| [ Index ] |
PHP Cross Reference of MyBB 1.8.39 |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * MyBB 1.8 4 * Copyright 2014 MyBB Group, All Rights Reserved 5 * 6 * Website: http://www.mybb.com 7 * License: http://www.mybb.com/about/license 8 * 9 */ 10 11 // Disallow direct access to this file for security reasons 12 if(!defined("IN_MYBB")) 13 { 14 die("Direct initialization of this file is not allowed.<br /><br />Please make sure IN_MYBB is defined."); 15 } 16 17 /** 18 * User handling class, provides common structure to handle user data. 19 * 20 */ 21 class UserDataHandler extends DataHandler 22 { 23 /** 24 * The language file used in the data handler. 25 * 26 * @var string 27 */ 28 public $language_file = 'datahandler_user'; 29 30 /** 31 * The prefix for the language variables used in the data handler. 32 * 33 * @var string 34 */ 35 public $language_prefix = 'userdata'; 36 37 /** 38 * Array of data inserted in to a user. 39 * 40 * @var array 41 */ 42 public $user_insert_data = array(); 43 44 /** 45 * Array of data used to update a user. 46 * 47 * @var array 48 */ 49 public $user_update_data = array(); 50 51 /** 52 * User ID currently being manipulated by the datahandlers. 53 * 54 * @var int 55 */ 56 public $uid = 0; 57 58 /** 59 * Values to be returned after inserting/deleting an user. 60 * 61 * @var array 62 */ 63 public $return_values = array(); 64 65 /** 66 * @var array 67 */ 68 var $delete_uids = array(); 69 70 /** 71 * @var int 72 */ 73 var $deleted_users = 0; 74 75 /** 76 * Verifies if a username is valid or invalid. 77 * 78 * @return boolean True when valid, false when invalid. 79 */ 80 function verify_username() 81 { 82 global $mybb; 83 84 $username = &$this->data['username']; 85 require_once MYBB_ROOT.'inc/functions_user.php'; 86 87 // Fix bad characters 88 $username = trim_blank_chrs($username); 89 $username = str_replace(array(unichr(160), unichr(173), unichr(0xCA), dec_to_utf8(8238), dec_to_utf8(8237), dec_to_utf8(8203)), array(" ", "-", "", "", "", ""), $username); 90 91 // Remove multiple spaces from the username 92 $username = preg_replace("#\s{2,}#", " ", $username); 93 94 // Check if the username is not empty. 95 if($username == '') 96 { 97 $this->set_error('missing_username'); 98 return false; 99 } 100 101 // Check if the username belongs to the list of banned usernames. 102 if(is_banned_username($username, true)) 103 { 104 $this->set_error('banned_username'); 105 return false; 106 } 107 108 // Check for certain characters in username (<, >, &, commas and slashes) 109 if(strpos($username, "<") !== false || strpos($username, ">") !== false || strpos($username, "&") !== false || my_strpos($username, "\\") !== false || strpos($username, ";") !== false || strpos($username, ",") !== false || !validate_utf8_string($username, false, false)) 110 { 111 $this->set_error("bad_characters_username"); 112 return false; 113 } 114 115 // Check if the username is of the correct length. 116 if(($mybb->settings['maxnamelength'] != 0 && my_strlen($username) > $mybb->settings['maxnamelength']) || ($mybb->settings['minnamelength'] != 0 && my_strlen($username) < $mybb->settings['minnamelength'])) 117 { 118 $this->set_error('invalid_username_length', array($mybb->settings['minnamelength'], $mybb->settings['maxnamelength'])); 119 return false; 120 } 121 122 return true; 123 } 124 125 /** 126 * Verifies if a usertitle is valid or invalid. 127 * 128 * @return boolean True when valid, false when invalid. 129 */ 130 function verify_usertitle() 131 { 132 global $mybb; 133 134 $usertitle = &$this->data['usertitle']; 135 136 // Check if the usertitle is of the correct length. 137 if($mybb->settings['customtitlemaxlength'] != 0 && my_strlen($usertitle) > $mybb->settings['customtitlemaxlength']) 138 { 139 $this->set_error('invalid_usertitle_length', $mybb->settings['customtitlemaxlength']); 140 return false; 141 } 142 143 return true; 144 } 145 146 /** 147 * Verifies if a username is already in use or not. 148 * 149 * @return boolean False when the username is not in use, true when it is. 150 */ 151 function verify_username_exists() 152 { 153 $username = &$this->data['username']; 154 155 $user = get_user_by_username(trim($username)); 156 157 if(!empty($this->data['uid']) && !empty($user['uid']) && $user['uid'] == $this->data['uid']) 158 { 159 unset($user); 160 } 161 162 if(!empty($user['uid'])) 163 { 164 $this->set_error("username_exists", array($username)); 165 return true; 166 } 167 168 return false; 169 } 170 171 /** 172 * Verifies if a new password is valid or not. 173 * 174 * @return boolean True when valid, false when invalid. 175 */ 176 function verify_password() 177 { 178 global $mybb; 179 180 $user = &$this->data; 181 182 // Always check for the length of the password. 183 if(my_strlen($user['password']) < $mybb->settings['minpasswordlength'] || my_strlen($user['password']) > $mybb->settings['maxpasswordlength']) 184 { 185 $this->set_error('invalid_password_length', array($mybb->settings['minpasswordlength'], $mybb->settings['maxpasswordlength'])); 186 return false; 187 } 188 189 // Has the user tried to use their email address or username as a password? 190 if(!empty($user['email']) && !empty($user['username'])) 191 { 192 if($user['email'] === $user['password'] || $user['username'] === $user['password'] 193 || strpos($user['password'], $user['email']) !== false || strpos($user['password'], $user['username']) !== false 194 || strpos($user['email'], $user['password']) !== false || strpos($user['username'], $user['password']) !== false) 195 { 196 $this->set_error('bad_password_security'); 197 return false; 198 } 199 } 200 201 // See if the board has "require complex passwords" enabled. 202 if($mybb->settings['requirecomplexpasswords'] == 1) 203 { 204 // Complex passwords required, do some extra checks. 205 // First, see if there is one or more complex character(s) in the password. 206 if(!preg_match("/^.*(?=.{".$mybb->settings['minpasswordlength'].",})(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).*$/", $user['password'])) 207 { 208 $this->set_error('no_complex_characters', array($mybb->settings['minpasswordlength'])); 209 return false; 210 } 211 } 212 213 // If we have a "password2" check if they both match 214 if(isset($user['password2']) && $user['password'] !== $user['password2']) 215 { 216 $this->set_error("passwords_dont_match"); 217 return false; 218 } 219 220 // Generate the user login key 221 $user['loginkey'] = generate_loginkey(); 222 223 // Combine the password and salt 224 $password_fields = create_password($user['password'], false, $user); 225 $user = array_merge($user, $password_fields); 226 227 return true; 228 } 229 230 /** 231 * Verifies usergroup selections and other group details. 232 * 233 * @return boolean True when valid, false when invalid. 234 */ 235 function verify_usergroup() 236 { 237 return true; 238 } 239 /** 240 * Verifies if an email address is valid or not. 241 * 242 * @return boolean True when valid, false when invalid. 243 */ 244 function verify_email() 245 { 246 global $mybb; 247 248 $user = &$this->data; 249 250 // Check if an email address has actually been entered. 251 if(trim_blank_chrs($user['email']) == '') 252 { 253 $this->set_error('missing_email'); 254 return false; 255 } 256 257 // Check if this is a proper email address. 258 if(!validate_email_format($user['email'])) 259 { 260 $this->set_error('invalid_email_format'); 261 return false; 262 } 263 264 // Check banned emails 265 if(is_banned_email($user['email'], true)) 266 { 267 $this->set_error('banned_email'); 268 return false; 269 } 270 271 // Check signed up emails 272 // Ignore the ACP because the Merge System sometimes produces users with duplicate email addresses (Not A Bug) 273 if($mybb->settings['allowmultipleemails'] == 0 && !defined("IN_ADMINCP")) 274 { 275 $uid = 0; 276 if(isset($user['uid'])) 277 { 278 $uid = $user['uid']; 279 } 280 if(email_already_in_use($user['email'], $uid)) 281 { 282 $this->set_error('email_already_in_use'); 283 return false; 284 } 285 } 286 287 // If we have an "email2", verify it matches the existing email 288 if(isset($user['email2']) && $user['email'] != $user['email2']) 289 { 290 $this->set_error("emails_dont_match"); 291 return false; 292 } 293 294 return true; 295 } 296 297 /** 298 * Verifies if a website is valid or not. 299 * 300 * @return boolean True when valid, false when invalid. 301 */ 302 function verify_website() 303 { 304 $website = &$this->data['website']; 305 306 if(!empty($website) && !my_validate_url($website)) 307 { 308 $website = 'http://'.$website; 309 } 310 311 if(!empty($website) && !my_validate_url($website)) 312 { 313 $this->set_error('invalid_website'); 314 return false; 315 } 316 317 return true; 318 } 319 320 /** 321 * Verifies if a birthday is valid or not. 322 * 323 * @return boolean True when valid, false when invalid. 324 */ 325 function verify_birthday() 326 { 327 global $mybb; 328 329 $user = &$this->data; 330 $birthday = &$user['birthday']; 331 332 if(!is_array($birthday)) 333 { 334 return true; 335 } 336 337 // Sanitize any input we have 338 $birthday['day'] = (int)$birthday['day']; 339 $birthday['month'] = (int)$birthday['month']; 340 $birthday['year'] = (int)$birthday['year']; 341 342 // Error if a day and month exists, and the birthday day and range is not in range 343 if($birthday['day'] != 0 || $birthday['month'] != 0) 344 { 345 if($birthday['day'] < 1 || $birthday['day'] > 31 || $birthday['month'] < 1 || $birthday['month'] > 12 || ($birthday['month'] == 2 && $birthday['day'] > 29)) 346 { 347 $this->set_error("invalid_birthday"); 348 return false; 349 } 350 } 351 352 // Check if the day actually exists. 353 $months = get_bdays($birthday['year']); 354 if($birthday['month'] != 0 && $birthday['day'] > $months[$birthday['month']-1]) 355 { 356 $this->set_error("invalid_birthday"); 357 return false; 358 } 359 360 // Error if a year exists and the year is out of range 361 if($birthday['year'] != 0 && ($birthday['year'] < (date("Y")-100)) || $birthday['year'] > date("Y")) 362 { 363 $this->set_error("invalid_birthday"); 364 return false; 365 } 366 elseif($birthday['year'] == date("Y")) 367 { 368 // Error if birth date is in future 369 if($birthday['month'] > date("m") || ($birthday['month'] == date("m") && $birthday['day'] > date("d"))) 370 { 371 $this->set_error("invalid_birthday"); 372 return false; 373 } 374 } 375 376 // Error if COPPA is on, and the user hasn't verified their age / under 13 377 if($mybb->settings['coppa'] == "enabled" && ($birthday['year'] == 0 || !$birthday['year'])) 378 { 379 $this->set_error("invalid_birthday_coppa"); 380 return false; 381 } 382 elseif(($mybb->settings['coppa'] == "deny" && $birthday['year'] > (date("Y")-13)) && !is_moderator()) 383 { 384 $this->set_error("invalid_birthday_coppa2"); 385 return false; 386 } 387 388 // Make the user's birthday field 389 if($birthday['year'] != 0) 390 { 391 // If the year is specified, put together a d-m-y string 392 $user['bday'] = $birthday['day']."-".$birthday['month']."-".$birthday['year']; 393 } 394 elseif($birthday['day'] && $birthday['month']) 395 { 396 // If only a day and month are specified, put together a d-m string 397 $user['bday'] = $birthday['day']."-".$birthday['month']."-"; 398 } 399 else 400 { 401 // No field is specified, so return an empty string for an unknown birthday 402 $user['bday'] = ''; 403 } 404 return true; 405 } 406 407 /** 408 * Verifies if the birthday privacy option is valid or not. 409 * 410 * @return boolean True when valid, false when invalid. 411 */ 412 function verify_birthday_privacy() 413 { 414 $birthdayprivacy = &$this->data['birthdayprivacy']; 415 $accepted = array( 416 'none', 417 'age', 418 'all'); 419 420 if(!in_array($birthdayprivacy, $accepted)) 421 { 422 $this->set_error("invalid_birthday_privacy"); 423 return false; 424 } 425 else if ($birthdayprivacy == 'age') 426 { 427 $birthdayyear = &$this->data['birthday']['year']; 428 if(empty($birthdayyear)) 429 { 430 $this->set_error("conflicted_birthday_privacy"); 431 return false; 432 } 433 } 434 return true; 435 } 436 437 /** 438 * Verifies if the post count field is filled in correctly. 439 * 440 * @return boolean True when valid, false when invalid. 441 */ 442 function verify_postnum() 443 { 444 $user = &$this->data; 445 446 if(isset($user['postnum']) && $user['postnum'] < 0) 447 { 448 $this->set_error("invalid_postnum"); 449 return false; 450 } 451 452 return true; 453 } 454 455 /** 456 * Verifies if the thread count field is filled in correctly. 457 * 458 * @return boolean True when valid, false when invalid. 459 */ 460 function verify_threadnum() 461 { 462 $user = &$this->data; 463 464 if(isset($user['threadnum']) && $user['threadnum'] < 0) 465 { 466 $this->set_error("invalid_threadnum"); 467 return false; 468 } 469 470 return true; 471 } 472 473 /** 474 * Verifies if a profile fields are filled in correctly. 475 * 476 * @return boolean True when valid, false when invalid. 477 */ 478 function verify_profile_fields() 479 { 480 global $db, $cache; 481 482 $user = &$this->data; 483 $profile_fields = &$this->data['profile_fields']; 484 485 // Loop through profile fields checking if they exist or not and are filled in. 486 487 // Fetch all profile fields first. 488 $pfcache = $cache->read('profilefields'); 489 490 if(is_array($pfcache)) 491 { 492 // Then loop through the profile fields. 493 foreach($pfcache as $profilefield) 494 { 495 if(isset($this->data['profile_fields_editable']) || isset($this->data['registration']) && ($profilefield['required'] == 1 || $profilefield['registration'] == 1)) 496 { 497 $profilefield['editableby'] = -1; 498 } 499 500 if(isset($user['usergroup'])) 501 { 502 $usergroup = $user['usergroup']; 503 } 504 else 505 { 506 $usergroup = ''; 507 } 508 if(isset($user['additionalgroups'])) 509 { 510 $additionalgroups = $user['additionalgroups']; 511 } 512 else 513 { 514 $additionalgroups = ''; 515 } 516 517 if(!is_member($profilefield['editableby'], array('usergroup' => $usergroup, 'additionalgroups' => $additionalgroups))) 518 { 519 continue; 520 } 521 522 // Does this field have a minimum post count? 523 if(!isset($this->data['profile_fields_editable']) && !empty($profilefield['postnum']) && $profilefield['postnum'] > $user['postnum']) 524 { 525 continue; 526 } 527 528 $profilefield['type'] = htmlspecialchars_uni($profilefield['type']); 529 $profilefield['name'] = htmlspecialchars_uni($profilefield['name']); 530 $thing = explode("\n", $profilefield['type'], "2"); 531 $type = trim($thing[0]); 532 $field = "fid{$profilefield['fid']}"; 533 534 if(!isset($profile_fields[$field])) 535 { 536 $profile_fields[$field] = ''; 537 } 538 539 // If the profile field is required, but not filled in, present error. 540 if($type != "multiselect" && $type != "checkbox") 541 { 542 if(trim($profile_fields[$field]) == "" && $profilefield['required'] == 1 && !defined('IN_ADMINCP') && THIS_SCRIPT != "modcp.php") 543 { 544 $this->set_error('missing_required_profile_field', array($profilefield['name'])); 545 } 546 } 547 elseif(($type == "multiselect" || $type == "checkbox") && $profile_fields[$field] == "" && $profilefield['required'] == 1 && !defined('IN_ADMINCP') && THIS_SCRIPT != "modcp.php") 548 { 549 $this->set_error('missing_required_profile_field', array($profilefield['name'])); 550 } 551 552 // Sort out multiselect/checkbox profile fields. 553 $options = ''; 554 if(($type == "multiselect" || $type == "checkbox") && is_array($profile_fields[$field])) 555 { 556 $expoptions = explode("\n", $thing[1]); 557 $expoptions = array_map('trim', $expoptions); 558 foreach($profile_fields[$field] as $value) 559 { 560 if(!in_array(htmlspecialchars_uni($value), $expoptions)) 561 { 562 $this->set_error('bad_profile_field_values', array($profilefield['name'])); 563 } 564 if($options) 565 { 566 $options .= "\n"; 567 } 568 $options .= $db->escape_string($value); 569 } 570 } 571 elseif($type == "select" || $type == "radio") 572 { 573 $expoptions = explode("\n", $thing[1]); 574 $expoptions = array_map('trim', $expoptions); 575 if(!in_array(htmlspecialchars_uni($profile_fields[$field]), $expoptions) && trim($profile_fields[$field]) != "") 576 { 577 $this->set_error('bad_profile_field_values', array($profilefield['name'])); 578 } 579 $options = $db->escape_string($profile_fields[$field]); 580 } 581 else 582 { 583 if($profilefield['maxlength'] > 0 && my_strlen($profile_fields[$field]) > $profilefield['maxlength']) 584 { 585 $this->set_error('max_limit_reached', array($profilefield['name'], $profilefield['maxlength'])); 586 } 587 588 if(!empty($profilefield['regex']) && !empty($profile_fields[$field]) && !preg_match("#".$profilefield['regex']."#i", $profile_fields[$field])) 589 { 590 $this->set_error('bad_profile_field_value', array($profilefield['name'])); 591 } 592 593 $options = $db->escape_string($profile_fields[$field]); 594 } 595 $user['user_fields'][$field] = $options; 596 } 597 } 598 599 return true; 600 } 601 602 /** 603 * Verifies if an optionally entered referrer exists or not. 604 * 605 * @return boolean True when valid, false when invalid. 606 */ 607 function verify_referrer() 608 { 609 global $db, $mybb; 610 611 $user = &$this->data; 612 613 // Does the referrer exist or not? 614 if($mybb->settings['usereferrals'] == 1 && !empty($user['referrer'])) 615 { 616 $referrer = get_user_by_username($user['referrer']); 617 618 if(!$referrer) 619 { 620 $this->set_error('invalid_referrer', array($user['referrer'])); 621 return false; 622 } 623 624 $user['referrer_uid'] = $referrer['uid']; 625 } 626 else 627 { 628 $user['referrer_uid'] = 0; 629 } 630 631 return true; 632 } 633 634 /** 635 * Verifies user options. 636 * 637 * @return boolean True when valid, false when invalid. 638 */ 639 function verify_options() 640 { 641 global $mybb; 642 643 $options = &$this->data['options']; 644 645 if(!is_array($options)) 646 { 647 $options = array(); 648 } 649 650 // Verify yes/no options. 651 $this->verify_yesno_option($options, 'allownotices', 1); 652 $this->verify_yesno_option($options, 'hideemail', 0); 653 $this->verify_yesno_option($options, 'receivepms', 1); 654 $this->verify_yesno_option($options, 'receivefrombuddy', 0); 655 $this->verify_yesno_option($options, 'pmnotice', 1); 656 $this->verify_yesno_option($options, 'pmnotify', 1); 657 $this->verify_yesno_option($options, 'invisible', 0); 658 $this->verify_yesno_option($options, 'showimages', 1); 659 $this->verify_yesno_option($options, 'showvideos', 1); 660 $this->verify_yesno_option($options, 'showsigs', 1); 661 $this->verify_yesno_option($options, 'showavatars', 1); 662 $this->verify_yesno_option($options, 'showquickreply', 1); 663 $this->verify_yesno_option($options, 'showredirect', 1); 664 $this->verify_yesno_option($options, 'showcodebuttons', 1); 665 $this->verify_yesno_option($options, 'sourceeditor', 0); 666 $this->verify_yesno_option($options, 'buddyrequestspm', 1); 667 $this->verify_yesno_option($options, 'buddyrequestsauto', 0); 668 669 if($mybb->settings['postlayout'] == 'classic') 670 { 671 $this->verify_yesno_option($options, 'classicpostbit', 1); 672 } 673 else 674 { 675 $this->verify_yesno_option($options, 'classicpostbit', 0); 676 } 677 678 if(array_key_exists('subscriptionmethod', $options)) 679 { 680 // Value out of range 681 $options['subscriptionmethod'] = (int)$options['subscriptionmethod']; 682 if($options['subscriptionmethod'] < 0 || $options['subscriptionmethod'] > 3) 683 { 684 $options['subscriptionmethod'] = 0; 685 } 686 } 687 688 if(array_key_exists('dstcorrection', $options)) 689 { 690 // Value out of range 691 $options['dstcorrection'] = (int)$options['dstcorrection']; 692 if($options['dstcorrection'] < 0 || $options['dstcorrection'] > 2) 693 { 694 $options['dstcorrection'] = 0; 695 } 696 697 if($options['dstcorrection'] == 1) 698 { 699 $options['dst'] = 1; 700 } 701 elseif($options['dstcorrection'] == 0) 702 { 703 $options['dst'] = 0; 704 } 705 } 706 707 if($this->method == "insert" || (isset($options['threadmode']) && $options['threadmode'] != "linear" && $options['threadmode'] != "threaded" && $options['threadmode'] != '')) 708 { 709 $options['threadmode'] = ''; 710 } 711 712 // Verify the "threads per page" option. 713 if($this->method == "insert" || (array_key_exists('tpp', $options) && $mybb->settings['usertppoptions'])) 714 { 715 if(!isset($options['tpp'])) 716 { 717 $options['tpp'] = 0; 718 } 719 $explodedtpp = explode(",", $mybb->settings['usertppoptions']); 720 if(is_array($explodedtpp)) 721 { 722 @asort($explodedtpp); 723 $biggest = $explodedtpp[count($explodedtpp)-1]; 724 // Is the selected option greater than the allowed options? 725 if($options['tpp'] > $biggest) 726 { 727 $options['tpp'] = $biggest; 728 } 729 } 730 $options['tpp'] = (int)$options['tpp']; 731 } 732 // Verify the "posts per page" option. 733 if($this->method == "insert" || (array_key_exists('ppp', $options) && $mybb->settings['userpppoptions'])) 734 { 735 if(!isset($options['ppp'])) 736 { 737 $options['ppp'] = 0; 738 } 739 $explodedppp = explode(",", $mybb->settings['userpppoptions']); 740 if(is_array($explodedppp)) 741 { 742 @asort($explodedppp); 743 $biggest = $explodedppp[count($explodedppp)-1]; 744 // Is the selected option greater than the allowed options? 745 if($options['ppp'] > $biggest) 746 { 747 $options['ppp'] = $biggest; 748 } 749 } 750 $options['ppp'] = (int)$options['ppp']; 751 } 752 // Is our selected "days prune" option valid or not? 753 if($this->method == "insert" || array_key_exists('daysprune', $options)) 754 { 755 if(!isset($options['daysprune'])) 756 { 757 $options['daysprune'] = 0; 758 } 759 $options['daysprune'] = (int)$options['daysprune']; 760 if($options['daysprune'] < 0) 761 { 762 $options['daysprune'] = 0; 763 } 764 } 765 $this->data['options'] = $options; 766 } 767 768 /** 769 * Verifies if a registration date is valid or not. 770 * 771 * @return boolean True when valid, false when invalid. 772 */ 773 function verify_regdate() 774 { 775 $regdate = &$this->data['regdate']; 776 777 $regdate = (int)$regdate; 778 // If the timestamp is below 0, set it to the current time. 779 if($regdate <= 0) 780 { 781 $regdate = TIME_NOW; 782 } 783 return true; 784 } 785 786 /** 787 * Verifies if a last visit date is valid or not. 788 * 789 * @return boolean True when valid, false when invalid. 790 */ 791 function verify_lastvisit() 792 { 793 $lastvisit = &$this->data['lastvisit']; 794 795 $lastvisit = (int)$lastvisit; 796 // If the timestamp is below 0, set it to the current time. 797 if($lastvisit <= 0) 798 { 799 $lastvisit = TIME_NOW; 800 } 801 return true; 802 803 } 804 805 /** 806 * Verifies if a last active date is valid or not. 807 * 808 * @return boolean True when valid, false when invalid. 809 */ 810 function verify_lastactive() 811 { 812 $lastactive = &$this->data['lastactive']; 813 814 $lastactive = (int)$lastactive; 815 // If the timestamp is below 0, set it to the current time. 816 if($lastactive <= 0) 817 { 818 $lastactive = TIME_NOW; 819 } 820 return true; 821 822 } 823 824 /** 825 * Verifies if an away mode status is valid or not. 826 * 827 * @return boolean True when valid, false when invalid. 828 */ 829 function verify_away() 830 { 831 global $mybb; 832 833 $user = &$this->data; 834 // If the board does not allow "away mode" or the user is marking as not away, set defaults. 835 if($mybb->settings['allowaway'] == 0 || !isset($user['away']['away']) || $user['away']['away'] != 1) 836 { 837 $user['away']['away'] = 0; 838 $user['away']['date'] = 0; 839 $user['away']['returndate'] = 0; 840 $user['away']['awayreason'] = ''; 841 return true; 842 } 843 elseif($user['away']['returndate']) 844 { 845 // Validate the awayreason length, since the db holds 200 chars for this field 846 $reasonlength = my_strlen($user['away']['awayreason']); 847 if($reasonlength > 200) 848 { 849 $this->set_error("away_too_long", array($reasonlength - 200)); 850 return false; 851 } 852 853 list($returnday, $returnmonth, $returnyear) = explode('-', $user['away']['returndate']); 854 if(!$returnday || !$returnmonth || !$returnyear) 855 { 856 $this->set_error("missing_returndate"); 857 return false; 858 } 859 860 // Validate the return date lengths 861 $user['away']['returndate'] = substr($returnday, 0, 2).'-'.substr($returnmonth, 0, 2).'-'.substr($returnyear, 0, 4); 862 } 863 return true; 864 } 865 866 /** 867 * Verifies if a language is valid for this user or not. 868 * 869 * @return boolean True when valid, false when invalid. 870 */ 871 function verify_language() 872 { 873 global $lang; 874 875 $language = &$this->data['language']; 876 877 // An invalid language has been specified? 878 if($language != '' && !$lang->language_exists($language)) 879 { 880 $this->set_error("invalid_language"); 881 return false; 882 } 883 return true; 884 } 885 886 /** 887 * Verifies if a style is valid for this user or not. 888 * 889 * @return boolean True when valid, false when invalid. 890 */ 891 function verify_style() 892 { 893 global $lang; 894 895 $user = &$this->data; 896 897 if(!empty($user['style'])) 898 { 899 $theme = get_theme($user['style']); 900 901 if(empty($theme) || !is_member($theme['allowedgroups'], $user) && $theme['allowedgroups'] != 'all') 902 { 903 $this->set_error('invalid_style'); 904 return false; 905 } 906 } 907 908 return true; 909 } 910 911 /** 912 * Verifies if this is coming from a spam bot or not 913 * 914 * @return boolean True when valid, false when invalid. 915 */ 916 function verify_checkfields() 917 { 918 $user = &$this->data; 919 920 // An invalid language has been specified? 921 if($user['regcheck1'] !== "" || $user['regcheck2'] !== "true") 922 { 923 $this->set_error("invalid_checkfield"); 924 return false; 925 } 926 return true; 927 } 928 929 /** 930 * Verifies if the user timezone is valid. 931 * If the timezone is invalid, the board default is used. 932 * 933 * @return boolean True when timezone was valid, false otherwise 934 */ 935 function verify_timezone() 936 { 937 global $mybb; 938 939 $user = &$this->data; 940 941 $timezones = get_supported_timezones(); 942 943 if(!isset($user['timezone']) || !array_key_exists($user['timezone'], $timezones)) 944 { 945 $user['timezone'] = $mybb->settings['timezoneoffset']; 946 return false; 947 } 948 949 return true; 950 } 951 952 /** 953 * Validate all user assets. 954 * 955 * @return boolean True when valid, false when invalid. 956 */ 957 function validate_user() 958 { 959 global $mybb, $plugins; 960 961 $user = &$this->data; 962 963 // First, grab the old user details if this user exists 964 if(!empty($user['uid'])) 965 { 966 $old_user = get_user($user['uid']); 967 } 968 969 if($this->method == "insert" || array_key_exists('username', $user)) 970 { 971 // If the username is the same - no need to verify 972 if(!isset($old_user['username']) || $user['username'] != $old_user['username']) 973 { 974 $this->verify_username(); 975 $this->verify_username_exists(); 976 } 977 else 978 { 979 unset($user['username']); 980 } 981 } 982 if($this->method == "insert" || array_key_exists('usertitle', $user)) 983 { 984 $this->verify_usertitle(); 985 } 986 if($this->method == "insert" || array_key_exists('password', $user)) 987 { 988 $this->verify_password(); 989 } 990 if($this->method == "insert" || array_key_exists('usergroup', $user)) 991 { 992 $this->verify_usergroup(); 993 } 994 if($this->method == "insert" || array_key_exists('email', $user)) 995 { 996 $this->verify_email(); 997 } 998 if($this->method == "insert" || array_key_exists('website', $user)) 999 { 1000 $this->verify_website(); 1001 } 1002 if($this->method == "insert" || (isset($user['birthday']) && is_array($user['birthday']))) 1003 { 1004 $this->verify_birthday(); 1005 } 1006 if($this->method == "insert" || array_key_exists('postnum', $user)) 1007 { 1008 $this->verify_postnum(); 1009 } 1010 if($this->method == "insert" || array_key_exists('threadnum', $user)) 1011 { 1012 $this->verify_threadnum(); 1013 } 1014 if($this->method == "insert" || array_key_exists('profile_fields', $user)) 1015 { 1016 $this->verify_profile_fields(); 1017 } 1018 if($this->method == "insert" || array_key_exists('referrer', $user)) 1019 { 1020 $this->verify_referrer(); 1021 } 1022 if($this->method == "insert" || array_key_exists('options', $user)) 1023 { 1024 $this->verify_options(); 1025 } 1026 if($this->method == "insert" || array_key_exists('regdate', $user)) 1027 { 1028 $this->verify_regdate(); 1029 } 1030 if($this->method == "insert" || array_key_exists('lastvisit', $user)) 1031 { 1032 $this->verify_lastvisit(); 1033 } 1034 if($this->method == "insert" || array_key_exists('lastactive', $user)) 1035 { 1036 $this->verify_lastactive(); 1037 } 1038 if($this->method == "insert" || array_key_exists('away', $user)) 1039 { 1040 $this->verify_away(); 1041 } 1042 if($this->method == "insert" || array_key_exists('language', $user)) 1043 { 1044 $this->verify_language(); 1045 } 1046 if($this->method == "insert" || array_key_exists('timezone', $user)) 1047 { 1048 $this->verify_timezone(); 1049 } 1050 if($this->method == "insert" && array_key_exists('regcheck1', $user) && array_key_exists('regcheck2', $user)) 1051 { 1052 $this->verify_checkfields(); 1053 } 1054 if(array_key_exists('birthdayprivacy', $user)) 1055 { 1056 $this->verify_birthday_privacy(); 1057 } 1058 if($this->method == "insert" || array_key_exists('style', $user)) 1059 { 1060 $this->verify_style(); 1061 } 1062 if($this->method == "insert" || array_key_exists('signature', $user)) 1063 { 1064 $this->verify_signature(); 1065 } 1066 1067 $plugins->run_hooks("datahandler_user_validate", $this); 1068 1069 // We are done validating, return. 1070 $this->set_validated(true); 1071 if(count($this->get_errors()) > 0) 1072 { 1073 return false; 1074 } 1075 else 1076 { 1077 return true; 1078 } 1079 } 1080 1081 /** 1082 * Inserts a user into the database. 1083 * 1084 * @return array 1085 */ 1086 function insert_user() 1087 { 1088 global $db, $cache, $plugins; 1089 1090 // Yes, validating is required. 1091 if(!$this->get_validated()) 1092 { 1093 die("The user needs to be validated before inserting it into the DB."); 1094 } 1095 if(count($this->get_errors()) > 0) 1096 { 1097 die("The user is not valid."); 1098 } 1099 1100 $user = &$this->data; 1101 1102 $array = array('postnum', 'threadnum', 'avatar', 'avatartype', 'additionalgroups', 'displaygroup', 'skype', 'google', 'bday', 'signature', 'style', 'dateformat', 'timeformat', 'notepad', 'regip', 'lastip', 'coppa_user'); 1103 foreach($array as $value) 1104 { 1105 if(!isset($user[$value])) 1106 { 1107 $user[$value] = ''; 1108 } 1109 } 1110 1111 $array = array('subscriptionmethod', 'dstcorrection'); 1112 foreach($array as $value) 1113 { 1114 if(!isset($user['options'][$value])) 1115 { 1116 $user['options'][$value] = ''; 1117 } 1118 } 1119 1120 // If user is being created from ACP, there is no last visit or last active 1121 if(defined('IN_ADMINCP')) 1122 { 1123 $user['lastvisit'] = $user['lastactive'] = 0; 1124 } 1125 1126 $this->user_insert_data = array( 1127 "username" => $db->escape_string($user['username']), 1128 "password" => $user['password'], 1129 "salt" => $user['salt'], 1130 "loginkey" => $user['loginkey'], 1131 "email" => $db->escape_string($user['email']), 1132 "postnum" => (int)$user['postnum'], 1133 "threadnum" => (int)$user['threadnum'], 1134 "avatar" => $db->escape_string($user['avatar']), 1135 "avatartype" => $db->escape_string($user['avatartype']), 1136 "usergroup" => (int)$user['usergroup'], 1137 "additionalgroups" => $db->escape_string($user['additionalgroups']), 1138 "displaygroup" => (int)$user['displaygroup'], 1139 "usertitle" => $db->escape_string(htmlspecialchars_uni($user['usertitle'])), 1140 "regdate" => (int)$user['regdate'], 1141 "lastactive" => (int)$user['lastactive'], 1142 "lastvisit" => (int)$user['lastvisit'], 1143 "website" => $db->escape_string($user['website']), 1144 "skype" => $db->escape_string($user['skype']), 1145 "google" => $db->escape_string($user['google']), 1146 "birthday" => $user['bday'], 1147 "signature" => $db->escape_string($user['signature']), 1148 "allownotices" => (int)$user['options']['allownotices'], 1149 "hideemail" => (int)$user['options']['hideemail'], 1150 "subscriptionmethod" => (int)$user['options']['subscriptionmethod'], 1151 "receivepms" => (int)$user['options']['receivepms'], 1152 "receivefrombuddy" => (int)$user['options']['receivefrombuddy'], 1153 "pmnotice" => (int)$user['options']['pmnotice'], 1154 "pmnotify" => (int)$user['options']['pmnotify'], 1155 "showimages" => (int)$user['options']['showimages'], 1156 "showvideos" => (int)$user['options']['showvideos'], 1157 "showsigs" => (int)$user['options']['showsigs'], 1158 "showavatars" => (int)$user['options']['showavatars'], 1159 "showquickreply" => (int)$user['options']['showquickreply'], 1160 "showredirect" => (int)$user['options']['showredirect'], 1161 "tpp" => (int)$user['options']['tpp'], 1162 "ppp" => (int)$user['options']['ppp'], 1163 "invisible" => (int)$user['options']['invisible'], 1164 "style" => (int)$user['style'], 1165 "timezone" => $db->escape_string($user['timezone']), 1166 "dstcorrection" => (int)$user['options']['dstcorrection'], 1167 "threadmode" => $user['options']['threadmode'], 1168 "daysprune" => (int)$user['options']['daysprune'], 1169 "dateformat" => $db->escape_string($user['dateformat']), 1170 "timeformat" => $db->escape_string($user['timeformat']), 1171 "regip" => $db->escape_binary($user['regip']), 1172 "lastip" => $db->escape_binary($user['lastip']), 1173 "language" => $db->escape_string($user['language']), 1174 "showcodebuttons" => (int)$user['options']['showcodebuttons'], 1175 "sourceeditor" => (int)$user['options']['sourceeditor'], 1176 "buddyrequestspm" => (int)$user['options']['buddyrequestspm'], 1177 "buddyrequestsauto" => (int)$user['options']['buddyrequestsauto'], 1178 "away" => (int)$user['away']['away'], 1179 "awaydate" => (int)$user['away']['date'], 1180 "returndate" => $user['away']['returndate'], 1181 "awayreason" => $db->escape_string($user['away']['awayreason']), 1182 "referrer" => (int)$user['referrer_uid'], 1183 "referrals" => 0, 1184 "buddylist" => '', 1185 "ignorelist" => '', 1186 "pmfolders" => "0**$%%$1**$%%$2**$%%$3**$%%$4**", 1187 "notepad" => '', 1188 "warningpoints" => 0, 1189 "moderateposts" => 0, 1190 "moderationtime" => 0, 1191 "suspendposting" => 0, 1192 "suspensiontime" => 0, 1193 "coppauser" => (int)$user['coppa_user'], 1194 "classicpostbit" => (int)$user['options']['classicpostbit'], 1195 "usernotes" => '' 1196 ); 1197 1198 if($user['options']['dstcorrection'] == 1) 1199 { 1200 $this->user_insert_data['dst'] = 1; 1201 } 1202 elseif($user['options']['dstcorrection'] == 0) 1203 { 1204 $this->user_insert_data['dst'] = 0; 1205 } 1206 1207 $plugins->run_hooks("datahandler_user_insert", $this); 1208 1209 $this->uid = $db->insert_query("users", $this->user_insert_data); 1210 1211 $user['user_fields']['ufid'] = $this->uid; 1212 1213 $pfcache = $cache->read('profilefields'); 1214 1215 if(is_array($pfcache)) 1216 { 1217 foreach($pfcache as $profile_field) 1218 { 1219 if(array_key_exists("fid{$profile_field['fid']}", $user['user_fields'])) 1220 { 1221 continue; 1222 } 1223 $user['user_fields']["fid{$profile_field['fid']}"] = ''; 1224 } 1225 } 1226 1227 $db->insert_query("userfields", $user['user_fields'], false); 1228 1229 if($this->user_insert_data['referrer'] != 0) 1230 { 1231 $db->write_query(" 1232 UPDATE ".TABLE_PREFIX."users 1233 SET referrals=referrals+1 1234 WHERE uid='{$this->user_insert_data['referrer']}' 1235 "); 1236 } 1237 1238 // Update forum stats 1239 update_stats(array('numusers' => '+1')); 1240 1241 if((int)$user['usergroup'] == 5) 1242 { 1243 $cache->update_awaitingactivation(); 1244 } 1245 1246 $this->return_values = array( 1247 "uid" => $this->uid, 1248 "username" => $user['username'], 1249 "loginkey" => $user['loginkey'], 1250 "email" => $user['email'], 1251 "password" => $user['password'], 1252 "usergroup" => $user['usergroup'] 1253 ); 1254 1255 $plugins->run_hooks("datahandler_user_insert_end", $this); 1256 1257 return $this->return_values; 1258 } 1259 1260 /** 1261 * Updates a user in the database. 1262 * 1263 * @return bool 1264 */ 1265 function update_user() 1266 { 1267 global $db, $plugins, $cache; 1268 1269 // Yes, validating is required. 1270 if(!$this->get_validated()) 1271 { 1272 die("The user needs to be validated before inserting it into the DB."); 1273 } 1274 if(count($this->get_errors()) > 0) 1275 { 1276 die("The user is not valid."); 1277 } 1278 1279 $user = &$this->data; 1280 $user['uid'] = (int)$user['uid']; 1281 $this->uid = $user['uid']; 1282 1283 // Set up the update data. 1284 if(isset($user['username'])) 1285 { 1286 $this->user_update_data['username'] = $db->escape_string($user['username']); 1287 } 1288 if(isset($user['password'])) 1289 { 1290 $this->user_update_data['password'] = $user['password']; 1291 } 1292 if(isset($user['salt'])) 1293 { 1294 $this->user_update_data['salt'] = $user['salt']; 1295 } 1296 if(isset($user['loginkey'])) 1297 { 1298 $this->user_update_data['loginkey'] = $user['loginkey']; 1299 } 1300 if(isset($user['email'])) 1301 { 1302 $this->user_update_data['email'] = $db->escape_string($user['email']); 1303 } 1304 if(isset($user['postnum'])) 1305 { 1306 $this->user_update_data['postnum'] = (int)$user['postnum']; 1307 } 1308 if(isset($user['threadnum'])) 1309 { 1310 $this->user_update_data['threadnum'] = (int)$user['threadnum']; 1311 } 1312 if(isset($user['avatar'])) 1313 { 1314 $this->user_update_data['avatar'] = $db->escape_string($user['avatar']); 1315 $this->user_update_data['avatartype'] = $db->escape_string($user['avatartype']); 1316 } 1317 if(isset($user['usergroup'])) 1318 { 1319 $this->user_update_data['usergroup'] = (int)$user['usergroup']; 1320 } 1321 if(isset($user['additionalgroups'])) 1322 { 1323 $this->user_update_data['additionalgroups'] = $db->escape_string($user['additionalgroups']); 1324 } 1325 if(isset($user['displaygroup'])) 1326 { 1327 $this->user_update_data['displaygroup'] = (int)$user['displaygroup']; 1328 } 1329 if(isset($user['usertitle'])) 1330 { 1331 $this->user_update_data['usertitle'] = $db->escape_string($user['usertitle']); 1332 } 1333 if(isset($user['regdate'])) 1334 { 1335 $this->user_update_data['regdate'] = (int)$user['regdate']; 1336 } 1337 if(isset($user['lastactive'])) 1338 { 1339 $this->user_update_data['lastactive'] = (int)$user['lastactive']; 1340 } 1341 if(isset($user['lastvisit'])) 1342 { 1343 $this->user_update_data['lastvisit'] = (int)$user['lastvisit']; 1344 } 1345 if(isset($user['signature'])) 1346 { 1347 $this->user_update_data['signature'] = $db->escape_string($user['signature']); 1348 } 1349 if(isset($user['website'])) 1350 { 1351 $this->user_update_data['website'] = $db->escape_string($user['website']); 1352 } 1353 if(isset($user['skype'])) 1354 { 1355 $this->user_update_data['skype'] = $db->escape_string($user['skype']); 1356 } 1357 if(isset($user['google'])) 1358 { 1359 $this->user_update_data['google'] = $db->escape_string($user['google']); 1360 } 1361 if(isset($user['bday'])) 1362 { 1363 $this->user_update_data['birthday'] = $user['bday']; 1364 } 1365 if(isset($user['birthdayprivacy'])) 1366 { 1367 $this->user_update_data['birthdayprivacy'] = $db->escape_string($user['birthdayprivacy']); 1368 } 1369 if(isset($user['style'])) 1370 { 1371 $this->user_update_data['style'] = (int)$user['style']; 1372 } 1373 if(isset($user['timezone'])) 1374 { 1375 $this->user_update_data['timezone'] = $db->escape_string($user['timezone']); 1376 } 1377 if(isset($user['dateformat'])) 1378 { 1379 $this->user_update_data['dateformat'] = $db->escape_string($user['dateformat']); 1380 } 1381 if(isset($user['timeformat'])) 1382 { 1383 $this->user_update_data['timeformat'] = $db->escape_string($user['timeformat']); 1384 } 1385 if(isset($user['regip'])) 1386 { 1387 $this->user_update_data['regip'] = $db->escape_binary($user['regip']); 1388 } 1389 if(isset($user['lastip'])) 1390 { 1391 $this->user_update_data['lastip'] = $db->escape_binary($user['lastip']); 1392 } 1393 if(isset($user['language'])) 1394 { 1395 $this->user_update_data['language'] = $db->escape_string($user['language']); 1396 } 1397 if(isset($user['away'])) 1398 { 1399 $this->user_update_data['away'] = (int)$user['away']['away']; 1400 $this->user_update_data['awaydate'] = $db->escape_string($user['away']['date']); 1401 $this->user_update_data['returndate'] = $db->escape_string($user['away']['returndate']); 1402 $this->user_update_data['awayreason'] = $db->escape_string($user['away']['awayreason']); 1403 } 1404 if(isset($user['notepad'])) 1405 { 1406 $this->user_update_data['notepad'] = $db->escape_string($user['notepad']); 1407 } 1408 if(isset($user['usernotes'])) 1409 { 1410 $this->user_update_data['usernotes'] = $db->escape_string($user['usernotes']); 1411 } 1412 if(isset($user['options']) && is_array($user['options'])) 1413 { 1414 foreach($user['options'] as $option => $value) 1415 { 1416 $this->user_update_data[$option] = $value; 1417 } 1418 } 1419 if(array_key_exists('coppa_user', $user)) 1420 { 1421 $this->user_update_data['coppauser'] = (int)$user['coppa_user']; 1422 } 1423 // First, grab the old user details for later use. 1424 $old_user = get_user($user['uid']); 1425 1426 // If old user has new pmnotice and new user has = yes, keep old value 1427 if(isset($this->user_update_data['pmnotice']) && $old_user['pmnotice'] == "2" && $this->user_update_data['pmnotice'] == 1) 1428 { 1429 unset($this->user_update_data['pmnotice']); 1430 } 1431 1432 $plugins->run_hooks("datahandler_user_update", $this); 1433 1434 if(count($this->user_update_data) < 1 && empty($user['user_fields'])) 1435 { 1436 return false; 1437 } 1438 1439 if(count($this->user_update_data) > 0) 1440 { 1441 // Actual updating happens here. 1442 $db->update_query("users", $this->user_update_data, "uid='{$user['uid']}'"); 1443 } 1444 1445 $cache->update_moderators(); 1446 if(isset($user['bday']) || isset($user['username'])) 1447 { 1448 $cache->update_birthdays(); 1449 } 1450 1451 if(isset($user['usergroup']) && (int)$user['usergroup'] == 5) 1452 { 1453 $cache->update_awaitingactivation(); 1454 } 1455 1456 // Maybe some userfields need to be updated? 1457 if(isset($user['user_fields']) && is_array($user['user_fields'])) 1458 { 1459 $query = $db->simple_select("userfields", "*", "ufid='{$user['uid']}'"); 1460 $fields = $db->fetch_array($query); 1461 if(empty($fields['ufid'])) 1462 { 1463 $user_fields = array( 1464 'ufid' => $user['uid'] 1465 ); 1466 1467 $fields_array = $db->show_fields_from("userfields"); 1468 foreach($fields_array as $field) 1469 { 1470 if($field['Field'] == 'ufid') 1471 { 1472 continue; 1473 } 1474 $user_fields[$field['Field']] = ''; 1475 } 1476 $db->insert_query("userfields", $user_fields); 1477 } 1478 $db->update_query("userfields", $user['user_fields'], "ufid='{$user['uid']}'", false); 1479 } 1480 1481 // Let's make sure the user's name gets changed everywhere in the db if it changed. 1482 if(!empty($this->user_update_data['username']) && $this->user_update_data['username'] != $old_user['username']) 1483 { 1484 $username_update = array( 1485 "username" => $this->user_update_data['username'] 1486 ); 1487 $lastposter_update = array( 1488 "lastposter" => $this->user_update_data['username'] 1489 ); 1490 1491 $db->update_query("posts", $username_update, "uid='{$user['uid']}'"); 1492 $db->update_query("threads", $username_update, "uid='{$user['uid']}'"); 1493 $db->update_query("threads", $lastposter_update, "lastposteruid='{$user['uid']}'"); 1494 $db->update_query("forums", $lastposter_update, "lastposteruid='{$user['uid']}'"); 1495 1496 $stats = $cache->read("stats"); 1497 if($stats['lastuid'] == $user['uid']) 1498 { 1499 // User was latest to register, update stats 1500 update_stats(array("numusers" => "+0")); 1501 } 1502 } 1503 1504 return true; 1505 } 1506 1507 /** 1508 * Provides a method to completely delete a user. 1509 * 1510 * @param array $delete_uids Array of user information 1511 * @param integer $prunecontent Whether if delete threads/posts or not 1512 * @return array 1513 */ 1514 function delete_user($delete_uids, $prunecontent=0) 1515 { 1516 global $db, $plugins, $mybb, $cache; 1517 1518 // Yes, validating is required. 1519 if(count($this->get_errors()) > 0) 1520 { 1521 die('The user is not valid.'); 1522 } 1523 1524 $this->delete_uids = array_map('intval', (array)$delete_uids); 1525 1526 foreach($this->delete_uids as $key => $uid) 1527 { 1528 if(!$uid || is_super_admin($uid) || $uid == $mybb->user['uid']) 1529 { 1530 // Remove super admins 1531 unset($this->delete_uids[$key]); 1532 } 1533 } 1534 1535 $plugins->run_hooks('datahandler_user_delete_start', $this); 1536 1537 $this->delete_uids = implode(',', $this->delete_uids); 1538 1539 if(empty($this->delete_uids)) 1540 { 1541 $this->deleted_users = 0; 1542 $this->return_values = array( 1543 "deleted_users" => $this->deleted_users 1544 ); 1545 1546 return $this->return_values; 1547 } 1548 1549 $this->delete_content(); 1550 1551 // Delete the user 1552 $query = $db->delete_query('users', "uid IN({$this->delete_uids})"); 1553 $this->deleted_users = $db->affected_rows($query); 1554 1555 // Are we removing the posts/threads of a user? 1556 if((int)$prunecontent == 1) 1557 { 1558 $this->delete_posts(); 1559 $db->delete_query('announcements', "uid IN({$this->delete_uids})"); 1560 } 1561 else 1562 { 1563 // We're just updating the UID 1564 $db->update_query('pollvotes', array('uid' => 0), "uid IN({$this->delete_uids})"); 1565 $db->update_query('posts', array('uid' => 0), "uid IN({$this->delete_uids})"); 1566 $db->update_query('threads', array('uid' => 0), "uid IN({$this->delete_uids})"); 1567 $db->update_query('attachments', array('uid' => 0), "uid IN({$this->delete_uids})"); 1568 $db->update_query('announcements', array('uid' => 0), "uid IN({$this->delete_uids})"); 1569 } 1570 1571 $db->update_query('privatemessages', array('fromid' => 0), "fromid IN({$this->delete_uids})"); 1572 $db->update_query('users', array('referrer' => 0), "referrer IN({$this->delete_uids})"); 1573 1574 // Update thread ratings 1575 $query = $db->query(" 1576 SELECT r.*, t.numratings, t.totalratings 1577 FROM ".TABLE_PREFIX."threadratings r 1578 LEFT JOIN ".TABLE_PREFIX."threads t ON (t.tid=r.tid) 1579 WHERE r.uid IN({$this->delete_uids}) 1580 "); 1581 while($rating = $db->fetch_array($query)) 1582 { 1583 $update_thread = array( 1584 "numratings" => $rating['numratings'] - 1, 1585 "totalratings" => $rating['totalratings'] - $rating['rating'] 1586 ); 1587 $db->update_query("threads", $update_thread, "tid='{$rating['tid']}'"); 1588 } 1589 1590 $db->delete_query('threadratings', "uid IN({$this->delete_uids})"); 1591 1592 // Update forums & threads if user is the lastposter 1593 $db->update_query('forums', array('lastposteruid' => 0), "lastposteruid IN({$this->delete_uids})"); 1594 $db->update_query('threads', array('lastposteruid' => 0), "lastposteruid IN({$this->delete_uids})"); 1595 1596 // Update forum stats 1597 update_stats(array('numusers' => '-'.$this->deleted_users)); 1598 1599 $this->return_values = array( 1600 "deleted_users" => $this->deleted_users 1601 ); 1602 1603 $plugins->run_hooks("datahandler_user_delete_end", $this); 1604 1605 // Update cache 1606 $cache->update_moderators(); 1607 $cache->update_forumsdisplay(); 1608 $cache->update_reportedcontent(); 1609 $cache->update_awaitingactivation(); 1610 $cache->update_birthdays(); 1611 1612 return $this->return_values; 1613 } 1614 1615 /** 1616 * Provides a method to delete users' content 1617 * 1618 * @param array|bool $delete_uids Array of user ids, false if they're already set (eg when using the delete_user function) 1619 */ 1620 function delete_content($delete_uids=false) 1621 { 1622 global $db, $plugins, $mybb; 1623 1624 if($delete_uids != false) 1625 { 1626 $this->delete_uids = array_map('intval', (array)$delete_uids); 1627 1628 foreach($this->delete_uids as $key => $uid) 1629 { 1630 if(!$uid || is_super_admin($uid) || $uid == $mybb->user['uid']) 1631 { 1632 // Remove super admins 1633 unset($this->delete_uids[$key]); 1634 } 1635 } 1636 1637 $this->delete_uids = implode(',', $this->delete_uids); 1638 } 1639 1640 $plugins->run_hooks('datahandler_user_delete_content', $this); 1641 1642 if(empty($this->delete_uids)) 1643 { 1644 return; 1645 } 1646 1647 $db->delete_query('userfields', "ufid IN({$this->delete_uids})"); 1648 $db->delete_query('privatemessages', "uid IN({$this->delete_uids})"); 1649 $db->delete_query('events', "uid IN({$this->delete_uids})"); 1650 $db->delete_query('moderators', "id IN({$this->delete_uids}) AND isgroup = 0"); 1651 $db->delete_query('forumsubscriptions', "uid IN({$this->delete_uids})"); 1652 $db->delete_query('threadsubscriptions', "uid IN({$this->delete_uids})"); 1653 $db->delete_query('forumsread', "uid IN({$this->delete_uids})"); 1654 $db->delete_query('threadsread', "uid IN({$this->delete_uids})"); 1655 $db->delete_query('adminviews', "uid IN({$this->delete_uids})"); 1656 $db->delete_query('adminoptions', "uid IN({$this->delete_uids})"); 1657 $db->delete_query('adminsessions', "uid IN({$this->delete_uids})"); 1658 $db->delete_query('sessions', "uid IN({$this->delete_uids})"); 1659 $db->delete_query('banned', "uid IN({$this->delete_uids})"); 1660 $db->delete_query('joinrequests', "uid IN({$this->delete_uids})"); 1661 $db->delete_query('groupleaders', "uid IN({$this->delete_uids})"); 1662 $db->delete_query('awaitingactivation', "uid IN({$this->delete_uids})"); 1663 $db->delete_query('warnings', "uid IN({$this->delete_uids})"); 1664 $db->delete_query('reputation', "uid IN({$this->delete_uids}) OR adduid IN({$this->delete_uids})"); 1665 $db->delete_query('buddyrequests', "uid IN({$this->delete_uids}) OR touid IN({$this->delete_uids})"); 1666 $db->delete_query('posts', "uid IN({$this->delete_uids}) AND visible = -2"); 1667 $db->delete_query('threads', "uid IN({$this->delete_uids}) AND visible = -2"); 1668 1669 // Delete reports made to the profile or reputation of the deleted users (i.e. made by them) 1670 $db->delete_query('reportedcontent', "type='reputation' AND id3 IN({$this->delete_uids}) OR type='reputation' AND id2 IN({$this->delete_uids})"); 1671 $db->delete_query('reportedcontent', "type='profile' AND id IN({$this->delete_uids})"); 1672 1673 // Update the reports made by the deleted users by setting the uid to 0 1674 $db->update_query('reportedcontent', array('uid' => 0), "uid IN({$this->delete_uids})"); 1675 1676 // Remove any of the user(s) uploaded avatars 1677 require_once MYBB_ROOT.'inc/functions_upload.php'; 1678 foreach(explode(',', $this->delete_uids) as $uid) 1679 { 1680 remove_avatars($uid); 1681 } 1682 } 1683 1684 /** 1685 * Provides a method to delete an users posts and threads 1686 * 1687 * @param array|bool $delete_uids Array of user ids, false if they're already set (eg when using the delete_user function) 1688 */ 1689 function delete_posts($delete_uids=false) 1690 { 1691 global $db, $plugins, $mybb; 1692 1693 if($delete_uids != false) 1694 { 1695 $this->delete_uids = array_map('intval', (array)$delete_uids); 1696 1697 foreach($this->delete_uids as $key => $uid) 1698 { 1699 if(!$uid || is_super_admin($uid) || $uid == $mybb->user['uid']) 1700 { 1701 // Remove super admins 1702 unset($this->delete_uids[$key]); 1703 } 1704 } 1705 1706 $this->delete_uids = implode(',', $this->delete_uids); 1707 } 1708 1709 require_once MYBB_ROOT.'inc/class_moderation.php'; 1710 $moderation = new Moderation(); 1711 1712 $plugins->run_hooks('datahandler_user_delete_posts', $this); 1713 1714 if(empty($this->delete_uids)) 1715 { 1716 return; 1717 } 1718 1719 // Threads 1720 $query = $db->simple_select('threads', 'tid', "uid IN({$this->delete_uids})"); 1721 while($tid = $db->fetch_field($query, 'tid')) 1722 { 1723 $moderation->delete_thread($tid); 1724 } 1725 1726 // Posts 1727 $query = $db->simple_select('posts', 'pid', "uid IN({$this->delete_uids})"); 1728 while($pid = $db->fetch_field($query, 'pid')) 1729 { 1730 $moderation->delete_post($pid); 1731 } 1732 } 1733 1734 /** 1735 * Provides a method to clear an users profile 1736 * 1737 * @param array|bool $delete_uids Array of user ids, false if they're already set (eg when using the delete_user function) 1738 * @param int $gid The new usergroup if the users should be moved (additional usergroups are always removed) 1739 */ 1740 function clear_profile($delete_uids=false, $gid=0) 1741 { 1742 global $db, $plugins, $mybb; 1743 1744 // delete_uids isn't a nice name, but it's used as the functions above use the same 1745 if($delete_uids != false) 1746 { 1747 $this->delete_uids = array_map('intval', (array)$delete_uids); 1748 1749 foreach($this->delete_uids as $key => $uid) 1750 { 1751 if(!$uid || is_super_admin($uid) || $uid == $mybb->user['uid']) 1752 { 1753 // Remove super admins 1754 unset($this->delete_uids[$key]); 1755 } 1756 } 1757 1758 $this->delete_uids = implode(',', $this->delete_uids); 1759 } 1760 1761 $update = array( 1762 "website" => "", 1763 "birthday" => "", 1764 "skype" => "", 1765 "google" => "", 1766 "usertitle" => "", 1767 "away" => 0, 1768 "awaydate" => 0, 1769 "returndate" => "", 1770 "awayreason" => "", 1771 "additionalgroups" => "", 1772 "displaygroup" => 0, 1773 "signature" => "", 1774 "avatar" => "", 1775 'avatardimensions' => '', 1776 'avatartype' => '' 1777 ); 1778 1779 if($gid > 0) 1780 { 1781 $update["usergroup"] = (int)$gid; 1782 } 1783 1784 $plugins->run_hooks('datahandler_user_clear_profile', $this); 1785 1786 if(empty($this->delete_uids)) 1787 { 1788 return; 1789 } 1790 1791 $db->update_query("users", $update, "uid IN({$this->delete_uids})"); 1792 $db->delete_query('userfields', "ufid IN({$this->delete_uids})"); 1793 1794 // Remove any of the user(s) uploaded avatars 1795 require_once MYBB_ROOT.'inc/functions_upload.php'; 1796 foreach(explode(',', $this->delete_uids) as $uid) 1797 { 1798 remove_avatars($uid); 1799 } 1800 } 1801 1802 public function verify_signature() 1803 { 1804 global $mybb, $parser; 1805 1806 if(!isset($this->data['signature'])) 1807 { 1808 return true; 1809 } 1810 1811 if(!isset($parser)) 1812 { 1813 require_once MYBB_ROOT."inc/class_parser.php"; 1814 $parser = new postParser; 1815 } 1816 1817 $parser_options = array( 1818 'allow_html' => $mybb->settings['sightml'], 1819 'allow_mycode' => $mybb->settings['sigmycode'], 1820 'allow_smilies' => $mybb->settings['sigsmilies'], 1821 'allow_imgcode' => $mybb->settings['sigimgcode'], 1822 "filter_badwords" => 1 1823 ); 1824 1825 $parsed_sig = $parser->parse_message($this->data['signature'], $parser_options); 1826 1827 if((($mybb->settings['sigimgcode'] == 0 && $mybb->settings['sigsmilies'] != 1) && 1828 substr_count($parsed_sig, "<img") > 0) || 1829 (($mybb->settings['sigimgcode'] == 1 || $mybb->settings['sigsmilies'] == 1) && 1830 substr_count($parsed_sig, "<img") > $mybb->settings['maxsigimages']) 1831 ) 1832 { 1833 $imgsallowed = 0; 1834 1835 if($mybb->settings['sigimgcode'] == 1) 1836 { 1837 $imgsallowed = $mybb->settings['maxsigimages']; 1838 } 1839 1840 $this->set_error('too_many_sig_images2', array($imgsallowed)); 1841 } 1842 1843 if($mybb->settings['sigcountmycode'] == 0) 1844 { 1845 $parsed_sig = $parser->text_parse_message($this->data['signature'], array('signature_parse' => '1')); 1846 } 1847 else 1848 { 1849 $parsed_sig = $this->data['signature']; 1850 } 1851 1852 if($mybb->settings['siglength'] > 0) 1853 { 1854 $parsed_sig = preg_replace("#\s#", "", $parsed_sig); 1855 $sig_length = my_strlen($parsed_sig); 1856 1857 if($sig_length > $mybb->settings['siglength']) 1858 { 1859 $this->set_error('sig_too_long', array($mybb->settings['siglength'])); 1860 1861 if($sig_length - $mybb->settings['siglength'] > 1) 1862 { 1863 $this->set_error('sig_remove_chars_plural', array($sig_length-$mybb->settings['siglength'])); 1864 } 1865 else 1866 { 1867 $this->set_error('sig_remove_chars_singular'); 1868 } 1869 } 1870 } 1871 1872 if(count($this->get_errors()) > 0) 1873 { 1874 return false; 1875 } 1876 return true; 1877 } 1878 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| 2005 - 2021 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup | Cross-referenced by PHPXref |