Vergleich inc/datahandlers/user.php - 1.2.0 - 1.2.4

  Keine Änderungen   Hinzugefügt   Modifiziert   Entfernt
Zeile 6Zeile 6
 * Website: http://www.mybboard.com
* License: http://www.mybboard.com/eula.html
*

 * Website: http://www.mybboard.com
* License: http://www.mybboard.com/eula.html
*

 * $Id: user.php 2194 2006-09-03 12:46:22Z chris $

 * $Id: user.php 2663 2007-01-21 18:30:14Z Tikitiki $

 */

/**

 */

/**

Zeile 57Zeile 57
	 */
function verify_username()
{

	 */
function verify_username()
{

 
		global $mybb;


		$username = &$this->data['username'];
require_once MYBB_ROOT.'inc/functions_user.php';

// Fix bad characters
$username = str_replace(array(chr(160), chr(173)), array(" ", "-"), $username);

		$username = &$this->data['username'];
require_once MYBB_ROOT.'inc/functions_user.php';

// Fix bad characters
$username = str_replace(array(chr(160), chr(173)), array(" ", "-"), $username);





		// Remove multiple spaces from the username
$username = preg_replace("#\s{2,}#", " ", $username);


		// Remove multiple spaces from the username
$username = preg_replace("#\s{2,}#", " ", $username);


Zeile 70Zeile 72
		if(trim($username) == '')
{
$this->set_error('missing_username');

		if(trim($username) == '')
{
$this->set_error('missing_username');

			return false;
}

			return false;
}


// Check if the username belongs to the list of banned usernames.


// Check if the username belongs to the list of banned usernames.

		$bannedusernames = get_banned_usernames();
if(in_array($username, $bannedusernames))
{

		if(is_banned_username($username))
{


			$this->set_error('banned_username');

			$this->set_error('banned_username');

			return false;
}


			return false;
}


		// Check for certain characters in username (<, >, &, and slashes)
if(eregi("<", $username) || eregi(">", $username) || eregi("&", $username) || strpos($username, "\\") !== false || eregi(";", $username))
{
$this->set_error("bad_characters_username");

		// Check for certain characters in username (<, >, &, and slashes)
if(eregi("<", $username) || eregi(">", $username) || eregi("&", $username) || strpos($username, "\\") !== false || eregi(";", $username))
{
$this->set_error("bad_characters_username");

			return false;
}


			return false;
}


		// Check if the username is of the correct length.
if(($mybb->settings['maxnamelength'] != 0 && my_strlen($username) > $mybb->settings['maxnamelength']) || ($mybb->settings['minnamelength'] != 0 && my_strlen($username) < $mybb->settings['minnamelength']) && !$bannedusername && !$missingname)
{

		// Check if the username is of the correct length.
if(($mybb->settings['maxnamelength'] != 0 && my_strlen($username) > $mybb->settings['maxnamelength']) || ($mybb->settings['minnamelength'] != 0 && my_strlen($username) < $mybb->settings['minnamelength']) && !$bannedusername && !$missingname)
{

Zeile 109Zeile 110

$username = &$this->data['username'];



$username = &$this->data['username'];


		$query = $db->simple_select(TABLE_PREFIX."users", "COUNT(uid) AS count", "username='".$db->escape_string($username)."'");

		$query = $db->simple_select(TABLE_PREFIX."users", "COUNT(uid) AS count", "LOWER(username)='".$db->escape_string(strtolower($username))."'");

		$user_count = $db->fetch_field($query, "count");
if($user_count > 0)
{

		$user_count = $db->fetch_field($query, "count");
if($user_count > 0)
{

Zeile 117Zeile 118
			return true;
}
else

			return true;
}
else

		{

		{

			return false;
}
}

			return false;
}
}





	/**
* Verifies if a new password is valid or not.
*

	/**
* Verifies if a new password is valid or not.
*

Zeile 132Zeile 133
		global $mybb;

$user = &$this->data;

		global $mybb;

$user = &$this->data;





		// Always check for the length of the password.
if(my_strlen($user['password']) < $mybb->settings['minpasswordlength'])
{

		// Always check for the length of the password.
if(my_strlen($user['password']) < $mybb->settings['minpasswordlength'])
{

Zeile 162Zeile 163
		// MD5 the password
$user['md5password'] = md5($user['password']);


		// MD5 the password
$user['md5password'] = md5($user['password']);


		// Generate our salt
$user['salt'] = generate_salt();





		// Generate our salt
if(!$user['salt'])
{
$user['salt'] = generate_salt();
}


		// Combine the password and salt
$user['saltedpw'] = salt_password($user['md5password'], $user['salt']);


		// Combine the password and salt
$user['saltedpw'] = salt_password($user['md5password'], $user['salt']);


Zeile 176Zeile 180

/**
* Verifies usergroup selections and other group details.


/**
* Verifies usergroup selections and other group details.

	*
* @return boolean True when valid, false when invalid.
*/

	*
* @return boolean True when valid, false when invalid.
*/

	function verify_usergroup()

	function verify_usergroup()

	{

	{

		$user = &$this->data;
return true;
}

		$user = &$this->data;
return true;
}

Zeile 190Zeile 194
	* @return boolean True when valid, false when invalid.
*/
function verify_email()

	* @return boolean True when valid, false when invalid.
*/
function verify_email()

	{



	{
global $mybb;


		$user = &$this->data;

		$user = &$this->data;





		// Check if an email address has actually been entered.
if(trim($user['email']) == '')

		// Check if an email address has actually been entered.
if(trim($user['email']) == '')

		{

		{

			$this->set_error('missing_email');
return false;
}

// Check if this is a proper email address.
if(validate_email_format($user['email']) === false)

			$this->set_error('missing_email');
return false;
}

// Check if this is a proper email address.
if(validate_email_format($user['email']) === false)

		{

		{

			$this->set_error('invalid_email_format');
return false;

			$this->set_error('invalid_email_format');
return false;

		}


		}


		// Check banned emails

		// Check banned emails

		$bannedemails = explode(" ", $mybb->settings['bannedemails']);
if(is_array($bannedemails))
{
foreach($bannedemails as $bannedemail)
{
$bannedemail = strtolower(trim($bannedemail));
if($bannedemail != '')
{
if(strstr($user['email'], $bannedemail) != '')
{
$this->set_error('banned_email');
return false;
}
}
}

		if(is_banned_email($user['email']))
{
$this->set_error('banned_email');
return false;












		}

// If we have an "email2", verify it matches the existing email
if(isset($user['email2']) && $user['email'] != $user['email2'])
{
$this->set_error("emails_dont_match");

		}

// If we have an "email2", verify it matches the existing email
if(isset($user['email2']) && $user['email'] != $user['email2'])
{
$this->set_error("emails_dont_match");

			return false;

			return false;

		}
}

		}
}





	/**
* Verifies if a website is valid or not.
*

	/**
* Verifies if a website is valid or not.
*

Zeile 243Zeile 238
		$website = &$this->data['website'];

if($website == '' || $website == 'http://')

		$website = &$this->data['website'];

if($website == '' || $website == 'http://')

		{

		{

			$website = '';
return true;
}

			$website = '';
return true;
}

Zeile 271Zeile 266
	function verify_icq()
{
$icq = &$this->data['icq'];

	function verify_icq()
{
$icq = &$this->data['icq'];





		if($icq != '' && !is_numeric($icq))
{
$this->set_error("invalid_icq_number");

		if($icq != '' && !is_numeric($icq))
{
$this->set_error("invalid_icq_number");

Zeile 300Zeile 295

/**
* Verifies if a birthday is valid or not.


/**
* Verifies if a birthday is valid or not.

	*

	*

	* @return boolean True when valid, false when invalid.
*/
function verify_birthday()

	* @return boolean True when valid, false when invalid.
*/
function verify_birthday()

Zeile 338Zeile 333
				
// Error if a year exists and the year is out of range
if($birthday['year'] != 0 && ($birthday['year'] < (date("Y")-100)) || $birthday['year'] > date("Y"))

				
// Error if a year exists and the year is out of range
if($birthday['year'] != 0 && ($birthday['year'] < (date("Y")-100)) || $birthday['year'] > date("Y"))

		{

		{ 

			$this->set_error("invalid_birthday");
return false;
}

			$this->set_error("invalid_birthday");
return false;
}

Zeile 352Zeile 347
		elseif($birthday['day'] && $birthday['month'])
{
// If only a day and month are specified, put together a d-m string

		elseif($birthday['day'] && $birthday['month'])
{
// If only a day and month are specified, put together a d-m string

			$user['bday'] = $birthday['day']."-".$birthday['month'];

			$user['bday'] = $birthday['day']."-".$birthday['month']."-";

		}
else
{
// No field is specified, so return an empty string for an unknown birthday
$user['bday'] = '';

		}
else
{
// No field is specified, so return an empty string for an unknown birthday
$user['bday'] = '';

		}

		}

		return true;
}


		return true;
}


Zeile 377Zeile 372
		// Loop through profile fields checking if they exist or not and are filled in.
$userfields = array();
$comma = '';

		// Loop through profile fields checking if they exist or not and are filled in.
$userfields = array();
$comma = '';

 
		$editable = '';

if(!$this->data['profile_fields_editable'])
{
$editable = "editable='yes'";
}


// Fetch all profile fields first.
$options = array(
'order_by' => 'disporder'
);


// Fetch all profile fields first.
$options = array(
'order_by' => 'disporder'
);

		$query = $db->simple_select(TABLE_PREFIX.'profilefields', 'name, type, fid, required', "editable='yes'", $options);

		$query = $db->simple_select(TABLE_PREFIX.'profilefields', 'name, type, fid, required', $editable, $options);


// Then loop through the profile fields.
while($profilefield = $db->fetch_array($query))


// Then loop through the profile fields.
while($profilefield = $db->fetch_array($query))

Zeile 390Zeile 391
			$profilefield['type'] = htmlspecialchars_uni($profilefield['type']);
$thing = explode("\n", $profilefield['type'], "2");
$type = trim($thing[0]);

			$profilefield['type'] = htmlspecialchars_uni($profilefield['type']);
$thing = explode("\n", $profilefield['type'], "2");
$type = trim($thing[0]);

			$field = "fid$profilefield[fid]";

			$field = "fid{$profilefield['fid']}";


// If the profile field is required, but not filled in, present error.


// If the profile field is required, but not filled in, present error.

			if(!$profile_fields[$field] && $profilefield['required'] == "yes" && !$proferror)

			if(trim($profile_fields[$field]) == "" && $profilefield['required'] == "yes" && !$proferror && !defined('IN_ADMINCP'))

			{
$this->set_error('missing_required_profile_field', array($profilefield['name']));
}

			{
$this->set_error('missing_required_profile_field', array($profilefield['name']));
}

Zeile 421Zeile 422
			{
$expoptions = explode("\n", $thing[1]);
$expoptions = array_map('trim', $expoptions);

			{
$expoptions = explode("\n", $thing[1]);
$expoptions = array_map('trim', $expoptions);

				if(!in_array($profile_fields[$field], $expoptions) && $profile_fields[$field] != "")

				if(!in_array(htmlspecialchars_uni($profile_fields[$field]), $expoptions) && $profile_fields[$field] != "")

				{
$this->set_error('bad_profile_field_values', array($profilefield['name']));
}

				{
$this->set_error('bad_profile_field_values', array($profilefield['name']));
}

Zeile 444Zeile 445
	*/
function verify_referrer()
{

	*/
function verify_referrer()
{

		global $db;

		global $db, $mybb;


$user = &$this->data;



$user = &$this->data;


Zeile 490Zeile 491
		$this->verify_yesno_option($options, 'showavatars', 'yes');
$this->verify_yesno_option($options, 'showquickreply', 'yes');
$this->verify_yesno_option($options, 'showredirect', 'yes');

		$this->verify_yesno_option($options, 'showavatars', 'yes');
$this->verify_yesno_option($options, 'showquickreply', 'yes');
$this->verify_yesno_option($options, 'showredirect', 'yes');


if($this->method == "insert" || (array_key_exists('showcodebuttons', $options) && $options['showcodebuttons'] != 0))
{
$options['showcodebuttons'] = 1;
}











if(isset($options['showcodebuttons']))
{
$options['showcodebuttons'] = intval($options['showcodebuttons']);
if($options['showcodebuttons'] != 0)
{
$options['showcodebuttons'] = 1;
}
}
else if($this->method == "insert")
{
$options['showcodebuttons'] = 1;
}


		if($this->method == "insert" || (isset($options['threadmode']) && $options['threadmode'] != "threaded"))
{
$options['threadmode'] = 'linear';

		if($this->method == "insert" || (isset($options['threadmode']) && $options['threadmode'] != "threaded"))
{
$options['threadmode'] = 'linear';

Zeile 517Zeile 527
			$options['tpp'] = intval($options['tpp']);
}
// Verify the "posts per page" option.

			$options['tpp'] = intval($options['tpp']);
}
// Verify the "posts per page" option.

		if($this->method == "insert" || (array_key_exists('ppp', $options) && $mybb->settings['usepppoptions']))

		if($this->method == "insert" || (array_key_exists('ppp', $options) && $mybb->settings['userpppoptions']))

		{
$explodedppp = explode(",", $mybb->settings['userpppoptions']);
if(is_array($explodedppp))
{
@asort($explodedppp);

		{
$explodedppp = explode(",", $mybb->settings['userpppoptions']);
if(is_array($explodedppp))
{
@asort($explodedppp);

				$biggest = $explodedtpp[count($explodedppp)-1];

				$biggest = $explodedppp[count($explodedppp)-1];

				// Is the selected option greater than the allowed options?
if($options['ppp'] > $biggest)
{
$options['ppp'] = $biggest;
}

				// Is the selected option greater than the allowed options?
if($options['ppp'] > $biggest)
{
$options['ppp'] = $biggest;
}

			}

			}

			$options['ppp'] = intval($options['ppp']);

			$options['ppp'] = intval($options['ppp']);

		}

		}

		// Is our selected "days prune" option valid or not?

		// Is our selected "days prune" option valid or not?

		if($this->method == "insert" || isset($options['daysprune']))

		if($this->method == "insert" || array_key_exists('daysprune', $options))

		{
$options['daysprune'] = intval($options['daysprune']);
if($options['daysprune'] < 0)

		{
$options['daysprune'] = intval($options['daysprune']);
if($options['daysprune'] < 0)

Zeile 542Zeile 552
			}
}
$this->data['options'] = $options;

			}
}
$this->data['options'] = $options;

	}

	}


/**
* Verifies if a registration date is valid or not.


/**
* Verifies if a registration date is valid or not.

Zeile 571Zeile 581
	function verify_lastvisit()
{
$lastvisit = &$this->data['lastvisit'];

	function verify_lastvisit()
{
$lastvisit = &$this->data['lastvisit'];





		$lastvisit = intval($lastvisit);
// If the timestamp is below 0, set it to the current time.
if($lastvisit <= 0)

		$lastvisit = intval($lastvisit);
// If the timestamp is below 0, set it to the current time.
if($lastvisit <= 0)

Zeile 579Zeile 589
			$lastvisit = time();
}
return true;

			$lastvisit = time();
}
return true;





	}

/**
* Verifies if a last active date is valid or not.

	}

/**
* Verifies if a last active date is valid or not.

	 *
* @return boolean True when valid, false when invalid.
*/

	 *
* @return boolean True when valid, false when invalid.
*/

	function verify_lastactive()
{
$lastactive = &$this->data['lastactive'];

	function verify_lastactive()
{
$lastactive = &$this->data['lastactive'];

Zeile 596Zeile 606
		if($lastactive <= 0)
{
$lastactive = time();

		if($lastactive <= 0)
{
$lastactive = time();

		}
return true;

}


		}
return true;

}


	/**
* Verifies if an away mode status is valid or not.
*

	/**
* Verifies if an away mode status is valid or not.
*

Zeile 627Zeile 637
			{
$this->set_error("missing_returndate");
}

			{
$this->set_error("missing_returndate");
}

		}
}


		}
}


	/**
* Verifies if a langage is valid for this user or not.
*

	/**
* Verifies if a langage is valid for this user or not.
*

Zeile 658Zeile 668
	function validate_user()
{
global $mybb, $plugins;

	function validate_user()
{
global $mybb, $plugins;





		$user = &$this->data;

// First, grab the old user details if this user exists

		$user = &$this->data;

// First, grab the old user details if this user exists

Zeile 667Zeile 677
			$old_user = get_user($user['uid']);
}


			$old_user = get_user($user['uid']);
}


		if($this->method == "insert" || array_key_exists('usernane', $user))

		if($this->method == "insert" || array_key_exists('username', $user))

		{
// If the username is the same - no need to verify
if(!$old_user['username'] || $user['username'] != $old_user['username'])

		{
// If the username is the same - no need to verify
if(!$old_user['username'] || $user['username'] != $old_user['username'])

Zeile 818Zeile 828
			"daysprune" => intval($user['options']['daysprune']),
"dateformat" => $db->escape_string($user['dateformat']),
"timeformat" => $db->escape_string($user['timeformat']),

			"daysprune" => intval($user['options']['daysprune']),
"dateformat" => $db->escape_string($user['dateformat']),
"timeformat" => $db->escape_string($user['timeformat']),

			"regip" => $user['regip'],

			"regip" => $db->escape_string($user['regip']),

			"language" => $db->escape_string($user['language']),
"showcodebuttons" => $user['options']['showcodebuttons'],
"away" => $user['away']['away'],

			"language" => $db->escape_string($user['language']),
"showcodebuttons" => $user['options']['showcodebuttons'],
"away" => $user['away']['away'],

Zeile 826Zeile 836
			"returndate" => $user['away']['returndate'],
"awayreason" => $db->escape_string($user['away']['awayreason']),
"notepad" => $db->escape_string($user['notepad']),

			"returndate" => $user['away']['returndate'],
"awayreason" => $db->escape_string($user['away']['awayreason']),
"notepad" => $db->escape_string($user['notepad']),

			"referrer" => intval($user['referrer_uid'])





			"referrer" => intval($user['referrer_uid']),
"buddylist" => '',
"ignorelist" => '',
"pmfolders" => '',
"notepad" => ''

		);

$plugins->run_hooks_by_ref("datahandler_user_insert", $this);

		);

$plugins->run_hooks_by_ref("datahandler_user_insert", $this);

Zeile 835Zeile 849
		$this->uid = $db->insert_id();

$user['user_fields']['ufid'] = $this->uid;

		$this->uid = $db->insert_id();

$user['user_fields']['ufid'] = $this->uid;

 
		
$query = $db->query("SHOW FIELDS FROM ".TABLE_PREFIX."userfields");
while($field = $db->fetch_array($query))
{
if($field['Field'] == 'ufid' || array_key_exists($field['Field'], $user['user_fields']))
{
continue;
}
$user['user_fields'][$field['Field']] = '';
}


		$db->insert_query(TABLE_PREFIX."userfields", $user['user_fields']);

// Update forum stats

		$db->insert_query(TABLE_PREFIX."userfields", $user['user_fields']);

// Update forum stats

Zeile 856Zeile 881
	function update_user()
{
global $db, $plugins;

	function update_user()
{
global $db, $plugins;

 



// Yes, validating is required.
if(!$this->get_validated())


// Yes, validating is required.
if(!$this->get_validated())

Zeile 998Zeile 1024
		$old_user = get_user($user['uid']);

$plugins->run_hooks_by_ref("datahandler_user_update", $this);

		$old_user = get_user($user['uid']);

$plugins->run_hooks_by_ref("datahandler_user_update", $this);

 

if(count($this->user_update_data) < 1)
{
return false;
}


// Actual updating happens here.
$db->update_query(TABLE_PREFIX."users", $this->user_update_data, "uid='{$user['uid']}'");


// Actual updating happens here.
$db->update_query(TABLE_PREFIX."users", $this->user_update_data, "uid='{$user['uid']}'");





		// Maybe some userfields need to be updated?
if(is_array($user['user_fields']))
{

		// Maybe some userfields need to be updated?
if(is_array($user['user_fields']))
{

Zeile 1009Zeile 1040
			$fields = $db->fetch_array($query);
if(!$fields['ufid'])
{

			$fields = $db->fetch_array($query);
if(!$fields['ufid'])
{

				$db->insert_query(TABLE_PREFIX."userfields", array('ufid' => $user['uid']));














				$user_fields = array(
'ufid' => $user['uid']
);

$query = $db->query("SHOW FIELDS FROM ".TABLE_PREFIX."userfields");
while($field = $db->fetch_array($query))
{
if($field['Field'] == 'ufid')
{
continue;
}
$user_fields[$field['Field']] = '';
}
$db->insert_query(TABLE_PREFIX."userfields", $user_fields);

			}
$db->update_query(TABLE_PREFIX."userfields", $user['user_fields'], "ufid='{$user['uid']}'");
}

			}
$db->update_query(TABLE_PREFIX."userfields", $user['user_fields'], "ufid='{$user['uid']}'");
}

Zeile 1018Zeile 1062
		if($this->user_update_data['username'] != $old_user['username'] && $this->user_update_data['username'] != '')
{
$username_update = array(

		if($this->user_update_data['username'] != $old_user['username'] && $this->user_update_data['username'] != '')
{
$username_update = array(

				"username" => $db->escape_string($this->user_update_data['username'])

				"username" => $this->user_update_data['username']

			);
$lastposter_update = array(

			);
$lastposter_update = array(

				"lastposter" => $db->escape_string($this->user_update_data['username'])

				"lastposter" => $this->user_update_data['username']

			);

$db->update_query(TABLE_PREFIX."posts", $username_update, "uid='{$user['uid']}'");

			);

$db->update_query(TABLE_PREFIX."posts", $username_update, "uid='{$user['uid']}'");