makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 06:08:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

More fixes

Browse source 
git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@3219 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen 2002-12-21 00:15:13 +00:00
parent d7e4ddef5b
commit 2924aa13b3
3 changed files with 56 additions and 37 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
phpBB/docs/CHANGELOG.html
View file

@ -163,6 +163,8 @@ p,ul,td {font-size:10pt;}
<li>Fixed bbcode quote breaking when username contained ] before [</li> <li>Fixed bbcode quote breaking when username contained ] before [</li>
<li>Fixed duplicate group_id error during upgrade of users from phpBB 1.x</li> <li>Fixed duplicate group_id error during upgrade of users from phpBB 1.x</li>
<li>Fixed stripslashes() problem with the conversion of the config table from phpBB 1.x</li> <li>Fixed stripslashes() problem with the conversion of the config table from phpBB 1.x</li>
<li>Rejiggled validation code, may eliminate "Username disallowed" issues</li>
<li></li>
<li></li> <li></li>
</ul> </ul>

84
phpBB/includes/functions_validate.php
View file

@ -18,7 +18,6 @@
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
* *
*
***************************************************************************/ ***************************************************************************/
// //
@ -35,56 +34,72 @@ function validate_username($username)
$sql = "SELECT username $sql = "SELECT username
FROM " . USERS_TABLE . " FROM " . USERS_TABLE . "
WHERE LOWER(username) = '" . strtolower($username) . "'"; WHERE LOWER(username) = '" . strtolower($username) . "'";
if ( $result = $db->sql_query($sql) ) if ($result = $db->sql_query($sql))
{ {
if ( $row = $db->sql_fetchrow($result) ) if ($row = $db->sql_fetchrow($result))
{ {
if ( ( $userdata['session_logged_in'] && $row['username'] != $userdata['username'] ) || !$userdata['session_logged_in'] ) if (($userdata['session_logged_in'] && $row['username'] != $userdata['username']) || !$userdata['session_logged_in'])
{ {
$db->sql_freeresult($result);
return array('error' => true, 'error_msg' => $lang['Username_taken']); return array('error' => true, 'error_msg' => $lang['Username_taken']);
} }
} }
} }
$db->sql_freeresult($result);
$sql = "SELECT group_name $sql = "SELECT group_name
FROM " . GROUPS_TABLE . " FROM " . GROUPS_TABLE . "
WHERE LOWER(group_name) = '" . strtolower($username) . "'"; WHERE LOWER(group_name) = '" . strtolower($username) . "'";
if ( $result = $db->sql_query($sql) ) if ($result = $db->sql_query($sql))
{ {
if ( $row = $db->sql_fetchrow($result) ) if ($row = $db->sql_fetchrow($result))
{ {
$db->sql_freeresult($result);
return array('error' => true, 'error_msg' => $lang['Username_taken']); return array('error' => true, 'error_msg' => $lang['Username_taken']);
} }
} }
$db->sql_freeresult($result);
$sql = "SELECT disallow_username $sql = "SELECT disallow_username
FROM " . DISALLOW_TABLE; FROM " . DISALLOW_TABLE;
if ( $result = $db->sql_query($sql) ) if ($result = $db->sql_query($sql))
{ {
while( $row = $db->sql_fetchrow($result) ) if ($row = $db->sql_fetchrow($result))
{ {
if ( preg_match("#\b(" . str_replace("\*", ".*?", phpbb_preg_quote($row['disallow_username'], '#')) . ")\b#i", $username) ) do
{ {
return array('error' => true, 'error_msg' => $lang['Username_disallowed']); if (preg_match("#\b(" . str_replace("\*", ".*?", phpbb_preg_quote($row['disallow_username'], '#')) . ")\b#i", $username))
{
$db->sql_freeresult($result);
return array('error' => true, 'error_msg' => $lang['Username_disallowed']);
}
} }
while($row = $db->sql_fetchrow($result));
} }
} }
$db->sql_freeresult($result);
$sql = "SELECT word $sql = "SELECT word
FROM " . WORDS_TABLE; FROM " . WORDS_TABLE;
if ( $result = $db->sql_query($sql) ) if ($result = $db->sql_query($sql))
{ {
while( $row = $db->sql_fetchrow($result) ) if ($row = $db->sql_fetchrow($result))
{ {
if ( preg_match("#\b(" . str_replace("\*", ".*?", phpbb_preg_quote($row['word'], '#')) . ")\b#i", $username) ) do
{ {
return array('error' => true, 'error_msg' => $lang['Username_disallowed']); if (preg_match("#\b(" . str_replace("\*", ".*?", phpbb_preg_quote($row['word'], '#')) . ")\b#i", $username))
{
$db->sql_freeresult($result);
return array('error' => true, 'error_msg' => $lang['Username_disallowed']);
}
} }
while ($row = $db->sql_fetchrow($result));
} }
} }
$db->sql_freeresult($result);
// Don't allow " in username. // Don't allow " in username.
if ( strstr($username, '"') ) if (strstr($username, '"'))
{ {
return array('error' => true, 'error_msg' => $lang['Username_invalid']); return array('error' => true, 'error_msg' => $lang['Username_invalid']);
} }
@ -100,36 +115,43 @@ function validate_email($email)
{ {
global $db, $lang; global $db, $lang;
if ( $email != '' ) if ($email != '')
{ {
if ( preg_match('/^[a-z0-9\.\-_\+]+@[a-z0-9\-_]+\.([a-z0-9\-_]+\.)*?[a-z]+$/is', $email) ) if (preg_match('/^[a-z0-9\.\-_\+]+@[a-z0-9\-_]+\.([a-z0-9\-_]+\.)*?[a-z]+$/is', $email))
{ {
$sql = "SELECT ban_email $sql = "SELECT ban_email
FROM " . BANLIST_TABLE; FROM " . BANLIST_TABLE;
if ( $result = $db->sql_query($sql) ) if ($result = $db->sql_query($sql))
{ {
while( $row = $db->sql_fetchrow($result) ) if ($row = $db->sql_fetchrow($result))
{ {
$match_email = str_replace('*', '.*?', $row['ban_email']); do
if ( preg_match('/^' . $match_email . '$/is', $email) )
{ {
return array('error' => true, 'error_msg' => $lang['Email_banned']); $match_email = str_replace('*', '.*?', $row['ban_email']);
if (preg_match('/^' . $match_email . '$/is', $email))
{
$db->sql_freeresult($result);
return array('error' => true, 'error_msg' => $lang['Email_banned']);
}
} }
while($row = $db->sql_fetchrow($result))
} }
} }
$db->sql_freeresult($result);
$sql = "SELECT user_email $sql = "SELECT user_email
FROM " . USERS_TABLE . " FROM " . USERS_TABLE . "
WHERE user_email = '" . str_replace("\'", "''", $email) . "'"; WHERE user_email = '" . str_replace("\'", "''", $email) . "'";
if ( !($result = $db->sql_query($sql)) ) if (!($result = $db->sql_query($sql)))
{ {
message_die(GENERAL_ERROR, "Couldn't obtain user email information.", "", __LINE__, __FILE__, $sql); message_die(GENERAL_ERROR, "Couldn't obtain user email information.", "", __LINE__, __FILE__, $sql);
} }
if ( $row = $db->sql_fetchrow($result) ) if ($row = $db->sql_fetchrow($result))
{ {
return array('error' => true, 'error_msg' => $lang['Email_taken']); return array('error' => true, 'error_msg' => $lang['Email_taken']);
} }
$db->sql_freeresult($result);
return array('error' => false, 'error_msg' => ''); return array('error' => false, 'error_msg' => '');
} }
@ -148,28 +170,28 @@ function validate_optional_fields(&$icq, &$aim, &$msnm, &$yim, &$website, &$loca
for($i = 0; $i < count($check_var_length); $i++) for($i = 0; $i < count($check_var_length); $i++)
{ {
if ( strlen($$check_var_length[$i]) < 2 ) if (strlen($$check_var_length[$i]) < 2)
{ {
$$check_var_length[$i] = ''; $$check_var_length[$i] = '';
} }
} }
// ICQ number has to be only numbers. // ICQ number has to be only numbers.
if ( !preg_match('/^[0-9]+$/', $icq) ) if (!preg_match('/^[0-9]+$/', $icq))
{ {
$icq = ''; $icq = '';
} }
// website has to start with http://, followed by something with length at least 3 that // website has to start with http://, followed by something with length at least 3 that
// contains at least one dot. // contains at least one dot.
if ( $website != "" ) if ($website != "")
{ {
if ( !preg_match('#^http[s]?:\/\/#i', $website) ) if (!preg_match('#^http[s]?:\/\/#i', $website))
{ {
$website = 'http://' . $website; $website = 'http://' . $website;
} }
if ( !preg_match('#^http[s]?\\:\\/\\/[a-z0-9\-]+\.([a-z0-9\-]+\.)?[a-z]+#i', $website) ) if (!preg_match('#^http[s]?\\:\\/\\/[a-z0-9\-]+\.([a-z0-9\-]+\.)?[a-z]+#i', $website))
{ {
$website = ''; $website = '';
} }
@ -178,4 +200,4 @@ function validate_optional_fields(&$icq, &$aim, &$msnm, &$yim, &$website, &$loca
return; return;
} }
?> ?>

7
phpBB/install/schemas/mysql_schema.sql
View file

@ -97,7 +97,7 @@ CREATE TABLE phpbb_config (
# #
CREATE TABLE phpbb_disallow ( CREATE TABLE phpbb_disallow (
disallow_id mediumint(8) UNSIGNED NOT NULL auto_increment, disallow_id mediumint(8) UNSIGNED NOT NULL auto_increment,
disallow_username varchar(25), disallow_username varchar(25) DEFAULT '' NOT NULL,
PRIMARY KEY (disallow_id) PRIMARY KEY (disallow_id)
); );
@ -285,11 +285,6 @@ CREATE TABLE phpbb_search_wordmatch (
# is likely to be noticeably faster than continually # is likely to be noticeably faster than continually
# writing to disk ... # writing to disk ...
# #
# I must admit I read about this type on vB's board.
# Hey, I never said you cannot get basic ideas from
# competing boards, just that I find it's best not to
# look at any code ... !
#
CREATE TABLE phpbb_sessions ( CREATE TABLE phpbb_sessions (
session_id char(32) DEFAULT '' NOT NULL, session_id char(32) DEFAULT '' NOT NULL,
session_user_id mediumint(8) DEFAULT '0' NOT NULL, session_user_id mediumint(8) DEFAULT '0' NOT NULL,