[ Index ]

PHP Cross Reference of MyBB 1.8.8

title

Body

[close]

/inc/datahandlers/ -> user.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  // Disallow direct access to this file for security reasons
  12  if(!defined("IN_MYBB"))
  13  {
  14      die("Direct initialization of this file is not allowed.<br /><br />Please make sure IN_MYBB is defined.");
  15  }
  16  
  17  /**
  18   * User handling class, provides common structure to handle user data.
  19   *
  20   */
  21  class UserDataHandler extends DataHandler
  22  {
  23      /**
  24      * The language file used in the data handler.
  25      *
  26      * @var string
  27      */
  28      public $language_file = 'datahandler_user';
  29  
  30      /**
  31      * The prefix for the language variables used in the data handler.
  32      *
  33      * @var string
  34      */
  35      public $language_prefix = 'userdata';
  36  
  37      /**
  38       * Array of data inserted in to a user.
  39       *
  40       * @var array
  41       */
  42      public $user_insert_data = array();
  43  
  44      /**
  45       * Array of data used to update a user.
  46       *
  47       * @var array
  48       */
  49      public $user_update_data = array();
  50  
  51      /**
  52       * User ID currently being manipulated by the datahandlers.
  53       *
  54       * @var int
  55       */
  56      public $uid = 0;
  57  
  58      /**
  59       * Values to be returned after inserting/deleting an user.
  60       *
  61       * @var array
  62       */
  63      public $return_values = array();
  64  
  65      /**
  66       * @var array
  67       */
  68      var $delete_uids = array();
  69  
  70      /**
  71       * @var int
  72       */
  73      var $deleted_users = 0;
  74  
  75      /**
  76       * Verifies if a username is valid or invalid.
  77       *
  78       * @return boolean True when valid, false when invalid.
  79       */
  80  	function verify_username()
  81      {
  82          global $mybb;
  83  
  84          $username = &$this->data['username'];
  85          require_once  MYBB_ROOT.'inc/functions_user.php';
  86  
  87          // Fix bad characters
  88          $username = trim_blank_chrs($username);
  89          $username = str_replace(array(unichr(160), unichr(173), unichr(0xCA), dec_to_utf8(8238), dec_to_utf8(8237), dec_to_utf8(8203)), array(" ", "-", "", "", "", ""), $username);
  90  
  91          // Remove multiple spaces from the username
  92          $username = preg_replace("#\s{2,}#", " ", $username);
  93  
  94          // Check if the username is not empty.
  95          if($username == '')
  96          {
  97              $this->set_error('missing_username');
  98              return false;
  99          }
 100  
 101          // Check if the username belongs to the list of banned usernames.
 102          if(is_banned_username($username, true))
 103          {
 104              $this->set_error('banned_username');
 105              return false;
 106          }
 107  
 108          // Check for certain characters in username (<, >, &, commas and slashes)
 109          if(strpos($username, "<") !== false || strpos($username, ">") !== false || strpos($username, "&") !== false || my_strpos($username, "\\") !== false || strpos($username, ";") !== false || strpos($username, ",") !== false || !validate_utf8_string($username, false, false))
 110          {
 111              $this->set_error("bad_characters_username");
 112              return false;
 113          }
 114  
 115          // Check if the username is of the correct length.
 116          if(($mybb->settings['maxnamelength'] != 0 && my_strlen($username) > $mybb->settings['maxnamelength']) || ($mybb->settings['minnamelength'] != 0 && my_strlen($username) < $mybb->settings['minnamelength']))
 117          {
 118              $this->set_error('invalid_username_length', array($mybb->settings['minnamelength'], $mybb->settings['maxnamelength']));
 119              return false;
 120          }
 121  
 122          return true;
 123      }
 124  
 125      /**
 126       * Verifies if a usertitle is valid or invalid.
 127       *
 128       * @return boolean True when valid, false when invalid.
 129       */
 130  	function verify_usertitle()
 131      {
 132          global $mybb;
 133  
 134          $usertitle = &$this->data['usertitle'];
 135  
 136          // Check if the usertitle is of the correct length.
 137          if($mybb->settings['customtitlemaxlength'] != 0 && my_strlen($usertitle) > $mybb->settings['customtitlemaxlength'])
 138          {
 139              $this->set_error('invalid_usertitle_length', $mybb->settings['customtitlemaxlength']);
 140              return false;
 141          }
 142  
 143          return true;
 144      }
 145  
 146      /**
 147       * Verifies if a username is already in use or not.
 148       *
 149       * @return boolean False when the username is not in use, true when it is.
 150       */
 151  	function verify_username_exists()
 152      {
 153          $username = &$this->data['username'];
 154  
 155          $user = get_user_by_username(trim($username));
 156  
 157          if(!empty($this->data['uid']) && !empty($user['uid']) && $user['uid'] == $this->data['uid'])
 158          {
 159              unset($user);
 160          }
 161  
 162          if(!empty($user['uid']))
 163          {
 164              $this->set_error("username_exists", array($username));
 165              return true;
 166          }
 167  
 168          return false;
 169      }
 170  
 171      /**
 172      * Verifies if a new password is valid or not.
 173      *
 174      * @return boolean True when valid, false when invalid.
 175      */
 176  	function verify_password()
 177      {
 178          global $mybb;
 179  
 180          $user = &$this->data;
 181  
 182          // Always check for the length of the password.
 183          if(my_strlen($user['password']) < $mybb->settings['minpasswordlength'] || my_strlen($user['password']) > $mybb->settings['maxpasswordlength'])
 184          {
 185              $this->set_error('invalid_password_length', array($mybb->settings['minpasswordlength'], $mybb->settings['maxpasswordlength']));
 186              return false;
 187          }
 188  
 189          // Has the user tried to use their email address or username as a password?
 190          if($user['email'] === $user['password'] || $user['username'] === $user['password'])
 191          {
 192              $this->set_error('bad_password_security');
 193              return false;
 194          }
 195  
 196          // See if the board has "require complex passwords" enabled.
 197          if($mybb->settings['requirecomplexpasswords'] == 1)
 198          {
 199              // Complex passwords required, do some extra checks.
 200              // First, see if there is one or more complex character(s) in the password.
 201              if(!preg_match("/^.*(?=.{".$mybb->settings['minpasswordlength'].",})(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).*$/", $user['password']))
 202              {
 203                  $this->set_error('no_complex_characters', array($mybb->settings['minpasswordlength']));
 204                  return false;
 205              }
 206          }
 207  
 208          // If we have a "password2" check if they both match
 209          if(isset($user['password2']) && $user['password'] !== $user['password2'])
 210          {
 211              $this->set_error("passwords_dont_match");
 212              return false;
 213          }
 214  
 215          // MD5 the password
 216          $user['md5password'] = md5($user['password']);
 217  
 218          // Generate our salt
 219          $user['salt'] = generate_salt();
 220  
 221          // Combine the password and salt
 222          $user['saltedpw'] = salt_password($user['md5password'], $user['salt']);
 223  
 224          // Generate the user login key
 225          $user['loginkey'] = generate_loginkey();
 226  
 227          return true;
 228      }
 229  
 230      /**
 231      * Verifies usergroup selections and other group details.
 232      *
 233      * @return boolean True when valid, false when invalid.
 234      */
 235  	function verify_usergroup()
 236      {
 237          return true;
 238      }
 239      /**
 240      * Verifies if an email address is valid or not.
 241      *
 242      * @return boolean True when valid, false when invalid.
 243      */
 244  	function verify_email()
 245      {
 246          global $mybb;
 247  
 248          $user = &$this->data;
 249  
 250          // Check if an email address has actually been entered.
 251          if(trim_blank_chrs($user['email']) == '')
 252          {
 253              $this->set_error('missing_email');
 254              return false;
 255          }
 256  
 257          // Check if this is a proper email address.
 258          if(!validate_email_format($user['email']))
 259          {
 260              $this->set_error('invalid_email_format');
 261              return false;
 262          }
 263  
 264          // Check banned emails
 265          if(is_banned_email($user['email'], true))
 266          {
 267              $this->set_error('banned_email');
 268              return false;
 269          }
 270  
 271          // Check signed up emails
 272          // Ignore the ACP because the Merge System sometimes produces users with duplicate email addresses (Not A Bug)
 273          if($mybb->settings['allowmultipleemails'] == 0 && !defined("IN_ADMINCP"))
 274          {
 275              $uid = 0;
 276              if(isset($user['uid']))
 277              {
 278                  $uid = $user['uid'];
 279              }
 280              if(email_already_in_use($user['email'], $uid))
 281              {
 282                  $this->set_error('email_already_in_use');
 283                  return false;
 284              }
 285          }
 286  
 287          // If we have an "email2", verify it matches the existing email
 288          if(isset($user['email2']) && $user['email'] != $user['email2'])
 289          {
 290              $this->set_error("emails_dont_match");
 291              return false;
 292          }
 293  
 294          return true;
 295      }
 296  
 297      /**
 298      * Verifies if a website is valid or not.
 299      *
 300      * @return boolean True when valid, false when invalid.
 301      */
 302  	function verify_website()
 303      {
 304          $website = &$this->data['website'];
 305  
 306          if(!empty($website) && !my_validate_url($website))
 307          {
 308              $website = 'http://'.$website;
 309          }
 310  
 311          if(!empty($website) && !my_validate_url($website))
 312          {
 313              $this->set_error('invalid_website');
 314              return false;
 315          }
 316  
 317          return true;
 318      }
 319  
 320      /**
 321       * Verifies if an ICQ number is valid or not.
 322       *
 323       * @return boolean True when valid, false when invalid.
 324       */
 325  	function verify_icq()
 326      {
 327          $icq = &$this->data['icq'];
 328  
 329          if($icq != '' && !is_numeric($icq))
 330          {
 331              $this->set_error("invalid_icq_number");
 332              return false;
 333          }
 334          $icq = (int)$icq;
 335          return true;
 336      }
 337  
 338      /**
 339      * Verifies if a birthday is valid or not.
 340      *
 341      * @return boolean True when valid, false when invalid.
 342      */
 343  	function verify_birthday()
 344      {
 345          global $mybb;
 346  
 347          $user = &$this->data;
 348          $birthday = &$user['birthday'];
 349  
 350          if(!is_array($birthday))
 351          {
 352              return true;
 353          }
 354  
 355          // Sanitize any input we have
 356          $birthday['day'] = (int)$birthday['day'];
 357          $birthday['month'] = (int)$birthday['month'];
 358          $birthday['year'] = (int)$birthday['year'];
 359  
 360          // Error if a day and month exists, and the birthday day and range is not in range
 361          if($birthday['day'] != 0 || $birthday['month'] != 0)
 362          {
 363              if($birthday['day'] < 1 || $birthday['day'] > 31 || $birthday['month'] < 1 || $birthday['month'] > 12 || ($birthday['month'] == 2 && $birthday['day'] > 29))
 364              {
 365                  $this->set_error("invalid_birthday");
 366                  return false;
 367              }
 368          }
 369  
 370          // Check if the day actually exists.
 371          $months = get_bdays($birthday['year']);
 372          if($birthday['month'] != 0 && $birthday['day'] > $months[$birthday['month']-1])
 373          {
 374              $this->set_error("invalid_birthday");
 375              return false;
 376          }
 377  
 378          // Error if a year exists and the year is out of range
 379          if($birthday['year'] != 0 && ($birthday['year'] < (date("Y")-100)) || $birthday['year'] > date("Y"))
 380          {
 381              $this->set_error("invalid_birthday");
 382              return false;
 383          }
 384          else if($birthday['year'] == date("Y"))
 385          {
 386              // Error if birth date is in future
 387              if($birthday['month'] > date("m") || ($birthday['month'] == date("m") && $birthday['day'] > date("d")))
 388              {
 389                  $this->set_error("invalid_birthday");
 390                  return false;
 391              }
 392          }
 393  
 394          // Error if COPPA is on, and the user hasn't verified their age / under 13
 395          if($mybb->settings['coppa'] == "enabled" && ($birthday['year'] == 0 || !$birthday['year']))
 396          {
 397              $this->set_error("invalid_birthday_coppa");
 398              return false;
 399          }
 400          elseif(($mybb->settings['coppa'] == "deny" && $birthday['year'] > (date("Y")-13)) && !is_moderator())
 401          {
 402              $this->set_error("invalid_birthday_coppa2");
 403              return false;
 404          }
 405  
 406          // Make the user's birthday field
 407          if($birthday['year'] != 0)
 408          {
 409              // If the year is specified, put together a d-m-y string
 410              $user['bday'] = $birthday['day']."-".$birthday['month']."-".$birthday['year'];
 411          }
 412          elseif($birthday['day'] && $birthday['month'])
 413          {
 414              // If only a day and month are specified, put together a d-m string
 415              $user['bday'] = $birthday['day']."-".$birthday['month']."-";
 416          }
 417          else
 418          {
 419              // No field is specified, so return an empty string for an unknown birthday
 420              $user['bday'] = '';
 421          }
 422          return true;
 423      }
 424  
 425      /**
 426       * Verifies if the birthday privacy option is valid or not.
 427       *
 428       * @return boolean True when valid, false when invalid.
 429       */
 430  	function verify_birthday_privacy()
 431      {
 432          $birthdayprivacy = &$this->data['birthdayprivacy'];
 433          $accepted = array(
 434                      'none',
 435                      'age',
 436                      'all');
 437  
 438          if(!in_array($birthdayprivacy, $accepted))
 439          {
 440              $this->set_error("invalid_birthday_privacy");
 441              return false;
 442          }
 443          return true;
 444      }
 445  
 446      /**
 447      * Verifies if the post count field is filled in correctly.
 448      *
 449      * @return boolean True when valid, false when invalid.
 450      */
 451  	function verify_postnum()
 452      {
 453          $user = &$this->data;
 454  
 455          if(isset($user['postnum']) && $user['postnum'] < 0)
 456          {
 457              $this->set_error("invalid_postnum");
 458              return false;
 459          }
 460  
 461          return true;
 462      }
 463  
 464      /**
 465      * Verifies if the thread count field is filled in correctly.
 466      *
 467      * @return boolean True when valid, false when invalid.
 468      */
 469  	function verify_threadnum()
 470      {
 471          $user = &$this->data;
 472  
 473          if(isset($user['threadnum']) && $user['threadnum'] < 0)
 474          {
 475              $this->set_error("invalid_threadnum");
 476              return false;
 477          }
 478  
 479          return true;
 480      }
 481  
 482      /**
 483      * Verifies if a profile fields are filled in correctly.
 484      *
 485      * @return boolean True when valid, false when invalid.
 486      */
 487  	function verify_profile_fields()
 488      {
 489          global $db, $cache;
 490  
 491          $user = &$this->data;
 492          $profile_fields = &$this->data['profile_fields'];
 493  
 494          // Loop through profile fields checking if they exist or not and are filled in.
 495  
 496          // Fetch all profile fields first.
 497          $pfcache = $cache->read('profilefields');
 498  
 499          if(is_array($pfcache))
 500          {
 501              // Then loop through the profile fields.
 502              foreach($pfcache as $profilefield)
 503              {
 504                  if(isset($this->data['profile_fields_editable']) || isset($this->data['registration']) && ($profilefield['required'] == 1 || $profilefield['registration'] == 1))
 505                  {
 506                      $profilefield['editableby'] = -1;
 507                  }
 508  
 509                  if(!is_member($profilefield['editableby'], array('usergroup' => $user['usergroup'], 'additionalgroups' => $user['additionalgroups'])))
 510                  {
 511                      continue;
 512                  }
 513  
 514                  // Does this field have a minimum post count?
 515                  if(!isset($this->data['profile_fields_editable']) && !empty($profilefield['postnum']) && $profilefield['postnum'] > $user['postnum'])
 516                  {
 517                      continue;
 518                  }
 519  
 520                  $profilefield['type'] = htmlspecialchars_uni($profilefield['type']);
 521                  $profilefield['name'] = htmlspecialchars_uni($profilefield['name']);
 522                  $thing = explode("\n", $profilefield['type'], "2");
 523                  $type = trim($thing[0]);
 524                  $field = "fid{$profilefield['fid']}";
 525  
 526                  if(!isset($profile_fields[$field]))
 527                  {
 528                      $profile_fields[$field] = '';
 529                  }
 530  
 531                  // If the profile field is required, but not filled in, present error.
 532                  if($type != "multiselect" && $type != "checkbox")
 533                  {
 534                      if(trim($profile_fields[$field]) == "" && $profilefield['required'] == 1 && !defined('IN_ADMINCP') && THIS_SCRIPT != "modcp.php")
 535                      {
 536                          $this->set_error('missing_required_profile_field', array($profilefield['name']));
 537                      }
 538                  }
 539                  elseif(($type == "multiselect" || $type == "checkbox") && $profile_fields[$field] == "" && $profilefield['required'] == 1 && !defined('IN_ADMINCP') && THIS_SCRIPT != "modcp.php")
 540                  {
 541                      $this->set_error('missing_required_profile_field', array($profilefield['name']));
 542                  }
 543  
 544                  // Sort out multiselect/checkbox profile fields.
 545                  $options = '';
 546                  if(($type == "multiselect" || $type == "checkbox") && is_array($profile_fields[$field]))
 547                  {
 548                      $expoptions = explode("\n", $thing[1]);
 549                      $expoptions = array_map('trim', $expoptions);
 550                      foreach($profile_fields[$field] as $value)
 551                      {
 552                          if(!in_array(htmlspecialchars_uni($value), $expoptions))
 553                          {
 554                              $this->set_error('bad_profile_field_values', array($profilefield['name']));
 555                          }
 556                          if($options)
 557                          {
 558                              $options .= "\n";
 559                          }
 560                          $options .= $db->escape_string($value);
 561                      }
 562                  }
 563                  elseif($type == "select" || $type == "radio")
 564                  {
 565                      $expoptions = explode("\n", $thing[1]);
 566                      $expoptions = array_map('trim', $expoptions);
 567                      if(!in_array(htmlspecialchars_uni($profile_fields[$field]), $expoptions) && trim($profile_fields[$field]) != "")
 568                      {
 569                          $this->set_error('bad_profile_field_values', array($profilefield['name']));
 570                      }
 571                      $options = $db->escape_string($profile_fields[$field]);
 572                  }
 573                  else
 574                  {
 575                      if($profilefield['maxlength'] > 0 && my_strlen($profile_fields[$field]) > $profilefield['maxlength'])
 576                      {
 577                          $this->set_error('max_limit_reached', array($profilefield['name'], $profilefield['maxlength']));
 578                      }
 579  
 580                      if(!empty($profilefield['regex']) && !preg_match("#".$profilefield['regex']."#i", $profile_fields[$field]))
 581                      {
 582                          $this->set_error('bad_profile_field_value', array($profilefield['name']));
 583                      }
 584  
 585                      $options = $db->escape_string($profile_fields[$field]);
 586                  }
 587                  $user['user_fields'][$field] = $options;
 588              }
 589          }
 590  
 591          return true;
 592      }
 593  
 594      /**
 595      * Verifies if an optionally entered referrer exists or not.
 596      *
 597      * @return boolean True when valid, false when invalid.
 598      */
 599  	function verify_referrer()
 600      {
 601          global $db, $mybb;
 602  
 603          $user = &$this->data;
 604  
 605          // Does the referrer exist or not?
 606          if($mybb->settings['usereferrals'] == 1 && $user['referrer'] != '')
 607          {
 608              $referrer = get_user_by_username($user['referrer']);
 609  
 610              if(empty($referrer['uid']))
 611              {
 612                  $this->set_error('invalid_referrer', array($user['referrer']));
 613                  return false;
 614              }
 615  
 616              $user['referrer_uid'] = $referrer['uid'];
 617          }
 618          else
 619          {
 620              $user['referrer_uid'] = 0;
 621          }
 622  
 623          return true;
 624      }
 625  
 626      /**
 627      * Verifies user options.
 628      *
 629      * @return boolean True when valid, false when invalid.
 630      */
 631  	function verify_options()
 632      {
 633          global $mybb;
 634  
 635          $options = &$this->data['options'];
 636  
 637          // Verify yes/no options.
 638          $this->verify_yesno_option($options, 'allownotices', 1);
 639          $this->verify_yesno_option($options, 'hideemail', 0);
 640          $this->verify_yesno_option($options, 'receivepms', 1);
 641          $this->verify_yesno_option($options, 'receivefrombuddy', 0);
 642          $this->verify_yesno_option($options, 'pmnotice', 1);
 643          $this->verify_yesno_option($options, 'pmnotify', 1);
 644          $this->verify_yesno_option($options, 'invisible', 0);
 645          $this->verify_yesno_option($options, 'showimages', 1);
 646          $this->verify_yesno_option($options, 'showvideos', 1);
 647          $this->verify_yesno_option($options, 'showsigs', 1);
 648          $this->verify_yesno_option($options, 'showavatars', 1);
 649          $this->verify_yesno_option($options, 'showquickreply', 1);
 650          $this->verify_yesno_option($options, 'showredirect', 1);
 651          $this->verify_yesno_option($options, 'showcodebuttons', 1);
 652          $this->verify_yesno_option($options, 'sourceeditor', 0);
 653          $this->verify_yesno_option($options, 'buddyrequestspm', 1);
 654          $this->verify_yesno_option($options, 'buddyrequestsauto', 0);
 655  
 656          if($mybb->settings['postlayout'] == 'classic')
 657          {
 658              $this->verify_yesno_option($options, 'classicpostbit', 1);
 659          }
 660          else
 661          {
 662              $this->verify_yesno_option($options, 'classicpostbit', 0);
 663          }
 664  
 665          if(array_key_exists('subscriptionmethod', $options))
 666          {
 667              // Value out of range
 668              $options['subscriptionmethod'] = (int)$options['subscriptionmethod'];
 669              if($options['subscriptionmethod'] < 0 || $options['subscriptionmethod'] > 3)
 670              {
 671                  $options['subscriptionmethod'] = 0;
 672              }
 673          }
 674  
 675          if(array_key_exists('dstcorrection', $options))
 676          {
 677              // Value out of range
 678              $options['dstcorrection'] = (int)$options['dstcorrection'];
 679              if($options['dstcorrection'] < 0 || $options['dstcorrection'] > 2)
 680              {
 681                  $options['dstcorrection'] = 0;
 682              }
 683          }
 684  
 685          if($options['dstcorrection'] == 1)
 686          {
 687              $options['dst'] = 1;
 688          }
 689          else if($options['dstcorrection'] == 0)
 690          {
 691              $options['dst'] = 0;
 692          }
 693  
 694          if($this->method == "insert" || (isset($options['threadmode']) && $options['threadmode'] != "linear" && $options['threadmode'] != "threaded"))
 695          {
 696              if($mybb->settings['threadusenetstyle'])
 697              {
 698                  $options['threadmode'] = 'threaded';
 699              }
 700              else
 701              {
 702                  $options['threadmode'] = 'linear';
 703              }
 704          }
 705  
 706          // Verify the "threads per page" option.
 707          if($this->method == "insert" || (array_key_exists('tpp', $options) && $mybb->settings['usertppoptions']))
 708          {
 709              if(!isset($options['tpp']))
 710              {
 711                  $options['tpp'] = 0;
 712              }
 713              $explodedtpp = explode(",", $mybb->settings['usertppoptions']);
 714              if(is_array($explodedtpp))
 715              {
 716                  @asort($explodedtpp);
 717                  $biggest = $explodedtpp[count($explodedtpp)-1];
 718                  // Is the selected option greater than the allowed options?
 719                  if($options['tpp'] > $biggest)
 720                  {
 721                      $options['tpp'] = $biggest;
 722                  }
 723              }
 724              $options['tpp'] = (int)$options['tpp'];
 725          }
 726          // Verify the "posts per page" option.
 727          if($this->method == "insert" || (array_key_exists('ppp', $options) && $mybb->settings['userpppoptions']))
 728          {
 729              if(!isset($options['ppp']))
 730              {
 731                  $options['ppp'] = 0;
 732              }
 733              $explodedppp = explode(",", $mybb->settings['userpppoptions']);
 734              if(is_array($explodedppp))
 735              {
 736                  @asort($explodedppp);
 737                  $biggest = $explodedppp[count($explodedppp)-1];
 738                  // Is the selected option greater than the allowed options?
 739                  if($options['ppp'] > $biggest)
 740                  {
 741                      $options['ppp'] = $biggest;
 742                  }
 743              }
 744              $options['ppp'] = (int)$options['ppp'];
 745          }
 746          // Is our selected "days prune" option valid or not?
 747          if($this->method == "insert" || array_key_exists('daysprune', $options))
 748          {
 749              if(!isset($options['daysprune']))
 750              {
 751                  $options['daysprune'] = 0;
 752              }
 753              $options['daysprune'] = (int)$options['daysprune'];
 754              if($options['daysprune'] < 0)
 755              {
 756                  $options['daysprune'] = 0;
 757              }
 758          }
 759          $this->data['options'] = $options;
 760      }
 761  
 762      /**
 763       * Verifies if a registration date is valid or not.
 764       *
 765       * @return boolean True when valid, false when invalid.
 766       */
 767  	function verify_regdate()
 768      {
 769          $regdate = &$this->data['regdate'];
 770  
 771          $regdate = (int)$regdate;
 772          // If the timestamp is below 0, set it to the current time.
 773          if($regdate <= 0)
 774          {
 775              $regdate = TIME_NOW;
 776          }
 777          return true;
 778      }
 779  
 780      /**
 781       * Verifies if a last visit date is valid or not.
 782       *
 783       * @return boolean True when valid, false when invalid.
 784       */
 785  	function verify_lastvisit()
 786      {
 787          $lastvisit = &$this->data['lastvisit'];
 788  
 789          $lastvisit = (int)$lastvisit;
 790          // If the timestamp is below 0, set it to the current time.
 791          if($lastvisit <= 0)
 792          {
 793              $lastvisit = TIME_NOW;
 794          }
 795          return true;
 796  
 797      }
 798  
 799      /**
 800       * Verifies if a last active date is valid or not.
 801       *
 802       * @return boolean True when valid, false when invalid.
 803       */
 804  	function verify_lastactive()
 805      {
 806          $lastactive = &$this->data['lastactive'];
 807  
 808          $lastactive = (int)$lastactive;
 809          // If the timestamp is below 0, set it to the current time.
 810          if($lastactive <= 0)
 811          {
 812              $lastactive = TIME_NOW;
 813          }
 814          return true;
 815  
 816      }
 817  
 818      /**
 819       * Verifies if an away mode status is valid or not.
 820       *
 821       * @return boolean True when valid, false when invalid.
 822       */
 823  	function verify_away()
 824      {
 825          global $mybb;
 826  
 827          $user = &$this->data;
 828          // If the board does not allow "away mode" or the user is marking as not away, set defaults.
 829          if($mybb->settings['allowaway'] == 0 || !isset($user['away']['away']) || $user['away']['away'] != 1)
 830          {
 831              $user['away']['away'] = 0;
 832              $user['away']['date'] = 0;
 833              $user['away']['returndate'] = 0;
 834              $user['away']['awayreason'] = '';
 835              return true;
 836          }
 837          else if($user['away']['returndate'])
 838          {
 839              list($returnday, $returnmonth, $returnyear) = explode('-', $user['away']['returndate']);
 840              if(!$returnday || !$returnmonth || !$returnyear)
 841              {
 842                  $this->set_error("missing_returndate");
 843                  return false;
 844              }
 845  
 846              // Validate the return date lengths
 847              $user['away']['returndate'] = substr($returnday, 0, 2).'-'.substr($returnmonth, 0, 2).'-'.substr($returnyear, 0, 4);
 848          }
 849          return true;
 850      }
 851  
 852      /**
 853       * Verifies if a language is valid for this user or not.
 854       *
 855       * @return boolean True when valid, false when invalid.
 856       */
 857  	function verify_language()
 858      {
 859          global $lang;
 860  
 861          $language = &$this->data['language'];
 862  
 863          // An invalid language has been specified?
 864          if($language != '' && !$lang->language_exists($language))
 865          {
 866              $this->set_error("invalid_language");
 867              return false;
 868          }
 869          return true;
 870      }
 871  
 872      /**
 873       * Verifies if a style is valid for this user or not.
 874       *
 875       * @return boolean True when valid, false when invalid.
 876       */
 877  	function verify_style()
 878      {
 879          global $lang;
 880  
 881          $user = &$this->data;
 882  
 883          if($user['style'])
 884          {
 885              $theme = get_theme($user['style']);
 886  
 887              if(empty($theme) || !is_member($theme['allowedgroups'], $user) && $theme['allowedgroups'] != 'all')
 888              {
 889                  $this->set_error('invalid_style');
 890                  return false;
 891              }
 892          }
 893  
 894          return true;
 895      }
 896  
 897      /**
 898       * Verifies if this is coming from a spam bot or not
 899       *
 900       * @return boolean True when valid, false when invalid.
 901       */
 902  	function verify_checkfields()
 903      {
 904          $user = &$this->data;
 905  
 906          // An invalid language has been specified?
 907          if($user['regcheck1'] !== "" || $user['regcheck2'] !== "true")
 908          {
 909              $this->set_error("invalid_checkfield");
 910              return false;
 911          }
 912          return true;
 913      }
 914  
 915      /**
 916       * Verifies if the user timezone is valid.
 917       * If the timezone is invalid, the board default is used.
 918       *
 919       * @return boolean True when timezone was valid, false otherwise
 920       */
 921  	function verify_timezone()
 922      {
 923          $user = &$this->data;
 924  
 925          $timezones = get_supported_timezones();
 926  
 927          if(!array_key_exists($user['timezone'], $timezones))
 928          {
 929              $user['timezone'] = $mybb->settings['timezoneoffset'];
 930              return false;
 931          }
 932  
 933          return true;
 934      }
 935  
 936      /**
 937      * Validate all user assets.
 938      *
 939      * @return boolean True when valid, false when invalid.
 940      */
 941  	function validate_user()
 942      {
 943          global $mybb, $plugins;
 944  
 945          $user = &$this->data;
 946  
 947          // First, grab the old user details if this user exists
 948          if(!empty($user['uid']))
 949          {
 950              $old_user = get_user($user['uid']);
 951          }
 952  
 953          if($this->method == "insert" || array_key_exists('username', $user))
 954          {
 955              // If the username is the same - no need to verify
 956              if(!isset($old_user['username']) || $user['username'] != $old_user['username'])
 957              {
 958                  $this->verify_username();
 959                  $this->verify_username_exists();
 960              }
 961              else
 962              {
 963                  unset($user['username']);
 964              }
 965          }
 966          if($this->method == "insert" || array_key_exists('usertitle', $user))
 967          {
 968              $this->verify_usertitle();
 969          }
 970          if($this->method == "insert" || array_key_exists('password', $user))
 971          {
 972              $this->verify_password();
 973          }
 974          if($this->method == "insert" || array_key_exists('usergroup', $user))
 975          {
 976              $this->verify_usergroup();
 977          }
 978          if($this->method == "insert" || array_key_exists('email', $user))
 979          {
 980              $this->verify_email();
 981          }
 982          if($this->method == "insert" || array_key_exists('website', $user))
 983          {
 984              $this->verify_website();
 985          }
 986          if($this->method == "insert" || array_key_exists('icq', $user))
 987          {
 988              $this->verify_icq();
 989          }
 990          if($this->method == "insert" || (isset($user['birthday']) && is_array($user['birthday'])))
 991          {
 992              $this->verify_birthday();
 993          }
 994          if($this->method == "insert" || array_key_exists('postnum', $user))
 995          {
 996              $this->verify_postnum();
 997          }
 998          if($this->method == "insert" || array_key_exists('threadnum', $user))
 999          {
1000              $this->verify_threadnum();
1001          }
1002          if($this->method == "insert" || array_key_exists('profile_fields', $user))
1003          {
1004              $this->verify_profile_fields();
1005          }
1006          if($this->method == "insert" || array_key_exists('referrer', $user))
1007          {
1008              $this->verify_referrer();
1009          }
1010          if($this->method == "insert" || array_key_exists('options', $user))
1011          {
1012              $this->verify_options();
1013          }
1014          if($this->method == "insert" || array_key_exists('regdate', $user))
1015          {
1016              $this->verify_regdate();
1017          }
1018          if($this->method == "insert" || array_key_exists('lastvisit', $user))
1019          {
1020              $this->verify_lastvisit();
1021          }
1022          if($this->method == "insert" || array_key_exists('lastactive', $user))
1023          {
1024              $this->verify_lastactive();
1025          }
1026          if($this->method == "insert" || array_key_exists('away', $user))
1027          {
1028              $this->verify_away();
1029          }
1030          if($this->method == "insert" || array_key_exists('language', $user))
1031          {
1032              $this->verify_language();
1033          }
1034          if($this->method == "insert" || array_key_exists('timezone', $user))
1035          {
1036              $this->verify_timezone();
1037          }
1038          if($this->method == "insert" && array_key_exists('regcheck1', $user) && array_key_exists('regcheck2', $user))
1039          {
1040              $this->verify_checkfields();
1041          }
1042          if(array_key_exists('birthdayprivacy', $user))
1043          {
1044              $this->verify_birthday_privacy();
1045          }
1046          if($this->method == "insert" || array_key_exists('style', $user))
1047          {
1048              $this->verify_style();
1049          }
1050          if($this->method == "insert" || array_key_exists('signature', $user))
1051          {
1052              $this->verify_signature();
1053          }
1054  
1055          $plugins->run_hooks("datahandler_user_validate", $this);
1056  
1057          // We are done validating, return.
1058          $this->set_validated(true);
1059          if(count($this->get_errors()) > 0)
1060          {
1061              return false;
1062          }
1063          else
1064          {
1065              return true;
1066          }
1067      }
1068  
1069      /**
1070      * Inserts a user into the database.
1071      *
1072      * @return array
1073      */
1074  	function insert_user()
1075      {
1076          global $db, $cache, $plugins;
1077  
1078          // Yes, validating is required.
1079          if(!$this->get_validated())
1080          {
1081              die("The user needs to be validated before inserting it into the DB.");
1082          }
1083          if(count($this->get_errors()) > 0)
1084          {
1085              die("The user is not valid.");
1086          }
1087  
1088          $user = &$this->data;
1089  
1090          $array = array('postnum', 'threadnum', 'avatar', 'avatartype', 'additionalgroups', 'displaygroup', 'icq', 'aim', 'yahoo', 'skype', 'google', 'bday', 'signature', 'style', 'dateformat', 'timeformat', 'notepad');
1091          foreach($array as $value)
1092          {
1093              if(!isset($user[$value]))
1094              {
1095                  $user[$value] = '';
1096              }
1097          }
1098  
1099          $this->user_insert_data = array(
1100              "username" => $db->escape_string($user['username']),
1101              "password" => $user['saltedpw'],
1102              "salt" => $user['salt'],
1103              "loginkey" => $user['loginkey'],
1104              "email" => $db->escape_string($user['email']),
1105              "postnum" => (int)$user['postnum'],
1106              "threadnum" => (int)$user['threadnum'],
1107              "avatar" => $db->escape_string($user['avatar']),
1108              "avatartype" => $db->escape_string($user['avatartype']),
1109              "usergroup" => (int)$user['usergroup'],
1110              "additionalgroups" => $db->escape_string($user['additionalgroups']),
1111              "displaygroup" => (int)$user['displaygroup'],
1112              "usertitle" => $db->escape_string(htmlspecialchars_uni($user['usertitle'])),
1113              "regdate" => (int)$user['regdate'],
1114              "lastactive" => (int)$user['lastactive'],
1115              "lastvisit" => (int)$user['lastvisit'],
1116              "website" => $db->escape_string($user['website']),
1117              "icq" => (int)$user['icq'],
1118              "aim" => $db->escape_string($user['aim']),
1119              "yahoo" => $db->escape_string($user['yahoo']),
1120              "skype" => $db->escape_string($user['skype']),
1121              "google" => $db->escape_string($user['google']),
1122              "birthday" => $user['bday'],
1123              "signature" => $db->escape_string($user['signature']),
1124              "allownotices" => (int)$user['options']['allownotices'],
1125              "hideemail" => (int)$user['options']['hideemail'],
1126              "subscriptionmethod" => (int)$user['options']['subscriptionmethod'],
1127              "receivepms" => (int)$user['options']['receivepms'],
1128              "receivefrombuddy" => (int)$user['options']['receivefrombuddy'],
1129              "pmnotice" => (int)$user['options']['pmnotice'],
1130              "pmnotify" => (int)$user['options']['pmnotify'],
1131              "showimages" => (int)$user['options']['showimages'],
1132              "showvideos" => (int)$user['options']['showvideos'],
1133              "showsigs" => (int)$user['options']['showsigs'],
1134              "showavatars" => (int)$user['options']['showavatars'],
1135              "showquickreply" => (int)$user['options']['showquickreply'],
1136              "showredirect" => (int)$user['options']['showredirect'],
1137              "tpp" => (int)$user['options']['tpp'],
1138              "ppp" => (int)$user['options']['ppp'],
1139              "invisible" => (int)$user['options']['invisible'],
1140              "style" => (int)$user['style'],
1141              "timezone" => $db->escape_string($user['timezone']),
1142              "dstcorrection" => (int)$user['options']['dstcorrection'],
1143              "threadmode" => $user['options']['threadmode'],
1144              "daysprune" => (int)$user['options']['daysprune'],
1145              "dateformat" => $db->escape_string($user['dateformat']),
1146              "timeformat" => $db->escape_string($user['timeformat']),
1147              "regip" => $db->escape_binary($user['regip']),
1148              "language" => $db->escape_string($user['language']),
1149              "showcodebuttons" => (int)$user['options']['showcodebuttons'],
1150              "sourceeditor" => (int)$user['options']['sourceeditor'],
1151              "buddyrequestspm" => (int)$user['options']['buddyrequestspm'],
1152              "buddyrequestsauto" => (int)$user['options']['buddyrequestsauto'],
1153              "away" => (int)$user['away']['away'],
1154              "awaydate" => (int)$user['away']['date'],
1155              "returndate" => $user['away']['returndate'],
1156              "awayreason" => $db->escape_string($user['away']['awayreason']),
1157              "notepad" => $db->escape_string($user['notepad']),
1158              "referrer" => (int)$user['referrer_uid'],
1159              "referrals" => 0,
1160              "buddylist" => '',
1161              "ignorelist" => '',
1162              "pmfolders" => '',
1163              "notepad" => '',
1164              "warningpoints" => 0,
1165              "moderateposts" => 0,
1166              "moderationtime" => 0,
1167              "suspendposting" => 0,
1168              "suspensiontime" => 0,
1169              "coppauser" => (int)$user['coppa_user'],
1170              "classicpostbit" => (int)$user['options']['classicpostbit'],
1171              "usernotes" => ''
1172          );
1173  
1174          if($user['options']['dstcorrection'] == 1)
1175          {
1176              $this->user_insert_data['dst'] = 1;
1177          }
1178          else if($user['options']['dstcorrection'] == 0)
1179          {
1180              $this->user_insert_data['dst'] = 0;
1181          }
1182  
1183          $plugins->run_hooks("datahandler_user_insert", $this);
1184  
1185          $this->uid = $db->insert_query("users", $this->user_insert_data);
1186  
1187          $user['user_fields']['ufid'] = $this->uid;
1188  
1189          $pfcache = $cache->read('profilefields');
1190  
1191          if(is_array($pfcache))
1192          {
1193              foreach($pfcache as $profile_field)
1194              {
1195                  if(array_key_exists("fid{$profile_field['fid']}", $user['user_fields']))
1196                  {
1197                      continue;
1198                  }
1199                  $user['user_fields']["fid{$profile_field['fid']}"] = '';
1200              }
1201          }
1202  
1203          $db->insert_query("userfields", $user['user_fields'], false);
1204  
1205          if($this->user_insert_data['referrer'] != 0)
1206          {
1207              $db->write_query("
1208                  UPDATE ".TABLE_PREFIX."users
1209                  SET referrals=referrals+1
1210                  WHERE uid='{$this->user_insert_data['referrer']}'
1211              ");
1212          }
1213  
1214          // Update forum stats
1215          update_stats(array('numusers' => '+1'));
1216  
1217          if((int)$user['usergroup'] == 5)
1218          {
1219              $cache->update_awaitingactivation();
1220          }
1221  
1222          $this->return_values = array(
1223              "uid" => $this->uid,
1224              "username" => $user['username'],
1225              "loginkey" => $user['loginkey'],
1226              "email" => $user['email'],
1227              "password" => $user['password'],
1228              "usergroup" => $user['usergroup']
1229          );
1230  
1231          $plugins->run_hooks("datahandler_user_insert_end", $this);
1232  
1233          return $this->return_values;
1234      }
1235  
1236      /**
1237      * Updates a user in the database.
1238      *
1239      * @return bool
1240      */
1241  	function update_user()
1242      {
1243          global $db, $plugins, $cache;
1244  
1245          // Yes, validating is required.
1246          if(!$this->get_validated())
1247          {
1248              die("The user needs to be validated before inserting it into the DB.");
1249          }
1250          if(count($this->get_errors()) > 0)
1251          {
1252              die("The user is not valid.");
1253          }
1254  
1255          $user = &$this->data;
1256          $user['uid'] = (int)$user['uid'];
1257          $this->uid = $user['uid'];
1258  
1259          // Set up the update data.
1260          if(isset($user['username']))
1261          {
1262              $this->user_update_data['username'] = $db->escape_string($user['username']);
1263          }
1264          if(isset($user['saltedpw']))
1265          {
1266              $this->user_update_data['password'] = $user['saltedpw'];
1267              $this->user_update_data['salt'] = $user['salt'];
1268              $this->user_update_data['loginkey'] = $user['loginkey'];
1269          }
1270          if(isset($user['email']))
1271          {
1272              $this->user_update_data['email'] = $user['email'];
1273          }
1274          if(isset($user['postnum']))
1275          {
1276              $this->user_update_data['postnum'] = (int)$user['postnum'];
1277          }
1278          if(isset($user['threadnum']))
1279          {
1280              $this->user_update_data['threadnum'] = (int)$user['threadnum'];
1281          }
1282          if(isset($user['avatar']))
1283          {
1284              $this->user_update_data['avatar'] = $db->escape_string($user['avatar']);
1285              $this->user_update_data['avatartype'] = $db->escape_string($user['avatartype']);
1286          }
1287          if(isset($user['usergroup']))
1288          {
1289              $this->user_update_data['usergroup'] = (int)$user['usergroup'];
1290          }
1291          if(isset($user['additionalgroups']))
1292          {
1293              $this->user_update_data['additionalgroups'] = $db->escape_string($user['additionalgroups']);
1294          }
1295          if(isset($user['displaygroup']))
1296          {
1297              $this->user_update_data['displaygroup'] = (int)$user['displaygroup'];
1298          }
1299          if(isset($user['usertitle']))
1300          {
1301              $this->user_update_data['usertitle'] = $db->escape_string($user['usertitle']);
1302          }
1303          if(isset($user['regdate']))
1304          {
1305              $this->user_update_data['regdate'] = (int)$user['regdate'];
1306          }
1307          if(isset($user['lastactive']))
1308          {
1309              $this->user_update_data['lastactive'] = (int)$user['lastactive'];
1310          }
1311          if(isset($user['lastvisit']))
1312          {
1313              $this->user_update_data['lastvisit'] = (int)$user['lastvisit'];
1314          }
1315          if(isset($user['signature']))
1316          {
1317              $this->user_update_data['signature'] = $db->escape_string($user['signature']);
1318          }
1319          if(isset($user['website']))
1320          {
1321              $this->user_update_data['website'] = $db->escape_string($user['website']);
1322          }
1323          if(isset($user['icq']))
1324          {
1325              $this->user_update_data['icq'] = (int)$user['icq'];
1326          }
1327          if(isset($user['aim']))
1328          {
1329              $this->user_update_data['aim'] = $db->escape_string($user['aim']);
1330          }
1331          if(isset($user['yahoo']))
1332          {
1333              $this->user_update_data['yahoo'] = $db->escape_string($user['yahoo']);
1334          }
1335          if(isset($user['skype']))
1336          {
1337              $this->user_update_data['skype'] = $db->escape_string($user['skype']);
1338          }
1339          if(isset($user['google']))
1340          {
1341              $this->user_update_data['google'] = $db->escape_string($user['google']);
1342          }
1343          if(isset($user['bday']))
1344          {
1345              $this->user_update_data['birthday'] = $user['bday'];
1346          }
1347          if(isset($user['birthdayprivacy']))
1348          {
1349              $this->user_update_data['birthdayprivacy'] = $db->escape_string($user['birthdayprivacy']);
1350          }
1351          if(isset($user['style']))
1352          {
1353              $this->user_update_data['style'] = (int)$user['style'];
1354          }
1355          if(isset($user['timezone']))
1356          {
1357              $this->user_update_data['timezone'] = $db->escape_string($user['timezone']);
1358          }
1359          if(isset($user['dateformat']))
1360          {
1361              $this->user_update_data['dateformat'] = $db->escape_string($user['dateformat']);
1362          }
1363          if(isset($user['timeformat']))
1364          {
1365              $this->user_update_data['timeformat'] = $db->escape_string($user['timeformat']);
1366          }
1367          if(isset($user['regip']))
1368          {
1369              $this->user_update_data['regip'] = $db->escape_string($user['regip']);
1370          }
1371          if(isset($user['language']))
1372          {
1373              $this->user_update_data['language'] = $db->escape_string($user['language']);
1374          }
1375          if(isset($user['away']))
1376          {
1377              $this->user_update_data['away'] = (int)$user['away']['away'];
1378              $this->user_update_data['awaydate'] = $db->escape_string($user['away']['date']);
1379              $this->user_update_data['returndate'] = $db->escape_string($user['away']['returndate']);
1380              $this->user_update_data['awayreason'] = $db->escape_string($user['away']['awayreason']);
1381          }
1382          if(isset($user['notepad']))
1383          {
1384              $this->user_update_data['notepad'] = $db->escape_string($user['notepad']);
1385          }
1386          if(isset($user['usernotes']))
1387          {
1388              $this->user_update_data['usernotes'] = $db->escape_string($user['usernotes']);
1389          }
1390          if(isset($user['options']) && is_array($user['options']))
1391          {
1392              foreach($user['options'] as $option => $value)
1393              {
1394                  $this->user_update_data[$option] = $value;
1395              }
1396          }
1397          if(array_key_exists('coppa_user', $user))
1398          {
1399              $this->user_update_data['coppauser'] = (int)$user['coppa_user'];
1400          }
1401          // First, grab the old user details for later use.
1402          $old_user = get_user($user['uid']);
1403  
1404          // If old user has new pmnotice and new user has = yes, keep old value
1405          if($old_user['pmnotice'] == "2" && $this->user_update_data['pmnotice'] == 1)
1406          {
1407              unset($this->user_update_data['pmnotice']);
1408          }
1409  
1410          $plugins->run_hooks("datahandler_user_update", $this);
1411  
1412          if(count($this->user_update_data) < 1 && empty($user['user_fields']))
1413          {
1414              return false;
1415          }
1416  
1417          if(count($this->user_update_data) > 0)
1418          {
1419              // Actual updating happens here.
1420              $db->update_query("users", $this->user_update_data, "uid='{$user['uid']}'");
1421          }
1422  
1423          $cache->update_moderators();
1424          if(isset($user['bday']) || isset($user['username']))
1425          {
1426              $cache->update_birthdays();
1427          }
1428  
1429          if(isset($user['usergroup']) && (int)$user['usergroup'] == 5)
1430          {
1431              $cache->update_awaitingactivation();
1432          }
1433  
1434          // Maybe some userfields need to be updated?
1435          if(isset($user['user_fields']) && is_array($user['user_fields']))
1436          {
1437              $query = $db->simple_select("userfields", "*", "ufid='{$user['uid']}'");
1438              $fields = $db->fetch_array($query);
1439              if(!$fields['ufid'])
1440              {
1441                  $user_fields = array(
1442                      'ufid' => $user['uid']
1443                  );
1444  
1445                  $fields_array = $db->show_fields_from("userfields");
1446                  foreach($fields_array as $field)
1447                  {
1448                      if($field['Field'] == 'ufid')
1449                      {
1450                          continue;
1451                      }
1452                      $user_fields[$field['Field']] = '';
1453                  }
1454                  $db->insert_query("userfields", $user_fields);
1455              }
1456              $db->update_query("userfields", $user['user_fields'], "ufid='{$user['uid']}'", false);
1457          }
1458  
1459          // Let's make sure the user's name gets changed everywhere in the db if it changed.
1460          if(!empty($this->user_update_data['username']) && $this->user_update_data['username'] != $old_user['username'])
1461          {
1462              $username_update = array(
1463                  "username" => $this->user_update_data['username']
1464              );
1465              $lastposter_update = array(
1466                  "lastposter" => $this->user_update_data['username']
1467              );
1468  
1469              $db->update_query("posts", $username_update, "uid='{$user['uid']}'");
1470              $db->update_query("threads", $username_update, "uid='{$user['uid']}'");
1471              $db->update_query("threads", $lastposter_update, "lastposteruid='{$user['uid']}'");
1472              $db->update_query("forums", $lastposter_update, "lastposteruid='{$user['uid']}'");
1473  
1474              $stats = $cache->read("stats");
1475              if($stats['lastuid'] == $user['uid'])
1476              {
1477                  // User was latest to register, update stats
1478                  update_stats(array("numusers" => "+0"));
1479              }
1480          }
1481  
1482          return true;
1483      }
1484  
1485      /**
1486       * Provides a method to completely delete a user.
1487       *
1488       * @param array $delete_uids Array of user information
1489       * @param integer $prunecontent Whether if delete threads/posts or not
1490       * @return array
1491       */
1492  	function delete_user($delete_uids, $prunecontent=0)
1493      {
1494          global $db, $plugins, $mybb, $cache;
1495  
1496          // Yes, validating is required.
1497          if(count($this->get_errors()) > 0)
1498          {
1499              die('The user is not valid.');
1500          }
1501  
1502          $this->delete_uids = array_map('intval', (array)$delete_uids);
1503  
1504          foreach($this->delete_uids as $key => $uid)
1505          {
1506              if(!$uid || is_super_admin($uid) || $uid == $mybb->user['uid'])
1507              {
1508                  // Remove super admins
1509                  unset($this->delete_uids[$key]);
1510              }
1511          }
1512  
1513          $plugins->run_hooks('datahandler_user_delete_start', $this);
1514  
1515          $this->delete_uids = implode(',', $this->delete_uids);
1516  
1517          if(empty($this->delete_uids))
1518          {
1519              $this->deleted_users = 0;
1520              $this->return_values = array(
1521                  "deleted_users" => $this->deleted_users
1522              );
1523  
1524              return $this->return_values;
1525          }
1526  
1527          $this->delete_content();
1528  
1529          // Delete the user
1530          $query = $db->delete_query('users', "uid IN({$this->delete_uids})");
1531          $this->deleted_users = $db->affected_rows($query);
1532  
1533          // Are we removing the posts/threads of a user?
1534          if((int)$prunecontent == 1)
1535          {
1536              $this->delete_posts();
1537              $db->delete_query('announcements', "uid IN({$this->delete_uids})");
1538          }
1539          else
1540          {
1541              // We're just updating the UID
1542              $db->update_query('pollvotes', array('uid' => 0), "uid IN({$this->delete_uids})");
1543              $db->update_query('posts', array('uid' => 0), "uid IN({$this->delete_uids})");
1544              $db->update_query('threads', array('uid' => 0), "uid IN({$this->delete_uids})");
1545              $db->update_query('attachments', array('uid' => 0), "uid IN({$this->delete_uids})");
1546              $db->update_query('announcements', array('uid' => 0), "uid IN({$this->delete_uids})");
1547          }
1548  
1549          $db->update_query('privatemessages', array('fromid' => 0), "fromid IN({$this->delete_uids})");
1550          $db->update_query('users', array('referrer' => 0), "referrer IN({$this->delete_uids})");
1551  
1552          // Update thread ratings
1553          $query = $db->query("
1554              SELECT r.*, t.numratings, t.totalratings
1555              FROM ".TABLE_PREFIX."threadratings r
1556              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=r.tid)
1557              WHERE r.uid IN({$this->delete_uids})
1558          ");
1559          while($rating = $db->fetch_array($query))
1560          {
1561              $update_thread = array(
1562                  "numratings" => $rating['numratings'] - 1,
1563                  "totalratings" => $rating['totalratings'] - $rating['rating']
1564              );
1565              $db->update_query("threads", $update_thread, "tid='{$rating['tid']}'");
1566          }
1567  
1568          $db->delete_query('threadratings', "uid IN({$this->delete_uids})");
1569  
1570          // Update forums & threads if user is the lastposter
1571          $db->update_query('forums', array('lastposteruid' => 0), "lastposteruid IN({$this->delete_uids})");
1572          $db->update_query('threads', array('lastposteruid' => 0), "lastposteruid IN({$this->delete_uids})");
1573  
1574          // Update forum stats
1575          update_stats(array('numusers' => '-'.$this->deleted_users));
1576  
1577          $this->return_values = array(
1578              "deleted_users" => $this->deleted_users
1579          );
1580  
1581          $plugins->run_hooks("datahandler_user_delete_end", $this);
1582  
1583          // Update  cache
1584          $cache->update_banned();
1585          $cache->update_moderators();
1586          $cache->update_forumsdisplay();
1587          $cache->update_reportedcontent();
1588          $cache->update_awaitingactivation();
1589  
1590          return $this->return_values;
1591      }
1592  
1593      /**
1594       * Provides a method to delete users' content
1595       *
1596       * @param array|bool $delete_uids Array of user ids, false if they're already set (eg when using the delete_user function)
1597       */
1598  	function delete_content($delete_uids=false)
1599      {
1600          global $db, $plugins, $mybb;
1601  
1602          if($delete_uids != false)
1603          {
1604              $this->delete_uids = array_map('intval', (array)$delete_uids);
1605  
1606              foreach($this->delete_uids as $key => $uid)
1607              {
1608                  if(!$uid || is_super_admin($uid) || $uid == $mybb->user['uid'])
1609                  {
1610                      // Remove super admins
1611                      unset($this->delete_uids[$key]);
1612                  }
1613              }
1614  
1615              $this->delete_uids = implode(',', $this->delete_uids);
1616          }
1617  
1618          $plugins->run_hooks('datahandler_user_delete_content', $this);
1619  
1620          if(empty($this->delete_uids))
1621          {
1622              return;
1623          }
1624  
1625          $db->delete_query('userfields', "ufid IN({$this->delete_uids})");
1626          $db->delete_query('privatemessages', "uid IN({$this->delete_uids})");
1627          $db->delete_query('events', "uid IN({$this->delete_uids})");
1628          $db->delete_query('moderators', "id IN({$this->delete_uids}) AND isgroup = 0");
1629          $db->delete_query('forumsubscriptions', "uid IN({$this->delete_uids})");
1630          $db->delete_query('threadsubscriptions', "uid IN({$this->delete_uids})");
1631          $db->delete_query('forumsread', "uid IN({$this->delete_uids})");
1632          $db->delete_query('threadsread', "uid IN({$this->delete_uids})");
1633          $db->delete_query('adminviews', "uid IN({$this->delete_uids})");
1634          $db->delete_query('adminoptions', "uid IN({$this->delete_uids})");
1635          $db->delete_query('adminsessions', "uid IN({$this->delete_uids})");
1636          $db->delete_query('sessions', "uid IN({$this->delete_uids})");
1637          $db->delete_query('banned', "uid IN({$this->delete_uids})");
1638          $db->delete_query('joinrequests', "uid IN({$this->delete_uids})");
1639          $db->delete_query('groupleaders', "uid IN({$this->delete_uids})");
1640          $db->delete_query('awaitingactivation', "uid IN({$this->delete_uids})");
1641          $db->delete_query('warnings', "uid IN({$this->delete_uids})");
1642          $db->delete_query('reputation', "uid IN({$this->delete_uids}) OR adduid IN({$this->delete_uids})");
1643          $db->delete_query('buddyrequests', "uid IN({$this->delete_uids}) OR touid IN({$this->delete_uids})");
1644          $db->delete_query('posts', "uid IN({$this->delete_uids}) AND visible = -2");
1645          $db->delete_query('threads', "uid IN({$this->delete_uids}) AND visible = -2");
1646  
1647          // Delete reports made to the profile or reputation of the deleted users (i.e. made by them)
1648          $db->delete_query('reportedcontent', "type='reputation' AND id3 IN({$this->delete_uids}) OR type='reputation' AND id2 IN({$this->delete_uids})");
1649          $db->delete_query('reportedcontent', "type='profile' AND id IN({$this->delete_uids})");
1650  
1651          // Update the reports made by the deleted users by setting the uid to 0
1652          $db->update_query('reportedcontent', array('uid' => 0), "uid IN({$this->delete_uids})");
1653  
1654          // Remove any of the user(s) uploaded avatars
1655          require_once  MYBB_ROOT.'inc/functions_upload.php';
1656          foreach(explode(',', $this->delete_uids) as $uid)
1657          {
1658              remove_avatars($uid);
1659          }
1660      }
1661  
1662      /**
1663       * Provides a method to delete an users posts and threads
1664       *
1665       * @param array|bool $delete_uids Array of user ids, false if they're already set (eg when using the delete_user function)
1666       */
1667  	function delete_posts($delete_uids=false)
1668      {
1669          global $db, $plugins, $mybb;
1670  
1671          if($delete_uids != false)
1672          {
1673              $this->delete_uids = array_map('intval', (array)$delete_uids);
1674  
1675              foreach($this->delete_uids as $key => $uid)
1676              {
1677                  if(!$uid || is_super_admin($uid) || $uid == $mybb->user['uid'])
1678                  {
1679                      // Remove super admins
1680                      unset($this->delete_uids[$key]);
1681                  }
1682              }
1683  
1684              $this->delete_uids = implode(',', $this->delete_uids);
1685          }
1686  
1687          require_once  MYBB_ROOT.'inc/class_moderation.php';
1688          $moderation = new Moderation();
1689  
1690          $plugins->run_hooks('datahandler_user_delete_posts', $this);
1691  
1692          if(empty($this->delete_uids))
1693          {
1694              return;
1695          }
1696  
1697          // Threads
1698          $query = $db->simple_select('threads', 'tid', "uid IN({$this->delete_uids})");
1699          while($tid = $db->fetch_field($query, 'tid'))
1700          {
1701              $moderation->delete_thread($tid);
1702          }
1703  
1704          // Posts
1705          $query = $db->simple_select('posts', 'pid', "uid IN({$this->delete_uids})");
1706          while($pid = $db->fetch_field($query, 'pid'))
1707          {
1708              $moderation->delete_post($pid);
1709          }
1710      }
1711  
1712      /**
1713       * Provides a method to clear an users profile
1714       *
1715       * @param array|bool $delete_uids Array of user ids, false if they're already set (eg when using the delete_user function)
1716       * @param int $gid The new usergroup if the users should be moved (additional usergroups are always removed)
1717       */
1718  	function clear_profile($delete_uids=false, $gid=0)
1719      {
1720          global $db, $plugins, $mybb;
1721  
1722          // delete_uids isn't a nice name, but it's used as the functions above use the same
1723          if($delete_uids != false)
1724          {
1725              $this->delete_uids = array_map('intval', (array)$delete_uids);
1726  
1727              foreach($this->delete_uids as $key => $uid)
1728              {
1729                  if(!$uid || is_super_admin($uid) || $uid == $mybb->user['uid'])
1730                  {
1731                      // Remove super admins
1732                      unset($this->delete_uids[$key]);
1733                  }
1734              }
1735  
1736              $this->delete_uids = implode(',', $this->delete_uids);
1737          }
1738  
1739          $update = array(
1740              "website" => "",
1741              "birthday" => "",
1742              "icq" => "",
1743              "aim" => "",
1744              "yahoo" => "",
1745              "skype" => "",
1746              "google" => "",
1747              "usertitle" => "",
1748              "away" => 0,
1749              "awaydate" => 0,
1750              "returndate" => "",
1751              "awayreason" => "",
1752              "additionalgroups" => "",
1753              "displaygroup" => 0,
1754              "signature" => "",
1755              "avatar" => "",
1756              'avatardimensions' => '',
1757              'avatartype' => ''
1758          );
1759  
1760          if($gid > 0)
1761          {
1762              $update["usergroup"] = (int)$gid;
1763          }
1764  
1765          $plugins->run_hooks('datahandler_user_clear_profile', $this);
1766  
1767          if(empty($this->delete_uids))
1768          {
1769              return;
1770          }
1771  
1772          $db->update_query("users", $update, "uid IN({$this->delete_uids})");
1773          $db->delete_query('userfields', "ufid IN({$this->delete_uids})");
1774  
1775          // Remove any of the user(s) uploaded avatars
1776          require_once  MYBB_ROOT.'inc/functions_upload.php';
1777          foreach(explode(',', $this->delete_uids) as $uid)
1778          {
1779              remove_avatars($uid);
1780          }
1781      }
1782  
1783  	public function verify_signature()
1784      {
1785          global $mybb, $parser;
1786  
1787          if(!isset($parser))
1788          {
1789              require_once  MYBB_ROOT."inc/class_parser.php";
1790              $parser = new postParser;
1791          }
1792  
1793          $parser_options = array(
1794              'allow_html' => $mybb->settings['sightml'],
1795              'filter_badwords' => 1,
1796              'allow_mycode' => $mybb->settings['sigmycode'],
1797              'allow_smilies' => $mybb->settings['sigsmilies'],
1798              'allow_imgcode' => $mybb->settings['sigimgcode'],
1799              "filter_badwords" => 1
1800          );
1801  
1802          $parsed_sig = $parser->parse_message($this->data['signature'], $parser_options);
1803  
1804          if((($mybb->settings['sigimgcode'] == 0 && $mybb->settings['sigsmilies'] != 1) &&
1805              substr_count($parsed_sig, "<img") > 0) ||
1806              (($mybb->settings['sigimgcode'] == 1 || $mybb->settings['sigsmilies'] == 1) &&
1807              substr_count($parsed_sig, "<img") > $mybb->settings['maxsigimages'])
1808          )
1809          {
1810              $imgsallowed = 0;
1811              
1812              if($mybb->settings['sigimgcode'] == 1)
1813              {
1814                  $imgsallowed = $mybb->settings['maxsigimages'];
1815              }
1816  
1817              $this->set_error('too_many_sig_images2', array($imgsallowed));
1818          }
1819  
1820          if($mybb->settings['sigcountmycode'] == 0)
1821          {
1822              $parsed_sig = $parser->text_parse_message($this->data['signature']);
1823          }
1824          else
1825          {
1826              $parsed_sig = $this->data['signature'];
1827          }
1828  
1829          $parsed_sig = preg_replace("#\s#", "", $parsed_sig);
1830          $sig_length = my_strlen($parsed_sig);
1831  
1832          if($sig_length > $mybb->settings['siglength'])
1833          {
1834              $this->set_error('sig_too_long', array($mybb->settings['siglength']));
1835  
1836              if($sig_length - $mybb->settings['siglength'] > 1)
1837              {
1838                  $this->set_error('sig_remove_chars_plural', array($sig_length-$mybb->settings['siglength']));
1839              }
1840              else
1841              {
1842                  $this->set_error('sig_remove_chars_singular');
1843              }
1844          }
1845  
1846          if(count($this->get_errors()) > 0)
1847          {
1848              return false;
1849          }
1850          return true;
1851      }
1852  }


2005 - 2016 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref 0.7.1