makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-12 06:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

Added check for avatar type before attempting deletion

Browse source 
git-svn-id: file:///svn/phpbb/trunk@1279 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen 2001-11-05 01:24:26 +00:00
parent 1372a6c220
commit be63e70bce
1 changed files with 48 additions and 46 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

94
phpBB/profile.php
View file

@ -426,7 +426,7 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
// //
if( $mode == "register" && !isset($HTTP_POST_VARS['agreed']) && !isset($HTTP_GET_VARS['agreed']) ) if( $mode == "register" && !isset($HTTP_POST_VARS['agreed']) && !isset($HTTP_GET_VARS['agreed']) )
{ {
if(!isset($HTTP_POST_VARS['agreed']) && !isset($HTTP_GET_VARS['agreed'])) if( !isset($HTTP_POST_VARS['agreed']) && !isset($HTTP_GET_VARS['agreed']) )
{ {
// //
// Load agreement template since user has not yet // Load agreement template since user has not yet
@ -526,7 +526,7 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
$passwd_sql = ""; $passwd_sql = "";
if($mode == "editprofile") if($mode == "editprofile")
{ {
if($user_id != $userdata['user_id']) if( $user_id != $userdata['user_id'] )
{ {
$error = TRUE; $error = TRUE;
$error_msg = $lang['Wrong_Profile']; $error_msg = $lang['Wrong_Profile'];
@ -559,7 +559,7 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
$sql = "SELECT user_password $sql = "SELECT user_password
FROM " . USERS_TABLE . " FROM " . USERS_TABLE . "
WHERE user_id = $user_id"; WHERE user_id = $user_id";
if($result = $db->sql_query($sql)) if( $result = $db->sql_query($sql) )
{ {
$row = $db->sql_fetchrow($result); $row = $db->sql_fetchrow($result);
@ -591,7 +591,7 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
// //
// Do a ban check on this email address // Do a ban check on this email address
// //
if($email != $userdata['user_email'] || $mode == "register") if( $email != $userdata['user_email'] || $mode == "register" )
{ {
if( !validate_email($email) ) if( !validate_email($email) )
{ {
@ -605,14 +605,14 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
} }
$username_sql = ""; $username_sql = "";
if($board_config['allow_namechange'] || $mode == "register") if( $board_config['allow_namechange'] || $mode == "register" )
{ {
if($username != $userdata['username'] || $mode == "register") if( $username != $userdata['username'] || $mode == "register" )
{ {
if(!validate_username($username)) if( !validate_username($username) )
{ {
$error = TRUE; $error = TRUE;
if(isset($error_msg)) if( isset($error_msg) )
{ {
$error_msg .= "<br />"; $error_msg .= "<br />";
} }
@ -630,7 +630,7 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
if( strlen($signature) > $board_config['max_sig_chars'] ) if( strlen($signature) > $board_config['max_sig_chars'] )
{ {
$error = TRUE; $error = TRUE;
if(isset($error_msg)) if( isset($error_msg) )
{ {
$error_msg .= "<br />"; $error_msg .= "<br />";
} }
@ -643,7 +643,7 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
} }
} }
if($mode == "register") if( $mode == "register" )
{ {
// //
// The AUTO_INCREMENT field in MySQL v3.23 doesn't work // The AUTO_INCREMENT field in MySQL v3.23 doesn't work
@ -652,7 +652,7 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
// //
$sql = "SELECT MAX(user_id) AS total $sql = "SELECT MAX(user_id) AS total
FROM " . USERS_TABLE; FROM " . USERS_TABLE;
if($result = $db->sql_query($sql)) if( $result = $db->sql_query($sql) )
{ {
$row = $db->sql_fetchrow($result); $row = $db->sql_fetchrow($result);
$new_user_id = $row['total'] + 1; $new_user_id = $row['total'] + 1;
@ -667,7 +667,7 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
$sql = "SELECT MAX(group_id) AS total $sql = "SELECT MAX(group_id) AS total
FROM " . GROUPS_TABLE; FROM " . GROUPS_TABLE;
if($result = $db->sql_query($sql)) if( $result = $db->sql_query($sql) )
{ {
$row = $db->sql_fetchrow($result); $row = $db->sql_fetchrow($result);
$new_group_id = $row['total'] + 1; $new_group_id = $row['total'] + 1;
@ -691,7 +691,7 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
if( !empty($user_avatar_loc) && !empty($user_avatar_url) ) if( !empty($user_avatar_loc) && !empty($user_avatar_url) )
{ {
$error = TRUE; $error = TRUE;
if(isset($error_msg)) if( isset($error_msg) )
{ {
$error_msg .= "<br />"; $error_msg .= "<br />";
} }
@ -700,17 +700,20 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
if( isset($HTTP_POST_VARS['avatardel']) && $mode == "editprofile" ) if( isset($HTTP_POST_VARS['avatardel']) && $mode == "editprofile" )
{ {
if( @file_exists("./" . $board_config['avatar_path'] . "/" . $userdata['user_avatar']) ) if( $userdata['user_avatar_type'] == USER_AVATAR_UPLOAD && $userdata['user_avatar'] != "" )
{ {
@unlink("./" . $board_config['avatar_path'] . "/" . $userdata['user_avatar']); if( @file_exists("./" . $board_config['avatar_path'] . "/" . $userdata['user_avatar']) )
{
@unlink("./" . $board_config['avatar_path'] . "/" . $userdata['user_avatar']);
}
} }
$avatar_sql = ", user_avatar = '', user_avatar_type = " . USER_AVATAR_NONE; $avatar_sql = ", user_avatar = '', user_avatar_type = " . USER_AVATAR_NONE;
} }
else if( $user_avatar_loc != "" && $board_config['allow_avatar_upload'] ) else if( $user_avatar_loc != "" && $board_config['allow_avatar_upload'] )
{ {
if(file_exists($user_avatar_loc) && ereg(".jpg$|.gif$|.png$", $user_avatar_name)) if( file_exists($user_avatar_loc) && ereg(".jpg$|.gif$|.png$", $user_avatar_name) )
{ {
if($user_avatar_size <= $board_config['avatar_filesize'] && $avatar_size > 0) if( $user_avatar_size <= $board_config['avatar_filesize'] && $avatar_size > 0)
{ {
$error_type = false; $error_type = false;
@ -720,7 +723,7 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
preg_match("'image\/[x\-]*([a-z]+)'", $user_avatar_filetype, $user_avatar_filetype); preg_match("'image\/[x\-]*([a-z]+)'", $user_avatar_filetype, $user_avatar_filetype);
$user_avatar_filetype = $user_avatar_filetype[1]; $user_avatar_filetype = $user_avatar_filetype[1];
switch($user_avatar_filetype) switch( $user_avatar_filetype )
{ {
case "jpeg": case "jpeg":
case "pjpeg": case "pjpeg":
@ -738,18 +741,17 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
break; break;
} }
if(!$error) if( !$error )
{ {
list($width, $height) = @getimagesize($user_avatar_loc); list($width, $height) = @getimagesize($user_avatar_loc);
if( $width <= $board_config['avatar_max_width'] && if( $width <= $board_config['avatar_max_width'] && $height <= $board_config['avatar_max_height'] )
$height <= $board_config['avatar_max_height'] )
{ {
$user_id = ($mode == "register") ? $new_user_id : $userdata['user_id']; $user_id = ($mode == "register") ? $new_user_id : $userdata['user_id'];
$avatar_filename = $user_id . $imgtype; $avatar_filename = $user_id . $imgtype;
if($mode == "editprofile") if( $mode == "editprofile" && $userdata['user_avatar_type'] == USER_AVATAR_UPLOAD && $userdata['user_avatar'] != "" )
{ {
if( @file_exists("./" . $board_config['avatar_path'] . "/" . $userdata['user_avatar']) ) if( @file_exists("./" . $board_config['avatar_path'] . "/" . $userdata['user_avatar']) )
{ {
@ -763,7 +765,7 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
else else
{ {
$error = true; $error = true;
$error_msg = (!empty($error_msg)) ? $error_msg . "<br />" . $lang['Avatar_imagesize'] : $lang['Avatar_imagesize']; $error_msg = ( !empty($error_msg) ) ? $error_msg . "<br />" . $lang['Avatar_imagesize'] : $lang['Avatar_imagesize'];
} }
} }
} }
@ -771,13 +773,13 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
{ {
$error = true; $error = true;
$error_filesize = $lang['Avatar_filesize'] . " " . round($board_config['avatar_filesize'] / 1024) . " " . $lang['kB']; $error_filesize = $lang['Avatar_filesize'] . " " . round($board_config['avatar_filesize'] / 1024) . " " . $lang['kB'];
$error_msg = (!empty($error_msg)) ? $error_msg . "<br />" . $error_filesize : $error_filesize; $error_msg = ( !empty($error_msg) ) ? $error_msg . "<br />" . $error_filesize : $error_filesize;
} }
} }
else else
{ {
$error = true; $error = true;
$error_msg = (!empty($error_msg)) ? $error_msg . "<br />" . $lang['Avatar_filetype'] : $lang['Avatar_filetype']; $error_msg = ( !empty($error_msg) ) ? $error_msg . "<br />" . $lang['Avatar_filetype'] : $lang['Avatar_filetype'];
} }
} }
else if( !empty($user_avatar_url) && $board_config['allow_avatar_upload'] ) else if( !empty($user_avatar_url) && $board_config['allow_avatar_upload'] )
@ -794,7 +796,7 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
$port = (!empty($url_ary[3])) ? $url_ary[3] : 80; $port = (!empty($url_ary[3])) ? $url_ary[3] : 80;
$fsock = @fsockopen($url_ary[2], $port, $errno, $errstr); $fsock = @fsockopen($url_ary[2], $port, $errno, $errstr);
if($fsock) if( $fsock )
{ {
$base_get = "/" . $url_ary[4]; $base_get = "/" . $url_ary[4];
@ -806,18 +808,18 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
@fputs($fsock, "Connection: close\r\n\r\n"); @fputs($fsock, "Connection: close\r\n\r\n");
unset($avatar_data); unset($avatar_data);
while(!@feof($fsock)) while( !@feof($fsock) )
{ {
$avatar_data .= @fread($fsock, $board_config['avatar_filesize']); $avatar_data .= @fread($fsock, $board_config['avatar_filesize']);
} }
@fclose($fsock); @fclose($fsock);
if(preg_match("/Content-Length\: ([0-9]+)[^\/]+Content-Type\: image\/[x\-]*([a-z]+)[\s]+/i", $avatar_data, $file_data)) if( preg_match("/Content-Length\: ([0-9]+)[^\/]+Content-Type\: image\/[x\-]*([a-z]+)[\s]+/i", $avatar_data, $file_data) )
{ {
$file_size = $file_data[1]; $file_size = $file_data[1];
$file_type = $file_data[2]; $file_type = $file_data[2];
switch($file_type) switch( $file_type )
{ {
case "jpeg": case "jpeg":
case "pjpeg": case "pjpeg":
@ -835,7 +837,7 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
break; break;
} }
if(!$error && $file_size > 0 && $file_size < $board_config['avatar_filesize']) if( !$error && $file_size > 0 && $file_size < $board_config['avatar_filesize'] )
{ {
$avatar_data = substr($avatar_data, strlen($avatar_data) - $file_size, $file_size); $avatar_data = substr($avatar_data, strlen($avatar_data) - $file_size, $file_size);
@ -844,19 +846,19 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
$bytes_written = @fwrite($fptr, $avatar_data, $file_size); $bytes_written = @fwrite($fptr, $avatar_data, $file_size);
@fclose($fptr); @fclose($fptr);
if($bytes_written == $file_size) if( $bytes_written == $file_size )
{ {
list($width, $height) = @getimagesize($tmp_filename); list($width, $height) = @getimagesize($tmp_filename);
if( $width <= $board_config['avatar_max_width'] && $height <= $board_config['avatar_max_height'] ) if( $width <= $board_config['avatar_max_width'] && $height <= $board_config['avatar_max_height'] )
{ {
$user_id = ($mode == "register") ? $new_user_id : $userdata['user_id']; $user_id = ( $mode == "register" ) ? $new_user_id : $userdata['user_id'];
$avatar_filename = $user_id . $imgtype; $avatar_filename = $user_id . $imgtype;
if($mode == "editprofile") if( $mode == "editprofile" && $userdata['user_avatar_type'] == USER_AVATAR_UPLOAD && $userdata['user_avatar'] != "")
{ {
if(file_exists("./" . $board_config['avatar_path'] . "/" . $userdata['user_avatar'])) if( file_exists("./" . $board_config['avatar_path'] . "/" . $userdata['user_avatar']) )
{ {
@unlink("./" . $board_config['avatar_path'] . "/" . $userdata['user_avatar']); @unlink("./" . $board_config['avatar_path'] . "/" . $userdata['user_avatar']);
} }
@ -873,7 +875,7 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
// //
@unlink($tmp_filename); @unlink($tmp_filename);
$error = true; $error = true;
$error_msg = (!empty($error_msg)) ? $error_msg . "<br />" . $lang['Avatar_imagesize'] : $lang['Avatar_imagesize']; $error_msg = ( !empty($error_msg) ) ? $error_msg . "<br />" . $lang['Avatar_imagesize'] : $lang['Avatar_imagesize'];
} }
} }
else else
@ -892,7 +894,7 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
// No data // No data
// //
$error = true; $error = true;
$error_msg = (!empty($error_msg)) ? $error_msg . "<br />" . $lang['File_no_data'] : $lang['File_no_data']; $error_msg = ( !empty($error_msg) ) ? $error_msg . "<br />" . $lang['File_no_data'] : $lang['File_no_data'];
} }
} }
else else
@ -901,20 +903,20 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
// No connection // No connection
// //
$error = true; $error = true;
$error_msg = (!empty($error_msg)) ? $error_msg . "<br />" . $lang['No_connection_URL'] : $lang['No_connection_URL']; $error_msg = ( !empty($error_msg) ) ? $error_msg . "<br />" . $lang['No_connection_URL'] : $lang['No_connection_URL'];
} }
} }
else else
{ {
$error = true; $error = true;
$error_msg = (!empty($error_msg)) ? $error_msg . "<br />" . $lang['Incomplete_URL'] : $lang['Incomplete_URL']; $error_msg = ( !empty($error_msg) ) ? $error_msg . "<br />" . $lang['Incomplete_URL'] : $lang['Incomplete_URL'];
} }
} }
else if( !empty($user_avatar_name) ) else if( !empty($user_avatar_name) )
{ {
$error = true; $error = true;
$error_filesize = $lang['Avatar_filesize'] . " " . round($board_config['avatar_filesize'] / 1024) . " " . $lang['kB']; $error_filesize = $lang['Avatar_filesize'] . " " . round($board_config['avatar_filesize'] / 1024) . " " . $lang['kB'];
$error_msg = (!empty($error_msg)) ? $error_msg . "<br />" . $error_filesize : $error_filesize; $error_msg = ( !empty($error_msg) ) ? $error_msg . "<br />" . $error_filesize : $error_filesize;
} }
} }
@ -934,7 +936,7 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
else else
{ {
$error = true; $error = true;
$error_msg = (!empty($error_msg)) ? $error_msg . "<br />" . $lang['Wrong_remote_avatar_format'] : $lang['Wrong_remote_avatar_format']; $error_msg = ( !empty($error_msg) ) ? $error_msg . "<br />" . $lang['Wrong_remote_avatar_format'] : $lang['Wrong_remote_avatar_format'];
} }
} }
} }
@ -947,11 +949,11 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
} }
} }
if(!$error) if( !$error )
{ {
if($mode == "editprofile") if( $mode == "editprofile" )
{ {
if($email != $current_email && ( $board_config['require_activation'] == USER_ACTIVATION_SELF || $board_config['require_activation'] == USER_ACTIVATION_ADMIN ) && $userdata['user_level'] != ADMIN) if( $email != $current_email && ( $board_config['require_activation'] == USER_ACTIVATION_SELF || $board_config['require_activation'] == USER_ACTIVATION_ADMIN ) && $userdata['user_level'] != ADMIN )
{ {
$user_active = 0; $user_active = 0;
$user_actkey = generate_activation_key(); $user_actkey = generate_activation_key();
@ -975,7 +977,7 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
SET " . $username_sql . $passwd_sql . "user_email = '$email', user_icq = '$icq', user_website = '$website', user_occ = '$occupation', user_from = '$location', user_interests = '$interests', user_sig = '$signature', user_sig_bbcode_uid = '$signature_bbcode_uid', user_viewemail = $viewemail, user_aim = '$aim', user_yim = '$yim', user_msnm = '$msn', user_attachsig = $attachsig, user_allowsmile = $allowsmilies, user_allowhtml = $allowhtml, user_allowbbcode = $allowbbcode, user_allow_viewonline = $allowviewonline, user_notify = $notifyreply, user_notify_pm = $notifypm, user_timezone = $user_timezone, user_dateformat = '$user_dateformat', user_lang = '$user_lang', user_style = $user_style, user_active = $user_active, user_actkey = '$user_actkey'" . $avatar_sql . " SET " . $username_sql . $passwd_sql . "user_email = '$email', user_icq = '$icq', user_website = '$website', user_occ = '$occupation', user_from = '$location', user_interests = '$interests', user_sig = '$signature', user_sig_bbcode_uid = '$signature_bbcode_uid', user_viewemail = $viewemail, user_aim = '$aim', user_yim = '$yim', user_msnm = '$msn', user_attachsig = $attachsig, user_allowsmile = $allowsmilies, user_allowhtml = $allowhtml, user_allowbbcode = $allowbbcode, user_allow_viewonline = $allowviewonline, user_notify = $notifyreply, user_notify_pm = $notifypm, user_timezone = $user_timezone, user_dateformat = '$user_dateformat', user_lang = '$user_lang', user_style = $user_style, user_active = $user_active, user_actkey = '$user_actkey'" . $avatar_sql . "
WHERE user_id = $user_id"; WHERE user_id = $user_id";
if($result = $db->sql_query($sql)) if( $result = $db->sql_query($sql) )
{ {
if( $user_active == 0 ) if( $user_active == 0 )
{ {
@ -1057,7 +1059,7 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
$sql .= "1, '')"; $sql .= "1, '')";
} }
if($result = $db->sql_query($sql, BEGIN_TRANSACTION)) if( $result = $db->sql_query($sql, BEGIN_TRANSACTION) )
{ {
$sql = "INSERT INTO " . GROUPS_TABLE . " (group_id, group_name, group_description, group_single_user, group_moderator) $sql = "INSERT INTO " . GROUPS_TABLE . " (group_id, group_name, group_description, group_single_user, group_moderator)
VALUES ($new_group_id, '', 'Personal User', 1, 0)"; VALUES ($new_group_id, '', 'Personal User', 1, 0)";
@ -1101,7 +1103,7 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
$emailer->set_subject($lang['Welcome_subject']); $emailer->set_subject($lang['Welcome_subject']);
$emailer->extra_headers($email_headers); $emailer->extra_headers($email_headers);
if($coppa) if( $coppa )
{ {
$emailer->assign_vars(array( $emailer->assign_vars(array(
"WELCOME_MSG" => $lang['Welcome_subject'], "WELCOME_MSG" => $lang['Welcome_subject'],