Fix various bugs; password length warning, proper warnings for username/email errors

git-svn-id: file:///svn/phpbb/trunk@1965 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-06-28 14:18:52 +00:00 · 2002-01-27 03:10:40 +00:00 · 2002-01-27 03:10:40 +00:00 · 57fdecdc0e
commit 57fdecdc0e
parent 617008810f
4 changed files with 93 additions and 92 deletions
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@ -191,7 +191,7 @@ function make_jumpbox($match_forum_id = 0)

 	if( isset($SID) )
 	{
-//		$boxstring .= '<input type="hidden" name="sid" value="' . $SID . '" />';
+		$boxstring .= '<input type="hidden" name="sid" value="' . $SID . '" />';
 	}

 	return($boxstring);
@ -304,7 +304,6 @@ function init_userprefs($userdata)
 			$new_value = str_replace("_lang", "_" . $board_config['default_lang'], $value);
 	
 			$images[$key] = ( file_exists($new_value) ) ? $new_value : str_replace("_lang", "_english", $value);
-//			list($images_width[$key], $images_height[$key]) = getimagesize($images[$key]);
 		}
 	}

@ -498,73 +497,42 @@ function generate_pagination($base_url, $num_items, $per_page, $start_item, $add
 //
 function validate_username($username)
 {
-	global $db;
+	global $db, $lang;

-	switch(SQL_LAYER)
-	{
-		case 'mysql':
-		case 'mysql4':
-			$sql_users = "SELECT u.username, g.group_name
-				FROM " . USERS_TABLE . " u, " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug
-				WHERE ug.user_id = u.user_id
-					AND g.group_id = ug.group_id
-					AND	( LOWER(u.username) = '" . strtolower(str_replace("\'", "''", $username)) . "'
-						OR LOWER(g.group_name) = '" . strtolower(str_replace("\'", "''", $username)) . "' )";
-			$sql_disallow = "SELECT disallow_username
-				FROM " . DISALLOW_TABLE . "
-				WHERE '" . str_replace("\'", "''", $username) . "' LIKE disallow_username";
-			if($result = $db->sql_query($sql_users))
-			{
-				if($db->sql_numrows($result) > 0)
-				{
-					return(FALSE);
-				}
-			}
-			if($result = $db->sql_query($sql_disallow))
-			{
-				if($db->sql_numrows($result) > 0)
-				{
-					return(FALSE);
-				}
-			}
-			break;
-
-		default:
 	$sql = "SELECT u.username, g.group_name
 		FROM " . USERS_TABLE . " u, " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug
 		WHERE ug.user_id = u.user_id
 			AND g.group_id = ug.group_id
 			AND	( LOWER(u.username) = '" . strtolower(str_replace("\'", "''", $username)) . "'
-						OR LOWER(g.group_name) = '" . strtolower(str_replace("\'", "''", $username)) . "' )
-				UNION
-				SELECT disallow_username, NULL
+				OR LOWER(g.group_name) = '" . strtolower(str_replace("\'", "''", $username)) . "' )";
+	if ( $result = $db->sql_query($sql) )
+	{
+		if ( $db->sql_fetchrow($result) )
+		{
+			return array('error' => $lang['Username_taken']);
+		}
+	}
+
+	$sql = "SELECT disallow_username
 		FROM " . DISALLOW_TABLE . "
 		WHERE '" . str_replace("\'", "''", $username) . "' LIKE disallow_username";
-			if($result = $db->sql_query($sql))
+	if ( $result = $db->sql_query($sql) )
 	{
-				if($db->sql_numrows($result) > 0)
+		if ( $db->sql_fetchrow($result) )
 		{
-					return(FALSE);
+			return array('error' => $lang['Username_disallowed']);
 		}
 	}
-			break;
-	}

 	$sql = "SELECT word 
 		FROM  " . WORDS_TABLE;
-	if( !$words_result = $db->sql_query($sql) )
+	if ( $result = $db->sql_query($sql) )
 	{
-		message_die(GENERAL_ERROR, "Couldn't get censored words from database.", "", __LINE__, __FILE__, $sql);
-	}
-	else
+		while( $row = $db->sql_fetchrow($result) )
 		{
-		$word_list = $db->sql_fetchrowset($words_result);
-
-		for($i = 0; $i < count($word_list); $i++)
+			if( preg_match("/\b(" . str_replace("\*", "\w*?", preg_quote($row['word'])) . ")\b/i", $username) )
 			{
-			if( preg_match("/\b(" . str_replace("\*", "\w*?", preg_quote($word_list[$i]['word'])) . ")\b/i", $username) )
-			{
-				return(FALSE);
+				return array('error' => $lang['Username_disallowed']);
 			}
 		}
 	}
@ -572,10 +540,10 @@ function validate_username($username)
 	// Don't allow " in username.
 	if ( strstr($username, '"') )
 	{
-		return FALSE;
+		return array('error' => $lang['Username_invalid']);
 	}

-	return(TRUE);
+	return array('error' => '');
 }


--- a/phpBB/language/lang_english/lang_main.php
+++ b/phpBB/language/lang_english/lang_main.php
@ -524,7 +524,7 @@ $lang['Search_user_posts'] = "Find all posts by %s"; // Find all posts by userna

 $lang['No_user_id_specified'] = "Sorry but that user does not exist";
 $lang['Wrong_Profile'] = "You cannot modify a profile that is not your own.";
-$lang['Sorry_banned_or_taken_email'] = "Sorry but the email address you gave has either been banned, is already registered to another user or is invalid. Please try an alternative address, if that is also banned you should contact the board administrator for advice";
+
 $lang['Only_one_avatar'] = "Only one type of avatar can be specified";
 $lang['File_no_data'] = "The file at the URL you gave contains no data";
 $lang['No_connection_URL'] = "A connection could not be made to the URL you gave";
@ -552,6 +552,7 @@ $lang['Public_view_email'] = "Always show my Email Address";
 $lang['Current_password'] = "Current password";
 $lang['New_password'] = "New password";
 $lang['Confirm_password'] = "Confirm password";
+$lang['Confirm_password_explain'] = "You must confirm your current password if you wish to change it or alter your email address";
 $lang['password_if_changed'] = "You only need to supply a password if you want to change it";
 $lang['password_confirm_if_changed'] = "You only need to confirm your password if you changed it above";

@ -583,7 +584,13 @@ $lang['Profile_updated_inactive'] = "Your profile has been updated, however you

 $lang['Password_mismatch'] = "The passwords you entered did not match";
 $lang['Current_password_mismatch'] = "The current password you supplied does not match that stored in the database";
-$lang['Invalid_username'] = "The username you requested has been taken or disallowed, or contains invalid characters like the \" character";
+$lang['Password_long'] = "Your password must be no more than 32 characters";
+$lang['Username_taken'] = "Sorry but this username has already been taken";
+$lang['Username_invalid'] = "Sorry but this username contains an invalid character such as \"";
+$lang['Username_disallowed'] = "Sorry but this username has been disallowed";
+$lang['Email_taken'] = "Sorry but that email address is already registered to a user";
+$lang['Email_banned'] = "Sorry but this email address has been banned";
+$lang['Email_invalid'] = "Sorry but this email address is invalid";
 $lang['Signature_too_long'] = "Your signature is too long";
 $lang['Fields_empty'] = "You must fill in the required fields";
 $lang['Avatar_filetype'] = "The avatar filetype must be .jpg, .gif or .png";
--- a/phpBB/profile.php
+++ b/phpBB/profile.php
@ -45,7 +45,7 @@ init_userprefs($userdata);
 //
 function validate_email($email)
 {
-	global $db;
+	global $db, $lang;

 	if($email != "")
 	{
@ -53,43 +53,36 @@ function validate_email($email)
 		{
 			$sql = "SELECT ban_email
 				FROM " . BANLIST_TABLE;
-			if(!$result = $db->sql_query($sql))
+			if ( $result = $db->sql_query($sql) )
 			{
-				message_die(GENERAL_ERROR, "Couldn't obtain email ban information.", "", __LINE__, __FILE__, $sql);
-			}
-			$ban_email_list = $db->sql_fetchrowset($result);
-			for($i = 0; $i < count($ban_email_list); $i++)
+				while( $row = $db->sql_fetchrow($result) )
 				{
-				$match_email = str_replace("*@", ".*@", $ban_email_list[$i]['ban_email']);
-				if( preg_match("/^" . $match_email . "$/is", $email) )
+					$match_email = str_replace("*@", ".*@", $row['ban_email']);
+					if ( preg_match("/^" . $match_email . "$/is", $email) )
 					{
-					return(0);
+						return array('error' => $lang['Email_banned']);
 					}
 				}
+			}
+
 			$sql = "SELECT user_email
 				FROM " . USERS_TABLE . "
 				WHERE user_email = '" . str_replace("\'", "''", $email) . "'";
-			if(!$result = $db->sql_query($sql))
+			if ( !($result = $db->sql_query($sql)) )
 			{
 				message_die(GENERAL_ERROR, "Couldn't obtain user email information.", "", __LINE__, __FILE__, $sql);
 			}
-			$email_taken = $db->sql_fetchrow($result);
-			if($email_taken['user_email'] != "")
+
+			if ( $email_taken = $db->sql_fetchrow($result) )
 			{
-				return false;
+				return array('error' => $lang['Email_taken']);
 			}

-			return true;
-		}
-		else
-		{
-			return false;
+			return array('error' => '');
 		}
 	}
-	else
-	{
-		return false;
-	}
+
+	return array('error' => $lang['Email_invalid']);
 }

 //
@ -583,6 +576,11 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
 					$error = TRUE;
 					$error_msg = $lang['Password_mismatch'];
 				}
+				else if( strlen($password) > 32 )
+				{
+					$error = TRUE;
+					$error_msg = $lang['Password_long'];
+				}
 				else
 				{
 					if( $mode == "editprofile" )
@ -624,14 +622,40 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
 			//
 			if( $email != $userdata['user_email'] || $mode == "register" )
 			{
-				if( !validate_email($email) )
+				$result = validate_email($email);
+				if( $result['error'] != '' )
 				{
+					$email = $userdata['user_email'];
+
 					$error = TRUE;
 					if(isset($error_msg))
 					{
 						$error_msg .= "<br />";
 					}
-					$error_msg .= $lang['Sorry_banned_or_taken_email'];
+					$error_msg .= $result['error'];
+				}
+					
+				if ( $mode == "editprofile" )
+				{
+					$sql = "SELECT user_password 
+						FROM " . USERS_TABLE . " 
+						WHERE user_id = $user_id";
+					if( $result = $db->sql_query($sql) )
+					{
+						$row = $db->sql_fetchrow($result);
+
+						if( $row['user_password'] != md5($password_current) )
+						{
+							$email = $userdata['user_email'];
+
+							$error = TRUE;
+							$error_msg = $lang['Current_password_mismatch'];
+						}
+					}
+					else
+					{
+						message_die(GENERAL_ERROR, "Couldn't obtain user_password information.", "", __LINE__, __FILE__, $sql);
+					}
 				}
 			}

@ -640,14 +664,15 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
 			{
 				if( $username != $userdata['username'] || $mode == "register" )
 				{
-					if( !validate_username($username) )
+					$result = validate_username($username);
+					if( $result['error'] != '' )
 					{
 						$error = TRUE;
-						if( isset($error_msg) )
+						if(isset($error_msg))
 						{
 							$error_msg .= "<br />";
 						}
-						$error_msg .= $lang['Invalid_username'];
+						$error_msg .= $result['error'];
 					}
 					else
 					{
@ -1578,6 +1603,7 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
 				"L_CURRENT_PASSWORD" => $lang['Current_password'], 
 				"L_NEW_PASSWORD" => ( $mode == "register" ) ? $lang['Password'] : $lang['New_password'], 
 				"L_CONFIRM_PASSWORD" => $lang['Confirm_password'],
+				"L_CONFIRM_PASSWORD_EXPLAIN" => ($mode == "editprofile") ? $lang['Confirm_password_explain'] : "",
 				"L_PASSWORD_IF_CHANGED" => ($mode == "editprofile") ? $lang['password_if_changed'] : "",
 				"L_PASSWORD_CONFIRM_IF_CHANGED" => ($mode == "editprofile") ? $lang['password_confirm_if_changed'] : "",
 				"L_SUBMIT" => $lang['Submit'],
--- a/phpBB/templates/subSilver/profile_add_body.tpl
+++ b/phpBB/templates/subSilver/profile_add_body.tpl
@ -30,7 +30,7 @@
 	<!-- BEGIN edit_profile -->
 	<tr> 
 	  <td class="row1"><span class="gen">{L_CURRENT_PASSWORD}: *</span><br />
-		<span class="gensmall">{L_PASSWORD_IF_CHANGED}</span></td>
+		<span class="gensmall">{L_CONFIRM_PASSWORD_EXPLAIN}</span></td>
 	  <td class="row2"> 
 		<input type="password" class="post" style="width: 200px" name="cur_password" size="25" maxlength="100" value="{PASSWORD}" />
 	  </td>