| [ Index ] |
PHP Cross Reference of MyBB 1.8.38 |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * MyBB 1.8 4 * Copyright 2014 MyBB Group, All Rights Reserved 5 * 6 * Website: http://www.mybb.com 7 * License: http://www.mybb.com/about/license 8 * 9 */ 10 11 /** 12 * Checks if a user with uid $uid exists in the database. 13 * 14 * @param int $uid The uid to check for. 15 * @return boolean True when exists, false when not. 16 */ 17 function user_exists($uid) 18 { 19 global $db; 20 21 $query = $db->simple_select("users", "COUNT(*) as user", "uid='".(int)$uid."'", array('limit' => 1)); 22 if($db->fetch_field($query, 'user') == 1) 23 { 24 return true; 25 } 26 else 27 { 28 return false; 29 } 30 } 31 32 /** 33 * Checks if $username already exists in the database. 34 * 35 * @param string $username The username for check for. 36 * @return boolean True when exists, false when not. 37 */ 38 function username_exists($username) 39 { 40 $options = array( 41 'username_method' => 2 42 ); 43 44 return (bool)get_user_by_username($username, $options); 45 } 46 47 /** 48 * Checks a password with a supplied username. 49 * 50 * @param string $username The username of the user. 51 * @param string $password The plain-text password. 52 * @return boolean|array False when no match, array with user info when match. 53 */ 54 function validate_password_from_username($username, $password) 55 { 56 global $mybb; 57 58 $options = array( 59 'fields' => '*', 60 'username_method' => $mybb->settings['username_method'], 61 ); 62 63 $user = get_user_by_username($username, $options); 64 65 if(!$user) 66 { 67 return false; 68 } 69 70 return validate_password_from_uid($user['uid'], $password, $user); 71 } 72 73 /** 74 * Checks a password with a supplied uid. 75 * 76 * @param int $uid The user id. 77 * @param string $password The plain-text password. 78 * @param array $user An optional user data array. 79 * @return boolean|array False when not valid, user data array when valid. 80 */ 81 function validate_password_from_uid($uid, $password, $user = array()) 82 { 83 global $db, $mybb; 84 if(isset($mybb->user['uid']) && $mybb->user['uid'] == $uid) 85 { 86 $user = $mybb->user; 87 } 88 if(!$user['password']) 89 { 90 $user = get_user($uid); 91 } 92 93 if(!$user['loginkey']) 94 { 95 $user['loginkey'] = generate_loginkey(); 96 $sql_array = array( 97 "loginkey" => $user['loginkey'] 98 ); 99 $db->update_query("users", $sql_array, "uid = ".$user['uid']); 100 } 101 if(verify_user_password($user, $password)) 102 { 103 return $user; 104 } 105 else 106 { 107 return false; 108 } 109 } 110 111 /** 112 * Updates a user's password. 113 * 114 * @param int $uid The user's id. 115 * @param string $password The md5()'ed password. 116 * @param string $salt (Optional) The salt of the user. 117 * @return array The new password. 118 * @deprecated deprecated since version 1.8.6 Please use other alternatives. 119 */ 120 function update_password($uid, $password, $salt="") 121 { 122 global $db, $plugins; 123 124 $newpassword = array(); 125 126 // If no salt was specified, check in database first, if still doesn't exist, create one 127 if(!$salt) 128 { 129 $query = $db->simple_select("users", "salt", "uid='$uid'"); 130 $user = $db->fetch_array($query); 131 if($user['salt']) 132 { 133 $salt = $user['salt']; 134 } 135 else 136 { 137 $salt = generate_salt(); 138 } 139 $newpassword['salt'] = $salt; 140 } 141 142 // Create new password based on salt 143 $saltedpw = salt_password($password, $salt); 144 145 // Generate new login key 146 $loginkey = generate_loginkey(); 147 148 // Update password and login key in database 149 $newpassword['password'] = $saltedpw; 150 $newpassword['loginkey'] = $loginkey; 151 $db->update_query("users", $newpassword, "uid='$uid'"); 152 153 $plugins->run_hooks("password_changed"); 154 155 return $newpassword; 156 } 157 158 /** 159 * Salts a password based on a supplied salt. 160 * 161 * @param string $password The md5()'ed password. 162 * @param string $salt The salt. 163 * @return string The password hash. 164 * @deprecated deprecated since version 1.8.9 Please use other alternatives. 165 */ 166 function salt_password($password, $salt) 167 { 168 return md5(md5($salt).$password); 169 } 170 171 /** 172 * Salts a password based on a supplied salt. 173 * 174 * @param string $password The input password. 175 * @param string $salt (Optional) The salt used by the MyBB algorithm. 176 * @param string $user (Optional) An array containing password-related data. 177 * @return array Password-related fields. 178 */ 179 function create_password($password, $salt = false, $user = false) 180 { 181 global $plugins; 182 183 $fields = null; 184 185 $parameters = compact('password', 'salt', 'user', 'fields'); 186 187 if(!defined('IN_INSTALL') && !defined('IN_UPGRADE')) 188 { 189 $plugins->run_hooks('create_password', $parameters); 190 } 191 192 if(!is_null($parameters['fields'])) 193 { 194 $fields = $parameters['fields']; 195 } 196 else 197 { 198 if(!$salt) 199 { 200 $salt = generate_salt(); 201 } 202 203 $hash = md5(md5($salt).md5($password)); 204 205 $fields = array( 206 'salt' => $salt, 207 'password' => $hash, 208 ); 209 } 210 211 return $fields; 212 } 213 214 /** 215 * Compares user's password data against provided input. 216 * 217 * @param array $user An array containing password-related data. 218 * @param string $password The plain-text input password. 219 * @return bool Result of the comparison. 220 */ 221 function verify_user_password($user, $password) 222 { 223 global $plugins; 224 225 $result = null; 226 227 $parameters = compact('user', 'password', 'result'); 228 229 if(!defined('IN_INSTALL') && !defined('IN_UPGRADE')) 230 { 231 $plugins->run_hooks('verify_user_password', $parameters); 232 } 233 234 if(!is_null($parameters['result'])) 235 { 236 return $parameters['result']; 237 } 238 else 239 { 240 $password_fields = create_password($password, $user['salt'], $user); 241 242 return my_hash_equals($user['password'], $password_fields['password']); 243 } 244 } 245 246 /** 247 * Generates a random salt 248 * 249 * @return string The salt. 250 */ 251 function generate_salt() 252 { 253 return random_str(8); 254 } 255 256 /** 257 * Generates a 50 character random login key. 258 * 259 * @return string The login key. 260 */ 261 function generate_loginkey() 262 { 263 return random_str(50); 264 } 265 266 /** 267 * Updates a user's salt in the database (does not update a password). 268 * 269 * @param int $uid The uid of the user to update. 270 * @return string The new salt. 271 */ 272 function update_salt($uid) 273 { 274 global $db; 275 276 $salt = generate_salt(); 277 $sql_array = array( 278 "salt" => $salt 279 ); 280 $db->update_query("users", $sql_array, "uid='{$uid}'"); 281 282 return $salt; 283 } 284 285 /** 286 * Generates a new login key for a user. 287 * 288 * @param int $uid The uid of the user to update. 289 * @return string The new login key. 290 */ 291 function update_loginkey($uid) 292 { 293 global $db; 294 295 $loginkey = generate_loginkey(); 296 $sql_array = array( 297 "loginkey" => $loginkey 298 ); 299 $db->update_query("users", $sql_array, "uid='{$uid}'"); 300 301 return $loginkey; 302 303 } 304 305 /** 306 * Adds a thread to a user's thread subscription list. 307 * If no uid is supplied, the currently logged in user's id will be used. 308 * 309 * @param int $tid The tid of the thread to add to the list. 310 * @param int $notification (Optional) The type of notification to receive for replies (0=none, 1=email, 2=pm) 311 * @param int $uid (Optional) The uid of the user who's list to update. 312 * @return boolean True when success, false when otherwise. 313 */ 314 function add_subscribed_thread($tid, $notification=1, $uid=0) 315 { 316 global $mybb, $db; 317 318 if(!$uid) 319 { 320 $uid = $mybb->user['uid']; 321 } 322 323 if(!$uid) 324 { 325 return false; 326 } 327 328 $query = $db->simple_select("threadsubscriptions", "*", "tid='".(int)$tid."' AND uid='".(int)$uid."'"); 329 $subscription = $db->fetch_array($query); 330 if(!$subscription) 331 { 332 $insert_array = array( 333 'uid' => (int)$uid, 334 'tid' => (int)$tid, 335 'notification' => (int)$notification, 336 'dateline' => TIME_NOW 337 ); 338 $db->insert_query("threadsubscriptions", $insert_array); 339 } 340 else 341 { 342 // Subscription exists - simply update notification 343 $update_array = array( 344 "notification" => (int)$notification 345 ); 346 $db->update_query("threadsubscriptions", $update_array, "uid='{$uid}' AND tid='{$tid}'"); 347 } 348 return true; 349 } 350 351 /** 352 * Remove a thread from a user's thread subscription list. 353 * If no uid is supplied, the currently logged in user's id will be used. 354 * 355 * @param int $tid The tid of the thread to remove from the list. 356 * @param int $uid (Optional) The uid of the user who's list to update. 357 * @return boolean True when success, false when otherwise. 358 */ 359 function remove_subscribed_thread($tid, $uid=0) 360 { 361 global $mybb, $db; 362 363 if(!$uid) 364 { 365 $uid = $mybb->user['uid']; 366 } 367 368 if(!$uid) 369 { 370 return false; 371 } 372 $db->delete_query("threadsubscriptions", "tid='".$tid."' AND uid='{$uid}'"); 373 374 return true; 375 } 376 377 /** 378 * Adds a forum to a user's forum subscription list. 379 * If no uid is supplied, the currently logged in user's id will be used. 380 * 381 * @param int $fid The fid of the forum to add to the list. 382 * @param int $uid (Optional) The uid of the user who's list to update. 383 * @return boolean True when success, false when otherwise. 384 */ 385 function add_subscribed_forum($fid, $uid=0) 386 { 387 global $mybb, $db; 388 389 if(!$uid) 390 { 391 $uid = $mybb->user['uid']; 392 } 393 394 if(!$uid) 395 { 396 return false; 397 } 398 399 $fid = (int)$fid; 400 $uid = (int)$uid; 401 402 $query = $db->simple_select("forumsubscriptions", "*", "fid='".$fid."' AND uid='{$uid}'", array('limit' => 1)); 403 $fsubscription = $db->fetch_array($query); 404 if(!$fsubscription) 405 { 406 $insert_array = array( 407 'fid' => $fid, 408 'uid' => $uid 409 ); 410 $db->insert_query("forumsubscriptions", $insert_array); 411 } 412 413 return true; 414 } 415 416 /** 417 * Removes a forum from a user's forum subscription list. 418 * If no uid is supplied, the currently logged in user's id will be used. 419 * 420 * @param int $fid The fid of the forum to remove from the list. 421 * @param int $uid (Optional) The uid of the user who's list to update. 422 * @return boolean True when success, false when otherwise. 423 */ 424 function remove_subscribed_forum($fid, $uid=0) 425 { 426 global $mybb, $db; 427 428 if(!$uid) 429 { 430 $uid = $mybb->user['uid']; 431 } 432 433 if(!$uid) 434 { 435 return false; 436 } 437 $db->delete_query("forumsubscriptions", "fid='".$fid."' AND uid='{$uid}'"); 438 439 return true; 440 } 441 442 /** 443 * Constructs the usercp navigation menu. 444 * 445 */ 446 function usercp_menu() 447 { 448 global $mybb, $templates, $theme, $plugins, $lang, $usercpnav, $usercpmenu; 449 450 $lang->load("usercpnav"); 451 452 // Add the default items as plugins with separated priorities of 10 453 if($mybb->settings['enablepms'] != 0 && $mybb->usergroup['canusepms'] == 1) 454 { 455 $plugins->add_hook("usercp_menu", "usercp_menu_messenger", 10); 456 } 457 458 if($mybb->usergroup['canusercp'] == 1) 459 { 460 $plugins->add_hook("usercp_menu", "usercp_menu_profile", 20); 461 $plugins->add_hook("usercp_menu", "usercp_menu_misc", 30); 462 } 463 464 // Run the plugin hooks 465 $plugins->run_hooks("usercp_menu"); 466 global $usercpmenu; 467 468 if($mybb->usergroup['canusercp'] == 1) 469 { 470 eval("\$ucp_nav_home = \"".$templates->get("usercp_nav_home")."\";"); 471 } 472 473 eval("\$usercpnav = \"".$templates->get("usercp_nav")."\";"); 474 475 $plugins->run_hooks("usercp_menu_built"); 476 } 477 478 /** 479 * Constructs the usercp messenger menu. 480 * 481 */ 482 function usercp_menu_messenger() 483 { 484 global $db, $mybb, $templates, $theme, $usercpmenu, $lang, $collapse, $collapsed, $collapsedimg; 485 486 $expaltext = (in_array("usercppms", $collapse)) ? $lang->expcol_expand : $lang->expcol_collapse; 487 $usercp_nav_messenger = $templates->get("usercp_nav_messenger"); 488 // Hide tracking link if no permission 489 $tracking = ''; 490 if($mybb->usergroup['cantrackpms']) 491 { 492 $tracking = $templates->get("usercp_nav_messenger_tracking"); 493 } 494 eval("\$ucp_nav_tracking = \"". $tracking ."\";"); 495 496 // Hide compose link if no permission 497 $ucp_nav_compose = ''; 498 if($mybb->usergroup['cansendpms'] == 1) 499 { 500 eval("\$ucp_nav_compose = \"".$templates->get("usercp_nav_messenger_compose")."\";"); 501 } 502 503 $folderlinks = $folder_id = $folder_name = ''; 504 $foldersexploded = explode("$%%$", $mybb->user['pmfolders']); 505 foreach($foldersexploded as $key => $folders) 506 { 507 $folderinfo = explode("**", $folders, 2); 508 $folderinfo[1] = get_pm_folder_name($folderinfo[0], $folderinfo[1]); 509 if($folderinfo[0] == 4) 510 { 511 $class = "usercp_nav_trash_pmfolder"; 512 } 513 else if($folderlinks) 514 { 515 $class = "usercp_nav_sub_pmfolder"; 516 } 517 else 518 { 519 $class = "usercp_nav_pmfolder"; 520 } 521 522 $folder_id = $folderinfo[0]; 523 $folder_name = $folderinfo[1]; 524 525 eval("\$folderlinks .= \"".$templates->get("usercp_nav_messenger_folder")."\";"); 526 } 527 528 if(!isset($collapsedimg['usercppms'])) 529 { 530 $collapsedimg['usercppms'] = ''; 531 } 532 533 if(!isset($collapsed['usercppms_e'])) 534 { 535 $collapsed['usercppms_e'] = ''; 536 } 537 538 eval("\$usercpmenu .= \"".$usercp_nav_messenger."\";"); 539 } 540 541 /** 542 * Constructs the usercp profile menu. 543 * 544 */ 545 function usercp_menu_profile() 546 { 547 global $db, $mybb, $templates, $theme, $usercpmenu, $lang, $collapse, $collapsed, $collapsedimg; 548 549 $changenameop = ''; 550 if($mybb->usergroup['canchangename'] != 0) 551 { 552 eval("\$changenameop = \"".$templates->get("usercp_nav_changename")."\";"); 553 } 554 555 $changesigop = ''; 556 if($mybb->usergroup['canusesig'] == 1 && ($mybb->usergroup['canusesigxposts'] == 0 || $mybb->usergroup['canusesigxposts'] > 0 && $mybb->user['postnum'] > $mybb->usergroup['canusesigxposts'])) 557 { 558 if($mybb->user['suspendsignature'] == 0 || $mybb->user['suspendsignature'] == 1 && $mybb->user['suspendsigtime'] > 0 && $mybb->user['suspendsigtime'] < TIME_NOW) 559 { 560 eval("\$changesigop = \"".$templates->get("usercp_nav_editsignature")."\";"); 561 } 562 } 563 564 if(!isset($collapsedimg['usercpprofile'])) 565 { 566 $collapsedimg['usercpprofile'] = ''; 567 } 568 569 if(!isset($collapsed['usercpprofile_e'])) 570 { 571 $collapsed['usercpprofile_e'] = ''; 572 } 573 574 $expaltext = (in_array("usercpprofile", $collapse)) ? $lang->expcol_expand : $lang->expcol_collapse; 575 eval("\$usercpmenu .= \"".$templates->get("usercp_nav_profile")."\";"); 576 } 577 578 /** 579 * Constructs the usercp misc menu. 580 * 581 */ 582 function usercp_menu_misc() 583 { 584 global $db, $mybb, $templates, $theme, $usercpmenu, $lang, $collapse, $collapsed, $collapsedimg; 585 586 $draftstart = $draftend = $attachmentop = ''; 587 $draftcount = $lang->ucp_nav_drafts; 588 589 $query = $db->simple_select("posts", "COUNT(pid) AS draftcount", "visible = '-2' AND uid = '{$mybb->user['uid']}'"); 590 $count = $db->fetch_field($query, 'draftcount'); 591 592 if($count > 0) 593 { 594 $draftcount = $lang->sprintf($lang->ucp_nav_drafts_active, my_number_format($count)); 595 } 596 597 if($mybb->settings['enableattachments'] != 0) 598 { 599 eval("\$attachmentop = \"".$templates->get("usercp_nav_attachments")."\";"); 600 } 601 602 if(!isset($collapsedimg['usercpmisc'])) 603 { 604 $collapsedimg['usercpmisc'] = ''; 605 } 606 607 if(!isset($collapsed['usercpmisc_e'])) 608 { 609 $collapsed['usercpmisc_e'] = ''; 610 } 611 612 $profile_link = get_profile_link($mybb->user['uid']); 613 $expaltext = (in_array("usercpmisc", $collapse)) ? $lang->expcol_expand : $lang->expcol_collapse; 614 eval("\$usercpmenu .= \"".$templates->get("usercp_nav_misc")."\";"); 615 } 616 617 /** 618 * Gets the usertitle for a specific uid. 619 * 620 * @param int $uid The uid of the user to get the usertitle of. 621 * @return string The usertitle of the user. 622 */ 623 function get_usertitle($uid=0) 624 { 625 global $db, $mybb; 626 627 if($mybb->user['uid'] == $uid) 628 { 629 $user = $mybb->user; 630 } 631 else 632 { 633 $query = $db->simple_select("users", "usertitle,postnum", "uid='$uid'", array('limit' => 1)); 634 $user = $db->fetch_array($query); 635 } 636 637 if($user['usertitle']) 638 { 639 return $user['usertitle']; 640 } 641 else 642 { 643 $usertitles = $mybb->cache->read('usertitles'); 644 foreach($usertitles as $title) 645 { 646 if($title['posts'] <= $user['postnum']) 647 { 648 $usertitle = $title; 649 break; 650 } 651 } 652 653 return $usertitle['title']; 654 } 655 } 656 657 /** 658 * Updates a users private message count in the users table with the number of pms they have. 659 * 660 * @param int $uid The user id to update the count for. If none, assumes currently logged in user. 661 * @param int $count_to_update Bitwise value for what to update. 1 = total, 2 = new, 4 = unread. Combinations accepted. 662 * @return array The updated counters 663 */ 664 function update_pm_count($uid=0, $count_to_update=7) 665 { 666 global $db, $mybb; 667 668 // If no user id, assume that we mean the current logged in user. 669 if((int)$uid == 0) 670 { 671 $uid = $mybb->user['uid']; 672 } 673 674 $uid = (int)$uid; 675 $pmcount = array(); 676 if($uid == 0) 677 { 678 return $pmcount; 679 } 680 681 // Update total number of messages. 682 if($count_to_update & 1) 683 { 684 $query = $db->simple_select("privatemessages", "COUNT(pmid) AS pms_total", "uid='".$uid."'"); 685 $total = $db->fetch_array($query); 686 $pmcount['totalpms'] = $total['pms_total']; 687 } 688 689 // Update number of unread messages. 690 if($count_to_update & 2 && $db->field_exists("unreadpms", "users") == true) 691 { 692 $query = $db->simple_select("privatemessages", "COUNT(pmid) AS pms_unread", "uid='".$uid."' AND status='0' AND folder='1'"); 693 $unread = $db->fetch_array($query); 694 $pmcount['unreadpms'] = $unread['pms_unread']; 695 } 696 697 if(!empty($pmcount)) 698 { 699 $db->update_query("users", $pmcount, "uid='".$uid."'"); 700 } 701 return $pmcount; 702 } 703 704 /** 705 * Return the language specific name for a PM folder. 706 * 707 * @param int $fid The ID of the folder. 708 * @param string $name The folder name - can be blank, will use language default. 709 * @return string The name of the folder. 710 */ 711 function get_pm_folder_name($fid, $name="") 712 { 713 global $lang; 714 715 if($name != '') 716 { 717 return $name; 718 } 719 720 switch($fid) 721 { 722 case 0: 723 return $lang->folder_inbox; 724 break; 725 case 1: 726 return $lang->folder_unread; 727 break; 728 case 2: 729 return $lang->folder_sent_items; 730 break; 731 case 3: 732 return $lang->folder_drafts; 733 break; 734 case 4: 735 return $lang->folder_trash; 736 break; 737 default: 738 return $lang->folder_untitled; 739 } 740 } 741 742 /** 743 * Generates a security question for registration. 744 * 745 * @param int $old_qid Optional ID of the old question. 746 * @return string The question session id. 747 */ 748 function generate_question($old_qid=0) 749 { 750 global $db; 751 752 if($db->type == 'pgsql' || $db->type == 'sqlite') 753 { 754 $order_by = 'RANDOM()'; 755 } 756 else 757 { 758 $order_by = 'RAND()'; 759 } 760 761 $excl_old = ''; 762 if($old_qid) 763 { 764 $excl_old = ' AND qid != '.(int)$old_qid; 765 } 766 767 $query = $db->simple_select('questions', 'qid, shown', "active=1{$excl_old}", array('limit' => 1, 'order_by' => $order_by)); 768 $question = $db->fetch_array($query); 769 770 if(!$db->num_rows($query)) 771 { 772 // No active questions exist 773 return false; 774 } 775 else 776 { 777 $sessionid = random_str(32); 778 779 $sql_array = array( 780 "sid" => $sessionid, 781 "qid" => $question['qid'], 782 "dateline" => TIME_NOW 783 ); 784 $db->insert_query("questionsessions", $sql_array); 785 786 $update_question = array( 787 "shown" => $question['shown'] + 1 788 ); 789 $db->update_query("questions", $update_question, "qid = '{$question['qid']}'"); 790 791 return $sessionid; 792 } 793 } 794 795 /** 796 * Check whether we can show the Purge Spammer Feature 797 * 798 * @param int $post_count The users post count 799 * @param int $usergroup The usergroup of our user 800 * @param int $uid The uid of our user 801 * @return boolean Whether or not to show the feature 802 */ 803 function purgespammer_show($post_count, $usergroup, $uid) 804 { 805 global $mybb, $cache; 806 807 // only show this if the current user has permission to use it and the user has less than the post limit for using this tool 808 $bangroup = $mybb->settings['purgespammerbangroup']; 809 $usergroups = $cache->read('usergroups'); 810 811 return ($mybb->user['uid'] != $uid && is_member($mybb->settings['purgespammergroups']) && !is_super_admin($uid) 812 && !$usergroups[$usergroup]['cancp'] && !$usergroups[$usergroup]['canmodcp'] && !$usergroups[$usergroup]['issupermod'] 813 && (str_replace($mybb->settings['thousandssep'], '', $post_count) <= $mybb->settings['purgespammerpostlimit'] || $mybb->settings['purgespammerpostlimit'] == 0) 814 && !is_member($bangroup, $uid) && !$usergroups[$usergroup]['isbannedgroup']); 815 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| 2005 - 2021 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup | Cross-referenced by PHPXref |