From 05452b9ec0dab4fecfbca05fd5598af224d784de Mon Sep 17 00:00:00 2001 From: Nathan Date: Tue, 3 Jul 2012 23:25:51 -0500 Subject: [PATCH 01/20] [ticket/8323] Do not allow sending of Private Messages to users who do not have permission to read private messages PHPBB3-8323 --- phpBB/includes/ucp/ucp_pm_compose.php | 20 ++++++++++++++++++++ phpBB/language/en/ucp.php | 1 + 2 files changed, 21 insertions(+) diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index 1b474457b3..c6a44f6196 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -1245,6 +1245,26 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove $error[] = $user->lang['PM_USERS_REMOVED_NO_PM']; } } + + // Check if users have permission to read PMs + // Only check if not a moderator or admin, since they are allowed to override this user setting + if (true)//!$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_')) + { + $can_read = $auth->acl_get_list(false, 'u_readpm'); + $can_read = (empty($can_read) || !isset($can_read[0]['u_readpm'])) ? array() : $can_read[0]['u_readpm']; + + $cannot_read_list = array_diff(array_keys($address_list['u']), $can_read); + + if (!empty($cannot_read_list)) + { + foreach ($cannot_read_list as $cannot_read) + { + unset($address_list['u'][$cannot_read]); + } + + $error[] = $user->lang['PM_USERS_REMOVED_NO_PERMISSION']; + } + } } } diff --git a/phpBB/language/en/ucp.php b/phpBB/language/en/ucp.php index e3971c75e2..8af828935b 100644 --- a/phpBB/language/en/ucp.php +++ b/phpBB/language/en/ucp.php @@ -367,6 +367,7 @@ $lang = array_merge($lang, array( 'PM_SENTBOX' => 'Sent messages', 'PM_SUBJECT' => 'Message subject', 'PM_TO' => 'Send to', + 'PM_USERS_REMOVED_NO_PERMISSION' => 'Some users couldn’t be added as they do not have permission to read private messages.', 'PM_USERS_REMOVED_NO_PM' => 'Some users couldn’t be added as they have disabled private message receipt.', 'POPUP_ON_PM' => 'Pop up window on new private message', 'POST_EDIT_PM' => 'Edit message', From c53d7f0b62abf222b159623ccc2c6ef6262f3137 Mon Sep 17 00:00:00 2001 From: Nathan Date: Tue, 3 Jul 2012 23:27:50 -0500 Subject: [PATCH 02/20] [ticket/8323] Remove code used for testing PHPBB3-8323 --- phpBB/includes/ucp/ucp_pm_compose.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index c6a44f6196..fe5b3b7a74 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -1248,7 +1248,7 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove // Check if users have permission to read PMs // Only check if not a moderator or admin, since they are allowed to override this user setting - if (true)//!$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_')) + if (!$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_')) { $can_read = $auth->acl_get_list(false, 'u_readpm'); $can_read = (empty($can_read) || !isset($can_read[0]['u_readpm'])) ? array() : $can_read[0]['u_readpm']; From c38bb4254abec403add35378da67092c8513a3c4 Mon Sep 17 00:00:00 2001 From: Nathan Date: Tue, 3 Jul 2012 23:34:07 -0500 Subject: [PATCH 03/20] [ticket/8323] Do not allow sending of Private Messages to users who are banned PHPBB3-8323 --- phpBB/includes/ucp/ucp_pm_compose.php | 17 +++++++++++++++++ phpBB/language/en/ucp.php | 1 + 2 files changed, 18 insertions(+) diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index fe5b3b7a74..2ab6090533 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -1265,6 +1265,23 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove $error[] = $user->lang['PM_USERS_REMOVED_NO_PERMISSION']; } } + + // Check if users have permission to read PMs + // Only check if not a moderator or admin, since they are allowed to override this user setting + if (!$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_')) + { + $banned_user_list = phpbb_get_banned_user_ids(array_keys($address_list['u'])); + + if (!empty($banned_user_list)) + { + foreach ($banned_user_list as $banned_user) + { + unset($address_list['u'][$banned_user]); + } + + $error[] = $user->lang['PM_USERS_REMOVED_BANNED']; + } + } } } diff --git a/phpBB/language/en/ucp.php b/phpBB/language/en/ucp.php index 8af828935b..bc21b6b437 100644 --- a/phpBB/language/en/ucp.php +++ b/phpBB/language/en/ucp.php @@ -367,6 +367,7 @@ $lang = array_merge($lang, array( 'PM_SENTBOX' => 'Sent messages', 'PM_SUBJECT' => 'Message subject', 'PM_TO' => 'Send to', + 'PM_USERS_REMOVED_BANNED' => 'Some users couldn’t be added as they are banned.', 'PM_USERS_REMOVED_NO_PERMISSION' => 'Some users couldn’t be added as they do not have permission to read private messages.', 'PM_USERS_REMOVED_NO_PM' => 'Some users couldn’t be added as they have disabled private message receipt.', 'POPUP_ON_PM' => 'Pop up window on new private message', From e6d4e9bbb98feaee7a413967d6500163ebe7282c Mon Sep 17 00:00:00 2001 From: Nathan Date: Tue, 3 Jul 2012 23:35:17 -0500 Subject: [PATCH 04/20] [ticket/8323] Correcting the comment PHPBB3-8323 --- phpBB/includes/ucp/ucp_pm_compose.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index 2ab6090533..2a2ad48063 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -1266,7 +1266,7 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove } } - // Check if users have permission to read PMs + // Check if users are banned // Only check if not a moderator or admin, since they are allowed to override this user setting if (!$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_')) { From 6f4538c676ebd3b6e299a606a04f672698ebc487 Mon Sep 17 00:00:00 2001 From: Nathan Date: Wed, 4 Jul 2012 10:34:09 -0500 Subject: [PATCH 05/20] [ticket/8323] Hide the Send PM link if users cannot receive the PM Updated memberlist/viewtopic to the new rules PHPBB3-8323 --- phpBB/memberlist.php | 10 +++++++++- phpBB/viewtopic.php | 14 +++++++++++++- 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php index ed87b6c448..8e2ce4d818 100644 --- a/phpBB/memberlist.php +++ b/phpBB/memberlist.php @@ -1690,6 +1690,14 @@ function show_profile($data, $user_notes_enabled = false, $warn_user_enabled = f } } + if (!function_exists('phpbb_get_banned_user_ids')) + { + include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + } + + // Can this user receive a Private Message? + $can_receive_pm = ($data['user_type'] <> USER_IGNORE && (($auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_')) || ($data['user_allow_pm'] && sizeof($auth->acl_get_list($user_id, 'u_readpm')) && !sizeof(phpbb_get_banned_user_ids($user_id))))) ? true : false; + // Dump it out to the template return array( 'AGE' => $age, @@ -1719,7 +1727,7 @@ function show_profile($data, $user_notes_enabled = false, $warn_user_enabled = f 'U_SEARCH_USER' => ($auth->acl_get('u_search')) ? append_sid("{$phpbb_root_path}search.$phpEx", "author_id=$user_id&sr=posts") : '', 'U_NOTES' => ($user_notes_enabled && $auth->acl_getf_global('m_')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=notes&mode=user_notes&u=' . $user_id, true, $user->session_id) : '', 'U_WARN' => ($warn_user_enabled && $auth->acl_get('m_warn')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=warn&mode=warn_user&u=' . $user_id, true, $user->session_id) : '', - 'U_PM' => ($config['allow_privmsg'] && $auth->acl_get('u_sendpm') && ($data['user_allow_pm'] || $auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_'))) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&mode=compose&u=' . $user_id) : '', + 'U_PM' => ($config['allow_privmsg'] && $auth->acl_get('u_sendpm') && $can_receive_pm) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&mode=compose&u=' . $user_id) : '', 'U_EMAIL' => $email, 'U_WWW' => (!empty($data['user_website'])) ? $data['user_website'] : '', 'U_SHORT_WWW' => (!empty($data['user_website'])) ? ((strlen($data['user_website']) > 55) ? substr($data['user_website'], 0, 39) . ' ... ' . substr($data['user_website'], -10) : $data['user_website']) : '', diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php index b75f4aeccf..10ec6f4ee7 100644 --- a/phpBB/viewtopic.php +++ b/phpBB/viewtopic.php @@ -16,6 +16,7 @@ $phpEx = substr(strrchr(__FILE__, '.'), 1); include($phpbb_root_path . 'common.' . $phpEx); include($phpbb_root_path . 'includes/functions_display.' . $phpEx); include($phpbb_root_path . 'includes/bbcode.' . $phpEx); +include($phpbb_root_path . 'includes/functions_user.' . $phpEx); // Start session management $user->session_begin(); @@ -1108,6 +1109,7 @@ while ($row = $db->sql_fetchrow($result)) $id_cache[] = $poster_id; $user_cache[$poster_id] = array( + 'user_type' => $row['user_type'], 'joined' => $user->format_date($row['user_regdate']), 'posts' => $row['user_posts'], 'warnings' => (isset($row['user_warnings'])) ? $row['user_warnings'] : 0, @@ -1315,6 +1317,13 @@ if ($bbcode_bitfield !== '') $bbcode = new bbcode(base64_encode($bbcode_bitfield)); } +// Get the list of users who can receive private messages +$can_receive_pm_list = $auth->acl_get_list(array_keys($user_cache), 'u_readpm'); +$can_receive_pm_list = (empty($can_receive_pm_list) || !isset($can_receive_pm_list[0]['u_readpm'])) ? array() : $can_receive_pm_list[0]['u_readpm']; + +// Get the list of banned users +$banned_users = phpbb_get_banned_user_ids(array_keys($user_cache)); + $i_total = sizeof($rowset) - 1; $prev_post_id = ''; @@ -1487,6 +1496,9 @@ for ($i = 0, $end = sizeof($post_list); $i < $end; ++$i) !$row['post_edit_locked'] ))); + // Can this user receive a Private Message? + $can_receive_pm = ($user_cache[$poster_id]['user_type'] <> USER_IGNORE && (($auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_')) || ($user_cache[$poster_id]['allow_pm'] && in_array($poster_id, $can_receive_pm_list) && !in_array($poster_id, $banned_users))) ? true : false; + // $postrow = array( 'POST_AUTHOR_FULL' => ($poster_id != ANONYMOUS) ? $user_cache[$poster_id]['author_full'] : get_username_string('full', $poster_id, $row['username'], $row['user_colour'], $row['post_username']), @@ -1527,7 +1539,7 @@ for ($i = 0, $end = sizeof($post_list); $i < $end; ++$i) 'U_PROFILE' => $user_cache[$poster_id]['profile'], 'U_SEARCH' => $user_cache[$poster_id]['search'], - 'U_PM' => ($poster_id != ANONYMOUS && $config['allow_privmsg'] && $auth->acl_get('u_sendpm') && ($user_cache[$poster_id]['allow_pm'] || $auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_'))) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&mode=compose&action=quotepost&p=' . $row['post_id']) : '', + 'U_PM' => ($config['allow_privmsg'] && $auth->acl_get('u_sendpm') && $can_receive_pm) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&mode=compose&action=quotepost&p=' . $row['post_id']) : '', 'U_EMAIL' => $user_cache[$poster_id]['email'], 'U_WWW' => $user_cache[$poster_id]['www'], 'U_ICQ' => $user_cache[$poster_id]['icq'], From 0f4956b280468e8890b1c84df41d7bb1eb2447c5 Mon Sep 17 00:00:00 2001 From: Nathan Date: Wed, 4 Jul 2012 20:52:07 -0500 Subject: [PATCH 06/20] [ticket/8323] Do not allow sending PMs to Inactive users PHPBB3-8323 --- phpBB/includes/ucp/ucp_pm_compose.php | 2 +- phpBB/memberlist.php | 2 +- phpBB/viewtopic.php | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index 2a2ad48063..d7290070a5 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -1194,7 +1194,7 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove if (sizeof($usernames)) { $user_id_ary = array(); - user_get_id_name($user_id_ary, $usernames, array(USER_NORMAL, USER_FOUNDER, USER_INACTIVE)); + user_get_id_name($user_id_ary, $usernames, array(USER_NORMAL, USER_FOUNDER)); // If there are users not existing, we will at least print a notice... if (!sizeof($user_id_ary)) diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php index 8e2ce4d818..3e6b0a453f 100644 --- a/phpBB/memberlist.php +++ b/phpBB/memberlist.php @@ -1696,7 +1696,7 @@ function show_profile($data, $user_notes_enabled = false, $warn_user_enabled = f } // Can this user receive a Private Message? - $can_receive_pm = ($data['user_type'] <> USER_IGNORE && (($auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_')) || ($data['user_allow_pm'] && sizeof($auth->acl_get_list($user_id, 'u_readpm')) && !sizeof(phpbb_get_banned_user_ids($user_id))))) ? true : false; + $can_receive_pm = ($data['user_type'] <> USER_IGNORE && $data['user_type'] <> USER_INACTIVE && (($auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_')) || ($data['user_allow_pm'] && sizeof($auth->acl_get_list($user_id, 'u_readpm')) && !sizeof(phpbb_get_banned_user_ids($user_id))))) ? true : false; // Dump it out to the template return array( diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php index 10ec6f4ee7..49ed785ec7 100644 --- a/phpBB/viewtopic.php +++ b/phpBB/viewtopic.php @@ -1497,7 +1497,7 @@ for ($i = 0, $end = sizeof($post_list); $i < $end; ++$i) ))); // Can this user receive a Private Message? - $can_receive_pm = ($user_cache[$poster_id]['user_type'] <> USER_IGNORE && (($auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_')) || ($user_cache[$poster_id]['allow_pm'] && in_array($poster_id, $can_receive_pm_list) && !in_array($poster_id, $banned_users))) ? true : false; + $can_receive_pm = ($user_cache[$poster_id]['user_type'] <> USER_IGNORE && $user_cache[$poster_id]['user_type'] <> USER_INACTIVE && (($auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_')) || ($user_cache[$poster_id]['allow_pm'] && in_array($poster_id, $can_receive_pm_list) && !in_array($poster_id, $banned_users))) ? true : false; // $postrow = array( From 362ba43f18c07c70855e72ebfaea222e04af1183 Mon Sep 17 00:00:00 2001 From: Nathan Date: Tue, 10 Jul 2012 09:58:10 -0500 Subject: [PATCH 07/20] [ticket/8323] Allow sending PMs to temporarily banned users Added an argument to the phpbb_get_banned_user_ids() function to allow specifying a banned end time (default true for current functionality, false for only permanent bans, timestamp to find banned until a specified time) PHPBB3-8323 --- phpBB/includes/functions_privmsgs.php | 23 ++++++++++++----------- phpBB/includes/functions_user.php | 26 +++++++++++++++++++++++--- phpBB/includes/ucp/ucp_pm_compose.php | 2 +- phpBB/memberlist.php | 2 +- phpBB/viewtopic.php | 4 ++-- 5 files changed, 39 insertions(+), 18 deletions(-) diff --git a/phpBB/includes/functions_privmsgs.php b/phpBB/includes/functions_privmsgs.php index 8542e3ab0a..561ba19d10 100644 --- a/phpBB/includes/functions_privmsgs.php +++ b/phpBB/includes/functions_privmsgs.php @@ -269,46 +269,46 @@ function check_rule(&$rules, &$rule_row, &$message_row, $user_id) case RULE_IS_LIKE: $result = preg_match("/" . preg_quote($rule_row['rule_string'], '/') . '/i', $check0); break; - + case RULE_IS_NOT_LIKE: $result = !preg_match("/" . preg_quote($rule_row['rule_string'], '/') . '/i', $check0); break; - + case RULE_IS: $result = ($check0 == $rule_row['rule_string']); break; - + case RULE_IS_NOT: $result = ($check0 != $rule_row['rule_string']); break; - + case RULE_BEGINS_WITH: $result = preg_match("/^" . preg_quote($rule_row['rule_string'], '/') . '/i', $check0); break; - + case RULE_ENDS_WITH: $result = preg_match("/" . preg_quote($rule_row['rule_string'], '/') . '$/i', $check0); break; - + case RULE_IS_FRIEND: case RULE_IS_FOE: case RULE_ANSWERED: case RULE_FORWARDED: $result = ($check0 == 1); break; - + case RULE_IS_USER: $result = ($check0 == $rule_row['rule_user_id']); break; - + case RULE_IS_GROUP: $result = in_array($rule_row['rule_group_id'], $check0); break; - + case RULE_TO_GROUP: $result = (in_array('g_' . $message_row[$check_ary['check2']], $check0) || in_array('g_' . $message_row[$check_ary['check2']], $message_row[$check_ary['check1']])); break; - + case RULE_TO_ME: $result = (in_array('u_' . $user_id, $check0) || in_array('u_' . $user_id, $message_row[$check_ary['check1']])); break; @@ -1828,11 +1828,12 @@ function pm_notification($mode, $author, $recipients, $subject, $message, $msg_i return; } + // Get permanently banned users (do not allow sending to these users) if (!function_exists('phpbb_get_banned_user_ids')) { include($phpbb_root_path . 'includes/functions_user.' . $phpEx); } - $banned_users = phpbb_get_banned_user_ids(array_keys($recipients)); + $banned_users = phpbb_get_banned_user_ids(array_keys($recipients), false); $recipients = array_diff(array_keys($recipients), $banned_users); if (!sizeof($recipients)) diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 9b102b7387..8533e47bc4 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -3668,9 +3668,12 @@ function remove_newly_registered($user_id, $user_data = false) * * @param array $user_ids Array of users' ids to check for banning, * leave empty to get complete list of banned ids +* @param bool|int $ban_end Bool True to get users currently banned +* Bool False to only get permanently banned users +* Int Unix timestamp to get users banned until that time * @return array Array of banned users' ids if any, empty array otherwise */ -function phpbb_get_banned_user_ids($user_ids = array()) +function phpbb_get_banned_user_ids($user_ids = array(), $ban_end = true) { global $db; @@ -3682,9 +3685,26 @@ function phpbb_get_banned_user_ids($user_ids = array()) $sql = 'SELECT ban_userid FROM ' . BANLIST_TABLE . " WHERE $sql_user_ids - AND ban_exclude <> 1 - AND (ban_end > " . time() . ' + AND ban_exclude <> 1"; + + if ($ban_end === true) + { + // Banned currently + $sql .= " AND (ban_end > " . time() . ' OR ban_end = 0)'; + } + else if ($ban_end === false) + { + // Permanently banned + $sql .= " AND ban_end = 0"; + } + else + { + // Banned until a specified time + $sql .= " AND (ban_end > " . (int) $ban_end . ' + OR ban_end = 0)'; + } + $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index d7290070a5..e65b523cfb 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -1270,7 +1270,7 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove // Only check if not a moderator or admin, since they are allowed to override this user setting if (!$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_')) { - $banned_user_list = phpbb_get_banned_user_ids(array_keys($address_list['u'])); + $banned_user_list = phpbb_get_banned_user_ids(array_keys($address_list['u']), false); if (!empty($banned_user_list)) { diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php index 3e6b0a453f..c76d242df4 100644 --- a/phpBB/memberlist.php +++ b/phpBB/memberlist.php @@ -1696,7 +1696,7 @@ function show_profile($data, $user_notes_enabled = false, $warn_user_enabled = f } // Can this user receive a Private Message? - $can_receive_pm = ($data['user_type'] <> USER_IGNORE && $data['user_type'] <> USER_INACTIVE && (($auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_')) || ($data['user_allow_pm'] && sizeof($auth->acl_get_list($user_id, 'u_readpm')) && !sizeof(phpbb_get_banned_user_ids($user_id))))) ? true : false; + $can_receive_pm = ($data['user_type'] <> USER_IGNORE && $data['user_type'] <> USER_INACTIVE && (($auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_')) || ($data['user_allow_pm'] && sizeof($auth->acl_get_list($user_id, 'u_readpm')) && !sizeof(phpbb_get_banned_user_ids($user_id, false))))) ? true : false; // Dump it out to the template return array( diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php index 49ed785ec7..362451fd83 100644 --- a/phpBB/viewtopic.php +++ b/phpBB/viewtopic.php @@ -1321,8 +1321,8 @@ if ($bbcode_bitfield !== '') $can_receive_pm_list = $auth->acl_get_list(array_keys($user_cache), 'u_readpm'); $can_receive_pm_list = (empty($can_receive_pm_list) || !isset($can_receive_pm_list[0]['u_readpm'])) ? array() : $can_receive_pm_list[0]['u_readpm']; -// Get the list of banned users -$banned_users = phpbb_get_banned_user_ids(array_keys($user_cache)); +// Get the list of permanently banned users +$banned_users = phpbb_get_banned_user_ids(array_keys($user_cache), false); $i_total = sizeof($rowset) - 1; $prev_post_id = ''; From 07b9c1e2fdeeab5d394c0b166fb0a6488b049cd1 Mon Sep 17 00:00:00 2001 From: Nathan Date: Tue, 10 Jul 2012 10:05:39 -0500 Subject: [PATCH 08/20] [ticket/8323] Cleanup viewtopic code (not sure how this mess happened) PHPBB3-8323 --- phpBB/viewtopic.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php index 362451fd83..779e6a8fa7 100644 --- a/phpBB/viewtopic.php +++ b/phpBB/viewtopic.php @@ -1497,7 +1497,7 @@ for ($i = 0, $end = sizeof($post_list); $i < $end; ++$i) ))); // Can this user receive a Private Message? - $can_receive_pm = ($user_cache[$poster_id]['user_type'] <> USER_IGNORE && $user_cache[$poster_id]['user_type'] <> USER_INACTIVE && (($auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_')) || ($user_cache[$poster_id]['allow_pm'] && in_array($poster_id, $can_receive_pm_list) && !in_array($poster_id, $banned_users))) ? true : false; + $can_receive_pm = ($user_cache[$poster_id]['user_type'] <> USER_INACTIVE && (($auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_')) || ($user_cache[$poster_id]['allow_pm'] && in_array($poster_id, $can_receive_pm_list) && !in_array($poster_id, $banned_users)))) ? true : false; // $postrow = array( From 33852e6251cf9eea29efde4aebdd64500b7e7c2b Mon Sep 17 00:00:00 2001 From: Nathan Date: Tue, 10 Jul 2012 16:07:12 -0500 Subject: [PATCH 09/20] [ticket/8323] Correct PM notification settings (only notify those who can receive them) Also correcting the way it was setup for users to be able to receive PMs (do not allow administrators/moderators to send to banned, inactive, or non-standard users, that just doesn't make sense) PHPBB3-8323 --- phpBB/includes/functions_privmsgs.php | 12 ++++++--- phpBB/includes/ucp/ucp_pm_compose.php | 39 ++++++++++----------------- phpBB/memberlist.php | 8 +++++- phpBB/viewtopic.php | 10 +++++-- 4 files changed, 38 insertions(+), 31 deletions(-) diff --git a/phpBB/includes/functions_privmsgs.php b/phpBB/includes/functions_privmsgs.php index 561ba19d10..55610a923e 100644 --- a/phpBB/includes/functions_privmsgs.php +++ b/phpBB/includes/functions_privmsgs.php @@ -1828,7 +1828,7 @@ function pm_notification($mode, $author, $recipients, $subject, $message, $msg_i return; } - // Get permanently banned users (do not allow sending to these users) + // Get permanently banned users (do not notify these users) if (!function_exists('phpbb_get_banned_user_ids')) { include($phpbb_root_path . 'includes/functions_user.' . $phpEx); @@ -1836,12 +1836,18 @@ function pm_notification($mode, $author, $recipients, $subject, $message, $msg_i $banned_users = phpbb_get_banned_user_ids(array_keys($recipients), false); $recipients = array_diff(array_keys($recipients), $banned_users); + // Get the list of users who can read PMs (only notify those who can read PMs) + $can_read = $auth->acl_get_list($recipients, 'u_readpm'); + $can_read = (empty($can_read) || !isset($can_read[0]['u_readpm'])) ? array() : $can_read[0]['u_readpm']; + $recipients = array_intersect($recipients, $can_read); + if (!sizeof($recipients)) { return; } - $sql = 'SELECT user_id, username, user_email, user_lang, user_notify_pm, user_notify_type, user_jabber + // Get the list of users who want to receive notifications, are "normal" and not deactivated, and have a non-blank email address + $sql = 'SELECT user_id, username, user_type, user_email, user_lang, user_notify_pm, user_notify_type, user_jabber FROM ' . USERS_TABLE . ' WHERE ' . $db->sql_in_set('user_id', $recipients); $result = $db->sql_query($sql); @@ -1849,7 +1855,7 @@ function pm_notification($mode, $author, $recipients, $subject, $message, $msg_i $msg_list_ary = array(); while ($row = $db->sql_fetchrow($result)) { - if ($row['user_notify_pm'] == 1 && trim($row['user_email'])) + if ($row['user_notify_pm'] == 1 && $row['user_type'] != USER_IGNORE && $row['user_type'] != USER_INACTIVE && trim($row['user_email'])) { $msg_list_ary[] = array( 'method' => $row['user_notify_type'], diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index e65b523cfb..8fc99818f4 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -1247,40 +1247,29 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove } // Check if users have permission to read PMs - // Only check if not a moderator or admin, since they are allowed to override this user setting - if (!$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_')) + $can_read = $auth->acl_get_list(array_keys($address_list['u']), 'u_readpm'); + $can_read = (empty($can_read) || !isset($can_read[0]['u_readpm'])) ? array() : $can_read[0]['u_readpm']; + $cannot_read_list = array_diff(array_keys($address_list['u']), $can_read); + if (!empty($cannot_read_list)) { - $can_read = $auth->acl_get_list(false, 'u_readpm'); - $can_read = (empty($can_read) || !isset($can_read[0]['u_readpm'])) ? array() : $can_read[0]['u_readpm']; - - $cannot_read_list = array_diff(array_keys($address_list['u']), $can_read); - - if (!empty($cannot_read_list)) + foreach ($cannot_read_list as $cannot_read) { - foreach ($cannot_read_list as $cannot_read) - { - unset($address_list['u'][$cannot_read]); - } - - $error[] = $user->lang['PM_USERS_REMOVED_NO_PERMISSION']; + unset($address_list['u'][$cannot_read]); } + + $error[] = $user->lang['PM_USERS_REMOVED_NO_PERMISSION']; } // Check if users are banned - // Only check if not a moderator or admin, since they are allowed to override this user setting - if (!$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_')) + $banned_user_list = phpbb_get_banned_user_ids(array_keys($address_list['u']), false); + if (!empty($banned_user_list)) { - $banned_user_list = phpbb_get_banned_user_ids(array_keys($address_list['u']), false); - - if (!empty($banned_user_list)) + foreach ($banned_user_list as $banned_user) { - foreach ($banned_user_list as $banned_user) - { - unset($address_list['u'][$banned_user]); - } - - $error[] = $user->lang['PM_USERS_REMOVED_BANNED']; + unset($address_list['u'][$banned_user]); } + + $error[] = $user->lang['PM_USERS_REMOVED_BANNED']; } } } diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php index c76d242df4..f468d8543a 100644 --- a/phpBB/memberlist.php +++ b/phpBB/memberlist.php @@ -1696,7 +1696,13 @@ function show_profile($data, $user_notes_enabled = false, $warn_user_enabled = f } // Can this user receive a Private Message? - $can_receive_pm = ($data['user_type'] <> USER_IGNORE && $data['user_type'] <> USER_INACTIVE && (($auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_')) || ($data['user_allow_pm'] && sizeof($auth->acl_get_list($user_id, 'u_readpm')) && !sizeof(phpbb_get_banned_user_ids($user_id, false))))) ? true : false; + $can_receive_pm = ( + $data['user_type'] != USER_IGNORE && // They must be a "normal" user + $data['user_type'] != USER_INACTIVE && // They must not be deactivated by the administrator + sizeof($auth->acl_get_list($user_id, 'u_readpm')) && // They must be able to read PMs + !sizeof(phpbb_get_banned_user_ids($user_id, false)) && // They must not be permanently banned + (($auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_')) || $data['user_allow_pm']) // They must allow users to contact via PM + ) ? true : false; // Dump it out to the template return array( diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php index 779e6a8fa7..e892689a1e 100644 --- a/phpBB/viewtopic.php +++ b/phpBB/viewtopic.php @@ -1322,7 +1322,7 @@ $can_receive_pm_list = $auth->acl_get_list(array_keys($user_cache), 'u_readpm'); $can_receive_pm_list = (empty($can_receive_pm_list) || !isset($can_receive_pm_list[0]['u_readpm'])) ? array() : $can_receive_pm_list[0]['u_readpm']; // Get the list of permanently banned users -$banned_users = phpbb_get_banned_user_ids(array_keys($user_cache), false); +$permanently_banned_users = phpbb_get_banned_user_ids(array_keys($user_cache), false); $i_total = sizeof($rowset) - 1; $prev_post_id = ''; @@ -1497,7 +1497,13 @@ for ($i = 0, $end = sizeof($post_list); $i < $end; ++$i) ))); // Can this user receive a Private Message? - $can_receive_pm = ($user_cache[$poster_id]['user_type'] <> USER_INACTIVE && (($auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_')) || ($user_cache[$poster_id]['allow_pm'] && in_array($poster_id, $can_receive_pm_list) && !in_array($poster_id, $banned_users)))) ? true : false; + $can_receive_pm = ( + $user_cache[$poster_id]['user_type'] != USER_IGNORE && // They must be a "normal" user + $user_cache[$poster_id]['user_type'] != USER_INACTIVE && // They must not be deactivated by the administrator + in_array($poster_id, $can_receive_pm_list) && // They must be able to read PMs + !in_array($poster_id, $permanently_banned_users) && // They must not be permanently banned + (($auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_')) || $data['user_allow_pm']) // They must allow users to contact via PM + ) ? true : false; // $postrow = array( From 08bdebb0b578df7df7a3fb451691cb927854b84e Mon Sep 17 00:00:00 2001 From: Nathan Date: Tue, 10 Jul 2012 16:38:07 -0500 Subject: [PATCH 10/20] [ticket/8323] Allow temporarily banned users to receive PMs, but not a notification PHPBB3-8323 --- phpBB/includes/functions_privmsgs.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/phpBB/includes/functions_privmsgs.php b/phpBB/includes/functions_privmsgs.php index 55610a923e..99db8d816d 100644 --- a/phpBB/includes/functions_privmsgs.php +++ b/phpBB/includes/functions_privmsgs.php @@ -1828,12 +1828,12 @@ function pm_notification($mode, $author, $recipients, $subject, $message, $msg_i return; } - // Get permanently banned users (do not notify these users) + // Get currently banned users (do not notify these users) if (!function_exists('phpbb_get_banned_user_ids')) { include($phpbb_root_path . 'includes/functions_user.' . $phpEx); } - $banned_users = phpbb_get_banned_user_ids(array_keys($recipients), false); + $banned_users = phpbb_get_banned_user_ids(array_keys($recipients)); $recipients = array_diff(array_keys($recipients), $banned_users); // Get the list of users who can read PMs (only notify those who can read PMs) From b25efd744db56f7565453caccf26630404db07c7 Mon Sep 17 00:00:00 2001 From: Nathan Date: Tue, 10 Jul 2012 17:41:27 -0500 Subject: [PATCH 11/20] [ticket/8323] Only disable administrative deactivated accounts from receiving PMs Allow other types of inactive accounts to receive PMs. Remove the banned PM error message and use the string saying they do not have permission (less translation) PHPBB3-8323 --- phpBB/includes/functions_privmsgs.php | 4 ++-- phpBB/includes/ucp/ucp_pm_compose.php | 31 +++++++++++++++++++++++++-- phpBB/language/en/ucp.php | 1 - phpBB/memberlist.php | 2 +- phpBB/viewtopic.php | 6 ++++-- 5 files changed, 36 insertions(+), 8 deletions(-) diff --git a/phpBB/includes/functions_privmsgs.php b/phpBB/includes/functions_privmsgs.php index 99db8d816d..f254014a5b 100644 --- a/phpBB/includes/functions_privmsgs.php +++ b/phpBB/includes/functions_privmsgs.php @@ -1847,7 +1847,7 @@ function pm_notification($mode, $author, $recipients, $subject, $message, $msg_i } // Get the list of users who want to receive notifications, are "normal" and not deactivated, and have a non-blank email address - $sql = 'SELECT user_id, username, user_type, user_email, user_lang, user_notify_pm, user_notify_type, user_jabber + $sql = 'SELECT user_id, username, user_type, user_inactive_reason, user_email, user_lang, user_notify_pm, user_notify_type, user_jabber FROM ' . USERS_TABLE . ' WHERE ' . $db->sql_in_set('user_id', $recipients); $result = $db->sql_query($sql); @@ -1855,7 +1855,7 @@ function pm_notification($mode, $author, $recipients, $subject, $message, $msg_i $msg_list_ary = array(); while ($row = $db->sql_fetchrow($result)) { - if ($row['user_notify_pm'] == 1 && $row['user_type'] != USER_IGNORE && $row['user_type'] != USER_INACTIVE && trim($row['user_email'])) + if ($row['user_notify_pm'] == 1 && $row['user_type'] != USER_IGNORE && !($row['user_type'] == USER_INACTIVE && $row['user_inactive_reason'] == INACTIVE_MANUAL) && trim($row['user_email'])) { $msg_list_ary[] = array( 'method' => $row['user_notify_type'], diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index 8fc99818f4..0084184c65 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -1194,7 +1194,7 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove if (sizeof($usernames)) { $user_id_ary = array(); - user_get_id_name($user_id_ary, $usernames, array(USER_NORMAL, USER_FOUNDER)); + user_get_id_name($user_id_ary, $usernames, array(USER_NORMAL, USER_FOUNDER, USER_INACTIVE)); // If there are users not existing, we will at least print a notice... if (!sizeof($user_id_ary)) @@ -1246,6 +1246,33 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove } } + // Administrator deactivated users check + $sql = 'SELECT user_id + FROM ' . USERS_TABLE . ' + WHERE ' . $db->sql_in_set('user_id', array_keys($address_list['u'])) . ' + AND user_type = ' . USER_INACTIVE . ' + AND user_inactive_reason = ' . INACTIVE_MANUAL; + $result = $db->sql_query($sql); + + $removed = false; + while ($row = $db->sql_fetchrow($result)) + { + $removed = true; + unset($address_list['u'][$row['user_id']]); + } + $db->sql_freeresult($result); + + // print a notice about users not being added who do not want to receive pms + if ($removed) + { + $error[] = $user->lang['PM_USERS_REMOVED_NO_PERMISSION']; + } + + if (!sizeof(array_keys($address_list['u']))) + { + return; + } + // Check if users have permission to read PMs $can_read = $auth->acl_get_list(array_keys($address_list['u']), 'u_readpm'); $can_read = (empty($can_read) || !isset($can_read[0]['u_readpm'])) ? array() : $can_read[0]['u_readpm']; @@ -1269,7 +1296,7 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove unset($address_list['u'][$banned_user]); } - $error[] = $user->lang['PM_USERS_REMOVED_BANNED']; + $error[] = $user->lang['PM_USERS_REMOVED_NO_PERMISSION']; } } } diff --git a/phpBB/language/en/ucp.php b/phpBB/language/en/ucp.php index bc21b6b437..8af828935b 100644 --- a/phpBB/language/en/ucp.php +++ b/phpBB/language/en/ucp.php @@ -367,7 +367,6 @@ $lang = array_merge($lang, array( 'PM_SENTBOX' => 'Sent messages', 'PM_SUBJECT' => 'Message subject', 'PM_TO' => 'Send to', - 'PM_USERS_REMOVED_BANNED' => 'Some users couldn’t be added as they are banned.', 'PM_USERS_REMOVED_NO_PERMISSION' => 'Some users couldn’t be added as they do not have permission to read private messages.', 'PM_USERS_REMOVED_NO_PM' => 'Some users couldn’t be added as they have disabled private message receipt.', 'POPUP_ON_PM' => 'Pop up window on new private message', diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php index f468d8543a..a69afe36f3 100644 --- a/phpBB/memberlist.php +++ b/phpBB/memberlist.php @@ -1698,7 +1698,7 @@ function show_profile($data, $user_notes_enabled = false, $warn_user_enabled = f // Can this user receive a Private Message? $can_receive_pm = ( $data['user_type'] != USER_IGNORE && // They must be a "normal" user - $data['user_type'] != USER_INACTIVE && // They must not be deactivated by the administrator + ($data['user_type'] != USER_INACTIVE && $data['user_inactive_reason'] == INACTIVE_MANUAL) && // They must not be deactivated by the administrator sizeof($auth->acl_get_list($user_id, 'u_readpm')) && // They must be able to read PMs !sizeof(phpbb_get_banned_user_ids($user_id, false)) && // They must not be permanently banned (($auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_')) || $data['user_allow_pm']) // They must allow users to contact via PM diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php index e892689a1e..4306ca2f3f 100644 --- a/phpBB/viewtopic.php +++ b/phpBB/viewtopic.php @@ -1109,7 +1109,9 @@ while ($row = $db->sql_fetchrow($result)) $id_cache[] = $poster_id; $user_cache[$poster_id] = array( - 'user_type' => $row['user_type'], + 'user_type' => $row['user_type'], + 'user_inactive_reason' => $row['user_inactive_reason'], + 'joined' => $user->format_date($row['user_regdate']), 'posts' => $row['user_posts'], 'warnings' => (isset($row['user_warnings'])) ? $row['user_warnings'] : 0, @@ -1499,7 +1501,7 @@ for ($i = 0, $end = sizeof($post_list); $i < $end; ++$i) // Can this user receive a Private Message? $can_receive_pm = ( $user_cache[$poster_id]['user_type'] != USER_IGNORE && // They must be a "normal" user - $user_cache[$poster_id]['user_type'] != USER_INACTIVE && // They must not be deactivated by the administrator + ($user_cache[$poster_id]['user_type'] != USER_INACTIVE && $user_cache[$poster_id]['user_inactive_reason'] == INACTIVE_MANUAL) && // They must not be deactivated by the administrator in_array($poster_id, $can_receive_pm_list) && // They must be able to read PMs !in_array($poster_id, $permanently_banned_users) && // They must not be permanently banned (($auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_')) || $data['user_allow_pm']) // They must allow users to contact via PM From 473a26a553c7b3e785634d23fe3de50e78aacf57 Mon Sep 17 00:00:00 2001 From: Nathan Guse Date: Fri, 7 Dec 2012 18:17:53 -0600 Subject: [PATCH 12/20] [ticket/8323] Comments for inactive reasons in constants.php Copied from language output PHPBB3-8323 --- phpBB/includes/constants.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php index 68af41ab20..78c4051708 100644 --- a/phpBB/includes/constants.php +++ b/phpBB/includes/constants.php @@ -46,10 +46,10 @@ define('USER_INACTIVE', 1); define('USER_IGNORE', 2); define('USER_FOUNDER', 3); -define('INACTIVE_REGISTER', 1); -define('INACTIVE_PROFILE', 2); -define('INACTIVE_MANUAL', 3); -define('INACTIVE_REMIND', 4); +define('INACTIVE_REGISTER', 1); // Newly registered account +define('INACTIVE_PROFILE', 2); // Profile details changed +define('INACTIVE_MANUAL', 3); // Account deactivated by administrator +define('INACTIVE_REMIND', 4); // Forced user account reactivation // ACL define('ACL_NEVER', 0); From 8e6a69bf0c936d658deeb3714bc2d38b4b8750c8 Mon Sep 17 00:00:00 2001 From: Nathan Guse Date: Fri, 7 Dec 2012 18:50:22 -0600 Subject: [PATCH 13/20] [ticket/8323] Unit test for phpbb_get_banned_user_ids PHPBB3-8323 --- tests/functions/fixtures/banned_users.xml | 33 +++++++++++++++++++ tests/functions/phpbb_get_banned_user_ids.php | 33 +++++++++++++++++++ 2 files changed, 66 insertions(+) create mode 100644 tests/functions/fixtures/banned_users.xml create mode 100644 tests/functions/phpbb_get_banned_user_ids.php diff --git a/tests/functions/fixtures/banned_users.xml b/tests/functions/fixtures/banned_users.xml new file mode 100644 index 0000000000..42b73dd270 --- /dev/null +++ b/tests/functions/fixtures/banned_users.xml @@ -0,0 +1,33 @@ + + + + ban_userid + ban_exclude + ban_end + + 1 + 1 + 0 + + + 2 + 0 + 0 + + + 3 + 0 + 0 + + + 4 + 0 + 2 + + + 5 + 0 + 999999999999999999999 + +
+ diff --git a/tests/functions/phpbb_get_banned_user_ids.php b/tests/functions/phpbb_get_banned_user_ids.php new file mode 100644 index 0000000000..226012f68f --- /dev/null +++ b/tests/functions/phpbb_get_banned_user_ids.php @@ -0,0 +1,33 @@ +createXMLDataSet(dirname(__FILE__) . '/fixtures/banned_users.xml'); + } + + public function test_phpbb_get_banned_user_ids() + { + global $db; + + $db = $this->new_dbal(); + + $user_ids = array(1, 2, 4, 5); + + $this->assertEquals(phpbb_get_banned_user_ids($user_ids, true), array(2 => 2, 5 => 5)); + + $this->assertEquals(phpbb_get_banned_user_ids($user_ids, false), array(2 => 2)); + + $this->assertEquals(phpbb_get_banned_user_ids($user_ids, 2), array(2 => 2, 5 => 5)); + } +} From 4ab07aa45ebdf568a252821edf0837e17f1d9f20 Mon Sep 17 00:00:00 2001 From: Nathan Guse Date: Fri, 7 Dec 2012 18:51:06 -0600 Subject: [PATCH 14/20] [ticket/8323] Comments PHPBB3-8323 --- phpBB/includes/ucp/ucp_pm_compose.php | 2 +- phpBB/viewtopic.php | 21 +++++++++++++++------ 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index f6192a3588..3e7ed05fdc 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -1263,7 +1263,7 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove } $db->sql_freeresult($result); - // print a notice about users not being added who do not want to receive pms + // print a notice about users not being added who do not have permission to receive PMs if ($removed) { $error[] = $user->lang['PM_USERS_REMOVED_NO_PERMISSION']; diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php index 90cb7e9567..f209f61442 100644 --- a/phpBB/viewtopic.php +++ b/phpBB/viewtopic.php @@ -1553,12 +1553,21 @@ for ($i = 0, $end = sizeof($post_list); $i < $end; ++$i) // Can this user receive a Private Message? $can_receive_pm = ( - $user_cache[$poster_id]['user_type'] != USER_IGNORE && // They must be a "normal" user - ($user_cache[$poster_id]['user_type'] != USER_INACTIVE && $user_cache[$poster_id]['user_inactive_reason'] == INACTIVE_MANUAL) && // They must not be deactivated by the administrator - in_array($poster_id, $can_receive_pm_list) && // They must be able to read PMs - !in_array($poster_id, $permanently_banned_users) && // They must not be permanently banned - (($auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_')) || $data['user_allow_pm']) // They must allow users to contact via PM - ) ? true : false; + // They must be a "normal" user + $user_cache[$poster_id]['user_type'] != USER_IGNORE && + + // They must not be deactivated by the administrator + ($user_cache[$poster_id]['user_type'] != USER_INACTIVE && $user_cache[$poster_id]['user_inactive_reason'] == INACTIVE_MANUAL) && + + // They must be able to read PMs + in_array($poster_id, $can_receive_pm_list) && + + // They must not be permanently banned + !in_array($poster_id, $permanently_banned_users) && + + // They must allow users to contact via PM + (($auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_')) || $data['user_allow_pm']) + ); // $post_row = array( From b3dae8fd61a10d82b5bb8e1626214789d3ac7b5c Mon Sep 17 00:00:00 2001 From: Nathan Guse Date: Fri, 7 Dec 2012 20:26:35 -0600 Subject: [PATCH 15/20] [ticket/8323] dataProvider for the test; better test data PHPBB3-8323 --- tests/functions/fixtures/banned_users.xml | 5 ++++ tests/functions/phpbb_get_banned_user_ids.php | 25 +++++++++++++------ 2 files changed, 23 insertions(+), 7 deletions(-) diff --git a/tests/functions/fixtures/banned_users.xml b/tests/functions/fixtures/banned_users.xml index 42b73dd270..cec3f4e51f 100644 --- a/tests/functions/fixtures/banned_users.xml +++ b/tests/functions/fixtures/banned_users.xml @@ -29,5 +29,10 @@ 0 999999999999999999999 + + 6 + 0 + 3 + diff --git a/tests/functions/phpbb_get_banned_user_ids.php b/tests/functions/phpbb_get_banned_user_ids.php index 226012f68f..9f56480235 100644 --- a/tests/functions/phpbb_get_banned_user_ids.php +++ b/tests/functions/phpbb_get_banned_user_ids.php @@ -16,18 +16,29 @@ class phpbb_get_banned_user_ids_test extends phpbb_database_test_case return $this->createXMLDataSet(dirname(__FILE__) . '/fixtures/banned_users.xml'); } - public function test_phpbb_get_banned_user_ids() + public function phpbb_get_banned_user_ids_data() + { + return array( + array(array(array(1, 2, 4, 5, 6), true), array(2 => 2, 5 => 5)), + array(array(array(1, 2, 4, 5, 6), false), array(2 => 2)), + array(array(array(1, 2, 4, 5, 6), 2), array(2 => 2, 5 => 5, 6 => 6)), + ); + } + + public function setUp() { global $db; $db = $this->new_dbal(); - $user_ids = array(1, 2, 4, 5); + return parent::setUp(); + } - $this->assertEquals(phpbb_get_banned_user_ids($user_ids, true), array(2 => 2, 5 => 5)); - - $this->assertEquals(phpbb_get_banned_user_ids($user_ids, false), array(2 => 2)); - - $this->assertEquals(phpbb_get_banned_user_ids($user_ids, 2), array(2 => 2, 5 => 5)); + /** + * @dataProvider phpbb_get_banned_user_ids_data + */ + public function test_phpbb_get_banned_user_ids($input, $expected) + { + $this->assertEquals($expected, call_user_func_array('phpbb_get_banned_user_ids', $input)); } } From e74f4ab6e439fe68a565586504d6376abaa4c253 Mon Sep 17 00:00:00 2001 From: Nathan Guse Date: Fri, 7 Dec 2012 21:01:45 -0600 Subject: [PATCH 16/20] [ticket/8323] Comments PHPBB3-8323 --- phpBB/memberlist.php | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php index 1320a2c02e..870598726f 100644 --- a/phpBB/memberlist.php +++ b/phpBB/memberlist.php @@ -1719,12 +1719,21 @@ function show_profile($data, $user_notes_enabled = false, $warn_user_enabled = f // Can this user receive a Private Message? $can_receive_pm = ( - $data['user_type'] != USER_IGNORE && // They must be a "normal" user - ($data['user_type'] != USER_INACTIVE && $data['user_inactive_reason'] == INACTIVE_MANUAL) && // They must not be deactivated by the administrator - sizeof($auth->acl_get_list($user_id, 'u_readpm')) && // They must be able to read PMs - !sizeof(phpbb_get_banned_user_ids($user_id, false)) && // They must not be permanently banned - (($auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_')) || $data['user_allow_pm']) // They must allow users to contact via PM - ) ? true : false; + // They must be a "normal" user + $data['user_type'] != USER_IGNORE && + + // They must not be deactivated by the administrator + ($data['user_type'] != USER_INACTIVE && $data['user_inactive_reason'] == INACTIVE_MANUAL) && + + // They must be able to read PMs + sizeof($auth->acl_get_list($user_id, 'u_readpm')) && + + // They must not be permanently banned + !sizeof(phpbb_get_banned_user_ids($user_id, false)) && + + // They must allow users to contact via PM + (($auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_')) || $data['user_allow_pm']) + ); // Dump it out to the template $template_data = array( From 12aa6b4b2cfda48f94c44865209f576654632b41 Mon Sep 17 00:00:00 2001 From: Nathan Guse Date: Tue, 11 Dec 2012 11:24:18 -0600 Subject: [PATCH 17/20] [ticket/8323] More readability in test case PHPBB3-8323 --- tests/functions/phpbb_get_banned_user_ids.php | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/tests/functions/phpbb_get_banned_user_ids.php b/tests/functions/phpbb_get_banned_user_ids.php index 9f56480235..76c0204970 100644 --- a/tests/functions/phpbb_get_banned_user_ids.php +++ b/tests/functions/phpbb_get_banned_user_ids.php @@ -19,9 +19,20 @@ class phpbb_get_banned_user_ids_test extends phpbb_database_test_case public function phpbb_get_banned_user_ids_data() { return array( - array(array(array(1, 2, 4, 5, 6), true), array(2 => 2, 5 => 5)), - array(array(array(1, 2, 4, 5, 6), false), array(2 => 2)), - array(array(array(1, 2, 4, 5, 6), 2), array(2 => 2, 5 => 5, 6 => 6)), + // Input to phpbb_get_banned_user_ids (user_id list, ban_end) + // Expected output + array( + array(array(1, 2, 4, 5, 6), true), + array(2 => 2, 5 => 5), + ), + array( + array(array(1, 2, 4, 5, 6), false), + array(2 => 2), + ), + array( + array(array(1, 2, 4, 5, 6), 2), + array(2 => 2, 5 => 5, 6 => 6), + ), ); } From d68778e7ebd801d396a8ec8694499f2ebdbb809f Mon Sep 17 00:00:00 2001 From: Nathan Guse Date: Thu, 13 Dec 2012 20:05:00 -0600 Subject: [PATCH 18/20] [ticket/8323] Comments on phpbb_get_banned_user_ids input for test PHPBB3-8323 --- tests/functions/phpbb_get_banned_user_ids.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/functions/phpbb_get_banned_user_ids.php b/tests/functions/phpbb_get_banned_user_ids.php index 76c0204970..96de5c5767 100644 --- a/tests/functions/phpbb_get_banned_user_ids.php +++ b/tests/functions/phpbb_get_banned_user_ids.php @@ -22,14 +22,17 @@ class phpbb_get_banned_user_ids_test extends phpbb_database_test_case // Input to phpbb_get_banned_user_ids (user_id list, ban_end) // Expected output array( + // True to get users currently banned array(array(1, 2, 4, 5, 6), true), array(2 => 2, 5 => 5), ), array( + // False to only get permanently banned users array(array(1, 2, 4, 5, 6), false), array(2 => 2), ), array( + // Unix timestamp to get users banned until that time array(array(1, 2, 4, 5, 6), 2), array(2 => 2, 5 => 5, 6 => 6), ), From abaa53b0b295358efcf591587485c01a027cd5cb Mon Sep 17 00:00:00 2001 From: Nathaniel Guse Date: Wed, 1 May 2013 12:28:31 -0500 Subject: [PATCH 19/20] [ticket/8323] Combine into a single query PHPBB3-8323 --- phpBB/includes/ucp/ucp_pm_compose.php | 62 +++++++++++++-------------- 1 file changed, 30 insertions(+), 32 deletions(-) diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index 3e7ed05fdc..75b17a4a01 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -1222,49 +1222,47 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove // Check for disallowed recipients if (!empty($address_list['u'])) { - // We need to check their PM status (do they want to receive PM's?) - // Only check if not a moderator or admin, since they are allowed to override this user setting - if (!$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_')) - { - $sql = 'SELECT user_id - FROM ' . USERS_TABLE . ' - WHERE ' . $db->sql_in_set('user_id', array_keys($address_list['u'])) . ' - AND user_allow_pm = 0'; - $result = $db->sql_query($sql); - - $removed = false; - while ($row = $db->sql_fetchrow($result)) - { - $removed = true; - unset($address_list['u'][$row['user_id']]); - } - $db->sql_freeresult($result); - - // print a notice about users not being added who do not want to receive pms - if ($removed) - { - $error[] = $user->lang['PM_USERS_REMOVED_NO_PM']; - } - } - - // Administrator deactivated users check - $sql = 'SELECT user_id + // Administrator deactivated users check and we need to check their + // PM status (do they want to receive PM's?) + // Only check PM status if not a moderator or admin, since they + // are allowed to override this user setting + $sql = 'SELECT user_id, user_allow_pm FROM ' . USERS_TABLE . ' WHERE ' . $db->sql_in_set('user_id', array_keys($address_list['u'])) . ' - AND user_type = ' . USER_INACTIVE . ' - AND user_inactive_reason = ' . INACTIVE_MANUAL; + AND (user_type = ' . USER_INACTIVE . ' + AND user_inactive_reason = ' . INACTIVE_MANUAL . ')'; + + if (!$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_')) + { + $sql .= ' OR user_allow_pm = 0'; + } + $result = $db->sql_query($sql); - $removed = false; + $removed_no_pm = $removed_no_permission = false; while ($row = $db->sql_fetchrow($result)) { - $removed = true; + if (!$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_') && !$row['user_allow_pm']) + { + $removed_no_pm = true; + } + else + { + $removed_no_permission = true; + } + unset($address_list['u'][$row['user_id']]); } $db->sql_freeresult($result); + // print a notice about users not being added who do not want to receive pms + if ($removed_no_pm) + { + $error[] = $user->lang['PM_USERS_REMOVED_NO_PM']; + } + // print a notice about users not being added who do not have permission to receive PMs - if ($removed) + if ($removed_no_permission) { $error[] = $user->lang['PM_USERS_REMOVED_NO_PERMISSION']; } From d14aed0819f2314ab0da1787aa7228025a6a024c Mon Sep 17 00:00:00 2001 From: Nathan Guse Date: Thu, 5 Sep 2013 13:59:24 -0500 Subject: [PATCH 20/20] [ticket/8323] Cache auth request PHPBB3-8323 --- phpBB/includes/ucp/ucp_pm_compose.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index a1b2bb61f9..9a6aa3f7a0 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -1229,7 +1229,8 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove AND (user_type = ' . USER_INACTIVE . ' AND user_inactive_reason = ' . INACTIVE_MANUAL . ')'; - if (!$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_')) + $can_ignore_allow_pm = ($auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_')); + if (!$can_ignore_allow_pm) { $sql .= ' OR user_allow_pm = 0'; } @@ -1239,7 +1240,7 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove $removed_no_pm = $removed_no_permission = false; while ($row = $db->sql_fetchrow($result)) { - if (!$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_') && !$row['user_allow_pm']) + if (!$can_ignore_allow_pm && !$row['user_allow_pm']) { $removed_no_pm = true; }