[ Index ]

PHP Cross Reference of MyBB 1.8.12

title

Body

[close]

/inc/datahandlers/ -> user.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  // Disallow direct access to this file for security reasons
  12  if(!defined("IN_MYBB"))
  13  {
  14      die("Direct initialization of this file is not allowed.<br /><br />Please make sure IN_MYBB is defined.");
  15  }
  16  
  17  /**
  18   * User handling class, provides common structure to handle user data.
  19   *
  20   */
  21  class UserDataHandler extends DataHandler
  22  {
  23      /**
  24      * The language file used in the data handler.
  25      *
  26      * @var string
  27      */
  28      public $language_file = 'datahandler_user';
  29  
  30      /**
  31      * The prefix for the language variables used in the data handler.
  32      *
  33      * @var string
  34      */
  35      public $language_prefix = 'userdata';
  36  
  37      /**
  38       * Array of data inserted in to a user.
  39       *
  40       * @var array
  41       */
  42      public $user_insert_data = array();
  43  
  44      /**
  45       * Array of data used to update a user.
  46       *
  47       * @var array
  48       */
  49      public $user_update_data = array();
  50  
  51      /**
  52       * User ID currently being manipulated by the datahandlers.
  53       *
  54       * @var int
  55       */
  56      public $uid = 0;
  57  
  58      /**
  59       * Values to be returned after inserting/deleting an user.
  60       *
  61       * @var array
  62       */
  63      public $return_values = array();
  64  
  65      /**
  66       * @var array
  67       */
  68      var $delete_uids = array();
  69  
  70      /**
  71       * @var int
  72       */
  73      var $deleted_users = 0;
  74  
  75      /**
  76       * Verifies if a username is valid or invalid.
  77       *
  78       * @return boolean True when valid, false when invalid.
  79       */
  80  	function verify_username()
  81      {
  82          global $mybb;
  83  
  84          $username = &$this->data['username'];
  85          require_once  MYBB_ROOT.'inc/functions_user.php';
  86  
  87          // Fix bad characters
  88          $username = trim_blank_chrs($username);
  89          $username = str_replace(array(unichr(160), unichr(173), unichr(0xCA), dec_to_utf8(8238), dec_to_utf8(8237), dec_to_utf8(8203)), array(" ", "-", "", "", "", ""), $username);
  90  
  91          // Remove multiple spaces from the username
  92          $username = preg_replace("#\s{2,}#", " ", $username);
  93  
  94          // Check if the username is not empty.
  95          if($username == '')
  96          {
  97              $this->set_error('missing_username');
  98              return false;
  99          }
 100  
 101          // Check if the username belongs to the list of banned usernames.
 102          if(is_banned_username($username, true))
 103          {
 104              $this->set_error('banned_username');
 105              return false;
 106          }
 107  
 108          // Check for certain characters in username (<, >, &, commas and slashes)
 109          if(strpos($username, "<") !== false || strpos($username, ">") !== false || strpos($username, "&") !== false || my_strpos($username, "\\") !== false || strpos($username, ";") !== false || strpos($username, ",") !== false || !validate_utf8_string($username, false, false))
 110          {
 111              $this->set_error("bad_characters_username");
 112              return false;
 113          }
 114  
 115          // Check if the username is of the correct length.
 116          if(($mybb->settings['maxnamelength'] != 0 && my_strlen($username) > $mybb->settings['maxnamelength']) || ($mybb->settings['minnamelength'] != 0 && my_strlen($username) < $mybb->settings['minnamelength']))
 117          {
 118              $this->set_error('invalid_username_length', array($mybb->settings['minnamelength'], $mybb->settings['maxnamelength']));
 119              return false;
 120          }
 121  
 122          return true;
 123      }
 124  
 125      /**
 126       * Verifies if a usertitle is valid or invalid.
 127       *
 128       * @return boolean True when valid, false when invalid.
 129       */
 130  	function verify_usertitle()
 131      {
 132          global $mybb;
 133  
 134          $usertitle = &$this->data['usertitle'];
 135  
 136          // Check if the usertitle is of the correct length.
 137          if($mybb->settings['customtitlemaxlength'] != 0 && my_strlen($usertitle) > $mybb->settings['customtitlemaxlength'])
 138          {
 139              $this->set_error('invalid_usertitle_length', $mybb->settings['customtitlemaxlength']);
 140              return false;
 141          }
 142  
 143          return true;
 144      }
 145  
 146      /**
 147       * Verifies if a username is already in use or not.
 148       *
 149       * @return boolean False when the username is not in use, true when it is.
 150       */
 151  	function verify_username_exists()
 152      {
 153          $username = &$this->data['username'];
 154  
 155          $user = get_user_by_username(trim($username));
 156  
 157          if(!empty($this->data['uid']) && !empty($user['uid']) && $user['uid'] == $this->data['uid'])
 158          {
 159              unset($user);
 160          }
 161  
 162          if(!empty($user['uid']))
 163          {
 164              $this->set_error("username_exists", array($username));
 165              return true;
 166          }
 167  
 168          return false;
 169      }
 170  
 171      /**
 172      * Verifies if a new password is valid or not.
 173      *
 174      * @return boolean True when valid, false when invalid.
 175      */
 176  	function verify_password()
 177      {
 178          global $mybb;
 179  
 180          $user = &$this->data;
 181  
 182          // Always check for the length of the password.
 183          if(my_strlen($user['password']) < $mybb->settings['minpasswordlength'] || my_strlen($user['password']) > $mybb->settings['maxpasswordlength'])
 184          {
 185              $this->set_error('invalid_password_length', array($mybb->settings['minpasswordlength'], $mybb->settings['maxpasswordlength']));
 186              return false;
 187          }
 188  
 189          // Has the user tried to use their email address or username as a password?
 190          if($user['email'] === $user['password'] || $user['username'] === $user['password'])
 191          {
 192              $this->set_error('bad_password_security');
 193              return false;
 194          }
 195  
 196          // See if the board has "require complex passwords" enabled.
 197          if($mybb->settings['requirecomplexpasswords'] == 1)
 198          {
 199              // Complex passwords required, do some extra checks.
 200              // First, see if there is one or more complex character(s) in the password.
 201              if(!preg_match("/^.*(?=.{".$mybb->settings['minpasswordlength'].",})(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).*$/", $user['password']))
 202              {
 203                  $this->set_error('no_complex_characters', array($mybb->settings['minpasswordlength']));
 204                  return false;
 205              }
 206          }
 207  
 208          // If we have a "password2" check if they both match
 209          if(isset($user['password2']) && $user['password'] !== $user['password2'])
 210          {
 211              $this->set_error("passwords_dont_match");
 212              return false;
 213          }
 214  
 215          // Generate the user login key
 216          $user['loginkey'] = generate_loginkey();
 217  
 218          // Combine the password and salt
 219          $password_fields = create_password($user['password'], false, $user);
 220          $user = array_merge($user, $password_fields);
 221  
 222          return true;
 223      }
 224  
 225      /**
 226      * Verifies usergroup selections and other group details.
 227      *
 228      * @return boolean True when valid, false when invalid.
 229      */
 230  	function verify_usergroup()
 231      {
 232          return true;
 233      }
 234      /**
 235      * Verifies if an email address is valid or not.
 236      *
 237      * @return boolean True when valid, false when invalid.
 238      */
 239  	function verify_email()
 240      {
 241          global $mybb;
 242  
 243          $user = &$this->data;
 244  
 245          // Check if an email address has actually been entered.
 246          if(trim_blank_chrs($user['email']) == '')
 247          {
 248              $this->set_error('missing_email');
 249              return false;
 250          }
 251  
 252          // Check if this is a proper email address.
 253          if(!validate_email_format($user['email']))
 254          {
 255              $this->set_error('invalid_email_format');
 256              return false;
 257          }
 258  
 259          // Check banned emails
 260          if(is_banned_email($user['email'], true))
 261          {
 262              $this->set_error('banned_email');
 263              return false;
 264          }
 265  
 266          // Check signed up emails
 267          // Ignore the ACP because the Merge System sometimes produces users with duplicate email addresses (Not A Bug)
 268          if($mybb->settings['allowmultipleemails'] == 0 && !defined("IN_ADMINCP"))
 269          {
 270              $uid = 0;
 271              if(isset($user['uid']))
 272              {
 273                  $uid = $user['uid'];
 274              }
 275              if(email_already_in_use($user['email'], $uid))
 276              {
 277                  $this->set_error('email_already_in_use');
 278                  return false;
 279              }
 280          }
 281  
 282          // If we have an "email2", verify it matches the existing email
 283          if(isset($user['email2']) && $user['email'] != $user['email2'])
 284          {
 285              $this->set_error("emails_dont_match");
 286              return false;
 287          }
 288  
 289          return true;
 290      }
 291  
 292      /**
 293      * Verifies if a website is valid or not.
 294      *
 295      * @return boolean True when valid, false when invalid.
 296      */
 297  	function verify_website()
 298      {
 299          $website = &$this->data['website'];
 300  
 301          if(!empty($website) && !my_validate_url($website))
 302          {
 303              $website = 'http://'.$website;
 304          }
 305  
 306          if(!empty($website) && !my_validate_url($website))
 307          {
 308              $this->set_error('invalid_website');
 309              return false;
 310          }
 311  
 312          return true;
 313      }
 314  
 315      /**
 316       * Verifies if an ICQ number is valid or not.
 317       *
 318       * @return boolean True when valid, false when invalid.
 319       */
 320  	function verify_icq()
 321      {
 322          $icq = &$this->data['icq'];
 323  
 324          if($icq != '' && !is_numeric($icq))
 325          {
 326              $this->set_error("invalid_icq_number");
 327              return false;
 328          }
 329          $icq = (int)$icq;
 330          return true;
 331      }
 332  
 333      /**
 334      * Verifies if a birthday is valid or not.
 335      *
 336      * @return boolean True when valid, false when invalid.
 337      */
 338  	function verify_birthday()
 339      {
 340          global $mybb;
 341  
 342          $user = &$this->data;
 343          $birthday = &$user['birthday'];
 344  
 345          if(!is_array($birthday))
 346          {
 347              return true;
 348          }
 349  
 350          // Sanitize any input we have
 351          $birthday['day'] = (int)$birthday['day'];
 352          $birthday['month'] = (int)$birthday['month'];
 353          $birthday['year'] = (int)$birthday['year'];
 354  
 355          // Error if a day and month exists, and the birthday day and range is not in range
 356          if($birthday['day'] != 0 || $birthday['month'] != 0)
 357          {
 358              if($birthday['day'] < 1 || $birthday['day'] > 31 || $birthday['month'] < 1 || $birthday['month'] > 12 || ($birthday['month'] == 2 && $birthday['day'] > 29))
 359              {
 360                  $this->set_error("invalid_birthday");
 361                  return false;
 362              }
 363          }
 364  
 365          // Check if the day actually exists.
 366          $months = get_bdays($birthday['year']);
 367          if($birthday['month'] != 0 && $birthday['day'] > $months[$birthday['month']-1])
 368          {
 369              $this->set_error("invalid_birthday");
 370              return false;
 371          }
 372  
 373          // Error if a year exists and the year is out of range
 374          if($birthday['year'] != 0 && ($birthday['year'] < (date("Y")-100)) || $birthday['year'] > date("Y"))
 375          {
 376              $this->set_error("invalid_birthday");
 377              return false;
 378          }
 379          else if($birthday['year'] == date("Y"))
 380          {
 381              // Error if birth date is in future
 382              if($birthday['month'] > date("m") || ($birthday['month'] == date("m") && $birthday['day'] > date("d")))
 383              {
 384                  $this->set_error("invalid_birthday");
 385                  return false;
 386              }
 387          }
 388  
 389          // Error if COPPA is on, and the user hasn't verified their age / under 13
 390          if($mybb->settings['coppa'] == "enabled" && ($birthday['year'] == 0 || !$birthday['year']))
 391          {
 392              $this->set_error("invalid_birthday_coppa");
 393              return false;
 394          }
 395          elseif(($mybb->settings['coppa'] == "deny" && $birthday['year'] > (date("Y")-13)) && !is_moderator())
 396          {
 397              $this->set_error("invalid_birthday_coppa2");
 398              return false;
 399          }
 400  
 401          // Make the user's birthday field
 402          if($birthday['year'] != 0)
 403          {
 404              // If the year is specified, put together a d-m-y string
 405              $user['bday'] = $birthday['day']."-".$birthday['month']."-".$birthday['year'];
 406          }
 407          elseif($birthday['day'] && $birthday['month'])
 408          {
 409              // If only a day and month are specified, put together a d-m string
 410              $user['bday'] = $birthday['day']."-".$birthday['month']."-";
 411          }
 412          else
 413          {
 414              // No field is specified, so return an empty string for an unknown birthday
 415              $user['bday'] = '';
 416          }
 417          return true;
 418      }
 419  
 420      /**
 421       * Verifies if the birthday privacy option is valid or not.
 422       *
 423       * @return boolean True when valid, false when invalid.
 424       */
 425  	function verify_birthday_privacy()
 426      {
 427          $birthdayprivacy = &$this->data['birthdayprivacy'];
 428          $accepted = array(
 429                      'none',
 430                      'age',
 431                      'all');
 432  
 433          if(!in_array($birthdayprivacy, $accepted))
 434          {
 435              $this->set_error("invalid_birthday_privacy");
 436              return false;
 437          }
 438          return true;
 439      }
 440  
 441      /**
 442      * Verifies if the post count field is filled in correctly.
 443      *
 444      * @return boolean True when valid, false when invalid.
 445      */
 446  	function verify_postnum()
 447      {
 448          $user = &$this->data;
 449  
 450          if(isset($user['postnum']) && $user['postnum'] < 0)
 451          {
 452              $this->set_error("invalid_postnum");
 453              return false;
 454          }
 455  
 456          return true;
 457      }
 458  
 459      /**
 460      * Verifies if the thread count field is filled in correctly.
 461      *
 462      * @return boolean True when valid, false when invalid.
 463      */
 464  	function verify_threadnum()
 465      {
 466          $user = &$this->data;
 467  
 468          if(isset($user['threadnum']) && $user['threadnum'] < 0)
 469          {
 470              $this->set_error("invalid_threadnum");
 471              return false;
 472          }
 473  
 474          return true;
 475      }
 476  
 477      /**
 478      * Verifies if a profile fields are filled in correctly.
 479      *
 480      * @return boolean True when valid, false when invalid.
 481      */
 482  	function verify_profile_fields()
 483      {
 484          global $db, $cache;
 485  
 486          $user = &$this->data;
 487          $profile_fields = &$this->data['profile_fields'];
 488  
 489          // Loop through profile fields checking if they exist or not and are filled in.
 490  
 491          // Fetch all profile fields first.
 492          $pfcache = $cache->read('profilefields');
 493  
 494          if(is_array($pfcache))
 495          {
 496              // Then loop through the profile fields.
 497              foreach($pfcache as $profilefield)
 498              {
 499                  if(isset($this->data['profile_fields_editable']) || isset($this->data['registration']) && ($profilefield['required'] == 1 || $profilefield['registration'] == 1))
 500                  {
 501                      $profilefield['editableby'] = -1;
 502                  }
 503  
 504                  if(!is_member($profilefield['editableby'], array('usergroup' => $user['usergroup'], 'additionalgroups' => $user['additionalgroups'])))
 505                  {
 506                      continue;
 507                  }
 508  
 509                  // Does this field have a minimum post count?
 510                  if(!isset($this->data['profile_fields_editable']) && !empty($profilefield['postnum']) && $profilefield['postnum'] > $user['postnum'])
 511                  {
 512                      continue;
 513                  }
 514  
 515                  $profilefield['type'] = htmlspecialchars_uni($profilefield['type']);
 516                  $profilefield['name'] = htmlspecialchars_uni($profilefield['name']);
 517                  $thing = explode("\n", $profilefield['type'], "2");
 518                  $type = trim($thing[0]);
 519                  $field = "fid{$profilefield['fid']}";
 520  
 521                  if(!isset($profile_fields[$field]))
 522                  {
 523                      $profile_fields[$field] = '';
 524                  }
 525  
 526                  // If the profile field is required, but not filled in, present error.
 527                  if($type != "multiselect" && $type != "checkbox")
 528                  {
 529                      if(trim($profile_fields[$field]) == "" && $profilefield['required'] == 1 && !defined('IN_ADMINCP') && THIS_SCRIPT != "modcp.php")
 530                      {
 531                          $this->set_error('missing_required_profile_field', array($profilefield['name']));
 532                      }
 533                  }
 534                  elseif(($type == "multiselect" || $type == "checkbox") && $profile_fields[$field] == "" && $profilefield['required'] == 1 && !defined('IN_ADMINCP') && THIS_SCRIPT != "modcp.php")
 535                  {
 536                      $this->set_error('missing_required_profile_field', array($profilefield['name']));
 537                  }
 538  
 539                  // Sort out multiselect/checkbox profile fields.
 540                  $options = '';
 541                  if(($type == "multiselect" || $type == "checkbox") && is_array($profile_fields[$field]))
 542                  {
 543                      $expoptions = explode("\n", $thing[1]);
 544                      $expoptions = array_map('trim', $expoptions);
 545                      foreach($profile_fields[$field] as $value)
 546                      {
 547                          if(!in_array(htmlspecialchars_uni($value), $expoptions))
 548                          {
 549                              $this->set_error('bad_profile_field_values', array($profilefield['name']));
 550                          }
 551                          if($options)
 552                          {
 553                              $options .= "\n";
 554                          }
 555                          $options .= $db->escape_string($value);
 556                      }
 557                  }
 558                  elseif($type == "select" || $type == "radio")
 559                  {
 560                      $expoptions = explode("\n", $thing[1]);
 561                      $expoptions = array_map('trim', $expoptions);
 562                      if(!in_array(htmlspecialchars_uni($profile_fields[$field]), $expoptions) && trim($profile_fields[$field]) != "")
 563                      {
 564                          $this->set_error('bad_profile_field_values', array($profilefield['name']));
 565                      }
 566                      $options = $db->escape_string($profile_fields[$field]);
 567                  }
 568                  else
 569                  {
 570                      if($profilefield['maxlength'] > 0 && my_strlen($profile_fields[$field]) > $profilefield['maxlength'])
 571                      {
 572                          $this->set_error('max_limit_reached', array($profilefield['name'], $profilefield['maxlength']));
 573                      }
 574  
 575                      if(!empty($profilefield['regex']) && !preg_match("#".$profilefield['regex']."#i", $profile_fields[$field]))
 576                      {
 577                          $this->set_error('bad_profile_field_value', array($profilefield['name']));
 578                      }
 579  
 580                      $options = $db->escape_string($profile_fields[$field]);
 581                  }
 582                  $user['user_fields'][$field] = $options;
 583              }
 584          }
 585  
 586          return true;
 587      }
 588  
 589      /**
 590      * Verifies if an optionally entered referrer exists or not.
 591      *
 592      * @return boolean True when valid, false when invalid.
 593      */
 594  	function verify_referrer()
 595      {
 596          global $db, $mybb;
 597  
 598          $user = &$this->data;
 599  
 600          // Does the referrer exist or not?
 601          if($mybb->settings['usereferrals'] == 1 && $user['referrer'] != '')
 602          {
 603              $referrer = get_user_by_username($user['referrer']);
 604  
 605              if(empty($referrer['uid']))
 606              {
 607                  $this->set_error('invalid_referrer', array($user['referrer']));
 608                  return false;
 609              }
 610  
 611              $user['referrer_uid'] = $referrer['uid'];
 612          }
 613          else
 614          {
 615              $user['referrer_uid'] = 0;
 616          }
 617  
 618          return true;
 619      }
 620  
 621      /**
 622      * Verifies user options.
 623      *
 624      * @return boolean True when valid, false when invalid.
 625      */
 626  	function verify_options()
 627      {
 628          global $mybb;
 629  
 630          $options = &$this->data['options'];
 631  
 632          // Verify yes/no options.
 633          $this->verify_yesno_option($options, 'allownotices', 1);
 634          $this->verify_yesno_option($options, 'hideemail', 0);
 635          $this->verify_yesno_option($options, 'receivepms', 1);
 636          $this->verify_yesno_option($options, 'receivefrombuddy', 0);
 637          $this->verify_yesno_option($options, 'pmnotice', 1);
 638          $this->verify_yesno_option($options, 'pmnotify', 1);
 639          $this->verify_yesno_option($options, 'invisible', 0);
 640          $this->verify_yesno_option($options, 'showimages', 1);
 641          $this->verify_yesno_option($options, 'showvideos', 1);
 642          $this->verify_yesno_option($options, 'showsigs', 1);
 643          $this->verify_yesno_option($options, 'showavatars', 1);
 644          $this->verify_yesno_option($options, 'showquickreply', 1);
 645          $this->verify_yesno_option($options, 'showredirect', 1);
 646          $this->verify_yesno_option($options, 'showcodebuttons', 1);
 647          $this->verify_yesno_option($options, 'sourceeditor', 0);
 648          $this->verify_yesno_option($options, 'buddyrequestspm', 1);
 649          $this->verify_yesno_option($options, 'buddyrequestsauto', 0);
 650  
 651          if($mybb->settings['postlayout'] == 'classic')
 652          {
 653              $this->verify_yesno_option($options, 'classicpostbit', 1);
 654          }
 655          else
 656          {
 657              $this->verify_yesno_option($options, 'classicpostbit', 0);
 658          }
 659  
 660          if(array_key_exists('subscriptionmethod', $options))
 661          {
 662              // Value out of range
 663              $options['subscriptionmethod'] = (int)$options['subscriptionmethod'];
 664              if($options['subscriptionmethod'] < 0 || $options['subscriptionmethod'] > 3)
 665              {
 666                  $options['subscriptionmethod'] = 0;
 667              }
 668          }
 669  
 670          if(array_key_exists('dstcorrection', $options))
 671          {
 672              // Value out of range
 673              $options['dstcorrection'] = (int)$options['dstcorrection'];
 674              if($options['dstcorrection'] < 0 || $options['dstcorrection'] > 2)
 675              {
 676                  $options['dstcorrection'] = 0;
 677              }
 678          }
 679  
 680          if($options['dstcorrection'] == 1)
 681          {
 682              $options['dst'] = 1;
 683          }
 684          else if($options['dstcorrection'] == 0)
 685          {
 686              $options['dst'] = 0;
 687          }
 688  
 689          if($this->method == "insert" || (isset($options['threadmode']) && $options['threadmode'] != "linear" && $options['threadmode'] != "threaded"))
 690          {
 691              if($mybb->settings['threadusenetstyle'])
 692              {
 693                  $options['threadmode'] = 'threaded';
 694              }
 695              else
 696              {
 697                  $options['threadmode'] = 'linear';
 698              }
 699          }
 700  
 701          // Verify the "threads per page" option.
 702          if($this->method == "insert" || (array_key_exists('tpp', $options) && $mybb->settings['usertppoptions']))
 703          {
 704              if(!isset($options['tpp']))
 705              {
 706                  $options['tpp'] = 0;
 707              }
 708              $explodedtpp = explode(",", $mybb->settings['usertppoptions']);
 709              if(is_array($explodedtpp))
 710              {
 711                  @asort($explodedtpp);
 712                  $biggest = $explodedtpp[count($explodedtpp)-1];
 713                  // Is the selected option greater than the allowed options?
 714                  if($options['tpp'] > $biggest)
 715                  {
 716                      $options['tpp'] = $biggest;
 717                  }
 718              }
 719              $options['tpp'] = (int)$options['tpp'];
 720          }
 721          // Verify the "posts per page" option.
 722          if($this->method == "insert" || (array_key_exists('ppp', $options) && $mybb->settings['userpppoptions']))
 723          {
 724              if(!isset($options['ppp']))
 725              {
 726                  $options['ppp'] = 0;
 727              }
 728              $explodedppp = explode(",", $mybb->settings['userpppoptions']);
 729              if(is_array($explodedppp))
 730              {
 731                  @asort($explodedppp);
 732                  $biggest = $explodedppp[count($explodedppp)-1];
 733                  // Is the selected option greater than the allowed options?
 734                  if($options['ppp'] > $biggest)
 735                  {
 736                      $options['ppp'] = $biggest;
 737                  }
 738              }
 739              $options['ppp'] = (int)$options['ppp'];
 740          }
 741          // Is our selected "days prune" option valid or not?
 742          if($this->method == "insert" || array_key_exists('daysprune', $options))
 743          {
 744              if(!isset($options['daysprune']))
 745              {
 746                  $options['daysprune'] = 0;
 747              }
 748              $options['daysprune'] = (int)$options['daysprune'];
 749              if($options['daysprune'] < 0)
 750              {
 751                  $options['daysprune'] = 0;
 752              }
 753          }
 754          $this->data['options'] = $options;
 755      }
 756  
 757      /**
 758       * Verifies if a registration date is valid or not.
 759       *
 760       * @return boolean True when valid, false when invalid.
 761       */
 762  	function verify_regdate()
 763      {
 764          $regdate = &$this->data['regdate'];
 765  
 766          $regdate = (int)$regdate;
 767          // If the timestamp is below 0, set it to the current time.
 768          if($regdate <= 0)
 769          {
 770              $regdate = TIME_NOW;
 771          }
 772          return true;
 773      }
 774  
 775      /**
 776       * Verifies if a last visit date is valid or not.
 777       *
 778       * @return boolean True when valid, false when invalid.
 779       */
 780  	function verify_lastvisit()
 781      {
 782          $lastvisit = &$this->data['lastvisit'];
 783  
 784          $lastvisit = (int)$lastvisit;
 785          // If the timestamp is below 0, set it to the current time.
 786          if($lastvisit <= 0)
 787          {
 788              $lastvisit = TIME_NOW;
 789          }
 790          return true;
 791  
 792      }
 793  
 794      /**
 795       * Verifies if a last active date is valid or not.
 796       *
 797       * @return boolean True when valid, false when invalid.
 798       */
 799  	function verify_lastactive()
 800      {
 801          $lastactive = &$this->data['lastactive'];
 802  
 803          $lastactive = (int)$lastactive;
 804          // If the timestamp is below 0, set it to the current time.
 805          if($lastactive <= 0)
 806          {
 807              $lastactive = TIME_NOW;
 808          }
 809          return true;
 810  
 811      }
 812  
 813      /**
 814       * Verifies if an away mode status is valid or not.
 815       *
 816       * @return boolean True when valid, false when invalid.
 817       */
 818  	function verify_away()
 819      {
 820          global $mybb;
 821  
 822          $user = &$this->data;
 823          // If the board does not allow "away mode" or the user is marking as not away, set defaults.
 824          if($mybb->settings['allowaway'] == 0 || !isset($user['away']['away']) || $user['away']['away'] != 1)
 825          {
 826              $user['away']['away'] = 0;
 827              $user['away']['date'] = 0;
 828              $user['away']['returndate'] = 0;
 829              $user['away']['awayreason'] = '';
 830              return true;
 831          }
 832          else if($user['away']['returndate'])
 833          {
 834              list($returnday, $returnmonth, $returnyear) = explode('-', $user['away']['returndate']);
 835              if(!$returnday || !$returnmonth || !$returnyear)
 836              {
 837                  $this->set_error("missing_returndate");
 838                  return false;
 839              }
 840  
 841              // Validate the return date lengths
 842              $user['away']['returndate'] = substr($returnday, 0, 2).'-'.substr($returnmonth, 0, 2).'-'.substr($returnyear, 0, 4);
 843          }
 844          return true;
 845      }
 846  
 847      /**
 848       * Verifies if a language is valid for this user or not.
 849       *
 850       * @return boolean True when valid, false when invalid.
 851       */
 852  	function verify_language()
 853      {
 854          global $lang;
 855  
 856          $language = &$this->data['language'];
 857  
 858          // An invalid language has been specified?
 859          if($language != '' && !$lang->language_exists($language))
 860          {
 861              $this->set_error("invalid_language");
 862              return false;
 863          }
 864          return true;
 865      }
 866  
 867      /**
 868       * Verifies if a style is valid for this user or not.
 869       *
 870       * @return boolean True when valid, false when invalid.
 871       */
 872  	function verify_style()
 873      {
 874          global $lang;
 875  
 876          $user = &$this->data;
 877  
 878          if($user['style'])
 879          {
 880              $theme = get_theme($user['style']);
 881  
 882              if(empty($theme) || !is_member($theme['allowedgroups'], $user) && $theme['allowedgroups'] != 'all')
 883              {
 884                  $this->set_error('invalid_style');
 885                  return false;
 886              }
 887          }
 888  
 889          return true;
 890      }
 891  
 892      /**
 893       * Verifies if this is coming from a spam bot or not
 894       *
 895       * @return boolean True when valid, false when invalid.
 896       */
 897  	function verify_checkfields()
 898      {
 899          $user = &$this->data;
 900  
 901          // An invalid language has been specified?
 902          if($user['regcheck1'] !== "" || $user['regcheck2'] !== "true")
 903          {
 904              $this->set_error("invalid_checkfield");
 905              return false;
 906          }
 907          return true;
 908      }
 909  
 910      /**
 911       * Verifies if the user timezone is valid.
 912       * If the timezone is invalid, the board default is used.
 913       *
 914       * @return boolean True when timezone was valid, false otherwise
 915       */
 916  	function verify_timezone()
 917      {
 918          $user = &$this->data;
 919  
 920          $timezones = get_supported_timezones();
 921  
 922          if(!array_key_exists($user['timezone'], $timezones))
 923          {
 924              $user['timezone'] = $mybb->settings['timezoneoffset'];
 925              return false;
 926          }
 927  
 928          return true;
 929      }
 930  
 931      /**
 932      * Validate all user assets.
 933      *
 934      * @return boolean True when valid, false when invalid.
 935      */
 936  	function validate_user()
 937      {
 938          global $mybb, $plugins;
 939  
 940          $user = &$this->data;
 941  
 942          // First, grab the old user details if this user exists
 943          if(!empty($user['uid']))
 944          {
 945              $old_user = get_user($user['uid']);
 946          }
 947  
 948          if($this->method == "insert" || array_key_exists('username', $user))
 949          {
 950              // If the username is the same - no need to verify
 951              if(!isset($old_user['username']) || $user['username'] != $old_user['username'])
 952              {
 953                  $this->verify_username();
 954                  $this->verify_username_exists();
 955              }
 956              else
 957              {
 958                  unset($user['username']);
 959              }
 960          }
 961          if($this->method == "insert" || array_key_exists('usertitle', $user))
 962          {
 963              $this->verify_usertitle();
 964          }
 965          if($this->method == "insert" || array_key_exists('password', $user))
 966          {
 967              $this->verify_password();
 968          }
 969          if($this->method == "insert" || array_key_exists('usergroup', $user))
 970          {
 971              $this->verify_usergroup();
 972          }
 973          if($this->method == "insert" || array_key_exists('email', $user))
 974          {
 975              $this->verify_email();
 976          }
 977          if($this->method == "insert" || array_key_exists('website', $user))
 978          {
 979              $this->verify_website();
 980          }
 981          if($this->method == "insert" || array_key_exists('icq', $user))
 982          {
 983              $this->verify_icq();
 984          }
 985          if($this->method == "insert" || (isset($user['birthday']) && is_array($user['birthday'])))
 986          {
 987              $this->verify_birthday();
 988          }
 989          if($this->method == "insert" || array_key_exists('postnum', $user))
 990          {
 991              $this->verify_postnum();
 992          }
 993          if($this->method == "insert" || array_key_exists('threadnum', $user))
 994          {
 995              $this->verify_threadnum();
 996          }
 997          if($this->method == "insert" || array_key_exists('profile_fields', $user))
 998          {
 999              $this->verify_profile_fields();
1000          }
1001          if($this->method == "insert" || array_key_exists('referrer', $user))
1002          {
1003              $this->verify_referrer();
1004          }
1005          if($this->method == "insert" || array_key_exists('options', $user))
1006          {
1007              $this->verify_options();
1008          }
1009          if($this->method == "insert" || array_key_exists('regdate', $user))
1010          {
1011              $this->verify_regdate();
1012          }
1013          if($this->method == "insert" || array_key_exists('lastvisit', $user))
1014          {
1015              $this->verify_lastvisit();
1016          }
1017          if($this->method == "insert" || array_key_exists('lastactive', $user))
1018          {
1019              $this->verify_lastactive();
1020          }
1021          if($this->method == "insert" || array_key_exists('away', $user))
1022          {
1023              $this->verify_away();
1024          }
1025          if($this->method == "insert" || array_key_exists('language', $user))
1026          {
1027              $this->verify_language();
1028          }
1029          if($this->method == "insert" || array_key_exists('timezone', $user))
1030          {
1031              $this->verify_timezone();
1032          }
1033          if($this->method == "insert" && array_key_exists('regcheck1', $user) && array_key_exists('regcheck2', $user))
1034          {
1035              $this->verify_checkfields();
1036          }
1037          if(array_key_exists('birthdayprivacy', $user))
1038          {
1039              $this->verify_birthday_privacy();
1040          }
1041          if($this->method == "insert" || array_key_exists('style', $user))
1042          {
1043              $this->verify_style();
1044          }
1045          if($this->method == "insert" || array_key_exists('signature', $user))
1046          {
1047              $this->verify_signature();
1048          }
1049  
1050          $plugins->run_hooks("datahandler_user_validate", $this);
1051  
1052          // We are done validating, return.
1053          $this->set_validated(true);
1054          if(count($this->get_errors()) > 0)
1055          {
1056              return false;
1057          }
1058          else
1059          {
1060              return true;
1061          }
1062      }
1063  
1064      /**
1065      * Inserts a user into the database.
1066      *
1067      * @return array
1068      */
1069  	function insert_user()
1070      {
1071          global $db, $cache, $plugins;
1072  
1073          // Yes, validating is required.
1074          if(!$this->get_validated())
1075          {
1076              die("The user needs to be validated before inserting it into the DB.");
1077          }
1078          if(count($this->get_errors()) > 0)
1079          {
1080              die("The user is not valid.");
1081          }
1082  
1083          $user = &$this->data;
1084  
1085          $array = array('postnum', 'threadnum', 'avatar', 'avatartype', 'additionalgroups', 'displaygroup', 'icq', 'aim', 'yahoo', 'skype', 'google', 'bday', 'signature', 'style', 'dateformat', 'timeformat', 'notepad');
1086          foreach($array as $value)
1087          {
1088              if(!isset($user[$value]))
1089              {
1090                  $user[$value] = '';
1091              }
1092          }
1093  
1094          $this->user_insert_data = array(
1095              "username" => $db->escape_string($user['username']),
1096              "password" => $user['password'],
1097              "salt" => $user['salt'],
1098              "loginkey" => $user['loginkey'],
1099              "email" => $db->escape_string($user['email']),
1100              "postnum" => (int)$user['postnum'],
1101              "threadnum" => (int)$user['threadnum'],
1102              "avatar" => $db->escape_string($user['avatar']),
1103              "avatartype" => $db->escape_string($user['avatartype']),
1104              "usergroup" => (int)$user['usergroup'],
1105              "additionalgroups" => $db->escape_string($user['additionalgroups']),
1106              "displaygroup" => (int)$user['displaygroup'],
1107              "usertitle" => $db->escape_string(htmlspecialchars_uni($user['usertitle'])),
1108              "regdate" => (int)$user['regdate'],
1109              "lastactive" => (int)$user['lastactive'],
1110              "lastvisit" => (int)$user['lastvisit'],
1111              "website" => $db->escape_string($user['website']),
1112              "icq" => (int)$user['icq'],
1113              "aim" => $db->escape_string($user['aim']),
1114              "yahoo" => $db->escape_string($user['yahoo']),
1115              "skype" => $db->escape_string($user['skype']),
1116              "google" => $db->escape_string($user['google']),
1117              "birthday" => $user['bday'],
1118              "signature" => $db->escape_string($user['signature']),
1119              "allownotices" => (int)$user['options']['allownotices'],
1120              "hideemail" => (int)$user['options']['hideemail'],
1121              "subscriptionmethod" => (int)$user['options']['subscriptionmethod'],
1122              "receivepms" => (int)$user['options']['receivepms'],
1123              "receivefrombuddy" => (int)$user['options']['receivefrombuddy'],
1124              "pmnotice" => (int)$user['options']['pmnotice'],
1125              "pmnotify" => (int)$user['options']['pmnotify'],
1126              "showimages" => (int)$user['options']['showimages'],
1127              "showvideos" => (int)$user['options']['showvideos'],
1128              "showsigs" => (int)$user['options']['showsigs'],
1129              "showavatars" => (int)$user['options']['showavatars'],
1130              "showquickreply" => (int)$user['options']['showquickreply'],
1131              "showredirect" => (int)$user['options']['showredirect'],
1132              "tpp" => (int)$user['options']['tpp'],
1133              "ppp" => (int)$user['options']['ppp'],
1134              "invisible" => (int)$user['options']['invisible'],
1135              "style" => (int)$user['style'],
1136              "timezone" => $db->escape_string($user['timezone']),
1137              "dstcorrection" => (int)$user['options']['dstcorrection'],
1138              "threadmode" => $user['options']['threadmode'],
1139              "daysprune" => (int)$user['options']['daysprune'],
1140              "dateformat" => $db->escape_string($user['dateformat']),
1141              "timeformat" => $db->escape_string($user['timeformat']),
1142              "regip" => $db->escape_binary($user['regip']),
1143              "language" => $db->escape_string($user['language']),
1144              "showcodebuttons" => (int)$user['options']['showcodebuttons'],
1145              "sourceeditor" => (int)$user['options']['sourceeditor'],
1146              "buddyrequestspm" => (int)$user['options']['buddyrequestspm'],
1147              "buddyrequestsauto" => (int)$user['options']['buddyrequestsauto'],
1148              "away" => (int)$user['away']['away'],
1149              "awaydate" => (int)$user['away']['date'],
1150              "returndate" => $user['away']['returndate'],
1151              "awayreason" => $db->escape_string($user['away']['awayreason']),
1152              "notepad" => $db->escape_string($user['notepad']),
1153              "referrer" => (int)$user['referrer_uid'],
1154              "referrals" => 0,
1155              "buddylist" => '',
1156              "ignorelist" => '',
1157              "pmfolders" => '',
1158              "notepad" => '',
1159              "warningpoints" => 0,
1160              "moderateposts" => 0,
1161              "moderationtime" => 0,
1162              "suspendposting" => 0,
1163              "suspensiontime" => 0,
1164              "coppauser" => (int)$user['coppa_user'],
1165              "classicpostbit" => (int)$user['options']['classicpostbit'],
1166              "usernotes" => ''
1167          );
1168  
1169          if($user['options']['dstcorrection'] == 1)
1170          {
1171              $this->user_insert_data['dst'] = 1;
1172          }
1173          else if($user['options']['dstcorrection'] == 0)
1174          {
1175              $this->user_insert_data['dst'] = 0;
1176          }
1177  
1178          $plugins->run_hooks("datahandler_user_insert", $this);
1179  
1180          $this->uid = $db->insert_query("users", $this->user_insert_data);
1181  
1182          $user['user_fields']['ufid'] = $this->uid;
1183  
1184          $pfcache = $cache->read('profilefields');
1185  
1186          if(is_array($pfcache))
1187          {
1188              foreach($pfcache as $profile_field)
1189              {
1190                  if(array_key_exists("fid{$profile_field['fid']}", $user['user_fields']))
1191                  {
1192                      continue;
1193                  }
1194                  $user['user_fields']["fid{$profile_field['fid']}"] = '';
1195              }
1196          }
1197  
1198          $db->insert_query("userfields", $user['user_fields'], false);
1199  
1200          if($this->user_insert_data['referrer'] != 0)
1201          {
1202              $db->write_query("
1203                  UPDATE ".TABLE_PREFIX."users
1204                  SET referrals=referrals+1
1205                  WHERE uid='{$this->user_insert_data['referrer']}'
1206              ");
1207          }
1208  
1209          // Update forum stats
1210          update_stats(array('numusers' => '+1'));
1211  
1212          if((int)$user['usergroup'] == 5)
1213          {
1214              $cache->update_awaitingactivation();
1215          }
1216  
1217          $this->return_values = array(
1218              "uid" => $this->uid,
1219              "username" => $user['username'],
1220              "loginkey" => $user['loginkey'],
1221              "email" => $user['email'],
1222              "password" => $user['password'],
1223              "usergroup" => $user['usergroup']
1224          );
1225  
1226          $plugins->run_hooks("datahandler_user_insert_end", $this);
1227  
1228          return $this->return_values;
1229      }
1230  
1231      /**
1232      * Updates a user in the database.
1233      *
1234      * @return bool
1235      */
1236  	function update_user()
1237      {
1238          global $db, $plugins, $cache;
1239  
1240          // Yes, validating is required.
1241          if(!$this->get_validated())
1242          {
1243              die("The user needs to be validated before inserting it into the DB.");
1244          }
1245          if(count($this->get_errors()) > 0)
1246          {
1247              die("The user is not valid.");
1248          }
1249  
1250          $user = &$this->data;
1251          $user['uid'] = (int)$user['uid'];
1252          $this->uid = $user['uid'];
1253  
1254          // Set up the update data.
1255          if(isset($user['username']))
1256          {
1257              $this->user_update_data['username'] = $db->escape_string($user['username']);
1258          }
1259          if(isset($user['password']))
1260          {
1261              $this->user_update_data['password'] = $user['password'];
1262          }
1263          if(isset($user['salt']))
1264          {
1265              $this->user_update_data['salt'] = $user['salt'];
1266          }
1267          if(isset($user['loginkey']))
1268          {
1269              $this->user_update_data['loginkey'] = $user['loginkey'];
1270          }
1271          if(isset($user['email']))
1272          {
1273              $this->user_update_data['email'] = $user['email'];
1274          }
1275          if(isset($user['postnum']))
1276          {
1277              $this->user_update_data['postnum'] = (int)$user['postnum'];
1278          }
1279          if(isset($user['threadnum']))
1280          {
1281              $this->user_update_data['threadnum'] = (int)$user['threadnum'];
1282          }
1283          if(isset($user['avatar']))
1284          {
1285              $this->user_update_data['avatar'] = $db->escape_string($user['avatar']);
1286              $this->user_update_data['avatartype'] = $db->escape_string($user['avatartype']);
1287          }
1288          if(isset($user['usergroup']))
1289          {
1290              $this->user_update_data['usergroup'] = (int)$user['usergroup'];
1291          }
1292          if(isset($user['additionalgroups']))
1293          {
1294              $this->user_update_data['additionalgroups'] = $db->escape_string($user['additionalgroups']);
1295          }
1296          if(isset($user['displaygroup']))
1297          {
1298              $this->user_update_data['displaygroup'] = (int)$user['displaygroup'];
1299          }
1300          if(isset($user['usertitle']))
1301          {
1302              $this->user_update_data['usertitle'] = $db->escape_string($user['usertitle']);
1303          }
1304          if(isset($user['regdate']))
1305          {
1306              $this->user_update_data['regdate'] = (int)$user['regdate'];
1307          }
1308          if(isset($user['lastactive']))
1309          {
1310              $this->user_update_data['lastactive'] = (int)$user['lastactive'];
1311          }
1312          if(isset($user['lastvisit']))
1313          {
1314              $this->user_update_data['lastvisit'] = (int)$user['lastvisit'];
1315          }
1316          if(isset($user['signature']))
1317          {
1318              $this->user_update_data['signature'] = $db->escape_string($user['signature']);
1319          }
1320          if(isset($user['website']))
1321          {
1322              $this->user_update_data['website'] = $db->escape_string($user['website']);
1323          }
1324          if(isset($user['icq']))
1325          {
1326              $this->user_update_data['icq'] = (int)$user['icq'];
1327          }
1328          if(isset($user['aim']))
1329          {
1330              $this->user_update_data['aim'] = $db->escape_string($user['aim']);
1331          }
1332          if(isset($user['yahoo']))
1333          {
1334              $this->user_update_data['yahoo'] = $db->escape_string($user['yahoo']);
1335          }
1336          if(isset($user['skype']))
1337          {
1338              $this->user_update_data['skype'] = $db->escape_string($user['skype']);
1339          }
1340          if(isset($user['google']))
1341          {
1342              $this->user_update_data['google'] = $db->escape_string($user['google']);
1343          }
1344          if(isset($user['bday']))
1345          {
1346              $this->user_update_data['birthday'] = $user['bday'];
1347          }
1348          if(isset($user['birthdayprivacy']))
1349          {
1350              $this->user_update_data['birthdayprivacy'] = $db->escape_string($user['birthdayprivacy']);
1351          }
1352          if(isset($user['style']))
1353          {
1354              $this->user_update_data['style'] = (int)$user['style'];
1355          }
1356          if(isset($user['timezone']))
1357          {
1358              $this->user_update_data['timezone'] = $db->escape_string($user['timezone']);
1359          }
1360          if(isset($user['dateformat']))
1361          {
1362              $this->user_update_data['dateformat'] = $db->escape_string($user['dateformat']);
1363          }
1364          if(isset($user['timeformat']))
1365          {
1366              $this->user_update_data['timeformat'] = $db->escape_string($user['timeformat']);
1367          }
1368          if(isset($user['regip']))
1369          {
1370              $this->user_update_data['regip'] = $db->escape_string($user['regip']);
1371          }
1372          if(isset($user['language']))
1373          {
1374              $this->user_update_data['language'] = $db->escape_string($user['language']);
1375          }
1376          if(isset($user['away']))
1377          {
1378              $this->user_update_data['away'] = (int)$user['away']['away'];
1379              $this->user_update_data['awaydate'] = $db->escape_string($user['away']['date']);
1380              $this->user_update_data['returndate'] = $db->escape_string($user['away']['returndate']);
1381              $this->user_update_data['awayreason'] = $db->escape_string($user['away']['awayreason']);
1382          }
1383          if(isset($user['notepad']))
1384          {
1385              $this->user_update_data['notepad'] = $db->escape_string($user['notepad']);
1386          }
1387          if(isset($user['usernotes']))
1388          {
1389              $this->user_update_data['usernotes'] = $db->escape_string($user['usernotes']);
1390          }
1391          if(isset($user['options']) && is_array($user['options']))
1392          {
1393              foreach($user['options'] as $option => $value)
1394              {
1395                  $this->user_update_data[$option] = $value;
1396              }
1397          }
1398          if(array_key_exists('coppa_user', $user))
1399          {
1400              $this->user_update_data['coppauser'] = (int)$user['coppa_user'];
1401          }
1402          // First, grab the old user details for later use.
1403          $old_user = get_user($user['uid']);
1404  
1405          // If old user has new pmnotice and new user has = yes, keep old value
1406          if($old_user['pmnotice'] == "2" && $this->user_update_data['pmnotice'] == 1)
1407          {
1408              unset($this->user_update_data['pmnotice']);
1409          }
1410  
1411          $plugins->run_hooks("datahandler_user_update", $this);
1412  
1413          if(count($this->user_update_data) < 1 && empty($user['user_fields']))
1414          {
1415              return false;
1416          }
1417  
1418          if(count($this->user_update_data) > 0)
1419          {
1420              // Actual updating happens here.
1421              $db->update_query("users", $this->user_update_data, "uid='{$user['uid']}'");
1422          }
1423  
1424          $cache->update_moderators();
1425          if(isset($user['bday']) || isset($user['username']))
1426          {
1427              $cache->update_birthdays();
1428          }
1429  
1430          if(isset($user['usergroup']) && (int)$user['usergroup'] == 5)
1431          {
1432              $cache->update_awaitingactivation();
1433          }
1434  
1435          // Maybe some userfields need to be updated?
1436          if(isset($user['user_fields']) && is_array($user['user_fields']))
1437          {
1438              $query = $db->simple_select("userfields", "*", "ufid='{$user['uid']}'");
1439              $fields = $db->fetch_array($query);
1440              if(!$fields['ufid'])
1441              {
1442                  $user_fields = array(
1443                      'ufid' => $user['uid']
1444                  );
1445  
1446                  $fields_array = $db->show_fields_from("userfields");
1447                  foreach($fields_array as $field)
1448                  {
1449                      if($field['Field'] == 'ufid')
1450                      {
1451                          continue;
1452                      }
1453                      $user_fields[$field['Field']] = '';
1454                  }
1455                  $db->insert_query("userfields", $user_fields);
1456              }
1457              $db->update_query("userfields", $user['user_fields'], "ufid='{$user['uid']}'", false);
1458          }
1459  
1460          // Let's make sure the user's name gets changed everywhere in the db if it changed.
1461          if(!empty($this->user_update_data['username']) && $this->user_update_data['username'] != $old_user['username'])
1462          {
1463              $username_update = array(
1464                  "username" => $this->user_update_data['username']
1465              );
1466              $lastposter_update = array(
1467                  "lastposter" => $this->user_update_data['username']
1468              );
1469  
1470              $db->update_query("posts", $username_update, "uid='{$user['uid']}'");
1471              $db->update_query("threads", $username_update, "uid='{$user['uid']}'");
1472              $db->update_query("threads", $lastposter_update, "lastposteruid='{$user['uid']}'");
1473              $db->update_query("forums", $lastposter_update, "lastposteruid='{$user['uid']}'");
1474  
1475              $stats = $cache->read("stats");
1476              if($stats['lastuid'] == $user['uid'])
1477              {
1478                  // User was latest to register, update stats
1479                  update_stats(array("numusers" => "+0"));
1480              }
1481          }
1482  
1483          return true;
1484      }
1485  
1486      /**
1487       * Provides a method to completely delete a user.
1488       *
1489       * @param array $delete_uids Array of user information
1490       * @param integer $prunecontent Whether if delete threads/posts or not
1491       * @return array
1492       */
1493  	function delete_user($delete_uids, $prunecontent=0)
1494      {
1495          global $db, $plugins, $mybb, $cache;
1496  
1497          // Yes, validating is required.
1498          if(count($this->get_errors()) > 0)
1499          {
1500              die('The user is not valid.');
1501          }
1502  
1503          $this->delete_uids = array_map('intval', (array)$delete_uids);
1504  
1505          foreach($this->delete_uids as $key => $uid)
1506          {
1507              if(!$uid || is_super_admin($uid) || $uid == $mybb->user['uid'])
1508              {
1509                  // Remove super admins
1510                  unset($this->delete_uids[$key]);
1511              }
1512          }
1513  
1514          $plugins->run_hooks('datahandler_user_delete_start', $this);
1515  
1516          $this->delete_uids = implode(',', $this->delete_uids);
1517  
1518          if(empty($this->delete_uids))
1519          {
1520              $this->deleted_users = 0;
1521              $this->return_values = array(
1522                  "deleted_users" => $this->deleted_users
1523              );
1524  
1525              return $this->return_values;
1526          }
1527  
1528          $this->delete_content();
1529  
1530          // Delete the user
1531          $query = $db->delete_query('users', "uid IN({$this->delete_uids})");
1532          $this->deleted_users = $db->affected_rows($query);
1533  
1534          // Are we removing the posts/threads of a user?
1535          if((int)$prunecontent == 1)
1536          {
1537              $this->delete_posts();
1538              $db->delete_query('announcements', "uid IN({$this->delete_uids})");
1539          }
1540          else
1541          {
1542              // We're just updating the UID
1543              $db->update_query('pollvotes', array('uid' => 0), "uid IN({$this->delete_uids})");
1544              $db->update_query('posts', array('uid' => 0), "uid IN({$this->delete_uids})");
1545              $db->update_query('threads', array('uid' => 0), "uid IN({$this->delete_uids})");
1546              $db->update_query('attachments', array('uid' => 0), "uid IN({$this->delete_uids})");
1547              $db->update_query('announcements', array('uid' => 0), "uid IN({$this->delete_uids})");
1548          }
1549  
1550          $db->update_query('privatemessages', array('fromid' => 0), "fromid IN({$this->delete_uids})");
1551          $db->update_query('users', array('referrer' => 0), "referrer IN({$this->delete_uids})");
1552  
1553          // Update thread ratings
1554          $query = $db->query("
1555              SELECT r.*, t.numratings, t.totalratings
1556              FROM ".TABLE_PREFIX."threadratings r
1557              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=r.tid)
1558              WHERE r.uid IN({$this->delete_uids})
1559          ");
1560          while($rating = $db->fetch_array($query))
1561          {
1562              $update_thread = array(
1563                  "numratings" => $rating['numratings'] - 1,
1564                  "totalratings" => $rating['totalratings'] - $rating['rating']
1565              );
1566              $db->update_query("threads", $update_thread, "tid='{$rating['tid']}'");
1567          }
1568  
1569          $db->delete_query('threadratings', "uid IN({$this->delete_uids})");
1570  
1571          // Update forums & threads if user is the lastposter
1572          $db->update_query('forums', array('lastposteruid' => 0), "lastposteruid IN({$this->delete_uids})");
1573          $db->update_query('threads', array('lastposteruid' => 0), "lastposteruid IN({$this->delete_uids})");
1574  
1575          // Update forum stats
1576          update_stats(array('numusers' => '-'.$this->deleted_users));
1577  
1578          $this->return_values = array(
1579              "deleted_users" => $this->deleted_users
1580          );
1581  
1582          $plugins->run_hooks("datahandler_user_delete_end", $this);
1583  
1584          // Update  cache
1585          $cache->update_banned();
1586          $cache->update_moderators();
1587          $cache->update_forumsdisplay();
1588          $cache->update_reportedcontent();
1589          $cache->update_awaitingactivation();
1590          $cache->update_birthdays();
1591  
1592          return $this->return_values;
1593      }
1594  
1595      /**
1596       * Provides a method to delete users' content
1597       *
1598       * @param array|bool $delete_uids Array of user ids, false if they're already set (eg when using the delete_user function)
1599       */
1600  	function delete_content($delete_uids=false)
1601      {
1602          global $db, $plugins, $mybb;
1603  
1604          if($delete_uids != false)
1605          {
1606              $this->delete_uids = array_map('intval', (array)$delete_uids);
1607  
1608              foreach($this->delete_uids as $key => $uid)
1609              {
1610                  if(!$uid || is_super_admin($uid) || $uid == $mybb->user['uid'])
1611                  {
1612                      // Remove super admins
1613                      unset($this->delete_uids[$key]);
1614                  }
1615              }
1616  
1617              $this->delete_uids = implode(',', $this->delete_uids);
1618          }
1619  
1620          $plugins->run_hooks('datahandler_user_delete_content', $this);
1621  
1622          if(empty($this->delete_uids))
1623          {
1624              return;
1625          }
1626  
1627          $db->delete_query('userfields', "ufid IN({$this->delete_uids})");
1628          $db->delete_query('privatemessages', "uid IN({$this->delete_uids})");
1629          $db->delete_query('events', "uid IN({$this->delete_uids})");
1630          $db->delete_query('moderators', "id IN({$this->delete_uids}) AND isgroup = 0");
1631          $db->delete_query('forumsubscriptions', "uid IN({$this->delete_uids})");
1632          $db->delete_query('threadsubscriptions', "uid IN({$this->delete_uids})");
1633          $db->delete_query('forumsread', "uid IN({$this->delete_uids})");
1634          $db->delete_query('threadsread', "uid IN({$this->delete_uids})");
1635          $db->delete_query('adminviews', "uid IN({$this->delete_uids})");
1636          $db->delete_query('adminoptions', "uid IN({$this->delete_uids})");
1637          $db->delete_query('adminsessions', "uid IN({$this->delete_uids})");
1638          $db->delete_query('sessions', "uid IN({$this->delete_uids})");
1639          $db->delete_query('banned', "uid IN({$this->delete_uids})");
1640          $db->delete_query('joinrequests', "uid IN({$this->delete_uids})");
1641          $db->delete_query('groupleaders', "uid IN({$this->delete_uids})");
1642          $db->delete_query('awaitingactivation', "uid IN({$this->delete_uids})");
1643          $db->delete_query('warnings', "uid IN({$this->delete_uids})");
1644          $db->delete_query('reputation', "uid IN({$this->delete_uids}) OR adduid IN({$this->delete_uids})");
1645          $db->delete_query('buddyrequests', "uid IN({$this->delete_uids}) OR touid IN({$this->delete_uids})");
1646          $db->delete_query('posts', "uid IN({$this->delete_uids}) AND visible = -2");
1647          $db->delete_query('threads', "uid IN({$this->delete_uids}) AND visible = -2");
1648  
1649          // Delete reports made to the profile or reputation of the deleted users (i.e. made by them)
1650          $db->delete_query('reportedcontent', "type='reputation' AND id3 IN({$this->delete_uids}) OR type='reputation' AND id2 IN({$this->delete_uids})");
1651          $db->delete_query('reportedcontent', "type='profile' AND id IN({$this->delete_uids})");
1652  
1653          // Update the reports made by the deleted users by setting the uid to 0
1654          $db->update_query('reportedcontent', array('uid' => 0), "uid IN({$this->delete_uids})");
1655  
1656          // Remove any of the user(s) uploaded avatars
1657          require_once  MYBB_ROOT.'inc/functions_upload.php';
1658          foreach(explode(',', $this->delete_uids) as $uid)
1659          {
1660              remove_avatars($uid);
1661          }
1662      }
1663  
1664      /**
1665       * Provides a method to delete an users posts and threads
1666       *
1667       * @param array|bool $delete_uids Array of user ids, false if they're already set (eg when using the delete_user function)
1668       */
1669  	function delete_posts($delete_uids=false)
1670      {
1671          global $db, $plugins, $mybb;
1672  
1673          if($delete_uids != false)
1674          {
1675              $this->delete_uids = array_map('intval', (array)$delete_uids);
1676  
1677              foreach($this->delete_uids as $key => $uid)
1678              {
1679                  if(!$uid || is_super_admin($uid) || $uid == $mybb->user['uid'])
1680                  {
1681                      // Remove super admins
1682                      unset($this->delete_uids[$key]);
1683                  }
1684              }
1685  
1686              $this->delete_uids = implode(',', $this->delete_uids);
1687          }
1688  
1689          require_once  MYBB_ROOT.'inc/class_moderation.php';
1690          $moderation = new Moderation();
1691  
1692          $plugins->run_hooks('datahandler_user_delete_posts', $this);
1693  
1694          if(empty($this->delete_uids))
1695          {
1696              return;
1697          }
1698  
1699          // Threads
1700          $query = $db->simple_select('threads', 'tid', "uid IN({$this->delete_uids})");
1701          while($tid = $db->fetch_field($query, 'tid'))
1702          {
1703              $moderation->delete_thread($tid);
1704          }
1705  
1706          // Posts
1707          $query = $db->simple_select('posts', 'pid', "uid IN({$this->delete_uids})");
1708          while($pid = $db->fetch_field($query, 'pid'))
1709          {
1710              $moderation->delete_post($pid);
1711          }
1712      }
1713  
1714      /**
1715       * Provides a method to clear an users profile
1716       *
1717       * @param array|bool $delete_uids Array of user ids, false if they're already set (eg when using the delete_user function)
1718       * @param int $gid The new usergroup if the users should be moved (additional usergroups are always removed)
1719       */
1720  	function clear_profile($delete_uids=false, $gid=0)
1721      {
1722          global $db, $plugins, $mybb;
1723  
1724          // delete_uids isn't a nice name, but it's used as the functions above use the same
1725          if($delete_uids != false)
1726          {
1727              $this->delete_uids = array_map('intval', (array)$delete_uids);
1728  
1729              foreach($this->delete_uids as $key => $uid)
1730              {
1731                  if(!$uid || is_super_admin($uid) || $uid == $mybb->user['uid'])
1732                  {
1733                      // Remove super admins
1734                      unset($this->delete_uids[$key]);
1735                  }
1736              }
1737  
1738              $this->delete_uids = implode(',', $this->delete_uids);
1739          }
1740  
1741          $update = array(
1742              "website" => "",
1743              "birthday" => "",
1744              "icq" => "",
1745              "aim" => "",
1746              "yahoo" => "",
1747              "skype" => "",
1748              "google" => "",
1749              "usertitle" => "",
1750              "away" => 0,
1751              "awaydate" => 0,
1752              "returndate" => "",
1753              "awayreason" => "",
1754              "additionalgroups" => "",
1755              "displaygroup" => 0,
1756              "signature" => "",
1757              "avatar" => "",
1758              'avatardimensions' => '',
1759              'avatartype' => ''
1760          );
1761  
1762          if($gid > 0)
1763          {
1764              $update["usergroup"] = (int)$gid;
1765          }
1766  
1767          $plugins->run_hooks('datahandler_user_clear_profile', $this);
1768  
1769          if(empty($this->delete_uids))
1770          {
1771              return;
1772          }
1773  
1774          $db->update_query("users", $update, "uid IN({$this->delete_uids})");
1775          $db->delete_query('userfields', "ufid IN({$this->delete_uids})");
1776  
1777          // Remove any of the user(s) uploaded avatars
1778          require_once  MYBB_ROOT.'inc/functions_upload.php';
1779          foreach(explode(',', $this->delete_uids) as $uid)
1780          {
1781              remove_avatars($uid);
1782          }
1783      }
1784  
1785  	public function verify_signature()
1786      {
1787          global $mybb, $parser;
1788  
1789          if(!isset($parser))
1790          {
1791              require_once  MYBB_ROOT."inc/class_parser.php";
1792              $parser = new postParser;
1793          }
1794  
1795          $parser_options = array(
1796              'allow_html' => $mybb->settings['sightml'],
1797              'filter_badwords' => 1,
1798              'allow_mycode' => $mybb->settings['sigmycode'],
1799              'allow_smilies' => $mybb->settings['sigsmilies'],
1800              'allow_imgcode' => $mybb->settings['sigimgcode'],
1801              "filter_badwords" => 1
1802          );
1803  
1804          $parsed_sig = $parser->parse_message($this->data['signature'], $parser_options);
1805  
1806          if((($mybb->settings['sigimgcode'] == 0 && $mybb->settings['sigsmilies'] != 1) &&
1807              substr_count($parsed_sig, "<img") > 0) ||
1808              (($mybb->settings['sigimgcode'] == 1 || $mybb->settings['sigsmilies'] == 1) &&
1809              substr_count($parsed_sig, "<img") > $mybb->settings['maxsigimages'])
1810          )
1811          {
1812              $imgsallowed = 0;
1813  
1814              if($mybb->settings['sigimgcode'] == 1)
1815              {
1816                  $imgsallowed = $mybb->settings['maxsigimages'];
1817              }
1818  
1819              $this->set_error('too_many_sig_images2', array($imgsallowed));
1820          }
1821  
1822          if($mybb->settings['sigcountmycode'] == 0)
1823          {
1824              $parsed_sig = $parser->text_parse_message($this->data['signature']);
1825          }
1826          else
1827          {
1828              $parsed_sig = $this->data['signature'];
1829          }
1830  
1831          $parsed_sig = preg_replace("#\s#", "", $parsed_sig);
1832          $sig_length = my_strlen($parsed_sig);
1833  
1834          if($sig_length > $mybb->settings['siglength'])
1835          {
1836              $this->set_error('sig_too_long', array($mybb->settings['siglength']));
1837  
1838              if($sig_length - $mybb->settings['siglength'] > 1)
1839              {
1840                  $this->set_error('sig_remove_chars_plural', array($sig_length-$mybb->settings['siglength']));
1841              }
1842              else
1843              {
1844                  $this->set_error('sig_remove_chars_singular');
1845              }
1846          }
1847  
1848          if(count($this->get_errors()) > 0)
1849          {
1850              return false;
1851          }
1852          return true;
1853      }
1854  }


2005 - 2016 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref 0.7.1