From 2924aa13b306d180be566a6b2960aaed33240f1d Mon Sep 17 00:00:00 2001 From: "Paul S. Owen" Date: Sat, 21 Dec 2002 00:15:13 +0000 Subject: [PATCH] More fixes git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@3219 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/docs/CHANGELOG.html | 2 + phpBB/includes/functions_validate.php | 84 ++++++++++++++++---------- phpBB/install/schemas/mysql_schema.sql | 7 +-- 3 files changed, 56 insertions(+), 37 deletions(-) diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index 140351b518..772c882b80 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -163,6 +163,8 @@ p,ul,td {font-size:10pt;}
  • Fixed bbcode quote breaking when username contained ] before [
  • Fixed duplicate group_id error during upgrade of users from phpBB 1.x
  • Fixed stripslashes() problem with the conversion of the config table from phpBB 1.x
    • +
  • Rejiggled validation code, may eliminate "Username disallowed" issues
    • +
  • diff --git a/phpBB/includes/functions_validate.php b/phpBB/includes/functions_validate.php index 02492d639e..6ad6bf1735 100644 --- a/phpBB/includes/functions_validate.php +++ b/phpBB/includes/functions_validate.php @@ -18,7 +18,6 @@ * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * - * ***************************************************************************/ // @@ -35,56 +34,72 @@ function validate_username($username) $sql = "SELECT username FROM " . USERS_TABLE . " WHERE LOWER(username) = '" . strtolower($username) . "'"; - if ( $result = $db->sql_query($sql) ) + if ($result = $db->sql_query($sql)) { - if ( $row = $db->sql_fetchrow($result) ) + if ($row = $db->sql_fetchrow($result)) { - if ( ( $userdata['session_logged_in'] && $row['username'] != $userdata['username'] ) || !$userdata['session_logged_in'] ) + if (($userdata['session_logged_in'] && $row['username'] != $userdata['username']) || !$userdata['session_logged_in']) { + $db->sql_freeresult($result); return array('error' => true, 'error_msg' => $lang['Username_taken']); } } } + $db->sql_freeresult($result); $sql = "SELECT group_name FROM " . GROUPS_TABLE . " WHERE LOWER(group_name) = '" . strtolower($username) . "'"; - if ( $result = $db->sql_query($sql) ) + if ($result = $db->sql_query($sql)) { - if ( $row = $db->sql_fetchrow($result) ) + if ($row = $db->sql_fetchrow($result)) { + $db->sql_freeresult($result); return array('error' => true, 'error_msg' => $lang['Username_taken']); } } + $db->sql_freeresult($result); $sql = "SELECT disallow_username FROM " . DISALLOW_TABLE; - if ( $result = $db->sql_query($sql) ) + if ($result = $db->sql_query($sql)) { - while( $row = $db->sql_fetchrow($result) ) + if ($row = $db->sql_fetchrow($result)) { - if ( preg_match("#\b(" . str_replace("\*", ".*?", phpbb_preg_quote($row['disallow_username'], '#')) . ")\b#i", $username) ) + do { - return array('error' => true, 'error_msg' => $lang['Username_disallowed']); + if (preg_match("#\b(" . str_replace("\*", ".*?", phpbb_preg_quote($row['disallow_username'], '#')) . ")\b#i", $username)) + { + $db->sql_freeresult($result); + return array('error' => true, 'error_msg' => $lang['Username_disallowed']); + } } + while($row = $db->sql_fetchrow($result)); } } + $db->sql_freeresult($result); $sql = "SELECT word FROM " . WORDS_TABLE; - if ( $result = $db->sql_query($sql) ) + if ($result = $db->sql_query($sql)) { - while( $row = $db->sql_fetchrow($result) ) + if ($row = $db->sql_fetchrow($result)) { - if ( preg_match("#\b(" . str_replace("\*", ".*?", phpbb_preg_quote($row['word'], '#')) . ")\b#i", $username) ) + do { - return array('error' => true, 'error_msg' => $lang['Username_disallowed']); + if (preg_match("#\b(" . str_replace("\*", ".*?", phpbb_preg_quote($row['word'], '#')) . ")\b#i", $username)) + { + $db->sql_freeresult($result); + return array('error' => true, 'error_msg' => $lang['Username_disallowed']); + } } + while ($row = $db->sql_fetchrow($result)); } } + $db->sql_freeresult($result); // Don't allow " in username. - if ( strstr($username, '"') ) + if (strstr($username, '"')) { return array('error' => true, 'error_msg' => $lang['Username_invalid']); } @@ -100,36 +115,43 @@ function validate_email($email) { global $db, $lang; - if ( $email != '' ) + if ($email != '') { - if ( preg_match('/^[a-z0-9\.\-_\+]+@[a-z0-9\-_]+\.([a-z0-9\-_]+\.)*?[a-z]+$/is', $email) ) + if (preg_match('/^[a-z0-9\.\-_\+]+@[a-z0-9\-_]+\.([a-z0-9\-_]+\.)*?[a-z]+$/is', $email)) { $sql = "SELECT ban_email FROM " . BANLIST_TABLE; - if ( $result = $db->sql_query($sql) ) + if ($result = $db->sql_query($sql)) { - while( $row = $db->sql_fetchrow($result) ) + if ($row = $db->sql_fetchrow($result)) { - $match_email = str_replace('*', '.*?', $row['ban_email']); - if ( preg_match('/^' . $match_email . '$/is', $email) ) + do { - return array('error' => true, 'error_msg' => $lang['Email_banned']); + $match_email = str_replace('*', '.*?', $row['ban_email']); + if (preg_match('/^' . $match_email . '$/is', $email)) + { + $db->sql_freeresult($result); + return array('error' => true, 'error_msg' => $lang['Email_banned']); + } } + while($row = $db->sql_fetchrow($result)) } } + $db->sql_freeresult($result); $sql = "SELECT user_email FROM " . USERS_TABLE . " WHERE user_email = '" . str_replace("\'", "''", $email) . "'"; - if ( !($result = $db->sql_query($sql)) ) + if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, "Couldn't obtain user email information.", "", __LINE__, __FILE__, $sql); } - - if ( $row = $db->sql_fetchrow($result) ) + + if ($row = $db->sql_fetchrow($result)) { return array('error' => true, 'error_msg' => $lang['Email_taken']); } + $db->sql_freeresult($result); return array('error' => false, 'error_msg' => ''); } @@ -148,28 +170,28 @@ function validate_optional_fields(&$icq, &$aim, &$msnm, &$yim, &$website, &$loca for($i = 0; $i < count($check_var_length); $i++) { - if ( strlen($$check_var_length[$i]) < 2 ) + if (strlen($$check_var_length[$i]) < 2) { $$check_var_length[$i] = ''; } } // ICQ number has to be only numbers. - if ( !preg_match('/^[0-9]+$/', $icq) ) + if (!preg_match('/^[0-9]+$/', $icq)) { $icq = ''; } // website has to start with http://, followed by something with length at least 3 that // contains at least one dot. - if ( $website != "" ) + if ($website != "") { - if ( !preg_match('#^http[s]?:\/\/#i', $website) ) + if (!preg_match('#^http[s]?:\/\/#i', $website)) { $website = 'http://' . $website; } - if ( !preg_match('#^http[s]?\\:\\/\\/[a-z0-9\-]+\.([a-z0-9\-]+\.)?[a-z]+#i', $website) ) + if (!preg_match('#^http[s]?\\:\\/\\/[a-z0-9\-]+\.([a-z0-9\-]+\.)?[a-z]+#i', $website)) { $website = ''; } @@ -178,4 +200,4 @@ function validate_optional_fields(&$icq, &$aim, &$msnm, &$yim, &$website, &$loca return; } -?> +?> \ No newline at end of file diff --git a/phpBB/install/schemas/mysql_schema.sql b/phpBB/install/schemas/mysql_schema.sql index b1f19d2e66..b8771c30e1 100644 --- a/phpBB/install/schemas/mysql_schema.sql +++ b/phpBB/install/schemas/mysql_schema.sql @@ -97,7 +97,7 @@ CREATE TABLE phpbb_config ( # CREATE TABLE phpbb_disallow ( disallow_id mediumint(8) UNSIGNED NOT NULL auto_increment, - disallow_username varchar(25), + disallow_username varchar(25) DEFAULT '' NOT NULL, PRIMARY KEY (disallow_id) ); @@ -285,11 +285,6 @@ CREATE TABLE phpbb_search_wordmatch ( # is likely to be noticeably faster than continually # writing to disk ... # -# I must admit I read about this type on vB's board. -# Hey, I never said you cannot get basic ideas from -# competing boards, just that I find it's best not to -# look at any code ... ! -# CREATE TABLE phpbb_sessions ( session_id char(32) DEFAULT '' NOT NULL, session_user_id mediumint(8) DEFAULT '0' NOT NULL,