| [ Index ] |
PHP Cross Reference of MyBB 1.8.40 |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * MyBB 1.8 4 * Copyright 2014 MyBB Group, All Rights Reserved 5 * 6 * Website: http://www.mybb.com 7 * License: http://www.mybb.com/about/license 8 * 9 */ 10 11 // Disallow direct access to this file for security reasons 12 if(!defined("IN_MYBB")) 13 { 14 die("Direct initialization of this file is not allowed.<br /><br />Please make sure IN_MYBB is defined."); 15 } 16 17 /** 18 * User handling class, provides common structure to handle user data. 19 * 20 */ 21 class UserDataHandler extends DataHandler 22 { 23 /** 24 * The language file used in the data handler. 25 * 26 * @var string 27 */ 28 public $language_file = 'datahandler_user'; 29 30 /** 31 * The prefix for the language variables used in the data handler. 32 * 33 * @var string 34 */ 35 public $language_prefix = 'userdata'; 36 37 /** 38 * Array of data inserted in to a user. 39 * 40 * @var array 41 */ 42 public $user_insert_data = array(); 43 44 /** 45 * Array of data used to update a user. 46 * 47 * @var array 48 */ 49 public $user_update_data = array(); 50 51 /** 52 * User ID currently being manipulated by the datahandlers. 53 * 54 * @var int 55 */ 56 public $uid = 0; 57 58 /** 59 * Values to be returned after inserting/deleting an user. 60 * 61 * @var array 62 */ 63 public $return_values = array(); 64 65 /** 66 * @var array 67 */ 68 var $delete_uids = array(); 69 70 /** 71 * @var int 72 */ 73 var $deleted_users = 0; 74 75 /** 76 * Verifies if a username is valid or invalid. 77 * 78 * @return boolean True when valid, false when invalid. 79 */ 80 function verify_username() 81 { 82 global $mybb; 83 84 $username = &$this->data['username']; 85 require_once MYBB_ROOT.'inc/functions_user.php'; 86 87 // Fix bad characters 88 $username = trim_blank_chrs($username); 89 $username = str_replace(array(unichr(160), unichr(173), unichr(0xCA), dec_to_utf8(8238), dec_to_utf8(8237), dec_to_utf8(8203)), array(" ", "-", "", "", "", ""), $username); 90 91 // Remove multiple spaces from the username 92 $username = preg_replace("#\s{2,}#", " ", $username); 93 94 // Check if the username is not empty. 95 if($username == '') 96 { 97 $this->set_error('missing_username'); 98 return false; 99 } 100 101 // Check if the username belongs to the list of banned usernames. 102 if(is_banned_username($username, true)) 103 { 104 $this->set_error('banned_username'); 105 return false; 106 } 107 108 // Check for certain characters in username (<, >, &, commas and slashes) 109 if(strpos($username, "<") !== false || strpos($username, ">") !== false || strpos($username, "&") !== false || my_strpos($username, "\\") !== false || strpos($username, ";") !== false || strpos($username, ",") !== false || !validate_utf8_string($username, false, false)) 110 { 111 $this->set_error("bad_characters_username"); 112 return false; 113 } 114 115 // Check if the username is of the correct length. 116 if(($mybb->settings['maxnamelength'] != 0 && my_strlen($username) > $mybb->settings['maxnamelength']) || ($mybb->settings['minnamelength'] != 0 && my_strlen($username) < $mybb->settings['minnamelength'])) 117 { 118 $this->set_error('invalid_username_length', array($mybb->settings['minnamelength'], $mybb->settings['maxnamelength'])); 119 return false; 120 } 121 122 return true; 123 } 124 125 /** 126 * Verifies if a usertitle is valid or invalid. 127 * 128 * @return boolean True when valid, false when invalid. 129 */ 130 function verify_usertitle() 131 { 132 global $mybb; 133 134 $usertitle = &$this->data['usertitle']; 135 136 // Check if the usertitle is of the correct length. 137 if($mybb->settings['customtitlemaxlength'] != 0 && my_strlen($usertitle) > $mybb->settings['customtitlemaxlength']) 138 { 139 $this->set_error('invalid_usertitle_length', $mybb->settings['customtitlemaxlength']); 140 return false; 141 } 142 143 return true; 144 } 145 146 /** 147 * Verifies if a username is already in use or not. 148 * 149 * @return boolean False when the username is not in use, true when it is. 150 */ 151 function verify_username_exists() 152 { 153 $username = &$this->data['username']; 154 155 $user = get_user_by_username(trim($username)); 156 157 if(!empty($this->data['uid']) && !empty($user['uid']) && $user['uid'] == $this->data['uid']) 158 { 159 unset($user); 160 } 161 162 if(!empty($user['uid'])) 163 { 164 $this->set_error("username_exists", array($username)); 165 return true; 166 } 167 168 return false; 169 } 170 171 /** 172 * Verifies if a new password is valid or not. 173 * 174 * @return boolean True when valid, false when invalid. 175 */ 176 function verify_password() 177 { 178 global $mybb; 179 180 $user = &$this->data; 181 182 // Always check for the length of the password. 183 if(my_strlen($user['password']) < $mybb->settings['minpasswordlength'] || my_strlen($user['password']) > $mybb->settings['maxpasswordlength']) 184 { 185 $this->set_error('invalid_password_length', array($mybb->settings['minpasswordlength'], $mybb->settings['maxpasswordlength'])); 186 return false; 187 } 188 189 // Has the user tried to use their email address or username as a password? 190 if(!empty($user['email']) && !empty($user['username'])) 191 { 192 if($user['email'] === $user['password'] || $user['username'] === $user['password'] 193 || strpos($user['password'], $user['email']) !== false || strpos($user['password'], $user['username']) !== false 194 || strpos($user['email'], $user['password']) !== false || strpos($user['username'], $user['password']) !== false) 195 { 196 $this->set_error('bad_password_security'); 197 return false; 198 } 199 } 200 201 // See if the board has "require complex passwords" enabled. 202 if($mybb->settings['requirecomplexpasswords'] == 1) 203 { 204 // Complex passwords required, do some extra checks. 205 // First, see if there is one or more complex character(s) in the password. 206 if(!preg_match("/^.*(?=.{".$mybb->settings['minpasswordlength'].",})(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).*$/", $user['password'])) 207 { 208 $this->set_error('no_complex_characters', array($mybb->settings['minpasswordlength'])); 209 return false; 210 } 211 } 212 213 // If we have a "password2" check if they both match 214 if(isset($user['password2']) && $user['password'] !== $user['password2']) 215 { 216 $this->set_error("passwords_dont_match"); 217 return false; 218 } 219 220 // Generate the user login key 221 $user['loginkey'] = generate_loginkey(); 222 223 // Combine the password and salt 224 $password_fields = create_password($user['password'], false, $user); 225 $user = array_merge($user, $password_fields); 226 227 return true; 228 } 229 230 /** 231 * Verifies usergroup selections and other group details. 232 * 233 * @return boolean True when valid, false when invalid. 234 */ 235 function verify_usergroup() 236 { 237 return true; 238 } 239 /** 240 * Verifies if an email address is valid or not. 241 * 242 * @return boolean True when valid, false when invalid. 243 */ 244 function verify_email() 245 { 246 global $mybb; 247 248 $user = &$this->data; 249 250 // Check if an email address has actually been entered. 251 if(trim_blank_chrs($user['email']) == '') 252 { 253 $this->set_error('missing_email'); 254 return false; 255 } 256 257 // Check if this is a proper email address. 258 if(!validate_email_format($user['email'])) 259 { 260 $this->set_error('invalid_email_format'); 261 return false; 262 } 263 264 // Check banned emails 265 if(is_banned_email($user['email'], true)) 266 { 267 $this->set_error('banned_email'); 268 return false; 269 } 270 271 // Check signed up emails 272 // Ignore the ACP because the Merge System sometimes produces users with duplicate email addresses (Not A Bug) 273 if($mybb->settings['allowmultipleemails'] == 0 && !defined("IN_ADMINCP")) 274 { 275 $uid = 0; 276 if(isset($user['uid'])) 277 { 278 $uid = $user['uid']; 279 } 280 if(email_already_in_use($user['email'], $uid)) 281 { 282 $this->set_error('email_already_in_use'); 283 return false; 284 } 285 } 286 287 // If we have an "email2", verify it matches the existing email 288 if(isset($user['email2']) && $user['email'] != $user['email2']) 289 { 290 $this->set_error("emails_dont_match"); 291 return false; 292 } 293 294 return true; 295 } 296 297 /** 298 * Verifies if a website is valid or not. 299 * 300 * @return boolean True when valid, false when invalid. 301 */ 302 function verify_website() 303 { 304 $website = &$this->data['website']; 305 306 if(!empty($website) && !my_validate_url($website)) 307 { 308 $website = 'http://'.$website; 309 } 310 311 if(!empty($website) && !my_validate_url($website)) 312 { 313 $this->set_error('invalid_website'); 314 return false; 315 } 316 317 return true; 318 } 319 320 /** 321 * Verifies if a birthday is valid or not. 322 * 323 * @return boolean True when valid, false when invalid. 324 */ 325 function verify_birthday() 326 { 327 global $mybb; 328 329 $user = &$this->data; 330 $birthday = &$user['birthday']; 331 332 if(!is_array($birthday)) 333 { 334 return true; 335 } 336 337 // Sanitize any input we have 338 $birthday['day'] = (int)$birthday['day']; 339 $birthday['month'] = (int)$birthday['month']; 340 $birthday['year'] = (int)$birthday['year']; 341 342 // Error if a day and month exists, and the birthday day and range is not in range 343 if($birthday['day'] != 0 || $birthday['month'] != 0) 344 { 345 if($birthday['day'] < 1 || $birthday['day'] > 31 || $birthday['month'] < 1 || $birthday['month'] > 12 || ($birthday['month'] == 2 && $birthday['day'] > 29)) 346 { 347 $this->set_error("invalid_birthday"); 348 return false; 349 } 350 } 351 352 // Check if the day actually exists. 353 $months = get_bdays($birthday['year']); 354 if($birthday['month'] != 0 && $birthday['day'] > $months[$birthday['month']-1]) 355 { 356 $this->set_error("invalid_birthday"); 357 return false; 358 } 359 360 // Error if a year exists and the year is out of range 361 if($birthday['year'] != 0 && ($birthday['year'] < (date("Y")-100)) || $birthday['year'] > date("Y")) 362 { 363 $this->set_error("invalid_birthday"); 364 return false; 365 } 366 elseif($birthday['year'] == date("Y")) 367 { 368 // Error if birth date is in future 369 if($birthday['month'] > date("m") || ($birthday['month'] == date("m") && $birthday['day'] > date("d"))) 370 { 371 $this->set_error("invalid_birthday"); 372 return false; 373 } 374 } 375 376 // Error if COPPA is on, and the user hasn't verified their age / under 13 377 if($mybb->settings['coppa'] == "enabled" && ($birthday['year'] == 0 || !$birthday['year'])) 378 { 379 $this->set_error("invalid_birthday_coppa"); 380 return false; 381 } 382 elseif(($mybb->settings['coppa'] == "deny" && $birthday['year'] > (date("Y")-13)) && !is_moderator()) 383 { 384 $this->set_error("invalid_birthday_coppa2"); 385 return false; 386 } 387 388 // Make the user's birthday field 389 if($birthday['year'] != 0) 390 { 391 // If the year is specified, put together a d-m-y string 392 $user['bday'] = $birthday['day']."-".$birthday['month']."-".$birthday['year']; 393 } 394 elseif($birthday['day'] && $birthday['month']) 395 { 396 // If only a day and month are specified, put together a d-m string 397 $user['bday'] = $birthday['day']."-".$birthday['month']."-"; 398 } 399 else 400 { 401 // No field is specified, so return an empty string for an unknown birthday 402 $user['bday'] = ''; 403 } 404 return true; 405 } 406 407 /** 408 * Verifies if the birthday privacy option is valid or not. 409 * 410 * @return boolean True when valid, false when invalid. 411 */ 412 function verify_birthday_privacy() 413 { 414 $birthdayprivacy = &$this->data['birthdayprivacy']; 415 $accepted = array( 416 'none', 417 'age', 418 'all'); 419 420 if(!in_array($birthdayprivacy, $accepted)) 421 { 422 $this->set_error("invalid_birthday_privacy"); 423 return false; 424 } 425 else if ($birthdayprivacy == 'age') 426 { 427 $birthdayyear = &$this->data['birthday']['year']; 428 if(empty($birthdayyear)) 429 { 430 $this->set_error("conflicted_birthday_privacy"); 431 return false; 432 } 433 } 434 return true; 435 } 436 437 /** 438 * Verifies if the post count field is filled in correctly. 439 * 440 * @return boolean True when valid, false when invalid. 441 */ 442 function verify_postnum() 443 { 444 $user = &$this->data; 445 446 if(isset($user['postnum']) && $user['postnum'] < 0) 447 { 448 $this->set_error("invalid_postnum"); 449 return false; 450 } 451 452 return true; 453 } 454 455 /** 456 * Verifies if the thread count field is filled in correctly. 457 * 458 * @return boolean True when valid, false when invalid. 459 */ 460 function verify_threadnum() 461 { 462 $user = &$this->data; 463 464 if(isset($user['threadnum']) && $user['threadnum'] < 0) 465 { 466 $this->set_error("invalid_threadnum"); 467 return false; 468 } 469 470 return true; 471 } 472 473 /** 474 * Verifies if a profile fields are filled in correctly. 475 * 476 * @return boolean True when valid, false when invalid. 477 */ 478 function verify_profile_fields() 479 { 480 global $db, $cache; 481 482 $user = &$this->data; 483 $profile_fields = &$this->data['profile_fields']; 484 485 // Loop through profile fields checking if they exist or not and are filled in. 486 487 // Fetch all profile fields first. 488 $pfcache = $cache->read('profilefields'); 489 490 if(is_array($pfcache)) 491 { 492 // Then loop through the profile fields. 493 foreach($pfcache as $profilefield) 494 { 495 if(isset($this->data['profile_fields_editable']) || isset($this->data['registration']) && ($profilefield['required'] == 1 || $profilefield['registration'] == 1)) 496 { 497 $profilefield['editableby'] = -1; 498 } 499 500 if(isset($user['usergroup'])) 501 { 502 $usergroup = $user['usergroup']; 503 } 504 else 505 { 506 $usergroup = ''; 507 } 508 if(isset($user['additionalgroups'])) 509 { 510 $additionalgroups = $user['additionalgroups']; 511 } 512 else 513 { 514 $additionalgroups = ''; 515 } 516 517 if(!is_member($profilefield['editableby'], array('usergroup' => $usergroup, 'additionalgroups' => $additionalgroups))) 518 { 519 continue; 520 } 521 522 // Does this field have a minimum post count? 523 if(!isset($this->data['profile_fields_editable']) && !empty($profilefield['postnum']) && $profilefield['postnum'] > $user['postnum']) 524 { 525 continue; 526 } 527 528 $profilefield['type'] = htmlspecialchars_uni($profilefield['type']); 529 $profilefield['name'] = htmlspecialchars_uni($profilefield['name']); 530 $thing = explode("\n", $profilefield['type'], "2"); 531 $type = trim($thing[0]); 532 $field = "fid{$profilefield['fid']}"; 533 534 if(!isset($profile_fields[$field])) 535 { 536 $profile_fields[$field] = ''; 537 } 538 539 // If the profile field is required, but not filled in, present error. 540 if($type != "multiselect" && $type != "checkbox") 541 { 542 if(trim($profile_fields[$field]) == "" && $profilefield['required'] == 1 && !defined('IN_ADMINCP') && THIS_SCRIPT != "modcp.php") 543 { 544 $this->set_error('missing_required_profile_field', array($profilefield['name'])); 545 } 546 } 547 elseif(($type == "multiselect" || $type == "checkbox") && $profile_fields[$field] == "" && $profilefield['required'] == 1 && !defined('IN_ADMINCP') && THIS_SCRIPT != "modcp.php") 548 { 549 $this->set_error('missing_required_profile_field', array($profilefield['name'])); 550 } 551 552 // Sort out multiselect/checkbox profile fields. 553 $options = ''; 554 if($type == "multiselect" || $type == "checkbox") 555 { 556 if(!is_array($profile_fields[$field])) 557 { 558 $profile_fields[$field] = array(); 559 } 560 561 $expoptions = explode("\n", $thing[1]); 562 $expoptions = array_map('trim', $expoptions); 563 foreach($profile_fields[$field] as $value) 564 { 565 if(!in_array(htmlspecialchars_uni($value), $expoptions)) 566 { 567 $this->set_error('bad_profile_field_values', array($profilefield['name'])); 568 } 569 if($options) 570 { 571 $options .= "\n"; 572 } 573 $options .= $db->escape_string($value); 574 } 575 } 576 elseif($type == "select" || $type == "radio") 577 { 578 $expoptions = explode("\n", $thing[1]); 579 $expoptions = array_map('trim', $expoptions); 580 if(!in_array(htmlspecialchars_uni($profile_fields[$field]), $expoptions) && trim($profile_fields[$field]) != "") 581 { 582 $this->set_error('bad_profile_field_values', array($profilefield['name'])); 583 } 584 $options = $db->escape_string($profile_fields[$field]); 585 } 586 else 587 { 588 if($profilefield['maxlength'] > 0 && my_strlen($profile_fields[$field]) > $profilefield['maxlength']) 589 { 590 $this->set_error('max_limit_reached', array($profilefield['name'], $profilefield['maxlength'])); 591 } 592 593 if(!empty($profilefield['regex']) && !empty($profile_fields[$field]) && !preg_match("#".$profilefield['regex']."#i", $profile_fields[$field])) 594 { 595 $this->set_error('bad_profile_field_value', array($profilefield['name'])); 596 } 597 598 $options = $db->escape_string($profile_fields[$field]); 599 } 600 $user['user_fields'][$field] = $options; 601 } 602 } 603 604 return true; 605 } 606 607 /** 608 * Verifies if an optionally entered referrer exists or not. 609 * 610 * @return boolean True when valid, false when invalid. 611 */ 612 function verify_referrer() 613 { 614 global $db, $mybb; 615 616 $user = &$this->data; 617 618 // Does the referrer exist or not? 619 if($mybb->settings['usereferrals'] == 1 && !empty($user['referrer'])) 620 { 621 $referrer = get_user_by_username($user['referrer']); 622 623 if(!$referrer) 624 { 625 $this->set_error('invalid_referrer', array($user['referrer'])); 626 return false; 627 } 628 629 $user['referrer_uid'] = $referrer['uid']; 630 } 631 else 632 { 633 $user['referrer_uid'] = 0; 634 } 635 636 return true; 637 } 638 639 /** 640 * Verifies user options. 641 * 642 * @return boolean True when valid, false when invalid. 643 */ 644 function verify_options() 645 { 646 global $mybb; 647 648 $options = &$this->data['options']; 649 650 if(!is_array($options)) 651 { 652 $options = array(); 653 } 654 655 // Verify yes/no options. 656 $this->verify_yesno_option($options, 'allownotices', 1); 657 $this->verify_yesno_option($options, 'hideemail', 0); 658 $this->verify_yesno_option($options, 'receivepms', 1); 659 $this->verify_yesno_option($options, 'receivefrombuddy', 0); 660 $this->verify_yesno_option($options, 'pmnotice', 1); 661 $this->verify_yesno_option($options, 'pmnotify', 1); 662 $this->verify_yesno_option($options, 'invisible', 0); 663 $this->verify_yesno_option($options, 'showimages', 1); 664 $this->verify_yesno_option($options, 'showvideos', 1); 665 $this->verify_yesno_option($options, 'showsigs', 1); 666 $this->verify_yesno_option($options, 'showavatars', 1); 667 $this->verify_yesno_option($options, 'showquickreply', 1); 668 $this->verify_yesno_option($options, 'showredirect', 1); 669 $this->verify_yesno_option($options, 'showcodebuttons', 1); 670 $this->verify_yesno_option($options, 'sourceeditor', 0); 671 $this->verify_yesno_option($options, 'buddyrequestspm', 1); 672 $this->verify_yesno_option($options, 'buddyrequestsauto', 0); 673 674 if($mybb->settings['postlayout'] == 'classic') 675 { 676 $this->verify_yesno_option($options, 'classicpostbit', 1); 677 } 678 else 679 { 680 $this->verify_yesno_option($options, 'classicpostbit', 0); 681 } 682 683 if(array_key_exists('subscriptionmethod', $options)) 684 { 685 // Value out of range 686 $options['subscriptionmethod'] = (int)$options['subscriptionmethod']; 687 if($options['subscriptionmethod'] < 0 || $options['subscriptionmethod'] > 3) 688 { 689 $options['subscriptionmethod'] = 0; 690 } 691 } 692 693 if(array_key_exists('dstcorrection', $options)) 694 { 695 // Value out of range 696 $options['dstcorrection'] = (int)$options['dstcorrection']; 697 if($options['dstcorrection'] < 0 || $options['dstcorrection'] > 2) 698 { 699 $options['dstcorrection'] = 0; 700 } 701 702 if($options['dstcorrection'] == 1) 703 { 704 $options['dst'] = 1; 705 } 706 elseif($options['dstcorrection'] == 0) 707 { 708 $options['dst'] = 0; 709 } 710 } 711 712 if($this->method == "insert" || (isset($options['threadmode']) && $options['threadmode'] != "linear" && $options['threadmode'] != "threaded" && $options['threadmode'] != '')) 713 { 714 $options['threadmode'] = ''; 715 } 716 717 // Verify the "threads per page" option. 718 if($this->method == "insert" || (array_key_exists('tpp', $options) && $mybb->settings['usertppoptions'])) 719 { 720 if(!isset($options['tpp'])) 721 { 722 $options['tpp'] = 0; 723 } 724 $explodedtpp = explode(",", $mybb->settings['usertppoptions']); 725 if(is_array($explodedtpp)) 726 { 727 @asort($explodedtpp); 728 $biggest = $explodedtpp[count($explodedtpp)-1]; 729 // Is the selected option greater than the allowed options? 730 if($options['tpp'] > $biggest) 731 { 732 $options['tpp'] = $biggest; 733 } 734 } 735 $options['tpp'] = (int)$options['tpp']; 736 } 737 // Verify the "posts per page" option. 738 if($this->method == "insert" || (array_key_exists('ppp', $options) && $mybb->settings['userpppoptions'])) 739 { 740 if(!isset($options['ppp'])) 741 { 742 $options['ppp'] = 0; 743 } 744 $explodedppp = explode(",", $mybb->settings['userpppoptions']); 745 if(is_array($explodedppp)) 746 { 747 @asort($explodedppp); 748 $biggest = $explodedppp[count($explodedppp)-1]; 749 // Is the selected option greater than the allowed options? 750 if($options['ppp'] > $biggest) 751 { 752 $options['ppp'] = $biggest; 753 } 754 } 755 $options['ppp'] = (int)$options['ppp']; 756 } 757 // Is our selected "days prune" option valid or not? 758 if($this->method == "insert" || array_key_exists('daysprune', $options)) 759 { 760 if(!isset($options['daysprune'])) 761 { 762 $options['daysprune'] = 0; 763 } 764 $options['daysprune'] = (int)$options['daysprune']; 765 if($options['daysprune'] < 0) 766 { 767 $options['daysprune'] = 0; 768 } 769 } 770 $this->data['options'] = $options; 771 } 772 773 /** 774 * Verifies if a registration date is valid or not. 775 * 776 * @return boolean True when valid, false when invalid. 777 */ 778 function verify_regdate() 779 { 780 $regdate = &$this->data['regdate']; 781 782 $regdate = (int)$regdate; 783 // If the timestamp is below 0, set it to the current time. 784 if($regdate <= 0) 785 { 786 $regdate = TIME_NOW; 787 } 788 return true; 789 } 790 791 /** 792 * Verifies if a last visit date is valid or not. 793 * 794 * @return boolean True when valid, false when invalid. 795 */ 796 function verify_lastvisit() 797 { 798 $lastvisit = &$this->data['lastvisit']; 799 800 $lastvisit = (int)$lastvisit; 801 // If the timestamp is below 0, set it to the current time. 802 if($lastvisit <= 0) 803 { 804 $lastvisit = TIME_NOW; 805 } 806 return true; 807 808 } 809 810 /** 811 * Verifies if a last active date is valid or not. 812 * 813 * @return boolean True when valid, false when invalid. 814 */ 815 function verify_lastactive() 816 { 817 $lastactive = &$this->data['lastactive']; 818 819 $lastactive = (int)$lastactive; 820 // If the timestamp is below 0, set it to the current time. 821 if($lastactive <= 0) 822 { 823 $lastactive = TIME_NOW; 824 } 825 return true; 826 827 } 828 829 /** 830 * Verifies if an away mode status is valid or not. 831 * 832 * @return boolean True when valid, false when invalid. 833 */ 834 function verify_away() 835 { 836 global $mybb; 837 838 $user = &$this->data; 839 // If the board does not allow "away mode" or the user is marking as not away, set defaults. 840 if($mybb->settings['allowaway'] == 0 || !isset($user['away']['away']) || $user['away']['away'] != 1) 841 { 842 $user['away']['away'] = 0; 843 $user['away']['date'] = 0; 844 $user['away']['returndate'] = 0; 845 $user['away']['awayreason'] = ''; 846 return true; 847 } 848 elseif($user['away']['returndate']) 849 { 850 // Validate the awayreason length, since the db holds 200 chars for this field 851 $reasonlength = my_strlen($user['away']['awayreason']); 852 if($reasonlength > 200) 853 { 854 $this->set_error("away_too_long", array($reasonlength - 200)); 855 return false; 856 } 857 858 list($returnday, $returnmonth, $returnyear) = explode('-', $user['away']['returndate']); 859 if(!$returnday || !$returnmonth || !$returnyear) 860 { 861 $this->set_error("missing_returndate"); 862 return false; 863 } 864 865 // Validate the return date lengths 866 $user['away']['returndate'] = substr($returnday, 0, 2).'-'.substr($returnmonth, 0, 2).'-'.substr($returnyear, 0, 4); 867 } 868 return true; 869 } 870 871 /** 872 * Verifies if a language is valid for this user or not. 873 * 874 * @return boolean True when valid, false when invalid. 875 */ 876 function verify_language() 877 { 878 global $lang; 879 880 $language = &$this->data['language']; 881 882 // An invalid language has been specified? 883 if($language != '' && !$lang->language_exists($language)) 884 { 885 $this->set_error("invalid_language"); 886 return false; 887 } 888 return true; 889 } 890 891 /** 892 * Verifies if a style is valid for this user or not. 893 * 894 * @return boolean True when valid, false when invalid. 895 */ 896 function verify_style() 897 { 898 global $lang; 899 900 $user = &$this->data; 901 902 if(!empty($user['style'])) 903 { 904 $theme = get_theme($user['style']); 905 906 if(empty($theme) || !is_member($theme['allowedgroups'], $user) && $theme['allowedgroups'] != 'all') 907 { 908 $this->set_error('invalid_style'); 909 return false; 910 } 911 } 912 913 return true; 914 } 915 916 /** 917 * Verifies if this is coming from a spam bot or not 918 * 919 * @return boolean True when valid, false when invalid. 920 */ 921 function verify_checkfields() 922 { 923 $user = &$this->data; 924 925 // An invalid language has been specified? 926 if($user['regcheck1'] !== "" || $user['regcheck2'] !== "true") 927 { 928 $this->set_error("invalid_checkfield"); 929 return false; 930 } 931 return true; 932 } 933 934 /** 935 * Verifies if the user timezone is valid. 936 * If the timezone is invalid, the board default is used. 937 * 938 * @return boolean True when timezone was valid, false otherwise 939 */ 940 function verify_timezone() 941 { 942 global $mybb; 943 944 $user = &$this->data; 945 946 $timezones = get_supported_timezones(); 947 948 if(!isset($user['timezone']) || !array_key_exists($user['timezone'], $timezones)) 949 { 950 $user['timezone'] = $mybb->settings['timezoneoffset']; 951 return false; 952 } 953 954 return true; 955 } 956 957 /** 958 * Validate all user assets. 959 * 960 * @return boolean True when valid, false when invalid. 961 */ 962 function validate_user() 963 { 964 global $mybb, $plugins; 965 966 $user = &$this->data; 967 968 // First, grab the old user details if this user exists 969 if(!empty($user['uid'])) 970 { 971 $old_user = get_user($user['uid']); 972 } 973 974 if($this->method == "insert" || array_key_exists('username', $user)) 975 { 976 // If the username is the same - no need to verify 977 if(!isset($old_user['username']) || $user['username'] != $old_user['username']) 978 { 979 $this->verify_username(); 980 $this->verify_username_exists(); 981 } 982 else 983 { 984 unset($user['username']); 985 } 986 } 987 if($this->method == "insert" || array_key_exists('usertitle', $user)) 988 { 989 $this->verify_usertitle(); 990 } 991 if($this->method == "insert" || array_key_exists('password', $user)) 992 { 993 $this->verify_password(); 994 } 995 if($this->method == "insert" || array_key_exists('usergroup', $user)) 996 { 997 $this->verify_usergroup(); 998 } 999 if($this->method == "insert" || array_key_exists('email', $user)) 1000 { 1001 $this->verify_email(); 1002 } 1003 if($this->method == "insert" || array_key_exists('website', $user)) 1004 { 1005 $this->verify_website(); 1006 } 1007 if($this->method == "insert" || (isset($user['birthday']) && is_array($user['birthday']))) 1008 { 1009 $this->verify_birthday(); 1010 } 1011 if($this->method == "insert" || array_key_exists('postnum', $user)) 1012 { 1013 $this->verify_postnum(); 1014 } 1015 if($this->method == "insert" || array_key_exists('threadnum', $user)) 1016 { 1017 $this->verify_threadnum(); 1018 } 1019 if($this->method == "insert" || array_key_exists('profile_fields', $user)) 1020 { 1021 $this->verify_profile_fields(); 1022 } 1023 if($this->method == "insert" || array_key_exists('referrer', $user)) 1024 { 1025 $this->verify_referrer(); 1026 } 1027 if($this->method == "insert" || array_key_exists('options', $user)) 1028 { 1029 $this->verify_options(); 1030 } 1031 if($this->method == "insert" || array_key_exists('regdate', $user)) 1032 { 1033 $this->verify_regdate(); 1034 } 1035 if($this->method == "insert" || array_key_exists('lastvisit', $user)) 1036 { 1037 $this->verify_lastvisit(); 1038 } 1039 if($this->method == "insert" || array_key_exists('lastactive', $user)) 1040 { 1041 $this->verify_lastactive(); 1042 } 1043 if($this->method == "insert" || array_key_exists('away', $user)) 1044 { 1045 $this->verify_away(); 1046 } 1047 if($this->method == "insert" || array_key_exists('language', $user)) 1048 { 1049 $this->verify_language(); 1050 } 1051 if($this->method == "insert" || array_key_exists('timezone', $user)) 1052 { 1053 $this->verify_timezone(); 1054 } 1055 if($this->method == "insert" && array_key_exists('regcheck1', $user) && array_key_exists('regcheck2', $user)) 1056 { 1057 $this->verify_checkfields(); 1058 } 1059 if(array_key_exists('birthdayprivacy', $user)) 1060 { 1061 $this->verify_birthday_privacy(); 1062 } 1063 if($this->method == "insert" || array_key_exists('style', $user)) 1064 { 1065 $this->verify_style(); 1066 } 1067 if($this->method == "insert" || array_key_exists('signature', $user)) 1068 { 1069 $this->verify_signature(); 1070 } 1071 1072 $plugins->run_hooks("datahandler_user_validate", $this); 1073 1074 // We are done validating, return. 1075 $this->set_validated(true); 1076 if(count($this->get_errors()) > 0) 1077 { 1078 return false; 1079 } 1080 else 1081 { 1082 return true; 1083 } 1084 } 1085 1086 /** 1087 * Inserts a user into the database. 1088 * 1089 * @return array 1090 */ 1091 function insert_user() 1092 { 1093 global $db, $cache, $plugins; 1094 1095 // Yes, validating is required. 1096 if(!$this->get_validated()) 1097 { 1098 die("The user needs to be validated before inserting it into the DB."); 1099 } 1100 if(count($this->get_errors()) > 0) 1101 { 1102 die("The user is not valid."); 1103 } 1104 1105 $user = &$this->data; 1106 1107 $array = array('postnum', 'threadnum', 'avatar', 'avatartype', 'additionalgroups', 'displaygroup', 'bday', 'signature', 'style', 'dateformat', 'timeformat', 'notepad', 'regip', 'lastip', 'coppa_user'); 1108 foreach($array as $value) 1109 { 1110 if(!isset($user[$value])) 1111 { 1112 $user[$value] = ''; 1113 } 1114 } 1115 1116 $array = array('subscriptionmethod', 'dstcorrection'); 1117 foreach($array as $value) 1118 { 1119 if(!isset($user['options'][$value])) 1120 { 1121 $user['options'][$value] = ''; 1122 } 1123 } 1124 1125 // If user is being created from ACP, there is no last visit or last active 1126 if(defined('IN_ADMINCP')) 1127 { 1128 $user['lastvisit'] = $user['lastactive'] = 0; 1129 } 1130 1131 $this->user_insert_data = array( 1132 "username" => $db->escape_string($user['username']), 1133 "password" => $user['password'], 1134 "salt" => $user['salt'], 1135 "loginkey" => $user['loginkey'], 1136 "email" => $db->escape_string($user['email']), 1137 "postnum" => (int)$user['postnum'], 1138 "threadnum" => (int)$user['threadnum'], 1139 "avatar" => $db->escape_string($user['avatar']), 1140 "avatartype" => $db->escape_string($user['avatartype']), 1141 "usergroup" => (int)$user['usergroup'], 1142 "additionalgroups" => $db->escape_string($user['additionalgroups']), 1143 "displaygroup" => (int)$user['displaygroup'], 1144 "usertitle" => $db->escape_string(htmlspecialchars_uni($user['usertitle'])), 1145 "regdate" => (int)$user['regdate'], 1146 "lastactive" => (int)$user['lastactive'], 1147 "lastvisit" => (int)$user['lastvisit'], 1148 "website" => $db->escape_string($user['website']), 1149 "birthday" => $user['bday'], 1150 "signature" => $db->escape_string($user['signature']), 1151 "allownotices" => (int)$user['options']['allownotices'], 1152 "hideemail" => (int)$user['options']['hideemail'], 1153 "subscriptionmethod" => (int)$user['options']['subscriptionmethod'], 1154 "receivepms" => (int)$user['options']['receivepms'], 1155 "receivefrombuddy" => (int)$user['options']['receivefrombuddy'], 1156 "pmnotice" => (int)$user['options']['pmnotice'], 1157 "pmnotify" => (int)$user['options']['pmnotify'], 1158 "showimages" => (int)$user['options']['showimages'], 1159 "showvideos" => (int)$user['options']['showvideos'], 1160 "showsigs" => (int)$user['options']['showsigs'], 1161 "showavatars" => (int)$user['options']['showavatars'], 1162 "showquickreply" => (int)$user['options']['showquickreply'], 1163 "showredirect" => (int)$user['options']['showredirect'], 1164 "tpp" => (int)$user['options']['tpp'], 1165 "ppp" => (int)$user['options']['ppp'], 1166 "invisible" => (int)$user['options']['invisible'], 1167 "style" => (int)$user['style'], 1168 "timezone" => $db->escape_string($user['timezone']), 1169 "dstcorrection" => (int)$user['options']['dstcorrection'], 1170 "threadmode" => $user['options']['threadmode'], 1171 "daysprune" => (int)$user['options']['daysprune'], 1172 "dateformat" => $db->escape_string($user['dateformat']), 1173 "timeformat" => $db->escape_string($user['timeformat']), 1174 "regip" => $db->escape_binary($user['regip']), 1175 "lastip" => $db->escape_binary($user['lastip']), 1176 "language" => $db->escape_string($user['language']), 1177 "showcodebuttons" => (int)$user['options']['showcodebuttons'], 1178 "sourceeditor" => (int)$user['options']['sourceeditor'], 1179 "buddyrequestspm" => (int)$user['options']['buddyrequestspm'], 1180 "buddyrequestsauto" => (int)$user['options']['buddyrequestsauto'], 1181 "away" => (int)$user['away']['away'], 1182 "awaydate" => (int)$user['away']['date'], 1183 "returndate" => $user['away']['returndate'], 1184 "awayreason" => $db->escape_string($user['away']['awayreason']), 1185 "referrer" => (int)$user['referrer_uid'], 1186 "referrals" => 0, 1187 "buddylist" => '', 1188 "ignorelist" => '', 1189 "pmfolders" => "0**$%%$1**$%%$2**$%%$3**$%%$4**", 1190 "notepad" => '', 1191 "warningpoints" => 0, 1192 "moderateposts" => 0, 1193 "moderationtime" => 0, 1194 "suspendposting" => 0, 1195 "suspensiontime" => 0, 1196 "coppauser" => (int)$user['coppa_user'], 1197 "classicpostbit" => (int)$user['options']['classicpostbit'], 1198 "usernotes" => '' 1199 ); 1200 1201 if($user['options']['dstcorrection'] == 1) 1202 { 1203 $this->user_insert_data['dst'] = 1; 1204 } 1205 elseif($user['options']['dstcorrection'] == 0) 1206 { 1207 $this->user_insert_data['dst'] = 0; 1208 } 1209 1210 $plugins->run_hooks("datahandler_user_insert", $this); 1211 1212 $this->uid = $db->insert_query("users", $this->user_insert_data); 1213 1214 $user['user_fields']['ufid'] = $this->uid; 1215 1216 $pfcache = $cache->read('profilefields'); 1217 1218 if(is_array($pfcache)) 1219 { 1220 foreach($pfcache as $profile_field) 1221 { 1222 if(array_key_exists("fid{$profile_field['fid']}", $user['user_fields'])) 1223 { 1224 continue; 1225 } 1226 $user['user_fields']["fid{$profile_field['fid']}"] = ''; 1227 } 1228 } 1229 1230 $db->insert_query("userfields", $user['user_fields'], false); 1231 1232 if($this->user_insert_data['referrer'] != 0) 1233 { 1234 $db->write_query(" 1235 UPDATE ".TABLE_PREFIX."users 1236 SET referrals=referrals+1 1237 WHERE uid='{$this->user_insert_data['referrer']}' 1238 "); 1239 } 1240 1241 // Update forum stats 1242 update_stats(array('numusers' => '+1')); 1243 1244 if((int)$user['usergroup'] == 5) 1245 { 1246 $cache->update_awaitingactivation(); 1247 } 1248 1249 $this->return_values = array( 1250 "uid" => $this->uid, 1251 "username" => $user['username'], 1252 "loginkey" => $user['loginkey'], 1253 "email" => $user['email'], 1254 "password" => $user['password'], 1255 "usergroup" => $user['usergroup'] 1256 ); 1257 1258 $plugins->run_hooks("datahandler_user_insert_end", $this); 1259 1260 return $this->return_values; 1261 } 1262 1263 /** 1264 * Updates a user in the database. 1265 * 1266 * @return bool 1267 */ 1268 function update_user() 1269 { 1270 global $db, $plugins, $cache; 1271 1272 // Yes, validating is required. 1273 if(!$this->get_validated()) 1274 { 1275 die("The user needs to be validated before inserting it into the DB."); 1276 } 1277 if(count($this->get_errors()) > 0) 1278 { 1279 die("The user is not valid."); 1280 } 1281 1282 $user = &$this->data; 1283 $user['uid'] = (int)$user['uid']; 1284 $this->uid = $user['uid']; 1285 1286 // Set up the update data. 1287 if(isset($user['username'])) 1288 { 1289 $this->user_update_data['username'] = $db->escape_string($user['username']); 1290 } 1291 if(isset($user['password'])) 1292 { 1293 $this->user_update_data['password'] = $user['password']; 1294 } 1295 if(isset($user['salt'])) 1296 { 1297 $this->user_update_data['salt'] = $user['salt']; 1298 } 1299 if(isset($user['loginkey'])) 1300 { 1301 $this->user_update_data['loginkey'] = $user['loginkey']; 1302 } 1303 if(isset($user['email'])) 1304 { 1305 $this->user_update_data['email'] = $db->escape_string($user['email']); 1306 } 1307 if(isset($user['postnum'])) 1308 { 1309 $this->user_update_data['postnum'] = (int)$user['postnum']; 1310 } 1311 if(isset($user['threadnum'])) 1312 { 1313 $this->user_update_data['threadnum'] = (int)$user['threadnum']; 1314 } 1315 if(isset($user['avatar'])) 1316 { 1317 $this->user_update_data['avatar'] = $db->escape_string($user['avatar']); 1318 $this->user_update_data['avatartype'] = $db->escape_string($user['avatartype']); 1319 } 1320 if(isset($user['usergroup'])) 1321 { 1322 $this->user_update_data['usergroup'] = (int)$user['usergroup']; 1323 } 1324 if(isset($user['additionalgroups'])) 1325 { 1326 $this->user_update_data['additionalgroups'] = $db->escape_string($user['additionalgroups']); 1327 } 1328 if(isset($user['displaygroup'])) 1329 { 1330 $this->user_update_data['displaygroup'] = (int)$user['displaygroup']; 1331 } 1332 if(isset($user['usertitle'])) 1333 { 1334 $this->user_update_data['usertitle'] = $db->escape_string($user['usertitle']); 1335 } 1336 if(isset($user['regdate'])) 1337 { 1338 $this->user_update_data['regdate'] = (int)$user['regdate']; 1339 } 1340 if(isset($user['lastactive'])) 1341 { 1342 $this->user_update_data['lastactive'] = (int)$user['lastactive']; 1343 } 1344 if(isset($user['lastvisit'])) 1345 { 1346 $this->user_update_data['lastvisit'] = (int)$user['lastvisit']; 1347 } 1348 if(isset($user['signature'])) 1349 { 1350 $this->user_update_data['signature'] = $db->escape_string($user['signature']); 1351 } 1352 if(isset($user['website'])) 1353 { 1354 $this->user_update_data['website'] = $db->escape_string($user['website']); 1355 } 1356 if(isset($user['bday'])) 1357 { 1358 $this->user_update_data['birthday'] = $user['bday']; 1359 } 1360 if(isset($user['birthdayprivacy'])) 1361 { 1362 $this->user_update_data['birthdayprivacy'] = $db->escape_string($user['birthdayprivacy']); 1363 } 1364 if(isset($user['style'])) 1365 { 1366 $this->user_update_data['style'] = (int)$user['style']; 1367 } 1368 if(isset($user['timezone'])) 1369 { 1370 $this->user_update_data['timezone'] = $db->escape_string($user['timezone']); 1371 } 1372 if(isset($user['dateformat'])) 1373 { 1374 $this->user_update_data['dateformat'] = $db->escape_string($user['dateformat']); 1375 } 1376 if(isset($user['timeformat'])) 1377 { 1378 $this->user_update_data['timeformat'] = $db->escape_string($user['timeformat']); 1379 } 1380 if(isset($user['regip'])) 1381 { 1382 $this->user_update_data['regip'] = $db->escape_binary($user['regip']); 1383 } 1384 if(isset($user['lastip'])) 1385 { 1386 $this->user_update_data['lastip'] = $db->escape_binary($user['lastip']); 1387 } 1388 if(isset($user['language'])) 1389 { 1390 $this->user_update_data['language'] = $db->escape_string($user['language']); 1391 } 1392 if(isset($user['away'])) 1393 { 1394 $this->user_update_data['away'] = (int)$user['away']['away']; 1395 $this->user_update_data['awaydate'] = $db->escape_string($user['away']['date']); 1396 $this->user_update_data['returndate'] = $db->escape_string($user['away']['returndate']); 1397 $this->user_update_data['awayreason'] = $db->escape_string($user['away']['awayreason']); 1398 } 1399 if(isset($user['notepad'])) 1400 { 1401 $this->user_update_data['notepad'] = $db->escape_string($user['notepad']); 1402 } 1403 if(isset($user['usernotes'])) 1404 { 1405 $this->user_update_data['usernotes'] = $db->escape_string($user['usernotes']); 1406 } 1407 if(isset($user['options']) && is_array($user['options'])) 1408 { 1409 foreach($user['options'] as $option => $value) 1410 { 1411 $this->user_update_data[$option] = $value; 1412 } 1413 } 1414 if(array_key_exists('coppa_user', $user)) 1415 { 1416 $this->user_update_data['coppauser'] = (int)$user['coppa_user']; 1417 } 1418 // First, grab the old user details for later use. 1419 $old_user = get_user($user['uid']); 1420 1421 // If old user has new pmnotice and new user has = yes, keep old value 1422 if(isset($this->user_update_data['pmnotice']) && $old_user['pmnotice'] == "2" && $this->user_update_data['pmnotice'] == 1) 1423 { 1424 unset($this->user_update_data['pmnotice']); 1425 } 1426 1427 $plugins->run_hooks("datahandler_user_update", $this); 1428 1429 if(count($this->user_update_data) < 1 && empty($user['user_fields'])) 1430 { 1431 return false; 1432 } 1433 1434 if(count($this->user_update_data) > 0) 1435 { 1436 // Actual updating happens here. 1437 $db->update_query("users", $this->user_update_data, "uid='{$user['uid']}'"); 1438 } 1439 1440 $cache->update_moderators(); 1441 if(isset($user['bday']) || isset($user['username'])) 1442 { 1443 $cache->update_birthdays(); 1444 } 1445 1446 if(isset($user['usergroup']) && (int)$user['usergroup'] == 5) 1447 { 1448 $cache->update_awaitingactivation(); 1449 } 1450 1451 // Maybe some userfields need to be updated? 1452 if(isset($user['user_fields']) && is_array($user['user_fields'])) 1453 { 1454 $query = $db->simple_select("userfields", "*", "ufid='{$user['uid']}'"); 1455 $fields = $db->fetch_array($query); 1456 if(empty($fields['ufid'])) 1457 { 1458 $user_fields = array( 1459 'ufid' => $user['uid'] 1460 ); 1461 1462 $fields_array = $db->show_fields_from("userfields"); 1463 foreach($fields_array as $field) 1464 { 1465 if($field['Field'] == 'ufid') 1466 { 1467 continue; 1468 } 1469 $user_fields[$field['Field']] = ''; 1470 } 1471 $db->insert_query("userfields", $user_fields); 1472 } 1473 $db->update_query("userfields", $user['user_fields'], "ufid='{$user['uid']}'", false); 1474 } 1475 1476 // Let's make sure the user's name gets changed everywhere in the db if it changed. 1477 if(!empty($this->user_update_data['username']) && $this->user_update_data['username'] != $old_user['username']) 1478 { 1479 $username_update = array( 1480 "username" => $this->user_update_data['username'] 1481 ); 1482 $lastposter_update = array( 1483 "lastposter" => $this->user_update_data['username'] 1484 ); 1485 1486 $db->update_query("posts", $username_update, "uid='{$user['uid']}'"); 1487 $db->update_query("threads", $username_update, "uid='{$user['uid']}'"); 1488 $db->update_query("threads", $lastposter_update, "lastposteruid='{$user['uid']}'"); 1489 $db->update_query("forums", $lastposter_update, "lastposteruid='{$user['uid']}'"); 1490 1491 $stats = $cache->read("stats"); 1492 if($stats['lastuid'] == $user['uid']) 1493 { 1494 // User was latest to register, update stats 1495 update_stats(array("numusers" => "+0")); 1496 } 1497 } 1498 1499 return true; 1500 } 1501 1502 /** 1503 * Provides a method to completely delete a user. 1504 * 1505 * @param array $delete_uids Array of user information 1506 * @param integer $prunecontent Whether if delete threads/posts or not 1507 * @return array 1508 */ 1509 function delete_user($delete_uids, $prunecontent=0) 1510 { 1511 global $db, $plugins, $mybb, $cache; 1512 1513 // Yes, validating is required. 1514 if(count($this->get_errors()) > 0) 1515 { 1516 die('The user is not valid.'); 1517 } 1518 1519 $this->delete_uids = array_map('intval', (array)$delete_uids); 1520 1521 foreach($this->delete_uids as $key => $uid) 1522 { 1523 if(!$uid || is_super_admin($uid) || (isset($mybb->user['uid']) && $uid === $mybb->user['uid'])) 1524 { 1525 // Remove super admins 1526 unset($this->delete_uids[$key]); 1527 } 1528 } 1529 1530 $plugins->run_hooks('datahandler_user_delete_start', $this); 1531 1532 $this->delete_uids = implode(',', $this->delete_uids); 1533 1534 if(empty($this->delete_uids)) 1535 { 1536 $this->deleted_users = 0; 1537 $this->return_values = array( 1538 "deleted_users" => $this->deleted_users 1539 ); 1540 1541 return $this->return_values; 1542 } 1543 1544 $this->delete_content(); 1545 1546 // Delete the user 1547 $query = $db->delete_query('users', "uid IN({$this->delete_uids})"); 1548 $this->deleted_users = $db->affected_rows($query); 1549 1550 // Are we removing the posts/threads of a user? 1551 if((int)$prunecontent == 1) 1552 { 1553 $this->delete_posts(); 1554 $db->delete_query('announcements', "uid IN({$this->delete_uids})"); 1555 } 1556 else 1557 { 1558 // We're just updating the UID 1559 $db->update_query('pollvotes', array('uid' => 0), "uid IN({$this->delete_uids})"); 1560 $db->update_query('posts', array('uid' => 0), "uid IN({$this->delete_uids})"); 1561 $db->update_query('threads', array('uid' => 0), "uid IN({$this->delete_uids})"); 1562 $db->update_query('attachments', array('uid' => 0), "uid IN({$this->delete_uids})"); 1563 $db->update_query('announcements', array('uid' => 0), "uid IN({$this->delete_uids})"); 1564 } 1565 1566 $db->update_query('privatemessages', array('fromid' => 0), "fromid IN({$this->delete_uids})"); 1567 $db->update_query('users', array('referrer' => 0), "referrer IN({$this->delete_uids})"); 1568 1569 // Update thread ratings 1570 $query = $db->query(" 1571 SELECT r.*, t.numratings, t.totalratings 1572 FROM ".TABLE_PREFIX."threadratings r 1573 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=r.tid) 1574 WHERE r.uid IN({$this->delete_uids}) 1575 "); 1576 while($rating = $db->fetch_array($query)) 1577 { 1578 $update_thread = array( 1579 "numratings" => $rating['numratings'] - 1, 1580 "totalratings" => $rating['totalratings'] - $rating['rating'] 1581 ); 1582 $db->update_query("threads", $update_thread, "tid='{$rating['tid']}'"); 1583 } 1584 1585 $db->delete_query('threadratings', "uid IN({$this->delete_uids})"); 1586 1587 // Update forums & threads if user is the lastposter 1588 $db->update_query('forums', array('lastposteruid' => 0), "lastposteruid IN({$this->delete_uids})"); 1589 $db->update_query('threads', array('lastposteruid' => 0), "lastposteruid IN({$this->delete_uids})"); 1590 1591 // Update forum stats 1592 update_stats(array('numusers' => '-'.$this->deleted_users)); 1593 1594 $this->return_values = array( 1595 "deleted_users" => $this->deleted_users 1596 ); 1597 1598 $plugins->run_hooks("datahandler_user_delete_end", $this); 1599 1600 // Update cache 1601 $cache->update_moderators(); 1602 $cache->update_forumsdisplay(); 1603 $cache->update_reportedcontent(); 1604 $cache->update_awaitingactivation(); 1605 $cache->update_birthdays(); 1606 1607 return $this->return_values; 1608 } 1609 1610 /** 1611 * Provides a method to delete users' content 1612 * 1613 * @param array|bool $delete_uids Array of user ids, false if they're already set (eg when using the delete_user function) 1614 */ 1615 function delete_content($delete_uids=false) 1616 { 1617 global $db, $plugins, $mybb; 1618 1619 if($delete_uids != false) 1620 { 1621 $this->delete_uids = array_map('intval', (array)$delete_uids); 1622 1623 foreach($this->delete_uids as $key => $uid) 1624 { 1625 if(!$uid || is_super_admin($uid) || $uid == $mybb->user['uid']) 1626 { 1627 // Remove super admins 1628 unset($this->delete_uids[$key]); 1629 } 1630 } 1631 1632 $this->delete_uids = implode(',', $this->delete_uids); 1633 } 1634 1635 $plugins->run_hooks('datahandler_user_delete_content', $this); 1636 1637 if(empty($this->delete_uids)) 1638 { 1639 return; 1640 } 1641 1642 $db->delete_query('userfields', "ufid IN({$this->delete_uids})"); 1643 $db->delete_query('privatemessages', "uid IN({$this->delete_uids})"); 1644 $db->delete_query('events', "uid IN({$this->delete_uids})"); 1645 $db->delete_query('moderators', "id IN({$this->delete_uids}) AND isgroup = 0"); 1646 $db->delete_query('forumsubscriptions', "uid IN({$this->delete_uids})"); 1647 $db->delete_query('threadsubscriptions', "uid IN({$this->delete_uids})"); 1648 $db->delete_query('forumsread', "uid IN({$this->delete_uids})"); 1649 $db->delete_query('threadsread', "uid IN({$this->delete_uids})"); 1650 $db->delete_query('adminviews', "uid IN({$this->delete_uids})"); 1651 $db->delete_query('adminoptions', "uid IN({$this->delete_uids})"); 1652 $db->delete_query('adminsessions', "uid IN({$this->delete_uids})"); 1653 $db->delete_query('sessions', "uid IN({$this->delete_uids})"); 1654 $db->delete_query('banned', "uid IN({$this->delete_uids})"); 1655 $db->delete_query('joinrequests', "uid IN({$this->delete_uids})"); 1656 $db->delete_query('groupleaders', "uid IN({$this->delete_uids})"); 1657 $db->delete_query('awaitingactivation', "uid IN({$this->delete_uids})"); 1658 $db->delete_query('warnings', "uid IN({$this->delete_uids})"); 1659 $db->delete_query('reputation', "uid IN({$this->delete_uids}) OR adduid IN({$this->delete_uids})"); 1660 $db->delete_query('buddyrequests', "uid IN({$this->delete_uids}) OR touid IN({$this->delete_uids})"); 1661 $db->delete_query('posts', "uid IN({$this->delete_uids}) AND visible = -2"); 1662 $db->delete_query('threads', "uid IN({$this->delete_uids}) AND visible = -2"); 1663 1664 // Delete reports made to the profile or reputation of the deleted users (i.e. made by them) 1665 $db->delete_query('reportedcontent', "type='reputation' AND id3 IN({$this->delete_uids}) OR type='reputation' AND id2 IN({$this->delete_uids})"); 1666 $db->delete_query('reportedcontent', "type='profile' AND id IN({$this->delete_uids})"); 1667 1668 // Update the reports made by the deleted users by setting the uid to 0 1669 $db->update_query('reportedcontent', array('uid' => 0), "uid IN({$this->delete_uids})"); 1670 1671 // Remove any of the user(s) uploaded avatars 1672 require_once MYBB_ROOT.'inc/functions_upload.php'; 1673 foreach(explode(',', $this->delete_uids) as $uid) 1674 { 1675 remove_avatars($uid); 1676 } 1677 } 1678 1679 /** 1680 * Provides a method to delete an users posts and threads 1681 * 1682 * @param array|bool $delete_uids Array of user ids, false if they're already set (eg when using the delete_user function) 1683 */ 1684 function delete_posts($delete_uids=false) 1685 { 1686 global $db, $plugins, $mybb; 1687 1688 if($delete_uids != false) 1689 { 1690 $this->delete_uids = array_map('intval', (array)$delete_uids); 1691 1692 foreach($this->delete_uids as $key => $uid) 1693 { 1694 if(!$uid || is_super_admin($uid) || $uid == $mybb->user['uid']) 1695 { 1696 // Remove super admins 1697 unset($this->delete_uids[$key]); 1698 } 1699 } 1700 1701 $this->delete_uids = implode(',', $this->delete_uids); 1702 } 1703 1704 require_once MYBB_ROOT.'inc/class_moderation.php'; 1705 $moderation = new Moderation(); 1706 1707 $plugins->run_hooks('datahandler_user_delete_posts', $this); 1708 1709 if(empty($this->delete_uids)) 1710 { 1711 return; 1712 } 1713 1714 // Threads 1715 $query = $db->simple_select('threads', 'tid', "uid IN({$this->delete_uids})"); 1716 while($tid = $db->fetch_field($query, 'tid')) 1717 { 1718 $moderation->delete_thread($tid); 1719 } 1720 1721 // Posts 1722 $query = $db->simple_select('posts', 'pid', "uid IN({$this->delete_uids})"); 1723 while($pid = $db->fetch_field($query, 'pid')) 1724 { 1725 $moderation->delete_post($pid); 1726 } 1727 } 1728 1729 /** 1730 * Provides a method to clear an users profile 1731 * 1732 * @param array|bool $delete_uids Array of user ids, false if they're already set (eg when using the delete_user function) 1733 * @param int $gid The new usergroup if the users should be moved (additional usergroups are always removed) 1734 */ 1735 function clear_profile($delete_uids=false, $gid=0) 1736 { 1737 global $db, $plugins, $mybb; 1738 1739 // delete_uids isn't a nice name, but it's used as the functions above use the same 1740 if($delete_uids != false) 1741 { 1742 $this->delete_uids = array_map('intval', (array)$delete_uids); 1743 1744 foreach($this->delete_uids as $key => $uid) 1745 { 1746 if(!$uid || is_super_admin($uid) || $uid == $mybb->user['uid']) 1747 { 1748 // Remove super admins 1749 unset($this->delete_uids[$key]); 1750 } 1751 } 1752 1753 $this->delete_uids = implode(',', $this->delete_uids); 1754 } 1755 1756 $update = array( 1757 "website" => "", 1758 "birthday" => "", 1759 "usertitle" => "", 1760 "away" => 0, 1761 "awaydate" => 0, 1762 "returndate" => "", 1763 "awayreason" => "", 1764 "additionalgroups" => "", 1765 "displaygroup" => 0, 1766 "signature" => "", 1767 "avatar" => "", 1768 'avatardimensions' => '', 1769 'avatartype' => '' 1770 ); 1771 1772 if($gid > 0) 1773 { 1774 $update["usergroup"] = (int)$gid; 1775 } 1776 1777 $plugins->run_hooks('datahandler_user_clear_profile', $this); 1778 1779 if(empty($this->delete_uids)) 1780 { 1781 return; 1782 } 1783 1784 $db->update_query("users", $update, "uid IN({$this->delete_uids})"); 1785 $db->delete_query('userfields', "ufid IN({$this->delete_uids})"); 1786 1787 // Remove any of the user(s) uploaded avatars 1788 require_once MYBB_ROOT.'inc/functions_upload.php'; 1789 foreach(explode(',', $this->delete_uids) as $uid) 1790 { 1791 remove_avatars($uid); 1792 } 1793 } 1794 1795 public function verify_signature() 1796 { 1797 global $mybb, $parser; 1798 1799 if(!isset($this->data['signature'])) 1800 { 1801 return true; 1802 } 1803 1804 if(!isset($parser)) 1805 { 1806 require_once MYBB_ROOT."inc/class_parser.php"; 1807 $parser = new postParser; 1808 } 1809 1810 $parser_options = array( 1811 'allow_html' => $mybb->settings['sightml'], 1812 'allow_mycode' => $mybb->settings['sigmycode'], 1813 'allow_smilies' => $mybb->settings['sigsmilies'], 1814 'allow_imgcode' => $mybb->settings['sigimgcode'], 1815 "filter_badwords" => 1 1816 ); 1817 1818 $parsed_sig = $parser->parse_message($this->data['signature'], $parser_options); 1819 1820 if((($mybb->settings['sigimgcode'] == 0 && $mybb->settings['sigsmilies'] != 1) && 1821 substr_count($parsed_sig, "<img") > 0) || 1822 (($mybb->settings['sigimgcode'] == 1 || $mybb->settings['sigsmilies'] == 1) && 1823 substr_count($parsed_sig, "<img") > $mybb->settings['maxsigimages']) 1824 ) 1825 { 1826 $imgsallowed = 0; 1827 1828 if($mybb->settings['sigimgcode'] == 1) 1829 { 1830 $imgsallowed = $mybb->settings['maxsigimages']; 1831 } 1832 1833 $this->set_error('too_many_sig_images2', array($imgsallowed)); 1834 } 1835 1836 if($mybb->settings['sigcountmycode'] == 0) 1837 { 1838 $parsed_sig = $parser->text_parse_message($this->data['signature'], array('signature_parse' => '1')); 1839 } 1840 else 1841 { 1842 $parsed_sig = $this->data['signature']; 1843 } 1844 1845 if($mybb->settings['siglength'] > 0) 1846 { 1847 $parsed_sig = preg_replace("#\s#", "", $parsed_sig); 1848 $sig_length = my_strlen($parsed_sig); 1849 1850 if($sig_length > $mybb->settings['siglength']) 1851 { 1852 $this->set_error('sig_too_long', array($mybb->settings['siglength'])); 1853 1854 if($sig_length - $mybb->settings['siglength'] > 1) 1855 { 1856 $this->set_error('sig_remove_chars_plural', array($sig_length-$mybb->settings['siglength'])); 1857 } 1858 else 1859 { 1860 $this->set_error('sig_remove_chars_singular'); 1861 } 1862 } 1863 } 1864 1865 if(count($this->get_errors()) > 0) 1866 { 1867 return false; 1868 } 1869 return true; 1870 } 1871 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| 2005 - 2021 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup | Cross-referenced by PHPXref |