ", $username);
// Check if the username is not empty.
|
// Remove multiple spaces from the username
$username = preg_replace("#\s{2,}#", " ", $username);
// Check if the username is not empty.
|
if(trim($username) == '')
| if($username == '')
|
{
$this->set_error('missing_username');
return false;
}
// Check if the username belongs to the list of banned usernames.
|
{
$this->set_error('missing_username');
return false;
}
// Check if the username belongs to the list of banned usernames.
|
$bannedusernames = get_banned_usernames();
if(in_array($username, $bannedusernames))
| if(is_banned_username($username))
|
{
$this->set_error('banned_username');
return false;
| {
$this->set_error('banned_username');
return false;
|
| Zeile 91 | Zeile 97 |
|---|
}
// Check if the username is of the correct length.
|
}
// Check if the username is of the correct length.
|
if(($mybb->settings['maxnamelength'] != 0 && my_strlen($username) > $mybb->settings['maxnamelength']) || ($mybb->settings['minnamelength'] != 0 && my_strlen($username) < $mybb->settings['minnamelength']) && !$bannedusername && !$missingname)
| if(($mybb->settings['maxnamelength'] != 0 && my_strlen($username) > $mybb->settings['maxnamelength']) || ($mybb->settings['minnamelength'] != 0 && my_strlen($username) < $mybb->settings['minnamelength']))
|
{
$this->set_error('invalid_username_length', array($mybb->settings['minnamelength'], $mybb->settings['maxnamelength']));
|
{
$this->set_error('invalid_username_length', array($mybb->settings['minnamelength'], $mybb->settings['maxnamelength']));
|
return false;
}
| return false;
}
|
return true;
}
|
return true;
}
|
| Zeile 111 | Zeile 117 |
|---|
$username = &$this->data['username'];
|
$username = &$this->data['username'];
|
$query = $db->simple_select(TABLE_PREFIX."users", "COUNT(uid) AS count", "LOWER(username)='".$db->escape_string(strtolower($username))."'");
| $query = $db->simple_select(TABLE_PREFIX."users", "COUNT(uid) AS count", "LOWER(username)='".$db->escape_string(strtolower(trim($username)))."' AND uid!='{$this->data['uid']}'");
|
$user_count = $db->fetch_field($query, "count");
if($user_count > 0)
{
| $user_count = $db->fetch_field($query, "count");
if($user_count > 0)
{
|
| Zeile 144 | Zeile 150 |
|---|
// See if the board has "require complex passwords" enabled.
if($mybb->settings['requirecomplexpasswords'] == "yes")
|
// See if the board has "require complex passwords" enabled.
if($mybb->settings['requirecomplexpasswords'] == "yes")
|
{
| {
|
// Complex passwords required, do some extra checks.
// First, see if there is one or more complex character(s) in the password.
if(!preg_match('#[\W]+#', $user['password']))
| // Complex passwords required, do some extra checks.
// First, see if there is one or more complex character(s) in the password.
if(!preg_match('#[\W]+#', $user['password']))
|
| Zeile 158 | Zeile 164 |
|---|
if(isset($user['password2']) && $user['password'] != $user['password2'])
{
$this->set_error("passwords_dont_match");
|
if(isset($user['password2']) && $user['password'] != $user['password2'])
{
$this->set_error("passwords_dont_match");
|
return false;
}
| return false;
}
|
// MD5 the password
$user['md5password'] = md5($user['password']);
|
// MD5 the password
$user['md5password'] = md5($user['password']);
|
| Zeile 204 | Zeile 210 |
|---|
if(trim($user['email']) == '')
{
$this->set_error('missing_email');
|
if(trim($user['email']) == '')
{
$this->set_error('missing_email');
|
return false;
}
| return false;
}
|
// Check if this is a proper email address.
|
// Check if this is a proper email address.
|
if(validate_email_format($user['email']) === false)
{
| if(!validate_email_format($user['email']))
{
|
$this->set_error('invalid_email_format');
return false;
}
// Check banned emails
|
$this->set_error('invalid_email_format');
return false;
}
// Check banned emails
|
$bannedemails = explode(" ", $mybb->settings['bannedemails']);
if(is_array($bannedemails))
| if(is_banned_email($user['email']))
|
{
|
{
|
foreach($bannedemails as $bannedemail)
{
$bannedemail = strtolower(trim($bannedemail));
if($bannedemail != '')
{
if(strstr($user['email'], $bannedemail) != '')
{
$this->set_error('banned_email');
return false;
}
}
}
| $this->set_error('banned_email');
return false;
|
}
// If we have an "email2", verify it matches the existing email
| }
// If we have an "email2", verify it matches the existing email
|
| Zeile 250 | Zeile 245 |
|---|
$website = &$this->data['website'];
if($website == '' || $website == 'http://')
|
$website = &$this->data['website'];
if($website == '' || $website == 'http://')
|
{
| {
|
$website = '';
return true;
|
$website = '';
return true;
|
}
| }
|
// Does the website start with http://?
if(substr_count($website, 'http://') == 0)
|
// Does the website start with http://?
if(substr_count($website, 'http://') == 0)
|
| Zeile 266 | Zeile 261 |
|---|
return false;
}
}
|
return false;
}
}
|
|
|
return true;
}
| return true;
}
|
| Zeile 282 | Zeile 277 |
|---|
if($icq != '' && !is_numeric($icq))
{
$this->set_error("invalid_icq_number");
|
if($icq != '' && !is_numeric($icq))
{
$this->set_error("invalid_icq_number");
|
return false;
| return false;
|
}
$icq = intval($icq);
return true;
| }
$icq = intval($icq);
return true;
|
| Zeile 406 | Zeile 401 |
|---|
$field = "fid{$profilefield['fid']}";
// If the profile field is required, but not filled in, present error.
|
$field = "fid{$profilefield['fid']}";
// If the profile field is required, but not filled in, present error.
|
if(!$profile_fields[$field] && $profilefield['required'] == "yes" && !$proferror)
| if(trim($profile_fields[$field]) == "" && $profilefield['required'] == "yes" && !defined('IN_ADMINCP'))
|
{
$this->set_error('missing_required_profile_field', array($profilefield['name']));
}
| {
$this->set_error('missing_required_profile_field', array($profilefield['name']));
}
|
| Zeile 457 | Zeile 452 |
|---|
*/
function verify_referrer()
{
|
*/
function verify_referrer()
{
|
global $db;
| global $db, $mybb;
|
$user = &$this->data;
|
$user = &$this->data;
|
| Zeile 493 | Zeile 488 |
|---|
$this->verify_yesno_option($options, 'allownotices', 'yes');
$this->verify_yesno_option($options, 'hideemail', 'no');
$this->verify_yesno_option($options, 'emailnotify', 'no');
|
$this->verify_yesno_option($options, 'allownotices', 'yes');
$this->verify_yesno_option($options, 'hideemail', 'no');
$this->verify_yesno_option($options, 'emailnotify', 'no');
|
| | $this->verify_yesno_option($options, 'emailpmnotify', 'no');
|
$this->verify_yesno_option($options, 'receivepms', 'yes');
$this->verify_yesno_option($options, 'pmpopup', 'yes');
$this->verify_yesno_option($options, 'pmnotify', 'yes');
| $this->verify_yesno_option($options, 'receivepms', 'yes');
$this->verify_yesno_option($options, 'pmpopup', 'yes');
$this->verify_yesno_option($options, 'pmnotify', 'yes');
|
| Zeile 670 | Zeile 666 |
|---|
return false;
}
return true;
|
return false;
}
return true;
|
}
| }
|
/**
* Validate all user assets.
*
| /**
* Validate all user assets.
*
|
| Zeile 680 | Zeile 676 |
|---|
function validate_user()
{
global $mybb, $plugins;
|
function validate_user()
{
global $mybb, $plugins;
|
|
|
$user = &$this->data;
// First, grab the old user details if this user exists
if($user['uid'])
{
$old_user = get_user($user['uid']);
|
$user = &$this->data;
// First, grab the old user details if this user exists
if($user['uid'])
{
$old_user = get_user($user['uid']);
|
}
| }
|
if($this->method == "insert" || array_key_exists('username', $user))
{
// If the username is the same - no need to verify
| if($this->method == "insert" || array_key_exists('username', $user))
{
// If the username is the same - no need to verify
|
| Zeile 767 | Zeile 763 |
|---|
// We are done validating, return.
$this->set_validated(true);
|
// We are done validating, return.
$this->set_validated(true);
|
if(count($this->get_errors()) > 0)
{
| if(count($this->get_errors()) > 0)
{
|
return false;
}
else
| return false;
}
else
|
| Zeile 800 | Zeile 796 |
|---|
"username" => $db->escape_string($user['username']),
"password" => $user['saltedpw'],
"salt" => $user['salt'],
|
"username" => $db->escape_string($user['username']),
"password" => $user['saltedpw'],
"salt" => $user['salt'],
|
"loginkey" => $user['loginkey'],
| "loginkey" => $user['loginkey'],
|
"email" => $db->escape_string($user['email']),
"postnum" => intval($user['postnum']),
"avatar" => $db->escape_string($user['avatar']),
| "email" => $db->escape_string($user['email']),
"postnum" => intval($user['postnum']),
"avatar" => $db->escape_string($user['avatar']),
|
| Zeile 840 | Zeile 836 |
|---|
"daysprune" => intval($user['options']['daysprune']),
"dateformat" => $db->escape_string($user['dateformat']),
"timeformat" => $db->escape_string($user['timeformat']),
|
"daysprune" => intval($user['options']['daysprune']),
"dateformat" => $db->escape_string($user['dateformat']),
"timeformat" => $db->escape_string($user['timeformat']),
|
"regip" => $user['regip'],
| "regip" => $db->escape_string($user['regip']),
|
"language" => $db->escape_string($user['language']),
"showcodebuttons" => $user['options']['showcodebuttons'],
"away" => $user['away']['away'],
| "language" => $db->escape_string($user['language']),
"showcodebuttons" => $user['options']['showcodebuttons'],
"away" => $user['away']['away'],
|
| Zeile 860 | Zeile 856 |
|---|
$db->insert_query(TABLE_PREFIX."users", $this->user_insert_data);
$this->uid = $db->insert_id();
|
$db->insert_query(TABLE_PREFIX."users", $this->user_insert_data);
$this->uid = $db->insert_id();
|
$user['user_fields'] = array(
'ufid' => $this->uid,
'fid1' => '',
'fid2' => '',
'fid3' => ''
);
| $user['user_fields']['ufid'] = $this->uid;
$query = $db->query("SHOW FIELDS FROM ".TABLE_PREFIX."userfields");
while($field = $db->fetch_array($query))
{
if($field['Field'] == 'ufid' || array_key_exists($field['Field'], $user['user_fields']))
{
continue;
}
$user['user_fields'][$field['Field']] = '';
}
|
$db->insert_query(TABLE_PREFIX."userfields", $user['user_fields']);
// Update forum stats
|
$db->insert_query(TABLE_PREFIX."userfields", $user['user_fields']);
// Update forum stats
|
$cache->updatestats();
| update_stats(array('numusers' => '+1'));
|
return array(
"uid" => $this->uid,
|
return array(
"uid" => $this->uid,
|
| Zeile 887 | Zeile 889 |
|---|
function update_user()
{
global $db, $plugins;
|
function update_user()
{
global $db, $plugins;
|
|
|
// Yes, validating is required.
if(!$this->get_validated())
{
| // Yes, validating is required.
if(!$this->get_validated())
{
|
| Zeile 936 | Zeile 937 |
|---|
$this->user_update_data['additionalgroups'] = $db->escape_string($user['additionalgroups']);
}
if(isset($user['displaygroup']))
|
$this->user_update_data['additionalgroups'] = $db->escape_string($user['additionalgroups']);
}
if(isset($user['displaygroup']))
|
{
| {
|
$this->user_update_data['displaygroup'] = intval($user['displaygroup']);
}
if(isset($user['usertitle']))
| $this->user_update_data['displaygroup'] = intval($user['displaygroup']);
}
if(isset($user['usertitle']))
|
| Zeile 1005 | Zeile 1006 |
|---|
}
if(isset($user['language']))
{
|
}
if(isset($user['language']))
{
|
$this->user_update_data['language'] = $user['language'];
| $this->user_update_data['language'] = $db->escape_string($user['language']);
|
}
if(isset($user['away']))
{
| }
if(isset($user['away']))
{
|
| Zeile 1034 | Zeile 1035 |
|---|
if(count($this->user_update_data) < 1)
{
return false;
|
if(count($this->user_update_data) < 1)
{
return false;
|
}
| }
|
// Actual updating happens here.
$db->update_query(TABLE_PREFIX."users", $this->user_update_data, "uid='{$user['uid']}'");
|
// Actual updating happens here.
$db->update_query(TABLE_PREFIX."users", $this->user_update_data, "uid='{$user['uid']}'");
|
|
|
// Maybe some userfields need to be updated?
if(is_array($user['user_fields']))
{
| // Maybe some userfields need to be updated?
if(is_array($user['user_fields']))
{
|
| Zeile 1047 | Zeile 1048 |
|---|
if(!$fields['ufid'])
{
$user_fields = array(
|
if(!$fields['ufid'])
{
$user_fields = array(
|
'ufid' => $user['uid'],
'fid1' => '',
'fid2' => '',
'fid3' => ''
| 'ufid' => $user['uid']
|
);
|
);
|
| |
$query = $db->query("SHOW FIELDS FROM ".TABLE_PREFIX."userfields");
while($field = $db->fetch_array($query))
{
if($field['Field'] == 'ufid')
{
continue;
}
$user_fields[$field['Field']] = '';
}
|
$db->insert_query(TABLE_PREFIX."userfields", $user_fields);
}
$db->update_query(TABLE_PREFIX."userfields", $user['user_fields'], "ufid='{$user['uid']}'");
| $db->insert_query(TABLE_PREFIX."userfields", $user_fields);
}
$db->update_query(TABLE_PREFIX."userfields", $user['user_fields'], "ufid='{$user['uid']}'");
|
| Zeile 1071 | Zeile 1079 |
|---|
$db->update_query(TABLE_PREFIX."threads", $username_update, "uid='{$user['uid']}'");
$db->update_query(TABLE_PREFIX."threads", $lastposter_update, "lastposteruid='{$user['uid']}'");
$db->update_query(TABLE_PREFIX."forums", $lastposter_update, "lastposteruid='{$user['uid']}'");
|
$db->update_query(TABLE_PREFIX."threads", $username_update, "uid='{$user['uid']}'");
$db->update_query(TABLE_PREFIX."threads", $lastposter_update, "lastposteruid='{$user['uid']}'");
$db->update_query(TABLE_PREFIX."forums", $lastposter_update, "lastposteruid='{$user['uid']}'");
|
| |
global $cache;
$stats = $cache->read("stats");
if($stats['lastuid'] == $user['uid'])
{
// User was latest to register, update stats
update_stats(array("numusers" => "+0"));
}
|
}
}
| }
}
|