makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 06:08:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

More fixes

Browse source 
git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@3219 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen 2002-12-21 00:15:13 +00:00
parent d7e4ddef5b
commit 2924aa13b3
3 changed files with 56 additions and 37 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
phpBB/docs/CHANGELOG.html
View file

@ -163,6 +163,8 @@ p,ul,td {font-size:10pt;}
<li>Fixed bbcode quote breaking when username contained ] before [</li>
<li>Fixed duplicate group_id error during upgrade of users from phpBB 1.x</li>
<li>Fixed stripslashes() problem with the conversion of the config table from phpBB 1.x</li>
<li>Rejiggled validation code, may eliminate "Username disallowed" issues</li>
<li></li>
<li></li>
</ul>

80
phpBB/includes/functions_validate.php
View file

@ -18,7 +18,6 @@
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
*
***************************************************************************/
//
@ -35,56 +34,72 @@ function validate_username($username)
$sql = "SELECT username
FROM " . USERS_TABLE . "
WHERE LOWER(username) = '" . strtolower($username) . "'";
if ( $result = $db->sql_query($sql) )
if ($result = $db->sql_query($sql))
{
if ( $row = $db->sql_fetchrow($result) )
if ($row = $db->sql_fetchrow($result))
{
if ( ( $userdata['session_logged_in'] && $row['username'] != $userdata['username'] ) || !$userdata['session_logged_in'] )
if (($userdata['session_logged_in'] && $row['username'] != $userdata['username']) || !$userdata['session_logged_in'])
{
$db->sql_freeresult($result);
return array('error' => true, 'error_msg' => $lang['Username_taken']);
}
}
}
$db->sql_freeresult($result);
$sql = "SELECT group_name
FROM " . GROUPS_TABLE . "
WHERE LOWER(group_name) = '" . strtolower($username) . "'";
if ( $result = $db->sql_query($sql) )
if ($result = $db->sql_query($sql))
{
if ( $row = $db->sql_fetchrow($result) )
if ($row = $db->sql_fetchrow($result))
{
$db->sql_freeresult($result);
return array('error' => true, 'error_msg' => $lang['Username_taken']);
}
}
$db->sql_freeresult($result);
$sql = "SELECT disallow_username
FROM " . DISALLOW_TABLE;
if ( $result = $db->sql_query($sql) )
if ($result = $db->sql_query($sql))
{
while( $row = $db->sql_fetchrow($result) )
if ($row = $db->sql_fetchrow($result))
{
if ( preg_match("#\b(" . str_replace("\*", ".*?", phpbb_preg_quote($row['disallow_username'], '#')) . ")\b#i", $username) )
do
{
return array('error' => true, 'error_msg' => $lang['Username_disallowed']);
if (preg_match("#\b(" . str_replace("\*", ".*?", phpbb_preg_quote($row['disallow_username'], '#')) . ")\b#i", $username))
{
$db->sql_freeresult($result);
return array('error' => true, 'error_msg' => $lang['Username_disallowed']);
}
}
while($row = $db->sql_fetchrow($result));
}
}
$db->sql_freeresult($result);
$sql = "SELECT word
FROM " . WORDS_TABLE;
if ( $result = $db->sql_query($sql) )
if ($result = $db->sql_query($sql))
{
while( $row = $db->sql_fetchrow($result) )
if ($row = $db->sql_fetchrow($result))
{
if ( preg_match("#\b(" . str_replace("\*", ".*?", phpbb_preg_quote($row['word'], '#')) . ")\b#i", $username) )
do
{
return array('error' => true, 'error_msg' => $lang['Username_disallowed']);
if (preg_match("#\b(" . str_replace("\*", ".*?", phpbb_preg_quote($row['word'], '#')) . ")\b#i", $username))
{
$db->sql_freeresult($result);
return array('error' => true, 'error_msg' => $lang['Username_disallowed']);
}
}
while ($row = $db->sql_fetchrow($result));
}
}
$db->sql_freeresult($result);
// Don't allow " in username.
if ( strstr($username, '"') )
if (strstr($username, '"'))
{
return array('error' => true, 'error_msg' => $lang['Username_invalid']);
}
@ -100,36 +115,43 @@ function validate_email($email)
{
global $db, $lang;
if ( $email != '' )
if ($email != '')
{
if ( preg_match('/^[a-z0-9\.\-_\+]+@[a-z0-9\-_]+\.([a-z0-9\-_]+\.)*?[a-z]+$/is', $email) )
if (preg_match('/^[a-z0-9\.\-_\+]+@[a-z0-9\-_]+\.([a-z0-9\-_]+\.)*?[a-z]+$/is', $email))
{
$sql = "SELECT ban_email
FROM " . BANLIST_TABLE;
if ( $result = $db->sql_query($sql) )
if ($result = $db->sql_query($sql))
{
while( $row = $db->sql_fetchrow($result) )
if ($row = $db->sql_fetchrow($result))
{
$match_email = str_replace('*', '.*?', $row['ban_email']);
if ( preg_match('/^' . $match_email . '$/is', $email) )
do
{
return array('error' => true, 'error_msg' => $lang['Email_banned']);
$match_email = str_replace('*', '.*?', $row['ban_email']);
if (preg_match('/^' . $match_email . '$/is', $email))
{
$db->sql_freeresult($result);
return array('error' => true, 'error_msg' => $lang['Email_banned']);
}
}
while($row = $db->sql_fetchrow($result))
}
}
$db->sql_freeresult($result);
$sql = "SELECT user_email
FROM " . USERS_TABLE . "
WHERE user_email = '" . str_replace("\'", "''", $email) . "'";
if ( !($result = $db->sql_query($sql)) )
if (!($result = $db->sql_query($sql)))
{
message_die(GENERAL_ERROR, "Couldn't obtain user email information.", "", __LINE__, __FILE__, $sql);
}
if ( $row = $db->sql_fetchrow($result) )
if ($row = $db->sql_fetchrow($result))
{
return array('error' => true, 'error_msg' => $lang['Email_taken']);
}
$db->sql_freeresult($result);
return array('error' => false, 'error_msg' => '');
}
@ -148,28 +170,28 @@ function validate_optional_fields(&$icq, &$aim, &$msnm, &$yim, &$website, &$loca
for($i = 0; $i < count($check_var_length); $i++)
{
if ( strlen($$check_var_length[$i]) < 2 )
if (strlen($$check_var_length[$i]) < 2)
{
$$check_var_length[$i] = '';
}
}
// ICQ number has to be only numbers.
if ( !preg_match('/^[0-9]+$/', $icq) )
if (!preg_match('/^[0-9]+$/', $icq))
{
$icq = '';
}
// website has to start with http://, followed by something with length at least 3 that
// contains at least one dot.
if ( $website != "" )
if ($website != "")
{
if ( !preg_match('#^http[s]?:\/\/#i', $website) )
if (!preg_match('#^http[s]?:\/\/#i', $website))
{
$website = 'http://' . $website;
}
if ( !preg_match('#^http[s]?\\:\\/\\/[a-z0-9\-]+\.([a-z0-9\-]+\.)?[a-z]+#i', $website) )
if (!preg_match('#^http[s]?\\:\\/\\/[a-z0-9\-]+\.([a-z0-9\-]+\.)?[a-z]+#i', $website))
{
$website = '';
}

7
phpBB/install/schemas/mysql_schema.sql
View file

@ -97,7 +97,7 @@ CREATE TABLE phpbb_config (
#
CREATE TABLE phpbb_disallow (
disallow_id mediumint(8) UNSIGNED NOT NULL auto_increment,
disallow_username varchar(25),
disallow_username varchar(25) DEFAULT '' NOT NULL,
PRIMARY KEY (disallow_id)
);
@ -285,11 +285,6 @@ CREATE TABLE phpbb_search_wordmatch (
# is likely to be noticeably faster than continually
# writing to disk ...
#
# I must admit I read about this type on vB's board.
# Hey, I never said you cannot get basic ideas from
# competing boards, just that I find it's best not to
# look at any code ... !
#
CREATE TABLE phpbb_sessions (
session_id char(32) DEFAULT '' NOT NULL,
session_user_id mediumint(8) DEFAULT '0' NOT NULL,