diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index 52b153ce5b..09466e0a4f 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -191,7 +191,7 @@ function make_jumpbox($match_forum_id = 0)
if( isset($SID) )
{
-// $boxstring .= '';
+ $boxstring .= '';
}
return($boxstring);
@@ -304,7 +304,6 @@ function init_userprefs($userdata)
$new_value = str_replace("_lang", "_" . $board_config['default_lang'], $value);
$images[$key] = ( file_exists($new_value) ) ? $new_value : str_replace("_lang", "_english", $value);
-// list($images_width[$key], $images_height[$key]) = getimagesize($images[$key]);
}
}
@@ -498,73 +497,42 @@ function generate_pagination($base_url, $num_items, $per_page, $start_item, $add
//
function validate_username($username)
{
- global $db;
+ global $db, $lang;
- switch(SQL_LAYER)
+ $sql = "SELECT u.username, g.group_name
+ FROM " . USERS_TABLE . " u, " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug
+ WHERE ug.user_id = u.user_id
+ AND g.group_id = ug.group_id
+ AND ( LOWER(u.username) = '" . strtolower(str_replace("\'", "''", $username)) . "'
+ OR LOWER(g.group_name) = '" . strtolower(str_replace("\'", "''", $username)) . "' )";
+ if ( $result = $db->sql_query($sql) )
{
- case 'mysql':
- case 'mysql4':
- $sql_users = "SELECT u.username, g.group_name
- FROM " . USERS_TABLE . " u, " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug
- WHERE ug.user_id = u.user_id
- AND g.group_id = ug.group_id
- AND ( LOWER(u.username) = '" . strtolower(str_replace("\'", "''", $username)) . "'
- OR LOWER(g.group_name) = '" . strtolower(str_replace("\'", "''", $username)) . "' )";
- $sql_disallow = "SELECT disallow_username
- FROM " . DISALLOW_TABLE . "
- WHERE '" . str_replace("\'", "''", $username) . "' LIKE disallow_username";
- if($result = $db->sql_query($sql_users))
- {
- if($db->sql_numrows($result) > 0)
- {
- return(FALSE);
- }
- }
- if($result = $db->sql_query($sql_disallow))
- {
- if($db->sql_numrows($result) > 0)
- {
- return(FALSE);
- }
- }
- break;
+ if ( $db->sql_fetchrow($result) )
+ {
+ return array('error' => $lang['Username_taken']);
+ }
+ }
- default:
- $sql = "SELECT u.username, g.group_name
- FROM " . USERS_TABLE . " u, " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug
- WHERE ug.user_id = u.user_id
- AND g.group_id = ug.group_id
- AND ( LOWER(u.username) = '" . strtolower(str_replace("\'", "''", $username)) . "'
- OR LOWER(g.group_name) = '" . strtolower(str_replace("\'", "''", $username)) . "' )
- UNION
- SELECT disallow_username, NULL
- FROM " . DISALLOW_TABLE . "
- WHERE '" . str_replace("\'", "''", $username) . "' LIKE disallow_username";
- if($result = $db->sql_query($sql))
- {
- if($db->sql_numrows($result) > 0)
- {
- return(FALSE);
- }
- }
- break;
+ $sql = "SELECT disallow_username
+ FROM " . DISALLOW_TABLE . "
+ WHERE '" . str_replace("\'", "''", $username) . "' LIKE disallow_username";
+ if ( $result = $db->sql_query($sql) )
+ {
+ if ( $db->sql_fetchrow($result) )
+ {
+ return array('error' => $lang['Username_disallowed']);
+ }
}
$sql = "SELECT word
FROM " . WORDS_TABLE;
- if( !$words_result = $db->sql_query($sql) )
+ if ( $result = $db->sql_query($sql) )
{
- message_die(GENERAL_ERROR, "Couldn't get censored words from database.", "", __LINE__, __FILE__, $sql);
- }
- else
- {
- $word_list = $db->sql_fetchrowset($words_result);
-
- for($i = 0; $i < count($word_list); $i++)
+ while( $row = $db->sql_fetchrow($result) )
{
- if( preg_match("/\b(" . str_replace("\*", "\w*?", preg_quote($word_list[$i]['word'])) . ")\b/i", $username) )
+ if( preg_match("/\b(" . str_replace("\*", "\w*?", preg_quote($row['word'])) . ")\b/i", $username) )
{
- return(FALSE);
+ return array('error' => $lang['Username_disallowed']);
}
}
}
@@ -572,10 +540,10 @@ function validate_username($username)
// Don't allow " in username.
if ( strstr($username, '"') )
{
- return FALSE;
+ return array('error' => $lang['Username_invalid']);
}
- return(TRUE);
+ return array('error' => '');
}
diff --git a/phpBB/language/lang_english/lang_main.php b/phpBB/language/lang_english/lang_main.php
index 11c0955b5b..659e69d2a1 100644
--- a/phpBB/language/lang_english/lang_main.php
+++ b/phpBB/language/lang_english/lang_main.php
@@ -524,7 +524,7 @@ $lang['Search_user_posts'] = "Find all posts by %s"; // Find all posts by userna
$lang['No_user_id_specified'] = "Sorry but that user does not exist";
$lang['Wrong_Profile'] = "You cannot modify a profile that is not your own.";
-$lang['Sorry_banned_or_taken_email'] = "Sorry but the email address you gave has either been banned, is already registered to another user or is invalid. Please try an alternative address, if that is also banned you should contact the board administrator for advice";
+
$lang['Only_one_avatar'] = "Only one type of avatar can be specified";
$lang['File_no_data'] = "The file at the URL you gave contains no data";
$lang['No_connection_URL'] = "A connection could not be made to the URL you gave";
@@ -552,6 +552,7 @@ $lang['Public_view_email'] = "Always show my Email Address";
$lang['Current_password'] = "Current password";
$lang['New_password'] = "New password";
$lang['Confirm_password'] = "Confirm password";
+$lang['Confirm_password_explain'] = "You must confirm your current password if you wish to change it or alter your email address";
$lang['password_if_changed'] = "You only need to supply a password if you want to change it";
$lang['password_confirm_if_changed'] = "You only need to confirm your password if you changed it above";
@@ -583,7 +584,13 @@ $lang['Profile_updated_inactive'] = "Your profile has been updated, however you
$lang['Password_mismatch'] = "The passwords you entered did not match";
$lang['Current_password_mismatch'] = "The current password you supplied does not match that stored in the database";
-$lang['Invalid_username'] = "The username you requested has been taken or disallowed, or contains invalid characters like the \" character";
+$lang['Password_long'] = "Your password must be no more than 32 characters";
+$lang['Username_taken'] = "Sorry but this username has already been taken";
+$lang['Username_invalid'] = "Sorry but this username contains an invalid character such as \"";
+$lang['Username_disallowed'] = "Sorry but this username has been disallowed";
+$lang['Email_taken'] = "Sorry but that email address is already registered to a user";
+$lang['Email_banned'] = "Sorry but this email address has been banned";
+$lang['Email_invalid'] = "Sorry but this email address is invalid";
$lang['Signature_too_long'] = "Your signature is too long";
$lang['Fields_empty'] = "You must fill in the required fields";
$lang['Avatar_filetype'] = "The avatar filetype must be .jpg, .gif or .png";
diff --git a/phpBB/profile.php b/phpBB/profile.php
index 7767bfedf6..42be984914 100644
--- a/phpBB/profile.php
+++ b/phpBB/profile.php
@@ -45,7 +45,7 @@ init_userprefs($userdata);
//
function validate_email($email)
{
- global $db;
+ global $db, $lang;
if($email != "")
{
@@ -53,43 +53,36 @@ function validate_email($email)
{
$sql = "SELECT ban_email
FROM " . BANLIST_TABLE;
- if(!$result = $db->sql_query($sql))
+ if ( $result = $db->sql_query($sql) )
{
- message_die(GENERAL_ERROR, "Couldn't obtain email ban information.", "", __LINE__, __FILE__, $sql);
- }
- $ban_email_list = $db->sql_fetchrowset($result);
- for($i = 0; $i < count($ban_email_list); $i++)
- {
- $match_email = str_replace("*@", ".*@", $ban_email_list[$i]['ban_email']);
- if( preg_match("/^" . $match_email . "$/is", $email) )
+ while( $row = $db->sql_fetchrow($result) )
{
- return(0);
+ $match_email = str_replace("*@", ".*@", $row['ban_email']);
+ if ( preg_match("/^" . $match_email . "$/is", $email) )
+ {
+ return array('error' => $lang['Email_banned']);
+ }
}
}
+
$sql = "SELECT user_email
FROM " . USERS_TABLE . "
WHERE user_email = '" . str_replace("\'", "''", $email) . "'";
- if(!$result = $db->sql_query($sql))
+ if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, "Couldn't obtain user email information.", "", __LINE__, __FILE__, $sql);
}
- $email_taken = $db->sql_fetchrow($result);
- if($email_taken['user_email'] != "")
+
+ if ( $email_taken = $db->sql_fetchrow($result) )
{
- return false;
+ return array('error' => $lang['Email_taken']);
}
- return true;
- }
- else
- {
- return false;
+ return array('error' => '');
}
}
- else
- {
- return false;
- }
+
+ return array('error' => $lang['Email_invalid']);
}
//
@@ -583,6 +576,11 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
$error = TRUE;
$error_msg = $lang['Password_mismatch'];
}
+ else if( strlen($password) > 32 )
+ {
+ $error = TRUE;
+ $error_msg = $lang['Password_long'];
+ }
else
{
if( $mode == "editprofile" )
@@ -624,14 +622,40 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
//
if( $email != $userdata['user_email'] || $mode == "register" )
{
- if( !validate_email($email) )
+ $result = validate_email($email);
+ if( $result['error'] != '' )
{
+ $email = $userdata['user_email'];
+
$error = TRUE;
if(isset($error_msg))
{
$error_msg .= "
";
}
- $error_msg .= $lang['Sorry_banned_or_taken_email'];
+ $error_msg .= $result['error'];
+ }
+
+ if ( $mode == "editprofile" )
+ {
+ $sql = "SELECT user_password
+ FROM " . USERS_TABLE . "
+ WHERE user_id = $user_id";
+ if( $result = $db->sql_query($sql) )
+ {
+ $row = $db->sql_fetchrow($result);
+
+ if( $row['user_password'] != md5($password_current) )
+ {
+ $email = $userdata['user_email'];
+
+ $error = TRUE;
+ $error_msg = $lang['Current_password_mismatch'];
+ }
+ }
+ else
+ {
+ message_die(GENERAL_ERROR, "Couldn't obtain user_password information.", "", __LINE__, __FILE__, $sql);
+ }
}
}
@@ -640,14 +664,15 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
{
if( $username != $userdata['username'] || $mode == "register" )
{
- if( !validate_username($username) )
+ $result = validate_username($username);
+ if( $result['error'] != '' )
{
$error = TRUE;
- if( isset($error_msg) )
+ if(isset($error_msg))
{
$error_msg .= "
";
}
- $error_msg .= $lang['Invalid_username'];
+ $error_msg .= $result['error'];
}
else
{
@@ -1578,6 +1603,7 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
"L_CURRENT_PASSWORD" => $lang['Current_password'],
"L_NEW_PASSWORD" => ( $mode == "register" ) ? $lang['Password'] : $lang['New_password'],
"L_CONFIRM_PASSWORD" => $lang['Confirm_password'],
+ "L_CONFIRM_PASSWORD_EXPLAIN" => ($mode == "editprofile") ? $lang['Confirm_password_explain'] : "",
"L_PASSWORD_IF_CHANGED" => ($mode == "editprofile") ? $lang['password_if_changed'] : "",
"L_PASSWORD_CONFIRM_IF_CHANGED" => ($mode == "editprofile") ? $lang['password_confirm_if_changed'] : "",
"L_SUBMIT" => $lang['Submit'],
diff --git a/phpBB/templates/subSilver/profile_add_body.tpl b/phpBB/templates/subSilver/profile_add_body.tpl
index b82f69c4d0..165652cd51 100644
--- a/phpBB/templates/subSilver/profile_add_body.tpl
+++ b/phpBB/templates/subSilver/profile_add_body.tpl
@@ -30,7 +30,7 @@
{L_CURRENT_PASSWORD}: *
- {L_PASSWORD_IF_CHANGED} |
+ {L_CONFIRM_PASSWORD_EXPLAIN}
|