makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-12 22:38:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

Some re-arrangement of validation routines to improve extensibility

Browse source 
git-svn-id: file:///svn/phpbb/trunk@4487 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen 2003-09-08 12:42:32 +00:00
parent 924684b000
commit 7d4b42c68e
7 changed files with 525 additions and 526 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

307
phpBB/includes/functions_user.php
View file

@ -14,166 +14,123 @@
// //
// User functions // User functions
// //
function request_var($var_name, $default)
function normalise_data(&$data, &$normalise)
{ {
if (!isset($_REQUEST[$var_name]))
$valid_data = array();
foreach ($normalise as $var_type => $var_ary)
{ {
foreach ($var_ary as $var_name => $var_limits) return $default;
}
else
{
$var = $_REQUEST[$var_name];
$type = gettype($default);
settype($var, $type);
// Prevent use of  , excess spaces or other html entity forms in profile strings,
// not generally applicable elsewhere
if ($type == 'string')
{ {
$var_name = (is_string($var_name)) ? $var_name : $var_limits; $var = trim(preg_replace("#\s{2,}#s", ' ', strtr($var, array_flip(get_html_translation_table(HTML_ENTITIES)))));
$l_prefix = strtoupper($var_name); }
if (isset($data[$var_name])) return $var;
}
}
function validate_data($data, $val_ary)
{
$error = array();
foreach ($val_ary as $var => $val_seq)
{
if (!is_array($val_seq[0]))
{
$val_seq = array($val_seq);
}
foreach ($val_seq as $validate)
{
$function = array_shift($validate);
array_unshift($validate, $data[$var]);
if ($result = call_user_func_array('validate_' . $function, $validate))
{ {
switch ($var_type) $error[] = $result . '_' . strtoupper($var);
{
case 'i':
$valid_data[$var_name] = (int) $data[$var_name];
break;
case 'f':
$valid_data[$var_name] = (double) $data[$var_name];
break;
case 'b':
$valid_data[$var_name] = ($data[$var_name] <= 0) ? 0 : 1;
break;
case 's':
// Cleanup data, remove excess spaces, convert entity forms
$valid_data[$var_name] = trim(preg_replace('#\s{2,}#s', ' ', strtr((string) $data[$var_name], array_flip(get_html_translation_table(HTML_ENTITIES)))));
// How should we check this data?
if (!is_array($var_limits))
{
// Is the match a string? If it is, process it further, else we'll
// assume it's a maximum length
if (is_string($var_limits))
{
if (strstr($var_limits, ','))
{
list($min_value, $max_value) = explode(',', $var_limits);
if (!empty($valid_data[$var_name]) && strlen($valid_data[$var_name]) < $min_value)
{
$this->error[] = $l_prefix . '_TOO_SHORT';
}
if (strlen($valid_data[$var_name]) > $max_value)
{
$this->error[] = $l_prefix . '_TOO_LONG';
}
}
}
else
{
if (strlen($valid_data[$var_name]) > $var_limits)
{
$this->error[] = $l_prefix . '_TOO_LONG';
}
}
}
break;
}
} }
} }
} }
return $valid_data; return $error;
} }
// Validates data subject to supplied requirements, errors appropriately function validate_string($string, $optional = false, $min = 0, $max = 0)
function validate_data(&$data, &$validate)
{ {
global $db, $user, $config; if (empty($string) && $optional)
foreach ($validate as $operation => $var_ary)
{ {
foreach ($var_ary as $var_name => $compare) return false;
{
$l_prefix = strtoupper($var_name);
if (!empty($compare))
{
switch ($operation)
{
case 'm':
if (is_array($compare))
{
foreach ($compare as $match)
{
if (!preg_match($match, $data[$var_name]))
{
$this->error[] = $l_prefix . '_WRONG_DATA';
}
}
}
else if (!preg_match($compare, $data[$var_name]))
{
$this->error[] = $l_prefix . '_WRONG_DATA';
}
break;
case 'c':
if (is_array($compare))
{
if (!in_array($data[$var_name], $compare))
{
$this->error[] = $l_prefix . '_MISMATCH';
}
}
else if ($data[$var_name] != $compare)
{
$this->error[] = $l_prefix . '_MISMATCH';
}
break;
case 'f':
if ($result = $compare($data[$var_name]))
{
$this->error[] = $result;
}
break;
case 'r':
if (!isset($data[$compare]) || (is_string($data[$compare]) && $data[$compare] === ''))
{
$this->error[] = strtoupper($compare) . '_MISSING_DATA';
}
break;
}
}
}
} }
if ($min && strlen($string) < $min)
{
return 'TOO_SHORT';
}
else if ($max && strlen($string) > $max)
{
return 'TOO_LONG';
}
return false;
} }
// Generates an alphanumeric random string of given length function validate_num($num, $optional = false, $min = 0, $max = 1E99)
function gen_rand_string($num_chars)
{ {
$chars = array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9'); if (empty($num) && $optional)
list($usec, $sec) = explode(' ', microtime());
mt_srand($sec * $usec);
$max_chars = count($chars) - 1;
$rand_str = '';
for ($i = 0; $i < $num_chars; $i++)
{ {
$rand_str .= $chars[mt_rand(0, $max_chars)]; return false;
} }
return $rand_str; if ($num < $min)
} {
return 'TOO_SMALL';
}
else if ($num > $max)
{
return 'TOO_LARGE';
}
return false;
}
function validate_match($string, $optional = false, $match)
{
if (empty($string) && $optional)
{
return false;
}
if (!preg_match($match, $string))
{
return 'WRONG_DATA';
}
return false;
}
// Check to see if the username has been taken, or if it is disallowed. // Check to see if the username has been taken, or if it is disallowed.
// Also checks if it includes the " character, which we don't allow in usernames. // Also checks if it includes the " character, which we don't allow in usernames.
// Used for registering, changing names, and posting anonymously with a username // Used for registering, changing names, and posting anonymously with a username
function validate_username($username) function validate_username($username)
{ {
global $db, $user; global $config, $db, $user;
if (strtolower($user->data['username']) == strtolower($username))
{
return false;
}
if (!preg_match('#^' . $config['allow_name_chars'] . '$#i', $username))
{
return 'INVALID_CHARS';
}
$sql = 'SELECT username $sql = 'SELECT username
FROM ' . USERS_TABLE . " FROM ' . USERS_TABLE . "
@ -231,39 +188,44 @@ function validate_email($email)
{ {
global $config, $db, $user; global $config, $db, $user;
if (preg_match('#^[a-z0-9\.\-_\+]+?@(.*?\.)*?[a-z0-9\-_]+?\.[a-z]{2,4}$#i', $email)) if (strtolower($user->data['user_email']) == strtolower($email))
{ {
$sql = 'SELECT ban_email
FROM ' . BANLIST_TABLE;
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
if (preg_match('#^' . str_replace('*', '.*?', $row['ban_email']) . '$#i', $email))
{
return 'EMAIL_BANNED';
}
}
$db->sql_freeresult($result);
if (!$config['allow_emailreuse'])
{
$sql = 'SELECT user_email
FROM ' . USERS_TABLE . "
WHERE user_email = '" . $db->sql_escape($email) . "'";
$result = $db->sql_query($sql);
if ($row = $db->sql_fetchrow($result))
{
return 'EMAIL_TAKEN';
}
$db->sql_freeresult($result);
}
return false; return false;
} }
return 'EMAIL_INVALID'; if (!preg_match('#^[a-z0-9\.\-_\+]+?@(.*?\.)*?[a-z0-9\-_]+?\.[a-z]{2,4}$#i', $email))
{
return 'EMAIL_INVALID';
}
$sql = 'SELECT ban_email
FROM ' . BANLIST_TABLE;
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
if (preg_match('#^' . str_replace('*', '.*?', $row['ban_email']) . '$#i', $email))
{
return 'EMAIL_BANNED';
}
}
$db->sql_freeresult($result);
if (!$config['allow_emailreuse'])
{
$sql = 'SELECT user_email
FROM ' . USERS_TABLE . "
WHERE user_email = '" . $db->sql_escape($email) . "'";
$result = $db->sql_query($sql);
if ($row = $db->sql_fetchrow($result))
{
return 'EMAIL_TAKEN';
}
$db->sql_freeresult($result);
}
return false;
} }
function update_username($old_name, $new_name) function update_username($old_name, $new_name)
@ -464,6 +426,25 @@ function avatar_upload(&$data)
return false; return false;
} }
// Generates an alphanumeric random string of given length
function gen_rand_string($num_chars)
{
$chars = array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9');
list($usec, $sec) = explode(' ', microtime());
mt_srand($sec * $usec);
$max_chars = count($chars) - 1;
$rand_str = '';
for ($i = 0; $i < $num_chars; $i++)
{
$rand_str .= $chars[mt_rand(0, $max_chars)];
}
return $rand_str;
}
// //
// Usergroup functions // Usergroup functions
// //

42
phpBB/includes/ucp/ucp_activate.php
View file

@ -1,23 +1,15 @@
<?php <?php
/*************************************************************************** // -------------------------------------------------------------
* usercp_activate.php //
* ------------------- // $Id$
* begin : Saturday, Feb 13, 2001 //
* copyright : (C) 2001 The phpBB Group // FILENAME : usercp_activate.php
* email : support@phpbb.com // STARTED : Mon May 19, 2003
* // COPYRIGHT : © 2001, 2003 phpBB Group
* $Id$ // WWW : http://www.phpbb.com/
* // LICENCE : GPL vs2.0 [ see /docs/COPYING ]
***************************************************************************/ //
// -------------------------------------------------------------
/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
***************************************************************************/
class ucp_activate extends ucp class ucp_activate extends ucp
{ {
@ -25,9 +17,11 @@ class ucp_activate extends ucp
{ {
global $censors, $config, $db, $user, $auth, $SID, $template, $phpbb_root_path, $phpEx; global $censors, $config, $db, $user, $auth, $SID, $template, $phpbb_root_path, $phpEx;
$sql = "SELECT user_active, user_id, user_email, user_newpasswd, user_lang, user_actkey, username $user_id = (isset($_REQUEST['u'])) ? intval($_REQUEST['u']) : false;
FROM " . USERS_TABLE . "
WHERE user_id = " . intval($_GET['u']); $sql = 'SELECT user_id, username, user_active, user_email, user_newpasswd, user_lang, user_actkey
FROM ' . USERS_TABLE . "
WHERE user_id = $user_id";
$result = $db->sql_query($sql); $result = $db->sql_query($sql);
if ($row = $db->sql_fetchrow($result)) if ($row = $db->sql_fetchrow($result))
@ -40,7 +34,7 @@ class ucp_activate extends ucp
else if ($row['user_actkey'] == $_GET['k']) else if ($row['user_actkey'] == $_GET['k'])
{ {
$sql_update_pass = ($row['user_newpasswd'] != '') ? ", user_password = '" . $db->sql_escape($row['user_newpasswd']) . "', user_newpasswd = ''" : ''; $sql_update_pass = ($row['user_newpasswd'] != '') ? ", user_password = '" . $db->sql_escape($row['user_newpasswd']) . "', user_newpasswd = ''" : '';
z
$sql = "UPDATE " . USERS_TABLE . " $sql = "UPDATE " . USERS_TABLE . "
SET user_active = 1, user_actkey = ''" . $sql_update_pass . " SET user_active = 1, user_actkey = ''" . $sql_update_pass . "
WHERE user_id = " . $row['user_id']; WHERE user_id = " . $row['user_id'];
@ -84,7 +78,7 @@ z
} }
else else
{ {
trigger_error($user->lang['No_such_user']); trigger_error($user->lang['NO_USER']);
} }
$db->sql_freeresult($result); $db->sql_freeresult($result);
} }

38
phpBB/includes/ucp/ucp_confirm.php
View file

@ -1,23 +1,15 @@
<?php <?php
/*************************************************************************** // -------------------------------------------------------------
* ucp_confirm.php //
* ------------------- // $Id$
* begin : Saturday, Jan 15, 2003 //
* copyright : (C) 2001 The phpBB Group // FILENAME : ucp_confirm.php
* email : support@phpbb.com // STARTED : Mon May 19, 2003
* // COPYRIGHT : © 2003 phpBB Group
* $Id$ // WWW : http://www.phpbb.com/
* // LICENCE : GPL vs2.0 [ see /docs/COPYING ]
***************************************************************************/ //
// -------------------------------------------------------------
/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
***************************************************************************/
// Note to potential users of this code ... // Note to potential users of this code ...
// //
@ -44,10 +36,10 @@ class ucp_confirm extends ucp
$chars = array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9'); $chars = array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9');
// Try and grab code for this id and session // Try and grab code for this id and session
$sql = "SELECT code $sql = 'SELECT code
FROM " . CONFIRM_TABLE . " FROM ' . CONFIRM_TABLE . "
WHERE session_id = '" . $user->data['session_id'] . "' WHERE session_id = '" . $db->sql_escape($user->data['session_id']) . "'
AND confirm_id = '$confirm_id'"; AND confirm_id = '" . $db->sql_escape($confirm_id) . "'";
$result = $db->sql_query($sql); $result = $db->sql_query($sql);
// If we have a row then grab data else create a new id // If we have a row then grab data else create a new id

204
phpBB/includes/ucp/ucp_prefs.php
View file

@ -1,23 +1,15 @@
<?php <?php
/*************************************************************************** // -------------------------------------------------------------
* ucp_prefs.php //
* ------------------- // $Id$
* begin : Saturday, Feb 21, 2003 //
* copyright : (C) 2001 The phpBB Group // FILENAME : ucp_prefs.php
* email : support@phpbb.com // STARTED : Mon May 19, 2003
* // COPYRIGHT : © 2001, 2003 phpBB Group
* $Id$ // WWW : http://www.phpbb.com/
* // LICENCE : GPL vs2.0 [ see /docs/COPYING ]
***************************************************************************/ //
// -------------------------------------------------------------
/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
***************************************************************************/
class ucp_prefs extends ucp class ucp_prefs extends ucp
{ {
@ -25,7 +17,9 @@ class ucp_prefs extends ucp
{ {
global $censors, $config, $db, $user, $auth, $SID, $template, $phpbb_root_path, $phpEx; global $censors, $config, $db, $user, $auth, $SID, $template, $phpbb_root_path, $phpEx;
$submode = ($_REQUEST['mode']) ? htmlspecialchars($_REQUEST['mode']) : 'personal'; $submode = (!empty($_REQUEST['mode'])) ? htmlspecialchars($_REQUEST['mode']) : 'personal';
$submit = (isset($_POST['submit'])) ? true : false;
$error = $data = array();
// Setup internal subsection display // Setup internal subsection display
$submodules['PERSONAL'] = "i=$id&amp;mode=personal"; $submodules['PERSONAL'] = "i=$id&amp;mode=personal";
@ -39,41 +33,50 @@ class ucp_prefs extends ucp
{ {
case 'personal': case 'personal':
if (isset($_POST['submit'])) if ($submit)
{ {
$data = array(); $var_ary = array(
$normalise = array( 'dateformat' => (string) $config['default_dateformat'],
's' => array( 'lang' => (string) $config['default_lang'],
'dateformat'=> '3,15', 'tz' => (float) $config['board_timezone'],
'lang' => '2,5', 'style' => (int) $config['default_style'],
), 'dst' => (bool) $config['board_dst'],
'i' => array('dst', 'style'), 'viewemail' => false,
'f' => array('tz'), 'massemail' => true,
'b' => array('viewemail', 'massemail', 'hideonline', 'notifypm', 'popuppm') 'hideonline' => false,
'notifypm' => true,
'popuppm' => false,
); );
$data = normalise_data($_POST, $normalise);
$validate = array( foreach ($var_ary as $var => $default)
'r' => array('lang', 'tz', 'dateformat', 'style'), {
'm' => array( $data[$var] = request_var($var, $default);
'lang' => ($data['lang']) ? '#^[a-z_]+$#i' : '', }
),
$var_ary = array(
'dateformat' => array('string', false, 3, 15),
'lang' => array('match', false, '#^[a-z_]{2,}$#i'),
'tz' => array('num', false, -13, 13),
); );
validate_data($data, $validate);
if (!sizeof($this->error)) $error = validate_data($data, $var_ary);
extract($data);
unset($data);
if (!sizeof($error))
{ {
$sql_ary = array( $sql_ary = array(
'user_allow_viewemail' => $data['viewemail'], 'user_allow_viewemail' => $viewemail,
'user_allow_massemail' => $data['massemail'], 'user_allow_massemail' => $massemail,
'user_allow_viewonline' => ($auth->acl_get('u_hideonline')) ? !$data['hideonline'] : $user->data['user_allow_viewonline'], 'user_allow_viewonline' => ($auth->acl_get('u_hideonline')) ? !$hideonline : $user->data['user_allow_viewonline'],
'user_notify_pm' => $data['notifypm'], 'user_notify_pm' => $notifypm,
'user_popup_pm' => $data['popuppm'], 'user_popup_pm' => $popuppm,
'user_dst' => $data['dst'],
'user_dateformat' => $data['dateformat'], 'user_dst' => $dst,
'user_lang' => $data['lang'], 'user_dateformat' => $dateformat,
'user_timezone' => $data['tz'], 'user_lang' => $lang,
'user_style' => $data['style'], 'user_timezone' => $tz,
'user_style' => $style,
); );
$sql = 'UPDATE ' . USERS_TABLE . ' $sql = 'UPDATE ' . USERS_TABLE . '
@ -85,10 +88,6 @@ class ucp_prefs extends ucp
$message = $user->lang['PREFERENCES_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], "<a href=\"ucp.$phpEx$SID&amp;i=$id&amp;mode=$submode\">", '</a>'); $message = $user->lang['PREFERENCES_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], "<a href=\"ucp.$phpEx$SID&amp;i=$id&amp;mode=$submode\">", '</a>');
trigger_error($message); trigger_error($message);
} }
//
extract($data);
unset($data);
} }
$viewemail = (isset($viewemail)) ? $viewemail : $user->data['user_allow_viewemail']; $viewemail = (isset($viewemail)) ? $viewemail : $user->data['user_allow_viewemail'];
@ -116,7 +115,7 @@ class ucp_prefs extends ucp
$tz = (isset($tz)) ? $tz : $user->data['user_timezone']; $tz = (isset($tz)) ? $tz : $user->data['user_timezone'];
$template->assign_vars(array( $template->assign_vars(array(
'ERROR' => (sizeof($this->error)) ? implode('<br />', $this->error) : '', 'ERROR' => (sizeof($error)) ? implode('<br />', $error) : '',
'VIEW_EMAIL_YES' => $view_email_yes, 'VIEW_EMAIL_YES' => $view_email_yes,
'VIEW_EMAIL_NO' => $view_email_no, 'VIEW_EMAIL_NO' => $view_email_no,
@ -143,32 +142,48 @@ class ucp_prefs extends ucp
case 'view': case 'view':
if (isset($_POST['submit'])) if ($submit)
{ {
$data = array(); $var_ary = array(
$normalise = array( 'sk' => (string) 't',
's' => array( 'sd' => (string) 'd',
'sk' => '1,1', 'st' => 0,
'sd' => '1,1', 'minkarma' => (int) -5,
), 'images' => true,
'i' => array('st', 'minkarma'), 'flash' => false,
'b' => array('images', 'flash', 'smilies', 'sigs', 'avatars', 'wordcensor'), 'smilies' => true,
'sigs' => true,
'avatars' => true,
'wordcensor'=> false,
); );
$data = normalise_data($_POST, $normalise);
if (!sizeof($this->error)) foreach ($var_ary as $var => $default)
{
$data[$var] = request_var($var, $default);
}
$var_ary = array(
'sk' => array('string', false, 1, 1),
'sd' => array('string', false, 1, 1),
);
$error = validate_data($data, $var_ary);
extract($data);
unset($data);
if (!sizeof($error))
{ {
$sql_ary = array( $sql_ary = array(
'user_viewimg' => $data['images'], 'user_viewimg' => $images,
'user_viewflash' => $data['flash'], 'user_viewflash' => $flash,
'user_viewsmilies' => $data['smilies'], 'user_viewsmilies' => $smilies,
'user_viewsigs' => $data['sigs'], 'user_viewsigs' => $sigs,
'user_viewavatars' => $data['avatars'], 'user_viewavatars' => $avatars,
'user_viewcensors' => ($auth->acl_get('u_chgcensors')) ? $data['wordcensor'] : $user->data['user_viewcensors'], 'user_viewcensors' => ($auth->acl_get('u_chgcensors')) ? $wordcensor : $user->data['user_viewcensors'],
'user_sortby_type' => $data['sk'], 'user_sortby_type' => $sk,
'user_sortby_dir' => $data['sd'], 'user_sortby_dir' => $sd,
'user_show_days' => $data['st'], 'user_show_days' => $st,
'user_min_karma' => $data['minkarma'], 'user_min_karma' => $minkarma,
); );
$sql = 'UPDATE ' . USERS_TABLE . ' $sql = 'UPDATE ' . USERS_TABLE . '
@ -180,10 +195,6 @@ class ucp_prefs extends ucp
$message = $user->lang['PREFERENCES_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], "<a href=\"ucp.$phpEx$SID&amp;i=$id&amp;mode=$submode\">", '</a>'); $message = $user->lang['PREFERENCES_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], "<a href=\"ucp.$phpEx$SID&amp;i=$id&amp;mode=$submode\">", '</a>');
trigger_error($message); trigger_error($message);
} }
//
extract($data);
unset($data);
} }
$sk = (isset($sk)) ? $sk : ((!empty($user->data['user_sortby_type'])) ? $user->data['user_sortby_type'] : 't'); $sk = (isset($sk)) ? $sk : ((!empty($user->data['user_sortby_type'])) ? $user->data['user_sortby_type'] : 't');
@ -227,7 +238,7 @@ class ucp_prefs extends ucp
$wordcensor_no = (!$wordcensor) ? ' checked="checked"' : ''; $wordcensor_no = (!$wordcensor) ? ' checked="checked"' : '';
$template->assign_vars(array( $template->assign_vars(array(
'ERROR' => (sizeof($this->error)) ? implode('<br />', $this->error) : '', 'ERROR' => (sizeof($error)) ? implode('<br />', $error) : '',
'VIEW_IMAGES_YES' => $images_yes, 'VIEW_IMAGES_YES' => $images_yes,
'VIEW_IMAGES_NO' => $images_no, 'VIEW_IMAGES_NO' => $images_no,
@ -253,22 +264,29 @@ class ucp_prefs extends ucp
case 'post': case 'post':
if (isset($_POST['submit'])) if ($submit)
{ {
$data = array(); $var_ary = array(
$normalise = array( 'bbcode' => true,
'b' => array('bbcode', 'html', 'smilies', 'sig', 'notify'), 'html' => false,
'smilies' => true,
'sig' => true,
'notify' => false,
); );
$data = normalise_data($_POST, $normalise);
if (!sizeof($this->error)) foreach ($var_ary as $var => $default)
{
$$var = request_var($var, $default);
}
if (!sizeof($error))
{ {
$sql_ary = array( $sql_ary = array(
'user_allowbbcode' => $data['bbcode'], 'user_allowbbcode' => $bbcode,
'user_allowhtml' => $data['html'], 'user_allowhtml' => $html,
'user_allowsmile' => $data['smilies'], 'user_allowsmile' => $smilies,
'user_attachsig' => $data['sig'], 'user_attachsig' => $sig,
'user_notify' => $data['notify'], 'user_notify' => $notify,
); );
$sql = 'UPDATE ' . USERS_TABLE . ' $sql = 'UPDATE ' . USERS_TABLE . '
@ -280,10 +298,6 @@ class ucp_prefs extends ucp
$message = $user->lang['PREFERENCES_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], "<a href=\"ucp.$phpEx$SID&amp;i=$id&amp;mode=$submode\">", '</a>'); $message = $user->lang['PREFERENCES_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], "<a href=\"ucp.$phpEx$SID&amp;i=$id&amp;mode=$submode\">", '</a>');
trigger_error($message); trigger_error($message);
} }
//
extract($data);
unset($data);
} }
$bbcode = (isset($bbcode)) ? $bbcode : $user->data['user_allowbbcode']; $bbcode = (isset($bbcode)) ? $bbcode : $user->data['user_allowbbcode'];
@ -303,7 +317,7 @@ class ucp_prefs extends ucp
$notify_no = (!$notify) ? ' checked="checked"' : ''; $notify_no = (!$notify) ? ' checked="checked"' : '';
$template->assign_vars(array( $template->assign_vars(array(
'ERROR' => (sizeof($this->error)) ? implode('<br />', $this->error) : '', 'ERROR' => (sizeof($error)) ? implode('<br />', $error) : '',
'DEFAULT_BBCODE_YES' => $bbcode_yes, 'DEFAULT_BBCODE_YES' => $bbcode_yes,
'DEFAULT_BBCODE_NO' => $bbcode_no, 'DEFAULT_BBCODE_NO' => $bbcode_no,

257
phpBB/includes/ucp/ucp_profile.php
View file

@ -23,7 +23,8 @@ class ucp_profile extends ucp
$submode = (isset($_GET['mode'])) ? htmlspecialchars($_GET['mode']) : 'reg_details'; $submode = (isset($_GET['mode'])) ? htmlspecialchars($_GET['mode']) : 'reg_details';
$preview = (isset($_POST['preview'])) ? true : false; $preview = (isset($_POST['preview'])) ? true : false;
$submit = (isset($_POST['submit'])) ? true : false; $submit = (isset($_POST['submit'])) ? true : false;
$error = array(); $delete = (isset($_POST['delete'])) ? true : false;
$error = $data = array();
$submodules['REG_DETAILS'] = "i=$id&amp;mode=reg_details"; $submodules['REG_DETAILS'] = "i=$id&amp;mode=reg_details";
$submodules['PROFILE_INFO'] = "i=$id&amp;mode=profile_info"; $submodules['PROFILE_INFO'] = "i=$id&amp;mode=profile_info";
@ -39,48 +40,56 @@ class ucp_profile extends ucp
if ($submit) if ($submit)
{ {
$var_ary = array(
'username' => $user->data['username'],
$normalise = array( 'email' => $user->data['user_email'],
's' => array( 'email_confirm' => (string) '',
'username' => $config['min_name_chars'] . ',' . $config['max_name_chars'], 'new_password' => (string) '',
'password_confirm' => $config['min_pass_chars'] . ',' . $config['max_pass_chars'], 'cur_password' => (string) '',
'new_password' => $config['min_pass_chars'] . ',' . $config['max_pass_chars'], 'password_confirm' => (string) '',
'cur_password' => $config['min_pass_chars'] . ',' . $config['max_pass_chars'],
'email' => '7,60',
'email_confirm' => '7,60',
)
); );
$data = normalise_data($_POST, $normalise);
// md5 current password for checking foreach ($var_ary as $var => $default)
$data['cur_password'] = md5($data['cur_password']); {
$data[$var] = request_var($var, $default);
}
$validate = array( $var_ary = array(
'r' => array('username', 'email'), 'username' => array(
'c' => array( array('string', false, $config['min_name_chars'], $config['max_name_chars']),
'password_confirm' => ($data['new_password']) ? $data['new_password'] : '', array('username', $username)),
'cur_password' => ($data['new_password'] || $data['email'] != $user->data['user_email'] || $data['username'] != $user->data['username']) ? $user->data['user_password'] : '', 'password_confirm' => array('string', true, $config['min_pass_chars'], $config['max_pass_chars']),
'email_confirm' => ($data['email'] != $user->data['user_email']) ? $data['email'] : '', 'new_password' => array('string', true, $config['min_pass_chars'], $config['max_pass_chars']),
), 'cur_password' => array('string', true, $config['min_pass_chars'], $config['max_pass_chars']),
'm' => array( 'email' => array(
'username' => ($data['username'] != $user->data['username']) ? '#^' . preg_replace('#/{1}#', '\\', $config['allow_name_chars']) . '$#iu' : '', array('string', false, 6, 60),
), array('email', $email)),
'f' => array( 'email_confirm' => array('string', true, 6, 60),
'username' => ($data['username'] != $user->data['username']) ? 'validate_username' : '',
'email' => ($data['email'] != $user->data['user_email']) ? 'validate_email' : '',
),
); );
validate_data($data, $validate);
$error = validate_data($data, $var_ary);
extract($data);
unset($data);
if ($auth->acl_get('u_chgpasswd') && $new_password && md5($password_confirm) != $user->data['user_password'])
{
$error[] = 'NEW_PASSWORD_ERROR';
}
if ((($auth->acl_get('u_chgemail') && $email != $user->data['user_email']) || ($username != $user->data['username'] && $auth->acl_get('u_chgname') && $config['allow_namechange'])) && md5($cur_password) != $user->data['user_password'])
{
$error[] = 'CUR_PASSWORD_ERROR';
}
if ($auth->acl_get('u_chgemail') && $email != $user->data['user_email'] && $email_confirm != $email)
{
$error[] = 'NEW_EMAIL_ERROR';
}
if (!sizeof($this->error)) if (!sizeof($error))
{ {
$sql_ary = array( $sql_ary = array(
'username' => ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? $data['username'] : $user->data['username'], 'username' => ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? $username : $user->data['username'],
'user_email' => ($auth->acl_get('u_chgemail')) ? $data['email'] : $user->data['user_email'], 'user_email' => ($auth->acl_get('u_chgemail')) ? $email : $user->data['user_email'],
'user_password' => ($auth->acl_get('u_chgpasswd') && !empty($data['user_password'])) ? md5($data['username']) : $user->data['user_password'] 'user_password' => ($auth->acl_get('u_chgpasswd')) ? md5($user_password) : $user->data['user_password']
); );
$sql = 'UPDATE ' . USERS_TABLE . ' $sql = 'UPDATE ' . USERS_TABLE . '
@ -89,25 +98,21 @@ class ucp_profile extends ucp
$db->sql_query($sql); $db->sql_query($sql);
// Need to update config, forum, topic, posting, messages, etc. // Need to update config, forum, topic, posting, messages, etc.
if ($data['username'] != $user->data['username'] && $auth->acl_get('u_chgname') & $config['allow_namechange']) if ($username != $user->data['username'] && $auth->acl_get('u_chgname') && $config['allow_namechange'])
{ {
update_username($user->data['username'], $data['username']); update_username($user->data['username'], $username);
} }
meta_refresh(3, "ucp.$phpEx$SID&amp;i=$id&amp;mode=$submode"); meta_refresh(3, "ucp.$phpEx$SID&amp;i=$id&amp;mode=$submode");
$message = $user->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], "<a href=\"ucp.$phpEx$SID&amp;i=$id&amp;mode=$submode\">", '</a>'); $message = $user->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], "<a href=\"ucp.$phpEx$SID&amp;i=$id&amp;mode=$submode\">", '</a>');
trigger_error($message); trigger_error($message);
} }
//
extract($data);
unset($data);
} }
$user_char_ary = array('.*' => 'USERNAME_CHARS_ANY', '[\w]+' => 'USERNAME_ALPHA_ONLY', '[\w_\+\. \-\[\]]+' => 'USERNAME_ALPHA_SPACERS'); $user_char_ary = array('.*' => 'USERNAME_CHARS_ANY', '[\w]+' => 'USERNAME_ALPHA_ONLY', '[\w_\+\. \-\[\]]+' => 'USERNAME_ALPHA_SPACERS');
$template->assign_vars(array( $template->assign_vars(array(
'ERROR' => (sizeof($this->error)) ? implode('<br />', $this->error) : '', 'ERROR' => (sizeof($error)) ? implode('<br />', $error) : '',
'USERNAME' => (isset($username)) ? stripslashes($username) : $user->data['username'], 'USERNAME' => (isset($username)) ? stripslashes($username) : $user->data['username'],
'EMAIL' => (isset($email)) ? stripslashes($email) : $user->data['user_email'], 'EMAIL' => (isset($email)) ? stripslashes($email) : $user->data['user_email'],
@ -122,51 +127,70 @@ class ucp_profile extends ucp
'S_CHANGE_EMAIL' => ($auth->acl_get('u_chgemail')) ? true : false, 'S_CHANGE_EMAIL' => ($auth->acl_get('u_chgemail')) ? true : false,
'S_CHANGE_PASSWORD' => ($auth->acl_get('u_chgpasswd')) ? true : false) 'S_CHANGE_PASSWORD' => ($auth->acl_get('u_chgpasswd')) ? true : false)
); );
break; break;
case 'profile_info': case 'profile_info':
if (isset($_POST['submit'])) if ($submit)
{ {
$data = array(); $var_ary = array(
$normalise = array( 'icq' => (string) '',
's' => array( 'aim' => (string) '',
'icq' => '3,15', 'msn' => (string) '',
'aim' => '5,255', 'yim' => (string) '',
'msn' => '5,255', 'jabber' => (string) '',
'yim' => '5,255', 'website' => (string) '',
'jabber' => '5,255', 'location' => (string) '',
'website' => '12,255', 'occupation' => (string) '',
'location' => '2,100', 'interests' => (string) '',
'occupation'=> '2,500', 'bday_day' => 0,
'interests' => '2,500', 'bday_month' => 0,
), 'bday_year' => 0,
'i' => array('bday_day', 'bday_month', 'bday_year')
); );
$data = normalise_data($_POST, $normalise);
$validate = array( foreach ($var_ary as $var => $default)
'm' => array( {
'icq' => ($data['icq']) ? '#^[0-9]+$#i' : '', $data[$var] = request_var($var, $default);
'website' => ($data['website']) ? '#^http[s]?://(.*?\.)*?[a-z0-9\-]+\.[a-z]{2,4}#i' : '', }
),
$var_ary = array(
'icq' => array(
array('string', true, 3, 15),
array('match', true, '#^[0-9]+$#i')),
'aim' => array('string', true, 5, 255),
'msn' => array('string', true, 5, 255),
'jabber' => array(
array('string', true, 5, 255),
array('match', true, '#^[a-z0-9\.\-_\+]+?@(.*?\.)*?[a-z0-9\-_]+?\.[a-z]{2,4}(/.*)?$#i')),
'yim' => array('string', true, 5, 255),
'website' => array(
array('string', true, 12, 255),
array('match', true, '#^http[s]?://(.*?\.)*?[a-z0-9\-]+\.[a-z]{2,4}#i')),
'location' => array('string', true, 2, 255),
'occupation' => array('string', true, 2, 500),
'interests' => array('string', true, 2, 500),
'bday_day' => array('num', true, 1, 31),
'bday_month' => array('num', true, 1, 12),
'bday_year' => array('num', true, 1901, gmdate('Y', time())),
); );
validate_data($data, $validate);
if (!sizeof($this->error)) $error = validate_data($data, $var_ary);
extract($data);
unset($data);
if (!sizeof($error))
{ {
$sql_ary = array( $sql_ary = array(
'user_icq' => $data['icq'], 'user_icq' => $icq,
'user_aim' => $data['aim'], 'user_aim' => $aim,
'user_msnm' => $data['msn'], 'user_msnm' => $msn,
'user_yim' => $data['yim'], 'user_yim' => $yim,
'user_jabber' => $data['jabber'], 'user_jabber' => $jabber,
'user_website' => $data['website'], 'user_website' => $website,
'user_from' => $data['location'], 'user_from' => $location,
'user_occ' => $data['occupation'], 'user_occ' => $occupation,
'user_interests'=> $data['interests'], 'user_interests'=> $interests,
'user_birthday' => sprintf('%2d-%2d-%4d', $data['bday_day'], $data['bday_month'], $data['bday_year']), 'user_birthday' => sprintf('%2d-%2d-%4d', $bday_day, $bday_month, $bday_year),
); );
$sql = 'UPDATE ' . USERS_TABLE . ' $sql = 'UPDATE ' . USERS_TABLE . '
@ -178,10 +202,6 @@ class ucp_profile extends ucp
$message = $user->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], "<a href=\"ucp.$phpEx$SID&amp;i=$id&amp;mode=$submode\">", '</a>'); $message = $user->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], "<a href=\"ucp.$phpEx$SID&amp;i=$id&amp;mode=$submode\">", '</a>');
trigger_error($message); trigger_error($message);
} }
//
extract($data);
unset($data);
} }
if (!isset($bday_day)) if (!isset($bday_day))
@ -214,7 +234,7 @@ class ucp_profile extends ucp
unset($now); unset($now);
$template->assign_vars(array( $template->assign_vars(array(
'ERROR' => (sizeof($this->error)) ? implode('<br />', $this->error) : '', 'ERROR' => (sizeof($error)) ? implode('<br />', $error) : '',
'ICQ' => (isset($icq)) ? $icq : $user->data['user_icq'], 'ICQ' => (isset($icq)) ? $icq : $user->data['user_icq'],
'YIM' => (isset($yim)) ? $yim : $user->data['user_yim'], 'YIM' => (isset($yim)) ? $yim : $user->data['user_yim'],
@ -349,43 +369,50 @@ class ucp_profile extends ucp
// Can we upload? // Can we upload?
$can_upload = ($config['allow_avatar_upload'] && file_exists($phpbb_root_path . $config['avatar_path']) && is_writeable($phpbb_root_path . $config['avatar_path']) && $auth->acl_get('u_chgavatar') && (@ini_get('file_uploads') || @ini_get('file_uploads') == 'On')) ? true : false; $can_upload = ($config['allow_avatar_upload'] && file_exists($phpbb_root_path . $config['avatar_path']) && is_writeable($phpbb_root_path . $config['avatar_path']) && $auth->acl_get('u_chgavatar') && (@ini_get('file_uploads') || @ini_get('file_uploads') == 'On')) ? true : false;
if (isset($_POST['submit'])) if ($submit)
{ {
$data = array(); $var_ary = array(
if (!empty($_FILES['uploadfile']['tmp_name']) && $can_upload) 'uploadurl' => (string) '',
{ 'remotelink' => (string) '',
$this->error = avatar_upload($data); 'width' => (string) '',
} 'height' => (string) '',
else if (!empty($_POST['uploadurl']) && $can_upload) );
{
$normalise = array(
's' => array(
'uploadurl' => '1,255',
)
);
$data = normalise_data($_POST, $normalise);
$this->error = avatar_upload($data); foreach ($var_ary as $var => $default)
}
else if (!empty($_POST['remotelink']) && $auth->acl_get('u_chgavatar') && $config['allow_avatar_remote'])
{ {
$normalise = array( $data[$var] = request_var($var, $default);
's' => array(
'remotelink' => '1,255',
'width' => '1,3',
'height' => '1,3',
)
);
$data = normalise_data($_POST, $normalise);
$this->error = avatar_remote($data);
}
else if (!empty($_POST['delete']) && $auth->acl_get('u_chgavatar'))
{
$data['filename'] = $data['width'] = $data['height'] = '';
} }
if (!$this->error) $var_ary = array(
'uploadurl' => array('string', false, 5, 255),
'remotelink' => array('string', true, 5, 255),
'width' => array('string', true, 1, 3),
'height' => array('string', true, 1, 3),
);
$error = validate_data($data, $var_ary);
if (!sizeof($error))
{
if (!empty($_FILES['uploadfile']['tmp_name']) && $can_upload)
{
$error = avatar_upload($data);
}
else if ($data['uploadurl'] && $can_upload)
{
$error = avatar_upload($uploadurl);
}
else if ($data['remotelink'] && $auth->acl_get('u_chgavatar') && $config['allow_avatar_remote'])
{
$error = avatar_remote($data);
}
else if ($delete && $auth->acl_get('u_chgavatar'))
{
$data['filename'] = $data['width'] = $data['height'] = '';
}
}
if (!sizeof($error))
{ {
// Do we actually have any data to update? // Do we actually have any data to update?
if (sizeof($data)) if (sizeof($data))
@ -414,12 +441,10 @@ class ucp_profile extends ucp
trigger_error($message); trigger_error($message);
} }
//
extract($data); extract($data);
unset($data); unset($data);
} }
// Generate users avatar // Generate users avatar
$avatar_img = ''; $avatar_img = '';
if ($user->data['user_avatar']) if ($user->data['user_avatar'])
@ -434,13 +459,11 @@ class ucp_profile extends ucp
break; break;
} }
$avatar_img .= $user->data['user_avatar']; $avatar_img .= $user->data['user_avatar'];
$avatar_img = '<img src="' . $avatar_img . '" width="' . $user->data['user_avatar_width'] . '" height="' . $user->data['user_avatar_height'] . '" border="0" alt="" />'; $avatar_img = '<img src="' . $avatar_img . '" width="' . $user->data['user_avatar_width'] . '" height="' . $user->data['user_avatar_height'] . '" border="0" alt="" />';
} }
$template->assign_vars(array( $template->assign_vars(array(
'ERROR' => ($this->error) ? $this->error : '', 'ERROR' => ($error) ? $error : '',
'AVATAR' => $avatar_img, 'AVATAR' => $avatar_img,
'AVATAR_SIZE' => $config['avatar_filesize'], 'AVATAR_SIZE' => $config['avatar_filesize'],

155
phpBB/includes/ucp/ucp_register.php
View file

@ -1,23 +1,15 @@
<?php <?php
/*************************************************************************** // -------------------------------------------------------------
* ucp_register.php //
* ------------------- // $Id$
* begin : Saturday, Feb 13, 2001 //
* copyright : (C) 2001 The phpBB Group // FILENAME : ucp_register.php
* email : support@phpbb.com // STARTED : Mon May 19, 2003
* // COPYRIGHT : © 2003 phpBB Group
* $Id$ // WWW : http://www.phpbb.com/
* // LICENCE : GPL vs2.0 [ see /docs/COPYING ]
***************************************************************************/ //
// -------------------------------------------------------------
/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
***************************************************************************/
class ucp_register extends ucp class ucp_register extends ucp
{ {
@ -33,6 +25,9 @@ class ucp_register extends ucp
$coppa = (isset($_REQUEST['coppa'])) ? ((!empty($_REQUEST['coppa'])) ? 1 : 0) : false; $coppa = (isset($_REQUEST['coppa'])) ? ((!empty($_REQUEST['coppa'])) ? 1 : 0) : false;
$agreed = (!empty($_POST['agreed'])) ? 1 : 0; $agreed = (!empty($_POST['agreed'])) ? 1 : 0;
$confirm_id = (!empty($_POST['confirm_id'])) ? $_POST['confirm_id'] : 0;
$submit = (isset($_POST['submit'])) ? true : false;
$error = $data = array();
// //
if (!$agreed) if (!$agreed)
@ -68,77 +63,83 @@ class ucp_register extends ucp
} }
// Check and initialize some variables if needed // Check and initialize some variables if needed
$error = $data = array(); if ($submit)
if (isset($_POST['submit']))
{ {
$normalise = array( $var_ary = array(
's' => array( 'username' => (string) '',
'username' => $config['min_name_chars'] . ',' . $config['max_name_chars'], 'password_confirm' => (string) '',
'password_confirm' => $config['min_pass_chars'] . ',' . $config['max_pass_chars'], 'new_password' => (string) '',
'new_password' => $config['min_pass_chars'] . ',' . $config['max_pass_chars'], 'cur_password' => (string) '',
'lang' => '1,50', 'email' => (string) '',
'confirm_code' => '6,6', 'email_confirm' => (string) '',
'email' => '7,60', 'confirm_code' => (string) '',
'email_confirm' => '7,60', 'lang' => (string) $config['default_lang'],
), 'tz' => (float) $config['board_timezone'],
'f' => array('tz')
); );
$data = normalise_data($_POST, $normalise);
$validate = array( foreach ($var_ary as $var => $default)
'r' => array('username', 'email', 'email_confirm', 'new_password', 'password_confirm', 'lang', 'confirm_code', 'tz'), {
'c' => array( $data[$var] = request_var($var, $default);
'password_confirm' => $data['new_password'], }
'email_confirm' => $data['email'],
), $var_ary = array(
'm' => array( 'username' => array(
'username' => '#^' . preg_replace('#/{1}#', '\\', $config['allow_name_chars']) . '$#iu', array('string', false, $config['min_name_chars'], $config['max_name_chars']),
), array('username', $username)),
'f' => array( 'password_confirm' => array('string', false, $config['min_pass_chars'], $config['max_pass_chars']),
'username' => 'validate_username', 'new_password' => array('string', false, $config['min_pass_chars'], $config['max_pass_chars']),
'email' => 'validate_email', 'email' => array(
), array('string', false, 6, 60),
array('email', $email)),
'email_confirm' => array('string', false, 6, 60),
'confirm_code' => array('string', !$config['enable_confirm'], 6, 6),
'dateformat' => array('string', false, 3, 15),
'tz' => array('num', false, -13, 13),
'lang' => array('match', false, '#^[a-z_]{2,}$#i'),
); );
validate_data($data, $validate);
$error = validate_data($data, $var_ary);
extract($data);
unset($data);
// Visual Confirmation handling // Visual Confirmation handling
if ($config['enable_confirm']) if ($config['enable_confirm'])
{ {
if (empty($_POST['confirm_id'])) if (!$confirm_id)
{ {
$this->error[] = $user->lang['CONFIRM_CODE_WRONG']; $error[] = $user->lang['CONFIRM_CODE_WRONG'];
} }
else else
{ {
$sql = 'SELECT code $sql = 'SELECT code
FROM ' . CONFIRM_TABLE . " FROM ' . CONFIRM_TABLE . "
WHERE confirm_id = '" . $_POST['confirm_id'] . "' WHERE confirm_id = '" . $db->sql_escape($confirm_id) . "'
AND session_id = '" . $user->data['session_id'] . "'"; AND session_id = '" . $db->sql_escape($user->data['session_id']) . "'";
$result = $db->sql_query($sql); $result = $db->sql_query($sql);
if ($row = $db->sql_fetchrow($result)) if ($row = $db->sql_fetchrow($result))
{ {
if ($row['code'] != $data['confirm_code']) if ($row['code'] != $data['confirm_code'])
{ {
$this->error[] = $user->lang['CONFIRM_CODE_WRONG']; $error[] = $user->lang['CONFIRM_CODE_WRONG'];
} }
else else
{ {
$sql = 'DELETE FROM ' . CONFIRM_TABLE . " $sql = 'DELETE FROM ' . CONFIRM_TABLE . "
WHERE confirm_id = '" . $_POST['confirm_id'] . "' WHERE confirm_id = '" . $db->sql_escape($confirm_id) . "'
AND session_id = '" . $user->data['session_id'] . "'"; AND session_id = '" . $db->sql_escape($user->data['session_id']) . "'";
$db->sql_query($sql); $db->sql_query($sql);
} }
} }
else else
{ {
$this->error[] = $user->lang['CONFIRM_CODE_WRONG']; $error[] = $user->lang['CONFIRM_CODE_WRONG'];
} }
$db->sql_freeresult($result); $db->sql_freeresult($result);
} }
} }
if (!sizeof($this->error)) if (!sizeof($error))
{ {
$server_url = generate_board_url(); $server_url = generate_board_url();
@ -162,16 +163,16 @@ class ucp_register extends ucp
$db->sql_transaction(); $db->sql_transaction();
$sql_ary = array( $sql_ary = array(
'user_ip' => $user->ip, 'username' => $username,
'user_regdate' => time(), 'user_password' => md5($new_password),
'username' => $data['username'], 'user_email' => $email,
'user_password' => md5($data['new_password']), 'user_timezone' => (float) $tz,
'user_email' => $data['email'], 'user_lang' => $lang,
'user_allow_pm' => 1, 'user_allow_pm' => 1,
'user_timezone' => (float) $data['tz'],
'user_lang' => $data['lang'],
'user_active' => $user_active, 'user_active' => $user_active,
'user_actkey' => $user_actkey 'user_actkey' => $user_actkey
'user_ip' => $user->ip,
'user_regdate' => time(),
); );
$sql = 'INSERT INTO ' . USERS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary); $sql = 'INSERT INTO ' . USERS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
@ -183,7 +184,7 @@ class ucp_register extends ucp
$group_reg = ($coppa) ? 'REGISTERED_COPPA' : 'REGISTERED'; $group_reg = ($coppa) ? 'REGISTERED_COPPA' : 'REGISTERED';
$group_inactive = ($coppa) ? 'INACTIVE_COPPA' : 'INACTIVE'; $group_inactive = ($coppa) ? 'INACTIVE_COPPA' : 'INACTIVE';
$group_name = ($config['require_activation'] == USER_ACTIVATION_NONE) ? $group_reg : $group_inactive; $group_name = ($config['require_activation'] == USER_ACTIVATION_NONE) ? $group_reg : $group_inactive;
$sql = "INSERT INTO " . USER_GROUP_TABLE . " (user_id, group_id, user_pending) $sql = 'INSERT INTO ' . USER_GROUP_TABLE . " (user_id, group_id, user_pending)
SELECT $user_id, group_id, 0 SELECT $user_id, group_id, 0
FROM " . GROUPS_TABLE . " FROM " . GROUPS_TABLE . "
WHERE group_name = '$group_name' WHERE group_name = '$group_name'
@ -218,15 +219,15 @@ class ucp_register extends ucp
include($phpbb_root_path . 'includes/emailer.'.$phpEx); include($phpbb_root_path . 'includes/emailer.'.$phpEx);
$emailer = new emailer(); $emailer = new emailer();
$emailer->template($email_template, $user->data['user_lang']); $emailer->template($email_template, $lang);
$emailer->replyto($config['board_contact']); $emailer->replyto($config['board_contact']);
$emailer->to($data['email'], $data['username']); $emailer->to($email, $username);
$emailer->assign_vars(array( $emailer->assign_vars(array(
'SITENAME' => $config['sitename'], 'SITENAME' => $config['sitename'],
'WELCOME_MSG' => sprintf($user->lang['Welcome_subject'], $config['sitename']), 'WELCOME_MSG' => sprintf($user->lang['Welcome_subject'], $config['sitename']),
'USERNAME' => $data['username'], 'USERNAME' => $username,
'PASSWORD' => $data['password_confirm'], 'PASSWORD' => $password_confirm,
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $config['board_email_sig']), 'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $config['board_email_sig']),
'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&k=$user_actkey") 'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&k=$user_actkey")
@ -235,16 +236,18 @@ class ucp_register extends ucp
if ($coppa) if ($coppa)
{ {
$emailer->assign_vars(array( $emailer->assign_vars(array(
'FAX_INFO' => $config['coppa_fax'], 'FAX_INFO' => $config['coppa_fax'],
'MAIL_INFO' => $config['coppa_mail'], 'MAIL_INFO' => $config['coppa_mail'],
'EMAIL_ADDRESS' => $email, 'EMAIL_ADDRESS' => $email,
'SITENAME' => $config['sitename']) 'SITENAME' => $config['sitename'])
); );
} }
$emailer->send(); $emailer->send();
$emailer->reset(); $emailer->reset();
// TODO
// Email admins with user management permissions
if ($config['require_activation'] == USER_ACTIVATION_ADMIN) if ($config['require_activation'] == USER_ACTIVATION_ADMIN)
{ {
$emailer->use_template('admin_activate', $config['default_lang']); $emailer->use_template('admin_activate', $config['default_lang']);
@ -252,10 +255,10 @@ class ucp_register extends ucp
$emailer->to($config['board_contact']); $emailer->to($config['board_contact']);
$emailer->assign_vars(array( $emailer->assign_vars(array(
'USERNAME' => $data['username'], 'USERNAME' => $username,
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $config['board_email_sig']), 'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $config['board_email_sig']),
'U_ACTIVATE' => generate_board_url() . "/ucp.$phpEx?mode=activate&k=$user_actkey") 'U_ACTIVATE' => generate_board_url() . "/ucp.$phpEx?mode=activate&k=$user_actkey")
); );
$emailer->send(); $emailer->send();
@ -266,7 +269,7 @@ class ucp_register extends ucp
if ($config['require_activation'] == USER_ACTIVATION_NONE || !$config['email_enable']) if ($config['require_activation'] == USER_ACTIVATION_NONE || !$config['email_enable'])
{ {
set_config('newest_user_id', $user_id); set_config('newest_user_id', $user_id);
set_config('newest_username', $data['username']); set_config('newest_username', $username);
set_config('num_users', $config['num_users'] + 1, TRUE); set_config('num_users', $config['num_users'] + 1, TRUE);
} }
unset($data); unset($data);
@ -358,7 +361,7 @@ class ucp_register extends ucp
'EMAIL' => $email, 'EMAIL' => $email,
'EMAIL_CONFIRM' => $email_confirm, 'EMAIL_CONFIRM' => $email_confirm,
'CONFIRM_IMG' => $confirm_image, 'CONFIRM_IMG' => $confirm_image,
'ERROR' => (sizeof($this->error)) ? implode('<br />', $this->error) : '', 'ERROR' => (sizeof($error)) ? implode('<br />', $error) : '',
'L_CONFIRM_EXPLAIN' => sprintf($user->lang['CONFIRM_EXPLAIN'], '<a href="mailto:' . htmlentities($config['board_contact']) . '">', '</a>'), 'L_CONFIRM_EXPLAIN' => sprintf($user->lang['CONFIRM_EXPLAIN'], '<a href="mailto:' . htmlentities($config['board_contact']) . '">', '</a>'),
'L_ITEMS_REQUIRED' => $l_reg_cond, 'L_ITEMS_REQUIRED' => $l_reg_cond,

48
phpBB/includes/ucp/ucp_remind.php
View file

@ -1,23 +1,15 @@
<?php <?php
/*************************************************************************** // -------------------------------------------------------------
* ucp_remind.php //
* ------------------- // $Id$
* begin : Saturday, Feb 13, 2001 //
* copyright : (C) 2001 The phpBB Group // FILENAME : ucp_remind.php
* email : support@phpbb.com // STARTED : Mon May 19, 2003
* // COPYRIGHT : © 2003 phpBB Group
* $Id$ // WWW : http://www.phpbb.com/
* // LICENCE : GPL vs2.0 [ see /docs/COPYING ]
***************************************************************************/ //
// -------------------------------------------------------------
/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
***************************************************************************/
class ucp_remind extends ucp class ucp_remind extends ucp
{ {
@ -27,11 +19,11 @@ class ucp_remind extends ucp
if (isset($_POST['submit'])) if (isset($_POST['submit']))
{ {
$username = (!empty($_POST['username'])) ? trim(strip_tags($_POST['username'])) : ''; $username = (!empty($_POST['username'])) ? trim($_POST['username']) : '';
$email = (!empty($_POST['email'])) ? trim(strip_tags(htmlspecialchars($_POST['email']))) : ''; $email = (!empty($_POST['email'])) ? trim($_POST['email']) : '';
$sql = "SELECT user_id, username, user_email, user_active, user_lang $sql = 'SELECT user_id, username, user_email, user_active, user_lang
FROM " . USERS_TABLE . " FROM ' . USERS_TABLE . "
WHERE user_email = '" . $db->sql_escape($email) . "' WHERE user_email = '" . $db->sql_escape($email) . "'
AND username = '" . . $db->sql_escape($username) . "'"; AND username = '" . . $db->sql_escape($username) . "'";
if ($result = $db->sql_query($sql)) if ($result = $db->sql_query($sql))
@ -64,12 +56,12 @@ class ucp_remind extends ucp
$emailer->to($row['user_email']); $emailer->to($row['user_email']);
$emailer->assign_vars(array( $emailer->assign_vars(array(
'SITENAME' => $config['sitename'], 'SITENAME' => $config['sitename'],
'USERNAME' => $username, 'USERNAME' => $username,
'PASSWORD' => $user_password, 'PASSWORD' => $user_password,
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $config['board_email_sig']), 'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $config['board_email_sig']),
'U_ACTIVATE' => $server_url . "/ucp.$phpEx?mode=activate&k=$user_actkey") 'U_ACTIVATE' => $server_url . "/ucp.$phpEx?mode=activate&k=$user_actkey")
); );
$emailer->send(); $emailer->send();
$emailer->reset(); $emailer->reset();