[ Index ]

PHP Cross Reference of MyBB 1.8.14

title

Body

[close]

/inc/datahandlers/ -> user.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  // Disallow direct access to this file for security reasons
  12  if(!defined("IN_MYBB"))
  13  {
  14      die("Direct initialization of this file is not allowed.<br /><br />Please make sure IN_MYBB is defined.");
  15  }
  16  
  17  /**
  18   * User handling class, provides common structure to handle user data.
  19   *
  20   */
  21  class UserDataHandler extends DataHandler
  22  {
  23      /**
  24      * The language file used in the data handler.
  25      *
  26      * @var string
  27      */
  28      public $language_file = 'datahandler_user';
  29  
  30      /**
  31      * The prefix for the language variables used in the data handler.
  32      *
  33      * @var string
  34      */
  35      public $language_prefix = 'userdata';
  36  
  37      /**
  38       * Array of data inserted in to a user.
  39       *
  40       * @var array
  41       */
  42      public $user_insert_data = array();
  43  
  44      /**
  45       * Array of data used to update a user.
  46       *
  47       * @var array
  48       */
  49      public $user_update_data = array();
  50  
  51      /**
  52       * User ID currently being manipulated by the datahandlers.
  53       *
  54       * @var int
  55       */
  56      public $uid = 0;
  57  
  58      /**
  59       * Values to be returned after inserting/deleting an user.
  60       *
  61       * @var array
  62       */
  63      public $return_values = array();
  64  
  65      /**
  66       * @var array
  67       */
  68      var $delete_uids = array();
  69  
  70      /**
  71       * @var int
  72       */
  73      var $deleted_users = 0;
  74  
  75      /**
  76       * Verifies if a username is valid or invalid.
  77       *
  78       * @return boolean True when valid, false when invalid.
  79       */
  80  	function verify_username()
  81      {
  82          global $mybb;
  83  
  84          $username = &$this->data['username'];
  85          require_once  MYBB_ROOT.'inc/functions_user.php';
  86  
  87          // Fix bad characters
  88          $username = trim_blank_chrs($username);
  89          $username = str_replace(array(unichr(160), unichr(173), unichr(0xCA), dec_to_utf8(8238), dec_to_utf8(8237), dec_to_utf8(8203)), array(" ", "-", "", "", "", ""), $username);
  90  
  91          // Remove multiple spaces from the username
  92          $username = preg_replace("#\s{2,}#", " ", $username);
  93  
  94          // Check if the username is not empty.
  95          if($username == '')
  96          {
  97              $this->set_error('missing_username');
  98              return false;
  99          }
 100  
 101          // Check if the username belongs to the list of banned usernames.
 102          if(is_banned_username($username, true))
 103          {
 104              $this->set_error('banned_username');
 105              return false;
 106          }
 107  
 108          // Check for certain characters in username (<, >, &, commas and slashes)
 109          if(strpos($username, "<") !== false || strpos($username, ">") !== false || strpos($username, "&") !== false || my_strpos($username, "\\") !== false || strpos($username, ";") !== false || strpos($username, ",") !== false || !validate_utf8_string($username, false, false))
 110          {
 111              $this->set_error("bad_characters_username");
 112              return false;
 113          }
 114  
 115          // Check if the username is of the correct length.
 116          if(($mybb->settings['maxnamelength'] != 0 && my_strlen($username) > $mybb->settings['maxnamelength']) || ($mybb->settings['minnamelength'] != 0 && my_strlen($username) < $mybb->settings['minnamelength']))
 117          {
 118              $this->set_error('invalid_username_length', array($mybb->settings['minnamelength'], $mybb->settings['maxnamelength']));
 119              return false;
 120          }
 121  
 122          return true;
 123      }
 124  
 125      /**
 126       * Verifies if a usertitle is valid or invalid.
 127       *
 128       * @return boolean True when valid, false when invalid.
 129       */
 130  	function verify_usertitle()
 131      {
 132          global $mybb;
 133  
 134          $usertitle = &$this->data['usertitle'];
 135  
 136          // Check if the usertitle is of the correct length.
 137          if($mybb->settings['customtitlemaxlength'] != 0 && my_strlen($usertitle) > $mybb->settings['customtitlemaxlength'])
 138          {
 139              $this->set_error('invalid_usertitle_length', $mybb->settings['customtitlemaxlength']);
 140              return false;
 141          }
 142  
 143          return true;
 144      }
 145  
 146      /**
 147       * Verifies if a username is already in use or not.
 148       *
 149       * @return boolean False when the username is not in use, true when it is.
 150       */
 151  	function verify_username_exists()
 152      {
 153          $username = &$this->data['username'];
 154  
 155          $user = get_user_by_username(trim($username));
 156  
 157          if(!empty($this->data['uid']) && !empty($user['uid']) && $user['uid'] == $this->data['uid'])
 158          {
 159              unset($user);
 160          }
 161  
 162          if(!empty($user['uid']))
 163          {
 164              $this->set_error("username_exists", array($username));
 165              return true;
 166          }
 167  
 168          return false;
 169      }
 170  
 171      /**
 172      * Verifies if a new password is valid or not.
 173      *
 174      * @return boolean True when valid, false when invalid.
 175      */
 176  	function verify_password()
 177      {
 178          global $mybb;
 179  
 180          $user = &$this->data;
 181  
 182          // Always check for the length of the password.
 183          if(my_strlen($user['password']) < $mybb->settings['minpasswordlength'] || my_strlen($user['password']) > $mybb->settings['maxpasswordlength'])
 184          {
 185              $this->set_error('invalid_password_length', array($mybb->settings['minpasswordlength'], $mybb->settings['maxpasswordlength']));
 186              return false;
 187          }
 188  
 189          // Has the user tried to use their email address or username as a password?
 190          if($user['email'] === $user['password'] || $user['username'] === $user['password']
 191              || strpos($user['password'], $user['email']) !== false || strpos($user['password'], $user['username']) !== false
 192              || strpos($user['email'], $user['password']) !== false || strpos($user['username'], $user['password']) !== false)
 193          {
 194              $this->set_error('bad_password_security');
 195              return false;
 196          }
 197  
 198          // See if the board has "require complex passwords" enabled.
 199          if($mybb->settings['requirecomplexpasswords'] == 1)
 200          {
 201              // Complex passwords required, do some extra checks.
 202              // First, see if there is one or more complex character(s) in the password.
 203              if(!preg_match("/^.*(?=.{".$mybb->settings['minpasswordlength'].",})(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).*$/", $user['password']))
 204              {
 205                  $this->set_error('no_complex_characters', array($mybb->settings['minpasswordlength']));
 206                  return false;
 207              }
 208          }
 209  
 210          // If we have a "password2" check if they both match
 211          if(isset($user['password2']) && $user['password'] !== $user['password2'])
 212          {
 213              $this->set_error("passwords_dont_match");
 214              return false;
 215          }
 216  
 217          // Generate the user login key
 218          $user['loginkey'] = generate_loginkey();
 219  
 220          // Combine the password and salt
 221          $password_fields = create_password($user['password'], false, $user);
 222          $user = array_merge($user, $password_fields);
 223  
 224          return true;
 225      }
 226  
 227      /**
 228      * Verifies usergroup selections and other group details.
 229      *
 230      * @return boolean True when valid, false when invalid.
 231      */
 232  	function verify_usergroup()
 233      {
 234          return true;
 235      }
 236      /**
 237      * Verifies if an email address is valid or not.
 238      *
 239      * @return boolean True when valid, false when invalid.
 240      */
 241  	function verify_email()
 242      {
 243          global $mybb;
 244  
 245          $user = &$this->data;
 246  
 247          // Check if an email address has actually been entered.
 248          if(trim_blank_chrs($user['email']) == '')
 249          {
 250              $this->set_error('missing_email');
 251              return false;
 252          }
 253  
 254          // Check if this is a proper email address.
 255          if(!validate_email_format($user['email']))
 256          {
 257              $this->set_error('invalid_email_format');
 258              return false;
 259          }
 260  
 261          // Check banned emails
 262          if(is_banned_email($user['email'], true))
 263          {
 264              $this->set_error('banned_email');
 265              return false;
 266          }
 267  
 268          // Check signed up emails
 269          // Ignore the ACP because the Merge System sometimes produces users with duplicate email addresses (Not A Bug)
 270          if($mybb->settings['allowmultipleemails'] == 0 && !defined("IN_ADMINCP"))
 271          {
 272              $uid = 0;
 273              if(isset($user['uid']))
 274              {
 275                  $uid = $user['uid'];
 276              }
 277              if(email_already_in_use($user['email'], $uid))
 278              {
 279                  $this->set_error('email_already_in_use');
 280                  return false;
 281              }
 282          }
 283  
 284          // If we have an "email2", verify it matches the existing email
 285          if(isset($user['email2']) && $user['email'] != $user['email2'])
 286          {
 287              $this->set_error("emails_dont_match");
 288              return false;
 289          }
 290  
 291          return true;
 292      }
 293  
 294      /**
 295      * Verifies if a website is valid or not.
 296      *
 297      * @return boolean True when valid, false when invalid.
 298      */
 299  	function verify_website()
 300      {
 301          $website = &$this->data['website'];
 302  
 303          if(!empty($website) && !my_validate_url($website))
 304          {
 305              $website = 'http://'.$website;
 306          }
 307  
 308          if(!empty($website) && !my_validate_url($website))
 309          {
 310              $this->set_error('invalid_website');
 311              return false;
 312          }
 313  
 314          return true;
 315      }
 316  
 317      /**
 318       * Verifies if an ICQ number is valid or not.
 319       *
 320       * @return boolean True when valid, false when invalid.
 321       */
 322  	function verify_icq()
 323      {
 324          $icq = &$this->data['icq'];
 325  
 326          if($icq != '' && !is_numeric($icq))
 327          {
 328              $this->set_error("invalid_icq_number");
 329              return false;
 330          }
 331          $icq = (int)$icq;
 332          return true;
 333      }
 334  
 335      /**
 336      * Verifies if a birthday is valid or not.
 337      *
 338      * @return boolean True when valid, false when invalid.
 339      */
 340  	function verify_birthday()
 341      {
 342          global $mybb;
 343  
 344          $user = &$this->data;
 345          $birthday = &$user['birthday'];
 346  
 347          if(!is_array($birthday))
 348          {
 349              return true;
 350          }
 351  
 352          // Sanitize any input we have
 353          $birthday['day'] = (int)$birthday['day'];
 354          $birthday['month'] = (int)$birthday['month'];
 355          $birthday['year'] = (int)$birthday['year'];
 356  
 357          // Error if a day and month exists, and the birthday day and range is not in range
 358          if($birthday['day'] != 0 || $birthday['month'] != 0)
 359          {
 360              if($birthday['day'] < 1 || $birthday['day'] > 31 || $birthday['month'] < 1 || $birthday['month'] > 12 || ($birthday['month'] == 2 && $birthday['day'] > 29))
 361              {
 362                  $this->set_error("invalid_birthday");
 363                  return false;
 364              }
 365          }
 366  
 367          // Check if the day actually exists.
 368          $months = get_bdays($birthday['year']);
 369          if($birthday['month'] != 0 && $birthday['day'] > $months[$birthday['month']-1])
 370          {
 371              $this->set_error("invalid_birthday");
 372              return false;
 373          }
 374  
 375          // Error if a year exists and the year is out of range
 376          if($birthday['year'] != 0 && ($birthday['year'] < (date("Y")-100)) || $birthday['year'] > date("Y"))
 377          {
 378              $this->set_error("invalid_birthday");
 379              return false;
 380          }
 381          else if($birthday['year'] == date("Y"))
 382          {
 383              // Error if birth date is in future
 384              if($birthday['month'] > date("m") || ($birthday['month'] == date("m") && $birthday['day'] > date("d")))
 385              {
 386                  $this->set_error("invalid_birthday");
 387                  return false;
 388              }
 389          }
 390  
 391          // Error if COPPA is on, and the user hasn't verified their age / under 13
 392          if($mybb->settings['coppa'] == "enabled" && ($birthday['year'] == 0 || !$birthday['year']))
 393          {
 394              $this->set_error("invalid_birthday_coppa");
 395              return false;
 396          }
 397          elseif(($mybb->settings['coppa'] == "deny" && $birthday['year'] > (date("Y")-13)) && !is_moderator())
 398          {
 399              $this->set_error("invalid_birthday_coppa2");
 400              return false;
 401          }
 402  
 403          // Make the user's birthday field
 404          if($birthday['year'] != 0)
 405          {
 406              // If the year is specified, put together a d-m-y string
 407              $user['bday'] = $birthday['day']."-".$birthday['month']."-".$birthday['year'];
 408          }
 409          elseif($birthday['day'] && $birthday['month'])
 410          {
 411              // If only a day and month are specified, put together a d-m string
 412              $user['bday'] = $birthday['day']."-".$birthday['month']."-";
 413          }
 414          else
 415          {
 416              // No field is specified, so return an empty string for an unknown birthday
 417              $user['bday'] = '';
 418          }
 419          return true;
 420      }
 421  
 422      /**
 423       * Verifies if the birthday privacy option is valid or not.
 424       *
 425       * @return boolean True when valid, false when invalid.
 426       */
 427  	function verify_birthday_privacy()
 428      {
 429          $birthdayprivacy = &$this->data['birthdayprivacy'];
 430          $accepted = array(
 431                      'none',
 432                      'age',
 433                      'all');
 434  
 435          if(!in_array($birthdayprivacy, $accepted))
 436          {
 437              $this->set_error("invalid_birthday_privacy");
 438              return false;
 439          }
 440          return true;
 441      }
 442  
 443      /**
 444      * Verifies if the post count field is filled in correctly.
 445      *
 446      * @return boolean True when valid, false when invalid.
 447      */
 448  	function verify_postnum()
 449      {
 450          $user = &$this->data;
 451  
 452          if(isset($user['postnum']) && $user['postnum'] < 0)
 453          {
 454              $this->set_error("invalid_postnum");
 455              return false;
 456          }
 457  
 458          return true;
 459      }
 460  
 461      /**
 462      * Verifies if the thread count field is filled in correctly.
 463      *
 464      * @return boolean True when valid, false when invalid.
 465      */
 466  	function verify_threadnum()
 467      {
 468          $user = &$this->data;
 469  
 470          if(isset($user['threadnum']) && $user['threadnum'] < 0)
 471          {
 472              $this->set_error("invalid_threadnum");
 473              return false;
 474          }
 475  
 476          return true;
 477      }
 478  
 479      /**
 480      * Verifies if a profile fields are filled in correctly.
 481      *
 482      * @return boolean True when valid, false when invalid.
 483      */
 484  	function verify_profile_fields()
 485      {
 486          global $db, $cache;
 487  
 488          $user = &$this->data;
 489          $profile_fields = &$this->data['profile_fields'];
 490  
 491          // Loop through profile fields checking if they exist or not and are filled in.
 492  
 493          // Fetch all profile fields first.
 494          $pfcache = $cache->read('profilefields');
 495  
 496          if(is_array($pfcache))
 497          {
 498              // Then loop through the profile fields.
 499              foreach($pfcache as $profilefield)
 500              {
 501                  if(isset($this->data['profile_fields_editable']) || isset($this->data['registration']) && ($profilefield['required'] == 1 || $profilefield['registration'] == 1))
 502                  {
 503                      $profilefield['editableby'] = -1;
 504                  }
 505  
 506                  if(!is_member($profilefield['editableby'], array('usergroup' => $user['usergroup'], 'additionalgroups' => $user['additionalgroups'])))
 507                  {
 508                      continue;
 509                  }
 510  
 511                  // Does this field have a minimum post count?
 512                  if(!isset($this->data['profile_fields_editable']) && !empty($profilefield['postnum']) && $profilefield['postnum'] > $user['postnum'])
 513                  {
 514                      continue;
 515                  }
 516  
 517                  $profilefield['type'] = htmlspecialchars_uni($profilefield['type']);
 518                  $profilefield['name'] = htmlspecialchars_uni($profilefield['name']);
 519                  $thing = explode("\n", $profilefield['type'], "2");
 520                  $type = trim($thing[0]);
 521                  $field = "fid{$profilefield['fid']}";
 522  
 523                  if(!isset($profile_fields[$field]))
 524                  {
 525                      $profile_fields[$field] = '';
 526                  }
 527  
 528                  // If the profile field is required, but not filled in, present error.
 529                  if($type != "multiselect" && $type != "checkbox")
 530                  {
 531                      if(trim($profile_fields[$field]) == "" && $profilefield['required'] == 1 && !defined('IN_ADMINCP') && THIS_SCRIPT != "modcp.php")
 532                      {
 533                          $this->set_error('missing_required_profile_field', array($profilefield['name']));
 534                      }
 535                  }
 536                  elseif(($type == "multiselect" || $type == "checkbox") && $profile_fields[$field] == "" && $profilefield['required'] == 1 && !defined('IN_ADMINCP') && THIS_SCRIPT != "modcp.php")
 537                  {
 538                      $this->set_error('missing_required_profile_field', array($profilefield['name']));
 539                  }
 540  
 541                  // Sort out multiselect/checkbox profile fields.
 542                  $options = '';
 543                  if(($type == "multiselect" || $type == "checkbox") && is_array($profile_fields[$field]))
 544                  {
 545                      $expoptions = explode("\n", $thing[1]);
 546                      $expoptions = array_map('trim', $expoptions);
 547                      foreach($profile_fields[$field] as $value)
 548                      {
 549                          if(!in_array(htmlspecialchars_uni($value), $expoptions))
 550                          {
 551                              $this->set_error('bad_profile_field_values', array($profilefield['name']));
 552                          }
 553                          if($options)
 554                          {
 555                              $options .= "\n";
 556                          }
 557                          $options .= $db->escape_string($value);
 558                      }
 559                  }
 560                  elseif($type == "select" || $type == "radio")
 561                  {
 562                      $expoptions = explode("\n", $thing[1]);
 563                      $expoptions = array_map('trim', $expoptions);
 564                      if(!in_array(htmlspecialchars_uni($profile_fields[$field]), $expoptions) && trim($profile_fields[$field]) != "")
 565                      {
 566                          $this->set_error('bad_profile_field_values', array($profilefield['name']));
 567                      }
 568                      $options = $db->escape_string($profile_fields[$field]);
 569                  }
 570                  else
 571                  {
 572                      if($profilefield['maxlength'] > 0 && my_strlen($profile_fields[$field]) > $profilefield['maxlength'])
 573                      {
 574                          $this->set_error('max_limit_reached', array($profilefield['name'], $profilefield['maxlength']));
 575                      }
 576  
 577                      if(!empty($profilefield['regex']) && !empty($profile_fields[$field]) && !preg_match("#".$profilefield['regex']."#i", $profile_fields[$field]))
 578                      {
 579                          $this->set_error('bad_profile_field_value', array($profilefield['name']));
 580                      }
 581  
 582                      $options = $db->escape_string($profile_fields[$field]);
 583                  }
 584                  $user['user_fields'][$field] = $options;
 585              }
 586          }
 587  
 588          return true;
 589      }
 590  
 591      /**
 592      * Verifies if an optionally entered referrer exists or not.
 593      *
 594      * @return boolean True when valid, false when invalid.
 595      */
 596  	function verify_referrer()
 597      {
 598          global $db, $mybb;
 599  
 600          $user = &$this->data;
 601  
 602          // Does the referrer exist or not?
 603          if($mybb->settings['usereferrals'] == 1 && $user['referrer'] != '')
 604          {
 605              $referrer = get_user_by_username($user['referrer']);
 606  
 607              if(empty($referrer['uid']))
 608              {
 609                  $this->set_error('invalid_referrer', array($user['referrer']));
 610                  return false;
 611              }
 612  
 613              $user['referrer_uid'] = $referrer['uid'];
 614          }
 615          else
 616          {
 617              $user['referrer_uid'] = 0;
 618          }
 619  
 620          return true;
 621      }
 622  
 623      /**
 624      * Verifies user options.
 625      *
 626      * @return boolean True when valid, false when invalid.
 627      */
 628  	function verify_options()
 629      {
 630          global $mybb;
 631  
 632          $options = &$this->data['options'];
 633  
 634          // Verify yes/no options.
 635          $this->verify_yesno_option($options, 'allownotices', 1);
 636          $this->verify_yesno_option($options, 'hideemail', 0);
 637          $this->verify_yesno_option($options, 'receivepms', 1);
 638          $this->verify_yesno_option($options, 'receivefrombuddy', 0);
 639          $this->verify_yesno_option($options, 'pmnotice', 1);
 640          $this->verify_yesno_option($options, 'pmnotify', 1);
 641          $this->verify_yesno_option($options, 'invisible', 0);
 642          $this->verify_yesno_option($options, 'showimages', 1);
 643          $this->verify_yesno_option($options, 'showvideos', 1);
 644          $this->verify_yesno_option($options, 'showsigs', 1);
 645          $this->verify_yesno_option($options, 'showavatars', 1);
 646          $this->verify_yesno_option($options, 'showquickreply', 1);
 647          $this->verify_yesno_option($options, 'showredirect', 1);
 648          $this->verify_yesno_option($options, 'showcodebuttons', 1);
 649          $this->verify_yesno_option($options, 'sourceeditor', 0);
 650          $this->verify_yesno_option($options, 'buddyrequestspm', 1);
 651          $this->verify_yesno_option($options, 'buddyrequestsauto', 0);
 652  
 653          if($mybb->settings['postlayout'] == 'classic')
 654          {
 655              $this->verify_yesno_option($options, 'classicpostbit', 1);
 656          }
 657          else
 658          {
 659              $this->verify_yesno_option($options, 'classicpostbit', 0);
 660          }
 661  
 662          if(array_key_exists('subscriptionmethod', $options))
 663          {
 664              // Value out of range
 665              $options['subscriptionmethod'] = (int)$options['subscriptionmethod'];
 666              if($options['subscriptionmethod'] < 0 || $options['subscriptionmethod'] > 3)
 667              {
 668                  $options['subscriptionmethod'] = 0;
 669              }
 670          }
 671  
 672          if(array_key_exists('dstcorrection', $options))
 673          {
 674              // Value out of range
 675              $options['dstcorrection'] = (int)$options['dstcorrection'];
 676              if($options['dstcorrection'] < 0 || $options['dstcorrection'] > 2)
 677              {
 678                  $options['dstcorrection'] = 0;
 679              }
 680          }
 681  
 682          if($options['dstcorrection'] == 1)
 683          {
 684              $options['dst'] = 1;
 685          }
 686          else if($options['dstcorrection'] == 0)
 687          {
 688              $options['dst'] = 0;
 689          }
 690  
 691          if($this->method == "insert" || (isset($options['threadmode']) && $options['threadmode'] != "linear" && $options['threadmode'] != "threaded"))
 692          {
 693              if($mybb->settings['threadusenetstyle'])
 694              {
 695                  $options['threadmode'] = 'threaded';
 696              }
 697              else
 698              {
 699                  $options['threadmode'] = 'linear';
 700              }
 701          }
 702  
 703          // Verify the "threads per page" option.
 704          if($this->method == "insert" || (array_key_exists('tpp', $options) && $mybb->settings['usertppoptions']))
 705          {
 706              if(!isset($options['tpp']))
 707              {
 708                  $options['tpp'] = 0;
 709              }
 710              $explodedtpp = explode(",", $mybb->settings['usertppoptions']);
 711              if(is_array($explodedtpp))
 712              {
 713                  @asort($explodedtpp);
 714                  $biggest = $explodedtpp[count($explodedtpp)-1];
 715                  // Is the selected option greater than the allowed options?
 716                  if($options['tpp'] > $biggest)
 717                  {
 718                      $options['tpp'] = $biggest;
 719                  }
 720              }
 721              $options['tpp'] = (int)$options['tpp'];
 722          }
 723          // Verify the "posts per page" option.
 724          if($this->method == "insert" || (array_key_exists('ppp', $options) && $mybb->settings['userpppoptions']))
 725          {
 726              if(!isset($options['ppp']))
 727              {
 728                  $options['ppp'] = 0;
 729              }
 730              $explodedppp = explode(",", $mybb->settings['userpppoptions']);
 731              if(is_array($explodedppp))
 732              {
 733                  @asort($explodedppp);
 734                  $biggest = $explodedppp[count($explodedppp)-1];
 735                  // Is the selected option greater than the allowed options?
 736                  if($options['ppp'] > $biggest)
 737                  {
 738                      $options['ppp'] = $biggest;
 739                  }
 740              }
 741              $options['ppp'] = (int)$options['ppp'];
 742          }
 743          // Is our selected "days prune" option valid or not?
 744          if($this->method == "insert" || array_key_exists('daysprune', $options))
 745          {
 746              if(!isset($options['daysprune']))
 747              {
 748                  $options['daysprune'] = 0;
 749              }
 750              $options['daysprune'] = (int)$options['daysprune'];
 751              if($options['daysprune'] < 0)
 752              {
 753                  $options['daysprune'] = 0;
 754              }
 755          }
 756          $this->data['options'] = $options;
 757      }
 758  
 759      /**
 760       * Verifies if a registration date is valid or not.
 761       *
 762       * @return boolean True when valid, false when invalid.
 763       */
 764  	function verify_regdate()
 765      {
 766          $regdate = &$this->data['regdate'];
 767  
 768          $regdate = (int)$regdate;
 769          // If the timestamp is below 0, set it to the current time.
 770          if($regdate <= 0)
 771          {
 772              $regdate = TIME_NOW;
 773          }
 774          return true;
 775      }
 776  
 777      /**
 778       * Verifies if a last visit date is valid or not.
 779       *
 780       * @return boolean True when valid, false when invalid.
 781       */
 782  	function verify_lastvisit()
 783      {
 784          $lastvisit = &$this->data['lastvisit'];
 785  
 786          $lastvisit = (int)$lastvisit;
 787          // If the timestamp is below 0, set it to the current time.
 788          if($lastvisit <= 0)
 789          {
 790              $lastvisit = TIME_NOW;
 791          }
 792          return true;
 793  
 794      }
 795  
 796      /**
 797       * Verifies if a last active date is valid or not.
 798       *
 799       * @return boolean True when valid, false when invalid.
 800       */
 801  	function verify_lastactive()
 802      {
 803          $lastactive = &$this->data['lastactive'];
 804  
 805          $lastactive = (int)$lastactive;
 806          // If the timestamp is below 0, set it to the current time.
 807          if($lastactive <= 0)
 808          {
 809              $lastactive = TIME_NOW;
 810          }
 811          return true;
 812  
 813      }
 814  
 815      /**
 816       * Verifies if an away mode status is valid or not.
 817       *
 818       * @return boolean True when valid, false when invalid.
 819       */
 820  	function verify_away()
 821      {
 822          global $mybb;
 823  
 824          $user = &$this->data;
 825          // If the board does not allow "away mode" or the user is marking as not away, set defaults.
 826          if($mybb->settings['allowaway'] == 0 || !isset($user['away']['away']) || $user['away']['away'] != 1)
 827          {
 828              $user['away']['away'] = 0;
 829              $user['away']['date'] = 0;
 830              $user['away']['returndate'] = 0;
 831              $user['away']['awayreason'] = '';
 832              return true;
 833          }
 834          else if($user['away']['returndate'])
 835          {
 836              list($returnday, $returnmonth, $returnyear) = explode('-', $user['away']['returndate']);
 837              if(!$returnday || !$returnmonth || !$returnyear)
 838              {
 839                  $this->set_error("missing_returndate");
 840                  return false;
 841              }
 842  
 843              // Validate the return date lengths
 844              $user['away']['returndate'] = substr($returnday, 0, 2).'-'.substr($returnmonth, 0, 2).'-'.substr($returnyear, 0, 4);
 845          }
 846          return true;
 847      }
 848  
 849      /**
 850       * Verifies if a language is valid for this user or not.
 851       *
 852       * @return boolean True when valid, false when invalid.
 853       */
 854  	function verify_language()
 855      {
 856          global $lang;
 857  
 858          $language = &$this->data['language'];
 859  
 860          // An invalid language has been specified?
 861          if($language != '' && !$lang->language_exists($language))
 862          {
 863              $this->set_error("invalid_language");
 864              return false;
 865          }
 866          return true;
 867      }
 868  
 869      /**
 870       * Verifies if a style is valid for this user or not.
 871       *
 872       * @return boolean True when valid, false when invalid.
 873       */
 874  	function verify_style()
 875      {
 876          global $lang;
 877  
 878          $user = &$this->data;
 879  
 880          if($user['style'])
 881          {
 882              $theme = get_theme($user['style']);
 883  
 884              if(empty($theme) || !is_member($theme['allowedgroups'], $user) && $theme['allowedgroups'] != 'all')
 885              {
 886                  $this->set_error('invalid_style');
 887                  return false;
 888              }
 889          }
 890  
 891          return true;
 892      }
 893  
 894      /**
 895       * Verifies if this is coming from a spam bot or not
 896       *
 897       * @return boolean True when valid, false when invalid.
 898       */
 899  	function verify_checkfields()
 900      {
 901          $user = &$this->data;
 902  
 903          // An invalid language has been specified?
 904          if($user['regcheck1'] !== "" || $user['regcheck2'] !== "true")
 905          {
 906              $this->set_error("invalid_checkfield");
 907              return false;
 908          }
 909          return true;
 910      }
 911  
 912      /**
 913       * Verifies if the user timezone is valid.
 914       * If the timezone is invalid, the board default is used.
 915       *
 916       * @return boolean True when timezone was valid, false otherwise
 917       */
 918  	function verify_timezone()
 919      {
 920          $user = &$this->data;
 921  
 922          $timezones = get_supported_timezones();
 923  
 924          if(!array_key_exists($user['timezone'], $timezones))
 925          {
 926              $user['timezone'] = $mybb->settings['timezoneoffset'];
 927              return false;
 928          }
 929  
 930          return true;
 931      }
 932  
 933      /**
 934      * Validate all user assets.
 935      *
 936      * @return boolean True when valid, false when invalid.
 937      */
 938  	function validate_user()
 939      {
 940          global $mybb, $plugins;
 941  
 942          $user = &$this->data;
 943  
 944          // First, grab the old user details if this user exists
 945          if(!empty($user['uid']))
 946          {
 947              $old_user = get_user($user['uid']);
 948          }
 949  
 950          if($this->method == "insert" || array_key_exists('username', $user))
 951          {
 952              // If the username is the same - no need to verify
 953              if(!isset($old_user['username']) || $user['username'] != $old_user['username'])
 954              {
 955                  $this->verify_username();
 956                  $this->verify_username_exists();
 957              }
 958              else
 959              {
 960                  unset($user['username']);
 961              }
 962          }
 963          if($this->method == "insert" || array_key_exists('usertitle', $user))
 964          {
 965              $this->verify_usertitle();
 966          }
 967          if($this->method == "insert" || array_key_exists('password', $user))
 968          {
 969              $this->verify_password();
 970          }
 971          if($this->method == "insert" || array_key_exists('usergroup', $user))
 972          {
 973              $this->verify_usergroup();
 974          }
 975          if($this->method == "insert" || array_key_exists('email', $user))
 976          {
 977              $this->verify_email();
 978          }
 979          if($this->method == "insert" || array_key_exists('website', $user))
 980          {
 981              $this->verify_website();
 982          }
 983          if($this->method == "insert" || array_key_exists('icq', $user))
 984          {
 985              $this->verify_icq();
 986          }
 987          if($this->method == "insert" || (isset($user['birthday']) && is_array($user['birthday'])))
 988          {
 989              $this->verify_birthday();
 990          }
 991          if($this->method == "insert" || array_key_exists('postnum', $user))
 992          {
 993              $this->verify_postnum();
 994          }
 995          if($this->method == "insert" || array_key_exists('threadnum', $user))
 996          {
 997              $this->verify_threadnum();
 998          }
 999          if($this->method == "insert" || array_key_exists('profile_fields', $user))
1000          {
1001              $this->verify_profile_fields();
1002          }
1003          if($this->method == "insert" || array_key_exists('referrer', $user))
1004          {
1005              $this->verify_referrer();
1006          }
1007          if($this->method == "insert" || array_key_exists('options', $user))
1008          {
1009              $this->verify_options();
1010          }
1011          if($this->method == "insert" || array_key_exists('regdate', $user))
1012          {
1013              $this->verify_regdate();
1014          }
1015          if($this->method == "insert" || array_key_exists('lastvisit', $user))
1016          {
1017              $this->verify_lastvisit();
1018          }
1019          if($this->method == "insert" || array_key_exists('lastactive', $user))
1020          {
1021              $this->verify_lastactive();
1022          }
1023          if($this->method == "insert" || array_key_exists('away', $user))
1024          {
1025              $this->verify_away();
1026          }
1027          if($this->method == "insert" || array_key_exists('language', $user))
1028          {
1029              $this->verify_language();
1030          }
1031          if($this->method == "insert" || array_key_exists('timezone', $user))
1032          {
1033              $this->verify_timezone();
1034          }
1035          if($this->method == "insert" && array_key_exists('regcheck1', $user) && array_key_exists('regcheck2', $user))
1036          {
1037              $this->verify_checkfields();
1038          }
1039          if(array_key_exists('birthdayprivacy', $user))
1040          {
1041              $this->verify_birthday_privacy();
1042          }
1043          if($this->method == "insert" || array_key_exists('style', $user))
1044          {
1045              $this->verify_style();
1046          }
1047          if($this->method == "insert" || array_key_exists('signature', $user))
1048          {
1049              $this->verify_signature();
1050          }
1051  
1052          $plugins->run_hooks("datahandler_user_validate", $this);
1053  
1054          // We are done validating, return.
1055          $this->set_validated(true);
1056          if(count($this->get_errors()) > 0)
1057          {
1058              return false;
1059          }
1060          else
1061          {
1062              return true;
1063          }
1064      }
1065  
1066      /**
1067      * Inserts a user into the database.
1068      *
1069      * @return array
1070      */
1071  	function insert_user()
1072      {
1073          global $db, $cache, $plugins;
1074  
1075          // Yes, validating is required.
1076          if(!$this->get_validated())
1077          {
1078              die("The user needs to be validated before inserting it into the DB.");
1079          }
1080          if(count($this->get_errors()) > 0)
1081          {
1082              die("The user is not valid.");
1083          }
1084  
1085          $user = &$this->data;
1086  
1087          $array = array('postnum', 'threadnum', 'avatar', 'avatartype', 'additionalgroups', 'displaygroup', 'icq', 'aim', 'yahoo', 'skype', 'google', 'bday', 'signature', 'style', 'dateformat', 'timeformat', 'notepad');
1088          foreach($array as $value)
1089          {
1090              if(!isset($user[$value]))
1091              {
1092                  $user[$value] = '';
1093              }
1094          }
1095  
1096          $this->user_insert_data = array(
1097              "username" => $db->escape_string($user['username']),
1098              "password" => $user['password'],
1099              "salt" => $user['salt'],
1100              "loginkey" => $user['loginkey'],
1101              "email" => $db->escape_string($user['email']),
1102              "postnum" => (int)$user['postnum'],
1103              "threadnum" => (int)$user['threadnum'],
1104              "avatar" => $db->escape_string($user['avatar']),
1105              "avatartype" => $db->escape_string($user['avatartype']),
1106              "usergroup" => (int)$user['usergroup'],
1107              "additionalgroups" => $db->escape_string($user['additionalgroups']),
1108              "displaygroup" => (int)$user['displaygroup'],
1109              "usertitle" => $db->escape_string(htmlspecialchars_uni($user['usertitle'])),
1110              "regdate" => (int)$user['regdate'],
1111              "lastactive" => (int)$user['lastactive'],
1112              "lastvisit" => (int)$user['lastvisit'],
1113              "website" => $db->escape_string($user['website']),
1114              "icq" => (int)$user['icq'],
1115              "aim" => $db->escape_string($user['aim']),
1116              "yahoo" => $db->escape_string($user['yahoo']),
1117              "skype" => $db->escape_string($user['skype']),
1118              "google" => $db->escape_string($user['google']),
1119              "birthday" => $user['bday'],
1120              "signature" => $db->escape_string($user['signature']),
1121              "allownotices" => (int)$user['options']['allownotices'],
1122              "hideemail" => (int)$user['options']['hideemail'],
1123              "subscriptionmethod" => (int)$user['options']['subscriptionmethod'],
1124              "receivepms" => (int)$user['options']['receivepms'],
1125              "receivefrombuddy" => (int)$user['options']['receivefrombuddy'],
1126              "pmnotice" => (int)$user['options']['pmnotice'],
1127              "pmnotify" => (int)$user['options']['pmnotify'],
1128              "showimages" => (int)$user['options']['showimages'],
1129              "showvideos" => (int)$user['options']['showvideos'],
1130              "showsigs" => (int)$user['options']['showsigs'],
1131              "showavatars" => (int)$user['options']['showavatars'],
1132              "showquickreply" => (int)$user['options']['showquickreply'],
1133              "showredirect" => (int)$user['options']['showredirect'],
1134              "tpp" => (int)$user['options']['tpp'],
1135              "ppp" => (int)$user['options']['ppp'],
1136              "invisible" => (int)$user['options']['invisible'],
1137              "style" => (int)$user['style'],
1138              "timezone" => $db->escape_string($user['timezone']),
1139              "dstcorrection" => (int)$user['options']['dstcorrection'],
1140              "threadmode" => $user['options']['threadmode'],
1141              "daysprune" => (int)$user['options']['daysprune'],
1142              "dateformat" => $db->escape_string($user['dateformat']),
1143              "timeformat" => $db->escape_string($user['timeformat']),
1144              "regip" => $db->escape_binary($user['regip']),
1145              "language" => $db->escape_string($user['language']),
1146              "showcodebuttons" => (int)$user['options']['showcodebuttons'],
1147              "sourceeditor" => (int)$user['options']['sourceeditor'],
1148              "buddyrequestspm" => (int)$user['options']['buddyrequestspm'],
1149              "buddyrequestsauto" => (int)$user['options']['buddyrequestsauto'],
1150              "away" => (int)$user['away']['away'],
1151              "awaydate" => (int)$user['away']['date'],
1152              "returndate" => $user['away']['returndate'],
1153              "awayreason" => $db->escape_string($user['away']['awayreason']),
1154              "notepad" => $db->escape_string($user['notepad']),
1155              "referrer" => (int)$user['referrer_uid'],
1156              "referrals" => 0,
1157              "buddylist" => '',
1158              "ignorelist" => '',
1159              "pmfolders" => '',
1160              "notepad" => '',
1161              "warningpoints" => 0,
1162              "moderateposts" => 0,
1163              "moderationtime" => 0,
1164              "suspendposting" => 0,
1165              "suspensiontime" => 0,
1166              "coppauser" => (int)$user['coppa_user'],
1167              "classicpostbit" => (int)$user['options']['classicpostbit'],
1168              "usernotes" => ''
1169          );
1170  
1171          if($user['options']['dstcorrection'] == 1)
1172          {
1173              $this->user_insert_data['dst'] = 1;
1174          }
1175          else if($user['options']['dstcorrection'] == 0)
1176          {
1177              $this->user_insert_data['dst'] = 0;
1178          }
1179  
1180          $plugins->run_hooks("datahandler_user_insert", $this);
1181  
1182          $this->uid = $db->insert_query("users", $this->user_insert_data);
1183  
1184          $user['user_fields']['ufid'] = $this->uid;
1185  
1186          $pfcache = $cache->read('profilefields');
1187  
1188          if(is_array($pfcache))
1189          {
1190              foreach($pfcache as $profile_field)
1191              {
1192                  if(array_key_exists("fid{$profile_field['fid']}", $user['user_fields']))
1193                  {
1194                      continue;
1195                  }
1196                  $user['user_fields']["fid{$profile_field['fid']}"] = '';
1197              }
1198          }
1199  
1200          $db->insert_query("userfields", $user['user_fields'], false);
1201  
1202          if($this->user_insert_data['referrer'] != 0)
1203          {
1204              $db->write_query("
1205                  UPDATE ".TABLE_PREFIX."users
1206                  SET referrals=referrals+1
1207                  WHERE uid='{$this->user_insert_data['referrer']}'
1208              ");
1209          }
1210  
1211          // Update forum stats
1212          update_stats(array('numusers' => '+1'));
1213  
1214          if((int)$user['usergroup'] == 5)
1215          {
1216              $cache->update_awaitingactivation();
1217          }
1218  
1219          $this->return_values = array(
1220              "uid" => $this->uid,
1221              "username" => $user['username'],
1222              "loginkey" => $user['loginkey'],
1223              "email" => $user['email'],
1224              "password" => $user['password'],
1225              "usergroup" => $user['usergroup']
1226          );
1227  
1228          $plugins->run_hooks("datahandler_user_insert_end", $this);
1229  
1230          return $this->return_values;
1231      }
1232  
1233      /**
1234      * Updates a user in the database.
1235      *
1236      * @return bool
1237      */
1238  	function update_user()
1239      {
1240          global $db, $plugins, $cache;
1241  
1242          // Yes, validating is required.
1243          if(!$this->get_validated())
1244          {
1245              die("The user needs to be validated before inserting it into the DB.");
1246          }
1247          if(count($this->get_errors()) > 0)
1248          {
1249              die("The user is not valid.");
1250          }
1251  
1252          $user = &$this->data;
1253          $user['uid'] = (int)$user['uid'];
1254          $this->uid = $user['uid'];
1255  
1256          // Set up the update data.
1257          if(isset($user['username']))
1258          {
1259              $this->user_update_data['username'] = $db->escape_string($user['username']);
1260          }
1261          if(isset($user['password']))
1262          {
1263              $this->user_update_data['password'] = $user['password'];
1264          }
1265          if(isset($user['salt']))
1266          {
1267              $this->user_update_data['salt'] = $user['salt'];
1268          }
1269          if(isset($user['loginkey']))
1270          {
1271              $this->user_update_data['loginkey'] = $user['loginkey'];
1272          }
1273          if(isset($user['email']))
1274          {
1275              $this->user_update_data['email'] = $user['email'];
1276          }
1277          if(isset($user['postnum']))
1278          {
1279              $this->user_update_data['postnum'] = (int)$user['postnum'];
1280          }
1281          if(isset($user['threadnum']))
1282          {
1283              $this->user_update_data['threadnum'] = (int)$user['threadnum'];
1284          }
1285          if(isset($user['avatar']))
1286          {
1287              $this->user_update_data['avatar'] = $db->escape_string($user['avatar']);
1288              $this->user_update_data['avatartype'] = $db->escape_string($user['avatartype']);
1289          }
1290          if(isset($user['usergroup']))
1291          {
1292              $this->user_update_data['usergroup'] = (int)$user['usergroup'];
1293          }
1294          if(isset($user['additionalgroups']))
1295          {
1296              $this->user_update_data['additionalgroups'] = $db->escape_string($user['additionalgroups']);
1297          }
1298          if(isset($user['displaygroup']))
1299          {
1300              $this->user_update_data['displaygroup'] = (int)$user['displaygroup'];
1301          }
1302          if(isset($user['usertitle']))
1303          {
1304              $this->user_update_data['usertitle'] = $db->escape_string($user['usertitle']);
1305          }
1306          if(isset($user['regdate']))
1307          {
1308              $this->user_update_data['regdate'] = (int)$user['regdate'];
1309          }
1310          if(isset($user['lastactive']))
1311          {
1312              $this->user_update_data['lastactive'] = (int)$user['lastactive'];
1313          }
1314          if(isset($user['lastvisit']))
1315          {
1316              $this->user_update_data['lastvisit'] = (int)$user['lastvisit'];
1317          }
1318          if(isset($user['signature']))
1319          {
1320              $this->user_update_data['signature'] = $db->escape_string($user['signature']);
1321          }
1322          if(isset($user['website']))
1323          {
1324              $this->user_update_data['website'] = $db->escape_string($user['website']);
1325          }
1326          if(isset($user['icq']))
1327          {
1328              $this->user_update_data['icq'] = (int)$user['icq'];
1329          }
1330          if(isset($user['aim']))
1331          {
1332              $this->user_update_data['aim'] = $db->escape_string($user['aim']);
1333          }
1334          if(isset($user['yahoo']))
1335          {
1336              $this->user_update_data['yahoo'] = $db->escape_string($user['yahoo']);
1337          }
1338          if(isset($user['skype']))
1339          {
1340              $this->user_update_data['skype'] = $db->escape_string($user['skype']);
1341          }
1342          if(isset($user['google']))
1343          {
1344              $this->user_update_data['google'] = $db->escape_string($user['google']);
1345          }
1346          if(isset($user['bday']))
1347          {
1348              $this->user_update_data['birthday'] = $user['bday'];
1349          }
1350          if(isset($user['birthdayprivacy']))
1351          {
1352              $this->user_update_data['birthdayprivacy'] = $db->escape_string($user['birthdayprivacy']);
1353          }
1354          if(isset($user['style']))
1355          {
1356              $this->user_update_data['style'] = (int)$user['style'];
1357          }
1358          if(isset($user['timezone']))
1359          {
1360              $this->user_update_data['timezone'] = $db->escape_string($user['timezone']);
1361          }
1362          if(isset($user['dateformat']))
1363          {
1364              $this->user_update_data['dateformat'] = $db->escape_string($user['dateformat']);
1365          }
1366          if(isset($user['timeformat']))
1367          {
1368              $this->user_update_data['timeformat'] = $db->escape_string($user['timeformat']);
1369          }
1370          if(isset($user['regip']))
1371          {
1372              $this->user_update_data['regip'] = $db->escape_string($user['regip']);
1373          }
1374          if(isset($user['language']))
1375          {
1376              $this->user_update_data['language'] = $db->escape_string($user['language']);
1377          }
1378          if(isset($user['away']))
1379          {
1380              $this->user_update_data['away'] = (int)$user['away']['away'];
1381              $this->user_update_data['awaydate'] = $db->escape_string($user['away']['date']);
1382              $this->user_update_data['returndate'] = $db->escape_string($user['away']['returndate']);
1383              $this->user_update_data['awayreason'] = $db->escape_string($user['away']['awayreason']);
1384          }
1385          if(isset($user['notepad']))
1386          {
1387              $this->user_update_data['notepad'] = $db->escape_string($user['notepad']);
1388          }
1389          if(isset($user['usernotes']))
1390          {
1391              $this->user_update_data['usernotes'] = $db->escape_string($user['usernotes']);
1392          }
1393          if(isset($user['options']) && is_array($user['options']))
1394          {
1395              foreach($user['options'] as $option => $value)
1396              {
1397                  $this->user_update_data[$option] = $value;
1398              }
1399          }
1400          if(array_key_exists('coppa_user', $user))
1401          {
1402              $this->user_update_data['coppauser'] = (int)$user['coppa_user'];
1403          }
1404          // First, grab the old user details for later use.
1405          $old_user = get_user($user['uid']);
1406  
1407          // If old user has new pmnotice and new user has = yes, keep old value
1408          if($old_user['pmnotice'] == "2" && $this->user_update_data['pmnotice'] == 1)
1409          {
1410              unset($this->user_update_data['pmnotice']);
1411          }
1412  
1413          $plugins->run_hooks("datahandler_user_update", $this);
1414  
1415          if(count($this->user_update_data) < 1 && empty($user['user_fields']))
1416          {
1417              return false;
1418          }
1419  
1420          if(count($this->user_update_data) > 0)
1421          {
1422              // Actual updating happens here.
1423              $db->update_query("users", $this->user_update_data, "uid='{$user['uid']}'");
1424          }
1425  
1426          $cache->update_moderators();
1427          if(isset($user['bday']) || isset($user['username']))
1428          {
1429              $cache->update_birthdays();
1430          }
1431  
1432          if(isset($user['usergroup']) && (int)$user['usergroup'] == 5)
1433          {
1434              $cache->update_awaitingactivation();
1435          }
1436  
1437          // Maybe some userfields need to be updated?
1438          if(isset($user['user_fields']) && is_array($user['user_fields']))
1439          {
1440              $query = $db->simple_select("userfields", "*", "ufid='{$user['uid']}'");
1441              $fields = $db->fetch_array($query);
1442              if(!$fields['ufid'])
1443              {
1444                  $user_fields = array(
1445                      'ufid' => $user['uid']
1446                  );
1447  
1448                  $fields_array = $db->show_fields_from("userfields");
1449                  foreach($fields_array as $field)
1450                  {
1451                      if($field['Field'] == 'ufid')
1452                      {
1453                          continue;
1454                      }
1455                      $user_fields[$field['Field']] = '';
1456                  }
1457                  $db->insert_query("userfields", $user_fields);
1458              }
1459              $db->update_query("userfields", $user['user_fields'], "ufid='{$user['uid']}'", false);
1460          }
1461  
1462          // Let's make sure the user's name gets changed everywhere in the db if it changed.
1463          if(!empty($this->user_update_data['username']) && $this->user_update_data['username'] != $old_user['username'])
1464          {
1465              $username_update = array(
1466                  "username" => $this->user_update_data['username']
1467              );
1468              $lastposter_update = array(
1469                  "lastposter" => $this->user_update_data['username']
1470              );
1471  
1472              $db->update_query("posts", $username_update, "uid='{$user['uid']}'");
1473              $db->update_query("threads", $username_update, "uid='{$user['uid']}'");
1474              $db->update_query("threads", $lastposter_update, "lastposteruid='{$user['uid']}'");
1475              $db->update_query("forums", $lastposter_update, "lastposteruid='{$user['uid']}'");
1476  
1477              $stats = $cache->read("stats");
1478              if($stats['lastuid'] == $user['uid'])
1479              {
1480                  // User was latest to register, update stats
1481                  update_stats(array("numusers" => "+0"));
1482              }
1483          }
1484  
1485          return true;
1486      }
1487  
1488      /**
1489       * Provides a method to completely delete a user.
1490       *
1491       * @param array $delete_uids Array of user information
1492       * @param integer $prunecontent Whether if delete threads/posts or not
1493       * @return array
1494       */
1495  	function delete_user($delete_uids, $prunecontent=0)
1496      {
1497          global $db, $plugins, $mybb, $cache;
1498  
1499          // Yes, validating is required.
1500          if(count($this->get_errors()) > 0)
1501          {
1502              die('The user is not valid.');
1503          }
1504  
1505          $this->delete_uids = array_map('intval', (array)$delete_uids);
1506  
1507          foreach($this->delete_uids as $key => $uid)
1508          {
1509              if(!$uid || is_super_admin($uid) || $uid == $mybb->user['uid'])
1510              {
1511                  // Remove super admins
1512                  unset($this->delete_uids[$key]);
1513              }
1514          }
1515  
1516          $plugins->run_hooks('datahandler_user_delete_start', $this);
1517  
1518          $this->delete_uids = implode(',', $this->delete_uids);
1519  
1520          if(empty($this->delete_uids))
1521          {
1522              $this->deleted_users = 0;
1523              $this->return_values = array(
1524                  "deleted_users" => $this->deleted_users
1525              );
1526  
1527              return $this->return_values;
1528          }
1529  
1530          $this->delete_content();
1531  
1532          // Delete the user
1533          $query = $db->delete_query('users', "uid IN({$this->delete_uids})");
1534          $this->deleted_users = $db->affected_rows($query);
1535  
1536          // Are we removing the posts/threads of a user?
1537          if((int)$prunecontent == 1)
1538          {
1539              $this->delete_posts();
1540              $db->delete_query('announcements', "uid IN({$this->delete_uids})");
1541          }
1542          else
1543          {
1544              // We're just updating the UID
1545              $db->update_query('pollvotes', array('uid' => 0), "uid IN({$this->delete_uids})");
1546              $db->update_query('posts', array('uid' => 0), "uid IN({$this->delete_uids})");
1547              $db->update_query('threads', array('uid' => 0), "uid IN({$this->delete_uids})");
1548              $db->update_query('attachments', array('uid' => 0), "uid IN({$this->delete_uids})");
1549              $db->update_query('announcements', array('uid' => 0), "uid IN({$this->delete_uids})");
1550          }
1551  
1552          $db->update_query('privatemessages', array('fromid' => 0), "fromid IN({$this->delete_uids})");
1553          $db->update_query('users', array('referrer' => 0), "referrer IN({$this->delete_uids})");
1554  
1555          // Update thread ratings
1556          $query = $db->query("
1557              SELECT r.*, t.numratings, t.totalratings
1558              FROM ".TABLE_PREFIX."threadratings r
1559              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=r.tid)
1560              WHERE r.uid IN({$this->delete_uids})
1561          ");
1562          while($rating = $db->fetch_array($query))
1563          {
1564              $update_thread = array(
1565                  "numratings" => $rating['numratings'] - 1,
1566                  "totalratings" => $rating['totalratings'] - $rating['rating']
1567              );
1568              $db->update_query("threads", $update_thread, "tid='{$rating['tid']}'");
1569          }
1570  
1571          $db->delete_query('threadratings', "uid IN({$this->delete_uids})");
1572  
1573          // Update forums & threads if user is the lastposter
1574          $db->update_query('forums', array('lastposteruid' => 0), "lastposteruid IN({$this->delete_uids})");
1575          $db->update_query('threads', array('lastposteruid' => 0), "lastposteruid IN({$this->delete_uids})");
1576  
1577          // Update forum stats
1578          update_stats(array('numusers' => '-'.$this->deleted_users));
1579  
1580          $this->return_values = array(
1581              "deleted_users" => $this->deleted_users
1582          );
1583  
1584          $plugins->run_hooks("datahandler_user_delete_end", $this);
1585  
1586          // Update  cache
1587          $cache->update_banned();
1588          $cache->update_moderators();
1589          $cache->update_forumsdisplay();
1590          $cache->update_reportedcontent();
1591          $cache->update_awaitingactivation();
1592          $cache->update_birthdays();
1593  
1594          return $this->return_values;
1595      }
1596  
1597      /**
1598       * Provides a method to delete users' content
1599       *
1600       * @param array|bool $delete_uids Array of user ids, false if they're already set (eg when using the delete_user function)
1601       */
1602  	function delete_content($delete_uids=false)
1603      {
1604          global $db, $plugins, $mybb;
1605  
1606          if($delete_uids != false)
1607          {
1608              $this->delete_uids = array_map('intval', (array)$delete_uids);
1609  
1610              foreach($this->delete_uids as $key => $uid)
1611              {
1612                  if(!$uid || is_super_admin($uid) || $uid == $mybb->user['uid'])
1613                  {
1614                      // Remove super admins
1615                      unset($this->delete_uids[$key]);
1616                  }
1617              }
1618  
1619              $this->delete_uids = implode(',', $this->delete_uids);
1620          }
1621  
1622          $plugins->run_hooks('datahandler_user_delete_content', $this);
1623  
1624          if(empty($this->delete_uids))
1625          {
1626              return;
1627          }
1628  
1629          $db->delete_query('userfields', "ufid IN({$this->delete_uids})");
1630          $db->delete_query('privatemessages', "uid IN({$this->delete_uids})");
1631          $db->delete_query('events', "uid IN({$this->delete_uids})");
1632          $db->delete_query('moderators', "id IN({$this->delete_uids}) AND isgroup = 0");
1633          $db->delete_query('forumsubscriptions', "uid IN({$this->delete_uids})");
1634          $db->delete_query('threadsubscriptions', "uid IN({$this->delete_uids})");
1635          $db->delete_query('forumsread', "uid IN({$this->delete_uids})");
1636          $db->delete_query('threadsread', "uid IN({$this->delete_uids})");
1637          $db->delete_query('adminviews', "uid IN({$this->delete_uids})");
1638          $db->delete_query('adminoptions', "uid IN({$this->delete_uids})");
1639          $db->delete_query('adminsessions', "uid IN({$this->delete_uids})");
1640          $db->delete_query('sessions', "uid IN({$this->delete_uids})");
1641          $db->delete_query('banned', "uid IN({$this->delete_uids})");
1642          $db->delete_query('joinrequests', "uid IN({$this->delete_uids})");
1643          $db->delete_query('groupleaders', "uid IN({$this->delete_uids})");
1644          $db->delete_query('awaitingactivation', "uid IN({$this->delete_uids})");
1645          $db->delete_query('warnings', "uid IN({$this->delete_uids})");
1646          $db->delete_query('reputation', "uid IN({$this->delete_uids}) OR adduid IN({$this->delete_uids})");
1647          $db->delete_query('buddyrequests', "uid IN({$this->delete_uids}) OR touid IN({$this->delete_uids})");
1648          $db->delete_query('posts', "uid IN({$this->delete_uids}) AND visible = -2");
1649          $db->delete_query('threads', "uid IN({$this->delete_uids}) AND visible = -2");
1650  
1651          // Delete reports made to the profile or reputation of the deleted users (i.e. made by them)
1652          $db->delete_query('reportedcontent', "type='reputation' AND id3 IN({$this->delete_uids}) OR type='reputation' AND id2 IN({$this->delete_uids})");
1653          $db->delete_query('reportedcontent', "type='profile' AND id IN({$this->delete_uids})");
1654  
1655          // Update the reports made by the deleted users by setting the uid to 0
1656          $db->update_query('reportedcontent', array('uid' => 0), "uid IN({$this->delete_uids})");
1657  
1658          // Remove any of the user(s) uploaded avatars
1659          require_once  MYBB_ROOT.'inc/functions_upload.php';
1660          foreach(explode(',', $this->delete_uids) as $uid)
1661          {
1662              remove_avatars($uid);
1663          }
1664      }
1665  
1666      /**
1667       * Provides a method to delete an users posts and threads
1668       *
1669       * @param array|bool $delete_uids Array of user ids, false if they're already set (eg when using the delete_user function)
1670       */
1671  	function delete_posts($delete_uids=false)
1672      {
1673          global $db, $plugins, $mybb;
1674  
1675          if($delete_uids != false)
1676          {
1677              $this->delete_uids = array_map('intval', (array)$delete_uids);
1678  
1679              foreach($this->delete_uids as $key => $uid)
1680              {
1681                  if(!$uid || is_super_admin($uid) || $uid == $mybb->user['uid'])
1682                  {
1683                      // Remove super admins
1684                      unset($this->delete_uids[$key]);
1685                  }
1686              }
1687  
1688              $this->delete_uids = implode(',', $this->delete_uids);
1689          }
1690  
1691          require_once  MYBB_ROOT.'inc/class_moderation.php';
1692          $moderation = new Moderation();
1693  
1694          $plugins->run_hooks('datahandler_user_delete_posts', $this);
1695  
1696          if(empty($this->delete_uids))
1697          {
1698              return;
1699          }
1700  
1701          // Threads
1702          $query = $db->simple_select('threads', 'tid', "uid IN({$this->delete_uids})");
1703          while($tid = $db->fetch_field($query, 'tid'))
1704          {
1705              $moderation->delete_thread($tid);
1706          }
1707  
1708          // Posts
1709          $query = $db->simple_select('posts', 'pid', "uid IN({$this->delete_uids})");
1710          while($pid = $db->fetch_field($query, 'pid'))
1711          {
1712              $moderation->delete_post($pid);
1713          }
1714      }
1715  
1716      /**
1717       * Provides a method to clear an users profile
1718       *
1719       * @param array|bool $delete_uids Array of user ids, false if they're already set (eg when using the delete_user function)
1720       * @param int $gid The new usergroup if the users should be moved (additional usergroups are always removed)
1721       */
1722  	function clear_profile($delete_uids=false, $gid=0)
1723      {
1724          global $db, $plugins, $mybb;
1725  
1726          // delete_uids isn't a nice name, but it's used as the functions above use the same
1727          if($delete_uids != false)
1728          {
1729              $this->delete_uids = array_map('intval', (array)$delete_uids);
1730  
1731              foreach($this->delete_uids as $key => $uid)
1732              {
1733                  if(!$uid || is_super_admin($uid) || $uid == $mybb->user['uid'])
1734                  {
1735                      // Remove super admins
1736                      unset($this->delete_uids[$key]);
1737                  }
1738              }
1739  
1740              $this->delete_uids = implode(',', $this->delete_uids);
1741          }
1742  
1743          $update = array(
1744              "website" => "",
1745              "birthday" => "",
1746              "icq" => "",
1747              "aim" => "",
1748              "yahoo" => "",
1749              "skype" => "",
1750              "google" => "",
1751              "usertitle" => "",
1752              "away" => 0,
1753              "awaydate" => 0,
1754              "returndate" => "",
1755              "awayreason" => "",
1756              "additionalgroups" => "",
1757              "displaygroup" => 0,
1758              "signature" => "",
1759              "avatar" => "",
1760              'avatardimensions' => '',
1761              'avatartype' => ''
1762          );
1763  
1764          if($gid > 0)
1765          {
1766              $update["usergroup"] = (int)$gid;
1767          }
1768  
1769          $plugins->run_hooks('datahandler_user_clear_profile', $this);
1770  
1771          if(empty($this->delete_uids))
1772          {
1773              return;
1774          }
1775  
1776          $db->update_query("users", $update, "uid IN({$this->delete_uids})");
1777          $db->delete_query('userfields', "ufid IN({$this->delete_uids})");
1778  
1779          // Remove any of the user(s) uploaded avatars
1780          require_once  MYBB_ROOT.'inc/functions_upload.php';
1781          foreach(explode(',', $this->delete_uids) as $uid)
1782          {
1783              remove_avatars($uid);
1784          }
1785      }
1786  
1787  	public function verify_signature()
1788      {
1789          global $mybb, $parser;
1790  
1791          if(!isset($parser))
1792          {
1793              require_once  MYBB_ROOT."inc/class_parser.php";
1794              $parser = new postParser;
1795          }
1796  
1797          $parser_options = array(
1798              'allow_html' => $mybb->settings['sightml'],
1799              'filter_badwords' => 1,
1800              'allow_mycode' => $mybb->settings['sigmycode'],
1801              'allow_smilies' => $mybb->settings['sigsmilies'],
1802              'allow_imgcode' => $mybb->settings['sigimgcode'],
1803              "filter_badwords" => 1
1804          );
1805  
1806          $parsed_sig = $parser->parse_message($this->data['signature'], $parser_options);
1807  
1808          if((($mybb->settings['sigimgcode'] == 0 && $mybb->settings['sigsmilies'] != 1) &&
1809              substr_count($parsed_sig, "<img") > 0) ||
1810              (($mybb->settings['sigimgcode'] == 1 || $mybb->settings['sigsmilies'] == 1) &&
1811              substr_count($parsed_sig, "<img") > $mybb->settings['maxsigimages'])
1812          )
1813          {
1814              $imgsallowed = 0;
1815  
1816              if($mybb->settings['sigimgcode'] == 1)
1817              {
1818                  $imgsallowed = $mybb->settings['maxsigimages'];
1819              }
1820  
1821              $this->set_error('too_many_sig_images2', array($imgsallowed));
1822          }
1823  
1824          if($mybb->settings['sigcountmycode'] == 0)
1825          {
1826              $parsed_sig = $parser->text_parse_message($this->data['signature']);
1827          }
1828          else
1829          {
1830              $parsed_sig = $this->data['signature'];
1831          }
1832  
1833          $parsed_sig = preg_replace("#\s#", "", $parsed_sig);
1834          $sig_length = my_strlen($parsed_sig);
1835  
1836          if($sig_length > $mybb->settings['siglength'])
1837          {
1838              $this->set_error('sig_too_long', array($mybb->settings['siglength']));
1839  
1840              if($sig_length - $mybb->settings['siglength'] > 1)
1841              {
1842                  $this->set_error('sig_remove_chars_plural', array($sig_length-$mybb->settings['siglength']));
1843              }
1844              else
1845              {
1846                  $this->set_error('sig_remove_chars_singular');
1847              }
1848          }
1849  
1850          if(count($this->get_errors()) > 0)
1851          {
1852              return false;
1853          }
1854          return true;
1855      }
1856  }


2005 - 2016 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref 0.7.1