Code Coverage |
||||||||||
Classes and Traits |
Functions and Methods |
Lines |
||||||||
| Total | n/a |
0 / 0 |
|
20.93% |
9 / 43 |
CRAP | |
52.73% |
734 / 1392 |
|
| user_get_id_name | |
0.00% |
0 / 1 |
16.80 | |
80.00% |
20 / 25 |
|||
| update_last_username | |
100.00% |
1 / 1 |
2 | |
100.00% |
10 / 10 |
|||
| user_update_name | |
0.00% |
0 / 1 |
20.00 | |
0.00% |
0 / 15 |
|||
| user_add | |
0.00% |
0 / 1 |
25.25 | |
81.13% |
86 / 106 |
|||
| user_delete | |
0.00% |
0 / 1 |
34.32 | |
93.48% |
129 / 138 |
|||
| user_active_flip | |
0.00% |
0 / 1 |
18 | |
95.00% |
38 / 40 |
|||
| user_ban | |
0.00% |
0 / 1 |
7140.00 | |
0.00% |
0 / 196 |
|||
| user_unban | |
0.00% |
0 / 1 |
132.00 | |
0.00% |
0 / 41 |
|||
| user_ipwhois | |
0.00% |
0 / 1 |
22.89 | |
44.44% |
12 / 27 |
|||
| validate_data | |
100.00% |
1 / 1 |
8 | |
100.00% |
15 / 15 |
|||
| validate_string | |
100.00% |
1 / 1 |
7 | |
100.00% |
7 / 7 |
|||
| validate_num | |
0.00% |
0 / 1 |
5.07 | |
85.71% |
6 / 7 |
|||
| validate_date | |
0.00% |
0 / 1 |
22.50 | |
50.00% |
7 / 14 |
|||
| validate_match | |
100.00% |
1 / 1 |
5 | |
100.00% |
7 / 7 |
|||
| validate_language_iso_name | |
100.00% |
1 / 1 |
2 | |
100.00% |
6 / 6 |
|||
| phpbb_validate_timezone | |
0.00% |
0 / 1 |
6.00 | |
0.00% |
0 / 1 |
|||
| validate_username | |
100.00% |
1 / 1 |
20 | |
100.00% |
49 / 49 |
|||
| validate_password | |
100.00% |
1 / 1 |
8 | |
100.00% |
20 / 20 |
|||
| phpbb_validate_email | |
0.00% |
0 / 1 |
6.97 | |
70.00% |
7 / 10 |
|||
| validate_user_email | |
100.00% |
1 / 1 |
8 | |
100.00% |
19 / 19 |
|||
| validate_jabber | |
0.00% |
0 / 1 |
20.17 | |
92.50% |
37 / 40 |
|||
| phpbb_validate_hex_colour | |
100.00% |
1 / 1 |
4 | |
100.00% |
5 / 5 |
|||
| phpbb_style_is_active | |
0.00% |
0 / 1 |
2.00 | |
0.00% |
0 / 6 |
|||
| avatar_delete | |
0.00% |
0 / 1 |
56.00 | |
0.00% |
0 / 11 |
|||
| get_avatar_filename | |
0.00% |
0 / 1 |
12.00 | |
0.00% |
0 / 8 |
|||
| phpbb_avatar_explanation_string | |
0.00% |
0 / 1 |
6.00 | |
0.00% |
0 / 5 |
|||
| group_create | |
0.00% |
0 / 1 |
327.85 | |
50.48% |
53 / 105 |
|||
| group_correct_avatar | |
0.00% |
0 / 1 |
6.00 | |
0.00% |
0 / 12 |
|||
| avatar_remove_db | |
0.00% |
0 / 1 |
2.00 | |
0.00% |
0 / 4 |
|||
| group_delete | |
0.00% |
0 / 1 |
72.00 | |
0.00% |
0 / 35 |
|||
| group_user_add | |
0.00% |
0 / 1 |
20.44 | |
80.39% |
41 / 51 |
|||
| group_user_del | |
0.00% |
0 / 1 |
342.00 | |
0.00% |
0 / 65 |
|||
| remove_default_avatar | |
0.00% |
0 / 1 |
4.21 | |
76.47% |
13 / 17 |
|||
| remove_default_rank | |
0.00% |
0 / 1 |
4.21 | |
76.47% |
13 / 17 |
|||
| group_user_attributes | |
0.00% |
0 / 1 |
22.65 | |
78.38% |
58 / 74 |
|||
| group_validate_groupname | |
0.00% |
0 / 1 |
8.64 | |
47.37% |
9 / 19 |
|||
| group_set_user_default | |
0.00% |
0 / 1 |
17.04 | |
94.83% |
55 / 58 |
|||
| get_group_name | |
0.00% |
0 / 1 |
2.01 | |
88.89% |
8 / 9 |
|||
| group_memberships | |
0.00% |
0 / 1 |
240.00 | |
0.00% |
0 / 25 |
|||
| group_update_listings | |
0.00% |
0 / 1 |
154.08 | |
14.81% |
4 / 27 |
|||
| remove_newly_registered | |
0.00% |
0 / 1 |
30.00 | |
0.00% |
0 / 24 |
|||
| phpbb_get_banned_user_ids | |
0.00% |
0 / 1 |
30.00 | |
0.00% |
0 / 15 |
|||
| phpbb_module_zebra | |
0.00% |
0 / 1 |
12.00 | |
0.00% |
0 / 7 |
|||
| <?php | |
| /** | |
| * | |
| * This file is part of the phpBB Forum Software package. | |
| * | |
| * @copyright (c) phpBB Limited <https://www.phpbb.com> | |
| * @license GNU General Public License, version 2 (GPL-2.0) | |
| * | |
| * For full copyright and license information, please see | |
| * the docs/CREDITS.txt file. | |
| * | |
| */ | |
| /** | |
| * @ignore | |
| */ | |
| if (!defined('IN_PHPBB')) | |
| { | |
| exit; | |
| } | |
| /** | |
| * Obtain user_ids from usernames or vice versa. Returns false on | |
| * success else the error string | |
| * | |
| * @param array &$user_id_ary The user ids to check or empty if usernames used | |
| * @param array &$username_ary The usernames to check or empty if user ids used | |
| * @param mixed $user_type Array of user types to check, false if not restricting by user type | |
| * @param boolean $update_references If false, the supplied array is unset and appears unchanged from where it was called | |
| * @return boolean|string Returns false on success, error string on failure | |
| */ | |
| function user_get_id_name(&$user_id_ary, &$username_ary, $user_type = false, $update_references = false) | |
| { | |
| global $db; | |
| // Are both arrays already filled? Yep, return else | |
| // are neither array filled? | |
| if ($user_id_ary && $username_ary) | |
| { | |
| return false; | |
| } | |
| else if (!$user_id_ary && !$username_ary) | |
| { | |
| return 'NO_USERS'; | |
| } | |
| $which_ary = ($user_id_ary) ? 'user_id_ary' : 'username_ary'; | |
| if (${$which_ary} && !is_array(${$which_ary})) | |
| { | |
| ${$which_ary} = array(${$which_ary}); | |
| } | |
| $sql_in = ($which_ary == 'user_id_ary') ? array_map('intval', ${$which_ary}) : array_map('utf8_clean_string', ${$which_ary}); | |
| // By unsetting the array here, the values passed in at the point user_get_id_name() was called will be retained. | |
| // Otherwise, if we don't unset (as the array was passed by reference) the original array will be updated below. | |
| if ($update_references === false) | |
| { | |
| unset(${$which_ary}); | |
| } | |
| $user_id_ary = $username_ary = array(); | |
| // Grab the user id/username records | |
| $sql_where = ($which_ary == 'user_id_ary') ? 'user_id' : 'username_clean'; | |
| $sql = 'SELECT user_id, username | |
| FROM ' . USERS_TABLE . ' | |
| WHERE ' . $db->sql_in_set($sql_where, $sql_in); | |
| if ($user_type !== false && !empty($user_type)) | |
| { | |
| $sql .= ' AND ' . $db->sql_in_set('user_type', $user_type); | |
| } | |
| $result = $db->sql_query($sql); | |
| if (!($row = $db->sql_fetchrow($result))) | |
| { | |
| $db->sql_freeresult($result); | |
| return 'NO_USERS'; | |
| } | |
| do | |
| { | |
| $username_ary[$row['user_id']] = $row['username']; | |
| $user_id_ary[] = $row['user_id']; | |
| } | |
| while ($row = $db->sql_fetchrow($result)); | |
| $db->sql_freeresult($result); | |
| return false; | |
| } | |
| /** | |
| * Get latest registered username and update database to reflect it | |
| */ | |
| function update_last_username() | |
| { | |
| global $config, $db; | |
| // Get latest username | |
| $sql = 'SELECT user_id, username, user_colour | |
| FROM ' . USERS_TABLE . ' | |
| WHERE user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ') | |
| ORDER BY user_id DESC'; | |
| $result = $db->sql_query_limit($sql, 1); | |
| $row = $db->sql_fetchrow($result); | |
| $db->sql_freeresult($result); | |
| if ($row) | |
| { | |
| $config->set('newest_user_id', $row['user_id'], false); | |
| $config->set('newest_username', $row['username'], false); | |
| $config->set('newest_user_colour', $row['user_colour'], false); | |
| } | |
| } | |
| /** | |
| * Updates a username across all relevant tables/fields | |
| * | |
| * @param string $old_name the old/current username | |
| * @param string $new_name the new username | |
| */ | |
| function user_update_name($old_name, $new_name) | |
| { | |
| global $config, $db, $cache, $phpbb_dispatcher; | |
| $update_ary = array( | |
| FORUMS_TABLE => array( | |
| 'forum_last_poster_id' => 'forum_last_poster_name', | |
| ), | |
| MODERATOR_CACHE_TABLE => array( | |
| 'user_id' => 'username', | |
| ), | |
| POSTS_TABLE => array( | |
| 'poster_id' => 'post_username', | |
| ), | |
| TOPICS_TABLE => array( | |
| 'topic_poster' => 'topic_first_poster_name', | |
| 'topic_last_poster_id' => 'topic_last_poster_name', | |
| ), | |
| ); | |
| foreach ($update_ary as $table => $field_ary) | |
| { | |
| foreach ($field_ary as $id_field => $name_field) | |
| { | |
| $sql = "UPDATE $table | |
| SET $name_field = '" . $db->sql_escape($new_name) . "' | |
| WHERE $name_field = '" . $db->sql_escape($old_name) . "' | |
| AND $id_field <> " . ANONYMOUS; | |
| $db->sql_query($sql); | |
| } | |
| } | |
| if ($config['newest_username'] == $old_name) | |
| { | |
| $config->set('newest_username', $new_name, false); | |
| } | |
| /** | |
| * Update a username when it is changed | |
| * | |
| * @event core.update_username | |
| * @var string old_name The old username that is replaced | |
| * @var string new_name The new username | |
| * @since 3.1.0-a1 | |
| */ | |
| $vars = array('old_name', 'new_name'); | |
| extract($phpbb_dispatcher->trigger_event('core.update_username', compact($vars))); | |
| // Because some tables/caches use username-specific data we need to purge this here. | |
| $cache->destroy('sql', MODERATOR_CACHE_TABLE); | |
| } | |
| /** | |
| * Adds an user | |
| * | |
| * @param mixed $user_row An array containing the following keys (and the appropriate values): username, group_id (the group to place the user in), user_email and the user_type(usually 0). Additional entries not overridden by defaults will be forwarded. | |
| * @param array $cp_data custom profile fields, see custom_profile::build_insert_sql_array | |
| * @param array $notifications_data The notifications settings for the new user | |
| * @return the new user's ID. | |
| */ | |
| function user_add($user_row, $cp_data = false, $notifications_data = null) | |
| { | |
| global $db, $config; | |
| global $phpbb_dispatcher, $phpbb_container; | |
| if (empty($user_row['username']) || !isset($user_row['group_id']) || !isset($user_row['user_email']) || !isset($user_row['user_type'])) | |
| { | |
| return false; | |
| } | |
| $username_clean = utf8_clean_string($user_row['username']); | |
| if (empty($username_clean)) | |
| { | |
| return false; | |
| } | |
| $sql_ary = array( | |
| 'username' => $user_row['username'], | |
| 'username_clean' => $username_clean, | |
| 'user_password' => (isset($user_row['user_password'])) ? $user_row['user_password'] : '', | |
| 'user_email' => strtolower($user_row['user_email']), | |
| 'group_id' => $user_row['group_id'], | |
| 'user_type' => $user_row['user_type'], | |
| ); | |
| // These are the additional vars able to be specified | |
| $additional_vars = array( | |
| 'user_permissions' => '', | |
| 'user_timezone' => $config['board_timezone'], | |
| 'user_dateformat' => $config['default_dateformat'], | |
| 'user_lang' => $config['default_lang'], | |
| 'user_style' => (int) $config['default_style'], | |
| 'user_actkey' => '', | |
| 'user_ip' => '', | |
| 'user_regdate' => time(), | |
| 'user_passchg' => time(), | |
| 'user_options' => 230271, | |
| // We do not set the new flag here - registration scripts need to specify it | |
| 'user_new' => 0, | |
| 'user_inactive_reason' => 0, | |
| 'user_inactive_time' => 0, | |
| 'user_lastmark' => time(), | |
| 'user_lastvisit' => 0, | |
| 'user_lastpost_time' => 0, | |
| 'user_lastpage' => '', | |
| 'user_posts' => 0, | |
| 'user_colour' => '', | |
| 'user_avatar' => '', | |
| 'user_avatar_type' => '', | |
| 'user_avatar_width' => 0, | |
| 'user_avatar_height' => 0, | |
| 'user_new_privmsg' => 0, | |
| 'user_unread_privmsg' => 0, | |
| 'user_last_privmsg' => 0, | |
| 'user_message_rules' => 0, | |
| 'user_full_folder' => PRIVMSGS_NO_BOX, | |
| 'user_emailtime' => 0, | |
| 'user_notify' => 0, | |
| 'user_notify_pm' => 1, | |
| 'user_notify_type' => NOTIFY_EMAIL, | |
| 'user_allow_pm' => 1, | |
| 'user_allow_viewonline' => 1, | |
| 'user_allow_viewemail' => 1, | |
| 'user_allow_massemail' => 1, | |
| 'user_sig' => '', | |
| 'user_sig_bbcode_uid' => '', | |
| 'user_sig_bbcode_bitfield' => '', | |
| 'user_form_salt' => unique_id(), | |
| ); | |
| // Now fill the sql array with not required variables | |
| foreach ($additional_vars as $key => $default_value) | |
| { | |
| $sql_ary[$key] = (isset($user_row[$key])) ? $user_row[$key] : $default_value; | |
| } | |
| // Any additional variables in $user_row not covered above? | |
| $remaining_vars = array_diff(array_keys($user_row), array_keys($sql_ary)); | |
| // Now fill our sql array with the remaining vars | |
| if (count($remaining_vars)) | |
| { | |
| foreach ($remaining_vars as $key) | |
| { | |
| $sql_ary[$key] = $user_row[$key]; | |
| } | |
| } | |
| /** | |
| * Use this event to modify the values to be inserted when a user is added | |
| * | |
| * @event core.user_add_modify_data | |
| * @var array user_row Array of user details submitted to user_add | |
| * @var array cp_data Array of Custom profile fields submitted to user_add | |
| * @var array sql_ary Array of data to be inserted when a user is added | |
| * @var array notifications_data Array of notification data to be inserted when a user is added | |
| * @since 3.1.0-a1 | |
| * @changed 3.1.0-b5 Added user_row and cp_data | |
| * @changed 3.1.11-RC1 Added notifications_data | |
| */ | |
| $vars = array('user_row', 'cp_data', 'sql_ary', 'notifications_data'); | |
| extract($phpbb_dispatcher->trigger_event('core.user_add_modify_data', compact($vars))); | |
| $sql = 'INSERT INTO ' . USERS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary); | |
| $db->sql_query($sql); | |
| $user_id = $db->sql_nextid(); | |
| // Insert Custom Profile Fields | |
| if ($cp_data !== false && count($cp_data)) | |
| { | |
| $cp_data['user_id'] = (int) $user_id; | |
| /* @var $cp \phpbb\profilefields\manager */ | |
| $cp = $phpbb_container->get('profilefields.manager'); | |
| $sql = 'INSERT INTO ' . PROFILE_FIELDS_DATA_TABLE . ' ' . | |
| $db->sql_build_array('INSERT', $cp->build_insert_sql_array($cp_data)); | |
| $db->sql_query($sql); | |
| } | |
| // Place into appropriate group... | |
| $sql = 'INSERT INTO ' . USER_GROUP_TABLE . ' ' . $db->sql_build_array('INSERT', array( | |
| 'user_id' => (int) $user_id, | |
| 'group_id' => (int) $user_row['group_id'], | |
| 'user_pending' => 0) | |
| ); | |
| $db->sql_query($sql); | |
| // Now make it the users default group... | |
| group_set_user_default($user_row['group_id'], array($user_id), false); | |
| // Add to newly registered users group if user_new is 1 | |
| if ($config['new_member_post_limit'] && $sql_ary['user_new']) | |
| { | |
| $sql = 'SELECT group_id | |
| FROM ' . GROUPS_TABLE . " | |
| WHERE group_name = 'NEWLY_REGISTERED' | |
| AND group_type = " . GROUP_SPECIAL; | |
| $result = $db->sql_query($sql); | |
| $add_group_id = (int) $db->sql_fetchfield('group_id'); | |
| $db->sql_freeresult($result); | |
| if ($add_group_id) | |
| { | |
| global $phpbb_log; | |
| // Because these actions only fill the log unnecessarily, we disable it | |
| $phpbb_log->disable('admin'); | |
| // Add user to "newly registered users" group and set to default group if admin specified so. | |
| if ($config['new_member_group_default']) | |
| { | |
| group_user_add($add_group_id, $user_id, false, false, true); | |
| $user_row['group_id'] = $add_group_id; | |
| } | |
| else | |
| { | |
| group_user_add($add_group_id, $user_id); | |
| } | |
| $phpbb_log->enable('admin'); | |
| } | |
| } | |
| // set the newest user and adjust the user count if the user is a normal user and no activation mail is sent | |
| if ($user_row['user_type'] == USER_NORMAL || $user_row['user_type'] == USER_FOUNDER) | |
| { | |
| $config->set('newest_user_id', $user_id, false); | |
| $config->set('newest_username', $user_row['username'], false); | |
| $config->increment('num_users', 1, false); | |
| $sql = 'SELECT group_colour | |
| FROM ' . GROUPS_TABLE . ' | |
| WHERE group_id = ' . (int) $user_row['group_id']; | |
| $result = $db->sql_query_limit($sql, 1); | |
| $row = $db->sql_fetchrow($result); | |
| $db->sql_freeresult($result); | |
| $config->set('newest_user_colour', $row['group_colour'], false); | |
| } | |
| // Use default notifications settings if notifications_data is not set | |
| if ($notifications_data === null) | |
| { | |
| $notifications_data = array( | |
| array( | |
| 'item_type' => 'notification.type.post', | |
| 'method' => 'notification.method.email', | |
| ), | |
| array( | |
| 'item_type' => 'notification.type.topic', | |
| 'method' => 'notification.method.email', | |
| ), | |
| ); | |
| } | |
| /** | |
| * Modify the notifications data to be inserted in the database when a user is added | |
| * | |
| * @event core.user_add_modify_notifications_data | |
| * @var array user_row Array of user details submitted to user_add | |
| * @var array cp_data Array of Custom profile fields submitted to user_add | |
| * @var array sql_ary Array of data to be inserted when a user is added | |
| * @var array notifications_data Array of notification data to be inserted when a user is added | |
| * @since 3.2.2-RC1 | |
| */ | |
| $vars = array('user_row', 'cp_data', 'sql_ary', 'notifications_data'); | |
| extract($phpbb_dispatcher->trigger_event('core.user_add_modify_notifications_data', compact($vars))); | |
| // Subscribe user to notifications if necessary | |
| if (!empty($notifications_data)) | |
| { | |
| /* @var $phpbb_notifications \phpbb\notification\manager */ | |
| $phpbb_notifications = $phpbb_container->get('notification_manager'); | |
| foreach ($notifications_data as $subscription) | |
| { | |
| $phpbb_notifications->add_subscription($subscription['item_type'], 0, $subscription['method'], $user_id); | |
| } | |
| } | |
| /** | |
| * Event that returns user id, user details and user CPF of newly registered user | |
| * | |
| * @event core.user_add_after | |
| * @var int user_id User id of newly registered user | |
| * @var array user_row Array of user details submitted to user_add | |
| * @var array cp_data Array of Custom profile fields submitted to user_add | |
| * @since 3.1.0-b5 | |
| */ | |
| $vars = array('user_id', 'user_row', 'cp_data'); | |
| extract($phpbb_dispatcher->trigger_event('core.user_add_after', compact($vars))); | |
| return $user_id; | |
| } | |
| /** | |
| * Delete user(s) and their related data | |
| * | |
| * @param string $mode Mode of posts deletion (retain|remove) | |
| * @param mixed $user_ids Either an array of integers or an integer | |
| * @param bool $retain_username True if username should be retained, false otherwise | |
| * @return bool | |
| */ | |
| function user_delete($mode, $user_ids, $retain_username = true) | |
| { | |
| global $cache, $config, $db, $user, $phpbb_dispatcher, $phpbb_container; | |
| global $phpbb_root_path, $phpEx; | |
| $db->sql_transaction('begin'); | |
| $user_rows = array(); | |
| if (!is_array($user_ids)) | |
| { | |
| $user_ids = array($user_ids); | |
| } | |
| $user_id_sql = $db->sql_in_set('user_id', $user_ids); | |
| $sql = 'SELECT * | |
| FROM ' . USERS_TABLE . ' | |
| WHERE ' . $user_id_sql; | |
| $result = $db->sql_query($sql); | |
| while ($row = $db->sql_fetchrow($result)) | |
| { | |
| $user_rows[(int) $row['user_id']] = $row; | |
| } | |
| $db->sql_freeresult($result); | |
| if (empty($user_rows)) | |
| { | |
| return false; | |
| } | |
| /** | |
| * Event before of the performing of the user(s) delete action | |
| * | |
| * @event core.delete_user_before | |
| * @var string mode Mode of posts deletion (retain|remove) | |
| * @var array user_ids ID(s) of the user(s) bound to be deleted | |
| * @var bool retain_username True if username should be retained, false otherwise | |
| * @var array user_rows Array containing data of the user(s) bound to be deleted | |
| * @since 3.1.0-a1 | |
| * @changed 3.2.4-RC1 Added user_rows | |
| */ | |
| $vars = array('mode', 'user_ids', 'retain_username', 'user_rows'); | |
| extract($phpbb_dispatcher->trigger_event('core.delete_user_before', compact($vars))); | |
| // Before we begin, we will remove the reports the user issued. | |
| $sql = 'SELECT r.post_id, p.topic_id | |
| FROM ' . REPORTS_TABLE . ' r, ' . POSTS_TABLE . ' p | |
| WHERE ' . $db->sql_in_set('r.user_id', $user_ids) . ' | |
| AND p.post_id = r.post_id'; | |
| $result = $db->sql_query($sql); | |
| $report_posts = $report_topics = array(); | |
| while ($row = $db->sql_fetchrow($result)) | |
| { | |
| $report_posts[] = $row['post_id']; | |
| $report_topics[] = $row['topic_id']; | |
| } | |
| $db->sql_freeresult($result); | |
| if (count($report_posts)) | |
| { | |
| $report_posts = array_unique($report_posts); | |
| $report_topics = array_unique($report_topics); | |
| // Get a list of topics that still contain reported posts | |
| $sql = 'SELECT DISTINCT topic_id | |
| FROM ' . POSTS_TABLE . ' | |
| WHERE ' . $db->sql_in_set('topic_id', $report_topics) . ' | |
| AND post_reported = 1 | |
| AND ' . $db->sql_in_set('post_id', $report_posts, true); | |
| $result = $db->sql_query($sql); | |
| $keep_report_topics = array(); | |
| while ($row = $db->sql_fetchrow($result)) | |
| { | |
| $keep_report_topics[] = $row['topic_id']; | |
| } | |
| $db->sql_freeresult($result); | |
| if (count($keep_report_topics)) | |
| { | |
| $report_topics = array_diff($report_topics, $keep_report_topics); | |
| } | |
| unset($keep_report_topics); | |
| // Now set the flags back | |
| $sql = 'UPDATE ' . POSTS_TABLE . ' | |
| SET post_reported = 0 | |
| WHERE ' . $db->sql_in_set('post_id', $report_posts); | |
| $db->sql_query($sql); | |
| if (count($report_topics)) | |
| { | |
| $sql = 'UPDATE ' . TOPICS_TABLE . ' | |
| SET topic_reported = 0 | |
| WHERE ' . $db->sql_in_set('topic_id', $report_topics); | |
| $db->sql_query($sql); | |
| } | |
| } | |
| // Remove reports | |
| $db->sql_query('DELETE FROM ' . REPORTS_TABLE . ' WHERE ' . $user_id_sql); | |
| $num_users_delta = 0; | |
| // Get auth provider collection in case accounts might need to be unlinked | |
| $provider_collection = $phpbb_container->get('auth.provider_collection'); | |
| // Some things need to be done in the loop (if the query changes based | |
| // on which user is currently being deleted) | |
| $added_guest_posts = 0; | |
| foreach ($user_rows as $user_id => $user_row) | |
| { | |
| if ($user_row['user_avatar'] && $user_row['user_avatar_type'] == 'avatar.driver.upload') | |
| { | |
| avatar_delete('user', $user_row); | |
| } | |
| // Unlink accounts | |
| foreach ($provider_collection as $provider_name => $auth_provider) | |
| { | |
| $provider_data = $auth_provider->get_auth_link_data($user_id); | |
| if ($provider_data !== null) | |
| { | |
| $link_data = array( | |
| 'user_id' => $user_id, | |
| 'link_method' => 'user_delete', | |
| ); | |
| // BLOCK_VARS might contain hidden fields necessary for unlinking accounts | |
| if (isset($provider_data['BLOCK_VARS']) && is_array($provider_data['BLOCK_VARS'])) | |
| { | |
| foreach ($provider_data['BLOCK_VARS'] as $provider_service) | |
| { | |
| if (!array_key_exists('HIDDEN_FIELDS', $provider_service)) | |
| { | |
| $provider_service['HIDDEN_FIELDS'] = array(); | |
| } | |
| $auth_provider->unlink_account(array_merge($link_data, $provider_service['HIDDEN_FIELDS'])); | |
| } | |
| } | |
| else | |
| { | |
| $auth_provider->unlink_account($link_data); | |
| } | |
| } | |
| } | |
| // Decrement number of users if this user is active | |
| if ($user_row['user_type'] != USER_INACTIVE && $user_row['user_type'] != USER_IGNORE) | |
| { | |
| --$num_users_delta; | |
| } | |
| switch ($mode) | |
| { | |
| case 'retain': | |
| if ($retain_username === false) | |
| { | |
| $post_username = $user->lang['GUEST']; | |
| } | |
| else | |
| { | |
| $post_username = $user_row['username']; | |
| } | |
| // If the user is inactive and newly registered | |
| // we assume no posts from the user, and save | |
| // the queries | |
| if ($user_row['user_type'] != USER_INACTIVE || $user_row['user_inactive_reason'] != INACTIVE_REGISTER || $user_row['user_posts']) | |
| { | |
| // When we delete these users and retain the posts, we must assign all the data to the guest user | |
| $sql = 'UPDATE ' . FORUMS_TABLE . ' | |
| SET forum_last_poster_id = ' . ANONYMOUS . ", forum_last_poster_name = '" . $db->sql_escape($post_username) . "', forum_last_poster_colour = '' | |
| WHERE forum_last_poster_id = $user_id"; | |
| $db->sql_query($sql); | |
| $sql = 'UPDATE ' . POSTS_TABLE . ' | |
| SET poster_id = ' . ANONYMOUS . ", post_username = '" . $db->sql_escape($post_username) . "' | |
| WHERE poster_id = $user_id"; | |
| $db->sql_query($sql); | |
| $sql = 'UPDATE ' . TOPICS_TABLE . ' | |
| SET topic_poster = ' . ANONYMOUS . ", topic_first_poster_name = '" . $db->sql_escape($post_username) . "', topic_first_poster_colour = '' | |
| WHERE topic_poster = $user_id"; | |
| $db->sql_query($sql); | |
| $sql = 'UPDATE ' . TOPICS_TABLE . ' | |
| SET topic_last_poster_id = ' . ANONYMOUS . ", topic_last_poster_name = '" . $db->sql_escape($post_username) . "', topic_last_poster_colour = '' | |
| WHERE topic_last_poster_id = $user_id"; | |
| $db->sql_query($sql); | |
| // Since we change every post by this author, we need to count this amount towards the anonymous user | |
| if ($user_row['user_posts']) | |
| { | |
| $added_guest_posts += $user_row['user_posts']; | |
| } | |
| } | |
| break; | |
| case 'remove': | |
| // there is nothing variant specific to deleting posts | |
| break; | |
| } | |
| } | |
| if ($num_users_delta != 0) | |
| { | |
| $config->increment('num_users', $num_users_delta, false); | |
| } | |
| // Now do the invariant tasks | |
| // all queries performed in one call of this function are in a single transaction | |
| // so this is kosher | |
| if ($mode == 'retain') | |
| { | |
| // Assign more data to the Anonymous user | |
| $sql = 'UPDATE ' . ATTACHMENTS_TABLE . ' | |
| SET poster_id = ' . ANONYMOUS . ' | |
| WHERE ' . $db->sql_in_set('poster_id', $user_ids); | |
| $db->sql_query($sql); | |
| $sql = 'UPDATE ' . USERS_TABLE . ' | |
| SET user_posts = user_posts + ' . $added_guest_posts . ' | |
| WHERE user_id = ' . ANONYMOUS; | |
| $db->sql_query($sql); | |
| } | |
| else if ($mode == 'remove') | |
| { | |
| if (!function_exists('delete_posts')) | |
| { | |
| include($phpbb_root_path . 'includes/functions_admin.' . $phpEx); | |
| } | |
| // Delete posts, attachments, etc. | |
| // delete_posts can handle any number of IDs in its second argument | |
| delete_posts('poster_id', $user_ids); | |
| } | |
| $table_ary = [ | |
| USERS_TABLE, | |
| USER_GROUP_TABLE, | |
| TOPICS_WATCH_TABLE, | |
| FORUMS_WATCH_TABLE, | |
| ACL_USERS_TABLE, | |
| TOPICS_TRACK_TABLE, | |
| TOPICS_POSTED_TABLE, | |
| FORUMS_TRACK_TABLE, | |
| PROFILE_FIELDS_DATA_TABLE, | |
| MODERATOR_CACHE_TABLE, | |
| DRAFTS_TABLE, | |
| BOOKMARKS_TABLE, | |
| SESSIONS_KEYS_TABLE, | |
| PRIVMSGS_FOLDER_TABLE, | |
| PRIVMSGS_RULES_TABLE, | |
| $phpbb_container->getParameter('tables.auth_provider_oauth_token_storage'), | |
| $phpbb_container->getParameter('tables.auth_provider_oauth_states'), | |
| $phpbb_container->getParameter('tables.auth_provider_oauth_account_assoc'), | |
| $phpbb_container->getParameter('tables.user_notifications') | |
| ]; | |
| // Ignore errors on deleting from non-existent tables, e.g. when migrating | |
| $db->sql_return_on_error(true); | |
| // Delete the miscellaneous (non-post) data for the user | |
| foreach ($table_ary as $table) | |
| { | |
| $sql = "DELETE FROM $table | |
| WHERE " . $user_id_sql; | |
| $db->sql_query($sql); | |
| } | |
| $db->sql_return_on_error(); | |
| $cache->destroy('sql', MODERATOR_CACHE_TABLE); | |
| // Change user_id to anonymous for posts edited by this user | |
| $sql = 'UPDATE ' . POSTS_TABLE . ' | |
| SET post_edit_user = ' . ANONYMOUS . ' | |
| WHERE ' . $db->sql_in_set('post_edit_user', $user_ids); | |
| $db->sql_query($sql); | |
| // Change user_id to anonymous for pms edited by this user | |
| $sql = 'UPDATE ' . PRIVMSGS_TABLE . ' | |
| SET message_edit_user = ' . ANONYMOUS . ' | |
| WHERE ' . $db->sql_in_set('message_edit_user', $user_ids); | |
| $db->sql_query($sql); | |
| // Change user_id to anonymous for posts deleted by this user | |
| $sql = 'UPDATE ' . POSTS_TABLE . ' | |
| SET post_delete_user = ' . ANONYMOUS . ' | |
| WHERE ' . $db->sql_in_set('post_delete_user', $user_ids); | |
| $db->sql_query($sql); | |
| // Change user_id to anonymous for topics deleted by this user | |
| $sql = 'UPDATE ' . TOPICS_TABLE . ' | |
| SET topic_delete_user = ' . ANONYMOUS . ' | |
| WHERE ' . $db->sql_in_set('topic_delete_user', $user_ids); | |
| $db->sql_query($sql); | |
| // Delete user log entries about this user | |
| $sql = 'DELETE FROM ' . LOG_TABLE . ' | |
| WHERE ' . $db->sql_in_set('reportee_id', $user_ids); | |
| $db->sql_query($sql); | |
| // Change user_id to anonymous for this users triggered events | |
| $sql = 'UPDATE ' . LOG_TABLE . ' | |
| SET user_id = ' . ANONYMOUS . ' | |
| WHERE ' . $user_id_sql; | |
| $db->sql_query($sql); | |
| // Delete the user_id from the zebra table | |
| $sql = 'DELETE FROM ' . ZEBRA_TABLE . ' | |
| WHERE ' . $user_id_sql . ' | |
| OR ' . $db->sql_in_set('zebra_id', $user_ids); | |
| $db->sql_query($sql); | |
| // Delete the user_id from the banlist | |
| $sql = 'DELETE FROM ' . BANLIST_TABLE . ' | |
| WHERE ' . $db->sql_in_set('ban_userid', $user_ids); | |
| $db->sql_query($sql); | |
| // Delete the user_id from the session table | |
| $sql = 'DELETE FROM ' . SESSIONS_TABLE . ' | |
| WHERE ' . $db->sql_in_set('session_user_id', $user_ids); | |
| $db->sql_query($sql); | |
| // Clean the private messages tables from the user | |
| if (!function_exists('phpbb_delete_users_pms')) | |
| { | |
| include($phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx); | |
| } | |
| phpbb_delete_users_pms($user_ids); | |
| $phpbb_notifications = $phpbb_container->get('notification_manager'); | |
| $phpbb_notifications->delete_notifications('notification.type.admin_activate_user', $user_ids); | |
| $db->sql_transaction('commit'); | |
| /** | |
| * Event after the user(s) delete action has been performed | |
| * | |
| * @event core.delete_user_after | |
| * @var string mode Mode of posts deletion (retain|remove) | |
| * @var array user_ids ID(s) of the deleted user(s) | |
| * @var bool retain_username True if username should be retained, false otherwise | |
| * @var array user_rows Array containing data of the deleted user(s) | |
| * @since 3.1.0-a1 | |
| * @changed 3.2.2-RC1 Added user_rows | |
| */ | |
| $vars = array('mode', 'user_ids', 'retain_username', 'user_rows'); | |
| extract($phpbb_dispatcher->trigger_event('core.delete_user_after', compact($vars))); | |
| // Reset newest user info if appropriate | |
| if (in_array($config['newest_user_id'], $user_ids)) | |
| { | |
| update_last_username(); | |
| } | |
| return false; | |
| } | |
| /** | |
| * Flips user_type from active to inactive and vice versa, handles group membership updates | |
| * | |
| * @param string $mode can be flip for flipping from active/inactive, activate or deactivate | |
| * @param array $user_id_ary | |
| * @param int $reason | |
| */ | |
| function user_active_flip($mode, $user_id_ary, $reason = INACTIVE_MANUAL) | |
| { | |
| global $config, $db, $user, $auth, $phpbb_dispatcher; | |
| $deactivated = $activated = 0; | |
| $sql_statements = array(); | |
| if (!is_array($user_id_ary)) | |
| { | |
| $user_id_ary = array($user_id_ary); | |
| } | |
| if (!count($user_id_ary)) | |
| { | |
| return; | |
| } | |
| $sql = 'SELECT user_id, group_id, user_type, user_inactive_reason | |
| FROM ' . USERS_TABLE . ' | |
| WHERE ' . $db->sql_in_set('user_id', $user_id_ary); | |
| $result = $db->sql_query($sql); | |
| while ($row = $db->sql_fetchrow($result)) | |
| { | |
| $sql_ary = array(); | |
| if ($row['user_type'] == USER_IGNORE || $row['user_type'] == USER_FOUNDER || | |
| ($mode == 'activate' && $row['user_type'] != USER_INACTIVE) || | |
| ($mode == 'deactivate' && $row['user_type'] == USER_INACTIVE)) | |
| { | |
| continue; | |
| } | |
| if ($row['user_type'] == USER_INACTIVE) | |
| { | |
| $activated++; | |
| } | |
| else | |
| { | |
| $deactivated++; | |
| // Remove the users session key... | |
| $user->reset_login_keys($row['user_id']); | |
| } | |
| $sql_ary += array( | |
| 'user_type' => ($row['user_type'] == USER_NORMAL) ? USER_INACTIVE : USER_NORMAL, | |
| 'user_inactive_time' => ($row['user_type'] == USER_NORMAL) ? time() : 0, | |
| 'user_inactive_reason' => ($row['user_type'] == USER_NORMAL) ? $reason : 0, | |
| ); | |
| $sql_statements[$row['user_id']] = $sql_ary; | |
| } | |
| $db->sql_freeresult($result); | |
| /** | |
| * Check or modify activated/deactivated users data before submitting it to the database | |
| * | |
| * @event core.user_active_flip_before | |
| * @var string mode User type changing mode, can be: flip|activate|deactivate | |
| * @var int reason Reason for changing user type, can be: INACTIVE_REGISTER|INACTIVE_PROFILE|INACTIVE_MANUAL|INACTIVE_REMIND | |
| * @var int activated The number of users to be activated | |
| * @var int deactivated The number of users to be deactivated | |
| * @var array user_id_ary Array with user ids to change user type | |
| * @var array sql_statements Array with users data to submit to the database, keys: user ids, values: arrays with user data | |
| * @since 3.1.4-RC1 | |
| */ | |
| $vars = array('mode', 'reason', 'activated', 'deactivated', 'user_id_ary', 'sql_statements'); | |
| extract($phpbb_dispatcher->trigger_event('core.user_active_flip_before', compact($vars))); | |
| if (count($sql_statements)) | |
| { | |
| foreach ($sql_statements as $user_id => $sql_ary) | |
| { | |
| $sql = 'UPDATE ' . USERS_TABLE . ' | |
| SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' | |
| WHERE user_id = ' . $user_id; | |
| $db->sql_query($sql); | |
| } | |
| $auth->acl_clear_prefetch(array_keys($sql_statements)); | |
| } | |
| /** | |
| * Perform additional actions after the users have been activated/deactivated | |
| * | |
| * @event core.user_active_flip_after | |
| * @var string mode User type changing mode, can be: flip|activate|deactivate | |
| * @var int reason Reason for changing user type, can be: INACTIVE_REGISTER|INACTIVE_PROFILE|INACTIVE_MANUAL|INACTIVE_REMIND | |
| * @var int activated The number of users to be activated | |
| * @var int deactivated The number of users to be deactivated | |
| * @var array user_id_ary Array with user ids to change user type | |
| * @var array sql_statements Array with users data to submit to the database, keys: user ids, values: arrays with user data | |
| * @since 3.1.4-RC1 | |
| */ | |
| $vars = array('mode', 'reason', 'activated', 'deactivated', 'user_id_ary', 'sql_statements'); | |
| extract($phpbb_dispatcher->trigger_event('core.user_active_flip_after', compact($vars))); | |
| if ($deactivated) | |
| { | |
| $config->increment('num_users', $deactivated * (-1), false); | |
| } | |
| if ($activated) | |
| { | |
| $config->increment('num_users', $activated, false); | |
| } | |
| // Update latest username | |
| update_last_username(); | |
| } | |
| /** | |
| * Add a ban or ban exclusion to the banlist. Bans either a user, an IP or an email address | |
| * | |
| * @param string $mode Type of ban. One of the following: user, ip, email | |
| * @param mixed $ban Banned entity. Either string or array with usernames, ips or email addresses | |
| * @param int $ban_len Ban length in minutes | |
| * @param string $ban_len_other Ban length as a date (YYYY-MM-DD) | |
| * @param boolean $ban_exclude Exclude these entities from banning? | |
| * @param string $ban_reason String describing the reason for this ban | |
| * @param string $ban_give_reason | |
| * @return boolean | |
| */ | |
| function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reason, $ban_give_reason = '') | |
| { | |
| global $db, $user, $cache, $phpbb_log; | |
| // Delete stale bans | |
| $sql = 'DELETE FROM ' . BANLIST_TABLE . ' | |
| WHERE ban_end < ' . time() . ' | |
| AND ban_end <> 0'; | |
| $db->sql_query($sql); | |
| $ban_list = (!is_array($ban)) ? array_unique(explode("\n", $ban)) : $ban; | |
| $ban_list_log = implode(', ', $ban_list); | |
| $current_time = time(); | |
| // Set $ban_end to the unix time when the ban should end. 0 is a permanent ban. | |
| if ($ban_len) | |
| { | |
| if ($ban_len != -1 || !$ban_len_other) | |
| { | |
| $ban_end = max($current_time, $current_time + ($ban_len) * 60); | |
| } | |
| else | |
| { | |
| $ban_other = explode('-', $ban_len_other); | |
| if (count($ban_other) == 3 && ((int) $ban_other[0] < 9999) && | |
| (strlen($ban_other[0]) == 4) && (strlen($ban_other[1]) == 2) && (strlen($ban_other[2]) == 2)) | |
| { | |
| $ban_end = max($current_time, $user->create_datetime() | |
| ->setDate((int) $ban_other[0], (int) $ban_other[1], (int) $ban_other[2]) | |
| ->setTime(0, 0, 0) | |
| ->getTimestamp() + $user->timezone->getOffset(new DateTime('UTC'))); | |
| } | |
| else | |
| { | |
| trigger_error('LENGTH_BAN_INVALID', E_USER_WARNING); | |
| } | |
| } | |
| } | |
| else | |
| { | |
| $ban_end = 0; | |
| } | |
| $founder = $founder_names = array(); | |
| if (!$ban_exclude) | |
| { | |
| // Create a list of founder... | |
| $sql = 'SELECT user_id, user_email, username_clean | |
| FROM ' . USERS_TABLE . ' | |
| WHERE user_type = ' . USER_FOUNDER; | |
| $result = $db->sql_query($sql); | |
| while ($row = $db->sql_fetchrow($result)) | |
| { | |
| $founder[$row['user_id']] = $row['user_email']; | |
| $founder_names[$row['user_id']] = $row['username_clean']; | |
| } | |
| $db->sql_freeresult($result); | |
| } | |
| $banlist_ary = array(); | |
| switch ($mode) | |
| { | |
| case 'user': | |
| $type = 'ban_userid'; | |
| // At the moment we do not support wildcard username banning | |
| // Select the relevant user_ids. | |
| $sql_usernames = array(); | |
| foreach ($ban_list as $username) | |
| { | |
| $username = trim($username); | |
| if ($username != '') | |
| { | |
| $clean_name = utf8_clean_string($username); | |
| if ($clean_name == $user->data['username_clean']) | |
| { | |
| trigger_error('CANNOT_BAN_YOURSELF', E_USER_WARNING); | |
| } | |
| if (in_array($clean_name, $founder_names)) | |
| { | |
| trigger_error('CANNOT_BAN_FOUNDER', E_USER_WARNING); | |
| } | |
| $sql_usernames[] = $clean_name; | |
| } | |
| } | |
| // Make sure we have been given someone to ban | |
| if (!count($sql_usernames)) | |
| { | |
| trigger_error('NO_USER_SPECIFIED', E_USER_WARNING); | |
| } | |
| $sql = 'SELECT user_id | |
| FROM ' . USERS_TABLE . ' | |
| WHERE ' . $db->sql_in_set('username_clean', $sql_usernames); | |
| // Do not allow banning yourself, the guest account, or founders. | |
| $non_bannable = array($user->data['user_id'], ANONYMOUS); | |
| if (count($founder)) | |
| { | |
| $sql .= ' AND ' . $db->sql_in_set('user_id', array_merge(array_keys($founder), $non_bannable), true); | |
| } | |
| else | |
| { | |
| $sql .= ' AND ' . $db->sql_in_set('user_id', $non_bannable, true); | |
| } | |
| $result = $db->sql_query($sql); | |
| if ($row = $db->sql_fetchrow($result)) | |
| { | |
| do | |
| { | |
| $banlist_ary[] = (int) $row['user_id']; | |
| } | |
| while ($row = $db->sql_fetchrow($result)); | |
| $db->sql_freeresult($result); | |
| } | |
| else | |
| { | |
| $db->sql_freeresult($result); | |
| trigger_error('NO_USERS', E_USER_WARNING); | |
| } | |
| break; | |
| case 'ip': | |
| $type = 'ban_ip'; | |
| foreach ($ban_list as $ban_item) | |
| { | |
| if (preg_match('#^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})[ ]*\-[ ]*([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$#', trim($ban_item), $ip_range_explode)) | |
| { | |
| // This is an IP range | |
| // Don't ask about all this, just don't ask ... ! | |
| $ip_1_counter = $ip_range_explode[1]; | |
| $ip_1_end = $ip_range_explode[5]; | |
| while ($ip_1_counter <= $ip_1_end) | |
| { | |
| $ip_2_counter = ($ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[2] : 0; | |
| $ip_2_end = ($ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[6]; | |
| if ($ip_2_counter == 0 && $ip_2_end == 254) | |
| { | |
| $ip_2_counter = 256; | |
| $banlist_ary[] = "$ip_1_counter.*"; | |
| } | |
| while ($ip_2_counter <= $ip_2_end) | |
| { | |
| $ip_3_counter = ($ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[3] : 0; | |
| $ip_3_end = ($ip_2_counter < $ip_2_end || $ip_1_counter < $ip_1_end) ? 254 : $ip_range_explode[7]; | |
| if ($ip_3_counter == 0 && $ip_3_end == 254) | |
| { | |
| $ip_3_counter = 256; | |
| $banlist_ary[] = "$ip_1_counter.$ip_2_counter.*"; | |
| } | |
| while ($ip_3_counter <= $ip_3_end) | |
| { | |
| $ip_4_counter = ($ip_3_counter == $ip_range_explode[3] && $ip_2_counter == $ip_range_explode[2] && $ip_1_counter == $ip_range_explode[1]) ? $ip_range_explode[4] : 0; | |
| $ip_4_end = ($ip_3_counter < $ip_3_end || $ip_2_counter < $ip_2_end) ? 254 : $ip_range_explode[8]; | |
| if ($ip_4_counter == 0 && $ip_4_end == 254) | |
| { | |
| $ip_4_counter = 256; | |
| $banlist_ary[] = "$ip_1_counter.$ip_2_counter.$ip_3_counter.*"; | |
| } | |
| while ($ip_4_counter <= $ip_4_end) | |
| { | |
| $banlist_ary[] = "$ip_1_counter.$ip_2_counter.$ip_3_counter.$ip_4_counter"; | |
| $ip_4_counter++; | |
| } | |
| $ip_3_counter++; | |
| } | |
| $ip_2_counter++; | |
| } | |
| $ip_1_counter++; | |
| } | |
| } | |
| else if (preg_match('#^([0-9]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})\.([0-9\*]{1,3})$#', trim($ban_item)) || preg_match('#^[a-f0-9:]+\*?$#i', trim($ban_item))) | |
| { | |
| // Normal IP address | |
| $banlist_ary[] = trim($ban_item); | |
| } | |
| else if (preg_match('#^\*$#', trim($ban_item))) | |
| { | |
| // Ban all IPs | |
| $banlist_ary[] = '*'; | |
| } | |
| else if (preg_match('#^([\w\-_]\.?){2,}$#is', trim($ban_item))) | |
| { | |
| // hostname | |
| $ip_ary = gethostbynamel(trim($ban_item)); | |
| if (!empty($ip_ary)) | |
| { | |
| foreach ($ip_ary as $ip) | |
| { | |
| if ($ip) | |
| { | |
| if (strlen($ip) > 40) | |
| { | |
| continue; | |
| } | |
| $banlist_ary[] = $ip; | |
| } | |
| } | |
| } | |
| } | |
| if (empty($banlist_ary)) | |
| { | |
| trigger_error('NO_IPS_DEFINED', E_USER_WARNING); | |
| } | |
| } | |
| break; | |
| case 'email': | |
| $type = 'ban_email'; | |
| foreach ($ban_list as $ban_item) | |
| { | |
| $ban_item = trim($ban_item); | |
| if (preg_match('#^.*?@*|(([a-z0-9\-]+\.)+([a-z]{2,3}))$#i', $ban_item)) | |
| { | |
| if (strlen($ban_item) > 100) | |
| { | |
| continue; | |
| } | |
| if (!count($founder) || !in_array($ban_item, $founder)) | |
| { | |
| $banlist_ary[] = $ban_item; | |
| } | |
| } | |
| } | |
| if (count($ban_list) == 0) | |
| { | |
| trigger_error('NO_EMAILS_DEFINED', E_USER_WARNING); | |
| } | |
| break; | |
| default: | |
| trigger_error('NO_MODE', E_USER_WARNING); | |
| break; | |
| } | |
| // Fetch currently set bans of the specified type and exclude state. Prevent duplicate bans. | |
| $sql_where = ($type == 'ban_userid') ? 'ban_userid <> 0' : "$type <> ''"; | |
| $sql = "SELECT $type | |
| FROM " . BANLIST_TABLE . " | |
| WHERE $sql_where | |
| AND ban_exclude = " . (int) $ban_exclude; | |
| $result = $db->sql_query($sql); | |
| // Reset $sql_where, because we use it later... | |
| $sql_where = ''; | |
| if ($row = $db->sql_fetchrow($result)) | |
| { | |
| $banlist_ary_tmp = array(); | |
| do | |
| { | |
| switch ($mode) | |
| { | |
| case 'user': | |
| $banlist_ary_tmp[] = $row['ban_userid']; | |
| break; | |
| case 'ip': | |
| $banlist_ary_tmp[] = $row['ban_ip']; | |
| break; | |
| case 'email': | |
| $banlist_ary_tmp[] = $row['ban_email']; | |
| break; | |
| } | |
| } | |
| while ($row = $db->sql_fetchrow($result)); | |
| $banlist_ary_tmp = array_intersect($banlist_ary, $banlist_ary_tmp); | |
| if (count($banlist_ary_tmp)) | |
| { | |
| // One or more entities are already banned/excluded, delete the existing bans, so they can be re-inserted with the given new length | |
| $sql = 'DELETE FROM ' . BANLIST_TABLE . ' | |
| WHERE ' . $db->sql_in_set($type, $banlist_ary_tmp) . ' | |
| AND ban_exclude = ' . (int) $ban_exclude; | |
| $db->sql_query($sql); | |
| } | |
| unset($banlist_ary_tmp); | |
| } | |
| $db->sql_freeresult($result); | |
| // We have some entities to ban | |
| if (count($banlist_ary)) | |
| { | |
| $sql_ary = array(); | |
| foreach ($banlist_ary as $ban_entry) | |
| { | |
| $sql_ary[] = array( | |
| $type => $ban_entry, | |
| 'ban_start' => (int) $current_time, | |
| 'ban_end' => (int) $ban_end, | |
| 'ban_exclude' => (int) $ban_exclude, | |
| 'ban_reason' => (string) $ban_reason, | |
| 'ban_give_reason' => (string) $ban_give_reason, | |
| ); | |
| } | |
| $db->sql_multi_insert(BANLIST_TABLE, $sql_ary); | |
| // If we are banning we want to logout anyone matching the ban | |
| if (!$ban_exclude) | |
| { | |
| switch ($mode) | |
| { | |
| case 'user': | |
| $sql_where = 'WHERE ' . $db->sql_in_set('session_user_id', $banlist_ary); | |
| break; | |
| case 'ip': | |
| $sql_where = 'WHERE ' . $db->sql_in_set('session_ip', $banlist_ary); | |
| break; | |
| case 'email': | |
| $banlist_ary_sql = array(); | |
| foreach ($banlist_ary as $ban_entry) | |
| { | |
| $banlist_ary_sql[] = (string) str_replace('*', '%', $ban_entry); | |
| } | |
| $sql = 'SELECT user_id | |
| FROM ' . USERS_TABLE . ' | |
| WHERE ' . $db->sql_in_set('user_email', $banlist_ary_sql); | |
| $result = $db->sql_query($sql); | |
| $sql_in = array(); | |
| if ($row = $db->sql_fetchrow($result)) | |
| { | |
| do | |
| { | |
| $sql_in[] = $row['user_id']; | |
| } | |
| while ($row = $db->sql_fetchrow($result)); | |
| $sql_where = 'WHERE ' . $db->sql_in_set('session_user_id', $sql_in); | |
| } | |
| $db->sql_freeresult($result); | |
| break; | |
| } | |
| if (isset($sql_where) && $sql_where) | |
| { | |
| $sql = 'DELETE FROM ' . SESSIONS_TABLE . " | |
| $sql_where"; | |
| $db->sql_query($sql); | |
| if ($mode == 'user') | |
| { | |
| $sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' ' . ((in_array('*', $banlist_ary)) ? '' : 'WHERE ' . $db->sql_in_set('user_id', $banlist_ary)); | |
| $db->sql_query($sql); | |
| } | |
| } | |
| } | |
| // Update log | |
| $log_entry = ($ban_exclude) ? 'LOG_BAN_EXCLUDE_' : 'LOG_BAN_'; | |
| // Add to admin log, moderator log and user notes | |
| $phpbb_log->add('admin', $user->data['user_id'], $user->ip, $log_entry . strtoupper($mode), false, array($ban_reason, $ban_list_log)); | |
| $phpbb_log->add('mod', $user->data['user_id'], $user->ip, $log_entry . strtoupper($mode), false, array( | |
| 'forum_id' => 0, | |
| 'topic_id' => 0, | |
| $ban_reason, | |
| $ban_list_log | |
| )); | |
| if ($mode == 'user') | |
| { | |
| foreach ($banlist_ary as $user_id) | |
| { | |
| $phpbb_log->add('user', $user->data['user_id'], $user->ip, $log_entry . strtoupper($mode), false, array( | |
| 'reportee_id' => $user_id, | |
| $ban_reason, | |
| $ban_list_log | |
| )); | |
| } | |
| } | |
| $cache->destroy('sql', BANLIST_TABLE); | |
| return true; | |
| } | |
| // There was nothing to ban/exclude. But destroying the cache because of the removal of stale bans. | |
| $cache->destroy('sql', BANLIST_TABLE); | |
| return false; | |
| } | |
| /** | |
| * Unban User | |
| */ | |
| function user_unban($mode, $ban) | |
| { | |
| global $db, $user, $cache, $phpbb_log, $phpbb_dispatcher; | |
| // Delete stale bans | |
| $sql = 'DELETE FROM ' . BANLIST_TABLE . ' | |
| WHERE ban_end < ' . time() . ' | |
| AND ban_end <> 0'; | |
| $db->sql_query($sql); | |
| if (!is_array($ban)) | |
| { | |
| $ban = array($ban); | |
| } | |
| $unban_sql = array_map('intval', $ban); | |
| if (count($unban_sql)) | |
| { | |
| // Grab details of bans for logging information later | |
| switch ($mode) | |
| { | |
| case 'user': | |
| $sql = 'SELECT u.username AS unban_info, u.user_id | |
| FROM ' . USERS_TABLE . ' u, ' . BANLIST_TABLE . ' b | |
| WHERE ' . $db->sql_in_set('b.ban_id', $unban_sql) . ' | |
| AND u.user_id = b.ban_userid'; | |
| break; | |
| case 'email': | |
| $sql = 'SELECT ban_email AS unban_info | |
| FROM ' . BANLIST_TABLE . ' | |
| WHERE ' . $db->sql_in_set('ban_id', $unban_sql); | |
| break; | |
| case 'ip': | |
| $sql = 'SELECT ban_ip AS unban_info | |
| FROM ' . BANLIST_TABLE . ' | |
| WHERE ' . $db->sql_in_set('ban_id', $unban_sql); | |
| break; | |
| } | |
| $result = $db->sql_query($sql); | |
| $l_unban_list = ''; | |
| $user_ids_ary = array(); | |
| while ($row = $db->sql_fetchrow($result)) | |
| { | |
| $l_unban_list .= (($l_unban_list != '') ? ', ' : '') . $row['unban_info']; | |
| if ($mode == 'user') | |
| { | |
| $user_ids_ary[] = $row['user_id']; | |
| } | |
| } | |
| $db->sql_freeresult($result); | |
| $sql = 'DELETE FROM ' . BANLIST_TABLE . ' | |
| WHERE ' . $db->sql_in_set('ban_id', $unban_sql); | |
| $db->sql_query($sql); | |
| // Add to moderator log, admin log and user notes | |
| $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_UNBAN_' . strtoupper($mode), false, array($l_unban_list)); | |
| $phpbb_log->add('mod', $user->data['user_id'], $user->ip, 'LOG_UNBAN_' . strtoupper($mode), false, array( | |
| 'forum_id' => 0, | |
| 'topic_id' => 0, | |
| $l_unban_list | |
| )); | |
| if ($mode == 'user') | |
| { | |
| foreach ($user_ids_ary as $user_id) | |
| { | |
| $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_UNBAN_' . strtoupper($mode), false, array( | |
| 'reportee_id' => $user_id, | |
| $l_unban_list | |
| )); | |
| } | |
| } | |
| /** | |
| * Use this event to perform actions after the unban has been performed | |
| * | |
| * @event core.user_unban | |
| * @var string mode One of the following: user, ip, email | |
| * @var array user_ids_ary Array with user_ids | |
| * @since 3.1.11-RC1 | |
| */ | |
| $vars = array( | |
| 'mode', | |
| 'user_ids_ary', | |
| ); | |
| extract($phpbb_dispatcher->trigger_event('core.user_unban', compact($vars))); | |
| } | |
| $cache->destroy('sql', BANLIST_TABLE); | |
| return false; | |
| } | |
| /** | |
| * Internet Protocol Address Whois | |
| * RFC3912: WHOIS Protocol Specification | |
| * | |
| * @param string $ip Ip address, either IPv4 or IPv6. | |
| * | |
| * @return string Empty string if not a valid ip address. | |
| * Otherwise make_clickable()'ed whois result. | |
| */ | |
| function user_ipwhois($ip) | |
| { | |
| if (!filter_var($ip, FILTER_VALIDATE_IP)) | |
| { | |
| return ''; | |
| } | |
| // IPv4 & IPv6 addresses | |
| $whois_host = 'whois.arin.net.'; | |
| $ipwhois = ''; | |
| if (($fsk = @fsockopen($whois_host, 43))) | |
| { | |
| // CRLF as per RFC3912 | |
| // Z to limit the query to all possible flags (whois.arin.net) | |
| fputs($fsk, "z $ip\r\n"); | |
| while (!feof($fsk)) | |
| { | |
| $ipwhois .= fgets($fsk, 1024); | |
| } | |
| @fclose($fsk); | |
| } | |
| $match = array(); | |
| // Test for referrals from $whois_host to other whois databases, roll on rwhois | |
| if (preg_match('#ReferralServer:[\x20]*whois://(.+)#im', $ipwhois, $match)) | |
| { | |
| if (strpos($match[1], ':') !== false) | |
| { | |
| $pos = strrpos($match[1], ':'); | |
| $server = substr($match[1], 0, $pos); | |
| $port = (int) substr($match[1], $pos + 1); | |
| unset($pos); | |
| } | |
| else | |
| { | |
| $server = $match[1]; | |
| $port = 43; | |
| } | |
| $buffer = ''; | |
| if (($fsk = @fsockopen($server, $port))) | |
| { | |
| fputs($fsk, "$ip\r\n"); | |
| while (!feof($fsk)) | |
| { | |
| $buffer .= fgets($fsk, 1024); | |
| } | |
| @fclose($fsk); | |
| } | |
| // Use the result from $whois_host if we don't get any result here | |
| $ipwhois = (empty($buffer)) ? $ipwhois : $buffer; | |
| } | |
| $ipwhois = htmlspecialchars($ipwhois, ENT_COMPAT); | |
| // Magic URL ;) | |
| return trim(make_clickable($ipwhois, false, '')); | |
| } | |
| /** | |
| * Data validation ... used primarily but not exclusively by ucp modules | |
| * | |
| * "Master" function for validating a range of data types | |
| */ | |
| function validate_data($data, $val_ary) | |
| { | |
| global $user; | |
| $error = array(); | |
| foreach ($val_ary as $var => $val_seq) | |
| { | |
| if (!is_array($val_seq[0])) | |
| { | |
| $val_seq = array($val_seq); | |
| } | |
| foreach ($val_seq as $validate) | |
| { | |
| $function = array_shift($validate); | |
| array_unshift($validate, $data[$var]); | |
| if (is_array($function)) | |
| { | |
| $result = call_user_func_array(array($function[0], 'validate_' . $function[1]), $validate); | |
| } | |
| else | |
| { | |
| $function_prefix = (function_exists('phpbb_validate_' . $function)) ? 'phpbb_validate_' : 'validate_'; | |
| $result = call_user_func_array($function_prefix . $function, $validate); | |
| } | |
| if ($result) | |
| { | |
| // Since errors are checked later for their language file existence, we need to make sure custom errors are not adjusted. | |
| $error[] = (empty($user->lang[$result . '_' . strtoupper($var)])) ? $result : $result . '_' . strtoupper($var); | |
| } | |
| } | |
| } | |
| return $error; | |
| } | |
| /** | |
| * Validate String | |
| * | |
| * @return boolean|string Either false if validation succeeded or a string which will be used as the error message (with the variable name appended) | |
| */ | |
| function validate_string($string, $optional = false, $min = 0, $max = 0) | |
| { | |
| if (empty($string) && $optional) | |
| { | |
| return false; | |
| } | |
| if ($min && utf8_strlen(html_entity_decode($string, ENT_COMPAT)) < $min) | |
| { | |
| return 'TOO_SHORT'; | |
| } | |
| else if ($max && utf8_strlen(html_entity_decode($string, ENT_COMPAT)) > $max) | |
| { | |
| return 'TOO_LONG'; | |
| } | |
| return false; | |
| } | |
| /** | |
| * Validate Number | |
| * | |
| * @return boolean|string Either false if validation succeeded or a string which will be used as the error message (with the variable name appended) | |
| */ | |
| function validate_num($num, $optional = false, $min = 0, $max = 1E99) | |
| { | |
| if (empty($num) && $optional) | |
| { | |
| return false; | |
| } | |
| if ($num < $min) | |
| { | |
| return 'TOO_SMALL'; | |
| } | |
| else if ($num > $max) | |
| { | |
| return 'TOO_LARGE'; | |
| } | |
| return false; | |
| } | |
| /** | |
| * Validate Date | |
| * @param string $date_string a date in the dd-mm-yyyy format | |
| * @param bool $optional | |
| * @return boolean | |
| */ | |
| function validate_date($date_string, $optional = false) | |
| { | |
| $date = explode('-', $date_string); | |
| if ((empty($date) || count($date) != 3) && $optional) | |
| { | |
| return false; | |
| } | |
| else if ($optional) | |
| { | |
| for ($field = 0; $field <= 1; $field++) | |
| { | |
| $date[$field] = (int) $date[$field]; | |
| if (empty($date[$field])) | |
| { | |
| $date[$field] = 1; | |
| } | |
| } | |
| $date[2] = (int) $date[2]; | |
| // assume an arbitrary leap year | |
| if (empty($date[2])) | |
| { | |
| $date[2] = 1980; | |
| } | |
| } | |
| if (count($date) != 3 || !checkdate($date[1], $date[0], $date[2])) | |
| { | |
| return 'INVALID'; | |
| } | |
| return false; | |
| } | |
| /** | |
| * Validate Match | |
| * | |
| * @return boolean|string Either false if validation succeeded or a string which will be used as the error message (with the variable name appended) | |
| */ | |
| function validate_match($string, $optional = false, $match = '') | |
| { | |
| if (empty($string) && $optional) | |
| { | |
| return false; | |
| } | |
| if (empty($match)) | |
| { | |
| return false; | |
| } | |
| if (!preg_match($match, $string)) | |
| { | |
| return 'WRONG_DATA'; | |
| } | |
| return false; | |
| } | |
| /** | |
| * Validate Language Pack ISO Name | |
| * | |
| * Tests whether a language name is valid and installed | |
| * | |
| * @param string $lang_iso The language string to test | |
| * | |
| * @return bool|string Either false if validation succeeded or | |
| * a string which will be used as the error message | |
| * (with the variable name appended) | |
| */ | |
| function validate_language_iso_name($lang_iso) | |
| { | |
| global $db; | |
| $sql = 'SELECT lang_id | |
| FROM ' . LANG_TABLE . " | |
| WHERE lang_iso = '" . $db->sql_escape($lang_iso) . "'"; | |
| $result = $db->sql_query($sql); | |
| $lang_id = (int) $db->sql_fetchfield('lang_id'); | |
| $db->sql_freeresult($result); | |
| return ($lang_id) ? false : 'WRONG_DATA'; | |
| } | |
| /** | |
| * Validate Timezone Name | |
| * | |
| * Tests whether a timezone name is valid | |
| * | |
| * @param string $timezone The timezone string to test | |
| * | |
| * @return bool|string Either false if validation succeeded or | |
| * a string which will be used as the error message | |
| * (with the variable name appended) | |
| */ | |
| function phpbb_validate_timezone($timezone) | |
| { | |
| return (in_array($timezone, phpbb_get_timezone_identifiers($timezone))) ? false : 'TIMEZONE_INVALID'; | |
| } | |
| /*** | |
| * Validate Username | |
| * | |
| * Check to see if the username has been taken, or if it is disallowed. | |
| * Also checks if it includes the " character or the 4-bytes Unicode ones | |
| * (aka emojis) which we don't allow in usernames. | |
| * Used for registering, changing names, and posting anonymously with a username | |
| * | |
| * @param string $username The username to check | |
| * @param string $allowed_username An allowed username, default being $user->data['username'] | |
| * | |
| * @return mixed Either false if validation succeeded or a string which will be | |
| * used as the error message (with the variable name appended) | |
| */ | |
| function validate_username($username, $allowed_username = false, $allow_all_names = false) | |
| { | |
| global $config, $db, $user, $cache; | |
| $clean_username = utf8_clean_string($username); | |
| $allowed_username = ($allowed_username === false) ? $user->data['username_clean'] : utf8_clean_string($allowed_username); | |
| if ($allowed_username == $clean_username) | |
| { | |
| return false; | |
| } | |
| // The very first check is for | |
| // out-of-bounds characters that are currently | |
| // not supported by utf8_bin in MySQL | |
| if (preg_match('/[\x{10000}-\x{10FFFF}]/u', $username)) | |
| { | |
| return 'INVALID_EMOJIS'; | |
| } | |
| // ... fast checks first. | |
| if (strpos($username, '"') !== false || strpos($username, '"') !== false || empty($clean_username) | |
| || preg_match('/[\x{180E}\x{2005}-\x{200D}\x{202F}\x{205F}\x{2060}\x{FEFF}]/u', $username)) | |
| { | |
| return 'INVALID_CHARS'; | |
| } | |
| switch ($config['allow_name_chars']) | |
| { | |
| case 'USERNAME_CHARS_ANY': | |
| $regex = '.+'; | |
| break; | |
| case 'USERNAME_ALPHA_ONLY': | |
| $regex = '[A-Za-z0-9]+'; | |
| break; | |
| case 'USERNAME_ALPHA_SPACERS': | |
| $regex = '[A-Za-z0-9-[\]_+ ]+'; | |
| break; | |
| case 'USERNAME_LETTER_NUM': | |
| $regex = '[\p{Lu}\p{Ll}\p{N}]+'; | |
| break; | |
| case 'USERNAME_LETTER_NUM_SPACERS': | |
| $regex = '[-\]_+ [\p{Lu}\p{Ll}\p{N}]+'; | |
| break; | |
| case 'USERNAME_ASCII': | |
| default: | |
| $regex = '[\x01-\x7F]+'; | |
| break; | |
| } | |
| if (!preg_match('#^' . $regex . '$#u', $username)) | |
| { | |
| return 'INVALID_CHARS'; | |
| } | |
| $sql = 'SELECT username | |
| FROM ' . USERS_TABLE . " | |
| WHERE username_clean = '" . $db->sql_escape($clean_username) . "'"; | |
| $result = $db->sql_query($sql); | |
| $row = $db->sql_fetchrow($result); | |
| $db->sql_freeresult($result); | |
| if ($row) | |
| { | |
| return 'USERNAME_TAKEN'; | |
| } | |
| $sql = 'SELECT group_name | |
| FROM ' . GROUPS_TABLE . " | |
| WHERE LOWER(group_name) = '" . $db->sql_escape(utf8_strtolower($username)) . "'"; | |
| $result = $db->sql_query($sql); | |
| $row = $db->sql_fetchrow($result); | |
| $db->sql_freeresult($result); | |
| if ($row) | |
| { | |
| return 'USERNAME_TAKEN'; | |
| } | |
| if (!$allow_all_names) | |
| { | |
| $bad_usernames = $cache->obtain_disallowed_usernames(); | |
| foreach ($bad_usernames as $bad_username) | |
| { | |
| if (preg_match('#^' . $bad_username . '$#', $clean_username)) | |
| { | |
| return 'USERNAME_DISALLOWED'; | |
| } | |
| } | |
| } | |
| return false; | |
| } | |
| /** | |
| * Check to see if the password meets the complexity settings | |
| * | |
| * @return boolean|string Either false if validation succeeded or a string which will be used as the error message (with the variable name appended) | |
| */ | |
| function validate_password($password) | |
| { | |
| global $config; | |
| if ($password === '' || $config['pass_complex'] === 'PASS_TYPE_ANY') | |
| { | |
| // Password empty or no password complexity required. | |
| return false; | |
| } | |
| $upp = '\p{Lu}'; | |
| $low = '\p{Ll}'; | |
| $num = '\p{N}'; | |
| $sym = '[^\p{Lu}\p{Ll}\p{N}]'; | |
| $chars = array(); | |
| switch ($config['pass_complex']) | |
| { | |
| // No break statements below ... | |
| // We require strong passwords in case pass_complex is not set or is invalid | |
| default: | |
| // Require mixed case letters, numbers and symbols | |
| case 'PASS_TYPE_SYMBOL': | |
| $chars[] = $sym; | |
| // Require mixed case letters and numbers | |
| case 'PASS_TYPE_ALPHA': | |
| $chars[] = $num; | |
| // Require mixed case letters | |
| case 'PASS_TYPE_CASE': | |
| $chars[] = $low; | |
| $chars[] = $upp; | |
| } | |
| foreach ($chars as $char) | |
| { | |
| if (!preg_match('#' . $char . '#u', $password)) | |
| { | |
| return 'INVALID_CHARS'; | |
| } | |
| } | |
| return false; | |
| } | |
| /** | |
| * Check to see if email address is a valid address and contains a MX record | |
| * | |
| * @param string $email The email to check | |
| * @param $config | |
| * | |
| * @return mixed Either false if validation succeeded or a string which will be used as the error message (with the variable name appended) | |
| */ | |
| function phpbb_validate_email($email, $config = null) | |
| { | |
| if ($config === null) | |
| { | |
| global $config; | |
| } | |
| $email = strtolower($email); | |
| if (!preg_match('/^' . get_preg_expression('email') . '$/i', $email)) | |
| { | |
| return 'EMAIL_INVALID'; | |
| } | |
| // Check MX record. | |
| // The idea for this is from reading the UseBB blog/announcement. :) | |
| if ($config['email_check_mx']) | |
| { | |
| list(, $domain) = explode('@', $email); | |
| if (checkdnsrr($domain, 'A') === false && checkdnsrr($domain, 'MX') === false) | |
| { | |
| return 'DOMAIN_NO_MX_RECORD'; | |
| } | |
| } | |
| return false; | |
| } | |
| /** | |
| * Check to see if email address is banned or already present in the DB | |
| * | |
| * @param string $email The email to check | |
| * @param string $allowed_email An allowed email, default being $user->data['user_email'] | |
| * | |
| * @return mixed Either false if validation succeeded or a string which will be used as the error message (with the variable name appended) | |
| */ | |
| function validate_user_email($email, $allowed_email = false) | |
| { | |
| global $config, $db, $user; | |
| $email = strtolower($email); | |
| $allowed_email = ($allowed_email === false) ? strtolower($user->data['user_email']) : strtolower($allowed_email); | |
| if ($allowed_email == $email) | |
| { | |
| return false; | |
| } | |
| $validate_email = phpbb_validate_email($email, $config); | |
| if ($validate_email) | |
| { | |
| return $validate_email; | |
| } | |
| $ban = $user->check_ban(false, false, $email, true); | |
| if (!empty($ban)) | |
| { | |
| return !empty($ban['ban_give_reason']) ? $ban['ban_give_reason'] : 'EMAIL_BANNED'; | |
| } | |
| if (!$config['allow_emailreuse']) | |
| { | |
| $sql = 'SELECT user_email | |
| FROM ' . USERS_TABLE . " | |
| WHERE user_email = '" . $db->sql_escape($email) . "'"; | |
| $result = $db->sql_query($sql); | |
| $row = $db->sql_fetchrow($result); | |
| $db->sql_freeresult($result); | |
| if ($row) | |
| { | |
| return 'EMAIL_TAKEN'; | |
| } | |
| } | |
| return false; | |
| } | |
| /** | |
| * Validate jabber address | |
| * Taken from the jabber class within flyspray (see author notes) | |
| * | |
| * @author flyspray.org | |
| */ | |
| function validate_jabber($jid) | |
| { | |
| if (!$jid) | |
| { | |
| return false; | |
| } | |
| $separator_pos = strpos($jid, '@'); | |
| if ($separator_pos === false) | |
| { | |
| return 'WRONG_DATA'; | |
| } | |
| $username = substr($jid, 0, $separator_pos); | |
| $realm = substr($jid, $separator_pos + 1); | |
| if (strlen($username) == 0 || strlen($realm) < 3) | |
| { | |
| return 'WRONG_DATA'; | |
| } | |
| $arr = explode('.', $realm); | |
| if (count($arr) == 0) | |
| { | |
| return 'WRONG_DATA'; | |
| } | |
| foreach ($arr as $part) | |
| { | |
| if (substr($part, 0, 1) == '-' || substr($part, -1, 1) == '-') | |
| { | |
| return 'WRONG_DATA'; | |
| } | |
| if (!preg_match("@^[a-zA-Z0-9-.]+$@", $part)) | |
| { | |
| return 'WRONG_DATA'; | |
| } | |
| } | |
| $boundary = array(array(0, 127), array(192, 223), array(224, 239), array(240, 247), array(248, 251), array(252, 253)); | |
| // Prohibited Characters RFC3454 + RFC3920 | |
| $prohibited = array( | |
| // Table C.1.1 | |
| array(0x0020, 0x0020), // SPACE | |
| // Table C.1.2 | |
| array(0x00A0, 0x00A0), // NO-BREAK SPACE | |
| array(0x1680, 0x1680), // OGHAM SPACE MARK | |
| array(0x2000, 0x2001), // EN QUAD | |
| array(0x2001, 0x2001), // EM QUAD | |
| array(0x2002, 0x2002), // EN SPACE | |
| array(0x2003, 0x2003), // EM SPACE | |
| array(0x2004, 0x2004), // THREE-PER-EM SPACE | |
| array(0x2005, 0x2005), // FOUR-PER-EM SPACE | |
| array(0x2006, 0x2006), // SIX-PER-EM SPACE | |
| array(0x2007, 0x2007), // FIGURE SPACE | |
| array(0x2008, 0x2008), // PUNCTUATION SPACE | |
| array(0x2009, 0x2009), // THIN SPACE | |
| array(0x200A, 0x200A), // HAIR SPACE | |
| array(0x200B, 0x200B), // ZERO WIDTH SPACE | |
| array(0x202F, 0x202F), // NARROW NO-BREAK SPACE | |
| array(0x205F, 0x205F), // MEDIUM MATHEMATICAL SPACE | |
| array(0x3000, 0x3000), // IDEOGRAPHIC SPACE | |
| // Table C.2.1 | |
| array(0x0000, 0x001F), // [CONTROL CHARACTERS] | |
| array(0x007F, 0x007F), // DELETE | |
| // Table C.2.2 | |
| array(0x0080, 0x009F), // [CONTROL CHARACTERS] | |
| array(0x06DD, 0x06DD), // ARABIC END OF AYAH | |
| array(0x070F, 0x070F), // SYRIAC ABBREVIATION MARK | |
| array(0x180E, 0x180E), // MONGOLIAN VOWEL SEPARATOR | |
| array(0x200C, 0x200C), // ZERO WIDTH NON-JOINER | |
| array(0x200D, 0x200D), // ZERO WIDTH JOINER | |
| array(0x2028, 0x2028), // LINE SEPARATOR | |
| array(0x2029, 0x2029), // PARAGRAPH SEPARATOR | |
| array(0x2060, 0x2060), // WORD JOINER | |
| array(0x2061, 0x2061), // FUNCTION APPLICATION | |
| array(0x2062, 0x2062), // INVISIBLE TIMES | |
| array(0x2063, 0x2063), // INVISIBLE SEPARATOR | |
| array(0x206A, 0x206F), // [CONTROL CHARACTERS] | |
| array(0xFEFF, 0xFEFF), // ZERO WIDTH NO-BREAK SPACE | |
| array(0xFFF9, 0xFFFC), // [CONTROL CHARACTERS] | |
| array(0x1D173, 0x1D17A), // [MUSICAL CONTROL CHARACTERS] | |
| // Table C.3 | |
| array(0xE000, 0xF8FF), // [PRIVATE USE, PLANE 0] | |
| array(0xF0000, 0xFFFFD), // [PRIVATE USE, PLANE 15] | |
| array(0x100000, 0x10FFFD), // [PRIVATE USE, PLANE 16] | |
| // Table C.4 | |
| array(0xFDD0, 0xFDEF), // [NONCHARACTER CODE POINTS] | |
| array(0xFFFE, 0xFFFF), // [NONCHARACTER CODE POINTS] | |
| array(0x1FFFE, 0x1FFFF), // [NONCHARACTER CODE POINTS] | |
| array(0x2FFFE, 0x2FFFF), // [NONCHARACTER CODE POINTS] | |
| array(0x3FFFE, 0x3FFFF), // [NONCHARACTER CODE POINTS] | |
| array(0x4FFFE, 0x4FFFF), // [NONCHARACTER CODE POINTS] | |
| array(0x5FFFE, 0x5FFFF), // [NONCHARACTER CODE POINTS] | |
| array(0x6FFFE, 0x6FFFF), // [NONCHARACTER CODE POINTS] | |
| array(0x7FFFE, 0x7FFFF), // [NONCHARACTER CODE POINTS] | |
| array(0x8FFFE, 0x8FFFF), // [NONCHARACTER CODE POINTS] | |
| array(0x9FFFE, 0x9FFFF), // [NONCHARACTER CODE POINTS] | |
| array(0xAFFFE, 0xAFFFF), // [NONCHARACTER CODE POINTS] | |
| array(0xBFFFE, 0xBFFFF), // [NONCHARACTER CODE POINTS] | |
| array(0xCFFFE, 0xCFFFF), // [NONCHARACTER CODE POINTS] | |
| array(0xDFFFE, 0xDFFFF), // [NONCHARACTER CODE POINTS] | |
| array(0xEFFFE, 0xEFFFF), // [NONCHARACTER CODE POINTS] | |
| array(0xFFFFE, 0xFFFFF), // [NONCHARACTER CODE POINTS] | |
| array(0x10FFFE, 0x10FFFF), // [NONCHARACTER CODE POINTS] | |
| // Table C.5 | |
| array(0xD800, 0xDFFF), // [SURROGATE CODES] | |
| // Table C.6 | |
| array(0xFFF9, 0xFFF9), // INTERLINEAR ANNOTATION ANCHOR | |
| array(0xFFFA, 0xFFFA), // INTERLINEAR ANNOTATION SEPARATOR | |
| array(0xFFFB, 0xFFFB), // INTERLINEAR ANNOTATION TERMINATOR | |
| array(0xFFFC, 0xFFFC), // OBJECT REPLACEMENT CHARACTER | |
| array(0xFFFD, 0xFFFD), // REPLACEMENT CHARACTER | |
| // Table C.7 | |
| array(0x2FF0, 0x2FFB), // [IDEOGRAPHIC DESCRIPTION CHARACTERS] | |
| // Table C.8 | |
| array(0x0340, 0x0340), // COMBINING GRAVE TONE MARK | |
| array(0x0341, 0x0341), // COMBINING ACUTE TONE MARK | |
| array(0x200E, 0x200E), // LEFT-TO-RIGHT MARK | |
| array(0x200F, 0x200F), // RIGHT-TO-LEFT MARK | |
| array(0x202A, 0x202A), // LEFT-TO-RIGHT EMBEDDING | |
| array(0x202B, 0x202B), // RIGHT-TO-LEFT EMBEDDING | |
| array(0x202C, 0x202C), // POP DIRECTIONAL FORMATTING | |
| array(0x202D, 0x202D), // LEFT-TO-RIGHT OVERRIDE | |
| array(0x202E, 0x202E), // RIGHT-TO-LEFT OVERRIDE | |
| array(0x206A, 0x206A), // INHIBIT SYMMETRIC SWAPPING | |
| array(0x206B, 0x206B), // ACTIVATE SYMMETRIC SWAPPING | |
| array(0x206C, 0x206C), // INHIBIT ARABIC FORM SHAPING | |
| array(0x206D, 0x206D), // ACTIVATE ARABIC FORM SHAPING | |
| array(0x206E, 0x206E), // NATIONAL DIGIT SHAPES | |
| array(0x206F, 0x206F), // NOMINAL DIGIT SHAPES | |
| // Table C.9 | |
| array(0xE0001, 0xE0001), // LANGUAGE TAG | |
| array(0xE0020, 0xE007F), // [TAGGING CHARACTERS] | |
| // RFC3920 | |
| array(0x22, 0x22), // " | |
| array(0x26, 0x26), // & | |
| array(0x27, 0x27), // ' | |
| array(0x2F, 0x2F), // / | |
| array(0x3A, 0x3A), // : | |
| array(0x3C, 0x3C), // < | |
| array(0x3E, 0x3E), // > | |
| array(0x40, 0x40) // @ | |
| ); | |
| $pos = 0; | |
| $result = true; | |
| while ($pos < strlen($username)) | |
| { | |
| $len = $uni = 0; | |
| for ($i = 0; $i <= 5; $i++) | |
| { | |
| if (ord($username[$pos]) >= $boundary[$i][0] && ord($username[$pos]) <= $boundary[$i][1]) | |
| { | |
| $len = $i + 1; | |
| $uni = (ord($username[$pos]) - $boundary[$i][0]) * pow(2, $i * 6); | |
| for ($k = 1; $k < $len; $k++) | |
| { | |
| $uni += (ord($username[$pos + $k]) - 128) * pow(2, ($i - $k) * 6); | |
| } | |
| break; | |
| } | |
| } | |
| if ($len == 0) | |
| { | |
| return 'WRONG_DATA'; | |
| } | |
| foreach ($prohibited as $pval) | |
| { | |
| if ($uni >= $pval[0] && $uni <= $pval[1]) | |
| { | |
| $result = false; | |
| break 2; | |
| } | |
| } | |
| $pos = $pos + $len; | |
| } | |
| if (!$result) | |
| { | |
| return 'WRONG_DATA'; | |
| } | |
| return false; | |
| } | |
| /** | |
| * Validate hex colour value | |
| * | |
| * @param string $colour The hex colour value | |
| * @param bool $optional Whether the colour value is optional. True if an empty | |
| * string will be accepted as correct input, false if not. | |
| * @return bool|string Error message if colour value is incorrect, false if it | |
| * fits the hex colour code | |
| */ | |
| function phpbb_validate_hex_colour($colour, $optional = false) | |
| { | |
| if ($colour === '') | |
| { | |
| return (($optional) ? false : 'WRONG_DATA'); | |
| } | |
| if (!preg_match('/^([0-9a-fA-F]{6}|[0-9a-fA-F]{3})$/', $colour)) | |
| { | |
| return 'WRONG_DATA'; | |
| } | |
| return false; | |
| } | |
| /** | |
| * Verifies whether a style ID corresponds to an active style. | |
| * | |
| * @param int $style_id The style_id of a style which should be checked if activated or not. | |
| * @return boolean | |
| */ | |
| function phpbb_style_is_active($style_id) | |
| { | |
| global $db; | |
| $sql = 'SELECT style_active | |
| FROM ' . STYLES_TABLE . ' | |
| WHERE style_id = '. (int) $style_id; | |
| $result = $db->sql_query($sql); | |
| $style_is_active = (bool) $db->sql_fetchfield('style_active'); | |
| $db->sql_freeresult($result); | |
| return $style_is_active; | |
| } | |
| /** | |
| * Remove avatar | |
| */ | |
| function avatar_delete($mode, $row, $clean_db = false) | |
| { | |
| global $phpbb_root_path, $config; | |
| // Check if the users avatar is actually *not* a group avatar | |
| if ($mode == 'user') | |
| { | |
| if (strpos($row['user_avatar'], 'g') === 0 || (((int) $row['user_avatar'] !== 0) && ((int) $row['user_avatar'] !== (int) $row['user_id']))) | |
| { | |
| return false; | |
| } | |
| } | |
| if ($clean_db) | |
| { | |
| avatar_remove_db($row[$mode . '_avatar']); | |
| } | |
| $filename = get_avatar_filename($row[$mode . '_avatar']); | |
| if (file_exists($phpbb_root_path . $config['avatar_path'] . '/' . $filename)) | |
| { | |
| @unlink($phpbb_root_path . $config['avatar_path'] . '/' . $filename); | |
| return true; | |
| } | |
| return false; | |
| } | |
| /** | |
| * Generates avatar filename from the database entry | |
| */ | |
| function get_avatar_filename($avatar_entry) | |
| { | |
| global $config; | |
| if ($avatar_entry[0] === 'g') | |
| { | |
| $avatar_group = true; | |
| $avatar_entry = substr($avatar_entry, 1); | |
| } | |
| else | |
| { | |
| $avatar_group = false; | |
| } | |
| $ext = substr(strrchr($avatar_entry, '.'), 1); | |
| $avatar_entry = intval($avatar_entry); | |
| return $config['avatar_salt'] . '_' . (($avatar_group) ? 'g' : '') . $avatar_entry . '.' . $ext; | |
| } | |
| /** | |
| * Returns an explanation string with maximum avatar settings | |
| * | |
| * @return string | |
| */ | |
| function phpbb_avatar_explanation_string() | |
| { | |
| global $config, $user; | |
| return $user->lang(($config['avatar_filesize'] == 0) ? 'AVATAR_EXPLAIN_NO_FILESIZE' : 'AVATAR_EXPLAIN', | |
| $user->lang('PIXELS', (int) $config['avatar_max_width']), | |
| $user->lang('PIXELS', (int) $config['avatar_max_height']), | |
| round($config['avatar_filesize'] / 1024)); | |
| } | |
| // | |
| // Usergroup functions | |
| // | |
| /** | |
| * Add or edit a group. If we're editing a group we only update user | |
| * parameters such as rank, etc. if they are changed | |
| */ | |
| function group_create(&$group_id, $type, $name, $desc, $group_attributes, $allow_desc_bbcode = false, $allow_desc_urls = false, $allow_desc_smilies = false) | |
| { | |
| global $db, $user, $phpbb_container, $phpbb_log; | |
| /** @var \phpbb\group\helper $group_helper */ | |
| $group_helper = $phpbb_container->get('group_helper'); | |
| $error = array(); | |
| // Attributes which also affect the users table | |
| $user_attribute_ary = array('group_colour', 'group_rank', 'group_avatar', 'group_avatar_type', 'group_avatar_width', 'group_avatar_height'); | |
| // Check data. Limit group name length. | |
| if (!utf8_strlen($name) || utf8_strlen($name) > 60) | |
| { | |
| $error[] = (!utf8_strlen($name)) ? $user->lang['GROUP_ERR_USERNAME'] : $user->lang['GROUP_ERR_USER_LONG']; | |
| } | |
| $err = group_validate_groupname($group_id, $name); | |
| if (!empty($err)) | |
| { | |
| $error[] = $user->lang[$err]; | |
| } | |
| if (!in_array($type, array(GROUP_OPEN, GROUP_CLOSED, GROUP_HIDDEN, GROUP_SPECIAL, GROUP_FREE))) | |
| { | |
| $error[] = $user->lang['GROUP_ERR_TYPE']; | |
| } | |
| $group_teampage = !empty($group_attributes['group_teampage']); | |
| unset($group_attributes['group_teampage']); | |
| if (!count($error)) | |
| { | |
| $current_legend = \phpbb\groupposition\legend::GROUP_DISABLED; | |
| $current_teampage = \phpbb\groupposition\teampage::GROUP_DISABLED; | |
| /* @var $legend \phpbb\groupposition\legend */ | |
| $legend = $phpbb_container->get('groupposition.legend'); | |
| /* @var $teampage \phpbb\groupposition\teampage */ | |
| $teampage = $phpbb_container->get('groupposition.teampage'); | |
| if ($group_id) | |
| { | |
| try | |
| { | |
| $current_legend = $legend->get_group_value($group_id); | |
| $current_teampage = $teampage->get_group_value($group_id); | |
| } | |
| catch (\phpbb\groupposition\exception $exception) | |
| { | |
| trigger_error($user->lang($exception->getMessage())); | |
| } | |
| } | |
| if (!empty($group_attributes['group_legend'])) | |
| { | |
| if (($group_id && ($current_legend == \phpbb\groupposition\legend::GROUP_DISABLED)) || !$group_id) | |
| { | |
| // Old group currently not in the legend or new group, add at the end. | |
| $group_attributes['group_legend'] = 1 + $legend->get_group_count(); | |
| } | |
| else | |
| { | |
| // Group stayes in the legend | |
| $group_attributes['group_legend'] = $current_legend; | |
| } | |
| } | |
| else if ($group_id && ($current_legend != \phpbb\groupposition\legend::GROUP_DISABLED)) | |
| { | |
| // Group is removed from the legend | |
| try | |
| { | |
| $legend->delete_group($group_id, true); | |
| } | |
| catch (\phpbb\groupposition\exception $exception) | |
| { | |
| trigger_error($user->lang($exception->getMessage())); | |
| } | |
| $group_attributes['group_legend'] = \phpbb\groupposition\legend::GROUP_DISABLED; | |
| } | |
| else | |
| { | |
| $group_attributes['group_legend'] = \phpbb\groupposition\legend::GROUP_DISABLED; | |
| } | |
| // Unset the objects, we don't need them anymore. | |
| unset($legend); | |
| $user_ary = array(); | |
| $sql_ary = array( | |
| 'group_name' => (string) $name, | |
| 'group_desc' => (string) $desc, | |
| 'group_desc_uid' => '', | |
| 'group_desc_bitfield' => '', | |
| 'group_type' => (int) $type, | |
| ); | |
| // Parse description | |
| if ($desc) | |
| { | |
| generate_text_for_storage($sql_ary['group_desc'], $sql_ary['group_desc_uid'], $sql_ary['group_desc_bitfield'], $sql_ary['group_desc_options'], $allow_desc_bbcode, $allow_desc_urls, $allow_desc_smilies); | |
| } | |
| if (count($group_attributes)) | |
| { | |
| // Merge them with $sql_ary to properly update the group | |
| $sql_ary = array_merge($sql_ary, $group_attributes); | |
| } | |
| // Setting the log message before we set the group id (if group gets added) | |
| $log = ($group_id) ? 'LOG_GROUP_UPDATED' : 'LOG_GROUP_CREATED'; | |
| if ($group_id) | |
| { | |
| $sql = 'SELECT user_id | |
| FROM ' . USERS_TABLE . ' | |
| WHERE group_id = ' . $group_id; | |
| $result = $db->sql_query($sql); | |
| while ($row = $db->sql_fetchrow($result)) | |
| { | |
| $user_ary[] = $row['user_id']; | |
| } | |
| $db->sql_freeresult($result); | |
| if (isset($sql_ary['group_avatar'])) | |
| { | |
| remove_default_avatar($group_id, $user_ary); | |
| } | |
| if (isset($sql_ary['group_rank'])) | |
| { | |
| remove_default_rank($group_id, $user_ary); | |
| } | |
| $sql = 'UPDATE ' . GROUPS_TABLE . ' | |
| SET ' . $db->sql_build_array('UPDATE', $sql_ary) . " | |
| WHERE group_id = $group_id"; | |
| $db->sql_query($sql); | |
| // Since we may update the name too, we need to do this on other tables too... | |
| $sql = 'UPDATE ' . MODERATOR_CACHE_TABLE . " | |
| SET group_name = '" . $db->sql_escape($sql_ary['group_name']) . "' | |
| WHERE group_id = $group_id"; | |
| $db->sql_query($sql); | |
| // One special case is the group skip auth setting. If this was changed we need to purge permissions for this group | |
| if (isset($group_attributes['group_skip_auth'])) | |
| { | |
| // Get users within this group... | |
| $sql = 'SELECT user_id | |
| FROM ' . USER_GROUP_TABLE . ' | |
| WHERE group_id = ' . $group_id . ' | |
| AND user_pending = 0'; | |
| $result = $db->sql_query($sql); | |
| $user_id_ary = array(); | |
| while ($row = $db->sql_fetchrow($result)) | |
| { | |
| $user_id_ary[] = $row['user_id']; | |
| } | |
| $db->sql_freeresult($result); | |
| if (!empty($user_id_ary)) | |
| { | |
| global $auth; | |
| // Clear permissions cache of relevant users | |
| $auth->acl_clear_prefetch($user_id_ary); | |
| } | |
| } | |
| } | |
| else | |
| { | |
| $sql = 'INSERT INTO ' . GROUPS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary); | |
| $db->sql_query($sql); | |
| } | |
| // Remove the group from the teampage, only if unselected and we are editing a group, | |
| // which is currently displayed. | |
| if (!$group_teampage && $group_id && $current_teampage != \phpbb\groupposition\teampage::GROUP_DISABLED) | |
| { | |
| try | |
| { | |
| $teampage->delete_group($group_id); | |
| } | |
| catch (\phpbb\groupposition\exception $exception) | |
| { | |
| trigger_error($user->lang($exception->getMessage())); | |
| } | |
| } | |
| if (!$group_id) | |
| { | |
| $group_id = $db->sql_nextid(); | |
| if (isset($sql_ary['group_avatar_type']) && $sql_ary['group_avatar_type'] == 'avatar.driver.upload') | |
| { | |
| group_correct_avatar($group_id, $sql_ary['group_avatar']); | |
| } | |
| } | |
| try | |
| { | |
| if ($group_teampage && $current_teampage == \phpbb\groupposition\teampage::GROUP_DISABLED) | |
| { | |
| $teampage->add_group($group_id); | |
| } | |
| if ($group_teampage) | |
| { | |
| if ($current_teampage == \phpbb\groupposition\teampage::GROUP_DISABLED) | |
| { | |
| $teampage->add_group($group_id); | |
| } | |
| } | |
| else if ($group_id && ($current_teampage != \phpbb\groupposition\teampage::GROUP_DISABLED)) | |
| { | |
| $teampage->delete_group($group_id); | |
| } | |
| } | |
| catch (\phpbb\groupposition\exception $exception) | |
| { | |
| trigger_error($user->lang($exception->getMessage())); | |
| } | |
| unset($teampage); | |
| // Set user attributes | |
| $sql_ary = array(); | |
| if (count($group_attributes)) | |
| { | |
| // Go through the user attributes array, check if a group attribute matches it and then set it. ;) | |
| foreach ($user_attribute_ary as $attribute) | |
| { | |
| if (!isset($group_attributes[$attribute])) | |
| { | |
| continue; | |
| } | |
| // If we are about to set an avatar, we will not overwrite user avatars if no group avatar is set... | |
| if (strpos($attribute, 'group_avatar') === 0 && !$group_attributes[$attribute]) | |
| { | |
| continue; | |
| } | |
| $sql_ary[$attribute] = $group_attributes[$attribute]; | |
| } | |
| } | |
| if (count($sql_ary) && count($user_ary)) | |
| { | |
| group_set_user_default($group_id, $user_ary, $sql_ary); | |
| } | |
| $name = $group_helper->get_name($name); | |
| $phpbb_log->add('admin', $user->data['user_id'], $user->ip, $log, false, array($name)); | |
| group_update_listings($group_id); | |
| } | |
| return (count($error)) ? $error : false; | |
| } | |
| /** | |
| * Changes a group avatar's filename to conform to the naming scheme | |
| */ | |
| function group_correct_avatar($group_id, $old_entry) | |
| { | |
| global $config, $db, $phpbb_root_path; | |
| $group_id = (int) $group_id; | |
| $ext = substr(strrchr($old_entry, '.'), 1); | |
| $old_filename = get_avatar_filename($old_entry); | |
| $new_filename = $config['avatar_salt'] . "_g$group_id.$ext"; | |
| $new_entry = 'g' . $group_id . '_' . substr(time(), -5) . ".$ext"; | |
| $avatar_path = $phpbb_root_path . $config['avatar_path']; | |
| if (@rename($avatar_path . '/'. $old_filename, $avatar_path . '/' . $new_filename)) | |
| { | |
| $sql = 'UPDATE ' . GROUPS_TABLE . ' | |
| SET group_avatar = \'' . $db->sql_escape($new_entry) . "' | |
| WHERE group_id = $group_id"; | |
| $db->sql_query($sql); | |
| } | |
| } | |
| /** | |
| * Remove avatar also for users not having the group as default | |
| */ | |
| function avatar_remove_db($avatar_name) | |
| { | |
| global $db; | |
| $sql = 'UPDATE ' . USERS_TABLE . " | |
| SET user_avatar = '', | |
| user_avatar_type = '' | |
| WHERE user_avatar = '" . $db->sql_escape($avatar_name) . '\''; | |
| $db->sql_query($sql); | |
| } | |
| /** | |
| * Group Delete | |
| */ | |
| function group_delete($group_id, $group_name = false) | |
| { | |
| global $db, $cache, $auth, $user, $phpbb_root_path, $phpEx, $phpbb_dispatcher, $phpbb_container, $phpbb_log; | |
| if (!$group_name) | |
| { | |
| $group_name = get_group_name($group_id); | |
| } | |
| $start = 0; | |
| do | |
| { | |
| $user_id_ary = $username_ary = array(); | |
| // Batch query for group members, call group_user_del | |
| $sql = 'SELECT u.user_id, u.username | |
| FROM ' . USER_GROUP_TABLE . ' ug, ' . USERS_TABLE . " u | |
| WHERE ug.group_id = $group_id | |
| AND u.user_id = ug.user_id"; | |
| $result = $db->sql_query_limit($sql, 200, $start); | |
| if ($row = $db->sql_fetchrow($result)) | |
| { | |
| do | |
| { | |
| $user_id_ary[] = $row['user_id']; | |
| $username_ary[] = $row['username']; | |
| $start++; | |
| } | |
| while ($row = $db->sql_fetchrow($result)); | |
| group_user_del($group_id, $user_id_ary, $username_ary, $group_name); | |
| } | |
| else | |
| { | |
| $start = 0; | |
| } | |
| $db->sql_freeresult($result); | |
| } | |
| while ($start); | |
| // Delete group from legend and teampage | |
| try | |
| { | |
| /* @var $legend \phpbb\groupposition\legend */ | |
| $legend = $phpbb_container->get('groupposition.legend'); | |
| $legend->delete_group($group_id); | |
| unset($legend); | |
| } | |
| catch (\phpbb\groupposition\exception $exception) | |
| { | |
| // The group we want to delete does not exist. | |
| // No reason to worry, we just continue the deleting process. | |
| //trigger_error($user->lang($exception->getMessage())); | |
| } | |
| try | |
| { | |
| /* @var $teampage \phpbb\groupposition\teampage */ | |
| $teampage = $phpbb_container->get('groupposition.teampage'); | |
| $teampage->delete_group($group_id); | |
| unset($teampage); | |
| } | |
| catch (\phpbb\groupposition\exception $exception) | |
| { | |
| // The group we want to delete does not exist. | |
| // No reason to worry, we just continue the deleting process. | |
| //trigger_error($user->lang($exception->getMessage())); | |
| } | |
| // Delete group | |
| $sql = 'DELETE FROM ' . GROUPS_TABLE . " | |
| WHERE group_id = $group_id"; | |
| $db->sql_query($sql); | |
| // Delete auth entries from the groups table | |
| $sql = 'DELETE FROM ' . ACL_GROUPS_TABLE . " | |
| WHERE group_id = $group_id"; | |
| $db->sql_query($sql); | |
| /** | |
| * Event after a group is deleted | |
| * | |
| * @event core.delete_group_after | |
| * @var int group_id ID of the deleted group | |
| * @var string group_name Name of the deleted group | |
| * @since 3.1.0-a1 | |
| */ | |
| $vars = array('group_id', 'group_name'); | |
| extract($phpbb_dispatcher->trigger_event('core.delete_group_after', compact($vars))); | |
| // Re-cache moderators | |
| if (!function_exists('phpbb_cache_moderators')) | |
| { | |
| include($phpbb_root_path . 'includes/functions_admin.' . $phpEx); | |
| } | |
| phpbb_cache_moderators($db, $cache, $auth); | |
| $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_GROUP_DELETE', false, array($group_name)); | |
| // Return false - no error | |
| return false; | |
| } | |
| /** | |
| * Add user(s) to group | |
| * | |
| * @return mixed false if no errors occurred, else the user lang string for the relevant error, for example 'NO_USER' | |
| */ | |
| function group_user_add($group_id, $user_id_ary = false, $username_ary = false, $group_name = false, $default = false, $leader = 0, $pending = 0, $group_attributes = false) | |
| { | |
| global $db, $auth, $user, $phpbb_container, $phpbb_log, $phpbb_dispatcher; | |
| // We need both username and user_id info | |
| $result = user_get_id_name($user_id_ary, $username_ary); | |
| if (empty($user_id_ary) || $result !== false) | |
| { | |
| return 'NO_USER'; | |
| } | |
| // Because the item that gets passed into the previous function is unset, the reference is lost and our original | |
| // array is retained - so we know there's a problem if there's a different number of ids to usernames now. | |
| if (count($user_id_ary) != count($username_ary)) | |
| { | |
| return 'GROUP_USERS_INVALID'; | |
| } | |
| // Remove users who are already members of this group | |
| $sql = 'SELECT user_id, group_leader | |
| FROM ' . USER_GROUP_TABLE . ' | |
| WHERE ' . $db->sql_in_set('user_id', $user_id_ary) . " | |
| AND group_id = $group_id"; | |
| $result = $db->sql_query($sql); | |
| $add_id_ary = $update_id_ary = array(); | |
| while ($row = $db->sql_fetchrow($result)) | |
| { | |
| $add_id_ary[] = (int) $row['user_id']; | |
| if ($leader && !$row['group_leader']) | |
| { | |
| $update_id_ary[] = (int) $row['user_id']; | |
| } | |
| } | |
| $db->sql_freeresult($result); | |
| // Do all the users exist in this group? | |
| $add_id_ary = array_diff($user_id_ary, $add_id_ary); | |
| // If we have no users | |
| if (!count($add_id_ary) && !count($update_id_ary)) | |
| { | |
| return 'GROUP_USERS_EXIST'; | |
| } | |
| $db->sql_transaction('begin'); | |
| // Insert the new users | |
| if (count($add_id_ary)) | |
| { | |
| $sql_ary = array(); | |
| foreach ($add_id_ary as $user_id) | |
| { | |
| $sql_ary[] = array( | |
| 'user_id' => (int) $user_id, | |
| 'group_id' => (int) $group_id, | |
| 'group_leader' => (int) $leader, | |
| 'user_pending' => (int) $pending, | |
| ); | |
| } | |
| $db->sql_multi_insert(USER_GROUP_TABLE, $sql_ary); | |
| } | |
| if (count($update_id_ary)) | |
| { | |
| $sql = 'UPDATE ' . USER_GROUP_TABLE . ' | |
| SET group_leader = 1 | |
| WHERE ' . $db->sql_in_set('user_id', $update_id_ary) . " | |
| AND group_id = $group_id"; | |
| $db->sql_query($sql); | |
| } | |
| if ($default) | |
| { | |
| group_user_attributes('default', $group_id, $user_id_ary, false, $group_name, $group_attributes); | |
| } | |
| $db->sql_transaction('commit'); | |
| // Clear permissions cache of relevant users | |
| $auth->acl_clear_prefetch($user_id_ary); | |
| /** | |
| * Event after users are added to a group | |
| * | |
| * @event core.group_add_user_after | |
| * @var int group_id ID of the group to which users are added | |
| * @var string group_name Name of the group | |
| * @var array user_id_ary IDs of the users which are added | |
| * @var array username_ary names of the users which are added | |
| * @var int pending Pending setting, 1 if user(s) added are pending | |
| * @since 3.1.7-RC1 | |
| */ | |
| $vars = array( | |
| 'group_id', | |
| 'group_name', | |
| 'user_id_ary', | |
| 'username_ary', | |
| 'pending', | |
| ); | |
| extract($phpbb_dispatcher->trigger_event('core.group_add_user_after', compact($vars))); | |
| if (!$group_name) | |
| { | |
| $group_name = get_group_name($group_id); | |
| } | |
| $log = ($leader) ? 'LOG_MODS_ADDED' : (($pending) ? 'LOG_USERS_PENDING' : 'LOG_USERS_ADDED'); | |
| $phpbb_log->add('admin', $user->data['user_id'], $user->ip, $log, false, array($group_name, implode(', ', $username_ary))); | |
| group_update_listings($group_id); | |
| if ($pending) | |
| { | |
| /* @var $phpbb_notifications \phpbb\notification\manager */ | |
| $phpbb_notifications = $phpbb_container->get('notification_manager'); | |
| foreach ($add_id_ary as $user_id) | |
| { | |
| $phpbb_notifications->add_notifications('notification.type.group_request', array( | |
| 'group_id' => $group_id, | |
| 'user_id' => $user_id, | |
| 'group_name' => $group_name, | |
| )); | |
| } | |
| } | |
| // Return false - no error | |
| return false; | |
| } | |
| /** | |
| * Remove a user/s from a given group. When we remove users we update their | |
| * default group_id. We do this by examining which "special" groups they belong | |
| * to. The selection is made based on a reasonable priority system | |
| * | |
| * @return false if no errors occurred, else the user lang string for the relevant error, for example 'NO_USER' | |
| */ | |
| function group_user_del($group_id, $user_id_ary = false, $username_ary = false, $group_name = false, $log_action = true) | |
| { | |
| global $db, $auth, $config, $user, $phpbb_dispatcher, $phpbb_container, $phpbb_log; | |
| if ($config['coppa_enable']) | |
| { | |
| $group_order = array('ADMINISTRATORS', 'GLOBAL_MODERATORS', 'NEWLY_REGISTERED', 'REGISTERED_COPPA', 'REGISTERED', 'BOTS', 'GUESTS'); | |
| } | |
| else | |
| { | |
| $group_order = array('ADMINISTRATORS', 'GLOBAL_MODERATORS', 'NEWLY_REGISTERED', 'REGISTERED', 'BOTS', 'GUESTS'); | |
| } | |
| // We need both username and user_id info | |
| $result = user_get_id_name($user_id_ary, $username_ary); | |
| if (empty($user_id_ary) || $result !== false) | |
| { | |
| return 'NO_USER'; | |
| } | |
| $sql = 'SELECT * | |
| FROM ' . GROUPS_TABLE . ' | |
| WHERE ' . $db->sql_in_set('group_name', $group_order); | |
| $result = $db->sql_query($sql); | |
| $group_order_id = $special_group_data = array(); | |
| while ($row = $db->sql_fetchrow($result)) | |
| { | |
| $group_order_id[$row['group_name']] = $row['group_id']; | |
| $special_group_data[$row['group_id']] = array( | |
| 'group_colour' => $row['group_colour'], | |
| 'group_rank' => $row['group_rank'], | |
| ); | |
| // Only set the group avatar if one is defined... | |
| if ($row['group_avatar']) | |
| { | |
| $special_group_data[$row['group_id']] = array_merge($special_group_data[$row['group_id']], array( | |
| 'group_avatar' => $row['group_avatar'], | |
| 'group_avatar_type' => $row['group_avatar_type'], | |
| 'group_avatar_width' => $row['group_avatar_width'], | |
| 'group_avatar_height' => $row['group_avatar_height']) | |
| ); | |
| } | |
| } | |
| $db->sql_freeresult($result); | |
| // Get users default groups - we only need to reset default group membership if the group from which the user gets removed is set as default | |
| $sql = 'SELECT user_id, group_id | |
| FROM ' . USERS_TABLE . ' | |
| WHERE ' . $db->sql_in_set('user_id', $user_id_ary); | |
| $result = $db->sql_query($sql); | |
| $default_groups = array(); | |
| while ($row = $db->sql_fetchrow($result)) | |
| { | |
| $default_groups[$row['user_id']] = $row['group_id']; | |
| } | |
| $db->sql_freeresult($result); | |
| // What special group memberships exist for these users? | |
| $sql = 'SELECT g.group_id, g.group_name, ug.user_id | |
| FROM ' . USER_GROUP_TABLE . ' ug, ' . GROUPS_TABLE . ' g | |
| WHERE ' . $db->sql_in_set('ug.user_id', $user_id_ary) . " | |
| AND g.group_id = ug.group_id | |
| AND g.group_id <> $group_id | |
| AND g.group_type = " . GROUP_SPECIAL . ' | |
| ORDER BY ug.user_id, g.group_id'; | |
| $result = $db->sql_query($sql); | |
| $temp_ary = array(); | |
| while ($row = $db->sql_fetchrow($result)) | |
| { | |
| if ($default_groups[$row['user_id']] == $group_id && (!isset($temp_ary[$row['user_id']]) || $group_order_id[$row['group_name']] < $temp_ary[$row['user_id']])) | |
| { | |
| $temp_ary[$row['user_id']] = $row['group_id']; | |
| } | |
| } | |
| $db->sql_freeresult($result); | |
| // sql_where_ary holds the new default groups and their users | |
| $sql_where_ary = array(); | |
| foreach ($temp_ary as $uid => $gid) | |
| { | |
| $sql_where_ary[$gid][] = $uid; | |
| } | |
| unset($temp_ary); | |
| foreach ($special_group_data as $gid => $default_data_ary) | |
| { | |
| if (isset($sql_where_ary[$gid]) && count($sql_where_ary[$gid])) | |
| { | |
| remove_default_rank($group_id, $sql_where_ary[$gid]); | |
| remove_default_avatar($group_id, $sql_where_ary[$gid]); | |
| group_set_user_default($gid, $sql_where_ary[$gid], $default_data_ary); | |
| } | |
| } | |
| unset($special_group_data); | |
| /** | |
| * Event before users are removed from a group | |
| * | |
| * @event core.group_delete_user_before | |
| * @var int group_id ID of the group from which users are deleted | |
| * @var string group_name Name of the group | |
| * @var array user_id_ary IDs of the users which are removed | |
| * @var array username_ary names of the users which are removed | |
| * @since 3.1.0-a1 | |
| */ | |
| $vars = array('group_id', 'group_name', 'user_id_ary', 'username_ary'); | |
| extract($phpbb_dispatcher->trigger_event('core.group_delete_user_before', compact($vars))); | |
| $sql = 'DELETE FROM ' . USER_GROUP_TABLE . " | |
| WHERE group_id = $group_id | |
| AND " . $db->sql_in_set('user_id', $user_id_ary); | |
| $db->sql_query($sql); | |
| // Clear permissions cache of relevant users | |
| $auth->acl_clear_prefetch($user_id_ary); | |
| /** | |
| * Event after users are removed from a group | |
| * | |
| * @event core.group_delete_user_after | |
| * @var int group_id ID of the group from which users are deleted | |
| * @var string group_name Name of the group | |
| * @var array user_id_ary IDs of the users which are removed | |
| * @var array username_ary names of the users which are removed | |
| * @since 3.1.7-RC1 | |
| */ | |
| $vars = array('group_id', 'group_name', 'user_id_ary', 'username_ary'); | |
| extract($phpbb_dispatcher->trigger_event('core.group_delete_user_after', compact($vars))); | |
| if ($log_action) | |
| { | |
| if (!$group_name) | |
| { | |
| $group_name = get_group_name($group_id); | |
| } | |
| $log = 'LOG_GROUP_REMOVE'; | |
| if ($group_name) | |
| { | |
| $phpbb_log->add('admin', $user->data['user_id'], $user->ip, $log, false, array($group_name, implode(', ', $username_ary))); | |
| } | |
| } | |
| group_update_listings($group_id); | |
| /* @var $phpbb_notifications \phpbb\notification\manager */ | |
| $phpbb_notifications = $phpbb_container->get('notification_manager'); | |
| $phpbb_notifications->delete_notifications('notification.type.group_request', $user_id_ary, $group_id); | |
| // Return false - no error | |
| return false; | |
| } | |
| /** | |
| * Removes the group avatar of the default group from the users in user_ids who have that group as default. | |
| */ | |
| function remove_default_avatar($group_id, $user_ids) | |
| { | |
| global $db; | |
| if (!is_array($user_ids)) | |
| { | |
| $user_ids = array($user_ids); | |
| } | |
| if (empty($user_ids)) | |
| { | |
| return false; | |
| } | |
| $user_ids = array_map('intval', $user_ids); | |
| $sql = 'SELECT * | |
| FROM ' . GROUPS_TABLE . ' | |
| WHERE group_id = ' . (int) $group_id; | |
| $result = $db->sql_query($sql); | |
| if (!$row = $db->sql_fetchrow($result)) | |
| { | |
| $db->sql_freeresult($result); | |
| return false; | |
| } | |
| $db->sql_freeresult($result); | |
| $sql = 'UPDATE ' . USERS_TABLE . " | |
| SET user_avatar = '', | |
| user_avatar_type = '', | |
| user_avatar_width = 0, | |
| user_avatar_height = 0 | |
| WHERE group_id = " . (int) $group_id . " | |
| AND user_avatar = '" . $db->sql_escape($row['group_avatar']) . "' | |
| AND " . $db->sql_in_set('user_id', $user_ids); | |
| $db->sql_query($sql); | |
| } | |
| /** | |
| * Removes the group rank of the default group from the users in user_ids who have that group as default. | |
| */ | |
| function remove_default_rank($group_id, $user_ids) | |
| { | |
| global $db; | |
| if (!is_array($user_ids)) | |
| { | |
| $user_ids = array($user_ids); | |
| } | |
| if (empty($user_ids)) | |
| { | |
| return false; | |
| } | |
| $user_ids = array_map('intval', $user_ids); | |
| $sql = 'SELECT * | |
| FROM ' . GROUPS_TABLE . ' | |
| WHERE group_id = ' . (int) $group_id; | |
| $result = $db->sql_query($sql); | |
| if (!$row = $db->sql_fetchrow($result)) | |
| { | |
| $db->sql_freeresult($result); | |
| return false; | |
| } | |
| $db->sql_freeresult($result); | |
| $sql = 'UPDATE ' . USERS_TABLE . ' | |
| SET user_rank = 0 | |
| WHERE group_id = ' . (int) $group_id . ' | |
| AND user_rank <> 0 | |
| AND user_rank = ' . (int) $row['group_rank'] . ' | |
| AND ' . $db->sql_in_set('user_id', $user_ids); | |
| $db->sql_query($sql); | |
| } | |
| /** | |
| * This is used to promote (to leader), demote or set as default a member/s | |
| */ | |
| function group_user_attributes($action, $group_id, $user_id_ary = false, $username_ary = false, $group_name = false, $group_attributes = false) | |
| { | |
| global $db, $auth, $user, $phpbb_container, $phpbb_log, $phpbb_dispatcher; | |
| // We need both username and user_id info | |
| $result = user_get_id_name($user_id_ary, $username_ary); | |
| if (empty($user_id_ary) || $result !== false) | |
| { | |
| return 'NO_USERS'; | |
| } | |
| if (!$group_name) | |
| { | |
| $group_name = get_group_name($group_id); | |
| } | |
| switch ($action) | |
| { | |
| case 'demote': | |
| case 'promote': | |
| $sql = 'SELECT user_id | |
| FROM ' . USER_GROUP_TABLE . " | |
| WHERE group_id = $group_id | |
| AND user_pending = 1 | |
| AND " . $db->sql_in_set('user_id', $user_id_ary); | |
| $result = $db->sql_query_limit($sql, 1); | |
| $not_empty = ($db->sql_fetchrow($result)); | |
| $db->sql_freeresult($result); | |
| if ($not_empty) | |
| { | |
| return 'NO_VALID_USERS'; | |
| } | |
| $sql = 'UPDATE ' . USER_GROUP_TABLE . ' | |
| SET group_leader = ' . (($action == 'promote') ? 1 : 0) . " | |
| WHERE group_id = $group_id | |
| AND user_pending = 0 | |
| AND " . $db->sql_in_set('user_id', $user_id_ary); | |
| $db->sql_query($sql); | |
| $log = ($action == 'promote') ? 'LOG_GROUP_PROMOTED' : 'LOG_GROUP_DEMOTED'; | |
| break; | |
| case 'approve': | |
| // Make sure we only approve those which are pending ;) | |
| $sql = 'SELECT u.user_id, u.user_email, u.username, u.username_clean, u.user_notify_type, u.user_jabber, u.user_lang | |
| FROM ' . USERS_TABLE . ' u, ' . USER_GROUP_TABLE . ' ug | |
| WHERE ug.group_id = ' . $group_id . ' | |
| AND ug.user_pending = 1 | |
| AND ug.user_id = u.user_id | |
| AND ' . $db->sql_in_set('ug.user_id', $user_id_ary); | |
| $result = $db->sql_query($sql); | |
| $user_id_ary = array(); | |
| while ($row = $db->sql_fetchrow($result)) | |
| { | |
| $user_id_ary[] = $row['user_id']; | |
| } | |
| $db->sql_freeresult($result); | |
| if (!count($user_id_ary)) | |
| { | |
| return false; | |
| } | |
| $sql = 'UPDATE ' . USER_GROUP_TABLE . " | |
| SET user_pending = 0 | |
| WHERE group_id = $group_id | |
| AND " . $db->sql_in_set('user_id', $user_id_ary); | |
| $db->sql_query($sql); | |
| /* @var $phpbb_notifications \phpbb\notification\manager */ | |
| $phpbb_notifications = $phpbb_container->get('notification_manager'); | |
| $phpbb_notifications->add_notifications('notification.type.group_request_approved', array( | |
| 'user_ids' => $user_id_ary, | |
| 'group_id' => $group_id, | |
| 'group_name' => $group_name, | |
| )); | |
| $phpbb_notifications->delete_notifications('notification.type.group_request', $user_id_ary, $group_id); | |
| $log = 'LOG_USERS_APPROVED'; | |
| break; | |
| case 'default': | |
| // We only set default group for approved members of the group | |
| $sql = 'SELECT user_id | |
| FROM ' . USER_GROUP_TABLE . " | |
| WHERE group_id = $group_id | |
| AND user_pending = 0 | |
| AND " . $db->sql_in_set('user_id', $user_id_ary); | |
| $result = $db->sql_query($sql); | |
| $user_id_ary = $username_ary = array(); | |
| while ($row = $db->sql_fetchrow($result)) | |
| { | |
| $user_id_ary[] = $row['user_id']; | |
| } | |
| $db->sql_freeresult($result); | |
| $result = user_get_id_name($user_id_ary, $username_ary); | |
| if (!count($user_id_ary) || $result !== false) | |
| { | |
| return 'NO_USERS'; | |
| } | |
| $sql = 'SELECT user_id, group_id | |
| FROM ' . USERS_TABLE . ' | |
| WHERE ' . $db->sql_in_set('user_id', $user_id_ary, false, true); | |
| $result = $db->sql_query($sql); | |
| $groups = array(); | |
| while ($row = $db->sql_fetchrow($result)) | |
| { | |
| if (!isset($groups[$row['group_id']])) | |
| { | |
| $groups[$row['group_id']] = array(); | |
| } | |
| $groups[$row['group_id']][] = $row['user_id']; | |
| } | |
| $db->sql_freeresult($result); | |
| foreach ($groups as $gid => $uids) | |
| { | |
| remove_default_rank($gid, $uids); | |
| remove_default_avatar($gid, $uids); | |
| } | |
| group_set_user_default($group_id, $user_id_ary, $group_attributes); | |
| $log = 'LOG_GROUP_DEFAULTS'; | |
| break; | |
| } | |
| /** | |
| * Event to perform additional actions on setting user group attributes | |
| * | |
| * @event core.user_set_group_attributes | |
| * @var int group_id ID of the group | |
| * @var string group_name Name of the group | |
| * @var array user_id_ary IDs of the users to set group attributes | |
| * @var array username_ary Names of the users to set group attributes | |
| * @var array group_attributes Group attributes which were changed | |
| * @var string action Action to perform over the group members | |
| * @since 3.1.10-RC1 | |
| */ | |
| $vars = array( | |
| 'group_id', | |
| 'group_name', | |
| 'user_id_ary', | |
| 'username_ary', | |
| 'group_attributes', | |
| 'action', | |
| ); | |
| extract($phpbb_dispatcher->trigger_event('core.user_set_group_attributes', compact($vars))); | |
| // Clear permissions cache of relevant users | |
| $auth->acl_clear_prefetch($user_id_ary); | |
| $phpbb_log->add('admin', $user->data['user_id'], $user->ip, $log, false, array($group_name, implode(', ', $username_ary))); | |
| group_update_listings($group_id); | |
| return false; | |
| } | |
| /** | |
| * A small version of validate_username to check for a group name's existence. To be called directly. | |
| */ | |
| function group_validate_groupname($group_id, $group_name) | |
| { | |
| global $db; | |
| $group_name = utf8_clean_string($group_name); | |
| if (!empty($group_id)) | |
| { | |
| $sql = 'SELECT group_name | |
| FROM ' . GROUPS_TABLE . ' | |
| WHERE group_id = ' . (int) $group_id; | |
| $result = $db->sql_query($sql); | |
| $row = $db->sql_fetchrow($result); | |
| $db->sql_freeresult($result); | |
| if (!$row) | |
| { | |
| return false; | |
| } | |
| $allowed_groupname = utf8_clean_string($row['group_name']); | |
| if ($allowed_groupname == $group_name) | |
| { | |
| return false; | |
| } | |
| } | |
| $sql = 'SELECT group_name | |
| FROM ' . GROUPS_TABLE . " | |
| WHERE LOWER(group_name) = '" . $db->sql_escape(utf8_strtolower($group_name)) . "'"; | |
| $result = $db->sql_query($sql); | |
| $row = $db->sql_fetchrow($result); | |
| $db->sql_freeresult($result); | |
| if ($row) | |
| { | |
| return 'GROUP_NAME_TAKEN'; | |
| } | |
| return false; | |
| } | |
| /** | |
| * Set users default group | |
| * | |
| * @access private | |
| */ | |
| function group_set_user_default($group_id, $user_id_ary, $group_attributes = false, $update_listing = false) | |
| { | |
| global $config, $phpbb_container, $db, $phpbb_dispatcher; | |
| if (empty($user_id_ary)) | |
| { | |
| return; | |
| } | |
| $attribute_ary = array( | |
| 'group_colour' => 'string', | |
| 'group_rank' => 'int', | |
| 'group_avatar' => 'string', | |
| 'group_avatar_type' => 'string', | |
| 'group_avatar_width' => 'int', | |
| 'group_avatar_height' => 'int', | |
| ); | |
| $sql_ary = array( | |
| 'group_id' => $group_id | |
| ); | |
| // Were group attributes passed to the function? If not we need to obtain them | |
| if ($group_attributes === false) | |
| { | |
| $sql = 'SELECT ' . implode(', ', array_keys($attribute_ary)) . ' | |
| FROM ' . GROUPS_TABLE . " | |
| WHERE group_id = $group_id"; | |
| $result = $db->sql_query($sql); | |
| $group_attributes = $db->sql_fetchrow($result); | |
| $db->sql_freeresult($result); | |
| } | |
| foreach ($attribute_ary as $attribute => $type) | |
| { | |
| if (isset($group_attributes[$attribute])) | |
| { | |
| // If we are about to set an avatar or rank, we will not overwrite with empty, unless we are not actually changing the default group | |
| if ((strpos($attribute, 'group_avatar') === 0 || strpos($attribute, 'group_rank') === 0) && !$group_attributes[$attribute]) | |
| { | |
| continue; | |
| } | |
| settype($group_attributes[$attribute], $type); | |
| $sql_ary[str_replace('group_', 'user_', $attribute)] = $group_attributes[$attribute]; | |
| } | |
| } | |
| $updated_sql_ary = $sql_ary; | |
| // Before we update the user attributes, we will update the rank for users that don't have a custom rank | |
| if (isset($sql_ary['user_rank'])) | |
| { | |
| $sql = 'UPDATE ' . USERS_TABLE . ' | |
| SET ' . $db->sql_build_array('UPDATE', array('user_rank' => $sql_ary['user_rank'])) . ' | |
| WHERE user_rank = 0 | |
| AND ' . $db->sql_in_set('user_id', $user_id_ary); | |
| $db->sql_query($sql); | |
| unset($sql_ary['user_rank']); | |
| } | |
| // Before we update the user attributes, we will update the avatar for users that don't have a custom avatar | |
| $avatar_options = array('user_avatar', 'user_avatar_type', 'user_avatar_height', 'user_avatar_width'); | |
| if (isset($sql_ary['user_avatar'])) | |
| { | |
| $avatar_sql_ary = array(); | |
| foreach ($avatar_options as $avatar_option) | |
| { | |
| if (isset($sql_ary[$avatar_option])) | |
| { | |
| $avatar_sql_ary[$avatar_option] = $sql_ary[$avatar_option]; | |
| } | |
| } | |
| $sql = 'UPDATE ' . USERS_TABLE . ' | |
| SET ' . $db->sql_build_array('UPDATE', $avatar_sql_ary) . " | |
| WHERE user_avatar = '' | |
| AND " . $db->sql_in_set('user_id', $user_id_ary); | |
| $db->sql_query($sql); | |
| } | |
| // Remove the avatar options, as we already updated them | |
| foreach ($avatar_options as $avatar_option) | |
| { | |
| unset($sql_ary[$avatar_option]); | |
| } | |
| if (!empty($sql_ary)) | |
| { | |
| $sql = 'UPDATE ' . USERS_TABLE . ' | |
| SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' | |
| WHERE ' . $db->sql_in_set('user_id', $user_id_ary); | |
| $db->sql_query($sql); | |
| } | |
| if (isset($sql_ary['user_colour'])) | |
| { | |
| // Update any cached colour information for these users | |
| $sql = 'UPDATE ' . FORUMS_TABLE . " | |
| SET forum_last_poster_colour = '" . $db->sql_escape($sql_ary['user_colour']) . "' | |
| WHERE " . $db->sql_in_set('forum_last_poster_id', $user_id_ary); | |
| $db->sql_query($sql); | |
| $sql = 'UPDATE ' . TOPICS_TABLE . " | |
| SET topic_first_poster_colour = '" . $db->sql_escape($sql_ary['user_colour']) . "' | |
| WHERE " . $db->sql_in_set('topic_poster', $user_id_ary); | |
| $db->sql_query($sql); | |
| $sql = 'UPDATE ' . TOPICS_TABLE . " | |
| SET topic_last_poster_colour = '" . $db->sql_escape($sql_ary['user_colour']) . "' | |
| WHERE " . $db->sql_in_set('topic_last_poster_id', $user_id_ary); | |
| $db->sql_query($sql); | |
| if (in_array($config['newest_user_id'], $user_id_ary)) | |
| { | |
| $config->set('newest_user_colour', $sql_ary['user_colour'], false); | |
| } | |
| } | |
| // Make all values available for the event | |
| $sql_ary = $updated_sql_ary; | |
| /** | |
| * Event when the default group is set for an array of users | |
| * | |
| * @event core.user_set_default_group | |
| * @var int group_id ID of the group | |
| * @var array user_id_ary IDs of the users | |
| * @var array group_attributes Group attributes which were changed | |
| * @var array update_listing Update the list of moderators and foes | |
| * @var array sql_ary User attributes which were changed | |
| * @since 3.1.0-a1 | |
| */ | |
| $vars = array('group_id', 'user_id_ary', 'group_attributes', 'update_listing', 'sql_ary'); | |
| extract($phpbb_dispatcher->trigger_event('core.user_set_default_group', compact($vars))); | |
| if ($update_listing) | |
| { | |
| group_update_listings($group_id); | |
| } | |
| // Because some tables/caches use usercolour-specific data we need to purge this here. | |
| $phpbb_container->get('cache.driver')->destroy('sql', MODERATOR_CACHE_TABLE); | |
| } | |
| /** | |
| * Get group name | |
| */ | |
| function get_group_name($group_id) | |
| { | |
| global $db, $phpbb_container; | |
| $sql = 'SELECT group_name, group_type | |
| FROM ' . GROUPS_TABLE . ' | |
| WHERE group_id = ' . (int) $group_id; | |
| $result = $db->sql_query($sql); | |
| $row = $db->sql_fetchrow($result); | |
| $db->sql_freeresult($result); | |
| if (!$row) | |
| { | |
| return ''; | |
| } | |
| /** @var \phpbb\group\helper $group_helper */ | |
| $group_helper = $phpbb_container->get('group_helper'); | |
| return $group_helper->get_name($row['group_name']); | |
| } | |
| /** | |
| * Obtain either the members of a specified group, the groups the specified user is subscribed to | |
| * or checking if a specified user is in a specified group. This function does not return pending memberships. | |
| * | |
| * Note: Never use this more than once... first group your users/groups | |
| */ | |
| function group_memberships($group_id_ary = false, $user_id_ary = false, $return_bool = false) | |
| { | |
| global $db; | |
| if (!$group_id_ary && !$user_id_ary) | |
| { | |
| return true; | |
| } | |
| if ($user_id_ary) | |
| { | |
| $user_id_ary = (!is_array($user_id_ary)) ? array($user_id_ary) : $user_id_ary; | |
| } | |
| if ($group_id_ary) | |
| { | |
| $group_id_ary = (!is_array($group_id_ary)) ? array($group_id_ary) : $group_id_ary; | |
| } | |
| $sql = 'SELECT ug.*, u.username, u.username_clean, u.user_email | |
| FROM ' . USER_GROUP_TABLE . ' ug, ' . USERS_TABLE . ' u | |
| WHERE ug.user_id = u.user_id | |
| AND ug.user_pending = 0 AND '; | |
| if ($group_id_ary) | |
| { | |
| $sql .= ' ' . $db->sql_in_set('ug.group_id', $group_id_ary); | |
| } | |
| if ($user_id_ary) | |
| { | |
| $sql .= ($group_id_ary) ? ' AND ' : ' '; | |
| $sql .= $db->sql_in_set('ug.user_id', $user_id_ary); | |
| } | |
| $result = ($return_bool) ? $db->sql_query_limit($sql, 1) : $db->sql_query($sql); | |
| $row = $db->sql_fetchrow($result); | |
| if ($return_bool) | |
| { | |
| $db->sql_freeresult($result); | |
| return ($row) ? true : false; | |
| } | |
| if (!$row) | |
| { | |
| return false; | |
| } | |
| $return = array(); | |
| do | |
| { | |
| $return[] = $row; | |
| } | |
| while ($row = $db->sql_fetchrow($result)); | |
| $db->sql_freeresult($result); | |
| return $return; | |
| } | |
| /** | |
| * Re-cache moderators and foes if group has a_ or m_ permissions | |
| */ | |
| function group_update_listings($group_id) | |
| { | |
| global $db, $cache, $auth; | |
| $hold_ary = $auth->acl_group_raw_data($group_id, array('a_', 'm_')); | |
| if (empty($hold_ary)) | |
| { | |
| return; | |
| } | |
| $mod_permissions = $admin_permissions = false; | |
| foreach ($hold_ary as $g_id => $forum_ary) | |
| { | |
| foreach ($forum_ary as $forum_id => $auth_ary) | |
| { | |
| foreach ($auth_ary as $auth_option => $setting) | |
| { | |
| if ($mod_permissions && $admin_permissions) | |
| { | |
| break 3; | |
| } | |
| if ($setting != ACL_YES) | |
| { | |
| continue; | |
| } | |
| if ($auth_option == 'm_') | |
| { | |
| $mod_permissions = true; | |
| } | |
| if ($auth_option == 'a_') | |
| { | |
| $admin_permissions = true; | |
| } | |
| } | |
| } | |
| } | |
| if ($mod_permissions) | |
| { | |
| if (!function_exists('phpbb_cache_moderators')) | |
| { | |
| global $phpbb_root_path, $phpEx; | |
| include($phpbb_root_path . 'includes/functions_admin.' . $phpEx); | |
| } | |
| phpbb_cache_moderators($db, $cache, $auth); | |
| } | |
| if ($mod_permissions || $admin_permissions) | |
| { | |
| if (!function_exists('phpbb_update_foes')) | |
| { | |
| global $phpbb_root_path, $phpEx; | |
| include($phpbb_root_path . 'includes/functions_admin.' . $phpEx); | |
| } | |
| phpbb_update_foes($db, $auth, array($group_id)); | |
| } | |
| } | |
| /** | |
| * Funtion to make a user leave the NEWLY_REGISTERED system group. | |
| * @access public | |
| * @param int $user_id The id of the user to remove from the group | |
| * @param mixed $user_data The id of the user to remove from the group | |
| */ | |
| function remove_newly_registered($user_id, $user_data = false) | |
| { | |
| global $db; | |
| if ($user_data === false) | |
| { | |
| $sql = 'SELECT * | |
| FROM ' . USERS_TABLE . ' | |
| WHERE user_id = ' . $user_id; | |
| $result = $db->sql_query($sql); | |
| $user_row = $db->sql_fetchrow($result); | |
| $db->sql_freeresult($result); | |
| if (!$user_row) | |
| { | |
| return false; | |
| } | |
| else | |
| { | |
| $user_data = $user_row; | |
| } | |
| } | |
| $sql = 'SELECT group_id | |
| FROM ' . GROUPS_TABLE . " | |
| WHERE group_name = 'NEWLY_REGISTERED' | |
| AND group_type = " . GROUP_SPECIAL; | |
| $result = $db->sql_query($sql); | |
| $group_id = (int) $db->sql_fetchfield('group_id'); | |
| $db->sql_freeresult($result); | |
| if (!$group_id) | |
| { | |
| return false; | |
| } | |
| // We need to call group_user_del here, because this function makes sure everything is correctly changed. | |
| // Force function to not log the removal of users from newly registered users group | |
| group_user_del($group_id, $user_id, false, false, false); | |
| // Set user_new to 0 to let this not be triggered again | |
| $sql = 'UPDATE ' . USERS_TABLE . ' | |
| SET user_new = 0 | |
| WHERE user_id = ' . $user_id; | |
| $db->sql_query($sql); | |
| // The new users group was the users default group? | |
| if ($user_data['group_id'] == $group_id) | |
| { | |
| // Which group is now the users default one? | |
| $sql = 'SELECT group_id | |
| FROM ' . USERS_TABLE . ' | |
| WHERE user_id = ' . $user_id; | |
| $result = $db->sql_query($sql); | |
| $user_data['group_id'] = $db->sql_fetchfield('group_id'); | |
| $db->sql_freeresult($result); | |
| } | |
| return $user_data['group_id']; | |
| } | |
| /** | |
| * Gets user ids of currently banned registered users. | |
| * | |
| * @param array $user_ids Array of users' ids to check for banning, | |
| * leave empty to get complete list of banned ids | |
| * @param bool|int $ban_end Bool True to get users currently banned | |
| * Bool False to only get permanently banned users | |
| * Int Unix timestamp to get users banned until that time | |
| * @return array Array of banned users' ids if any, empty array otherwise | |
| */ | |
| function phpbb_get_banned_user_ids($user_ids = array(), $ban_end = true) | |
| { | |
| global $db; | |
| $sql_user_ids = (!empty($user_ids)) ? $db->sql_in_set('ban_userid', $user_ids) : 'ban_userid <> 0'; | |
| // Get banned User ID's | |
| // Ignore stale bans which were not wiped yet | |
| $banned_ids_list = array(); | |
| $sql = 'SELECT ban_userid | |
| FROM ' . BANLIST_TABLE . " | |
| WHERE $sql_user_ids | |
| AND ban_exclude <> 1"; | |
| if ($ban_end === true) | |
| { | |
| // Banned currently | |
| $sql .= " AND (ban_end > " . time() . ' | |
| OR ban_end = 0)'; | |
| } | |
| else if ($ban_end === false) | |
| { | |
| // Permanently banned | |
| $sql .= " AND ban_end = 0"; | |
| } | |
| else | |
| { | |
| // Banned until a specified time | |
| $sql .= " AND (ban_end > " . (int) $ban_end . ' | |
| OR ban_end = 0)'; | |
| } | |
| $result = $db->sql_query($sql); | |
| while ($row = $db->sql_fetchrow($result)) | |
| { | |
| $user_id = (int) $row['ban_userid']; | |
| $banned_ids_list[$user_id] = $user_id; | |
| } | |
| $db->sql_freeresult($result); | |
| return $banned_ids_list; | |
| } | |
| /** | |
| * Function for assigning a template var if the zebra module got included | |
| */ | |
| function phpbb_module_zebra($mode, &$module_row) | |
| { | |
| global $template; | |
| $template->assign_var('S_ZEBRA_ENABLED', true); | |
| if ($mode == 'friends') | |
| { | |
| $template->assign_var('S_ZEBRA_FRIENDS_ENABLED', true); | |
| } | |
| if ($mode == 'foes') | |
| { | |
| $template->assign_var('S_ZEBRA_FOES_ENABLED', true); | |
| } | |
| } |