[ Index ]

PHP Cross Reference of MyBB 1.8.7

title

Body

[close]

/inc/datahandlers/ -> user.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  // Disallow direct access to this file for security reasons
  12  if(!defined("IN_MYBB"))
  13  {
  14      die("Direct initialization of this file is not allowed.<br /><br />Please make sure IN_MYBB is defined.");
  15  }
  16  
  17  /**
  18   * User handling class, provides common structure to handle user data.
  19   *
  20   */
  21  class UserDataHandler extends DataHandler
  22  {
  23      /**
  24      * The language file used in the data handler.
  25      *
  26      * @var string
  27      */
  28      public $language_file = 'datahandler_user';
  29  
  30      /**
  31      * The prefix for the language variables used in the data handler.
  32      *
  33      * @var string
  34      */
  35      public $language_prefix = 'userdata';
  36  
  37      /**
  38       * Array of data inserted in to a user.
  39       *
  40       * @var array
  41       */
  42      public $user_insert_data = array();
  43  
  44      /**
  45       * Array of data used to update a user.
  46       *
  47       * @var array
  48       */
  49      public $user_update_data = array();
  50  
  51      /**
  52       * User ID currently being manipulated by the datahandlers.
  53       *
  54       * @var int
  55       */
  56      public $uid = 0;
  57  
  58      /**
  59       * Values to be returned after inserting/deleting an user.
  60       *
  61       * @var array
  62       */
  63      public $return_values = array();
  64  
  65      /**
  66       * @var array
  67       */
  68      var $delete_uids = array();
  69  
  70      /**
  71       * @var int
  72       */
  73      var $deleted_users = 0;
  74  
  75      /**
  76       * Verifies if a username is valid or invalid.
  77       *
  78       * @return boolean True when valid, false when invalid.
  79       */
  80  	function verify_username()
  81      {
  82          global $mybb;
  83  
  84          $username = &$this->data['username'];
  85          require_once  MYBB_ROOT.'inc/functions_user.php';
  86  
  87          // Fix bad characters
  88          $username = trim_blank_chrs($username);
  89          $username = str_replace(array(unichr(160), unichr(173), unichr(0xCA), dec_to_utf8(8238), dec_to_utf8(8237), dec_to_utf8(8203)), array(" ", "-", "", "", "", ""), $username);
  90  
  91          // Remove multiple spaces from the username
  92          $username = preg_replace("#\s{2,}#", " ", $username);
  93  
  94          // Check if the username is not empty.
  95          if($username == '')
  96          {
  97              $this->set_error('missing_username');
  98              return false;
  99          }
 100  
 101          // Check if the username belongs to the list of banned usernames.
 102          if(is_banned_username($username, true))
 103          {
 104              $this->set_error('banned_username');
 105              return false;
 106          }
 107  
 108          // Check for certain characters in username (<, >, &, commas and slashes)
 109          if(strpos($username, "<") !== false || strpos($username, ">") !== false || strpos($username, "&") !== false || my_strpos($username, "\\") !== false || strpos($username, ";") !== false || strpos($username, ",") !== false || !validate_utf8_string($username, false, false))
 110          {
 111              $this->set_error("bad_characters_username");
 112              return false;
 113          }
 114  
 115          // Check if the username is of the correct length.
 116          if(($mybb->settings['maxnamelength'] != 0 && my_strlen($username) > $mybb->settings['maxnamelength']) || ($mybb->settings['minnamelength'] != 0 && my_strlen($username) < $mybb->settings['minnamelength']))
 117          {
 118              $this->set_error('invalid_username_length', array($mybb->settings['minnamelength'], $mybb->settings['maxnamelength']));
 119              return false;
 120          }
 121  
 122          return true;
 123      }
 124  
 125      /**
 126       * Verifies if a usertitle is valid or invalid.
 127       *
 128       * @return boolean True when valid, false when invalid.
 129       */
 130  	function verify_usertitle()
 131      {
 132          global $mybb;
 133  
 134          $usertitle = &$this->data['usertitle'];
 135  
 136          // Check if the usertitle is of the correct length.
 137          if($mybb->settings['customtitlemaxlength'] != 0 && my_strlen($usertitle) > $mybb->settings['customtitlemaxlength'])
 138          {
 139              $this->set_error('invalid_usertitle_length', $mybb->settings['customtitlemaxlength']);
 140              return false;
 141          }
 142  
 143          return true;
 144      }
 145  
 146      /**
 147       * Verifies if a username is already in use or not.
 148       *
 149       * @return boolean False when the username is not in use, true when it is.
 150       */
 151  	function verify_username_exists()
 152      {
 153          $username = &$this->data['username'];
 154  
 155          $user = get_user_by_username(trim($username));
 156  
 157          if(!empty($this->data['uid']) && !empty($user['uid']) && $user['uid'] == $this->data['uid'])
 158          {
 159              unset($user);
 160          }
 161  
 162          if(!empty($user['uid']))
 163          {
 164              $this->set_error("username_exists", array($username));
 165              return true;
 166          }
 167  
 168          return false;
 169      }
 170  
 171      /**
 172      * Verifies if a new password is valid or not.
 173      *
 174      * @return boolean True when valid, false when invalid.
 175      */
 176  	function verify_password()
 177      {
 178          global $mybb;
 179  
 180          $user = &$this->data;
 181  
 182          // Always check for the length of the password.
 183          if(my_strlen($user['password']) < $mybb->settings['minpasswordlength'] || my_strlen($user['password']) > $mybb->settings['maxpasswordlength'])
 184          {
 185              $this->set_error('invalid_password_length', array($mybb->settings['minpasswordlength'], $mybb->settings['maxpasswordlength']));
 186              return false;
 187          }
 188  
 189          // Has the user tried to use their email address or username as a password?
 190          if($user['email'] === $user['password'] || $user['username'] === $user['password'])
 191          {
 192              $this->set_error('bad_password_security');
 193              return false;
 194          }
 195  
 196          // See if the board has "require complex passwords" enabled.
 197          if($mybb->settings['requirecomplexpasswords'] == 1)
 198          {
 199              // Complex passwords required, do some extra checks.
 200              // First, see if there is one or more complex character(s) in the password.
 201              if(!preg_match("/^.*(?=.{".$mybb->settings['minpasswordlength'].",})(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).*$/", $user['password']))
 202              {
 203                  $this->set_error('no_complex_characters', array($mybb->settings['minpasswordlength']));
 204                  return false;
 205              }
 206          }
 207  
 208          // If we have a "password2" check if they both match
 209          if(isset($user['password2']) && $user['password'] !== $user['password2'])
 210          {
 211              $this->set_error("passwords_dont_match");
 212              return false;
 213          }
 214  
 215          // MD5 the password
 216          $user['md5password'] = md5($user['password']);
 217  
 218          // Generate our salt
 219          $user['salt'] = generate_salt();
 220  
 221          // Combine the password and salt
 222          $user['saltedpw'] = salt_password($user['md5password'], $user['salt']);
 223  
 224          // Generate the user login key
 225          $user['loginkey'] = generate_loginkey();
 226  
 227          return true;
 228      }
 229  
 230      /**
 231      * Verifies usergroup selections and other group details.
 232      *
 233      * @return boolean True when valid, false when invalid.
 234      */
 235  	function verify_usergroup()
 236      {
 237          return true;
 238      }
 239      /**
 240      * Verifies if an email address is valid or not.
 241      *
 242      * @return boolean True when valid, false when invalid.
 243      */
 244  	function verify_email()
 245      {
 246          global $mybb;
 247  
 248          $user = &$this->data;
 249  
 250          // Check if an email address has actually been entered.
 251          if(trim_blank_chrs($user['email']) == '')
 252          {
 253              $this->set_error('missing_email');
 254              return false;
 255          }
 256  
 257          // Check if this is a proper email address.
 258          if(!validate_email_format($user['email']))
 259          {
 260              $this->set_error('invalid_email_format');
 261              return false;
 262          }
 263  
 264          // Check banned emails
 265          if(is_banned_email($user['email'], true))
 266          {
 267              $this->set_error('banned_email');
 268              return false;
 269          }
 270  
 271          // Check signed up emails
 272          // Ignore the ACP because the Merge System sometimes produces users with duplicate email addresses (Not A Bug)
 273          if($mybb->settings['allowmultipleemails'] == 0 && !defined("IN_ADMINCP"))
 274          {
 275              $uid = 0;
 276              if(isset($user['uid']))
 277              {
 278                  $uid = $user['uid'];
 279              }
 280              if(email_already_in_use($user['email'], $uid))
 281              {
 282                  $this->set_error('email_already_in_use');
 283                  return false;
 284              }
 285          }
 286  
 287          // If we have an "email2", verify it matches the existing email
 288          if(isset($user['email2']) && $user['email'] != $user['email2'])
 289          {
 290              $this->set_error("emails_dont_match");
 291              return false;
 292          }
 293  
 294          return true;
 295      }
 296  
 297      /**
 298      * Verifies if a website is valid or not.
 299      *
 300      * @return boolean True when valid, false when invalid.
 301      */
 302  	function verify_website()
 303      {
 304          $website = &$this->data['website'];
 305  
 306          if(empty($website) || my_strtolower($website) == 'http://' || my_strtolower($website) == 'https://')
 307          {
 308              $website = '';
 309              return true;
 310          }
 311  
 312          // Does the website start with http(s)://?
 313          if(my_strtolower(substr($website, 0, 4)) != "http")
 314          {
 315              // Website does not start with http://, let's see if the user forgot.
 316              $website = "http://".$website;
 317          }
 318  
 319          if(!filter_var($website, FILTER_VALIDATE_URL))
 320          {
 321              $this->set_error('invalid_website');
 322              return false;
 323          }
 324  
 325          return true;
 326      }
 327  
 328      /**
 329       * Verifies if an ICQ number is valid or not.
 330       *
 331       * @return boolean True when valid, false when invalid.
 332       */
 333  	function verify_icq()
 334      {
 335          $icq = &$this->data['icq'];
 336  
 337          if($icq != '' && !is_numeric($icq))
 338          {
 339              $this->set_error("invalid_icq_number");
 340              return false;
 341          }
 342          $icq = (int)$icq;
 343          return true;
 344      }
 345  
 346      /**
 347      * Verifies if a birthday is valid or not.
 348      *
 349      * @return boolean True when valid, false when invalid.
 350      */
 351  	function verify_birthday()
 352      {
 353          global $mybb;
 354  
 355          $user = &$this->data;
 356          $birthday = &$user['birthday'];
 357  
 358          if(!is_array($birthday))
 359          {
 360              return true;
 361          }
 362  
 363          // Sanitize any input we have
 364          $birthday['day'] = (int)$birthday['day'];
 365          $birthday['month'] = (int)$birthday['month'];
 366          $birthday['year'] = (int)$birthday['year'];
 367  
 368          // Error if a day and month exists, and the birthday day and range is not in range
 369          if($birthday['day'] != 0 || $birthday['month'] != 0)
 370          {
 371              if($birthday['day'] < 1 || $birthday['day'] > 31 || $birthday['month'] < 1 || $birthday['month'] > 12 || ($birthday['month'] == 2 && $birthday['day'] > 29))
 372              {
 373                  $this->set_error("invalid_birthday");
 374                  return false;
 375              }
 376          }
 377  
 378          // Check if the day actually exists.
 379          $months = get_bdays($birthday['year']);
 380          if($birthday['month'] != 0 && $birthday['day'] > $months[$birthday['month']-1])
 381          {
 382              $this->set_error("invalid_birthday");
 383              return false;
 384          }
 385  
 386          // Error if a year exists and the year is out of range
 387          if($birthday['year'] != 0 && ($birthday['year'] < (date("Y")-100)) || $birthday['year'] > date("Y"))
 388          {
 389              $this->set_error("invalid_birthday");
 390              return false;
 391          }
 392          else if($birthday['year'] == date("Y"))
 393          {
 394              // Error if birth date is in future
 395              if($birthday['month'] > date("m") || ($birthday['month'] == date("m") && $birthday['day'] > date("d")))
 396              {
 397                  $this->set_error("invalid_birthday");
 398                  return false;
 399              }
 400          }
 401  
 402          // Error if COPPA is on, and the user hasn't verified their age / under 13
 403          if($mybb->settings['coppa'] == "enabled" && ($birthday['year'] == 0 || !$birthday['year']))
 404          {
 405              $this->set_error("invalid_birthday_coppa");
 406              return false;
 407          }
 408          elseif(($mybb->settings['coppa'] == "deny" && $birthday['year'] > (date("Y")-13)) && !is_moderator())
 409          {
 410              $this->set_error("invalid_birthday_coppa2");
 411              return false;
 412          }
 413  
 414          // Make the user's birthday field
 415          if($birthday['year'] != 0)
 416          {
 417              // If the year is specified, put together a d-m-y string
 418              $user['bday'] = $birthday['day']."-".$birthday['month']."-".$birthday['year'];
 419          }
 420          elseif($birthday['day'] && $birthday['month'])
 421          {
 422              // If only a day and month are specified, put together a d-m string
 423              $user['bday'] = $birthday['day']."-".$birthday['month']."-";
 424          }
 425          else
 426          {
 427              // No field is specified, so return an empty string for an unknown birthday
 428              $user['bday'] = '';
 429          }
 430          return true;
 431      }
 432  
 433      /**
 434       * Verifies if the birthday privacy option is valid or not.
 435       *
 436       * @return boolean True when valid, false when invalid.
 437       */
 438  	function verify_birthday_privacy()
 439      {
 440          $birthdayprivacy = &$this->data['birthdayprivacy'];
 441          $accepted = array(
 442                      'none',
 443                      'age',
 444                      'all');
 445  
 446          if(!in_array($birthdayprivacy, $accepted))
 447          {
 448              $this->set_error("invalid_birthday_privacy");
 449              return false;
 450          }
 451          return true;
 452      }
 453  
 454      /**
 455      * Verifies if the post count field is filled in correctly.
 456      *
 457      * @return boolean True when valid, false when invalid.
 458      */
 459  	function verify_postnum()
 460      {
 461          $user = &$this->data;
 462  
 463          if(isset($user['postnum']) && $user['postnum'] < 0)
 464          {
 465              $this->set_error("invalid_postnum");
 466              return false;
 467          }
 468  
 469          return true;
 470      }
 471  
 472      /**
 473      * Verifies if the thread count field is filled in correctly.
 474      *
 475      * @return boolean True when valid, false when invalid.
 476      */
 477  	function verify_threadnum()
 478      {
 479          $user = &$this->data;
 480  
 481          if(isset($user['threadnum']) && $user['threadnum'] < 0)
 482          {
 483              $this->set_error("invalid_threadnum");
 484              return false;
 485          }
 486  
 487          return true;
 488      }
 489  
 490      /**
 491      * Verifies if a profile fields are filled in correctly.
 492      *
 493      * @return boolean True when valid, false when invalid.
 494      */
 495  	function verify_profile_fields()
 496      {
 497          global $db, $cache;
 498  
 499          $user = &$this->data;
 500          $profile_fields = &$this->data['profile_fields'];
 501  
 502          // Loop through profile fields checking if they exist or not and are filled in.
 503  
 504          // Fetch all profile fields first.
 505          $pfcache = $cache->read('profilefields');
 506  
 507          if(is_array($pfcache))
 508          {
 509              // Then loop through the profile fields.
 510              foreach($pfcache as $profilefield)
 511              {
 512                  if(isset($this->data['profile_fields_editable']) || isset($this->data['registration']) && ($profilefield['required'] == 1 || $profilefield['registration'] == 1))
 513                  {
 514                      $profilefield['editableby'] = -1;
 515                  }
 516  
 517                  if(!is_member($profilefield['editableby'], array('usergroup' => $user['usergroup'], 'additionalgroups' => $user['additionalgroups'])))
 518                  {
 519                      continue;
 520                  }
 521  
 522                  // Does this field have a minimum post count?
 523                  if(!isset($this->data['profile_fields_editable']) && !empty($profilefield['postnum']) && $profilefield['postnum'] > $user['postnum'])
 524                  {
 525                      continue;
 526                  }
 527  
 528                  $profilefield['type'] = htmlspecialchars_uni($profilefield['type']);
 529                  $profilefield['name'] = htmlspecialchars_uni($profilefield['name']);
 530                  $thing = explode("\n", $profilefield['type'], "2");
 531                  $type = trim($thing[0]);
 532                  $field = "fid{$profilefield['fid']}";
 533  
 534                  if(!isset($profile_fields[$field]))
 535                  {
 536                      $profile_fields[$field] = '';
 537                  }
 538  
 539                  // If the profile field is required, but not filled in, present error.
 540                  if($type != "multiselect" && $type != "checkbox")
 541                  {
 542                      if(trim($profile_fields[$field]) == "" && $profilefield['required'] == 1 && !defined('IN_ADMINCP') && THIS_SCRIPT != "modcp.php")
 543                      {
 544                          $this->set_error('missing_required_profile_field', array($profilefield['name']));
 545                      }
 546                  }
 547                  elseif(($type == "multiselect" || $type == "checkbox") && $profile_fields[$field] == "" && $profilefield['required'] == 1 && !defined('IN_ADMINCP') && THIS_SCRIPT != "modcp.php")
 548                  {
 549                      $this->set_error('missing_required_profile_field', array($profilefield['name']));
 550                  }
 551  
 552                  // Sort out multiselect/checkbox profile fields.
 553                  $options = '';
 554                  if(($type == "multiselect" || $type == "checkbox") && is_array($profile_fields[$field]))
 555                  {
 556                      $expoptions = explode("\n", $thing[1]);
 557                      $expoptions = array_map('trim', $expoptions);
 558                      foreach($profile_fields[$field] as $value)
 559                      {
 560                          if(!in_array(htmlspecialchars_uni($value), $expoptions))
 561                          {
 562                              $this->set_error('bad_profile_field_values', array($profilefield['name']));
 563                          }
 564                          if($options)
 565                          {
 566                              $options .= "\n";
 567                          }
 568                          $options .= $db->escape_string($value);
 569                      }
 570                  }
 571                  elseif($type == "select" || $type == "radio")
 572                  {
 573                      $expoptions = explode("\n", $thing[1]);
 574                      $expoptions = array_map('trim', $expoptions);
 575                      if(!in_array(htmlspecialchars_uni($profile_fields[$field]), $expoptions) && trim($profile_fields[$field]) != "")
 576                      {
 577                          $this->set_error('bad_profile_field_values', array($profilefield['name']));
 578                      }
 579                      $options = $db->escape_string($profile_fields[$field]);
 580                  }
 581                  else
 582                  {
 583                      if($profilefield['maxlength'] > 0 && my_strlen($profile_fields[$field]) > $profilefield['maxlength'])
 584                      {
 585                          $this->set_error('max_limit_reached', array($profilefield['name'], $profilefield['maxlength']));
 586                      }
 587  
 588                      if(!empty($profilefield['regex']) && !preg_match("#".$profilefield['regex']."#i", $profile_fields[$field]))
 589                      {
 590                          $this->set_error('bad_profile_field_value', array($profilefield['name']));
 591                      }
 592  
 593                      $options = $db->escape_string($profile_fields[$field]);
 594                  }
 595                  $user['user_fields'][$field] = $options;
 596              }
 597          }
 598  
 599          return true;
 600      }
 601  
 602      /**
 603      * Verifies if an optionally entered referrer exists or not.
 604      *
 605      * @return boolean True when valid, false when invalid.
 606      */
 607  	function verify_referrer()
 608      {
 609          global $db, $mybb;
 610  
 611          $user = &$this->data;
 612  
 613          // Does the referrer exist or not?
 614          if($mybb->settings['usereferrals'] == 1 && $user['referrer'] != '')
 615          {
 616              $referrer = get_user_by_username($user['referrer']);
 617  
 618              if(empty($referrer['uid']))
 619              {
 620                  $this->set_error('invalid_referrer', array($user['referrer']));
 621                  return false;
 622              }
 623  
 624              $user['referrer_uid'] = $referrer['uid'];
 625          }
 626          else
 627          {
 628              $user['referrer_uid'] = 0;
 629          }
 630  
 631          return true;
 632      }
 633  
 634      /**
 635      * Verifies user options.
 636      *
 637      * @return boolean True when valid, false when invalid.
 638      */
 639  	function verify_options()
 640      {
 641          global $mybb;
 642  
 643          $options = &$this->data['options'];
 644  
 645          // Verify yes/no options.
 646          $this->verify_yesno_option($options, 'allownotices', 1);
 647          $this->verify_yesno_option($options, 'hideemail', 0);
 648          $this->verify_yesno_option($options, 'receivepms', 1);
 649          $this->verify_yesno_option($options, 'receivefrombuddy', 0);
 650          $this->verify_yesno_option($options, 'pmnotice', 1);
 651          $this->verify_yesno_option($options, 'pmnotify', 1);
 652          $this->verify_yesno_option($options, 'invisible', 0);
 653          $this->verify_yesno_option($options, 'showimages', 1);
 654          $this->verify_yesno_option($options, 'showvideos', 1);
 655          $this->verify_yesno_option($options, 'showsigs', 1);
 656          $this->verify_yesno_option($options, 'showavatars', 1);
 657          $this->verify_yesno_option($options, 'showquickreply', 1);
 658          $this->verify_yesno_option($options, 'showredirect', 1);
 659          $this->verify_yesno_option($options, 'showcodebuttons', 1);
 660          $this->verify_yesno_option($options, 'sourceeditor', 0);
 661          $this->verify_yesno_option($options, 'buddyrequestspm', 1);
 662          $this->verify_yesno_option($options, 'buddyrequestsauto', 0);
 663  
 664          if($mybb->settings['postlayout'] == 'classic')
 665          {
 666              $this->verify_yesno_option($options, 'classicpostbit', 1);
 667          }
 668          else
 669          {
 670              $this->verify_yesno_option($options, 'classicpostbit', 0);
 671          }
 672  
 673          if(array_key_exists('subscriptionmethod', $options))
 674          {
 675              // Value out of range
 676              $options['subscriptionmethod'] = (int)$options['subscriptionmethod'];
 677              if($options['subscriptionmethod'] < 0 || $options['subscriptionmethod'] > 3)
 678              {
 679                  $options['subscriptionmethod'] = 0;
 680              }
 681          }
 682  
 683          if(array_key_exists('dstcorrection', $options))
 684          {
 685              // Value out of range
 686              $options['dstcorrection'] = (int)$options['dstcorrection'];
 687              if($options['dstcorrection'] < 0 || $options['dstcorrection'] > 2)
 688              {
 689                  $options['dstcorrection'] = 0;
 690              }
 691          }
 692  
 693          if($options['dstcorrection'] == 1)
 694          {
 695              $options['dst'] = 1;
 696          }
 697          else if($options['dstcorrection'] == 0)
 698          {
 699              $options['dst'] = 0;
 700          }
 701  
 702          if($this->method == "insert" || (isset($options['threadmode']) && $options['threadmode'] != "linear" && $options['threadmode'] != "threaded"))
 703          {
 704              if($mybb->settings['threadusenetstyle'])
 705              {
 706                  $options['threadmode'] = 'threaded';
 707              }
 708              else
 709              {
 710                  $options['threadmode'] = 'linear';
 711              }
 712          }
 713  
 714          // Verify the "threads per page" option.
 715          if($this->method == "insert" || (array_key_exists('tpp', $options) && $mybb->settings['usertppoptions']))
 716          {
 717              if(!isset($options['tpp']))
 718              {
 719                  $options['tpp'] = 0;
 720              }
 721              $explodedtpp = explode(",", $mybb->settings['usertppoptions']);
 722              if(is_array($explodedtpp))
 723              {
 724                  @asort($explodedtpp);
 725                  $biggest = $explodedtpp[count($explodedtpp)-1];
 726                  // Is the selected option greater than the allowed options?
 727                  if($options['tpp'] > $biggest)
 728                  {
 729                      $options['tpp'] = $biggest;
 730                  }
 731              }
 732              $options['tpp'] = (int)$options['tpp'];
 733          }
 734          // Verify the "posts per page" option.
 735          if($this->method == "insert" || (array_key_exists('ppp', $options) && $mybb->settings['userpppoptions']))
 736          {
 737              if(!isset($options['ppp']))
 738              {
 739                  $options['ppp'] = 0;
 740              }
 741              $explodedppp = explode(",", $mybb->settings['userpppoptions']);
 742              if(is_array($explodedppp))
 743              {
 744                  @asort($explodedppp);
 745                  $biggest = $explodedppp[count($explodedppp)-1];
 746                  // Is the selected option greater than the allowed options?
 747                  if($options['ppp'] > $biggest)
 748                  {
 749                      $options['ppp'] = $biggest;
 750                  }
 751              }
 752              $options['ppp'] = (int)$options['ppp'];
 753          }
 754          // Is our selected "days prune" option valid or not?
 755          if($this->method == "insert" || array_key_exists('daysprune', $options))
 756          {
 757              if(!isset($options['daysprune']))
 758              {
 759                  $options['daysprune'] = 0;
 760              }
 761              $options['daysprune'] = (int)$options['daysprune'];
 762              if($options['daysprune'] < 0)
 763              {
 764                  $options['daysprune'] = 0;
 765              }
 766          }
 767          $this->data['options'] = $options;
 768      }
 769  
 770      /**
 771       * Verifies if a registration date is valid or not.
 772       *
 773       * @return boolean True when valid, false when invalid.
 774       */
 775  	function verify_regdate()
 776      {
 777          $regdate = &$this->data['regdate'];
 778  
 779          $regdate = (int)$regdate;
 780          // If the timestamp is below 0, set it to the current time.
 781          if($regdate <= 0)
 782          {
 783              $regdate = TIME_NOW;
 784          }
 785          return true;
 786      }
 787  
 788      /**
 789       * Verifies if a last visit date is valid or not.
 790       *
 791       * @return boolean True when valid, false when invalid.
 792       */
 793  	function verify_lastvisit()
 794      {
 795          $lastvisit = &$this->data['lastvisit'];
 796  
 797          $lastvisit = (int)$lastvisit;
 798          // If the timestamp is below 0, set it to the current time.
 799          if($lastvisit <= 0)
 800          {
 801              $lastvisit = TIME_NOW;
 802          }
 803          return true;
 804  
 805      }
 806  
 807      /**
 808       * Verifies if a last active date is valid or not.
 809       *
 810       * @return boolean True when valid, false when invalid.
 811       */
 812  	function verify_lastactive()
 813      {
 814          $lastactive = &$this->data['lastactive'];
 815  
 816          $lastactive = (int)$lastactive;
 817          // If the timestamp is below 0, set it to the current time.
 818          if($lastactive <= 0)
 819          {
 820              $lastactive = TIME_NOW;
 821          }
 822          return true;
 823  
 824      }
 825  
 826      /**
 827       * Verifies if an away mode status is valid or not.
 828       *
 829       * @return boolean True when valid, false when invalid.
 830       */
 831  	function verify_away()
 832      {
 833          global $mybb;
 834  
 835          $user = &$this->data;
 836          // If the board does not allow "away mode" or the user is marking as not away, set defaults.
 837          if($mybb->settings['allowaway'] == 0 || !isset($user['away']['away']) || $user['away']['away'] != 1)
 838          {
 839              $user['away']['away'] = 0;
 840              $user['away']['date'] = 0;
 841              $user['away']['returndate'] = 0;
 842              $user['away']['awayreason'] = '';
 843              return true;
 844          }
 845          else if($user['away']['returndate'])
 846          {
 847              list($returnday, $returnmonth, $returnyear) = explode('-', $user['away']['returndate']);
 848              if(!$returnday || !$returnmonth || !$returnyear)
 849              {
 850                  $this->set_error("missing_returndate");
 851                  return false;
 852              }
 853  
 854              // Validate the return date lengths
 855              $user['away']['returndate'] = substr($returnday, 0, 2).'-'.substr($returnmonth, 0, 2).'-'.substr($returnyear, 0, 4);
 856          }
 857          return true;
 858      }
 859  
 860      /**
 861       * Verifies if a language is valid for this user or not.
 862       *
 863       * @return boolean True when valid, false when invalid.
 864       */
 865  	function verify_language()
 866      {
 867          global $lang;
 868  
 869          $language = &$this->data['language'];
 870  
 871          // An invalid language has been specified?
 872          if($language != '' && !$lang->language_exists($language))
 873          {
 874              $this->set_error("invalid_language");
 875              return false;
 876          }
 877          return true;
 878      }
 879  
 880      /**
 881       * Verifies if a style is valid for this user or not.
 882       *
 883       * @return boolean True when valid, false when invalid.
 884       */
 885  	function verify_style()
 886      {
 887          global $lang;
 888  
 889          $user = &$this->data;
 890  
 891          if($user['style'])
 892          {
 893              $theme = get_theme($user['style']);
 894  
 895              if(empty($theme) || !is_member($theme['allowedgroups'], $user) && $theme['allowedgroups'] != 'all')
 896              {
 897                  $this->set_error('invalid_style');
 898                  return false;
 899              }
 900          }
 901  
 902          return true;
 903      }
 904  
 905      /**
 906       * Verifies if this is coming from a spam bot or not
 907       *
 908       * @return boolean True when valid, false when invalid.
 909       */
 910  	function verify_checkfields()
 911      {
 912          $user = &$this->data;
 913  
 914          // An invalid language has been specified?
 915          if($user['regcheck1'] !== "" || $user['regcheck2'] !== "true")
 916          {
 917              $this->set_error("invalid_checkfield");
 918              return false;
 919          }
 920          return true;
 921      }
 922  
 923      /**
 924       * Verifies if the user timezone is valid. 
 925       * If the timezone is invalid, the board default is used.
 926       *
 927       * @return boolean True when timezone was valid, false otherwise
 928       */
 929  	function verify_timezone()
 930      {
 931          $user = &$this->data;
 932  
 933          $timezones = get_supported_timezones();
 934  
 935          if(!array_key_exists($user['timezone'], $timezones))
 936          {
 937              $user['timezone'] = $mybb->settings['timezoneoffset'];
 938              return false;
 939          }
 940  
 941          return true;
 942      }
 943  
 944      /**
 945      * Validate all user assets.
 946      *
 947      * @return boolean True when valid, false when invalid.
 948      */
 949  	function validate_user()
 950      {
 951          global $mybb, $plugins;
 952  
 953          $user = &$this->data;
 954  
 955          // First, grab the old user details if this user exists
 956          if(!empty($user['uid']))
 957          {
 958              $old_user = get_user($user['uid']);
 959          }
 960  
 961          if($this->method == "insert" || array_key_exists('username', $user))
 962          {
 963              // If the username is the same - no need to verify
 964              if(!isset($old_user['username']) || $user['username'] != $old_user['username'])
 965              {
 966                  $this->verify_username();
 967                  $this->verify_username_exists();
 968              }
 969              else
 970              {
 971                  unset($user['username']);
 972              }
 973          }
 974          if($this->method == "insert" || array_key_exists('usertitle', $user))
 975          {
 976              $this->verify_usertitle();
 977          }
 978          if($this->method == "insert" || array_key_exists('password', $user))
 979          {
 980              $this->verify_password();
 981          }
 982          if($this->method == "insert" || array_key_exists('usergroup', $user))
 983          {
 984              $this->verify_usergroup();
 985          }
 986          if($this->method == "insert" || array_key_exists('email', $user))
 987          {
 988              $this->verify_email();
 989          }
 990          if($this->method == "insert" || array_key_exists('website', $user))
 991          {
 992              $this->verify_website();
 993          }
 994          if($this->method == "insert" || array_key_exists('icq', $user))
 995          {
 996              $this->verify_icq();
 997          }
 998          if($this->method == "insert" || (isset($user['birthday']) && is_array($user['birthday'])))
 999          {
1000              $this->verify_birthday();
1001          }
1002          if($this->method == "insert" || array_key_exists('postnum', $user))
1003          {
1004              $this->verify_postnum();
1005          }
1006          if($this->method == "insert" || array_key_exists('threadnum', $user))
1007          {
1008              $this->verify_threadnum();
1009          }
1010          if($this->method == "insert" || array_key_exists('profile_fields', $user))
1011          {
1012              $this->verify_profile_fields();
1013          }
1014          if($this->method == "insert" || array_key_exists('referrer', $user))
1015          {
1016              $this->verify_referrer();
1017          }
1018          if($this->method == "insert" || array_key_exists('options', $user))
1019          {
1020              $this->verify_options();
1021          }
1022          if($this->method == "insert" || array_key_exists('regdate', $user))
1023          {
1024              $this->verify_regdate();
1025          }
1026          if($this->method == "insert" || array_key_exists('lastvisit', $user))
1027          {
1028              $this->verify_lastvisit();
1029          }
1030          if($this->method == "insert" || array_key_exists('lastactive', $user))
1031          {
1032              $this->verify_lastactive();
1033          }
1034          if($this->method == "insert" || array_key_exists('away', $user))
1035          {
1036              $this->verify_away();
1037          }
1038          if($this->method == "insert" || array_key_exists('language', $user))
1039          {
1040              $this->verify_language();
1041          }
1042          if($this->method == "insert" || array_key_exists('timezone', $user))
1043          {
1044              $this->verify_timezone();
1045          }
1046          if($this->method == "insert" && array_key_exists('regcheck1', $user) && array_key_exists('regcheck2', $user))
1047          {
1048              $this->verify_checkfields();
1049          }
1050          if(array_key_exists('birthdayprivacy', $user))
1051          {
1052              $this->verify_birthday_privacy();
1053          }
1054          if($this->method == "insert" || array_key_exists('style', $user))
1055          {
1056              $this->verify_style();
1057          }
1058  
1059          $plugins->run_hooks("datahandler_user_validate", $this);
1060  
1061          // We are done validating, return.
1062          $this->set_validated(true);
1063          if(count($this->get_errors()) > 0)
1064          {
1065              return false;
1066          }
1067          else
1068          {
1069              return true;
1070          }
1071      }
1072  
1073      /**
1074      * Inserts a user into the database.
1075      *
1076      * @return array
1077      */
1078  	function insert_user()
1079      {
1080          global $db, $cache, $plugins;
1081  
1082          // Yes, validating is required.
1083          if(!$this->get_validated())
1084          {
1085              die("The user needs to be validated before inserting it into the DB.");
1086          }
1087          if(count($this->get_errors()) > 0)
1088          {
1089              die("The user is not valid.");
1090          }
1091  
1092          $user = &$this->data;
1093  
1094          $array = array('postnum', 'threadnum', 'avatar', 'avatartype', 'additionalgroups', 'displaygroup', 'icq', 'aim', 'yahoo', 'skype', 'google', 'bday', 'signature', 'style', 'dateformat', 'timeformat', 'notepad');
1095          foreach($array as $value)
1096          {
1097              if(!isset($user[$value]))
1098              {
1099                  $user[$value] = '';
1100              }
1101          }
1102  
1103          $this->user_insert_data = array(
1104              "username" => $db->escape_string($user['username']),
1105              "password" => $user['saltedpw'],
1106              "salt" => $user['salt'],
1107              "loginkey" => $user['loginkey'],
1108              "email" => $db->escape_string($user['email']),
1109              "postnum" => (int)$user['postnum'],
1110              "threadnum" => (int)$user['threadnum'],
1111              "avatar" => $db->escape_string($user['avatar']),
1112              "avatartype" => $db->escape_string($user['avatartype']),
1113              "usergroup" => (int)$user['usergroup'],
1114              "additionalgroups" => $db->escape_string($user['additionalgroups']),
1115              "displaygroup" => (int)$user['displaygroup'],
1116              "usertitle" => $db->escape_string(htmlspecialchars_uni($user['usertitle'])),
1117              "regdate" => (int)$user['regdate'],
1118              "lastactive" => (int)$user['lastactive'],
1119              "lastvisit" => (int)$user['lastvisit'],
1120              "website" => $db->escape_string($user['website']),
1121              "icq" => (int)$user['icq'],
1122              "aim" => $db->escape_string($user['aim']),
1123              "yahoo" => $db->escape_string($user['yahoo']),
1124              "skype" => $db->escape_string($user['skype']),
1125              "google" => $db->escape_string($user['google']),
1126              "birthday" => $user['bday'],
1127              "signature" => $db->escape_string($user['signature']),
1128              "allownotices" => (int)$user['options']['allownotices'],
1129              "hideemail" => (int)$user['options']['hideemail'],
1130              "subscriptionmethod" => (int)$user['options']['subscriptionmethod'],
1131              "receivepms" => (int)$user['options']['receivepms'],
1132              "receivefrombuddy" => (int)$user['options']['receivefrombuddy'],
1133              "pmnotice" => (int)$user['options']['pmnotice'],
1134              "pmnotify" => (int)$user['options']['pmnotify'],
1135              "showimages" => (int)$user['options']['showimages'],
1136              "showvideos" => (int)$user['options']['showvideos'],
1137              "showsigs" => (int)$user['options']['showsigs'],
1138              "showavatars" => (int)$user['options']['showavatars'],
1139              "showquickreply" => (int)$user['options']['showquickreply'],
1140              "showredirect" => (int)$user['options']['showredirect'],
1141              "tpp" => (int)$user['options']['tpp'],
1142              "ppp" => (int)$user['options']['ppp'],
1143              "invisible" => (int)$user['options']['invisible'],
1144              "style" => (int)$user['style'],
1145              "timezone" => $db->escape_string($user['timezone']),
1146              "dstcorrection" => (int)$user['options']['dstcorrection'],
1147              "threadmode" => $user['options']['threadmode'],
1148              "daysprune" => (int)$user['options']['daysprune'],
1149              "dateformat" => $db->escape_string($user['dateformat']),
1150              "timeformat" => $db->escape_string($user['timeformat']),
1151              "regip" => $db->escape_binary($user['regip']),
1152              "language" => $db->escape_string($user['language']),
1153              "showcodebuttons" => (int)$user['options']['showcodebuttons'],
1154              "sourceeditor" => (int)$user['options']['sourceeditor'],
1155              "buddyrequestspm" => (int)$user['options']['buddyrequestspm'],
1156              "buddyrequestsauto" => (int)$user['options']['buddyrequestsauto'],
1157              "away" => (int)$user['away']['away'],
1158              "awaydate" => (int)$user['away']['date'],
1159              "returndate" => $user['away']['returndate'],
1160              "awayreason" => $db->escape_string($user['away']['awayreason']),
1161              "notepad" => $db->escape_string($user['notepad']),
1162              "referrer" => (int)$user['referrer_uid'],
1163              "referrals" => 0,
1164              "buddylist" => '',
1165              "ignorelist" => '',
1166              "pmfolders" => '',
1167              "notepad" => '',
1168              "warningpoints" => 0,
1169              "moderateposts" => 0,
1170              "moderationtime" => 0,
1171              "suspendposting" => 0,
1172              "suspensiontime" => 0,
1173              "coppauser" => (int)$user['coppa_user'],
1174              "classicpostbit" => (int)$user['options']['classicpostbit'],
1175              "usernotes" => ''
1176          );
1177  
1178          if($user['options']['dstcorrection'] == 1)
1179          {
1180              $this->user_insert_data['dst'] = 1;
1181          }
1182          else if($user['options']['dstcorrection'] == 0)
1183          {
1184              $this->user_insert_data['dst'] = 0;
1185          }
1186  
1187          $plugins->run_hooks("datahandler_user_insert", $this);
1188  
1189          $this->uid = $db->insert_query("users", $this->user_insert_data);
1190  
1191          $user['user_fields']['ufid'] = $this->uid;
1192  
1193          $pfcache = $cache->read('profilefields');
1194  
1195          if(is_array($pfcache))
1196          {
1197              foreach($pfcache as $profile_field)
1198              {
1199                  if(array_key_exists("fid{$profile_field['fid']}", $user['user_fields']))
1200                  {
1201                      continue;
1202                  }
1203                  $user['user_fields']["fid{$profile_field['fid']}"] = '';
1204              }
1205          }
1206  
1207          $db->insert_query("userfields", $user['user_fields'], false);
1208  
1209          if($this->user_insert_data['referrer'] != 0)
1210          {
1211              $db->write_query("
1212                  UPDATE ".TABLE_PREFIX."users
1213                  SET referrals=referrals+1
1214                  WHERE uid='{$this->user_insert_data['referrer']}'
1215              ");
1216          }
1217  
1218          // Update forum stats
1219          update_stats(array('numusers' => '+1'));
1220  
1221          if((int)$user['usergroup'] == 5)
1222          {
1223              $cache->update_awaitingactivation();
1224          }
1225  
1226          $this->return_values = array(
1227              "uid" => $this->uid,
1228              "username" => $user['username'],
1229              "loginkey" => $user['loginkey'],
1230              "email" => $user['email'],
1231              "password" => $user['password'],
1232              "usergroup" => $user['usergroup']
1233          );
1234  
1235          $plugins->run_hooks("datahandler_user_insert_end", $this);
1236  
1237          return $this->return_values;
1238      }
1239  
1240      /**
1241      * Updates a user in the database.
1242      *
1243      * @return bool
1244      */
1245  	function update_user()
1246      {
1247          global $db, $plugins, $cache;
1248  
1249          // Yes, validating is required.
1250          if(!$this->get_validated())
1251          {
1252              die("The user needs to be validated before inserting it into the DB.");
1253          }
1254          if(count($this->get_errors()) > 0)
1255          {
1256              die("The user is not valid.");
1257          }
1258  
1259          $user = &$this->data;
1260          $user['uid'] = (int)$user['uid'];
1261          $this->uid = $user['uid'];
1262  
1263          // Set up the update data.
1264          if(isset($user['username']))
1265          {
1266              $this->user_update_data['username'] = $db->escape_string($user['username']);
1267          }
1268          if(isset($user['saltedpw']))
1269          {
1270              $this->user_update_data['password'] = $user['saltedpw'];
1271              $this->user_update_data['salt'] = $user['salt'];
1272              $this->user_update_data['loginkey'] = $user['loginkey'];
1273          }
1274          if(isset($user['email']))
1275          {
1276              $this->user_update_data['email'] = $user['email'];
1277          }
1278          if(isset($user['postnum']))
1279          {
1280              $this->user_update_data['postnum'] = (int)$user['postnum'];
1281          }
1282          if(isset($user['threadnum']))
1283          {
1284              $this->user_update_data['threadnum'] = (int)$user['threadnum'];
1285          }
1286          if(isset($user['avatar']))
1287          {
1288              $this->user_update_data['avatar'] = $db->escape_string($user['avatar']);
1289              $this->user_update_data['avatartype'] = $db->escape_string($user['avatartype']);
1290          }
1291          if(isset($user['usergroup']))
1292          {
1293              $this->user_update_data['usergroup'] = (int)$user['usergroup'];
1294          }
1295          if(isset($user['additionalgroups']))
1296          {
1297              $this->user_update_data['additionalgroups'] = $db->escape_string($user['additionalgroups']);
1298          }
1299          if(isset($user['displaygroup']))
1300          {
1301              $this->user_update_data['displaygroup'] = (int)$user['displaygroup'];
1302          }
1303          if(isset($user['usertitle']))
1304          {
1305              $this->user_update_data['usertitle'] = $db->escape_string($user['usertitle']);
1306          }
1307          if(isset($user['regdate']))
1308          {
1309              $this->user_update_data['regdate'] = (int)$user['regdate'];
1310          }
1311          if(isset($user['lastactive']))
1312          {
1313              $this->user_update_data['lastactive'] = (int)$user['lastactive'];
1314          }
1315          if(isset($user['lastvisit']))
1316          {
1317              $this->user_update_data['lastvisit'] = (int)$user['lastvisit'];
1318          }
1319          if(isset($user['signature']))
1320          {
1321              $this->user_update_data['signature'] = $db->escape_string($user['signature']);
1322          }
1323          if(isset($user['website']))
1324          {
1325              $this->user_update_data['website'] = $db->escape_string($user['website']);
1326          }
1327          if(isset($user['icq']))
1328          {
1329              $this->user_update_data['icq'] = (int)$user['icq'];
1330          }
1331          if(isset($user['aim']))
1332          {
1333              $this->user_update_data['aim'] = $db->escape_string($user['aim']);
1334          }
1335          if(isset($user['yahoo']))
1336          {
1337              $this->user_update_data['yahoo'] = $db->escape_string($user['yahoo']);
1338          }
1339          if(isset($user['skype']))
1340          {
1341              $this->user_update_data['skype'] = $db->escape_string($user['skype']);
1342          }
1343          if(isset($user['google']))
1344          {
1345              $this->user_update_data['google'] = $db->escape_string($user['google']);
1346          }
1347          if(isset($user['bday']))
1348          {
1349              $this->user_update_data['birthday'] = $user['bday'];
1350          }
1351          if(isset($user['birthdayprivacy']))
1352          {
1353              $this->user_update_data['birthdayprivacy'] = $db->escape_string($user['birthdayprivacy']);
1354          }
1355          if(isset($user['style']))
1356          {
1357              $this->user_update_data['style'] = (int)$user['style'];
1358          }
1359          if(isset($user['timezone']))
1360          {
1361              $this->user_update_data['timezone'] = $db->escape_string($user['timezone']);
1362          }
1363          if(isset($user['dateformat']))
1364          {
1365              $this->user_update_data['dateformat'] = $db->escape_string($user['dateformat']);
1366          }
1367          if(isset($user['timeformat']))
1368          {
1369              $this->user_update_data['timeformat'] = $db->escape_string($user['timeformat']);
1370          }
1371          if(isset($user['regip']))
1372          {
1373              $this->user_update_data['regip'] = $db->escape_string($user['regip']);
1374          }
1375          if(isset($user['language']))
1376          {
1377              $this->user_update_data['language'] = $db->escape_string($user['language']);
1378          }
1379          if(isset($user['away']))
1380          {
1381              $this->user_update_data['away'] = $user['away']['away'];
1382              $this->user_update_data['awaydate'] = $db->escape_string($user['away']['date']);
1383              $this->user_update_data['returndate'] = $db->escape_string($user['away']['returndate']);
1384              $this->user_update_data['awayreason'] = $db->escape_string($user['away']['awayreason']);
1385          }
1386          if(isset($user['notepad']))
1387          {
1388              $this->user_update_data['notepad'] = $db->escape_string($user['notepad']);
1389          }
1390          if(isset($user['usernotes']))
1391          {
1392              $this->user_update_data['usernotes'] = $db->escape_string($user['usernotes']);
1393          }
1394          if(isset($user['options']) && is_array($user['options']))
1395          {
1396              foreach($user['options'] as $option => $value)
1397              {
1398                  $this->user_update_data[$option] = $value;
1399              }
1400          }
1401          if(array_key_exists('coppa_user', $user))
1402          {
1403              $this->user_update_data['coppauser'] = (int)$user['coppa_user'];
1404          }
1405          // First, grab the old user details for later use.
1406          $old_user = get_user($user['uid']);
1407  
1408          // If old user has new pmnotice and new user has = yes, keep old value
1409          if($old_user['pmnotice'] == "2" && $this->user_update_data['pmnotice'] == 1)
1410          {
1411              unset($this->user_update_data['pmnotice']);
1412          }
1413  
1414          $plugins->run_hooks("datahandler_user_update", $this);
1415  
1416          if(count($this->user_update_data) < 1 && empty($user['user_fields']))
1417          {
1418              return false;
1419          }
1420  
1421          if(count($this->user_update_data) > 0)
1422          {
1423              // Actual updating happens here.
1424              $db->update_query("users", $this->user_update_data, "uid='{$user['uid']}'");
1425          }
1426  
1427          $cache->update_moderators();
1428          if(isset($user['bday']) || isset($user['username']))
1429          {
1430              $cache->update_birthdays();
1431          }
1432  
1433          if(isset($user['usergroup']) && (int)$user['usergroup'] == 5)
1434          {
1435              $cache->update_awaitingactivation();
1436          }
1437  
1438          // Maybe some userfields need to be updated?
1439          if(isset($user['user_fields']) && is_array($user['user_fields']))
1440          {
1441              $query = $db->simple_select("userfields", "*", "ufid='{$user['uid']}'");
1442              $fields = $db->fetch_array($query);
1443              if(!$fields['ufid'])
1444              {
1445                  $user_fields = array(
1446                      'ufid' => $user['uid']
1447                  );
1448  
1449                  $fields_array = $db->show_fields_from("userfields");
1450                  foreach($fields_array as $field)
1451                  {
1452                      if($field['Field'] == 'ufid')
1453                      {
1454                          continue;
1455                      }
1456                      $user_fields[$field['Field']] = '';
1457                  }
1458                  $db->insert_query("userfields", $user_fields);
1459              }
1460              $db->update_query("userfields", $user['user_fields'], "ufid='{$user['uid']}'", false);
1461          }
1462  
1463          // Let's make sure the user's name gets changed everywhere in the db if it changed.
1464          if(!empty($this->user_update_data['username']) && $this->user_update_data['username'] != $old_user['username'])
1465          {
1466              $username_update = array(
1467                  "username" => $this->user_update_data['username']
1468              );
1469              $lastposter_update = array(
1470                  "lastposter" => $this->user_update_data['username']
1471              );
1472  
1473              $db->update_query("posts", $username_update, "uid='{$user['uid']}'");
1474              $db->update_query("threads", $username_update, "uid='{$user['uid']}'");
1475              $db->update_query("threads", $lastposter_update, "lastposteruid='{$user['uid']}'");
1476              $db->update_query("forums", $lastposter_update, "lastposteruid='{$user['uid']}'");
1477  
1478              $stats = $cache->read("stats");
1479              if($stats['lastuid'] == $user['uid'])
1480              {
1481                  // User was latest to register, update stats
1482                  update_stats(array("numusers" => "+0"));
1483              }
1484          }
1485  
1486          return true;
1487      }
1488  
1489      /**
1490       * Provides a method to completely delete a user.
1491       *
1492       * @param array $delete_uids Array of user information
1493       * @param integer $prunecontent Whether if delete threads/posts or not
1494       * @return array
1495       */
1496  	function delete_user($delete_uids, $prunecontent=0)
1497      {
1498          global $db, $plugins, $mybb, $cache;
1499  
1500          // Yes, validating is required.
1501          if(count($this->get_errors()) > 0)
1502          {
1503              die('The user is not valid.');
1504          }
1505  
1506          $this->delete_uids = array_map('intval', (array)$delete_uids);
1507  
1508          foreach($this->delete_uids as $key => $uid)
1509          {
1510              if(!$uid || is_super_admin($uid) || $uid == $mybb->user['uid'])
1511              {
1512                  // Remove super admins
1513                  unset($this->delete_uids[$key]);
1514              }
1515          }
1516  
1517          $plugins->run_hooks('datahandler_user_delete_start', $this);
1518  
1519          $this->delete_uids = implode(',', $this->delete_uids);
1520  
1521          if(empty($this->delete_uids))
1522          {
1523              $this->deleted_users = 0;
1524              $this->return_values = array(
1525                  "deleted_users" => $this->deleted_users
1526              );
1527  
1528              return $this->return_values;
1529          }
1530  
1531          $this->delete_content();
1532  
1533          // Delete the user
1534          $query = $db->delete_query('users', "uid IN({$this->delete_uids})");
1535          $this->deleted_users = $db->affected_rows($query);
1536  
1537          // Are we removing the posts/threads of a user?
1538          if((int)$prunecontent == 1)
1539          {
1540              $this->delete_posts();
1541              $db->delete_query('announcements', "uid IN({$this->delete_uids})");
1542          }
1543          else
1544          {
1545              // We're just updating the UID
1546              $db->update_query('pollvotes', array('uid' => 0), "uid IN({$this->delete_uids})");
1547              $db->update_query('posts', array('uid' => 0), "uid IN({$this->delete_uids})");
1548              $db->update_query('threads', array('uid' => 0), "uid IN({$this->delete_uids})");
1549              $db->update_query('attachments', array('uid' => 0), "uid IN({$this->delete_uids})");
1550              $db->update_query('announcements', array('uid' => 0), "uid IN({$this->delete_uids})");
1551          }
1552  
1553          $db->update_query('privatemessages', array('fromid' => 0), "fromid IN({$this->delete_uids})");
1554          $db->update_query('users', array('referrer' => 0), "referrer IN({$this->delete_uids})");
1555  
1556          // Update thread ratings
1557          $query = $db->query("
1558              SELECT r.*, t.numratings, t.totalratings
1559              FROM ".TABLE_PREFIX."threadratings r
1560              LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=r.tid)
1561              WHERE r.uid IN({$this->delete_uids})
1562          ");
1563          while($rating = $db->fetch_array($query))
1564          {
1565              $update_thread = array(
1566                  "numratings" => $rating['numratings'] - 1,
1567                  "totalratings" => $rating['totalratings'] - $rating['rating']
1568              );
1569              $db->update_query("threads", $update_thread, "tid='{$rating['tid']}'");
1570          }
1571  
1572          $db->delete_query('threadratings', "uid IN({$this->delete_uids})");
1573  
1574          // Update forums & threads if user is the lastposter
1575          $db->update_query('forums', array('lastposteruid' => 0), "lastposteruid IN({$this->delete_uids})");
1576          $db->update_query('threads', array('lastposteruid' => 0), "lastposteruid IN({$this->delete_uids})");
1577  
1578          // Update forum stats
1579          update_stats(array('numusers' => '-'.$this->deleted_users));
1580  
1581          $this->return_values = array(
1582              "deleted_users" => $this->deleted_users
1583          );
1584  
1585          $plugins->run_hooks("datahandler_user_delete_end", $this);
1586  
1587          // Update  cache
1588          $cache->update_banned();
1589          $cache->update_moderators();
1590          $cache->update_forumsdisplay();
1591          $cache->update_reportedcontent();
1592          $cache->update_awaitingactivation();
1593  
1594          return $this->return_values;
1595      }
1596  
1597      /**
1598       * Provides a method to delete users' content
1599       *
1600       * @param array|bool $delete_uids Array of user ids, false if they're already set (eg when using the delete_user function)
1601       */
1602  	function delete_content($delete_uids=false)
1603      {
1604          global $db, $plugins, $mybb;
1605  
1606          if($delete_uids != false)
1607          {
1608              $this->delete_uids = array_map('intval', (array)$delete_uids);
1609          
1610              foreach($this->delete_uids as $key => $uid)
1611              {
1612                  if(!$uid || is_super_admin($uid) || $uid == $mybb->user['uid'])
1613                  {
1614                      // Remove super admins
1615                      unset($this->delete_uids[$key]);
1616                  }
1617              }
1618          
1619              $this->delete_uids = implode(',', $this->delete_uids);
1620          }
1621  
1622          $plugins->run_hooks('datahandler_user_delete_content', $this);
1623  
1624          if(empty($this->delete_uids))
1625          {
1626              return;
1627          }
1628  
1629          $db->delete_query('userfields', "ufid IN({$this->delete_uids})");
1630          $db->delete_query('privatemessages', "uid IN({$this->delete_uids})");
1631          $db->delete_query('events', "uid IN({$this->delete_uids})");
1632          $db->delete_query('moderators', "id IN({$this->delete_uids}) AND isgroup = 0");
1633          $db->delete_query('forumsubscriptions', "uid IN({$this->delete_uids})");
1634          $db->delete_query('threadsubscriptions', "uid IN({$this->delete_uids})");
1635          $db->delete_query('forumsread', "uid IN({$this->delete_uids})");
1636          $db->delete_query('threadsread', "uid IN({$this->delete_uids})");
1637          $db->delete_query('adminviews', "uid IN({$this->delete_uids})");
1638          $db->delete_query('adminoptions', "uid IN({$this->delete_uids})");
1639          $db->delete_query('adminsessions', "uid IN({$this->delete_uids})");
1640          $db->delete_query('sessions', "uid IN({$this->delete_uids})");
1641          $db->delete_query('banned', "uid IN({$this->delete_uids})");
1642          $db->delete_query('joinrequests', "uid IN({$this->delete_uids})");
1643          $db->delete_query('groupleaders', "uid IN({$this->delete_uids})");
1644          $db->delete_query('awaitingactivation', "uid IN({$this->delete_uids})");
1645          $db->delete_query('warnings', "uid IN({$this->delete_uids})");
1646          $db->delete_query('reputation', "uid IN({$this->delete_uids}) OR adduid IN({$this->delete_uids})");
1647          $db->delete_query('buddyrequests', "uid IN({$this->delete_uids}) OR touid IN({$this->delete_uids})");
1648          $db->delete_query('posts', "uid IN({$this->delete_uids}) AND visible = -2");
1649          $db->delete_query('threads', "uid IN({$this->delete_uids}) AND visible = -2");
1650  
1651          // Delete reports made to the profile or reputation of the deleted users (i.e. made by them)
1652          $db->delete_query('reportedcontent', "type='reputation' AND id3 IN({$this->delete_uids}) OR type='reputation' AND id2 IN({$this->delete_uids})");
1653          $db->delete_query('reportedcontent', "type='profile' AND id IN({$this->delete_uids})");
1654  
1655          // Update the reports made by the deleted users by setting the uid to 0
1656          $db->update_query('reportedcontent', array('uid' => 0), "uid IN({$this->delete_uids})");
1657  
1658          // Remove any of the user(s) uploaded avatars
1659          require_once  MYBB_ROOT.'inc/functions_upload.php';
1660          foreach(explode(',', $this->delete_uids) as $uid)
1661          {
1662              remove_avatars($uid);
1663          }
1664      }
1665  
1666      /**
1667       * Provides a method to delete an users posts and threads
1668       *
1669       * @param array|bool $delete_uids Array of user ids, false if they're already set (eg when using the delete_user function)
1670       */
1671  	function delete_posts($delete_uids=false)
1672      {
1673          global $db, $plugins, $mybb;
1674  
1675          if($delete_uids != false)
1676          {
1677              $this->delete_uids = array_map('intval', (array)$delete_uids);
1678  
1679              foreach($this->delete_uids as $key => $uid)
1680              {
1681                  if(!$uid || is_super_admin($uid) || $uid == $mybb->user['uid'])
1682                  {
1683                      // Remove super admins
1684                      unset($this->delete_uids[$key]);
1685                  }
1686              }
1687  
1688              $this->delete_uids = implode(',', $this->delete_uids);
1689          }
1690  
1691          require_once  MYBB_ROOT.'inc/class_moderation.php';
1692          $moderation = new Moderation();
1693  
1694          $plugins->run_hooks('datahandler_user_delete_posts', $this);
1695  
1696          if(empty($this->delete_uids))
1697          {
1698              return;
1699          }
1700  
1701          // Threads
1702          $query = $db->simple_select('threads', 'tid', "uid IN({$this->delete_uids})");
1703          while($tid = $db->fetch_field($query, 'tid'))
1704          {
1705              $moderation->delete_thread($tid);
1706          }
1707  
1708          // Posts
1709          $query = $db->simple_select('posts', 'pid', "uid IN({$this->delete_uids})");
1710          while($pid = $db->fetch_field($query, 'pid'))
1711          {
1712              $moderation->delete_post($pid);
1713          }
1714      }
1715  
1716      /**
1717       * Provides a method to clear an users profile
1718       *
1719       * @param array|bool $delete_uids Array of user ids, false if they're already set (eg when using the delete_user function)
1720       * @param int $gid The new usergroup if the users should be moved (additional usergroups are always removed)
1721       */
1722  	function clear_profile($delete_uids=false, $gid=0)
1723      {
1724          global $db, $plugins, $mybb;
1725  
1726          // delete_uids isn't a nice name, but it's used as the functions above use the same
1727          if($delete_uids != false)
1728          {
1729              $this->delete_uids = array_map('intval', (array)$delete_uids);
1730  
1731              foreach($this->delete_uids as $key => $uid)
1732              {
1733                  if(!$uid || is_super_admin($uid) || $uid == $mybb->user['uid'])
1734                  {
1735                      // Remove super admins
1736                      unset($this->delete_uids[$key]);
1737                  }
1738              }
1739  
1740              $this->delete_uids = implode(',', $this->delete_uids);
1741          }
1742  
1743          $update = array(
1744              "website" => "",
1745              "birthday" => "",
1746              "icq" => "",
1747              "aim" => "",
1748              "yahoo" => "",
1749              "skype" => "",
1750              "google" => "",
1751              "usertitle" => "",
1752              "away" => 0,
1753              "awaydate" => 0,
1754              "returndate" => "",
1755              "awayreason" => "",
1756              "additionalgroups" => "",
1757              "displaygroup" => 0,
1758              "signature" => "",
1759              "avatar" => "",
1760              'avatardimensions' => '',
1761              'avatartype' => ''
1762          );
1763  
1764          if($gid > 0)
1765          {
1766              $update["usergroup"] = (int)$gid;
1767          }
1768  
1769          $plugins->run_hooks('datahandler_user_clear_profile', $this);
1770  
1771          if(empty($this->delete_uids))
1772          {
1773              return;
1774          }
1775  
1776          $db->update_query("users", $update, "uid IN({$this->delete_uids})");
1777          $db->delete_query('userfields', "ufid IN({$this->delete_uids})");
1778  
1779          // Remove any of the user(s) uploaded avatars
1780          require_once  MYBB_ROOT.'inc/functions_upload.php';
1781          foreach(explode(',', $this->delete_uids) as $uid)
1782          {
1783              remove_avatars($uid);
1784          }
1785      }
1786  }


2005 - 2015 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref 0.7.1