[ Index ]

PHP Cross Reference of MyBB 1.8.10

title

Body

[close]

/inc/datahandlers/ -> user.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  // Disallow direct access to this file for security reasons
  12  if(!defined("IN_MYBB"))
  13  {
  14      die("Direct initialization of this file is not allowed.<br /><br />Please make sure IN_MYBB is defined.");
  15  }
  16  
  17  /**
  18   * User handling class, provides common structure to handle user data.
  19   *
  20   */
  21  class UserDataHandler extends DataHandler
  22  {
  23      /**
  24      * The language file used in the data handler.
  25      *
  26      * @var string
  27      */
  28      public $language_file = 'datahandler_user';
  29  
  30      /**
  31      * The prefix for the language variables used in the data handler.
  32      *
  33      * @var string
  34      */
  35      public $language_prefix = 'userdata';
  36  
  37      /**
  38       * Array of data inserted in to a user.
  39       *
  40       * @var array
  41       */
  42      public $user_insert_data = array();
  43  
  44      /**
  45       * Array of data used to update a user.
  46       *
  47       * @var array
  48       */
  49      public $user_update_data = array();
  50  
  51      /**
  52       * User ID currently being manipulated by the datahandlers.
  53       *
  54       * @var int
  55       */
  56      public $uid = 0;
  57  
  58      /**
  59       * Values to be returned after inserting/deleting an user.
  60       *
  61       * @var array
  62       */
  63      public $return_values = array();
  64  
  65      /**
  66       * @var array
  67       */
  68      var $delete_uids = array();
  69  
  70      /**
  71       * @var int
  72       */
  73      var $deleted_users = 0;
  74  
  75      /**
  76       * Verifies if a username is valid or invalid.
  77       *
  78       * @return boolean True when valid, false when invalid.
  79       */
  80  	function verify_username()
  81      {
  82          global $mybb;
  83  
  84          $username = &$this->data['username'];
  85          require_once  MYBB_ROOT.'inc/functions_user.php';
  86  
  87          // Fix bad characters
  88          $username = trim_blank_chrs($username);
  89          $username = str_replace(array(unichr(160), unichr(173), unichr(0xCA), dec_to_utf8(8238), dec_to_utf8(8237), dec_to_utf8(8203)), array(" ", "-", "", "", "", ""), $username);
  90  
  91          // Remove multiple spaces from the username
  92          $username = preg_replace("#\s{2,}#", " ", $username);
  93  
  94          // Check if the username is not empty.
  95          if($username == '')
  96          {
  97              $this->set_error('missing_username');
  98              return false;
  99          }
 100  
 101          // Check if the username belongs to the list of banned usernames.
 102          if(is_banned_username($username, true))
 103          {
 104              $this->set_error('banned_username');
 105              return false;
 106          }
 107  
 108          // Check for certain characters in username (<, >, &, commas and slashes)
 109          if(strpos($username, "<") !== false || strpos($username, ">") !== false || strpos($username, "&") !== false || my_strpos($username, "\\") !== false || strpos($username, ";") !== false || strpos($username, ",") !== false || !validate_utf8_string($username, false, false))
 110          {
 111              $this->set_error("bad_characters_username");
 112              return false;
 113          }
 114  
 115          // Check if the username is of the correct length.
 116          if(($mybb->settings['maxnamelength'] != 0 && my_strlen($username) > $mybb->settings['maxnamelength']) || ($mybb->settings['minnamelength'] != 0 && my_strlen($username) < $mybb->settings['minnamelength']))
 117          {
 118              $this->set_error('invalid_username_length', array($mybb->settings['minnamelength'], $mybb->settings['maxnamelength']));
 119              return false;
 120          }
 121  
 122          return true;
 123      }
 124  
 125      /**
 126       * Verifies if a usertitle is valid or invalid.
 127       *
 128       * @return boolean True when valid, false when invalid.
 129       */
 130  	function verify_usertitle()
 131      {
 132          global $mybb;
 133  
 134          $usertitle = &$this->data['usertitle'];
 135  
 136          // Check if the usertitle is of the correct length.
 137          if($mybb->settings['customtitlemaxlength'] != 0 && my_strlen($usertitle) > $mybb->settings['customtitlemaxlength'])
 138          {
 139              $this->set_error('invalid_usertitle_length', $mybb->settings['customtitlemaxlength']);
 140              return false;
 141          }
 142  
 143          return true;
 144      }
 145  
 146      /**
 147       * Verifies if a username is already in use or not.
 148       *
 149       * @return boolean False when the username is not in use, true when it is.
 150       */
 151  	function verify_username_exists()
 152      {
 153          $username = &$this->data['username'];
 154  
 155          $user = get_user_by_username(trim($username));
 156  
 157          if(!empty($this->data['uid']) && !empty($user['uid']) && $user['uid'] == $this->data['uid'])
 158          {
 159              unset($user);
 160          }
 161  
 162          if(!empty($user['uid']))
 163          {
 164              $this->set_error("username_exists", array($username));
 165              return true;
 166          }
 167  
 168          return false;
 169      }
 170  
 171      /**
 172      * Verifies if a new password is valid or not.
 173      *
 174      * @return boolean True when valid, false when invalid.
 175      */
 176  	function verify_password()
 177      {
 178          global $mybb;
 179  
 180          $user = &$this->data;
 181  
 182          // Always check for the length of the password.
 183          if(my_strlen($user['password']) < $mybb->settings['minpasswordlength'] || my_strlen($user['password']) > $mybb->settings['maxpasswordlength'])
 184          {
 185              $this->set_error('invalid_password_length', array($mybb->settings['minpasswordlength'], $mybb->settings['maxpasswordlength']));
 186              return false;
 187          }
 188  
 189          // Has the user tried to use their email address or username as a password?
 190          if($user['email'] === $user['password'] || $user['username'] === $user['password'])
 191          {
 192              $this->set_error('bad_password_security');
 193              return false;
 194          }
 195  
 196          // See if the board has "require complex passwords" enabled.
 197          if($mybb->settings['requirecomplexpasswords'] == 1)
 198          {
 199              // Complex passwords required, do some extra checks.
 200              // First, see if there is one or more complex character(s) in the password.
 201              if(!preg_match("/^.*(?=.{".$mybb->settings['minpasswordlength'].",})(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).*$/", $user['password']))
 202              {
 203                  $this->set_error('no_complex_characters', array($mybb->settings['minpasswordlength']));
 204                  return false;
 205              }
 206          }
 207  
 208          // If we have a "password2" check if they both match
 209          if(isset($user['password2']) && $user['password'] !== $user['password2'])
 210          {
 211              $this->set_error("passwords_dont_match");
 212              return false;
 213          }
 214  
 215          // Generate our salt
 216          $user['salt'] = generate_salt();
 217  
 218          // Combine the password and salt
 219          $user['saltedpw'] = create_password_hash($user['password'], $user['salt'], $user);
 220  
 221          // Generate the user login key
 222          $user['loginkey'] = generate_loginkey();
 223  
 224          return true;
 225      }
 226  
 227      /**
 228      * Verifies usergroup selections and other group details.
 229      *
 230      * @return boolean True when valid, false when invalid.
 231      */
 232  	function verify_usergroup()
 233      {
 234          return true;
 235      }
 236      /**
 237      * Verifies if an email address is valid or not.
 238      *
 239      * @return boolean True when valid, false when invalid.
 240      */
 241  	function verify_email()
 242      {
 243          global $mybb;
 244  
 245          $user = &$this->data;
 246  
 247          // Check if an email address has actually been entered.
 248          if(trim_blank_chrs($user['email']) == '')
 249          {
 250              $this->set_error('missing_email');
 251              return false;
 252          }
 253  
 254          // Check if this is a proper email address.
 255          if(!validate_email_format($user['email']))
 256          {
 257              $this->set_error('invalid_email_format');
 258              return false;
 259          }
 260  
 261          // Check banned emails
 262          if(is_banned_email($user['email'], true))
 263          {
 264              $this->set_error('banned_email');
 265              return false;
 266          }
 267  
 268          // Check signed up emails
 269          // Ignore the ACP because the Merge System sometimes produces users with duplicate email addresses (Not A Bug)
 270          if($mybb->settings['allowmultipleemails'] == 0 && !defined("IN_ADMINCP"))
 271          {
 272              $uid = 0;
 273              if(isset($user['uid']))
 274              {
 275                  $uid = $user['uid'];
 276              }
 277              if(email_already_in_use($user['email'], $uid))
 278              {
 279                  $this->set_error('email_already_in_use');
 280                  return false;
 281              }
 282          }
 283  
 284          // If we have an "email2", verify it matches the existing email
 285          if(isset($user['email2']) && $user['email'] != $user['email2'])
 286          {
 287              $this->set_error("emails_dont_match");
 288              return false;
 289          }
 290  
 291          return true;
 292      }
 293  
 294      /**
 295      * Verifies if a website is valid or not.
 296      *
 297      * @return boolean True when valid, false when invalid.
 298      */
 299  	function verify_website()
 300      {
 301          $website = &$this->data['website'];
 302  
 303          if(!empty($website) && !my_validate_url($website))
 304          {
 305              $website = 'http://'.$website;
 306          }
 307  
 308          if(!empty($website) && !my_validate_url($website))
 309          {
 310              $this->set_error('invalid_website');
 311              return false;
 312          }
 313  
 314          return true;
 315      }
 316  
 317      /**
 318       * Verifies if an ICQ number is valid or not.
 319       *
 320       * @return boolean True when valid, false when invalid.
 321       */
 322  	function verify_icq()
 323      {
 324          $icq = &$this->data['icq'];
 325  
 326          if($icq != '' && !is_numeric($icq))
 327          {
 328              $this->set_error("invalid_icq_number");
 329              return false;
 330          }
 331          $icq = (int)$icq;
 332          return true;
 333      }
 334  
 335      /**
 336      * Verifies if a birthday is valid or not.
 337      *
 338      * @return boolean True when valid, false when invalid.
 339      */
 340  	function verify_birthday()
 341      {
 342          global $mybb;
 343  
 344          $user = &$this->data;
 345          $birthday = &$user['birthday'];
 346  
 347          if(!is_array($birthday))
 348          {
 349              return true;
 350          }
 351  
 352          // Sanitize any input we have
 353          $birthday['day'] = (int)$birthday['day'];
 354          $birthday['month'] = (int)$birthday['month'];
 355          $birthday['year'] = (int)$birthday['year'];
 356  
 357          // Error if a day and month exists, and the birthday day and range is not in range
 358          if($birthday['day'] != 0 || $birthday['month'] != 0)
 359          {
 360              if($birthday['day'] < 1 || $birthday['day'] > 31 || $birthday['month'] < 1 || $birthday['month'] > 12 || ($birthday['month'] == 2 && $birthday['day'] > 29))
 361              {
 362                  $this->set_error("invalid_birthday");
 363                  return false;
 364              }
 365          }
 366  
 367          // Check if the day actually exists.
 368          $months = get_bdays($birthday['year']);
 369          if($birthday['month'] != 0 && $birthday['day'] > $months[$birthday['month']-1])
 370          {
 371              $this->set_error("invalid_birthday");
 372              return false;
 373          }
 374  
 375          // Error if a year exists and the year is out of range
 376          if($birthday['year'] != 0 && ($birthday['year'] < (date("Y")-100)) || $birthday['year'] > date("Y"))
 377          {
 378              $this->set_error("invalid_birthday");
 379              return false;
 380          }
 381          else if($birthday['year'] == date("Y"))
 382          {
 383              // Error if birth date is in future
 384              if($birthday['month'] > date("m") || ($birthday['month'] == date("m") && $birthday['day'] > date("d")))
 385              {
 386                  $this->set_error("invalid_birthday");
 387                  return false;
 388              }
 389          }
 390  
 391          // Error if COPPA is on, and the user hasn't verified their age / under 13
 392          if($mybb->settings['coppa'] == "enabled" && ($birthday['year'] == 0 || !$birthday['year']))
 393          {
 394              $this->set_error("invalid_birthday_coppa");
 395              return false;
 396          }
 397          elseif(($mybb->settings['coppa'] == "deny" && $birthday['year'] > (date("Y")-13)) && !is_moderator())
 398          {
 399              $this->set_error("invalid_birthday_coppa2");
 400              return false;
 401          }
 402  
 403          // Make the user's birthday field
 404          if($birthday['year'] != 0)
 405          {
 406              // If the year is specified, put together a d-m-y string
 407              $user['bday'] = $birthday['day']."-".$birthday['month']."-".$birthday['year'];
 408          }
 409          elseif($birthday['day'] && $birthday['month'])
 410          {
 411              // If only a day and month are specified, put together a d-m string
 412              $user['bday'] = $birthday['day']."-".$birthday['month']."-";
 413          }
 414          else
 415          {
 416              // No field is specified, so return an empty string for an unknown birthday
 417              $user['bday'] = '';
 418          }
 419          return true;
 420      }
 421  
 422      /**
 423       * Verifies if the birthday privacy option is valid or not.
 424       *
 425       * @return boolean True when valid, false when invalid.
 426       */
 427  	function verify_birthday_privacy()
 428      {
 429          $birthdayprivacy = &$this->data['birthdayprivacy'];
 430          $accepted = array(
 431                      'none',
 432                      'age',
 433                      'all');
 434  
 435          if(!in_array($birthdayprivacy, $accepted))
 436          {
 437              $this->set_error("invalid_birthday_privacy");
 438              return false;
 439          }
 440          return true;
 441      }
 442  
 443      /**
 444      * Verifies if the post count field is filled in correctly.
 445      *
 446      * @return boolean True when valid, false when invalid.
 447      */
 448  	function verify_postnum()
 449      {
 450          $user = &$this->data;
 451  
 452          if(isset($user['postnum']) && $user['postnum'] < 0)
 453          {
 454              $this->set_error("invalid_postnum");
 455              return false;
 456          }
 457  
 458          return true;
 459      }
 460  
 461      /**
 462      * Verifies if the thread count field is filled in correctly.
 463      *
 464      * @return boolean True when valid, false when invalid.
 465      */
 466  	function verify_threadnum()
 467      {
 468          $user = &$this->data;
 469  
 470          if(isset($user['threadnum']) && $user['threadnum'] < 0)
 471          {
 472              $this->set_error("invalid_threadnum");
 473              return false;
 474          }
 475  
 476          return true;
 477      }
 478  
 479      /**
 480      * Verifies if a profile fields are filled in correctly.
 481      *
 482      * @return boolean True when valid, false when invalid.
 483      */
 484  	function verify_profile_fields()
 485      {
 486          global $db, $cache;
 487  
 488          $user = &$this->data;
 489          $profile_fields = &$this->data['profile_fields'];
 490  
 491          // Loop through profile fields checking if they exist or not and are filled in.
 492  
 493          // Fetch all profile fields first.
 494          $pfcache = $cache->read('profilefields');
 495  
 496          if(is_array($pfcache))
 497          {
 498              // Then loop through the profile fields.
 499              foreach($pfcache as $profilefield)
 500              {
 501                  if(isset($this->data['profile_fields_editable']) || isset($this->data['registration']) && ($profilefield['required'] == 1 || $profilefield['registration'] == 1))
 502                  {
 503                      $profilefield['editableby'] = -1;
 504                  }
 505  
 506                  if(!is_member($profilefield['editableby'], array('usergroup' => $user['usergroup'], 'additionalgroups' => $user['additionalgroups'])))
 507                  {
 508                      continue;
 509                  }
 510  
 511                  // Does this field have a minimum post count?
 512                  if(!isset($this->data['profile_fields_editable']) && !empty($profilefield['postnum']) && $profilefield['postnum'] > $user['postnum'])
 513                  {
 514                      continue;
 515                  }
 516  
 517                  $profilefield['type'] = htmlspecialchars_uni($profilefield['type']);
 518                  $profilefield['name'] = htmlspecialchars_uni($profilefield['name']);
 519                  $thing = explode("\n", $profilefield['type'], "2");
 520                  $type = trim($thing[0]);
 521                  $field = "fid{$profilefield['fid']}";
 522  
 523                  if(!isset($profile_fields[$field]))
 524                  {
 525                      $profile_fields[$field] = '';
 526                  }
 527  
 528                  // If the profile field is required, but not filled in, present error.
 529                  if($type != "multiselect" && $type != "checkbox")
 530                  {
 531                      if(trim($profile_fields[$field]) == "" && $profilefield['required'] == 1 && !defined('IN_ADMINCP') && THIS_SCRIPT != "modcp.php")
 532                      {
 533                          $this->set_error('missing_required_profile_field', array($profilefield['name']));
 534                      }
 535                  }
 536                  elseif(($type == "multiselect" || $type == "checkbox") && $profile_fields[$field] == "" && $profilefield['required'] == 1 && !defined('IN_ADMINCP') && THIS_SCRIPT != "modcp.php")
 537                  {
 538                      $this->set_error('missing_required_profile_field', array($profilefield['name']));
 539                  }
 540  
 541                  // Sort out multiselect/checkbox profile fields.
 542                  $options = '';
 543                  if(($type == "multiselect" || $type == "checkbox") && is_array($profile_fields[$field]))
 544                  {
 545                      $expoptions = explode("\n", $thing[1]);
 546                      $expoptions = array_map('trim', $expoptions);
 547                      foreach($profile_fields[$field] as $value)
 548                      {
 549                          if(!in_array(htmlspecialchars_uni($value), $expoptions))
 550                          {
 551                              $this->set_error('bad_profile_field_values', array($profilefield['name']));
 552                          }
 553                          if($options)
 554                          {
 555                              $options .= "\n";
 556                          }
 557                          $options .= $db->escape_string($value);
 558                      }
 559                  }
 560                  elseif($type == "select" || $type == "radio")
 561                  {
 562                      $expoptions = explode("\n", $thing[1]);
 563                      $expoptions = array_map('trim', $expoptions);
 564                      if(!in_array(htmlspecialchars_uni($profile_fields[$field]), $expoptions) && trim($profile_fields[$field]) != "")
 565                      {
 566                          $this->set_error('bad_profile_field_values', array($profilefield['name']));
 567                      }
 568                      $options = $db->escape_string($profile_fields[$field]);
 569                  }
 570                  else
 571                  {
 572                      if($profilefield['maxlength'] > 0 && my_strlen($profile_fields[$field]) > $profilefield['maxlength'])
 573                      {
 574                          $this->set_error('max_limit_reached', array($profilefield['name'], $profilefield['maxlength']));
 575                      }
 576  
 577                      if(!empty($profilefield['regex']) && !preg_match("#".$profilefield['regex']."#i", $profile_fields[$field]))
 578                      {
 579                          $this->set_error('bad_profile_field_value', array($profilefield['name']));
 580                      }
 581  
 582                      $options = $db->escape_string($profile_fields[$field]);
 583                  }
 584                  $user['user_fields'][$field] = $options;
 585              }
 586          }
 587  
 588          return true;
 589      }
 590  
 591      /**
 592      * Verifies if an optionally entered referrer exists or not.
 593      *
 594      * @return boolean True when valid, false when invalid.
 595      */
 596  	function verify_referrer()
 597      {
 598          global $db, $mybb;
 599  
 600          $user = &$this->data;
 601  
 602          // Does the referrer exist or not?
 603          if($mybb->settings['usereferrals'] == 1 && $user['referrer'] != '')
 604          {
 605              $referrer = get_user_by_username($user['referrer']);
 606  
 607              if(empty($referrer['uid']))
 608              {
 609                  $this->set_error('invalid_referrer', array($user['referrer']));
 610                  return false;
 611              }
 612  
 613              $user['referrer_uid'] = $referrer['uid'];
 614          }
 615          else
 616          {
 617              $user['referrer_uid'] = 0;
 618          }
 619  
 620          return true;
 621      }
 622  
 623      /**
 624      * Verifies user options.
 625      *
 626      * @return boolean True when valid, false when invalid.
 627      */
 628  	function verify_options()
 629      {
 630          global $mybb;
 631  
 632          $options = &$this->data['options'];
 633  
 634          // Verify yes/no options.
 635          $this->verify_yesno_option($options, 'allownotices', 1);
 636          $this->verify_yesno_option($options, 'hideemail', 0);
 637          $this->verify_yesno_option($options, 'receivepms', 1);
 638          $this->verify_yesno_option($options, 'receivefrombuddy', 0);
 639          $this->verify_yesno_option($options, 'pmnotice', 1);
 640          $this->verify_yesno_option($options, 'pmnotify', 1);
 641          $this->verify_yesno_option($options, 'invisible', 0);
 642          $this->verify_yesno_option($options, 'showimages', 1);
 643          $this->verify_yesno_option($options, 'showvideos', 1);
 644          $this->verify_yesno_option($options, 'showsigs', 1);
 645          $this->verify_yesno_option($options, 'showavatars', 1);
 646          $this->verify_yesno_option($options, 'showquickreply', 1);
 647          $this->verify_yesno_option($options, 'showredirect', 1);
 648          $this->verify_yesno_option($options, 'showcodebuttons', 1);
 649          $this->verify_yesno_option($options, 'sourceeditor', 0);
 650          $this->verify_yesno_option($options, 'buddyrequestspm', 1);
 651          $this->verify_yesno_option($options, 'buddyrequestsauto', 0);
 652  
 653          if($mybb->settings['postlayout'] == 'classic')
 654          {
 655              $this->verify_yesno_option($options, 'classicpostbit', 1);
 656          }
 657          else
 658          {
 659              $this->verify_yesno_option($options, 'classicpostbit', 0);
 660          }
 661  
 662          if(array_key_exists('subscriptionmethod', $options))
 663          {
 664              // Value out of range
 665              $options['subscriptionmethod'] = (int)$options['subscriptionmethod'];
 666              if($options['subscriptionmethod'] < 0 || $options['subscriptionmethod'] > 3)
 667              {
 668                  $options['subscriptionmethod'] = 0;
 669              }
 670          }
 671  
 672          if(array_key_exists('dstcorrection', $options))
 673          {
 674              // Value out of range
 675              $options['dstcorrection'] = (int)$options['dstcorrection'];
 676              if($options['dstcorrection'] < 0 || $options['dstcorrection'] > 2)
 677              {
 678                  $options['dstcorrection'] = 0;
 679              }
 680          }
 681  
 682          if($options['dstcorrection'] == 1)
 683          {
 684              $options['dst'] = 1;
 685          }
 686          else if($options['dstcorrection'] == 0)
 687          {
 688              $options['dst'] = 0;
 689          }
 690  
 691          if($this->method == "insert" || (isset($options['threadmode']) && $options['threadmode'] != "linear" && $options['threadmode'] != "threaded"))
 692          {
 693              if($mybb->settings['threadusenetstyle'])
 694              {
 695                  $options['threadmode'] = 'threaded';
 696              }
 697              else
 698              {
 699                  $options['threadmode'] = 'linear';
 700              }
 701          }
 702  
 703          // Verify the "threads per page" option.
 704          if($this->method == "insert" || (array_key_exists('tpp', $options) && $mybb->settings['usertppoptions']))
 705          {
 706              if(!isset($options['tpp']))
 707              {
 708                  $options['tpp'] = 0;
 709              }
 710              $explodedtpp = explode(",", $mybb->settings['usertppoptions']);
 711              if(is_array($explodedtpp))
 712              {
 713                  @asort($explodedtpp);
 714                  $biggest = $explodedtpp[count($explodedtpp)-1];
 715                  // Is the selected option greater than the allowed options?
 716                  if($options['tpp'] > $biggest)
 717                  {
 718                      $options['tpp'] = $biggest;
 719                  }
 720              }
 721              $options['tpp'] = (int)$options['tpp'];
 722          }
 723          // Verify the "posts per page" option.
 724          if($this->method == "insert" || (array_key_exists('ppp', $options) && $mybb->settings['userpppoptions']))
 725          {
 726              if(!isset($options['ppp']))
 727              {
 728                  $options['ppp'] = 0;
 729              }
 730              $explodedppp = explode(",", $mybb->settings['userpppoptions']);
 731              if(is_array($explodedppp))
 732              {
 733                  @asort($explodedppp);
 734                  $biggest = $explodedppp[count($explodedppp)-1];
 735                  // Is the selected option greater than the allowed options?
 736                  if($options['ppp'] > $biggest)
 737                  {
 738                      $options['ppp'] = $biggest;
 739                  }
 740              }
 741              $options['ppp'] = (int)$options['ppp'];
 742          }
 743          // Is our selected "days prune" option valid or not?
 744          if($this->method == "insert" || array_key_exists('daysprune', $options))
 745          {
 746              if(!isset($options['daysprune']))
 747              {
 748                  $options['daysprune'] = 0;
 749              }
 750              $options['daysprune'] = (int)$options['daysprune'];
 751              if($options['daysprune'] < 0)
 752              {
 753                  $options['daysprune'] = 0;
 754              }
 755          }
 756          $this->data['options'] = $options;
 757      }
 758  
 759      /**
 760       * Verifies if a registration date is valid or not.
 761       *
 762       * @return boolean True when valid, false when invalid.
 763       */
 764  	function verify_regdate()
 765      {
 766          $regdate = &$this->data['regdate'];
 767  
 768          $regdate = (int)$regdate;
 769          // If the timestamp is below 0, set it to the current time.
 770          if($regdate <= 0)
 771          {
 772              $regdate = TIME_NOW;
 773          }
 774          return true;
 775      }
 776  
 777      /**
 778       * Verifies if a last visit date is valid or not.
 779       *
 780       * @return boolean True when valid, false when invalid.
 781       */
 782  	function verify_lastvisit()
 783      {
 784          $lastvisit = &$this->data['lastvisit'];
 785  
 786          $lastvisit = (int)$lastvisit;
 787          // If the timestamp is below 0, set it to the current time.
 788          if($lastvisit <= 0)
 789          {
 790              $lastvisit = TIME_NOW;
 791          }
 792          return true;
 793  
 794      }
 795  
 796      /**
 797       * Verifies if a last active date is valid or not.
 798       *
 799       * @return boolean True when valid, false when invalid.
 800       */
 801  	function verify_lastactive()
 802      {
 803          $lastactive = &$this->data['lastactive'];
 804  
 805          $lastactive = (int)$lastactive;
 806          // If the timestamp is below 0, set it to the current time.
 807          if($lastactive <= 0)
 808          {
 809              $lastactive = TIME_NOW;
 810          }
 811          return true;
 812  
 813      }
 814  
 815      /**
 816       * Verifies if an away mode status is valid or not.
 817       *
 818       * @return boolean True when valid, false when invalid.
 819       */
 820  	function verify_away()
 821      {
 822          global $mybb;
 823  
 824          $user = &$this->data;
 825          // If the board does not allow "away mode" or the user is marking as not away, set defaults.
 826          if($mybb->settings['allowaway'] == 0 || !isset($user['away']['away']) || $user['away']['away'] != 1)
 827          {
 828              $user['away']['away'] = 0;
 829              $user['away']['date'] = 0;
 830              $user['away']['returndate'] = 0;
 831              $user['away']['awayreason'] = '';
 832              return true;
 833          }
 834          else if($user['away']['returndate'])
 835          {
 836              list($returnday, $returnmonth, $returnyear) = explode('-', $user['away']['returndate']);
 837              if(!$returnday || !$returnmonth || !$returnyear)
 838              {
 839                  $this->set_error("missing_returndate");
 840                  return false;
 841              }
 842  
 843              // Validate the return date lengths
 844              $user['away']['returndate'] = substr($returnday, 0, 2).'-'.substr($returnmonth, 0, 2).'-'.substr($returnyear, 0, 4);
 845          }
 846          return true;
 847      }
 848  
 849      /**
 850       * Verifies if a language is valid for this user or not.
 851       *
 852       * @return boolean True when valid, false when invalid.
 853       */
 854  	function verify_language()
 855      {
 856          global $lang;
 857  
 858          $language = &$this->data['language'];
 859  
 860          // An invalid language has been specified?
 861          if($language != '' && !$lang->language_exists($language))
 862          {
 863              $this->set_error("invalid_language");
 864              return false;
 865          }
 866          return true;
 867      }
 868  
 869      /**
 870       * Verifies if a style is valid for this user or not.
 871       *
 872       * @return boolean True when valid, false when invalid.
 873       */
 874  	function verify_style()
 875      {
 876          global $lang;
 877  
 878          $user = &$this->data;
 879  
 880          if($user['style'])
 881          {
 882              $theme = get_theme($user['style']);
 883  
 884              if(empty($theme) || !is_member($theme['allowedgroups'], $user) && $theme['allowedgroups'] != 'all')
 885              {
 886                  $this->set_error('invalid_style');
 887                  return false;
 888              }
 889          }
 890  
 891          return true;
 892      }
 893  
 894      /**
 895       * Verifies if this is coming from a spam bot or not
 896       *
 897       * @return boolean True when valid, false when invalid.
 898       */
 899  	function verify_checkfields()
 900      {
 901          $user = &$this->data;
 902  
 903          // An invalid language has been specified?
 904          if($user['regcheck1'] !== "" || $user['regcheck2'] !== "true")
 905          {
 906              $this->set_error("invalid_checkfield");
 907              return false;
 908          }
 909          return true;
 910      }
 911  
 912      /**
 913       * Verifies if the user timezone is valid.
 914       * If the timezone is invalid, the board default is used.
 915       *
 916       * @return boolean True when timezone was valid, false otherwise
 917       */
 918  	function verify_timezone()
 919      {
 920          global $mybb;
 921  
 922          $user = &$this->data;
 923  
 924          $timezones = get_supported_timezones();
 925  
 926          if(!array_key_exists($user['timezone'], $timezones))
 927          {
 928              $user['timezone'] = $mybb->settings['timezoneoffset'];
 929              return false;
 930          }
 931  
 932          return true;
 933      }
 934  
 935      /**
 936      * Validate all user assets.
 937      *
 938      * @return boolean True when valid, false when invalid.
 939      */
 940  	function validate_user()
 941      {
 942          global $mybb, $plugins;
 943  
 944          $user = &$this->data;
 945  
 946          // First, grab the old user details if this user exists
 947          if(!empty($user['uid']))
 948          {
 949              $old_user = get_user($user['uid']);
 950          }
 951  
 952          if($this->method == "insert" || array_key_exists('username', $user))
 953          {
 954              // If the username is the same - no need to verify
 955              if(!isset($old_user['username']) || $user['username'] != $old_user['username'])
 956              {
 957                  $this->verify_username();
 958                  $this->verify_username_exists();
 959              }
 960              else
 961              {
 962                  unset($user['username']);
 963              }
 964          }
 965          if($this->method == "insert" || array_key_exists('usertitle', $user))
 966          {
 967              $this->verify_usertitle();
 968          }
 969          if($this->method == "insert" || array_key_exists('password', $user))
 970          {
 971              $this->verify_password();
 972          }
 973          if($this->method == "insert" || array_key_exists('usergroup', $user))
 974          {
 975              $this->verify_usergroup();
 976          }
 977          if($this->method == "insert" || array_key_exists('email', $user))
 978          {
 979              $this->verify_email();
 980          }
 981          if($this->method == "insert" || array_key_exists('website', $user))
 982          {
 983              $this->verify_website();
 984          }
 985          if($this->method == "insert" || array_key_exists('icq', $user))
 986          {
 987              $this->verify_icq();
 988          }
 989          if($this->method == "insert" || (isset($user['birthday']) && is_array($user['birthday'])))
 990          {
 991              $this->verify_birthday();
 992          }
 993          if($this->method == "insert" || array_key_exists('postnum', $user))
 994          {
 995              $this->verify_postnum();
 996          }
 997          if($this->method == "insert" || array_key_exists('threadnum', $user))
 998          {
 999              $this->verify_threadnum();
1000          }
1001          if($this->method == "insert" || array_key_exists('profile_fields', $user))
1002          {
1003              $this->verify_profile_fields();
1004          }
1005          if($this->method == "insert" || array_key_exists('referrer', $user))
1006          {
1007              $this->verify_referrer();
1008          }
1009          if($this->method == "insert" || array_key_exists('options', $user))
1010          {
1011              $this->verify_options();
1012          }
1013          if($this->method == "insert" || array_key_exists('regdate', $user))
1014          {
1015              $this->verify_regdate();
1016          }
1017          if($this->method == "insert" || array_key_exists('lastvisit', $user))
1018          {
1019              $this->verify_lastvisit();
1020          }
1021          if($this->method == "insert" || array_key_exists('lastactive', $user))
1022          {
1023              $this->verify_lastactive();
1024          }
1025          if($this->method == "insert" || array_key_exists('away', $user))
1026          {
1027              $this->verify_away();
1028          }
1029          if($this->method == "insert" || array_key_exists('language', $user))
1030          {
1031              $this->verify_language();
1032          }
1033          if($this->method == "insert" || array_key_exists('timezone', $user))
1034          {
1035              $this->verify_timezone();
1036          }
1037          if($this->method == "insert" && array_key_exists('regcheck1', $user) && array_key_exists('regcheck2', $user))
1038          {
1039              $this->verify_checkfields();
1040          }
1041          if(array_key_exists('birthdayprivacy', $user))
1042          {
1043              $this->verify_birthday_privacy();
1044          }
1045          if($this->method == "insert" || array_key_exists('style', $user))
1046          {
1047              $this->verify_style();
1048          }
1049          if($this->method == "insert" || array_key_exists('signature', $user))
1050          {
1051              $this->verify_signature();
1052          }
1053  
1054          $plugins->run_hooks("datahandler_user_validate", $this);
1055  
1056          // We are done validating, return.
1057          $this->set_validated(true);
1058          if(count($this->get_errors()) > 0)
1059          {
1060              return false;
1061          }
1062          else
1063          {
1064              return true;
1065          }
1066      }
1067  
1068      /**
1069      * Inserts a user into the database.
1070      *
1071      * @return array
1072      */
1073  	function insert_user()
1074      {
1075          global $db, $cache, $plugins;
1076  
1077          // Yes, validating is required.
1078          if(!$this->get_validated())
1079          {
1080              die("The user needs to be validated before inserting it into the DB.");
1081          }
1082          if(count($this->get_errors()) > 0)
1083          {
1084              die("The user is not valid.");
1085          }
1086  
1087          $user = &$this->data;
1088  
1089          $array = array('postnum', 'threadnum', 'avatar', 'avatartype', 'additionalgroups', 'displaygroup', 'icq', 'aim', 'yahoo', 'skype', 'google', 'bday', 'signature', 'style', 'dateformat', 'timeformat', 'notepad');
1090          foreach($array as $value)
1091          {
1092              if(!isset($user[$value]))
1093              {
1094                  $user[$value] = '';
1095              }
1096          }
1097  
1098          $this->user_insert_data = array(
1099              "username" => $db->escape_string($user['username']),
1100              "password" => $user['saltedpw'],
1101              "salt" => $user['salt'],
1102              "loginkey" => $user['loginkey'],
1103              "email" => $db->escape_string($user['email']),
1104              "postnum" => (int)$user['postnum'],
1105              "threadnum" => (int)$user['threadnum'],
1106              "avatar" => $db->escape_string($user['avatar']),
1107              "avatartype" => $db->escape_string($user['avatartype']),
1108              "usergroup" => (int)$user['usergroup'],
1109              "additionalgroups" => $db->escape_string($user['additionalgroups']),
1110              "displaygroup" => (int)$user['displaygroup'],
1111              "usertitle" => $db->escape_string(htmlspecialchars_uni($user['usertitle'])),
1112              "regdate" => (int)$user['regdate'],
1113              "lastactive" => (int)$user['lastactive'],
1114              "lastvisit" => (int)$user['lastvisit'],
1115              "website" => $db->escape_string($user['website']),
1116              "icq" => (int)$user['icq'],
1117              "aim" => $db->escape_string($user['aim']),
1118              "yahoo" => $db->escape_string($user['yahoo']),
1119              "skype" => $db->escape_string($user['skype']),
1120              "google" => $db->escape_string($user['google']),
1121              "birthday" => $user['bday'],
1122              "signature" => $db->escape_string($user['signature']),
1123              "allownotices" => (int)$user['options']['allownotices'],
1124              "hideemail" => (int)$user['options']['hideemail'],
1125              "subscriptionmethod" => (int)$user['options']['subscriptionmethod'],
1126              "receivepms" => (int)$user['options']['receivepms'],
1127              "receivefrombuddy" => (int)$user['options']['receivefrombuddy'],
1128              "pmnotice" => (int)$user['options']['pmnotice'],
1129              "pmnotify" => (int)$user['options']['pmnotify'],
1130              "showimages" => (int)$user['options']['showimages'],
1131              "showvideos" => (int)$user['options']['showvideos'],
1132              "showsigs" => (int)$user['options']['showsigs'],
1133              "showavatars" => (int)$user['options']['showavatars'],
1134              "showquickreply" => (int)$user['options']['showquickreply'],
1135              "showredirect" => (int)$user['options']['showredirect'],
1136              "tpp" => (int)$user['options']['tpp'],
1137              "ppp" => (int)$user['options']['ppp'],
1138              "invisible" => (int)$user['options']['invisible'],
1139              "style" => (int)$user['style'],
1140              "timezone" => $db->escape_string($user['timezone']),
1141              "dstcorrection" => (int)$user['options']['dstcorrection'],
1142              "threadmode" => $user['options']['threadmode'],
1143              "daysprune" => (int)$user['options']['daysprune'],
1144              "dateformat" => $db->escape_string($user['dateformat']),
1145              "timeformat" => $db->escape_string($user['timeformat']),
1146              "regip" => $db->escape_binary($user['regip']),
1147              "language" => $db->escape_string($user['language']),
1148              "showcodebuttons" => (int)$user['options']['showcodebuttons'],
1149              "sourceeditor" => (int)$user['options']['sourceeditor'],
1150              "buddyrequestspm" => (int)$user['options']['buddyrequestspm'],
1151              "buddyrequestsauto" => (int)$user['options']['buddyrequestsauto'],
1152              "away" => (int)$user['away']['away'],
1153              "awaydate" => (int)$user['away']['date'],
1154              "returndate" => $user['away']['returndate'],
1155              "awayreason" => $db->escape_string($user['away']['awayreason']),
1156              "notepad" => $db->escape_string($user['notepad']),
1157              "referrer" => (int)$user['referrer_uid'],
1158              "referrals" => 0,
1159              "buddylist" => '',
1160              "ignorelist" => '',
1161              "pmfolders" => '',
1162              "notepad" => '',
1163              "warningpoints" => 0,
1164              "moderateposts" => 0,
1165              "moderationtime" => 0,
1166              "suspendposting" => 0,
1167              "suspensiontime" => 0,
1168              "coppauser" => (int)$user['coppa_user'],
1169              "classicpostbit" => (int)$user['options']['classicpostbit'],
1170              "usernotes" => ''
1171          );
1172  
1173          if($user['options']['dstcorrection'] == 1)
1174          {
1175              $this->user_insert_data['dst'] = 1;
1176          }
1177          else if($user['options']['dstcorrection'] == 0)
1178          {
1179              $this->user_insert_data['dst'] = 0;
1180          }
1181  
1182          $plugins->run_hooks("datahandler_user_insert", $this);
1183  
1184          $this->uid = $db->insert_query("users", $this->user_insert_data);
1185  
1186          $user['user_fields']['ufid'] = $this->uid;
1187  
1188          $pfcache = $cache->read('profilefields');
1189  
1190          if(is_array($pfcache))
1191          {
1192              foreach($pfcache as $profile_field)
1193              {
1194                  if(array_key_exists("fid{$profile_field['fid']}", $user['user_fields']))
1195                  {
1196                      continue;
1197                  }
1198                  $user['user_fields']["fid{$profile_field['fid']}"] = '';
1199              }
1200          }
1201  
1202          $db->insert_query("userfields", $user['user_fields'], false);
1203  
1204          if($this->user_insert_data['referrer'] != 0)
1205          {
1206              $db->write_query("
1207                  UPDATE ".TABLE_PREFIX."users
1208                  SET referrals=referrals+1
1209                  WHERE uid='{$this->user_insert_data['referrer']}'
1210              ");
1211          }
1212  
1213          // Update forum stats
1214          update_stats(array('numusers' => '+1'));
1215  
1216          if((int)$user['usergroup'] == 5)
1217          {
1218              $cache->update_awaitingactivation();
1219          }
1220  
1221          $this->return_values = array(
1222              "uid" => $this->uid,
1223              "username" => $user['username'],
1224              "loginkey" => $user['loginkey'],
1225              "email" => $user['email'],
1226              "password" => $user['password'],
1227              "usergroup" => $user['usergroup']
1228          );
1229  
1230          $plugins->run_hooks("datahandler_user_insert_end", $this);
1231  
1232          return $this->return_values;
1233      }
1234  
1235      /**
1236      * Updates a user in the database.
1237      *
1238      * @return bool
1239      */
1240  	function update_user()
1241      {
1242          global $db, $plugins, $cache;
1243  
1244          // Yes, validating is required.
1245          if(!$this->get_validated())
1246          {
1247              die("The user needs to be validated before inserting it into the DB.");
1248          }
1249          if(count($this->get_errors()) > 0)
1250          {
1251              die("The user is not valid.");
1252          }
1253  
1254          $user = &$this->data;
1255          $user['uid'] = (int)$user['uid'];
1256          $this->uid = $user['uid'];
1257  
1258          // Set up the update data.
1259          if(isset($user['username']))
1260          {
1261              $this->user_update_data['username'] = $db->escape_string($user['username']);
1262          }
1263          if(isset($user['saltedpw']))
1264          {
1265              $this->user_update_data['password'] = $user['saltedpw'];
1266              $this->user_update_data['salt'] = $user['salt'];
1267              $this->user_update_data['loginkey'] = $user['loginkey'];
1268          }
1269          if(isset($user['email']))
1270          {
1271              $this->user_update_data['email'] = $user['email'];
1272          }
1273          if(isset($user['postnum']))
1274          {
1275              $this->user_update_data['postnum'] = (int)$user['postnum'];
1276          }
1277          if(isset($user['threadnum']))
1278          {
1279              $this->user_update_data['threadnum'] = (int)$user['threadnum'];
1280          }
1281          if(isset($user['avatar']))
1282          {
1283              $this->user_update_data['avatar'] = $db->escape_string($user['avatar']);
1284              $this->user_update_data['avatartype'] = $db->escape_string($user['avatartype']);
1285          }
1286          if(isset($user['usergroup']))
1287          {
1288              $this->user_update_data['usergroup'] = (int)$user['usergroup'];
1289          }
1290          if(isset($user['additionalgroups']))
1291          {
1292              $this->user_update_data['additionalgroups'] = $db->escape_string($user['additionalgroups']);
1293          }
1294          if(isset($user['displaygroup']))
1295          {
1296              $this->user_update_data['displaygroup'] = (int)$user['displaygroup'];
1297          }
1298          if(isset($user['usertitle']))
1299          {
1300              $this->user_update_data['usertitle'] = $db->escape_string($user['usertitle']);
1301          }
1302          if(isset($user['regdate']))
1303          {
1304              $this->user_update_data['regdate'] = (int)$user['regdate'];
1305          }
1306          if(isset($user['lastactive']))
1307          {
1308              $this->user_update_data['lastactive'] = (int)$user['lastactive'];
1309          }
1310          if(isset($user['lastvisit']))
1311          {
1312              $this->user_update_data['lastvisit'] = (int)$user['lastvisit'];
1313          }
1314          if(isset($user['signature']))
1315          {
1316              $this->user_update_data['signature'] = $db->escape_string($user['signature']);
1317          }
1318          if(isset($user['website']))
1319          {
1320              $this->user_update_data['website'] = $db->escape_string($user['website']);
1321          }
1322          if(isset($user['icq']))
1323          {
1324              $this->user_update_data['icq'] = (int)$user['icq'];
1325          }
1326          if(isset($user['aim']))
1327          {
1328              $this->user_update_data['aim'] = $db->escape_string($user['aim']);
1329          }
1330          if(isset($user['yahoo']))
1331          {
1332              $this->user_update_data['yahoo'] = $db->escape_string($user['yahoo']);
1333          }
1334          if(isset($user['skype']))
1335          {
1336              $this->user_update_data['skype'] = $db->escape_string($user['skype']);
1337          }
1338          if(isset($user['google']))
1339          {
1340              $this->user_update_data['google'] = $db->escape_string($user['google']);
1341          }
1342          if(isset($user['bday']))
1343          {
1344              $this->user_update_data['birthday'] = $user['bday'];
1345          }
1346          if(isset($user['birthdayprivacy']))
1347          {
1348              $this->user_update_data['birthdayprivacy'] = $db->escape_string($user['birthdayprivacy']);
1349          }
1350          if(isset($user['style']))
1351          {
1352              $this->user_update_data['style'] = (int)$user['style'];
1353          }
1354          if(isset($user['timezone']))
1355          {
1356              $this->user_update_data['timezone'] = $db->escape_string($user['timezone']);
1357          }
1358          if(isset($user['dateformat']))
1359          {
1360              $this->user_update_data['dateformat'] = $db->escape_string($user['dateformat']);
1361          }
1362          if(isset($user['timeformat']))
1363          {
1364              $this->user_update_data['timeformat'] = $db->escape_string($user['timeformat']);
1365          }
1366          if(isset($user['regip']))
1367          {
1368              $this->user_update_data['regip'] = $db->escape_string($user['regip']);
1369          }
1370          if(isset($user['language']))
1371          {
1372              $this->user_update_data['language'] = $db->escape_string($user['language']);
1373          }
1374          if(isset($user['away']))
1375          {
1376              $this->user_update_data['away'] = (int)$user['away']['away'];
1377              $this->user_update_data['awaydate'] = $db->escape_string($user['away']['date']);
1378              $this->user_update_data['returndate'] = $db->escape_string($user['away']['returndate']);
1379              $this->user_update_data['awayreason'] = $db->escape_string($user['away']['awayreason']);
1380          }
1381          if(isset($user['notepad']))
1382          {
1383              $this->user_update_data['notepad'] = $db->escape_string($user['notepad']);
1384          }
1385          if(isset($user['usernotes']))
1386          {
1387              $this->user_update_data['usernotes'] = $db->escape_string($user['usernotes']);
1388          }
1389          if(isset($user['options']) && is_array($user['options']))
1390          {
1391              foreach($user['options'] as $option => $value)
1392              {
1393                  $this->user_update_data[$option] = $value;
1394              }
1395          }
1396          if(array_key_exists('coppa_user', $user))
1397          {
1398              $this->user_update_data['coppauser'] = (int)$user['coppa_user'];
1399          }
1400          // First, grab the old user details for later use.
1401          $old_user = get_user($user['uid']);
1402  
1403          // If old user has new pmnotice and new user has = yes, keep old value
1404          if($old_user['pmnotice'] == "2" && $this->user_update_data['pmnotice'] == 1)
1405          {
1406              unset($this->user_update_data['pmnotice']);
1407          }
1408  
1409          $plugins->run_hooks("datahandler_user_update", $this);
1410  
1411          if(count($this->user_update_data) < 1 && empty($user['user_fields']))
1412          {
1413              return false;
1414          }
1415  
1416          if(count($this->user_update_data) > 0)
1417          {
1418              // Actual updating happens here.
1419              $db->update_query("users", $this->user_update_data, "uid='{$user['uid']}'");
1420          }
1421  
1422          $cache->update_moderators();
1423          if(isset($user['bday']) || isset($user['username']))
1424          {
1425              $cache->update_birthdays();
1426          }
1427  
1428          if(isset($user['usergroup']) && (int)$user['usergroup'] == 5)
1429          {
1430              $cache->update_awaitingactivation();
1431          }
1432  
1433          // Maybe some userfields need to be updated?
1434          if(isset($user['user_fields']) && is_array($user['user_fields']))
1435          {
1436              $query = $db->simple_select("userfields", "*", "ufid='{$user['uid']}'");
1437              $fields = $db->fetch_array($query);
1438              if(!$fields['ufid'])
1439              {
1440                  $user_fields = array(
1441                      'ufid' => $user['uid']
1442                  );
1443  
1444                  $fields_array = $db->show_fields_from("userfields");
1445                  foreach($fields_array as $field)
1446                  {
1447                      if($field['Field'] == 'ufid')
1448                      {
1449                          continue;
1450                      }
1451                      $user_fields[$field['Field']] = '';
1452                  }
1453                  $db->insert_query("userfields", $user_fields);
1454              }
1455              $db->update_query("userfields", $user['user_fields'], "ufid='{$user['uid']}'", false);
1456          }
1457  
1458          // Let's make sure the user's name gets changed everywhere in the db if it changed.
1459          if(!empty($this->user_update_data['username']) && $this->user_update_data['username'] != $old_user['username'])
1460          {
1461              $username_update = array(
1462                  "username" => $this->user_update_data['username']
1463              );
1464              $lastposter_update = array(
1465                  "lastposter" => $this->user_update_data['username']
1466              );
1467  
1468              $db->update_query("posts", $username_update, "uid='{$user['uid']}'");
1469              $db->update_query("threads", $username_update, "uid='{$user['uid']}'");
1470              $db->update_query("threads", $lastposter_update, "lastposteruid='{$user['uid']}'");
1471              $db->update_query("forums", $lastposter_update, "lastposteruid='{$user['uid']}'");
1472  
1473              $stats = $cache->read("stats");
1474              if($stats['lastuid'] == $user['uid'])
1475              {
1476                  // User was latest to register, update stats
1477                  update_stats(array("numusers" => "+0"));
1478              }
1479          }
1480  
1481          return true;
1482      }
1483  
1484      /**
1485       * Provides a method to completely delete a user.
1486       *
1487       * @param array $delete_uids Array of user information
1488       * @param integer $prunecontent Whether if delete threads/posts or not
1489       * @return array
1490       */
1491  	function delete_user($delete_uids, $prunecontent=0)
1492      {
1493          global $db, $plugins, $mybb, $cache;
1494  
1495          // Yes, validating is required.
1496          if(count($this->get_errors()) > 0)
1497          {
1498              die('The user is not valid.');
1499          }
1500  
1501          $this->delete_uids = array_map('intval', (array)$delete_uids);
1502  
1503          foreach($this->delete_uids as $key => $uid)
1504          {
1505              if(!$uid || is_super_admin($uid) || $uid == $mybb->user['uid'])
1506              {
1507                  // Remove super admins
1508                  unset($this->delete_uids[$key]);
1509              }
1510          }
1511  
1512          $plugins->run_hooks('datahandler_user_delete_start', $this);
1513  
1514          $this->delete_uids = implode(',', $this->delete_uids);
1515  
1516          if(empty($this->delete_uids))
1517          {
1518              $this->deleted_users = 0;
1519              $this->return_values = array(
1520                  "deleted_users" => $this->deleted_users
1521              );
1522  
1523              return $this->return_values;
1524          }
1525  
1526          $this->delete_content();
1527  
1528          // Delete the user
1529          $query = $db->delete_query('users', "uid IN({$this->delete_uids})");
1530          $this->deleted_users = $db->affected_rows($query);
1531  
1532          // Are we removing the posts/threads of a user?
1533          if((int)$prunecontent == 1)
1534          {
1535              $this->delete_posts();
1536              $db->delete_query('announcements', "uid IN({$this->delete_uids})");
1537          }
1538          else
1539          {
1540              // We're just updating the UID
1541              $db->update_query('pollvotes', array('uid' => 0), "uid IN({$this->delete_uids})");
1542              $db->update_query('posts', array('uid' => 0), "uid IN({$this->delete_uids})");
1543              $db->update_query('threads', array('uid' => 0), "uid IN({$this->delete_uids})");
1544              $db->update_query('attachments', array('uid' => 0), "uid IN({$this->delete_uids})");
1545              $db->update_query('announcements', array('uid' => 0), "uid IN({$this->delete_uids})");
1546          }
1547  
1548          $db->update_query('privatemessages', array('fromid' => 0), "fromid IN({$this->delete_uids})");
1549          $db->update_query('users', array('referrer' => 0), "referrer IN({$this->delete_uids})");
1550  
1551          // Update thread ratings
1552          $query = $db->query("
1553              SELECT r.*, t.numratings, t.totalratings
1554              FROM ".TABLE_PREFIX."threadratings r
1555              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=r.tid)
1556              WHERE r.uid IN({$this->delete_uids})
1557          ");
1558          while($rating = $db->fetch_array($query))
1559          {
1560              $update_thread = array(
1561                  "numratings" => $rating['numratings'] - 1,
1562                  "totalratings" => $rating['totalratings'] - $rating['rating']
1563              );
1564              $db->update_query("threads", $update_thread, "tid='{$rating['tid']}'");
1565          }
1566  
1567          $db->delete_query('threadratings', "uid IN({$this->delete_uids})");
1568  
1569          // Update forums & threads if user is the lastposter
1570          $db->update_query('forums', array('lastposteruid' => 0), "lastposteruid IN({$this->delete_uids})");
1571          $db->update_query('threads', array('lastposteruid' => 0), "lastposteruid IN({$this->delete_uids})");
1572  
1573          // Update forum stats
1574          update_stats(array('numusers' => '-'.$this->deleted_users));
1575  
1576          $this->return_values = array(
1577              "deleted_users" => $this->deleted_users
1578          );
1579  
1580          $plugins->run_hooks("datahandler_user_delete_end", $this);
1581  
1582          // Update  cache
1583          $cache->update_banned();
1584          $cache->update_moderators();
1585          $cache->update_forumsdisplay();
1586          $cache->update_reportedcontent();
1587          $cache->update_awaitingactivation();
1588  
1589          return $this->return_values;
1590      }
1591  
1592      /**
1593       * Provides a method to delete users' content
1594       *
1595       * @param array|bool $delete_uids Array of user ids, false if they're already set (eg when using the delete_user function)
1596       */
1597  	function delete_content($delete_uids=false)
1598      {
1599          global $db, $plugins, $mybb;
1600  
1601          if($delete_uids != false)
1602          {
1603              $this->delete_uids = array_map('intval', (array)$delete_uids);
1604  
1605              foreach($this->delete_uids as $key => $uid)
1606              {
1607                  if(!$uid || is_super_admin($uid) || $uid == $mybb->user['uid'])
1608                  {
1609                      // Remove super admins
1610                      unset($this->delete_uids[$key]);
1611                  }
1612              }
1613  
1614              $this->delete_uids = implode(',', $this->delete_uids);
1615          }
1616  
1617          $plugins->run_hooks('datahandler_user_delete_content', $this);
1618  
1619          if(empty($this->delete_uids))
1620          {
1621              return;
1622          }
1623  
1624          $db->delete_query('userfields', "ufid IN({$this->delete_uids})");
1625          $db->delete_query('privatemessages', "uid IN({$this->delete_uids})");
1626          $db->delete_query('events', "uid IN({$this->delete_uids})");
1627          $db->delete_query('moderators', "id IN({$this->delete_uids}) AND isgroup = 0");
1628          $db->delete_query('forumsubscriptions', "uid IN({$this->delete_uids})");
1629          $db->delete_query('threadsubscriptions', "uid IN({$this->delete_uids})");
1630          $db->delete_query('forumsread', "uid IN({$this->delete_uids})");
1631          $db->delete_query('threadsread', "uid IN({$this->delete_uids})");
1632          $db->delete_query('adminviews', "uid IN({$this->delete_uids})");
1633          $db->delete_query('adminoptions', "uid IN({$this->delete_uids})");
1634          $db->delete_query('adminsessions', "uid IN({$this->delete_uids})");
1635          $db->delete_query('sessions', "uid IN({$this->delete_uids})");
1636          $db->delete_query('banned', "uid IN({$this->delete_uids})");
1637          $db->delete_query('joinrequests', "uid IN({$this->delete_uids})");
1638          $db->delete_query('groupleaders', "uid IN({$this->delete_uids})");
1639          $db->delete_query('awaitingactivation', "uid IN({$this->delete_uids})");
1640          $db->delete_query('warnings', "uid IN({$this->delete_uids})");
1641          $db->delete_query('reputation', "uid IN({$this->delete_uids}) OR adduid IN({$this->delete_uids})");
1642          $db->delete_query('buddyrequests', "uid IN({$this->delete_uids}) OR touid IN({$this->delete_uids})");
1643          $db->delete_query('posts', "uid IN({$this->delete_uids}) AND visible = -2");
1644          $db->delete_query('threads', "uid IN({$this->delete_uids}) AND visible = -2");
1645  
1646          // Delete reports made to the profile or reputation of the deleted users (i.e. made by them)
1647          $db->delete_query('reportedcontent', "type='reputation' AND id3 IN({$this->delete_uids}) OR type='reputation' AND id2 IN({$this->delete_uids})");
1648          $db->delete_query('reportedcontent', "type='profile' AND id IN({$this->delete_uids})");
1649  
1650          // Update the reports made by the deleted users by setting the uid to 0
1651          $db->update_query('reportedcontent', array('uid' => 0), "uid IN({$this->delete_uids})");
1652  
1653          // Remove any of the user(s) uploaded avatars
1654          require_once  MYBB_ROOT.'inc/functions_upload.php';
1655          foreach(explode(',', $this->delete_uids) as $uid)
1656          {
1657              remove_avatars($uid);
1658          }
1659      }
1660  
1661      /**
1662       * Provides a method to delete an users posts and threads
1663       *
1664       * @param array|bool $delete_uids Array of user ids, false if they're already set (eg when using the delete_user function)
1665       */
1666  	function delete_posts($delete_uids=false)
1667      {
1668          global $db, $plugins, $mybb;
1669  
1670          if($delete_uids != false)
1671          {
1672              $this->delete_uids = array_map('intval', (array)$delete_uids);
1673  
1674              foreach($this->delete_uids as $key => $uid)
1675              {
1676                  if(!$uid || is_super_admin($uid) || $uid == $mybb->user['uid'])
1677                  {
1678                      // Remove super admins
1679                      unset($this->delete_uids[$key]);
1680                  }
1681              }
1682  
1683              $this->delete_uids = implode(',', $this->delete_uids);
1684          }
1685  
1686          require_once  MYBB_ROOT.'inc/class_moderation.php';
1687          $moderation = new Moderation();
1688  
1689          $plugins->run_hooks('datahandler_user_delete_posts', $this);
1690  
1691          if(empty($this->delete_uids))
1692          {
1693              return;
1694          }
1695  
1696          // Threads
1697          $query = $db->simple_select('threads', 'tid', "uid IN({$this->delete_uids})");
1698          while($tid = $db->fetch_field($query, 'tid'))
1699          {
1700              $moderation->delete_thread($tid);
1701          }
1702  
1703          // Posts
1704          $query = $db->simple_select('posts', 'pid', "uid IN({$this->delete_uids})");
1705          while($pid = $db->fetch_field($query, 'pid'))
1706          {
1707              $moderation->delete_post($pid);
1708          }
1709      }
1710  
1711      /**
1712       * Provides a method to clear an users profile
1713       *
1714       * @param array|bool $delete_uids Array of user ids, false if they're already set (eg when using the delete_user function)
1715       * @param int $gid The new usergroup if the users should be moved (additional usergroups are always removed)
1716       */
1717  	function clear_profile($delete_uids=false, $gid=0)
1718      {
1719          global $db, $plugins, $mybb;
1720  
1721          // delete_uids isn't a nice name, but it's used as the functions above use the same
1722          if($delete_uids != false)
1723          {
1724              $this->delete_uids = array_map('intval', (array)$delete_uids);
1725  
1726              foreach($this->delete_uids as $key => $uid)
1727              {
1728                  if(!$uid || is_super_admin($uid) || $uid == $mybb->user['uid'])
1729                  {
1730                      // Remove super admins
1731                      unset($this->delete_uids[$key]);
1732                  }
1733              }
1734  
1735              $this->delete_uids = implode(',', $this->delete_uids);
1736          }
1737  
1738          $update = array(
1739              "website" => "",
1740              "birthday" => "",
1741              "icq" => "",
1742              "aim" => "",
1743              "yahoo" => "",
1744              "skype" => "",
1745              "google" => "",
1746              "usertitle" => "",
1747              "away" => 0,
1748              "awaydate" => 0,
1749              "returndate" => "",
1750              "awayreason" => "",
1751              "additionalgroups" => "",
1752              "displaygroup" => 0,
1753              "signature" => "",
1754              "avatar" => "",
1755              'avatardimensions' => '',
1756              'avatartype' => ''
1757          );
1758  
1759          if($gid > 0)
1760          {
1761              $update["usergroup"] = (int)$gid;
1762          }
1763  
1764          $plugins->run_hooks('datahandler_user_clear_profile', $this);
1765  
1766          if(empty($this->delete_uids))
1767          {
1768              return;
1769          }
1770  
1771          $db->update_query("users", $update, "uid IN({$this->delete_uids})");
1772          $db->delete_query('userfields', "ufid IN({$this->delete_uids})");
1773  
1774          // Remove any of the user(s) uploaded avatars
1775          require_once  MYBB_ROOT.'inc/functions_upload.php';
1776          foreach(explode(',', $this->delete_uids) as $uid)
1777          {
1778              remove_avatars($uid);
1779          }
1780      }
1781  
1782  	public function verify_signature()
1783      {
1784          global $mybb, $parser;
1785  
1786          if(!isset($parser))
1787          {
1788              require_once  MYBB_ROOT."inc/class_parser.php";
1789              $parser = new postParser;
1790          }
1791  
1792          $parser_options = array(
1793              'allow_html' => $mybb->settings['sightml'],
1794              'filter_badwords' => 1,
1795              'allow_mycode' => $mybb->settings['sigmycode'],
1796              'allow_smilies' => $mybb->settings['sigsmilies'],
1797              'allow_imgcode' => $mybb->settings['sigimgcode'],
1798              "filter_badwords" => 1
1799          );
1800  
1801          $parsed_sig = $parser->parse_message($this->data['signature'], $parser_options);
1802  
1803          if((($mybb->settings['sigimgcode'] == 0 && $mybb->settings['sigsmilies'] != 1) &&
1804              substr_count($parsed_sig, "<img") > 0) ||
1805              (($mybb->settings['sigimgcode'] == 1 || $mybb->settings['sigsmilies'] == 1) &&
1806              substr_count($parsed_sig, "<img") > $mybb->settings['maxsigimages'])
1807          )
1808          {
1809              $imgsallowed = 0;
1810  
1811              if($mybb->settings['sigimgcode'] == 1)
1812              {
1813                  $imgsallowed = $mybb->settings['maxsigimages'];
1814              }
1815  
1816              $this->set_error('too_many_sig_images2', array($imgsallowed));
1817          }
1818  
1819          if($mybb->settings['sigcountmycode'] == 0)
1820          {
1821              $parsed_sig = $parser->text_parse_message($this->data['signature']);
1822          }
1823          else
1824          {
1825              $parsed_sig = $this->data['signature'];
1826          }
1827  
1828          $parsed_sig = preg_replace("#\s#", "", $parsed_sig);
1829          $sig_length = my_strlen($parsed_sig);
1830  
1831          if($sig_length > $mybb->settings['siglength'])
1832          {
1833              $this->set_error('sig_too_long', array($mybb->settings['siglength']));
1834  
1835              if($sig_length - $mybb->settings['siglength'] > 1)
1836              {
1837                  $this->set_error('sig_remove_chars_plural', array($sig_length-$mybb->settings['siglength']));
1838              }
1839              else
1840              {
1841                  $this->set_error('sig_remove_chars_singular');
1842              }
1843          }
1844  
1845          if(count($this->get_errors()) > 0)
1846          {
1847              return false;
1848          }
1849          return true;
1850      }
1851  }


2005 - 2016 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref 0.7.1